WO1994008292A1 - Duplicate control and processing unit for telecommunications equipment - Google Patents

Duplicate control and processing unit for telecommunications equipment Download PDF

Info

Publication number
WO1994008292A1
WO1994008292A1 PCT/EP1993/002496 EP9302496W WO9408292A1 WO 1994008292 A1 WO1994008292 A1 WO 1994008292A1 EP 9302496 W EP9302496 W EP 9302496W WO 9408292 A1 WO9408292 A1 WO 9408292A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing unit
control
peripheral
circuits
duplicate
Prior art date
Application number
PCT/EP1993/002496
Other languages
French (fr)
Inventor
Carlo De Leva
Maurizio Zambardi
Original Assignee
Siemens Telecomunicazioni S.P.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Telecomunicazioni S.P.A. filed Critical Siemens Telecomunicazioni S.P.A.
Priority to US08/411,686 priority Critical patent/US5784551A/en
Priority to BR9307149A priority patent/BR9307149A/en
Priority to DE69308868T priority patent/DE69308868T2/en
Priority to EP93920731A priority patent/EP0663086B1/en
Publication of WO1994008292A1 publication Critical patent/WO1994008292A1/en
Priority to NO951204A priority patent/NO951204L/en
Priority to GR970400775T priority patent/GR3023113T3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2043Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant where the redundant components share a common memory address space
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1012Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
    • G06F11/1016Error in accessing a memory location, i.e. addressing error
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
    • G06F11/1012Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
    • G06F11/1032Simple parity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1666Error detection or correction of the data by redundancy in hardware where the redundant component is memory or memory area
    • G06F11/167Error detection by comparing the memory output
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2023Failover techniques
    • G06F11/2033Failover techniques switching over of hardware resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2097Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1608Error detection by comparing the output signals of redundant hardware
    • G06F11/1625Error detection by comparing the output signals of redundant hardware in communications, e.g. transmission, interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C29/00Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
    • G11C29/70Masking faults in memories by using spares or by reconfiguring
    • G11C29/74Masking faults in memories by using spares or by reconfiguring using duplex memories, i.e. using dual copies

