5.15.

8 Integrated Modular Avionics

Introduction

Since the introduction of electrical and avionics systems in aircraft the systems have
tended to be of the ‘standalone’ single black box type. A standalone system is one in
which each of the aircraft functions, which consist of sensors, processing units, and
actuators; often with many Line Replaceable Units (LRUs) and dedicated to a single
function. In general, data is not shared between the different aircraft systems. When
looking at the avionics bay of an older aircraft, all contain identifiable units or “black boxes”
with one set function, examples would be an inertial navigation system or anti-skid
system. Each system has its own interfaces to sensors and actuators, the data is not
shared, but it does have the advantage of providing an inbuilt separation of functions.
The interfaces linking the items consist of data buses, specific analogue or discrete
signals.

Figure 38

The disadvantages of this kind of technology are:

 LRUs have one function with specifically developed hardware and software.
 Systems are developed from scratch, lack of technology re-use.
 Modifications or upgrades are costly or impossible.
 Increased weight and power consumption; each unit needs its own cooling and
dedicated power supplies.
 LRUs not interchangeable so more spares have to be kept in stock.

This traditional approach to avionics has changed by moving towards increased

integration (figure 39). The most important advantage is that information can be shared
between several systems.
 Figure 39

Modular construction has been introduced at hardware module level. Looking inside an
LRU several modules can be identified that perform a specific function such as displays,
flight management, autopilot. A characteristic, which is a disadvantage, of these Line
Replaceable Modules (LRMs) is that they are developed according to a suppliers own
design standards and specifications.

To ease maintenance, modules have a standard physical layout that fits within a modular
concept unit (MCU), which in itself is an LRU. An MCU is an ARINC Specification 600
volume and size limited box, it provides the aviation industry with standard size casings
(black boxes). An advantage, which was the same for standalone systems for these
integrated modular architectures, is the inbuilt separation between individual systems.
There is still a strong connection of aircraft function to a module, so preventing the
swapping of different modules. Equipment suppliers own standards are used, making any
changes and modifications still expensive.

The Integrated Modular Avionic System

As further integration of systems has become easier with advances in aircraft design the
need for a fully Integrated Modular Avionic (IMA) systems have become important. The
trend in avionics system architectures is for general purpose avionics computers, defined
as platforms.

Figure 40
A platform does not perform any avionics function, but provides communication,
computing and memory resources to the avionics applications (software) (figure
40). This is the same as a home computer, which provides the required resources for the
software (applications) to work. The resources are hardware, communication, memory
and operating system.

The platform is a generic central processor unit (CPU) having the ability to operate
several types of system. The core software inside the platform provides the partitioning
of the functions, which can now be spread across the architecture. The platforms are
common digital modules or units with standard input/output interfaces. Data
communication throughout the architecture takes place on data networks, such as
Avionics Full Duplex Switched (AFDX) Ethernet. Some older (legacy) equipments are
still required to be used so special-to-type interfaces are required to link with this
equipment. Once data is transferred to a network, the network will configure itself in such
a way that the information is routed to the correct destination, this helps ease the system
integration problem.

The Generic Platform with Open Systems Interface

An open system is an architecture whose specifications are public, anyone has access to
the common design specifications it is not restricted to a single designers standards. An
open system is allowed to use officially approved standards as well as privately designed
standards whose specifications are made public by the designers.

Each avionics computer has a standardised open systems

Platform
interface, which is defined as an application programming
Application

Application
Application
interface (API). Normally this API layer is a defined
standard such as ARINC 653, this allows third parties to
develop applications for the platform, enhancing
competitiveness of both avionics platform and application
suppliers. A platform can host several aircraft applications, API
which are usually software, but could also include Operating Systems
application specific hardware. Other layers within the CPU IO
platform will be the IO function and operating system. The
software applications are fully isolated by software
partitioning mechanisms. Partitioning enables a safe
sharing of the processing resource (time), the memory
(space) and communication means (input/output). In this Network
situation it does not matter where the applications are Figure 41
hosted, as long as they get their required resources.
When looking at the communication between applications housed on platforms there in a
concept to understand about communication. There is what is called a logical channel
which does not exist in a physical sense but describes applications communicating with

Figure 42

each other (figure 42). The way in the physical world it does it is through the physical
channel, the physical channel being the data network.
Applications will send and receive their data through logical ports. They are not aware
that the platform on which they are hosted is taking care of the physical communication.
The application can be on the same platform, but can also be hosted by another platform
somewhere in the network.

