Time-Triggered Protocol

Last updated

The Time-Triggered Protocol (TTP) is an open computer network protocol for control systems. It was designed as a time-triggered fieldbus for vehicles and industrial applications. [1] and standardized in 2011 as SAE AS6003 (TTP Communication Protocol). TTP controllers have accumulated over 500 million flight hours in commercial DAL A aviation application, in power generation, environmental and flight controls. TTP is used in FADEC and modular aerospace controls, and flight computers. In addition, TTP devices have accumulated over 1 billion operational hours in SIL4 railway signalling applications.



TTP was originally designed at the Vienna University of Technology in the early 1980s. In 1998 TTTech Computertechnik AG took over the development of TTP, providing software and hardware products. TTP communication controller chips and IP are available from sources including austriamicrosystems, ON Semiconductor and ALTERA.[ citation needed ]


TTP is a dual-channel 4 - 25 Mbit/s time-triggered field bus. It can operate using one or both channels with maximum data rate of 2x 25 Mbit/s. With replicated data on both channels, redundant communication is supported[ citation needed ].

As a fault-tolerant time-triggered protocol, TTP provides autonomous fault-tolerant message transport at known times and with minimal jitter by employing a TDMA (Time-Division Multiple Access) strategy on replicated communication channels. TTP offers fault-tolerant clock synchronization that establishes the global time base without relying on a central time server[ citation needed ].

TTP provides a membership service to inform every correct node about the consistency of data transmission. This mechanism can be viewed as a distributed acknowledgment service that informs the application promptly if an error in the communication system has occurred. If state consistency is lost, the application is notified immediately.

Additionally, TTP includes the service of clique avoidance to detect faults outside the fault hypothesis, which cannot be tolerated at the protocol level.

Critical applications

TTP is often used in mission critical data communication applications where deterministic operation is a requirement. These operations include aircraft engine management and other aerospace applications. In these applications the TTP networks are often operated as separate networks with separate AS8202NF hardware interface devices and separate, but coordinated, configurations.

The TTP protocol offers the unique feature of having all nodes on a network know, at the same time, when any other node fails to communicate or sends unreliable data. The status of each node is updated to all nodes several times each second.

Technical details

Data communication in TTP is organized in TDMA rounds. A TDMA round is divided into slots. Each node has one sending slot, and must send frames in every round. The frame size allocated to a node can vary from 2 to 240 bytes in length, each frame usually carrying several messages. The cluster cycle is a recurring sequence of TDMA rounds; in different rounds different messages can be transmitted in the frames, but in each cluster cycle the complete set of state messages is repeated. The data is protected by a 24-bit CRC (Cyclic Redundancy Check). The schedule is stored in the MEDL (Message Descriptor List) within the communication controller.

Slot and node Wiki TTP.svg


There is one (1) slot for each node in a TTP network. A node always transmits data (parameters) during its slot, even if the node has no data to send. However a node will only transmit the parameters that it is configured to send for the specific ROUND that the slot is in. A node may transmit parameters 1,2,3 in its SLOT during ROUND x and parameters 4,5,6 in its SLOT during ROUND y.

The slot for a node is determined when the TTP network is designed using PC based utilities TTP Plan and TTP Build. The definition that causes the AS8202NF to transmit specific data or parameters for a given SLOT and ROUND is contained in the MEDL.


The TTP Round holds a slot for each node in the TTP network. The number of ROUNDS in CLUSTER CYCLE is defined using PC based utilities TTP Plan and TTP Build. This information is also contained in the MEDL.

Rounds exist because a node is not required to transmit all of its parameters during its slot. To distribute bandwidth between nodes, each node transmits selected parameters in different ROUNDS.

Cluster cycle

A Cluster Cycle is defined as having a number of Rounds. All nodes have transmitted all of their parameters at the end of a Cluster Cycle. The Cluster Cycle is defined as starting with the first bit of the first slot of the first round.

