Typical networks implemented using conventional, unextended ETHERNET technology exhibit non-deterministic behavior that may not be suitable for some applications (for example, safety-critical applications). As used herein, “ETHERNET” refers to technology described in the Institute of Electrical and Electronics Engineers (IEEE) 802.3 family of standards and specifications.
One data network architecture that is used to emulate a deterministic, point-to-point network using ETHERNET technology employs a switched ETHERNET network and “virtual links”. A common implementation of this type of network is an Avionics Full-Duplex Switched Ethernet (AFDX) network. Other implementations include a Time-Triggered-ETHERNET (TT-E) network or Time-Triggered-Gigabit ETHERNET (TT-GbE) network.
A typical topology for a safety-critical switched network 100 that uses virtual links is shown in FIGS. 1A-1C. This network 100 enables communication between software applications 102 via redundantly connected switches 106. The switched network 100 is configured to implement one or more logical communication channels for communications among the end systems 102. In the particular example shown in FIGS. 1A-1C, two communications channels are used, which are individually referred to here as channels “A” and “B” (though it is to be understood that the network 100 can be configured a different number of communication channels). Each communication channel is implemented using a separate set of switches 106 and full-duplex physical communication links, where the set of switches 106 to implement channel A are identified in FIGS. 1A-1C with the label “106-A” and the set of switches 106 used to implement channel B are identified in FIGS. 1A-1C with the label “106-B”. The redundancy of switches 106 enables data communications to continue even if there are failures of the switches 106.
The software applications 102 are hosted on network-connected end systems 104, which are individually labeled in FIGS. 1A-1C as “end system 104-1”, “end system 104-2”, through “end system 104-9”.
As noted above, networks of this type utilize the virtual link concept for safety-critical communications. A virtual link is a pre-configured uni-directional data path from one source to one or more destinations. Also, each virtual link has an associated virtual link identifier (ID) number that is included in each frame that is communicated via that virtual link.
Two exemplary virtual links are shown in FIG. 1B that are sourced by different applications that are hosted on the same end system 104. In the example shown in FIG. 1B, a first virtual link 108 is used to communicate frames that are sourced by application 102-4. Frames sourced by application 102-4 are communicated over the network 100 to three different applications 102—application 102-9, application 102-11, and application 102-16. In the example shown in FIG. 1B, a second virtual link 110 is sourced by application 102-3. Frames sourced by application 102-3 are communicated over the network 100 to a single application 102—application 102-13.
The network 100 is configured with each end system 104 coupled to one switch 106-A that is used to implement channel A and to one switch 106-B used to implement channel B. The network 100 is configured so that frames for each virtual link are to be received at each switch 106 on a particular switch port. Each switch port of each switch 106 checks each frame that is received on that switch port in order to confirm that the virtual link ID of the frame corresponds to a virtual link that is supposed to be received on that switch port. Each switch port also typically performs traffic policing for the frames it receives (for example, each switch port checks frame size and timing).
Typically, in a network 100 of the type shown in FIGS. 1A-1C, each application 102 is hosted on a single end system 104. As a result, if an end system 104 fails, all the applications 102 that are hosted on that end system 104 are not able to source data and all the destination applications 102 that normally receive data from those source applications 102 will not receive such data. For example, as shown in FIG. 1C, if the end system 104-2 that hosts applications 102-3 and 102-4 fails, applications 102-3 and 102-4 will not be able to source data for the first and second virtual links 108 and 110. Also, if the end system 104-2 that hosts applications 102-3 and 102-4 fails, applications 102-9, 102-11, and 102-16 will not receive data from application 102-4 and application 102-13 will not receive data from application 102-3.
To address the failure scenario described above in connection with FIG. 1C, systems are typically designed to include multiple redundant source applications 102 (hosted on multiple, different end systems 104) to provide data to the destination applications 102 via multiple redundant virtual links. The downside of this design approach, however, is that additional end systems are required in the system to host the redundant applications, more virtual links and network bandwidth are required, and destination applications must perform source selection processing, which consumes additional processing time.