Rack or Unit Approach

In addition to flexible communications, the open systems IMA architecture also provides
flexibility in hardware architecture. The platforms can be built as modules that have to be
placed into a environmentally conditioned rack, or the platform itself can be a completely
integrated unit. With the rack approach (figure 43) the rack itself is a LRU and the
platforms consist of line replaceable modules (LRMs) inside this rack. The advantage of
this approach is reduced weight and optimised power consumption because the platforms
share environmental protection and conditioned power. A disadvantage of this approach
is that the rack needs to be opened to replace platform modules usually this cannot be
performed during regular maintenance, the complete rack will be taken to a maintenance
workshop.

Figure 43
With the unit system (figure 44) each platform is contained within a completely integrated
LRU having its own power supply and environmental protection. This approach eases the
maintenance process as the suspect LRU can be easily taken out of the avionics bay and
replaced.

Figure 44
Fault Tolerance

A key idea of an IMA system is fault tolerance, it is not important where an application is
hosted. The fact that applications are not aware of each other, enables a mechanism for
a fault tolerant architecture. There can be more than one copy of an application, creating
redundancy in the system (figure 45) In the event of a failure the system can use a spare
application, if there is no spare application then there will be systems which are more
important than others. So the less important application can be removed and the more
important one put in its place. The platform must be aware of this replication and must
also have the mechanism to manage the multiple applications, but once that mechanism
is put in place, building a fault tolerant architecture is just a matter of defining the correct
configuration.
Figure 45

Platform Platform

Application

Application
Application
Application

Application
Application

API API
Operating Systems Operating Systems
CPU IO CPU IO

Network Network

Advantages of the Open System IMA

 Platforms are standard building blocks interoperable and ‘plug-and-play’.

 Possible to mix components from different suppliers.

 Most complex part of the system is at the application level, this is the most costly
to design and produce. As there is now a clear interface between the applications
and the underlying computer platform there is a reduced hardware obsolescence
issue. Platforms can be replaced and the expensive (mission) software can be
reused.

 The platform is developed according to open standards so it is possible to have

third-party application and add-on development. This increases flexibility in
supplier selection.

 The platforms contain configuration tables to define application resource allocation

and communication infrastructure. With open systems IMA this provides a flexible
design that can be changed and optimised at a later stage during development.
Disadvantages of the Open System IMA

 Different building blocks of the system architecture may be provided by different

suppliers. In order to develop an application on top of a platform, all information
needs to be open source. This creates a problem with intellectual property rights
(IPR). Suppliers want to protect their knowledge, sometimes unwilling to provide
required information.

 An issue is the integration responsibility, the architecture building blocks strongly

depend on each others performance, module suppliers cannot take the full system
responsibility. At the same time application suppliers depend on the platform
performance but is not their responsibility. Adding the qualification and certification
issues to this increases the challenge.

 The use of third-party equipment and software can become an issue. Most of the
time it is unclear if the documentation is accurate and complete. Moreover in most
cases it is not easy to transfer the required design data.

 It is generally assumed that standardisation contradicts high performance. A

standardised programming interface (API) is never optimised for a certain
application and will introduce additional overheads in the system the same applies
to standardised communication.

 The configuration tables, which are mentioned in the advantages above, also has
a less positive side. In a complex architecture a lot of parameters need to be
managed. Configuration consistency and completeness is essential.
Network Communications

Linking together the parts of the avionics system

using the IMA approach has moved away from the
fixed data bus such ARINC 429. ARINC 429 uses
up to 2 data buses to have bi directional
communication, theses data buses are fixed and are
only used for this purpose of linking fixed systems.
For the end systems in figure 46 (we also call it a
platform), if they all required to talk to each other,
would need 15 data buses, twice that if we wanted
communication to be bi-directional, a lot of wiring!

Figure 46

In order to allow a reduction in the number of data

buses required the IMA type system has moved onto
a network. Here platforms, which house multiple
applications, are still linked by fibre optic or data
cables (two twisted pair wires), but now over a network
in the example on the left we would have 12 cables.
Central to the system are switches these devices know
what the route should be for packets of information
and directs the signal to the correct place or places
based upon information which is contained in the
Figure 47 packets (figure 47) Should part of the route be blocked
they may be able to re-route the packets via other
switches. Figure 48 shows the simple interconnection of platforms by multiple switches,
as long as the connection to a platform is serviceable once a packet gets to a switch it
can go in any number of ways to reach its destination.
 Figure 48

Virtual Links

The links between the systems are fixed; we can see that
there are less of them, so saving weight and space.
Remember that each platform can contain many
applications that will mean having to share the transmission
cable. To allow many transmissions along a physical link
the time allowed for an application to send data is restricted.
By having only a set period of time for data transmission for
an application we create what is known as a virtual link (VL), Figure 49
it is a form of timeshare of the available physical link (figure
49).