Balance nodes, slots and cluster cycles

The number of slots is defined by the number of nodes in the TTP network. However, the number of Rounds is determined by the network designer using the TTP Plan and TTP Build utilities.

Clock synchronization

Clock synchronization provides all nodes with an equivalent time concept. Each node measures the difference between the a priori known expected and the observed arrival time of a correct message to learn about the difference between the sender’s clock and the receiver’s clock. A fault-tolerant average algorithm needs this information to periodically calculate a correction term for the local clock so that the clock is kept in synchrony with all other clocks of the cluster.

Membership and acknowledgment

Time-Triggered Protocol attempts to transmit data consistently to all correct nodes of the distributed system and, in case of a failure, the communication system attempts to decide which node is faulty. These properties are achieved by the membership protocol and an acknowledgment mechanism.

Configuration requirements

Each node connected to a TTP network is required to have configuration data sets resident, prior to the startup of the TTP network. The minimum number of data sets for each node is two (2). See hardware section and AS8202NF (below). Each node needs to know the configuration of every other node on the TTP network. For this reason, active nodes are not allowed to join an existing network without the update of configuration data sets of all nodes on the network.

Typical Configuration Data Sets for each node:

  1. TASM for AS8202NF (allows usage of MEDL)
  2. MEDL or Message Descriptor List for AS8202NF (defines data to be exchanged between all nodes)
  3. Compute Platform Configuration. (defines expected data and its utilization)

Data sets TASM and MEDL are created by utilities TTP Plan and TTP Build provided by TTTech. The third data set is often created by the customer and is platform and application specific.


Interface to a TTP network requires the use of the AS8202NF device. [2] This device operates between the computer platform and the TTP network. The AS8202NF is required to be loaded with a TASM (TTP Assembler) and MEDL (Message Descriptor List) configuration data sets prior to operation.

The AS8202NF will communicate on one (1) or two (2) TTP networks.

It is not possible to design and implement a TTP network by simply buying the AS8202NF device. Each design requires license and configuration tools from TTTech or 3rd party.

Commercial applications

TTP has been integrated into a number of commercial applications.

Railway Signalling Solutions

The electronic interlocking system “LockTrac 6131 ELEKTRA” was designed within a cooperation of Thales Rail Signalling Solutions division and TTTech [ citation needed ].

LockTrac 6131 ELEKTRA is an electronic interlocking system that provides the highest levels of safety and availability. The system is approved according to CENELEC standards with safety integrity level 4 (SIL4) and offers basic interlocking functions, local and remote control, automatic train operation, integrated block functionality and an integrated diagnosis system. LockTrac 6131 has two software channels with diverse software, to ensure the high safety requirements. Before getting transmitted externally, the data are checked in the safety channel. A diagnosis device saves all relevant information to allow efficient maintenance in case of failure[ citation needed ].


The system has been used for FADEC (Full Authority Digital Engine Control) systems[ citation needed ]. The Modular Aerospace Control (MAC)-based FADEC for The Aermacchi M346 is scalable, adaptable and fault-tolerant. The key technology enabler in this new FADEC is the use of TTP for inter-module communication. TTP removes the complex interdependencies among modules, simplifying initial application development as well in-service changes and upgrades. It allows all modules in a system to see all data all of the time, thus ensuring seamless fault accommodation without complex channel change logic[ citation needed ].

TTP-based Modular Aerospace Control (MAC), which is a part of the F110 full authority digital engine control (FADEC) system of General Electric, is integrated on the Lockheed Martin F-16 fighter aircraft. TTP, which is used as a backplane bus, supports high levels of engine safety, operational availability and reduced life cycle cost. A significant advantage is that all information on the bus is available to both FADEC channels simultaneously[ citation needed ].

Environmental and power generation systems

For the Airbus A380 TTTech developed the internal communication system for the cabin pressure control system, working together with Nord-Micro, a subsidiary of Hamilton Sundstrand Corporation [ citation needed ].