Definitions

  • the present invention relates to the field of processing control systems and more specifically to a duplicate control and processing unit for telecommunications equipment.
  • control and processing unit is indicated hereinafter only as the control unit. 10
  • the great success of microprocessors has greatly facilitated implementation of the control unit for telecommunications equipment having even considerable complexity, as for example telephone equipment.
  • the hardware design of a control unit is 15 today nearly independent of the peculiarities of the equipment which said units supervise.
  • the control unit generally comprises: 20 - a processing unit which performs the processing necessary for operation and control of the equipment,
  • the processing unit can be more or less sophisticated but in turn generally includes: of course a microprocessor with the appropriate integrated circuits which co-operate with it in some 30 ' functions, as for example the management of interrupts, direct access to the memory, etc.; a RAM containing the programmes forêt control of the entire set of equipment; an optional circuit
  • the processing unit includes two or more optionally synchronised microprocessors.
  • the designation 'peripheral circuits' extends as known generally to all the circuits which equip the processing unit and convert it into an actual control unit, i.e.:
  • circuits for interfacing toward the remaining parts of the system which characterise more specifically the type of equipment, such as for example telephones or multiplex PCM for telephone exchanges,
  • peripheral circuit under the above definition of peripheral circuit it is therefore reasonable to include also the data RAM mentioned above together with the related interfacing circuits towards the processing unit.
  • a microprocessor control unit exerts its control action on the equipment by means of selective writing operations of particular bit configurations into special registers for control of the equipment called 'control points', and selective reading operations from special state registers called 'sense points'. Writing of the control points serves to control certain operational modes of the various parts which make up the equipment, while reading of the sense points serves the control unit to verify the operating state thereof.
  • Another problem due to duplication of the control unit is that of defining how the two processors are interconnected to the rest of the equipment.
  • one of the two copies of the control unit is designated the active copy, to which is entrusted the task of supervising the rest of the equipment, while the other copy is held on standby and replaces the first in case of failure thereof.
  • Replacement is done by a selector controlled appropriately in case of failure, which prevents the copy of the failed control unit from accessing the rest of the equipment and allowing access to the previously-standby copy.
  • a first shortcoming is due to the fact that even a single failure of a certain importance, whose negative effects are such as to not be neutralised in a timely manner by the software, precludes the possibility of continuing to operate for an entire copy of the control unit.
  • a second shortcoming is due to the loss of real processing time of the active processor after switching between the two copies due to failure. Indeed, immediately after the switching instant, the problem of synchronisation of the structures of the data in the data RAM of the two copies arises, in order to allow switching between the two copies with the least loss of information.
  • an appropriate subroutine reads the data in the previously active data RAM and recopies it into the data RAM now active. Of course this involves a loss of real processing time. This shortcoming is also especially serious just because it appears at a critical moment for operation of the equipment.
  • the purpose of the present invention is to indicate a duplicate control and processing unit for telecommunications equipment also wholly or partly duplicated which would solve the aforesaid shortcomings.
  • the object of the present invention is a duplicate control and processing unit for telecommunications equipment consisting of two identical control units appropriately connected to each other and to the rest of the equipment.
  • Each control unit consists of: a processing unit capable of performing all the processing necessary for operation and control of the entire set of equipment, including the function of determining if said processing unit must be considered active or on standby; a data RAM containing the data necessary for operation of the equipment and those processed during operation thereof; and some circuits peripheral to the processing unit including respective interfaces between the processing unit and the remaining circuits and devices of the equipment.
  • the data RAMs and the peripheral circuits of both the control units include respective double gate access circuits to which arrive the busses of both the processing units. Said circuits include a selector appropriately commanded in case of failure, which prevents the processing unit put out-of-service from duty from acceding to the rest of the equipment and allows access to the formerly standby copy.
  • the active processing unit performs the writing cycles in data RAM synchronously in both the duplicate data RAMs, thus allowing immediate recovery of the data necessary for continuation of operation after a switch between the two processing units following a failure, as better described in claim 1.
  • Another object of the present invention is a variation of the duplicate control unit which is the object of the present invention, wherein the active processing unit performs both the writing and reading cycles synchronously in both the duplicate data RAMs. In addition, both the words read synchronously are compared and, in case of difference, generate an alarm signal toward the microprocessor which can thus start the necessary maintenance operations.
  • control unit in accordance with the variation allows another saving of real time because it simplifies considerably periodic verification of the identity of the contents of the duplicate data RAMs, a verification which is absolutely essential immediately after switching of one processing unit to the other, following a failure.
  • a duplicate control unit provided in accordance with this variation is better described in claim 6.
  • a first advantage is that it is particularly reliable in case of failure of any one of its parts because it can be quickly reconfigured in all its parts. More precisely, the active processing unit can access without distinction a peripheral block of its own control unit or its duplicate homologue.
  • a second advantage is that of allowing considerable savings in real processing time, especially after a switch between the processing units, thanks to the synchronism of the writing and reading operations in the two copies of the duplicate data RAMs.
  • FIG. 1 shows a very general block diagram of telecommunications equipment, comprising a duplicate control unit in accordance with the present invention, consisting of two identical control units indicated by UCO and UC1 appropriately interconnected to each other and to a block TEL which indicates the rest of the equipment;
  • FIG. 2 shows in greater detail the block diagram of the duplicate control unit of FIG. 1, making clear the blocks indicated above by UPO and UP1, their mutual interconnections and those existing between said blocks and the remaining blocks belonging to the control units UCO and UC1;
  • FIG. 3 shows the circuitry diagram of a block belonging to UPO and indicated by CPUO in FIG. 2; and FIG. 4 indicates a diagram of the sequential logical states which shows the operation of a configuration control circuit indicated by CCLO in FIG. 2.
  • UCO and UC1 indicate two control units which together constitute a single duplicate control unit for telecommunications equipment which includes in addition to the UCO and UC1 units the block TEL.
  • the control unit UCO also termed copy 0, consists of the blocks UPO, PER0, MES0, I/U0 and TER0.
  • the control unit UC1 also termed copy 1, consists of blocks UP1, PERI, MES1, I/Ul and TER1.
  • the blocks UPO and UP1 represent processing units, each capable of supervising operation of the entire set of equipment.
  • the blocks MESO and MES1 include RAM banks in which are memorized the data processed during normal operation of a processing unit, and the related access and interface circuits.
  • the PERO and PERI blocks schematise units considered peripheral in relation to the two processing units. Said blocks are also part of the duplicate control unit because they are essential for allowing the processors to perform their supervision on the rest of the equipment. More precisely the blocks PERO and PERI can represent either mass memories and related access and interface circuits towards the processing unit or the interfaces between the processing units and the rest of the equipment not belonging to the control unit, as for example the block TEL.
  • the blocks I/UO and I/Ul together with the respective blocks TERO and TER1 also constitute peripheral circuits. More precisely, the blocks TERO and TER1 represent either general purpose input/output terminals, as for example personal computers or alarm warning light panels, or remote operation relays or other.
  • the blocks I/UO and I/Ul include circuits for access and interface towards the processing units and circuits for extension of the bus of the active processor towards the respective blocks TERO or TER1.
  • Each of the processing units UPO and UP1 possess its own two-way bus indicated by BUSO and BUS1 respectively.
  • Each of the two busses is connected to the blocks UPO, PERO, MESO, I/UO of the control unit UCO and in parallel to the blocks UP1, PERI, MES1 an I/Ul of the control unit UC1.
  • the processing units UPO and UP1 are also connected to each other by a special two-way connection as explained below.
  • the peripheral unit represented by the block PERO is connected in two-way manner to the block TEL, which schematises a group of general purpose devices characteristic of the type of equipment supervised by the duplicate control unit, e.g. telephones in the present case.
  • the block T ⁇ Rl is also connected in two-way manner to the same block TEL.
  • processing units UPO and UP1 both connected to two blocks indicated by BLOC0 and BL0C1 which represent respectively any one of the blocks MESO, PERO, I/UO and MES1, PERI, I/Ul.
  • the block UPO in turn consists of the blocks CPUO, LOCMEMO, PERSELO, BUSDRO, IPCO, ALDETO and CCLO.
  • the block UP1 consists of the blocks CPU1, LOCMEM1, PERSEL1, BUSDR1, IPC1, ALDET1 and CCL1 which are similar in all respect to the corresponding blocks of UPO.
  • the blocks BLOC0 and BLOC1 can be seen two respective logical gates of OR indicated by OR0 and OR1 and two respective access circuits with double gate indicated by ACCO and ACC1.
  • the bus BUSO is a parallel asynchronous bus on which transit the signals representing data and addresses, not multiplexed together, with which are associated the necessary control signals of the read/write and ready types, interrupts from the peripheral blocks, etc., and some state signals characteristic of the type of processor used. Verification of the integrity of BUSO is done by associating with each informative byte, whether data or addresses, a respective parity bit. ⁇
  • bus BUSO is indicated as two-way, but in reality only the signals representative of the data are two-way, while the direction of the address, control and state signals is always from the processor towards the peripheral circuits, excluding ready and interrupt signals from the peripheral blocks, which take the opposite direction.