This type of network is called an Avionics Full Duplex Switched Ethernet (AFDX) and is
part of the ARINC 664 part 7 protocol. It is based upon the normal Ethernet standards
that we all use for our normal ground based computer networks. To understand the
transfer of data on AFDX network we will first have to look at an Ethernet IEEE 802.3
network to understand why in an aircraft we do things slightly differently.

Ethernet

An Ethernet system transmits information known as a packet, to another device over a

network, one computer to the next. The two devices talk to each other, called
handshaking; handshaking can be about things such as ‘How are we going to transfer
information?’ or “I have received it’. When a packet is received it is stored until all the
other packets in a message arrive, it then sorts them into the correct order before passing
them on to the next layer in a platform. The receiver sends an acknowledgement
message back to the transmitter about the successful reception of packets; to confirm
that they have been received. This acknowledgement, or lack of it allows the transmitter
to know if it has to re-send any missing packets. Packets can and do get lost on the
network caused by things such as colliding signals going in opposite direction; despite
collision protocols (set of rules) existing to reduce the possibility. The protocols organise
and control data flow within the network they are called Transmission Control
Protocol/Internet Protocol (TCP/IP), their job, to organise and control data flow within the
network.

There are disadvantages with the Ethernet system:

 Resending of packets can cause a delay.
 We are transmitting receipt data back to an originating transmitter this decreases
the available bandwidth of the system and reduces the amount of data we can
transmit over a certain time period.
 Ethernet is a half duplex system; a half-duplex data transmission means that data
can be transmitted in both directions on a signal carrier, but not at the same time.

AFDX

AFDX solves these problems by using what is called User Datagram Protocol (UDP);
datagram is another name for a packet. UDP uses a simple transmission model without
any real form of handshaking; this means there is less traffic on the system because there
are no packets sent about the successful reception of packets. Now in any network,
packets can take a different route to arrive at the same destination, remember in Ethernet
802.3 we sort received packets into an order before moving them on to make sure the
information is in the right order. In a real time system this may cause unacceptable
delays, imagine the problems in a flight control system waiting for a complete message
to be sorted to then allow movement of a control surface? With UDP, packets may still
arrive out of order, appear duplicated, or be lost, if any of this happens the UDP just
ignores the fact. This way UDP avoid the overhead of processing, sorting or requesting
packets be resent, it is better to lose packets than to have them delayed, this allows real
time processing, think of it as listening to someone talking but missing out an occasional
word, you can still make sense of what they are saying.

In order to increase reliability and reduce the problem of lost packets consists of 2
separate networks, both operating at the same time with the same information; a duel
redundant network (figure 50). All packets have an identifier within them that describes
their position in a sequence of packets, a sequence number (SN). When the packets
reach the destination, and they may arrive at different times due to taking different routes,
they enter the platform on separate inputs. In the platform they are error checked then
compared in a redundancy manager (RM) and the one with the latest SN is then passed
to the application, the oldest SN is disposed of.
Figure 50
As with other data transmissions the information sent has to take a prescribed format, the
AFDX data word consists of source and destination information, the payload
(information), sequencing information and error checking information (figure 51).

Source & Destination Information Data Sequence Error

No Checking

MAC MAC Type IP UDP AFDX

Padding SN FCS
Destination Source IPv4 Header Hearer Payload

Figure 51

The size of the AFDX packet will vary depending on the amount of payload information
sent, over all the size can range from 64 to 1518 bytes. The larger the frame the more
time it will take to transmit, the more space (bandwidth) it takes.

A detailed description of the contents of a packet (also known as datagram or data frame)
are beyond the scope of this text but a basic description is as follows:

 MAC Destination – media access code is a unique identifier assigned to network

interfaces.
 MAC Source - media access code is a unique identifier assigned to network
interfaces.
 Type IPv4 – a connectionless protocol.
 IP Header - routing information.
 UDP Header – routing information.
 AFDX Payload – AFDX payloads are between 1 and 1471 bytes long. The
minimum payload size is 17 bytes, if the payload is less than this then padding
bytes are added to make it a minimum size.
 SN - sequence number.
 FCS – frame check sequence, the transmitting platform carries out a calculation
using an algorithm, the result is the FCS. The receiving platform carries out the
same calculation, if the 2 FCS figures match the frame is accepted, if they are
different then there is an error and the frame disposed of.

Speed 10/100 Mbits: 10 Mbits for safety critical systems

Full duplex on shielded two twisted pairs or fibre

Transmission
optics

End Stations Up to 1024