Space Wire Physical Layer Fault Isolation Barry M
Space. Wire Physical Layer Fault Isolation Barry M Cook (4 Links Limited) Wahida Gasti (ESA) Sven Landstroem (ESA) International Space. Wire Conference 4 -6 November 2008 Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 1
Content Context Failure sequence Failure conditions LVDS Failure prevention by Over-voltage limiting requiring Reliable current limiting … … at the receiver … at the transmitter Conclusions Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 2
Context – Cross Strapped Redundant System Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 3
Failure Sequence Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 4
Failure Conditions Devices can be quite intolerant of variation – 3. 3 V (nominal) supply voltage (Vss) permits a supply voltage tolerance of ± 10% – a voltage range of 3. 0 to 3. 6 V • But sets an absolute limit of 4 V – Input voltages are, typically, limited to Vss + 0. 3 V • Consider a chip with Vss = 3. 6 V driving one with Vss = 3. 0 V … – Input currents for above-Vss input voltages are limited • • To, typically, 10 m. A Which, in practice, makes the above situation safe – just – LVDS avoids this problem by specifying lower signal voltages Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 5
LVDS – EIA/TIA 644 A Specifies … Transmitter output voltages (regardless of Vss) – Differential • 350 m. V nominal – Common mode • 1. 25 V nominal above Transmitter ground End-to-end common mode difference • Up to ± 1 V Acceptable receiver input voltages • 0. 05 V to 2. 45 V (to allow for the common-mode difference) Which is fine until the driver fails and places Vss (+Vcm) on the signal line or, worse, a power supply fails and places an even higher voltage on the signal lines Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 6
Failure Prevention We can take one or more of several actions to avoid a single fault causing a failure cascade … – Ensure the PSU never fails over-voltage • • Challenging (especially with Switched mode supplies) Even with over-voltage detection, transients are likely – Prevent the over-voltage leaving the transmitter • Don’t forget common-mode differences (must clamp to LVDS levels, not to supply) – Prevent the receiver being damaged • Limit the over-voltage at its terminals – Prevent the receiver propagating the fault • Not only through power rails but also through signal lines Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 7
Over-voltage limiting We require no significant line loading (capacitance / current) with correct signal levels and firm clamping at safe levels with fault levels BUT … Limiting is not perfect and the clamping level depends, critically, on the available fault current At significant currents (100’s m. A) the actual clamp voltage can be twice the turn-on voltage • Contrast this with the need to allow a correct level of 2. 5 V (LVDS input) or 3. 6 V (logic input) but clamp at ≤ 4. 0 V Safe over-voltage limiting requires reliable current limiting Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 8
Reliable Current Limiting Avoiding silicon (which tends to fail short-circuit, allowing large currents) we are forced to consider discrete resistors – Thick film SMD resistors and hole mounted metalfilm resistors are accepted by most agencies as short-circuit free Adding series resistance on the signal lines will provide a reliable current limit – Can this be done with EIA/TIA 644 A (LVDS) signals? • Yes … Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 9
At the receiver R 1. 075 V / 1. 425 V 350 m. V 1. 425 V / 1. 075 V 100Ω R 1. 25 V common mode Limitations • • • The resistors, R, with the receiver input capacitance form a lowpass filter which may degrade the signal 100Ω & 10 p. F has a time constant of 1 ns which would need careful consideration at 200 Mb/s (5 ns bit period) but should be OK at ≤ 100 Mb/s 100Ω is useful but we could wish for more … Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 10
At the transmitter 0 V / 2. 5 V 305Ω 350 m. V 100Ω 305Ω 2. 5 V / 0 V 1. 25 V common mode Features • • • Same output differential and common-mode voltage (LVDS) Series resistance driving a matched transmission line and load – there is no capacitive loading and no data-rate reduction 305Ω provides a useful current limit (50 m. A at 15 V over-voltage at the driver output) Supply current is just 3. 5 m. A – same low power as before Other, similar, circuits can be used for higher output source voltages – with greater protection. Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 11
Conclusions • We have identified a failure mechanism that can cause a failure cascade causing damage to both the nominal and redundant systems • This can be alleviated by using fail-safe current limiting devices – discrete resistors – in conjunction with (discrete or in-built) voltage limiting devices (Whilst fully complying with the definition of EIA/TIA 644 A – LVDS) Space. Wire Physical Layer Fault Isolation, Barry M Cook (4 Links Limited), Wahida Gasti (ESA), Sven Landstroem (ESA) at ISC 2008 12
- Slides: 12
