Intercomputer communication architecture for a mixed redundancy distributed system

Advanced aerospace vehicles now on the drawing boards are likely to use distributed information processing systems for the numerous planning, control, and monitoring functions. The Advanced Information Processing System (AIPS) is one such architecture that has been designed to serve as the core avionics system for a broad range of aerospace vehicles. One of the key issues in the design of distributed architectures is the communication between processing sites. The intercomputer communication design becomes a crucial and challenging aspect of the system architecture in the light of the mixed redundancy requirement. Another fundamental requirement is that a single failure must be tolerated without affecting the operation of any triply redundant processing sites or communication between triplex processing sites. The AIPS intercomputer communication mechanism has been designed to meet these requirements. This paper describes the AIPS intercomputer communication architecture, the intercomputer arbitration protocol, and some simulation results for arbitration in the presence of faults. I. Introduction S IGNIFICANT progress has been made over the last few years in the use of digital computers to enhance the performance of aerospace vehicles. A common characteristic of these electronic systems has been their centralized architecture. Although these centralized systems have served their applications well, there are a number of advanced aerospace vehicles that can benefit significantly from distributed computer systems. These include the Space Station, the Aeroassisted Orbital Transfer Vehicle, the Entry Research Vehicle, the National Aerospace Plane, and advanced fighter aircraft for the U.S. Air Force and Navy. Fault-tolerant distributed systems can have characteristics superior to those of centralized systems and are better suited to highly integrated electronic information systems of future vehicles. These attributes include function integration, parallel computation, graceful performance growth, selective technology upgrade, appropriate levels of function reliability, graceful degradation of system capabilities in the presence of faults or damage, and efficient hardware resource utilization. A system with these attributes, called the Advanced Information Processing System (AIPS),1-2 has been developed by the Charles Stark Draper Laboratory under the sponsorship of NASA. For a distributed information processing system to be cost effective, it is necessary to match the reliability level, and hence the redundancy level, of a processing site to the reliability requirements of the functions assigned to that site. Thus, critical functions with real-time response requirements, such as aircraft flight control or spacecraft attitude control, must be hosted in at least a triple redundant computer to provide dynamic error masking. Less critical functions, such as flight management or trajectory optimization, may be assigned to duplex processing sites, while noncritical functions, such as an engine health trend monitor, may be executed on a simplex processor. Although such an architecture makes efficient use of hardware resources, it does imply that the system support mixed or graded redundancy. Federated systems on contemporary commercial aircraft support mixed redundancy. How