In cooperation with Hamilton Sundstrand Corporation, TTTech developed a TTP-based data communication platform for the electric and environmental control system of the Boeing 787 Dreamliner. The TTP-designed communication platform prevents an overload in the bus system, even if several important events occur simultaneously. Additionally, TTP-based systems weigh less than conventional systems due to a lower connecter count and less wiring[ citation needed ]. Furthermore, the whole system is more flexible and has a greater modularity than conventional communication systems.

Autonomous vehicles

The two Red Team robotic vehicles competing in the 2005 DARPA Grand Challenge were implemented with "drive-by-wire" technology, in which on-board computers controlled steering, braking and other movements. Three TTP-based TTC 200 units controlled the parking brake and throttle and transmission functions, and one TTP-By-Wire Box controlled the service brake of the H1 Hummer H1ghlander. Drive-by-wire modifications controlled the acceleration, braking and shifting of the Sandstorm[ citation needed ].

See also

Related Research Articles

Time-division multiple access Channel access method for networks using a shared communications medium

Time-division multiple access (TDMA) is a channel access method for shared-medium networks. It allows several users to share the same frequency channel by dividing the signal into different time slots. The users transmit in rapid succession, one after the other, each using its own time slot. This allows multiple stations to share the same transmission medium while using only a part of its channel capacity. Dynamic TDMA is a TDMA variant that dynamically reserves a variable number of time slots in each frame to variable bit-rate data streams, based on the traffic demand of each data stream.

In telecommunications and computer networks, a channel access method or multiple access method allows more than two terminals connected to the same transmission medium to transmit over it and to share its capacity. Examples of shared physical media are wireless networks, bus networks, ring networks and point-to-point links operating in half-duplex mode.

ALOHAnet, also known as the ALOHA System, or simply ALOHA, was a pioneering computer networking system developed at the University of Hawaii. ALOHAnet became operational in June 1971, providing the first public demonstration of a wireless packet data network. ALOHA originally stood for Additive Links On-line Hawaii Area.

A Controller Area Network is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer. It is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. For each device, the data in a frame is transmitted serially but in such a way that if more than one device transmits at the same time, the highest priority device can continue while the others back off. Frames are received by all devices, including by the transmitting device.

IEEE 802.15.4 is a technical standard which defines the operation of a low-rate wireless personal area network (LR-WPAN). It specifies the physical layer and media access control for LR-WPANs, and is maintained by the IEEE 802.15 working group, which defined the standard in 2003. It is the basis for the Zigbee, ISA100.11a, WirelessHART, MiWi, 6LoWPAN, Thread and SNAP specifications, each of which further extends the standard by developing the upper layers which are not defined in IEEE 802.15.4. In particular, 6LoWPAN defines a binding for the IPv6 version of the Internet Protocol (IP) over WPANs, and is itself used by upper layers like Thread.

IS-54 and IS-136 are second-generation (2G) mobile phone systems, known as Digital AMPS (D-AMPS), and a further development of the North American 1G mobile system Advanced Mobile Phone System (AMPS). It was once prevalent throughout the Americas, particularly in the United States and Canada since the first commercial network was deployed in 1993. D-AMPS is considered end-of-life, and existing networks have mostly been replaced by GSM/GPRS or CDMA2000 technologies.

LIN is a serial network protocol used for communication between components in vehicles. It is a single wire, serial network protocol that supports communications up to 19.2 Kbit/s at a bus length of 40 meters. The need for a cheap serial network arose as the technologies and the facilities implemented in the car grew, while the CAN bus was too expensive to implement for every component in the car. European car manufacturers started using different serial communication technologies, which led to compatibility problems.

Ring network

A ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node – a ring. Data travels from node to node, with each node along the way handling every packet.

SpaceWire is a spacecraft communication network based in part on the IEEE 1355 standard of communications. It is coordinated by the European Space Agency (ESA) in collaboration with international space agencies including NASA, JAXA, and RKA.

