b. todd ab/co/mi bis audit 18 th september 2006 signal integrity electro-magnetic compatibility...

B. Todd AB/CO/MI BIS Audit 18th September 2006

Signal IntegrityElectro-Magnetic Compatibility

Dependability

LHC Beam Interlock System 2 of 37 [email protected]

2. Electro-Magnetic Compatibility- The different link types- Preventive measures- Test results

1. Signal Integrity Analysis - The five types of signals- Simulation results- Rules for designs

3. Dependability Analysis- FMECA method- Results- Conclusions


Signal Integrity Analysis

Five different types of signal in the BIS…

1. Current Loops from CIBU to User System (<4m)2. RS485 Channels from CIBU to BIC (<1200m)

3. Single Mode 1310nm Fibre Optic Links (<6000m)

User Permit A

User Permit B

Beam Permit Info

Test

Monitor

<1200m

USERINTERFACE

ELECTRONICS

BEAMINTERLOCK

CONTROLLERELECTRONICS

true false

‘DC’ Signals

Encoded Data Frames

User Permit A

User Permit B

Beam Permit Info

USERSYSTEM

ELECTRONICS

<4m

Permit Loop Beam-1 Anti-Clockwise

Permit Loop Beam-1 Clockwise

Permit Loop Beam-2 Clockwise

Permit Loop Beam-2 Anti-Clockwise

To/FromNext/

PreviousBICs

<6000mCurrent Loops RS485 Channels Fibre Optics

1 2 3


Signal Integrity Analysis

CIBM

CIBT

CIBT

CIBM

SLPR

CIBEA

CIBEA

CIBEA

CIBEA

CIBEB

CIBEB

CIBU

VM

E B

ack

pla

ne

CIB

PS

or

CIB

PL

4

CIBM

MATRIX A

MATRIX B CIBO

CIBO

MONITOR

Tra

nsc

eiv

ers

Tra

nsc

eiv

ers

Tra

nsc

eiv

ers

VME

RS485

RS485

Permit Loop Anti-Clockwise

Permit Loop Clockwise

5


4. RS485 Channels internal to BIC (<1m)5. TTL or LVTTL signals on a board (<15cm)


Fundamental Properties


Type-1 : Current Loops from CIBU to User System (<4m) - DC mode Type-2 : Channels from CIBU to BIC (<1200m) - DC mode for critical 62.5khz for data

Type-3 : Single Mode 1310nm Fibre Optic Links (<6000m) – 8 – 8.192 – 10MHzType-4 : RS485 Channels internal to BIC (<1m) - DC mode or 250kHz dataType-5 : TTL or LVTTL signals on a board (<15cm) – Clocks, Data, Flags

Rules:3W rule for cross talk

Sheilded Twisted Pair 90-Ohm CERN NE12Ground Planes, Power Planes, UNINTERRUPTED!

Long links have similar impedances 50-200 Ohm (not controlled though)Slew-rate limited signals where possible


PCB principles

POWER PLANE

+ -

GROUND PLANE

+ -

TOP LAYER

BOTTOM LAYER

ACTIVE PCB

Components Soldered on TOP

Components Soldered on BOTTOM

+ -

+ -

GROUND PLANE

INT2 LAYER

INT1 LAYER

GROUND PLANE

GR

OU

ND

VIA

CONNECTING PCB


Type-1 IntegrityCurrent Loops from CIBU to User System (<4m)

Vuser

UserPermit

CurrentRegulator

CurrentDetector

Simple Circuit… Switched Current LoopSwitch can be a relay or transistor

Vuser can be 5-24V

Current Regulator

Switch

VUSER

BEAM_PERMIT_INFO similar – slow optocoupler = ~100us to change


Type-2 IntegrityRS485 Channels from CIBU to BIC (<1200m)

Electrical length = 10.6 (I can explain…)i.e. High Frequency, so impedance has to be considered

All the links in every configuration will work acceptably!!

(Slew-Rate Limited Transceivers)


Type-3 IntegritySingle Mode 1310nm Fibre Optic Links (<6000m)

Optical – EMC is not an issue


Type-4 IntegrityRS485 Channels internal to BIC (<1m)

Consider the Safe Beam Flag that is transmitted through the Patch Panels and Extenders

LHC SPS

All the signals like this have an electrical length <<0.05… NO PROBLEM!

(Slew-Rate Limited Transceivers)


Type-5 IntegrityTTL or LVTTL signals on a board (<15cm)

Rise Time

[ns]

Equivalent Frequency

[MHz]

Equivalent Wavelength

[m]

Maximum Trace Length

[cm]

0.5 637 0.28 1.41 1.0 318 0.57 2.83 1.5 212 0.85 4.24 2.0 159 1.13 5.65 2.5 127 1.41 7.07 3.0 106 1.70 8.48 3.5 91 1.98 9.90 4.0 80 2.26 11.31 4.5 71 2.54 12.72 5.0 64 2.83 14.14

Electrical Length <0.05… Look up table created:

All OK!Biggest constraint on CIBO – Output = 1.1ns rise time so <3cm

From AD8611 O/P to CPLD


Electro Magnetic Compatibility

UserSystem

Electronics

UserInterface(CIBU)

BeamInterlock

Controller

Shielded & Twisted PairCable

Shielded & Twisted PairCable

Rules:Power Planes and Ground Planes, Grounded copper pours everywhere!

