A602

PowerPC Safe Computer

6U VME64

Discontinued Product

A602 Triple-Redundant 6U VME PowerPC® SBC

Main Features

3x PowerPC 750 (lockstep mode), 3x 512 MB DDR RAM
Fail-operational, fault-tolerant behavior
Fail-safe and fail-silent board architecture
Clustering of two A602 to raise availability
Board management, BITE
SEU (radiation) tolerant
Certifiable up to SIL 4 (with report from TÜV SÜD) and DAL-A
Developed according to RTCA DO-254, EN 50129 and IEC 61508
EN 50155 compliance
Up to -40 to +70°C with qualified components
Convection or conduction cooling

Description

The A602 is a 6U 64-bit VME COTS computer with onboard functional safety that realizes triple redundancy on a single board to achieve fail-operational, fault-tolerant behavior. The board can also act as a fail-silent subsystem, i.e. it can shut down in case of a fatal fault. Its complex FPGA-based design helps dramatically lower software development costs as it automatically manages the system's triple-redundant processors and memory. The result: The system's redundant architecture is fully taken advantage of by software designed for a standard single-CPU board.

The A602 is designed for deterministic operation and offers extensive BITE features (e.g., ECC error counters for all types of memory, monitoring of all internal voltages), internal buses with error correction and fault-tolerant (fail-operational) implementation. Its three processors run in lockstep mode with 2-out-of-3 (2oo3) voting implemented in FPGA and software-assisted resynchronization, while its triple redundant dynamic memory automatically corrects upsets caused by cosmic radiation (SEU) and hardware faults. The system is powered by redundant local power supplies with separate power supplies for the three CPUs and the three main memory ranks.

The A602 has been developed according to DO-254, compliant to DO-160 and certifiable up to DAL-A in avionics applications. Additionally, the product meets the requirements of EN50128/EN50129 and can be deployed in signalling and rolling stock applicationsup to SIL 4. All I/O is realized in SEU-resistant FPGAs and available on the system's rear connectors. Additionally, the A602 offers two PMC slots with rear I/O for PMC1. As an option, the second PMC slot can be customized for an AFDX PMC (rear I/O only). A second A602 can be connected to build a high reliability/availability cluster. The two A602s exchange data via a sextuple UART connection and a BMCX link.

CPU

3x PowerPC 750 CL
- Scalable performance
- 1 GHz processor core frequency
- Superscalar
- Classic PowerPC FPU, MMU
- CPU bus to FPGA: 100-MHz/64-bit
Lock-step operation
- All CPUs do the same thing at the same time
- 2-out-of-3 voting in FPGA with CPU bus clock speed (100MHz)
- Software-assisted resynchronization
- No functional interruption in case of an SEU inside the CPU
Chipset
- North- and Southbridge realized in FPGA

Memory

2x 32 kB L1 cache, 1MB L2 cache integrated in each CPU
3 independent ranks of 512MB DDR SDRAM system memory, FPGA-controlled
- 100MHz memory bus frequency (32 bit)
- Up to 800 MB/s
- 2-out-of-3 voting in FPGA
- Scrubbing to prevent accumulation of SEU
- No functional interruption in case of an SEU inside the memory
2 independent ranks of 256MB Flash, FPGA-controlled
- Primary and backup Flash ranks contain the same data, auto-selection by boot loader
- ECC protection
1MB FRAM
- ECC protection
4KB serial EEPROM for production data (serial number etc.)

