Tackling Automotive Ethernet Integration
An increasing data cascade is also bringing safety and reliability challenges to Ethernet-networked vehicles.
Safety and reliability are major concerns for engineers implementing automotive Ethernet. Data for assisted driving or autonomous driving functions must be delivered in a timely manner. Companies providing design IP, software, and test and verification services are watching the industry as legislation is introduced, standards evolve, and the mores of the end customer shift, requiring additional functionality or differentiation in vehicle systems.
New hierarchical vehicle architectures have central domain controllers, which have to share large amounts of data. Ethernet is increasingly a candidate for the high-speed data links between these controllers.
“Automotive Ethernet is a new concept, and learning how Ethernet and the evolving IEEE 802 specifications can be used in a range of automotive applications has been a challenge,” admits John Swanson, DesignWare Product Line Manager, Synopsys. In-vehicle networking has to be integrated with newer requirements demanded for road safety. “Above all, automotive System on Chip (SoC) designers must meet functional safety requirements such as ISO 26262 functional safety, Automotive Safety Integrity Levels (ASILs), and many other stringent standards,” he says. As the industry sees a growth in automotive electronics, he believes many non-traditional automotive companies have entered the market and have had to quickly learn about such automotive requirements.
To help such new entrants and established designers tackle new specifications and regulations, the company works with SoC designers. Its DesignWare IP can reduce development time by providing blocks to verify compliance. The company has been working with SoC designers on automotive Ethernet beginning with its use for diagnostics within a vehicle. Configurable IP options continued when features such as Audio Video Bridging (AVB) specifications were introduced, and today Synopsys is working with designers to implement Time Sensitive Networking (TSN), says Swanson.
An IP block requires a certain level of safety to be integrated into the SoC, and the certification level is based on the end application, says Synopsys’ Swanson. “For example, a braking system is more critical than a video monitor,” he points out.
Integrating certified Ethernet IP into automotive SoCs for data streaming in vehicle networks contributes to meeting safety requirements and reduces development time.
Swanson explains: “DesignWare Ethernet QoS Controller IP has gone through the same vigorous safety and reliability process that an automotive SoC must go through. We adhere to the requirements dictated by ISO 26262 to certify the Ethernet IP by breaking down the IP into manageable blocks, creating safety goal violations, executing diagnostics for testing the violations, and validating the entire process in an integrated verification infrastructure. The entire process is documented and made available in the automotive SoC certification documentation.”
IP safety elements include the safety manuals, Failure Modes Effects and Diagnostics Analysis (FMEDA) and Design Failure Mode and Effect Analysis (DFMEA) analysis reports that can be applied to their application as well as safety features implemented in the code. Error Correcting Code (ECC) protection on packet and control data stored in local memory is just one example Swanson cites.
The company is committed to building an Automotive Safety Integrity Levels (ASIL) -ready IP and has made available a certification process for DesignWare Ethernet IP, specifically for ASIL.
Synopsys’s IP Prototyping Kit for the Ethernet QoS IP aims to help designers learn how Ethernet can be used in automotive designs. The kit can also aid those already working with systems companies on networking applications. It is, says Swanson, “a working system [they can] start with and make modifications to it in real-time. This can be done well in advance of the silicon, so software work can start much sooner.”
The design of SoCs is also a contributing factor to the power consumption of the vehicle, together with consolidating Engine Control Units (ECUs). “With Electric Vehicles (EVs) becoming more mainstream, optimizing power consumption is an essential part of network design, says Andrew Patterson, Automotive Business Development Director, Embedded System Division, Mentor Graphics. “Power budgets can be improved by consolidating ECUs, combining complex functions together where possible, and sharing SoC resources,” he says, pointing out that this can also reduce the number of network nodes and wire harness weight and size, further contributing to efficiency. “Most Ethernet designs today are 100-Mbyte based, but the IEEE has now published the 1-Gbyte standard IEEE 802.3bp, aimed at high data rate use cases up to 15m in length for the automotive industry,” he explains. This, together with the IEEE 802.3bu standard, allowing power lines to be shared with Ethernet communications, will maximize the low-cost, low-weight, and flexible installation benefits Ethernet affords. These factors will, Patterson believes, lead to Ethernet becoming a dominating network technology for vehicles.