Ground = Earth = Chassis = 0VESD pins on Front PanelsESD strips on VME PCBs

Transient Voltage Suppressors on ALL links that leave an enclosureSheilded (360-degrees) twisted pairs, with dedicated ground wires inter-system



The idea is:

This system is rock solid for EMC

Test it to the HIGHEST EMC levels (industrial 4.0kv same as power systems)Set an example for others using modern techniques NOT the same as LEP

No fear to implement traditionally unaccepted principles.


TT40 BIC in BA4…


Testing CriteriaTests according to the IEC-61000 for electrical systems:

Severity Level Power and Grounds

1 0.5kV

2 1.0kV

3 2.0kV

4 4.0kV

Results categorised into four different types:

Test Result Description Example

A No Noticeable Fault No signals are seen to be perturbed

B Corrected Fault Critical Signal error, corrected by BIC

C Fault Critical Signal error, not corrected by BIC

D Complete Failure Loss of power / control

Ideally: A at 4.0kV

1. User Permit set to FALSE = see if EMC makes it TRUE

2. User Permit set to TRUE = see if EMC makes it FALSE

Unsafety

False dumps


Recommended Interconnect

CIBU to Controller


CIBU to Controller 1/2

.

Cable with FULL Shields FULL Grounds

Full Shield, Full Ground Severity Level

User System Output 0.5kV 1.0kV 2.0kV 4.0kV

TRUE A A A A

FALSE A A A A

Results


CIBU to Controller 2/2

.

Cable with FULL Shields NO Grounds

Full Shield, No Ground Severity Level


TRUE A A A A

FALSE A A A A

Results


Recommended Interconnect

User System to CIBU


User System to CIBU 1/3

.

Cable with FULL Shields FULL Grounds

Results

Full Shield, Full Ground Severity Level


TRUE A A A A

FALSE A A A A



Cable with Pig-tail Shield No Grounds

Results

Two Pig-tails, No Ground Severity Level


TRUE A A A D

FALSE A A A D

Power PC Crashed – Ethernet Controller Stopped responding



Cable with One Pig-tail Shield No Grounds

Glitches recorded in History Buffer

One Pig-tail, No Ground Severity Level


TRUE A B B C

FALSE C C C C

Permit FALSE on each salvo

Permit TRUE on each salvo


VME Power Supply

VME PSU, Specified as “IEC-61000 Tested”

Severity Level

0.5kV 1.0kV 2.0kV 4.0kV

VME PSU A A A A

Results


CIBU Power Supply

CIBU PSU (CIBD), Specified as “IEC-61000 1kV”

Supply has been double encased, and has mains filter

Severity Level

0.5kV 1.0kV 2.0kV 4.0kV

CIBU PSU A A A D

Power PC Crashed – Ethernet Controller Stopped responding, SW Permit FALSE

Results



The idea is:

This system is rock solid for EMC

Test it to the HIGHEST EMC levels (industrial 4.0kv same as power systems)

Set an example for others using modern techniques NOT the same as LEPNo fear to implement traditionally unaccepted principles.

No problem – written a specification for User System interface to the BIS Will be approved in collaboration with User Systems… and we’re in business for 2007


FMECAThe defined safety of the MPS is based on IEC61508

-Define losses NOT in human life, but machine downtime & repair cost

--If the LHC is not protected properly, it is considered a catastrophic failure will happen in 20 years operation

Combined MPS Safety


So… SIL3 or better?? = FMECA

Failure Modes, Effects and Criticality Analysis

In what way can something go wrong?…

…when it does go wrong, what happens to the system?…

…and just how much of a problem does this cause?


FMECA

FMECA starts at the Component Level of a system

get subsystem schematics, component list, and understand what it does

Break a large system into blocks, defining smaller, manageable sub-systems

get MTBF of each component on the list, derive PFAIL(mission)

derive failure modes and failure mode ratios for each component

explain the effect of each failure mode on both the subsystem and system

determine the probability of each failure mode happening. Draw conclusions!

MIL

-STD-1

629

FMD-97

MIL-HDBK-338

MIL-HDBK-338

MIL-HDBK-217


FMECA

MIL-HDBK-217F or manufacturer

FMD-97

MIL-HDBK-338

Bill of Materials


FMECA

Designer Knowledge MIL-HDBK-338

Schematic

multiply through


FMECA

Since there are NO single points of failure, double failures have been considered to derive BF


FMECA

SIL 4

1% of all fills are lost due to a failure of the BIS


Extrapolating…Hourly rate is based on MIL, Manufacturer etc.

Extrapolation is non-trivial, whole MPS FMECA approach to be verified by another PhD!


FIN


ELECTRICAL LENGTH

● The equivalent frequency of this signal can be found from the equation:

● This means that the 200ns rise-time has an equivalent frequency of 1.6MHz, the wavelength of such a signal is defined by:

● Tests reveal that the wave propagation velocity (v) is approximately half the speed of light in a vacuum (c) in the NE12 Cable from User Interface to Controller case, leading to a wavelength definition of:

● This leads to a wavelength of 112.5m, now the ‘electrical length’ of the signal is defined as:

● The longest length (l) expected in the machine is around 1200m, applying this yields an electrical length of 10.6, this is well above the limit for low-frequency design, as an electrical length greater than 0.05 has to be treated as high-frequency

rr tf

1

fv

f

c

5.0

l

E

b. todd ab/co/mi bis audit 18 th september 2006 signal integrity electro-magnetic compatibility...

Documents