|
|
| Line 1: |
Line 1: |
| [[File:PC-Netzteil (redundant).jpg|thumb|Redundant power supply]]
| | 38 yr old Transport Engineer Bedell from Iberville, spends time with pursuits which include classic cars, property developers in [http://ptsvls.com/activity/p/34036/ condo new launch singapore] and soccer. Has toured since childhood and has gone to several places, like City of Graz – Historic Centre and Schloss Eggenberg. |
| [[File:Reliability block diagram.png|thumb|Redundant subsystem "B"]]
| |
| In [[engineering]], '''redundancy''' is the duplication of critical [[wikt:Component|component]]s or functions of a system with the intention of increasing reliability of the [[system]], usually in the form of a backup or [[fail-safe]].
| |
| | |
| In many [[safety-critical system]]s, such as [[fly-by-wire]] and [[hydraulic]] systems in [[aircraft]], some parts of the control system may be triplicated,{{ref|spaceshuttle}} which is formally termed [[triple modular redundancy]] (TMR). An error in one component may then be out-voted by the other two. In a triply redundant system, the system has three sub components, all three of which must fail before the system fails. Since each one rarely fails, and the sub components are expected to fail independently, the probability of all three failing is calculated to be extraordinarily small; often outweighed by other risk factors, e.g., human error. Redundancy may also be known by the terms "'''majority voting systems'''"{{ref|votinglogic1}} or "'''voting logic'''".{{ref|votinglogic2}}
| |
| [[File:Bridge-suspension.svg|thumb|A [[suspension bridge|suspension bridge's]] numerous cables are a form of redundancy.]]
| |
| | |
| == Forms of redundancy ==
| |
| There are four major forms of redundancy, these are:
| |
| * Hardware redundancy, such as [[Dual modular redundant|DMR]] and [[Triple modular redundancy|TMR]]
| |
| * Information redundancy, such as [[error detection and correction]] methods
| |
| * Time redundancy, including transient fault detection methods such as '''Alternate Logic'''
| |
| * Software redundancy such as [[N-version programming]]
| |
| | |
| A modified form of software redundancy, applied to hardware may be:
| |
| | |
| * Distinct functional redundancy, such as both mechanical and hydraulic braking in a car. Applied in the case of software, code written independently and distinctly different but producing the same results for the same inputs.
| |
| | |
| == Function of redundancy ==
| |
| The two functions of redundancy are passive redundancy and [[active redundancy]]. Both functions prevent performance decline from exceeding specification limits without human intervention using extra capacity.
| |
| | |
| Passive redundancy uses excess capacity to reduce the impact of component failures. One common form of passive redundancy is the extra strength of cabling and struts used in bridges. This extra strength allows some structural components to fail without bridge collapse. The extra strength used in the design is called the margin of safety.
| |
| | |
| Eyes and ears provide working examples of passive redundancy. Vision loss in one eye does not cause blindness but depth perception is impaired. Hearing loss in one ear does not cause deafness but directionality is impaired. Performance decline is commonly associated with passive redundancy when a limited number of failures occur.
| |
| | |
| [[Active redundancy]] eliminates performance decline by monitoring performance of individual device, and this monitoring is used in voting logic. The voting logic is linked to switching that automatically reconfigures components. Error detection and correction and the Global Positioning System (GPS) are two examples of [[active redundancy]].
| |
| | |
| Electrical power distribution provides an example of [[active redundancy]]. Several power lines connect each generation facility with customers. Each power line includes monitors that detect overload. Each power line also includes circuit breakers. The combination of power lines provides excess capacity. Circuit breakers disconnect a power line when monitors detect an overload. Power is redistributed across the remaining lines.
| |
| | |
| == Voting logic ==
| |
| Voting logic uses performance monitoring to determine how to reconfigure individual components so that operation continues without violating specification limitations of the overall system. Voting logic often involves computers, but systems composed of items other than computers may be reconfigured using voting logic. Circuit breakers are an example of a form of non-computer voting logic.
| |
| | |
| Electrical power systems use [[power scheduling]] to reconfigure active redundancy. Computing systems adjust the production output of each generating facility when other generating facilities are suddenly lost. This prevents blackout conditions during major events such as an earthquake.
