Communication networks are being increasingly widely used to measure, control and regulate complex technical systems. For example, networks are being increasingly used in motor vehicles in order to form vehicle control systems. In corresponding complex and safety-relevant technical systems, high demands are imposed on the availability of the control elements provided as network devices. If individual components, for example sensors or control devices, fail, this must not result in failure of the overall system. Drive-by-wire systems, for example steer-by-wire systems, in which the steering wheel position is electromotively converted into wheel positions by means of network coupling of sensor, control and actuator devices are particularly relevant to safety.
In the past, redundant designs of particularly critical components were used, with the result that, in the event of an error, the respective backup or redundant component can undertake the respective task. In the case of a plurality of redundant components, it must be ensured that only one of the two or the plurality of control devices holds the respective control sovereignty. In addition, contradictory control commands must not be produced for the same control functionalities. Therefore, it is necessary for all control components to have the same information or data in the network.
In this respect, it is necessary to detect errors in the form of inconsistent data which may be corrupted, for example, during data transmission via the network used. A standard network environment which is widespread is based on the Ethernet protocol. The use of Ethernet infrastructures has the advantage that standardized network devices and methods can be used. However, in the past, proprietary data buses were also used to link control components with internal redundancy, that is to say duplicate functionality, to one another.
In addition, it is possible for nodes used in the network to be erroneous. Error types in which a network device transmits data containing no data which can be used for the other control devices into the network at high frequency are known, for example. Reference is also made to a “babbling idiot”. The network infrastructure can then be loaded by high data rates in such a manner that true control or sensor data can no longer be interchanged between the network devices which are still operating. It is desirable, in particular, to deal with such abnormal behavior in safety-relevant networks and to suitably process the available data in order to ensure reliable operation of the unaffected devices in the network.
In the past, methods were proposed in which the interchange of data between predefined communication partners was bandwidth-limited. However, defective network nodes may also generate data packets with incorrect address data, which cannot be dealt with in a satisfactory manner within the scope of dedicated bandwidth limitation in every network topology, in particular not in a ring-type network topology.
Methods which are based on synchronized communication between the network nodes are also known. In this case, particular time slots for interchanging data between predefined communication partners are defined. Such time slot methods require complicated synchronization and special hardware devices.
Technological backgrounds for the present topic are respectively known from the documents US 2011026411 A1 and US 2008107050 A1.