A Fault-Tolerant On-Board Computing and Data Handling Architecture Incorporating a Concept for Failure Detection, Isolation, and Recovery for the SHEFEX III Navigation System

Abstract

The reliable calculation of a navigation solution in the context of space missions, i.e., the estimation of position, velocity, attitude, and angular velocity of objects moving in Earth's atmosphere and in space, implies a highly reliable, fault-tolerant data acquisition, processing, and transfer within the navigation system and to other systems of a spacecraft. In order to develop a highly reliable system architecture, failure and reliability analyses have to be conducted and concepts for fault and failure detection, isolation, and recovery have to be considered. Redundancies for vital components might be introduced into a system to decrease the failure probabilities of particular functional groups and to increase the overall system reliability up to a level on which all single points of failure are eliminated. While introducing redundancies into a system, concepts for redundancy handling have to be conceived. In this paper, the currently envisaged on-board computing and data handling architecture of the navigation system for SHEFEX III, a sounding rocket mission for the development of hypersonic flight and re-entry technologies within the frame of the German SHEFEX program, is presented. This architecture is intended to have no single point of failure within its system boundaries (one-fault tolerance) and incorporates a preliminary concept for failure detection, isolation, and recovery. Its key characteristic is a double modular hot-redundancy scheme of two on-board computer nodes, which is extended by a Byzantine network of sentinels, monitoring the on-board computers. The considerations with regard to reliability, redundancy handling, graceful degradation, the developed failover and switching approaches, and the associated system- and component-level implementation implications are discussed.