“The main challenge with Ethernet is guaranteeing the arrival time of the data/message, or network latency (delay time). New standards have emerged to enable TSNs, so that safety-critical vehicle functions depending on time-sensitive communication can be supported,” says Patterson.
The automotive industry is sensitive to cost pressures, and safety and reliability standards are paramount. The connected car, and the evolution of Advanced Driver Assistance Systems (ADAS) towards autonomous vehicles means more data to be processed with minimum latencies, and often in real-time. “When implementing any automotive innovation, safety, product quality, and cost continue to be top priorities for vehicle manufacturers. With Ethernet, the 100-Mbyte per sec or 1-Gbit per sec data rates mean that more information can be transmitted at improved speeds around the vehicle—a must for image processing for ADAS and autonomous driving, as well as multimedia applications,” says Patterson. “New hierarchical vehicle architectures have central domain controllers, which have to share large amounts of data. Ethernet is increasingly a candidate for the high-speed data links between these controllers.”
Decisions on network capacity and topology are made during the development phase. Patterson cites the company’s Volcano VSx suite, with virtual modelling, as an example of how designers can explore the automotive design space. “The complete design can be modelled and simulated on a desktop computer without having the physical components available,” he says. “Virtual modelling allows for exploring performance extremes and adjusting design parameters in ‘what-if’ test scenarios. It offers mixed topology vehicle architecture deigns, including Ethernet, Controlled Area Network (CAN), and FlexRay, to be captured, analysed, and partitioned according to an AUTOSAR methodology. Individual ECU descriptions can be extracted and passed to Tier-1 sub-contractors for manufacture.
The Volcano VSA-COM includes a worst-case timing analysis algorithm to predict maximum and minimum latencies for a given signal path through a vehicle network. In an Ethernet network, this path could include many hops and passage through gateways. Predicting the performance envelope is critical to ensure safe operation of the vehicle network.”
The complex nature of vehicle networking systems requires a detailed test procedure. “When looking to design a system that is safety-critical many aspects have to be looked at to ensure a single point of failure will not affect overall system response,” observes Jeff Warra, Business Development Engineer, Spirent Communications.
“Designers use FMEDA to confirm a system satisfies the metrics required for ASIL-D standards. The inputs for that analysis from ASIL-D are Single Point Failure Metric (SPFM), Latent Fault Metric (LFM) and Probabilistic Metric for Random Hardware Failures (PMRHF) to determine what components need redundancy,” he explains.
Spirent Communications announced its co-operation with Technica Engineering, a company specializing in automotive Ethernet integration, tool development, and prototyping, at the Automotive Ethernet Congress, held in Munich, Germany last month. The two companies are partnering to implement the latter’s advanced physical layer chipsets into Spirent’s automotive Ethernet solutions for protocol conformance testing with BroadR-Reach (100Base-T1) Network Interface Cards. Erick Parra, Business Developer at Technica, says, “The co-operation with Spirent enables us to test and validate our automotive Ethernet network devices for performance features such as bandwidth, synchronization, timing, etc.”
“The challenge for automotive Ethernet testing is each OEM wants to customize on top of existing standards. Spirent offers flexible, configurable and editable test scripts inside an Integration Development Environment (IDE), which allows customers to change, re-compile and re-run conformance test suites,” he explains. Working with R&D departments worldwide, it enhances and updates test suites offered for AUTOSAR, OPEN Alliance, IEEE, AVB, TSN and AVnu Alliance automotive test plans. “The need for devices to be interoperable when connected to an Ethernet network has never been greater to ensure a robust and reliable system design,” he concludes.