  • the bus BUSO coming from the block CPUO is connected to the blocks LOCMEMO, PERSELO, IPCO, ALDETO and to the block BUSDRO which represents a two-way bus-driver of known type, including transceivers.
  • the BUSO block is split in two identical busses indicated by BUSOL and BUSOR.
  • the busses BUSOL and BUSOR are connected to first gates of the access circuits ACCO and ACC1 respectively to allow access to the blocks BLOC0 and BLOC1 by UPO.
  • the bus BUS1 from the block CPU1 is connected to the blocks L0CMEM1, PERSEL1, IPC1, ALDET1 and to the block BUSDR1 which represents a two-way bus-driver of known type.
  • bus BUS1 Before extension toward the peripheral blocks, the bus BUS1 is split in two identical busses indicated by BUS1L and BUS1R.
  • the busses BUS1L AND BUS1R are connected respectively to second gates of the access circuits ACC1 and ACCO to allow access to the blocks BL0C1 and BLOC0 by UP1.
  • the block CPUO represents a microprocessor circuit which is discussed more thoroughly together with FIG. 3. To two inputs of the block CPUO arrive an unmaskable interrupt signal coming from the block ALDETO and a reset signal RESO coming from the block CCLO respectively. At one output of said block there can be an alarm signal MSMO directed toward the block ALDETO.
  • the block LOCMEMO includes substantially an EPROM and a RAM.
  • EPROM are memorized the self-diagnosis and bootstrap programmes of the UPO unit.
  • RAM is memorized the actual software programme for operation of the processing unit UPO and the local data which are not necessary for the processing unit UP1 when it becomes active.
  • the block PERSELO includes the decoding logical circuits for the information on BUSO which, for each read or write access made by CPUO to the peripheral blocks, generate an appropriate combination of signals B0SEL0, B1SEL0, etc. sent to the blocks BLOC0, BL0C1, etc. for selective enabling thereof.
  • a copy selection signal SELO arrives at an enabling input of PERSELO from the block CCLO.
  • the block PERSELO includes also a synchronous duplication circuit for the write cycles in peripheral data memory (not shown in the figures) whose operation is explained below.
  • the block ALDETO allows maintenance of the processing unit UPO and for this purpose includes special detection circuits for failures occurring in the block UPO and generation of the corresponding alarms. Said circuits are implemented by means of normal decoding logical circuits and are readily accessible to those skilled in the art and therefore not shown in the figures.
  • the block ALDETO is connected to BUSO and to the corresponding block ALDET1 of UP1 by means of a two-way connection different from BUSO. Said connections allow the block ALDETO to acquire knowledge of all the alarms detected in the entire duplicate control unit. In case of detection or acquisition of one or more alarms, the block ALDETO generates the unmaskable interrupt signal NMIO sent to the block CPUO.
  • the block ALDETO is also connected to the block CCLO by means of a one-way connection path indicated by ALO.
  • the block CCLO includes a copy selection EPROM containing a firmware which allows it to operate like an asynchronous sequential logical circuit for determination of the active copy UPO or UP1, as seen better with the explanation of FIG. 4.
  • Said block also includes an oscillator which generates a local clock signal independent of the one generated in the block CPUO, and a counter which produces a 16ms timing used to filter some alarm signals coming from ALDETO.
  • the block CCLO For the purpose of selecting the active processing unit, generates the copy selection signal SELO which it sends to a selection input of the double gate access circuit ACCO and to an input of the block CCLl.
  • the signal SELO is also sent to the block PERSELO.
  • the block CCLO Under certain conditions which are clarified in the examination of FIG. 4, the block CCLO generates a reset signal RESO which it sends to the block CPUO.
  • the processing unit UPO is directly connected to the processing unit UP1 and vice versa by means of an especially dedicated synchronous communication channel.
  • the circuits necessary for implementation of said channel are included in the blocks IPCO and IPC1. Additional details on the constitution of the block IPCO are n ot necessary because implementation of a synchronous communication channel is known to those skilled in the art.
  • the blocks BLOC0 and BL0C1 schematise respectively any one of the peripheral blocks MESO, PERO, I/UO and MES1, PERI, I/Ul.
  • Said schematising concerns essentially only the double gate access circuits and those for interface toward the two processing units UPO and UP1 and some circuits which control the correct operation of said peripheral blocks.
  • the block BLOCO includes the logical gate of OR with two inputs OR0 to which arrive respectively the enabling signal BOSEL0 and a similar enabling signal B0SEL1 coming from the block PERSEL1.
  • OR0 At the output of OR0 is an enabling signal BOSEL directed toward the double gate access circuit ACCO.
  • ACCO includes two-way two-input selectors (not shown in the FIGS.) to which arrive BUSOL and BUS1R respectively.
  • the output of the selectors is connected to transceivers (included in ACCO and also not shown in the FIGS.) which allow extension of the bus of the active processing unit in the BLOCO.
  • the block BLOCO also includes a control circuit which performs some important operations specified below for control of the integrity of said block. In case of significant failure of one or more circuits of BLOCO, the control circuit generates an interrupt towards the active processor. Said control circuit of BLOCO is provided by the use of normal logical circuits and is readily implemented by those skilled in the art and therefore not illustrated in the FIGS.
  • the block CPUO consists substantially of the blocks OSC, :2, MICm and MICs, PARGEN, COMP, FF0, FF1, FF2, TR1 and TR2.
  • the block BUSDRO includes the blocks Tl, T2, TR3 and TR4.
  • the block LOCMEMO represents a local oscillator of great stability which supplies the clock signal to the processing unit UPO.
  • the block :2 is a simple frequency divider which divides by two the clock signal generated by OSC before it reaches a respective timing input of the blocks MICm, MICs, FFO and COMP.
  • the blocks MICm and MICs include two identical INTEL 80C186 microprocessors and respective VLSIs which assist their operation.
  • the block FFO represents an assembly of flip-flops to whose inputs arrive the unmaskable interrupt signal NMIO, some maskable interrupt signals INTO, some signals DMAO for direct access to the memory block LOCMEMO, and a ready signal DRYO sent by the peripheral blocks. Said signals are synchronised by the block FFO and sent to respective inputs of MICm and MICs. To the latter also arrives the signal RESO.
  • the block COMP represents a circuit which controls correct operation of the microprocessors MICm, MICs and that of the local oscillator, generating in case of failure the internal alarm signal MSMO.
  • the two busses of the microprocessors MICm and MICs indicated by Bm and Bs respectively reach the inputs of COMP.
  • the data and address lines of the bus Bs alone reach the input of the block PARGEN which represents a parity bit generator whose output is a bus BS' different from Bs only in that it has additional lines for the data and address parity bits.
  • the address lines of the busses Bm and Bs' are connected to the inputs of the blocks FF1 and FF2 respectively which represent registers which memorise said addresses during a read or write access cycle.
  • the data lines of the busses Bm and Bs' are connected to a first end of the blocks TR1 and TR2 respectively which represent common transceivers.
  • the address lines are connected in parallel to each other to form single address lines of the bus BUSO, including the lines of parity bits in Bs'.
  • the lines of data at a second end of the transceivers TR1 and TR2 are connected in parallel to each other to form unique data lines of the bus BUSO which include the parity bit lines in Bs'.
  • the lines for the control and state signals of the microprocessors are not shown but are present.
  • the address lines of BUSO are connected to the input of the blocks Tl and T2 which represent a set of drivers related to the busses BUSOL and BUSOR.
  • the data lines of BUSO are connected to the input of the blocks TR3 and TR4 which represent a set of transceivers for said busses BUSOL and BUSOR.
  • the control and state signals on the bus Bm determine the correct direction of the transceivers TR1, TR2, TR3 and TR4 in conformity with the type of read or write access performed by CPUO.
  • each of the two control units UCO and UC1 can be configured either as active or standby copy.
  • Choice of the configuration is substantially made by the blocks CCLO and CCLl.
  • the active processing unit controls all the other blocks of the equipment including those belonging to the standby control unit copy, while access by the standby processing unit to any peripheral block is prevented. This is possible because, as may be seen in
  • FIG. 1 even if the control units UCO and UC1 are indicated as two distinct units, in reality the interconnections of the peripheral blocks to both the processing units configure UCO and UC1 as a unique control unit, made up of individual blocks all duplicated and selectively accessible to the processing unit active at that time.
  • This circuitry structure makes the duplicate unit extremely reliable because, in case of failure of any part, said part can be promptly replaced without having to switch the entire individual control unit as in the previous art.
  • the remaining blocks of the equipment connected to the duplicate control unit can in turn be duplicated or not. In FIG. 1 only the block TEL is not duplicated. Otherwise it would be necessary to equip another pair of peripheral units of the PER0/PER1 type as interface toward the duplicate block.
  • the two INTEL 80C186 microprocessors included therein work in microsynchronised mode and constitute the heart of the processing unit UPO.
  • the paths of the clock signal from the oscillator OSC to the two microprocessors have the same length.
  • an appropriate circuit inside the block COMP verifies continuously the existence of the clock signal.
  • all the control signals applied to the inputs of the two microprocessors, except RESO are first resynchronised with said clock signal.
  • Correct microsynchronisation of the two microprocessors is controlled by the block COMP which includes circuits which verify instant by instant the identity of addresses, data and control signals generated by the two devices, a difference being interpreted as a failure.
  • the block COMP also includes a watchdog timer, to detect infinite-loop condition.
  • the different failure signals are placed in OR inside COMP to generate the signal MSMO which represents the internal alarm of the block CPUO which is sent to the block ALDETO and thence made to continue toward the blocks CCLO and ALDET1.
  • the RAMs and EPROMs included therein have a dimension such as to allow memorisation of an additional parity signal for every eight words memorized. Said memories are also protected by another redundancy code which allows verification of the integrity of their contents. This redundancy code is generated to protect the integrity of every 64 kbytes of code or data.
  • the principal failure detection circuits included in the block ALDETO are: - a detector circuit for parity errors in read operations performed by addressing the memories included in the block LOCMEMO, or addressing any peripheral block BLOCO or BL0C1;