CANopen is a communication protocol and device profile specification for embedded systems used in automation. In terms of the OSI model, CANopen implements the layers above and including the network layer. The CANopen standard consists of an addressing scheme, several small communication protocols and an application layer defined by a device profile. The communication protocols have support for network management, device monitoring and communication between nodes, including a simple transport layer for message segmentation/desegmentation. The lower level protocol implementing the data link and physical layers is usually Controller Area Network (CAN), although devices using some other means of communication can also implement the CANopen device profile.

Low-energy adaptive clustering hierarchy ("LEACH") is a TDMA-based MAC protocol which is integrated with clustering and a simple routing protocol in wireless sensor networks (WSNs). The goal of LEACH is to lower the energy consumption required to create and maintain clusters in order to improve the life time of a wireless sensor network.

A clustered file system is a file system which is shared by being simultaneously mounted on multiple servers. There are several approaches to clustering, most of which do not employ a clustered file system. Clustered file systems can provide features like location-independent addressing and redundancy which improve reliability or reduce the complexity of the other parts of the cluster. Parallel file systems are a type of clustered file system that spread data across multiple storage nodes, usually for redundancy or performance.


TTP/A is a time-triggered real-time fieldbus protocol used for the interconnection of low-cost smart transducer nodes. In contrast to the Time-Triggered Protocol (TTP), which is a high-speed, fault-tolerant communication network intended for safety critical applications, TTP/A provides a low-speed, low-cost protocol suitable for non-critical applications like car body electronics.

The Time-Triggered Ethernet standard defines a fault-tolerant synchronization strategy for building and maintaining synchronized time in Ethernet networks, and outlines mechanisms required for synchronous time-triggered packet switching for critical integrated applications, IMA and integrated modular architectures. SAE International has released SAE AS6802 in November 2011.


CANaerospace is a higher layer protocol based on Controller Area Network (CAN) which has been developed by Stock Flight Systems in 1998 for aeronautical applications.


OCARI is a low-rate wireless personal area networks (LR-WPAN) communication protocol that derives from the IEEE 802.15.4 standard. It was developed by the following consortium during the OCARI project that is funded by the French National Research Agency (ANR):

A VMScluster, originally known as a VAXcluster, is a computer cluster involving a group of computers running the OpenVMS operating system. Whereas tightly coupled multiprocessor systems run a single copy of the operating system, a VMScluster is loosely coupled: each machine runs its own copy of OpenVMS, but the disk storage, lock manager, and security domain are all cluster-wide, providing a single system image abstraction. Machines can join or leave a VMScluster without affecting the rest of the cluster. For enhanced availability, VMSclusters support the use of dual-ported disks connected to two machines or storage controllers simultaneously.

MyriaNed is a wireless sensor network (WSN) platform developed by DevLab. It uses an epidemic communication style based on standard radio broadcasting. This approach reflects the way humans interact, which is called gossiping. Messages are sent periodically and received by adjoining neighbours. Each message is repeated and duplicated towards all nodes that span the network; it spreads like a virus.

Time-Sensitive Networking (TSN) is a set of standards under development by the Time-Sensitive Networking task group of the IEEE 802.1 working group. The TSN task group was formed in November 2012 by renaming the existing Audio Video Bridging Task Group and continuing its work. The name changed as a result of the extension of the working area of the standardization group. The standards define mechanisms for the time-sensitive transmission of data over deterministic Ethernet networks.

Zebra Media Access Control (Z-MAC) is a network protocol for wireless sensor networks. It controls how a Media Access Control (MAC) accesses a common communication medium of a network.


  1. Kopetz, Herman; Grunsteidl, Gunter (1993), "TTP - A time-triggered protocol for fault-tolerant real-timesystems", FTCS-23. The Twenty-Third International Symposium on Fault-Tolerant Computing, Digest of Papers, Toulouse, France: IEEE, pp. 524–533, doi:10.1109/FTCS.1993.627355, S2CID   509153, 0-8186-3680-7
  2. "AS8202 - TTP-C2NF Communication Controller - ams". Archived from the original on 2013-12-17.