I/O

All I/O realized in FPGA and available at rear I/O
Sextuple UART
- E.g., for communication with other A602
- Data rates up to 460,800 Baud for each channel
- Handshake lines: none
RS232 UART
- Also available at front panel
- Data rates up to 460,800 Baud
- 2x 256 Byte transmit/receive buffer
- Handshake lines: none
I²C bus

Mezzanine Slots

Two PMC slots

32 bit/33 MHz, 3.3V V(I/O)
PMC slot 1 with rear I/O

Miscellaneous

Voltage monitoring
Temperature monitoring
Watchdog
Reset signal control
Control of redundant power supplies
Sleep mode
- Lowers power consumption in case of primary power supply interruption
- Power failure indicated through signals from backplane
- Supports power interruptions specified in Airbus directive ABD0100.1.9
- CPUs and memory can be put into sleep mode
Redundant clock generation
Connection with second A602 possible (with special backplane)
- Control of shared outputs
- Exchange of state information
- BMC and 6x UART link

Local PCI Bus

32-bit/33-MHz, 3.3V V(I/O)
Compliant with PCI Specification 2.2

VMEbus

TSI148 controller
Compliant with VME64, VME64 and 2eSST specification
Slot-1 function with auto-detection
Master
- D08(EO):D16:D32:D64:A16:A24:A32:ADO:BLT:RMW
1MB shared fast SRAM
Mailbox functionality
Single level 3 fair requester
Single level 3 arbiter
Bus timer
Location Monitor
Performance
- Coupled read/write D32 non-block transfer rate 6.5 MB/s

Electrical Specifications

Dual power input from VMEbus, uninterrupted (EN 50155, Class S1)
- +5V (-3%/+5%)
- +3.3V (-5%/+5%) optional
- Standard backplane supplies both input rails with power
- Continued operation if one power input fails (or is not present)
- Separate power supplies for the three CPUs and the three main memory ranks
Supply voltage/power consumption:
- 33W (39W when 3.3V are not supplied)
- 6 W (optional +3.3V supply)

Mechanical Specifications

Dimensions: standard double Eurocard, 233.3mm x 160mm
Weight (without mezzanines and accessories): 548g

Environmental Specifications

Temperature range (operation):
- 1-slot models: -40..+55°C, temperature classes T1, T2, and TX inside buildings, or in containers with temperature control for signalling equipment, according to EN 50125-3, table 2
- 2-slot models: -40..+70°C, temperature classes T1, T2, and T3 for equipment onboard rolling stock, according to EN 50125-1, table 2
- Airflow: min. 2 m/s
Temperature range (storage): -40..+85°C
Relative humidity (operation): max. 95% non-condensing
Relative humidity (storage): max. 95% non-condensing
Altitude: -300m to +2,000m (EN50124, Class AX)
Compliant to EN50125-1, meeting requirements of EN61373, Cat. 1, Class B and Classes GTX, GL3 for rolling stock
- Shock: 50 m/s², 30 ms (EN 61373)
- Vibration (function): 1 m/s², 5 Hz - 150 Hz (EN 61373)
- Vibration (lifetime): 7.9 m/s², 5 Hz - 150 Hz (EN 61373)
For signalling equipment, a distance of 3m from the track bed is required
Protection class IP00 (EN50124, Category PD1)
All components soldered

MTBF

270 311 h @ 40°C according to IEC/TR 62380 (RDF 2000)
424 061 h for continuous operation @ 25°C according to IEC/TR 62380 (RDF 2000)

Safety

Erroneous behavior of CPU/memory subsystem < 1E-8 / h
- Considering hardware failures and worst-case SEU environment
PCB manufactured with a flammability rating of 94V-0 by UL recognized manufacturers

EMC Conformity

EN55011 (radiated emission disturbances - rolling stock)
EN 61000-6-4 (radiated emission disturbances - signalling equipment)
EN 61000-4-3 (electromagnetic field immunity)
EN61000-4-2 (electrostatic discharge immunity)
EN61000-4-8 (power - frequency magnetic field)
EN61000-4-9 (pulsed magnetic field)

BIOS/Boot Loader

MENMON

Software Support

VxWorks, VxWorks/Cert
PikeOS

A602

PowerPC Safe Computer

Main Features

VxWorks

Firmware/BIOS

Markets

Products

Company

Whistleblower Line

Follow Us