  • the block ALDETO After detection of one or more alarms, the block ALDETO generates the unmaskable interrupt signal NMIO which it sends to the processor circuit CPUO. The latter acquires the detail on the type of alarm by reading the related information from the trap registers of ALDETO or directly from the data of BUSO. As regards operation of the configuration control block CCLO, it is useful to specify that the signals coming from the block ALDETO through the connection ALO are:
  • the block CCLO analyses all of said signals and determines if its own processing unit UPO should be active or standby, generating for this purpose the signal SELO which is distributed only to the peripheral blocks of UCO to control the choice of the active copy of the unit processor UPO or UP1.
  • One function of the block CCLO is to filter possible disturbances on the input signals by making use of an appropriate timing taken from the clock signal inside the block.
  • the main purpose of said filtering is to allow passage of 16ms of time before the firmware memorized in the copy selection EPROM can react to an alarm coming from the CPUO. During this time the software seeks to cancel the alarm.
  • the copy selection EPROM belonging to CCLO simulates, as already mentioned, an asynchronous sequential logical circuit.
  • on the address bus of the EPROM arrive the signals which enter the block CCLO.
  • the words contained in the EPROM, read in correspondence with predetermined configurations of the address bits, represent the signals output from the block CCLO.
  • the decision made by the block CCLO is made operative through the signal SELO sent exclusively to the peripheral blocks of the BLOCO type belonging to the control unit UCO.
  • the decision of the block CCLl is made operative by sending the signal SEL1 only to the peripheral blocks belonging to the control unit UC1. This allows holding physically separate from each other the two copies of the duplicate control unit, increasing the reliability of the equipment.
  • the logical values of the signals SELO and SEL1 must be congruent to allow access by the active processing unit to the peripheral blocks of both the control units.
  • the synchronous duplication circuit for the write cycles in peripheral data memory consists essentially of the aforementioned decoding logical circuits for the information on BUSO and an auxiliary register in which CPUO writes a two-bit control configuration which is set forth below together with its meaning:
  • the aforesaid decoding logical circuits decode the contents of the auxiliary register together with the signals on BUSO, generating each time the appropriate combinations of signals of the B0SEL0 and B1SEL0 type for enablement of the preselected peripheral circuits also including the memories MESO and/or MES1. More specifically, if the auxiliary register contains the configurations 00 or 11, the block PERSELO generates in write a pair of enablement signals for both the memories MESO and MES1. If the access concerns peripheral circuits different from MESO and/or MES1, the contents of the auxiliary register are not taken into consideration.
  • the decoding operations of PERSELO are enabled by the active copy selection signal SELO to avoid that, when the processing unit UPO is in standby, it continues to control the access circuits ACCO, ACC1 of the peripherals BLOCO and/or BLOC1. From all of the above remarks on the copy selection signals, it can be inferred that generation of the SELO and SEL1 signals allows unequivocal definition of the roles of the two processing units. More precisely, the processing unit on standby remains there until, because of failure of the active copy, it is called upon to replace the one that was active. Such a choice, which could be at first sight uneconomical because it leaves a resource normally unused, allows in reality effective and reliable control of the entire set of equipment by a single processing unit.
  • the two-way communication channel between the blocks IPCO and IPC1 it is used by the active prOcessing unit ' during performance of some activities which it carries out on the standby unit. It is used for example in supervision processes for the transfer of some programmes and to activate failure diagnosis processes.
  • the communication channel uses a protocol HDLC because it is particularly efficient in protecting the information transferred between the two control units UCO and UC1.
  • operation of the blocks BLOCO and BL0C1 which schematise the peripheral blocks I/UO, PERO, MESO and I/Ul, PERI, MES1, it is useful to recall that they include circuits for access and interface towards both the processing units UPO and UP1 and control and maintenance circuits for said peripheral blocks. As may be seen in FIG.
  • each block of type BLOCO and BL0C1 is connected to the two processing units by two different physically separate access paths, a first path being represented by the busses BUSOL and BUSOR and a second path by the busses BUS1R and BUSIL.
  • a first path being represented by the busses BUSOL and BUSOR
  • a second path by the busses BUS1R and BUSIL.
  • the copy selection signal SELO selects the signals coming from one or the other processing unit and the selected bus can be extended to the inside of BLOCO only when the selection signal BOSEL is active, i.e. when one of the two signals B0SEL0 or B0SEL1 is generated by the processing unit active at that time, to accede to said peripheral block.
  • BOSEL together with the control and state signals on the selected bus enables the right direction of the transceivers of ACCO compatibly with the type of read or write access.
  • the main operations which it performs for checking of the integrity of the peripheral block are the following: - checking of the correct parity of the address bits during the read or write operations, while in case of a parity error the write signal is inhibited to avoid unforeseeable operations, - checking of the correct parity of the data bits after write operations, and
  • the internal control circuit In case of significant failure of one or more BLOCO circuits, the internal control circuit generates an interrupt towards the active processor and the information about the type of failure is placed in a register of BLOCO to be subsequently read by the active processor.
  • the blocks I/UO, MESO and PERO are identical with the blocks I/Ul, MESl and PERI and therefore a single description can be given for all of them.
  • the blocks MESO and MESl include a respective RAM bank in which are memorised the basic data, i.e. all the information which allows the active processing unit to control all the functions of the equipment. Said information includes for example data on the configuration of the system and the intermediate data of some processing.
  • the peripheral blocks I/UO and I/Ul include identical interface circuits toward the respective blocks TERO and TER1.
  • the latter can represent either general purpose input/output terminals, as for example personal computers, or indicator, or warning lamp panels, or remote operation relays or other.
  • TERO and TER1 provision of said interface circuits is possible for those skilled in the art and therefore requires no further explanation.
  • peripheral blocks PERO and PERI include identical interface circuits towards the block TEL which represents in a nonlimiting manner a number of telephone sets. Said interface circuits are already known to those skilled in the art and therefore are not shown.
  • FIG. 4 there is illustrated the diagram of the main sequential logical states for the firmware memorized in the copy selection EPROM included in the block CCLO. It is possible to obtain an analogous diagram for the copy selection firmware included in the block CCLl, by replacing in FIG. 4 the terms UPO, CPUO, SELO with UPl, CPU1, SELL
  • the diagram is not further burdened with the introduction of logical states corresponding to incongruent configurations which are however possible only during very brief transients, as for example the configurations in which both the processing units UPO and UPl are active or standby.
  • the firmware of course allows for occurrence of said situations and provides therefor.
  • the logical states shown in the diagram are substantially three, i.e. turning on, UPO unit active, UPO unit on standby.
  • the signal SELO has logical value 0 for UPO active and 1 for UPO on standby.
  • the next following state is that of UPO unit active, if the conditions of unit UPl turned off or on standby occur.
  • the next state after turning on is that of the unit UPO on standby if the unit UPl is active.
  • the firmware before passing from the turning on state to the two following states, the firmware generates the reset signal RESO of the processor circuit CPUO. Let it be assumed that the next state is that of active UPO. In this case if there is no alarm in the unit UPO, said unit remains indefinitely in this state of activity.
  • the software resident in the processing unit UPO can require the firmware of CCLO to switch the unit UPO from active to standby or vice versa after reset of CPUO in either case.
  • Said request is made through the aforementioned two state bits made to reach the address line of the copy selection EPROM.
  • the duplicate control unit described in the nonlimiting example duplicates the information in the write phase, but does not verify data alignment in the two copies of the peripheral data memories. It should be specified that by data alignment is intended the perfect matching of the contents of the two memories. Said verification becomes absolutely essential immediately after the switching of a processing unit from standby to active copy. The verification is necessarily the responsibility of an appropriate subprogram which verifies the identity of the contents of the two memories.
  • the type of implementation of the example does not relieve the software completely of all the activities connected with duplication of the information.
  • Said implementation is the fruit of a compromise between the requirement to save real processing time and that of not excessively complicating the hardware of the duplicate control unit.
  • the duplicate control unit which is the object of the present invention consisting of modifying appropriately the synchronous duplication circuit of the cycles of writing in peripheral data memory included in the blocks PERSELO and PERSELl, so that every time the active processing unit performs a write access in its own peripheral data RAM, the same type of access is also performed synchronously in the other copy of the same peripheral memory.
  • the words read are also compared with each other and in case of difference there is generated an alarm signal sent through the blocks ALDETO or ALDET1 to the respective processor circuit which can thus start the necessary maintenance operations.
  • a synchronous duplication circuit appropriately modified to provide the variation in question differs from that described in the nonlimiting example mainly in some slight modifications made in the decoding logical circuits included in the blocks PERSELO and PERSELl and by the addition of a comparator for the words read.
  • said modified decoding circuits detect a condition of read access to its own peripheral data RAM by the active processing unit, and generate therefor a pair of signals B0SEL0, B1SEL0 which enable both the data memories MESO and MESl.
  • Said modifications are known to those skilled in the art and therefore no further details thereon are necessary.
  • a duplicate control unit realised in accordance with the variation in question allows another saving of real time of the active processor. Indeed, it is no longer necessary to verify data alignment in the two peripheral data memories MESO and MESl by the software after each switch between the two processing units due to a failure.

