Distributed, fault-tolerant communication systems are used, for example, in applications where a failure could possibly result in injury or death to one or more persons. Such applications are referred to here as “safety-critical applications.” One example of a safety-critical application is in a system that is used to monitor and manage sensors and actuators included in an airplane or other aerospace vehicle.
One architecture that is commonly considered for use in such safety-critical applications is the Time-Triggered Architecture (TTA). In a TTA system, multiple nodes communicate with one another over two replicated high-speed communication channels using, for example, the Time Triggered Protocol/C (TTP/C) or the FLEXRAY protocol. In some embodiments, at least one of the nodes in such a TTA system is coupled to one or more sensors and/or actuators over two replicated, low-speed serial communication channels using, for example, the Time Triggered Protocol/A (TTP/A).
In one configuration of such a TTA system, various nodes communicate with one another over two, replicated communication channels, each of which is implemented using a star topology. In such a configuration, each channel includes an independent, centralized bus guardian. Each such centralized bus guardian represents a single point of failure for the respective channel. Another configuration of a TTA system is implemented using a linear bus topology in which various nodes communicate with one another over two, replicated communication channels and where each node includes a separate, independent bus guardian for each communication channel to which that node is coupled. In other words, where two communication channels are used, each node includes two independent bus guardians. Providing multiple independent bus guardians within each node, however, may not be suitable for some applications (for example, due to the increased cost associated with providing multiple bus guardians within each node).