Design of a fault-tolerant COTS-based bus architecture

This paper describes the authors´ approach to using commercial-off-the-shelf (COTS) products in highly reliable systems. The methodology calls for multilevel fault-protection. The methodology realizes that COTS products are often not developed with high reliability in mind. Nevertheless, by using multi-level fault protection, the same level of reliability as the traditional full-custom fault tolerance approach can be achieved. This methodology allows more freedom for design trade-offs among the fault-protection levels, which can result in less complicated designs than the traditional strictly-enforced fault-containment policy. This paper covers the authors´ experiences and findings on the design of a fault-tolerant avionics bus architecture comprised of two COTS buses, the IEEE 1394, and the I²C, for the avionics system of X2000 program at the Jet Propulsion Laboratory. The X2000 design is judicious about ensuring the fault-tolerance provisions do not cause the bus design to deviate from commercial standard specifications, so that the economic attractiveness of using COTS is preserved. The hardware and software designs of the X2000 fault-tolerant bus are being implemented, and flight hardware will be delivered to the Europa Orbiter missions. This work provides an example of how to construct a highly reliable system with low-cost COTS interfaces