Abstract

A duplicate control and processing unit for telecommunications equipment consisting of two identical control units connected together is described. Each control unit (UC0, UC1) comprises a processing unit (UP0, UP1) which can be active or on standby, a peripheral data random access memory (RAM) for data processed during operation, and several peripheral circuits connected to the rest of the equipment. An EPROM (erasable programmable read-only memory) (CCL0, CCL1) in each processing unit contains the copy selection firmware. The data RAM and the peripheral circuits include a respective double gate access circuit (ACC0, ACC1) which allows selective access to the active processor only. The latter performs the writing cycles synchronously on both the duplicate data RAMs, allowing fast recovery of the operative synchronism by the standby processing unit, after switching due to failure of the active processing unit.

Description

"Duplicate control and processing unit for telecommunications equipment"
*****
DESCRIPTION 5 The present invention relates to the field of processing control systems and more specifically to a duplicate control and processing unit for telecommunications equipment.
For the sake of simplicity the control and processing unit is indicated hereinafter only as the control unit. 10 As known, the great success of microprocessors has greatly facilitated implementation of the control unit for telecommunications equipment having even considerable complexity, as for example telephone equipment. It can also be stated that, thanks to microprocessors, the hardware design of a control unit is 15 today nearly independent of the peculiarities of the equipment which said units supervise. Indeed, in the greater part of the known examples of microprocessor control units operating in equipment having a certain complexity, the control unit generally comprises: 20 - a processing unit which performs the processing necessary for operation and control of the equipment,
- a RAM bank containing the data which characterise the equipment and those processed during normal operation thereof,
- peripheral circuits which complete the processing unit and include 25 interfaces between the processing unit and the rest of the equipment. The latter can be in turn all or partly duplicated. The processing unit can be more or less sophisticated but in turn generally includes: of course a microprocessor with the appropriate integrated circuits which co-operate with it in some 30 ' functions, as for example the management of interrupts, direct access to the memory, etc.; a RAM containing the programmes for „ control of the entire set of equipment; an optional circuit
J generating parity bits on the signals which transit through the s microprocessor bus; and finally a diagnostic circuit which detects
35 access errors of the processor and processes the alarms of the equipment generated in case of failure. In some cases the processing unit includes two or more optionally synchronised microprocessors. The designation 'peripheral circuits' extends as known generally to all the circuits which equip the processing unit and convert it into an actual control unit, i.e.:
- mass memory and related interface circuits toward the processing unit,
- input/output terminals for data and related circuits for interfacing and extension of the processor bus,
- circuits for interfacing toward the remaining parts of the system which characterise more specifically the type of equipment, such as for example telephones or multiplex PCM for telephone exchanges,
- under the above definition of peripheral circuit it is therefore reasonable to include also the data RAM mentioned above together with the related interfacing circuits towards the processing unit.
It is also known that a microprocessor control unit exerts its control action on the equipment by means of selective writing operations of particular bit configurations into special registers for control of the equipment called 'control points', and selective reading operations from special state registers called 'sense points'. Writing of the control points serves to control certain operational modes of the various parts which make up the equipment, while reading of the sense points serves the control unit to verify the operating state thereof.
In the last decade, particularly in the telecommunications industry, equipment characterised by high reliability and availability, produced as known by the introduction of redundancy criteria, has become more and more requested. One of said criteria, which has found greater application in practice consists of duplicating the entire control unit. The duplication involves necessarily also the code and data on which the individual processing units operate.
While duplication of the control unit contributes considerably to better reliability of equipment, it brings problems which are not found in an unduplicated control unit. These problems are principally due to the fact that there are available two processors for which it is essential to define the roles, the criteria which control the separation of duties, and the procedures for switching between them in the presence of a failure to allow one processor to take over the work carried out up to that moment by the other.
Another problem due to duplication of the control unit is that of defining how the two processors are interconnected to the rest of the equipment. In the majority of known examples, one of the two copies of the control unit is designated the active copy, to which is entrusted the task of supervising the rest of the equipment, while the other copy is held on standby and replaces the first in case of failure thereof. Replacement is done by a selector controlled appropriately in case of failure, which prevents the copy of the failed control unit from accessing the rest of the equipment and allowing access to the previously-standby copy.
As seen from the above, some shortcomings of the duplicate control units of known type already appear evident. A first shortcoming is due to the fact that even a single failure of a certain importance, whose negative effects are such as to not be neutralised in a timely manner by the software, precludes the possibility of continuing to operate for an entire copy of the control unit. A second shortcoming is due to the loss of real processing time of the active processor after switching between the two copies due to failure. Indeed, immediately after the switching instant, the problem of synchronisation of the structures of the data in the data RAM of the two copies arises, in order to allow switching between the two copies with the least loss of information. For this purpose, in the known examples, an appropriate subroutine reads the data in the previously active data RAM and recopies it into the data RAM now active. Of course this involves a loss of real processing time. This shortcoming is also especially serious just because it appears at a critical moment for operation of the equipment.
From all the above considerations, the operational limitations and shortcomings, which the above units of known type still display, are evident.
Accordingly the purpose of the present invention is to indicate a duplicate control and processing unit for telecommunications equipment also wholly or partly duplicated which would solve the aforesaid shortcomings. To achieve said purposes the object of the present invention is a duplicate control and processing unit for telecommunications equipment consisting of two identical control units appropriately connected to each other and to the rest of the equipment. Each control unit consists of: a processing unit capable of performing all the processing necessary for operation and control of the entire set of equipment, including the function of determining if said processing unit must be considered active or on standby; a data RAM containing the data necessary for operation of the equipment and those processed during operation thereof; and some circuits peripheral to the processing unit including respective interfaces between the processing unit and the remaining circuits and devices of the equipment.
The data RAMs and the peripheral circuits of both the control units include respective double gate access circuits to which arrive the busses of both the processing units. Said circuits include a selector appropriately commanded in case of failure, which prevents the processing unit put out-of-service from duty from acceding to the rest of the equipment and allows access to the formerly standby copy. The active processing unit performs the writing cycles in data RAM synchronously in both the duplicate data RAMs, thus allowing immediate recovery of the data necessary for continuation of operation after a switch between the two processing units following a failure, as better described in claim 1. Another object of the present invention is a variation of the duplicate control unit which is the object of the present invention, wherein the active processing unit performs both the writing and reading cycles synchronously in both the duplicate data RAMs. In addition, both the words read synchronously are compared and, in case of difference, generate an alarm signal toward the microprocessor which can thus start the necessary maintenance operations.
The control unit in accordance with the variation allows another saving of real time because it simplifies considerably periodic verification of the identity of the contents of the duplicate data RAMs, a verification which is absolutely essential immediately after switching of one processing unit to the other, following a failure. A duplicate control unit provided in accordance with this variation is better described in claim 6.
In view of the foregoing, the advantages of a duplicate control unit provided in accordance with the present invention and its variation are clear. A first advantage is that it is particularly reliable in case of failure of any one of its parts because it can be quickly reconfigured in all its parts. More precisely, the active processing unit can access without distinction a peripheral block of its own control unit or its duplicate homologue. A second advantage is that of allowing considerable savings in real processing time, especially after a switch between the processing units, thanks to the synchronism of the writing and reading operations in the two copies of the duplicate data RAMs.
Additional purposes and advantages of the present invention are clarified in the following detailed description of an embodiment thereof and the annexed drawings given by way of nonlimiting example, wherein:
FIG. 1 shows a very general block diagram of telecommunications equipment, comprising a duplicate control unit in accordance with the present invention, consisting of two identical control units indicated by UCO and UC1 appropriately interconnected to each other and to a block TEL which indicates the rest of the equipment; FIG. 2 shows in greater detail the block diagram of the duplicate control unit of FIG. 1, making clear the blocks indicated above by UPO and UP1, their mutual interconnections and those existing between said blocks and the remaining blocks belonging to the control units UCO and UC1;
FIG. 3 shows the circuitry diagram of a block belonging to UPO and indicated by CPUO in FIG. 2; and FIG. 4 indicates a diagram of the sequential logical states which shows the operation of a configuration control circuit indicated by CCLO in FIG. 2.
With reference to FIG. 1, UCO and UC1 indicate two control units which together constitute a single duplicate control unit for telecommunications equipment which includes in addition to the UCO and UC1 units the block TEL. The control unit UCO, also termed copy 0, consists of the blocks UPO, PER0, MES0, I/U0 and TER0. Similarly the control unit UC1, also termed copy 1, consists of blocks UP1, PERI, MES1, I/Ul and TER1.
The blocks UPO and UP1 represent processing units, each capable of supervising operation of the entire set of equipment. The blocks MESO and MES1 include RAM banks in which are memorized the data processed during normal operation of a processing unit, and the related access and interface circuits. The PERO and PERI blocks schematise units considered peripheral in relation to the two processing units. Said blocks are also part of the duplicate control unit because they are essential for allowing the processors to perform their supervision on the rest of the equipment. More precisely the blocks PERO and PERI can represent either mass memories and related access and interface circuits towards the processing unit or the interfaces between the processing units and the rest of the equipment not belonging to the control unit, as for example the block TEL.
The blocks I/UO and I/Ul together with the respective blocks TERO and TER1 also constitute peripheral circuits. More precisely, the blocks TERO and TER1 represent either general purpose input/output terminals, as for example personal computers or alarm warning light panels, or remote operation relays or other. The blocks I/UO and I/Ul include circuits for access and interface towards the processing units and circuits for extension of the bus of the active processor towards the respective blocks TERO or TER1. Each of the processing units UPO and UP1 possess its own two-way bus indicated by BUSO and BUS1 respectively. Each of the two busses is connected to the blocks UPO, PERO, MESO, I/UO of the control unit UCO and in parallel to the blocks UP1, PERI, MES1 an I/Ul of the control unit UC1. The processing units UPO and UP1 are also connected to each other by a special two-way connection as explained below. The peripheral unit represented by the block PERO is connected in two-way manner to the block TEL, which schematises a group of general purpose devices characteristic of the type of equipment supervised by the duplicate control unit, e.g. telephones in the present case. Similarly, the block TΕRl is also connected in two-way manner to the same block TEL.
With reference to FIG. 2 in which the same elements of FIG. 1 are indicated by the same symbols, there are seen the processing units UPO and UP1 both connected to two blocks indicated by BLOC0 and BL0C1 which represent respectively any one of the blocks MESO, PERO, I/UO and MES1, PERI, I/Ul. The block UPO in turn consists of the blocks CPUO, LOCMEMO, PERSELO, BUSDRO, IPCO, ALDETO and CCLO.
Similarly the block UP1 consists of the blocks CPU1, LOCMEM1, PERSEL1, BUSDR1, IPC1, ALDET1 and CCL1 which are similar in all respect to the corresponding blocks of UPO. In the blocks BLOC0 and BLOC1 can be seen two respective logical gates of OR indicated by OR0 and OR1 and two respective access circuits with double gate indicated by ACCO and ACC1.
The bus BUSO is a parallel asynchronous bus on which transit the signals representing data and addresses, not multiplexed together, with which are associated the necessary control signals of the read/write and ready types, interrupts from the peripheral blocks, etc., and some state signals characteristic of the type of processor used. Verification of the integrity of BUSO is done by associating with each informative byte, whether data or addresses, a respective parity bit. <
In FIG. 2 the bus BUSO is indicated as two-way, but in reality only the signals representative of the data are two-way, while the direction of the address, control and state signals is always from the processor towards the peripheral circuits, excluding ready and interrupt signals from the peripheral blocks, which take the opposite direction.
