Vetronics Research Centre
Vetronics Research Centre
Home :: About :: People :: Research :: Training :: Collaborators :: Resources :: News Contact us

Vetronics Verification and Validation Testbed

Verification: The process of evaluating software to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase. [IEEE-STD-610]
Validation: The process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements. [IEEE-STD-610]


The Vetronics Verification and Validation (VVV) testbed is a flexible embedded systems network that has been continuously developed and expanded by the VRC, and used as a tool to evaluate current and future vetronic networks and systems.

Started as a simple testbed as part of the development of the VSI Bridge consisting of a two MilCAN based segments, has since evolved into a fully interconnected and reconfigurable complex system of safety-critical, deterministic, and high speed networks, bridges, gateways, and a centralised parallel stimulus and event monitoring system.

The system emulates a complex vetronics network of a military vehicle configured using functional segmentation where devices and sub-systems are grouped together based on their primary function.

VVV Testbed Diagram

VVV testbed network

The testbed consists of the following networks:

  • MilCAN - Three independent segments with and a MilCAN backbone, with a secondary single network for fault-tolerance.
  • Ethernet - Gigabit ethernet backbones for data and video distribution.
  • TTP / FlexRay - Independent safety-critical networks.

MilCAN

The MilCAN network consists of three isolated segments (Utilities, Automotive, Multimedia) connected to a MilCAN backbone and Ethernet backbone via two VSI Bridges and an embedded cut-through bridge. A secondary MilCAN network is deployed throughout the whole system as a secondary connection for fault-tolerance. Embedded devices are powered by "in-cable power" of 24V that is stepped-down and regulated within each node, as needed.

Ethernet

Gigabit ethernet provides both video and data distribution connectivity and serves as the general high-speed network of a vehicle. The available bandwidth is capable of supporting a number of compressed MPEG4/JPEG2K video feeds and also control data distribution to the Crew-station units, along with HUMS and monitoring data. Configuration, management, and monitoring of the VSI Bridges is also done through the Ethernet backbone.

TTP / FlexRay

Two safety-critical networks (TTP, FlexRay) are integrated to support functions that demand the necessary qualifications. Although considered independent and isolated from the rest of the system, not to interfere with their sensitive operation, inter-connectivity is available through the VSI Bridge and specialised gateways. Data forwarding outwards the safety-critical networks is unrestricted, while in-flow is available through tight control and integration with the safety-critical application layers.

VSI Bridge

The VSI Bridge is an in-house built intelligent router designed to bridge deterministic heterogenous networks. It consists of a fully configurable routing engine, prioritised queueing and processing elements, and an abstracted interface layer that allows it to be connected to any type of communication protocol such as MilCAN, TTP, FlexRay, Ethernet, and even virtual links to GUIs and other software modules. Remotely managed and monitored, it can be configured to route data cross the attached networks, with all processing done based on the priority of the individual data packet achieving the lowest possible transfer latency without significantly affected by high packet rates of lower priority packets.

MilCAN

The three MilCAN segments (Utilities, Automotive, Multimedia) consist of a number of C167 uC running MilCAN-A with a Fault-Tolerance layer add-on.

Each node handles a distinct function with either real or emulated data. Sensors and devices have been interfaced with the nodes to gather and process data and distribute the information over the MilCAN network. These include GPS, power consumption monitoring, accelerometers, displays, etc. Some more complicated functions, such as engine control, have been emulated at the higher layer while maintaining the most important layers, that is Physical up to Transport/Session.

A MilCAN backbone is used for interconnection of the MilCAN segments along with the FlexRay and TTP segments. This is accomplished via the VSI Bridge and a number of XC167 nodes. The MilCAN backbone is physically connected with the MilCAN segment drop-boxes only to provide in-cable power, while the data lines are disconnected. The XC167 nodes are considered parts of the VSI Bridge MilCAN interfaces, running the MilCAN protocol stack in a dedicated deterministic environment and are connected to the VSI Bridge systems via point-to-point Ethernet using a custom raw ethernet frame based communication protocol (no TCP/IP used) to minimise processing latencies. Interconnection between any of the segments attached to the VSI Bridge is also achieved via the Ethernet backbone, depending on the user's preference. A typical configuration would be to route high priority data through the MilCAN backbone, while low priority and monitoring data are sent via the Ethernet backbone reducing the bandwidth utilisation of the MilCAN backbone.

A secondary MilCAN network is spread throughout all the segments as a redundant connection for fault-tolerance. The MilCAN nodes include a Fault-Tolerance layer that operates transparently of the application layer and upon detection of a fault in the primary network it can negotiate and manage active fail-over of the communication to the redundant network.

Utilities segment

(Utilities segment)

Automotive segment

(Automotive segment)

Multimedia segment

(Multimedia segment)

FlexRay / TTP

The two safety-critical networks integrated in the test-bed, FlexRay and TTP, are used to evaluate the technologies in their isolated operating environment and also as part of an interconnected heterogeneous system.

The two safety-critical networks are connected to the MilCAN backbone via a VSI Bridge and a customised gateway interface protocol.

 

 FlexRay segmentTTP segment

Crew-Station / Stimulus

A central management point is used as a crew-station attached to the Ethernet backbone providing access to the testbed devices and displaying the digital video feeds.

Remote monitoring, management, and reconfiguration of the testbed is achieved by the VSI GUI, a custom configuration tools used in conjunction with a local VSI Bridge that allows direct access to all other VSI Bridges in the system.

The stimulus/monitoring system, a shadow system deployed throughout the testbed with direct connections to a number of nodes in all the segments, has been developed as a custom hardware-in-the-loop (HIL) system. A central device can communicate directly with the application layers of each node, able to trigger actions and monitor events in real-time with fine-grained resolution.

 Crew station

Remotely Operated Vehicle (ROV)

The ROV is a basic demonstrator of the interconnectivity capabilities of the testbed. A digital radio data link connects the unit with a gateway node located in the Utilities segment and allows remote control of the tracks and the onboard camera, and also received telemetry data from the onboard accelerometers. The control data originate from the Automotive segment and the telemetry data are displayed on the LCD unit located in the Multimedia segment.

 ROV
© 2004-2012 Vetronics Research Centre. All rights reserved. Disclaimer & Copyright