| |
| | |
| The simplest voting logic in computing systems involves two components: primary and alternate. They both run similar software, but the output from the alternate remains inactive during normal operation. The primary monitors itself and periodically sends an activity message to the alternate as long as everything is OK. All outputs from the primary stop, including the activity message, when the primary detects a fault. The alternate activates its output and takes over from the primary after a brief delay when the activity message ceases. Errors in voting logic can cause both outputs to be active or inactive at the same time, or cause outputs to flutter on and off.
| |
| | |
| A more reliable form of voting logic involves an odd number of 3 devices or more. All perform identical functions and the outputs are compared by the voting logic. The voting logic establishes a majority when there is a disagreement, and the majority will act to deactivate the output from other device(s) that disagree. A single fault will not interrupt normal operation. This technique is used with [[avionics]] systems, such as those responsible for operation of the [[space shuttle]].
| |
| | |
| == Calculating the probability of system failure ==
| |
| Each duplicate component added to the system decreases the probability of system failure according to the formula:-
| |
| | |
| :<math>{p}= \prod_{i=1}^{n} p_{i} </math>
| |
| where:
| |
| * <math>n</math> – number of components
| |
| * <math> p_{i} </math> – probability of component i failing
| |
| * <math>p</math> – the probability of all components failing (system failure)
| |
| | |
| This formula assumes independence of failure events. That means that the probability of a component B failing given that a component A has already failed is the same as that of B failing when A has not failed. There are situations where this is unreasonable, such as using two power supplies connected to the same socket, whereby if one socket failed, the other would too.
| |
| | |
| It also assumes that at only one component is needed to keep the system running. If <math>m</math> components are needed for the system to survive, out of <math>n</math>, the probability of failure is{{Citation needed|date=May 2010}}
| |
| | |
| <math>{P}= 1 - ((1 - p)^{(n-m)} C^m_n ) </math>, Assuming all components have equal probability, <math>p</math>, of failure
| |
| | |
| This model is probably unrealistic in that it assumes that components are not replaced in time when they fail.
| |
| | |
| == See also ==
| |
| {{Div col||25em}}
| |
| * [[degeneracy (biology)|Degeneracy]]
| |
| * [[Common mode failure]]
| |
| * [[Data redundancy]]
| |
| * [[Double switching]]
| |
| * [[Fault-tolerant design]]
| |
| * [[Radiation hardening]]
| |
| * [[Factor of safety]]
| |
| * [[Reliability engineering]]
| |
| * [[Reliability theory of aging and longevity]]
| |
| * [[Safety engineering]]
| |
| * [[Self-healing ring]]
| |
| * [[MTBF]]
| |
| {{Div col end}}
| |
| | |
| == References ==
| |
| # {{note|spaceshuttle}} [http://www.research.ibm.com/journal/rd/201/ibmrd2001E.pdf Redundancy Management Technique for Space Shuttle Computers] (PDF), IBM Research
| |
| # {{note|Votinglogic1}}[http://www.elecdesign.com/Articles/ArticleID/6886/6886.html Majority voting systems]
| |
| # {{note|Votinglogic2}}[http://www.aero.org/publications/crosslink/summer2003/06.html Designing Integrated Circuits to Withstand Space Radiation]
| |
| # {{note|powerline}}[http://www.yamar.com/The-Vehicle-Power-Line-as-a-Redundant-Channel-fo-CAN-Communication.pdf Using powerline as a redundant communication channel]
| |
| | |
| ==External links==
| |
| * [http://www.eu-sparc.net Secure Propulsion using Advanced Redundant Control]
| |
| | |
| [[Category:Engineering concepts]]
| |
| [[Category:Reliability engineering]]
| |
| [[Category:Safety]]
| |
| [[Category:Fault tolerance]]
| |
| [[Category:Fault-tolerant computer systems]]
| |
| | |
| [[pl:Redundancja#Inżynieria]]
| |
38 yr old Transport Engineer Bedell from Iberville, spends time with pursuits which include classic cars, property developers in condo new launch singapore and soccer. Has toured since childhood and has gone to several places, like City of Graz – Historic Centre and Schloss Eggenberg.