The bus BUSO coming from the block CPUO is connected to the blocks LOCMEMO, PERSELO, IPCO, ALDETO and to the block BUSDRO which represents a two-way bus-driver of known type, including transceivers. Before extension toward the peripheral blocks, the BUSO block is split in two identical busses indicated by BUSOL and BUSOR. The busses BUSOL and BUSOR are connected to first gates of the access circuits ACCO and ACC1 respectively to allow access to the blocks BLOC0 and BLOC1 by UPO. Similarly, the bus BUS1 from the block CPU1 is connected to the blocks L0CMEM1, PERSEL1, IPC1, ALDET1 and to the block BUSDR1 which represents a two-way bus-driver of known type. Before extension toward the peripheral blocks, the bus BUS1 is split in two identical busses indicated by BUS1L and BUS1R. The busses BUS1L AND BUS1R are connected respectively to second gates of the access circuits ACC1 and ACCO to allow access to the blocks BL0C1 and BLOC0 by UP1.
For the sake of simplicity the following remarks apply only to the blocks belonging to the processing unit UPO. It is understood that the same remarks also apply to the blocks belonging to the processing unit UP1 because the units UPO and UP1 are identical.
The block CPUO represents a microprocessor circuit which is discussed more thoroughly together with FIG. 3. To two inputs of the block CPUO arrive an unmaskable interrupt signal coming from the block ALDETO and a reset signal RESO coming from the block CCLO respectively. At one output of said block there can be an alarm signal MSMO directed toward the block ALDETO.
The block LOCMEMO includes substantially an EPROM and a RAM. In the EPROM are memorized the self-diagnosis and bootstrap programmes of the UPO unit. In the RAM is memorized the actual software programme for operation of the processing unit UPO and the local data which are not necessary for the processing unit UP1 when it becomes active.
The block PERSELO includes the decoding logical circuits for the information on BUSO which, for each read or write access made by CPUO to the peripheral blocks, generate an appropriate combination of signals B0SEL0, B1SEL0, etc. sent to the blocks BLOC0, BL0C1, etc. for selective enabling thereof. At an enabling input of PERSELO arrives a copy selection signal SELO from the block CCLO. The block PERSELO includes also a synchronous duplication circuit for the write cycles in peripheral data memory (not shown in the figures) whose operation is explained below.
The block ALDETO allows maintenance of the processing unit UPO and for this purpose includes special detection circuits for failures occurring in the block UPO and generation of the corresponding alarms. Said circuits are implemented by means of normal decoding logical circuits and are readily accessible to those skilled in the art and therefore not shown in the figures. The block ALDETO is connected to BUSO and to the corresponding block ALDET1 of UP1 by means of a two-way connection different from BUSO. Said connections allow the block ALDETO to acquire knowledge of all the alarms detected in the entire duplicate control unit. In case of detection or acquisition of one or more alarms, the block ALDETO generates the unmaskable interrupt signal NMIO sent to the block CPUO. The block ALDETO is also connected to the block CCLO by means of a one-way connection path indicated by ALO.
The block CCLO includes a copy selection EPROM containing a firmware which allows it to operate like an asynchronous sequential logical circuit for determination of the active copy UPO or UP1, as seen better with the explanation of FIG. 4. Said block also includes an oscillator which generates a local clock signal independent of the one generated in the block CPUO, and a counter which produces a 16ms timing used to filter some alarm signals coming from ALDETO.
To the block CCLO arrive a copy selection signal SEL1 generated by the block CCLl and, through the connection ALO, some signals which are described below. The block CCLO, for the purpose of selecting the active processing unit, generates the copy selection signal SELO which it sends to a selection input of the double gate access circuit ACCO and to an input of the block CCLl. The signal SELO is also sent to the block PERSELO. Under certain conditions which are clarified in the examination of FIG. 4, the block CCLO generates a reset signal RESO which it sends to the block CPUO. The processing unit UPO is directly connected to the processing unit UP1 and vice versa by means of an especially dedicated synchronous communication channel. The circuits necessary for implementation of said channel are included in the blocks IPCO and IPC1. Additional details on the constitution of the block IPCO are not necessary because implementation of a synchronous communication channel is known to those skilled in the art.
As regards the other blocks of the duplicate control unit of FIG. 2 different from UPO and UP1, it is useful to recall that, as mentioned above, the blocks BLOC0 and BL0C1 schematise respectively any one of the peripheral blocks MESO, PERO, I/UO and MES1, PERI, I/Ul. Said schematising concerns essentially only the double gate access circuits and those for interface toward the two processing units UPO and UP1 and some circuits which control the correct operation of said peripheral blocks.
For the sake of simplicity, hereinafter only the block BLOCO is explained, it being understood that the same remarks apply to the block BL0C1.
The block BLOCO includes the logical gate of OR with two inputs OR0 to which arrive respectively the enabling signal BOSEL0 and a similar enabling signal B0SEL1 coming from the block PERSEL1. At the output of OR0 is an enabling signal BOSEL directed toward the double gate access circuit ACCO. The latter allows selective access to one or the other of the two processing units UPO and UP1. For this purpose, ACCO includes two-way two-input selectors (not shown in the FIGS.) to which arrive BUSOL and BUS1R respectively. The output of the selectors is connected to transceivers (included in ACCO and also not shown in the FIGS.) which allow extension of the bus of the active processing unit in the BLOCO. At the selector selection input arrives the copy selection signal generated by the block CCLO. At the enablement input of the transceivers included in the block ACCO arrives the enablement signal BOSEL. The block BLOCO also includes a control circuit which performs some important operations specified below for control of the integrity of said block. In case of significant failure of one or more circuits of BLOCO, the control circuit generates an interrupt towards the active processor. Said control circuit of BLOCO is provided by the use of normal logical circuits and is readily implemented by those skilled in the art and therefore not illustrated in the FIGS.
With reference to FIG. 3 in which all the elements common to FIGS. 1 and 2 are indicated by the same symbols, there can be seen the blocks CPUO and BUSDRO shown in greater detail. The block CPUO consists substantially of the blocks OSC, :2, MICm and MICs, PARGEN, COMP, FF0, FF1, FF2, TR1 and TR2. The block BUSDRO includes the blocks Tl, T2, TR3 and TR4. In the FIG. can also be seen the block LOCMEMO. The block OSC represents a local oscillator of great stability which supplies the clock signal to the processing unit UPO. The block :2 is a simple frequency divider which divides by two the clock signal generated by OSC before it reaches a respective timing input of the blocks MICm, MICs, FFO and COMP. The blocks MICm and MICs include two identical INTEL 80C186 microprocessors and respective VLSIs which assist their operation. The block FFO represents an assembly of flip-flops to whose inputs arrive the unmaskable interrupt signal NMIO, some maskable interrupt signals INTO, some signals DMAO for direct access to the memory block LOCMEMO, and a ready signal DRYO sent by the peripheral blocks. Said signals are synchronised by the block FFO and sent to respective inputs of MICm and MICs. To the latter also arrives the signal RESO.
The block COMP represents a circuit which controls correct operation of the microprocessors MICm, MICs and that of the local oscillator, generating in case of failure the internal alarm signal MSMO. For this purpose the two busses of the microprocessors MICm and MICs indicated by Bm and Bs respectively reach the inputs of COMP.
The data and address lines of the bus Bs alone reach the input of the block PARGEN which represents a parity bit generator whose output is a bus BS' different from Bs only in that it has additional lines for the data and address parity bits.
The address lines of the busses Bm and Bs' are connected to the inputs of the blocks FF1 and FF2 respectively which represent registers which memorise said addresses during a read or write access cycle. The data lines of the busses Bm and Bs' are connected to a first end of the blocks TR1 and TR2 respectively which represent common transceivers. At the outputs of the blocks FF1 and FF2 the address lines are connected in parallel to each other to form single address lines of the bus BUSO, including the lines of parity bits in Bs'. Similarly, the lines of data at a second end of the transceivers TR1 and TR2 are connected in parallel to each other to form unique data lines of the bus BUSO which include the parity bit lines in Bs'. For the sake of simplicity, in the representation for BUSO, the lines for the control and state signals of the microprocessors are not shown but are present.
The address lines of BUSO are connected to the input of the blocks Tl and T2 which represent a set of drivers related to the busses BUSOL and BUSOR. The data lines of BUSO are connected to the input of the blocks TR3 and TR4 which represent a set of transceivers for said busses BUSOL and BUSOR. The control and state signals on the bus Bm determine the correct direction of the transceivers TR1, TR2, TR3 and TR4 in conformity with the type of read or write access performed by CPUO.
In the operation of the duplicate control unit of the example with reference to the FIGS. 1, 2 and 3 each of the two control units UCO and UC1 can be configured either as active or standby copy. Choice of the configuration is substantially made by the blocks CCLO and CCLl.
The active processing unit controls all the other blocks of the equipment including those belonging to the standby control unit copy, while access by the standby processing unit to any peripheral block is prevented. This is possible because, as may be seen in
FIG. 1, even if the control units UCO and UC1 are indicated as two distinct units, in reality the interconnections of the peripheral blocks to both the processing units configure UCO and UC1 as a unique control unit, made up of individual blocks all duplicated and selectively accessible to the processing unit active at that time. This circuitry structure makes the duplicate unit extremely reliable because, in case of failure of any part, said part can be promptly replaced without having to switch the entire individual control unit as in the previous art. The remaining blocks of the equipment connected to the duplicate control unit can in turn be duplicated or not. In FIG. 1 only the block TEL is not duplicated. Otherwise it would be necessary to equip another pair of peripheral units of the PER0/PER1 type as interface toward the duplicate block. As regards the block CPUO, the two INTEL 80C186 microprocessors included therein work in microsynchronised mode and constitute the heart of the processing unit UPO. To guarantee the microsynchronising, the paths of the clock signal from the oscillator OSC to the two microprocessors have the same length. In addition, an appropriate circuit inside the block COMP, verifies continuously the existence of the clock signal. In addition all the control signals applied to the inputs of the two microprocessors, except RESO, are first resynchronised with said clock signal.
Correct microsynchronisation of the two microprocessors is controlled by the block COMP which includes circuits which verify instant by instant the identity of addresses, data and control signals generated by the two devices, a difference being interpreted as a failure. The block COMP also includes a watchdog timer, to detect infinite-loop condition.
The different failure signals are placed in OR inside COMP to generate the signal MSMO which represents the internal alarm of the block CPUO which is sent to the block ALDETO and thence made to continue toward the blocks CCLO and ALDET1.
As regards the block LOCMEMO, the RAMs and EPROMs included therein have a dimension such as to allow memorisation of an additional parity signal for every eight words memorized. Said memories are also protected by another redundancy code which allows verification of the integrity of their contents. This redundancy code is generated to protect the integrity of every 64 kbytes of code or data.
As regards operation of the block ALDETO it is useful to point out that it allows the processing unit UPO to carry out maintenance operations on the entire set of equipment. For this purpose the principal failure detection circuits included in the block ALDETO, not shown in the figures because readily implemented by those skilled in the art, are: - a detector circuit for parity errors in read operations performed by addressing the memories included in the block LOCMEMO, or addressing any peripheral block BLOCO or BL0C1;
- a detector circuit of absence of ready signal RDYO normally sent toward the active processing unit by the addressed peripheral block;
- an OR circuit for all the alarms detected by the block ALDETO, or which reach it, and whose output is the unmaskable interrupt signal NMIO directed towards the microprocessor circuit CPUO;
- appropriate trap circuits which in case of alarm memorise in a special trap register the bit configuration on BUSO, in order to identify the type of operation which was in progress when the alarm occurred. In addition the detail of the alarms detected by ALDETO is memorized in the trap register.
To the various circuits of the block ALDETO, arrives all the information on failures or access errors which have given rise to an alarm condition in one or more blocks of the entire duplicate unit and in the remaining blocks of the equipment (TEL) . Said information arrives in the following manners: by means of the signal MSMO, in case of failure of the processor circuit CPUO; by decoding of the data on BUSO made in concomitance with reception of an interrupt signal; and finally through two-way connection with the block ALDET1, in case of failure of a block of the unit UP1.
In the presence of particular failures of a peripheral block, it could happen that the processing unit UPO stops while waiting for an event which never occurs, but detection of the ready signal RDYO allows the processor to obviate this serious shortcoming. After detection of one or more alarms, the block ALDETO generates the unmaskable interrupt signal NMIO which it sends to the processor circuit CPUO. The latter acquires the detail on the type of alarm by reading the related information from the trap registers of ALDETO or directly from the data of BUSO. As regards operation of the configuration control block CCLO, it is useful to specify that the signals coming from the block ALDETO through the connection ALO are:
- the signals MSMO and MSM1 which represent the alarms for internal failure of the respective processor circuits CPUO and CPU1; . an alarm signal for failure of the power supply of the processing unit UP1;
- two bits coming from the data transiting on BUSO which represent in codified form the requests of the software concerning the operating state, active or standby, wanted for UPO, and - a signal called 'power-up reset' generated upon turning on the power supply belonging to the processing unit UP1 and used for initialization of the internal logical of the block CCLO.
The block CCLO analyses all of said signals and determines if its own processing unit UPO should be active or standby, generating for this purpose the signal SELO which is distributed only to the peripheral blocks of UCO to control the choice of the active copy of the unit processor UPO or UP1. One function of the block CCLO is to filter possible disturbances on the input signals by making use of an appropriate timing taken from the clock signal inside the block. The main purpose of said filtering is to allow passage of 16ms of time before the firmware memorized in the copy selection EPROM can react to an alarm coming from the CPUO. During this time the software seeks to cancel the alarm.
The copy selection EPROM belonging to CCLO simulates, as already mentioned, an asynchronous sequential logical circuit. For this purpose, on the address bus of the EPROM arrive the signals which enter the block CCLO. The words contained in the EPROM, read in correspondence with predetermined configurations of the address bits, represent the signals output from the block CCLO. As known, it is good design practice to completely and appropriately fill the EPROM even for those address bit configurations which do not correspond to any well defined logical state of operation of the duplicate unit. This is because, especially during transitions of the signals on the address lines, transitory readings of any word of the EPROM are theoretically possible. It is absolutely necessary that said words read transitorily do not generate output signals of CCLO which might modify the pre-existing configuration.
For a detailed explanation of the operation of the copy selection firmware please see the illustration of the diagram of the sequential logical states of FIG. 4. It should be recalled at this point that the decision made by the block CCLO is made operative through the signal SELO sent exclusively to the peripheral blocks of the BLOCO type belonging to the control unit UCO. In dual mode, the decision of the block CCLl is made operative by sending the signal SEL1 only to the peripheral blocks belonging to the control unit UC1. This allows holding physically separate from each other the two copies of the duplicate control unit, increasing the reliability of the equipment. The logical values of the signals SELO and SEL1 must be congruent to allow access by the active processing unit to the peripheral blocks of both the control units.
As regards the block PERSELO, it must be specified that the synchronous duplication circuit for the write cycles in peripheral data memory consists essentially of the aforementioned decoding logical circuits for the information on BUSO and an auxiliary register in which CPUO writes a two-bit control configuration which is set forth below together with its meaning:
"00": to perform a write cycle in both the peripheral data memories MESO and MES1 and a read cycle only in the memory MESO; "01": to perform a read and write cycle only in the peripheral data memory MESO; "10": to perform a read and write cycle only in the peripheral data memory MES1; "11": to perform a write cycle in both the peripheral data memories MESO and MES1 and a read cycle only in the memory MES1.
The aforesaid decoding logical circuits decode the contents of the auxiliary register together with the signals on BUSO, generating each time the appropriate combinations of signals of the B0SEL0 and B1SEL0 type for enablement of the preselected peripheral circuits also including the memories MESO and/or MES1. More specifically, if the auxiliary register contains the configurations 00 or 11, the block PERSELO generates in write a pair of enablement signals for both the memories MESO and MES1. If the access concerns peripheral circuits different from MESO and/or MES1, the contents of the auxiliary register are not taken into consideration. The decoding operations of PERSELO are enabled by the active copy selection signal SELO to avoid that, when the processing unit UPO is in standby, it continues to control the access circuits ACCO, ACC1 of the peripherals BLOCO and/or BLOC1. From all of the above remarks on the copy selection signals, it can be inferred that generation of the SELO and SEL1 signals allows unequivocal definition of the roles of the two processing units. More precisely, the processing unit on standby remains there until, because of failure of the active copy, it is called upon to replace the one that was active. Such a choice, which could be at first sight uneconomical because it leaves a resource normally unused, allows in reality effective and reliable control of the entire set of equipment by a single processing unit.
As regards the two-way communication channel between the blocks IPCO and IPC1, it is used by the active prOcessing unit 'during performance of some activities which it carries out on the standby unit. It is used for example in supervision processes for the transfer of some programmes and to activate failure diagnosis processes. The communication channel uses a protocol HDLC because it is particularly efficient in protecting the information transferred between the two control units UCO and UC1. As regards operation of the blocks BLOCO and BL0C1 which schematise the peripheral blocks I/UO, PERO, MESO and I/Ul, PERI, MES1, it is useful to recall that they include circuits for access and interface towards both the processing units UPO and UP1 and control and maintenance circuits for said peripheral blocks. As may be seen in FIG. 2, each block of type BLOCO and BL0C1 is connected to the two processing units by two different physically separate access paths, a first path being represented by the busses BUSOL and BUSOR and a second path by the busses BUS1R and BUSIL. In this manner events of any type, even transitory, which appear any place in the equipment have very little chance of influencing simultaneously both of said access paths and consequently said events could with the greatest difficulty put the blocks BLOCO and/or BL0C1 completely out of use paralysing the entire set of equipment. For the sake of simplicity the following remarks apply only to the block BLOCO but could apply by analogy also to the block BL0C1 given the equivalence of the two blocks.
As stated above, the copy selection signal SELO selects the signals coming from one or the other processing unit and the selected bus can be extended to the inside of BLOCO only when the selection signal BOSEL is active, i.e. when one of the two signals B0SEL0 or B0SEL1 is generated by the processing unit active at that time, to accede to said peripheral block. In this case BOSEL together with the control and state signals on the selected bus enables the right direction of the transceivers of ACCO compatibly with the type of read or write access.
As regards the control circuit included in BLOCO, the main operations which it performs for checking of the integrity of the peripheral block are the following: - checking of the correct parity of the address bits during the read or write operations, while in case of a parity error the write signal is inhibited to avoid unforeseeable operations, - checking of the correct parity of the data bits after write operations, and
- checking of the consistency of the control signals sent by the processing unit and the related state signals which indicate the type of access which the processor wants to perform.
In case of significant failure of one or more BLOCO circuits, the internal control circuit generates an interrupt towards the active processor and the information about the type of failure is placed in a register of BLOCO to be subsequently read by the active processor.
As regards the specific operation of the individual peripheral blocks of FIG. 1, it is necessary to specify that the blocks I/UO, MESO and PERO are identical with the blocks I/Ul, MESl and PERI and therefore a single description can be given for all of them. The blocks MESO and MESl include a respective RAM bank in which are memorised the basic data, i.e. all the information which allows the active processing unit to control all the functions of the equipment. Said information includes for example data on the configuration of the system and the intermediate data of some processing.
If operation is normal, i.e. with the blocks MESO and MESl both unimpaired, with the processing unit UPO is associated the block MESO and with the unit UP1 is associated MESl. Assuming that the unit UPO is active, the microprocessor of UPO reads whatever is needed from MESO and writes in MESO and MESl synchronously. In case of switching for failure of UPO, the replacing processing unit reads from MESl and writes in MESl and MESO synchronously. This mode of operation allows considerable saving of real time for the active processing unit, especially in the period immediately following its activation. Indeed, the processor just activated finds already in its peripheral data memory bank the update data necessary for continuation of its activity.
The peripheral blocks I/UO and I/Ul include identical interface circuits toward the respective blocks TERO and TER1. The latter can represent either general purpose input/output terminals, as for example personal computers, or indicator, or warning lamp panels, or remote operation relays or other. In any case, depending on the type of equipment or device represented by TERO and TER1, provision of said interface circuits is possible for those skilled in the art and therefore requires no further explanation.
The peripheral blocks PERO and PERI include identical interface circuits towards the block TEL which represents in a nonlimiting manner a number of telephone sets. Said interface circuits are already known to those skilled in the art and therefore are not shown.
With reference to FIG. 4, there is illustrated the diagram of the main sequential logical states for the firmware memorized in the copy selection EPROM included in the block CCLO. It is possible to obtain an analogous diagram for the copy selection firmware included in the block CCLl, by replacing in FIG. 4 the terms UPO, CPUO, SELO with UPl, CPU1, SELL The diagram is not further burdened with the introduction of logical states corresponding to incongruent configurations which are however possible only during very brief transients, as for example the configurations in which both the processing units UPO and UPl are active or standby. The firmware of course allows for occurrence of said situations and provides therefor.
The logical states shown in the diagram are substantially three, i.e. turning on, UPO unit active, UPO unit on standby. The signal SELO has logical value 0 for UPO active and 1 for UPO on standby. Starting from the turning on state, the next following state is that of UPO unit active, if the conditions of unit UPl turned off or on standby occur. The next state after turning on is that of the unit UPO on standby if the unit UPl is active. In all cases, before passing from the turning on state to the two following states, the firmware generates the reset signal RESO of the processor circuit CPUO. Let it be assumed that the next state is that of active UPO. In this case if there is no alarm in the unit UPO, said unit remains indefinitely in this state of activity. But if an alarm is detected in the unit UPO, it passes into the state in which it is in standby after resetting of CPUO. The unit UPO remains indefinitely in the standby state if no alarm occurs in the active unit UPl. Upon occurrence of an alarm in UPl, the unit UPO returns to active state after reset of CPUO. With the unit UPO on standby, no alarm in active UPl and detection of alarm in UPO on standby, the unit UPO remains on standby but the firmware generates a reset signal for the processor circuit CPUO. If there is no alarm in either of the units UPO and UPl, the software resident in the processing unit UPO can require the firmware of CCLO to switch the unit UPO from active to standby or vice versa after reset of CPUO in either case. Said request is made through the aforementioned two state bits made to reach the address line of the copy selection EPROM. The duplicate control unit described in the nonlimiting example duplicates the information in the write phase, but does not verify data alignment in the two copies of the peripheral data memories. It should be specified that by data alignment is intended the perfect matching of the contents of the two memories. Said verification becomes absolutely essential immediately after the switching of a processing unit from standby to active copy. The verification is necessarily the responsibility of an appropriate subprogram which verifies the identity of the contents of the two memories. Therefore the type of implementation of the example does not relieve the software completely of all the activities connected with duplication of the information. Said implementation is the fruit of a compromise between the requirement to save real processing time and that of not excessively complicating the hardware of the duplicate control unit. There is therefore described with reference to FIG. 2 and the above description a variation of the duplicate control unit which is the object of the present invention consisting of modifying appropriately the synchronous duplication circuit of the cycles of writing in peripheral data memory included in the blocks PERSELO and PERSELl, so that every time the active processing unit performs a write access in its own peripheral data RAM, the same type of access is also performed synchronously in the other copy of the same peripheral memory. The words read are also compared with each other and in case of difference there is generated an alarm signal sent through the blocks ALDETO or ALDET1 to the respective processor circuit which can thus start the necessary maintenance operations. A synchronous duplication circuit appropriately modified to provide the variation in question differs from that described in the nonlimiting example mainly in some slight modifications made in the decoding logical circuits included in the blocks PERSELO and PERSELl and by the addition of a comparator for the words read.
More precisely, said modified decoding circuits detect a condition of read access to its own peripheral data RAM by the active processing unit, and generate therefor a pair of signals B0SEL0, B1SEL0 which enable both the data memories MESO and MESl. Said modifications are known to those skilled in the art and therefore no further details thereon are necessary. A duplicate control unit realised in accordance with the variation in question allows another saving of real time of the active processor. Indeed, it is no longer necessary to verify data alignment in the two peripheral data memories MESO and MESl by the software after each switch between the two processing units due to a failure.
From the description given and the information on the particular microprocessor used and which can be readily found in the literature supplied by the maker thereof, those skilled in the art are enabled to provide both the hardware and the software for the duplicate control unit which is the object of the present invention.

Claims

CLAIMS 1. Duplicate control and processing unit for telecommunications equipment consisting essentially of two identical control units connected to the rest of the equipment, each control unit including a processing unit which carries out the processing necessary for operation and control of the equipment, several peripheral circuits connected to the processing unit bus to assist the processing unit in carrying out its control action; characterised in that: - each processing unit (UPO, UPl) includes a respective configuration control circuit (CCLO, CCLl) which generates a copy selection signal (SELO, SEL1) directed to the peripheral circuits (BLOCO, BLOC1) belonging to their own control units (UCO, UCl) and whose logical values determine the choice of the active processing unit (UPO, UPl) which takes control of the entire set of equipment; - each peripheral circuit (I/UO, PERO, MESO, I/Ul, PERI, MESl) includes a respective double gate access circuit (ACCO, ACC1) to whose gates are connected the busses (BUSO, BUS1) of both the processor units (UPO, UPl) and said access circuit also having a control input to which arrives said copy selection signal (SELO,
SEL1) to command electrical continuity in the bus lines of the active processing unit and breaking of the bus lines of the standby processing unit;
- the active processing unit accesses a general purpose peripheral circuit of its own control unit (UCO, UCl) and without distinction to the corresponding duplicate peripheral circuit while sending to the peripheral to which it intends to access a respective enablement signal (BOSEL, B1SEL) used by said access circuit (ACCO, ACC1) to extend the active processing unit.
2. Duplicate control and processing unit in accordance with claim 1, characterised in that: said processing unit comprises also a clock signal generator, two mutually microsynchronised microprocessors connected in parallel to form a single bus inclusive of the parity control lines, and a RAM containing control software; said peripheral circuits comprise also respective interface circuits toward the processing unit and the rest of the equipment not belonging to the duplicate control unit, and at least one data RAM containing the data necessary for operation of the equipment and those processed during operation thereof, a mass memory and circuits for interfacing with input/output terminals; the active processing unit performing synchronous write cycles in both the peripheral data RAMs (MESO, MESl) belonging to the two control units (UCO, UCl), to allow fast recovery of the operating synchronism by the processing unit on standby after its switching to active unit.
3. Duplicate control and processing unit in accordance with claim 2, characterised in that each of said processing units includes also:
- a decoding circuit (PERSELO, PERSELl) which decodes the information on the bus (BUSO, BUS1) of the processing unit generating said enablement signals (B0SEL0, B1SEL0, B0SEL1, B1SEL1) for said access circuits (ACCO, ACC1) of the peripherals; - a failure detection and alarm generation circuit (ALDETO, ALDET1) which informs the processing unit of which it is part of the presence of an internal failure alarm condition in its own processing unit or in the main circuits of the entire set of telecommunications equipment to allow maintenance thereof by the active processing unit; and
- a communication circuit (IPCO, IPC1) which provides a two-way synchronous communication channel between the said two processing units (UPO, UPl) to allow an exchange of information between them.
4. Duplicate control and processing unit in accordance with claim 3, characterised in that each of said decoding circuits also includes an auxiliary register in which the respective processing unit writes one of four possible bit combinations to set a corresponding procedure for access to said peripheral data RAMs in accordance with the following criterion: . a first bit combination to perform a write cycle in both the peripheral data RAMs (MESO, MESl) and a read cycle only in the memory belonging to its own control unit;
- a second bit combination to perform a read and write cycle only in the peripheral data RAM belonging to its own control unit; . a third bit combination to perform a read and write cycle only in the duplicate peripheral data RAM; and finally
- a fourth bit combination to perform a write cycle in both the peripheral data RAMs (MESO, MESl) and a read cycle only in the duplicate peripheral data RAM;
- characterised in that said decoding circuits are enabled by said respective copy selection signal (SELO, SEL1) in the active logical state preventing the processing unit on standby from controlling said access circuits (ACCO, ACC1) ;
- and in that said decoding circuits enabled for operation decode the contents of the respective auxiliary registers together with the signals on the busses of the respective processing units (BUSO, BUS1) to generate a corresponding appropriate combination of said enablement signals (B0SEL0, B1SEL0, B0SEL1, B1SEL1) of the peripheral circuits.
5. Duplicate control and processing unit in accordance with claim 2, characterised in that each of said configuration control circuits (CCLO, CCLl) includes a copy selection EPROM to whose address inputs arrive a copy selection signal (SEL1, SELO) coming from the configuration control circuit (CCLl, CCLO) belonging to the duplicate processing unit, a first OR logical signal of the alarms detected by its own processing unit and a second OR logical signal of the alarms detected by the duplicate processing unit, bits representative of a request for activation or putting on standby of the processing unit of which said EPROMs are part, and the words read for each configuration of the addresses corresponding to a true or denied logical value of said copy selection signals (SELO, SEL1).
6. Duplicate control and processing unit in accordance with claim 5, characterised in that said signals on the address rows of said copy selection EPROMs are appropriately filtered to eliminate any disturbances and allow the control software to start attempts to eliminate the causes of the alarms.
7. Duplicate control and processing unit for telecommunications equipment consisting essentially of two identical control units connected to the rest of the equipment, each control unit including a processing unit which carries out the processing necessary for operation and control of the equipment, several peripheral circuits connected to the bus of the processing unit to assist the processing unit in carrying out its control action, said processing unit including essentially a clock signal generator, two mutually microsynchronised microprocessors connected in parallel to form a single bus including lines for parity control and a RAM containing control software and said peripheral circuits including respective interface circuits toward the processing unit and the rest of the equipment not belonging to the duplicate control unit and said peripheral circuits including at least one data RAM containing the data necessary for operation of the equipment and those processed during operation thereof, mass memory, and circuits for interfacing with input/output terminals and characterised in that: - each processing unit (UPO, UPl) includes a respective configuration control circuit (CCLO, CCLl) which generates a copy selection signal (SELO, SELl) directed to the peripheral circuits (BLOCO, BL0C1) belonging to its own control unit (UCO, UCl) whose logical values determine the choice of the active processing unit (UPO, UPl) which takes control of the entire set of equipment;
- each peripheral circuit (I/UO, PERO, MESO, I/Ul, PERI, MESl) includes a respective double gate access circuit (ACCO, ACCl) to whose gates are connected the busses (BUSO, BUS1) of both the processing units (UPO, UPl) and said access circuit having also a control input to which arrives said copy selection signal (SELO,
SELl) to command electrical continuity in the bus lines of the active processing unit and interruption of the bus lines of the standby processing unit;
- the active processing unit accedes to a general purpose peripheral circuit of its own control unit (UCO, UCl) or to the corresponding duplicate peripheral circuit to send to the peripheral to which it intends to accede a respective enablement signal (BOSEL, BISEL) used by said access circuit (ACCO, ACCl) to extend the active processing unit; and - the active processing unit performs synchronous write cycles and synchronous read cycles in both the peripheral data RAMs (MESO, MESl) belonging to the two control units (UCO, UCl) to allow fast recovery of the operating synchronism by the processing unit on standby after its switch to active unit, - and that the words read synchronously by the duplicate peripheral data RAMs (MESO, MESl) are compared to generate in case of difference an alarm signal used to start the necessary maintenance operations by the active processing unit.
PCT/EP1993/002496 1992-09-30 1993-09-15 Duplicate control and processing unit for telecommunications equipment WO1994008292A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US08/411,686 US5784551A (en) 1992-09-30 1993-09-15 Duplicate control and processing unit for telecommunications equipment
BR9307149A BR9307149A (en) 1992-09-30 1993-09-15 Duplicate control and processing unit for telecommunications equipment
DE69308868T DE69308868T2 (en) 1992-09-30 1993-09-15 DUPLICATED CONTROL AND PROCESSING UNIT FOR TELECOMMUNICATION SYSTEM
EP93920731A EP0663086B1 (en) 1992-09-30 1993-09-15 Duplicate control and processing unit for telecommunications equipment
NO951204A NO951204L (en) 1992-09-30 1995-03-29 Duplicate telecommunications equipment management and processing unit
GR970400775T GR3023113T3 (en) 1992-09-30 1997-04-11 Duplicate control and processing unit for telecommunications equipment.

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITMI92A002261 1992-09-30
ITMI922261A IT1255618B (en) 1992-09-30 1992-09-30 DUPLICATED CONTROL AND PROCESSING UNIT FOR TELECOMMUNICATIONS EQUIPMENT

Publications (1)

Publication Number Publication Date
WO1994008292A1 true WO1994008292A1 (en) 1994-04-14

Family

ID=11364038

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1993/002496 WO1994008292A1 (en) 1992-09-30 1993-09-15 Duplicate control and processing unit for telecommunications equipment

Country Status (12)

Country Link
US (1) US5784551A (en)
EP (1) EP0663086B1 (en)
CN (1) CN1086364A (en)
AT (1) ATE150192T1 (en)
BR (1) BR9307149A (en)
DE (1) DE69308868T2 (en)
ES (1) ES2099473T3 (en)
GR (1) GR3023113T3 (en)
IT (1) IT1255618B (en)
NO (1) NO951204L (en)
WO (1) WO1994008292A1 (en)
ZA (1) ZA936351B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999059067A1 (en) * 1998-05-14 1999-11-18 Motorola, Inc. Method for switching between multiple system hosts
DE19832060A1 (en) * 1998-07-16 2000-01-20 Siemens Ag Double processing unit
DE19951541C1 (en) * 1999-10-26 2000-10-26 Siemens Ag Integrated circuit component, e.g. ASIC
DE19950131C1 (en) * 1999-10-18 2000-11-02 Siemens Ag Integrated circuit with microsynchronised redundant components

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100195065B1 (en) * 1996-06-20 1999-06-15 유기범 Data network matching device
KR100195064B1 (en) * 1996-06-20 1999-06-15 유기범 Data network matching device
US8225003B2 (en) * 1996-11-29 2012-07-17 Ellis Iii Frampton E Computers and microchips with a portion protected by an internal hardware firewall
US20050180095A1 (en) 1996-11-29 2005-08-18 Ellis Frampton E. Global network computers
US7805756B2 (en) * 1996-11-29 2010-09-28 Frampton E Ellis Microchips with inner firewalls, faraday cages, and/or photovoltaic cells
US7506020B2 (en) * 1996-11-29 2009-03-17 Frampton E Ellis Global network computers
US7926097B2 (en) 1996-11-29 2011-04-12 Ellis Iii Frampton E Computer or microchip protected from the internet by internal hardware
US6725250B1 (en) 1996-11-29 2004-04-20 Ellis, Iii Frampton E. Global network computers
US6167428A (en) * 1996-11-29 2000-12-26 Ellis; Frampton E. Personal computer microprocessor firewalls for internet distributed processing
US7634529B2 (en) 1996-11-29 2009-12-15 Ellis Iii Frampton E Personal and server computers having microchips with multiple processing units and internal firewalls
US8312529B2 (en) 1996-11-29 2012-11-13 Ellis Frampton E Global network computers
US6427213B1 (en) * 1998-11-16 2002-07-30 Lucent Technologies Inc. Apparatus, method and system for file synchronization for a fault tolerate network
JP2001044910A (en) * 1999-07-30 2001-02-16 Nec Corp Transmission system of high speed signal in device
US6622246B1 (en) * 1999-11-12 2003-09-16 Xerox Corporation Method and apparatus for booting and upgrading firmware
US7213167B1 (en) * 2000-01-18 2007-05-01 Verso Technologies, Inc. Redundant state machines in network elements
US6931568B2 (en) * 2002-03-29 2005-08-16 International Business Machines Corporation Fail-over control in a computer system having redundant service processors
FI115015B (en) * 2002-04-22 2005-02-15 Metso Automation Oy Procedure and system for securing a bus and control server
KR100474704B1 (en) * 2002-04-29 2005-03-08 삼성전자주식회사 Dual processor apparatus capable of burst concurrent writing of data
US6885973B1 (en) * 2003-01-28 2005-04-26 Sprint Communications Company L.P. Alarm facilitator and method for analyzing computer hardware alarms
CN1318562C (en) * 2004-09-27 2007-05-30 彭全生 Process for preparing zinc-rich white spirit
US8256147B2 (en) 2004-11-22 2012-09-04 Frampton E. Eliis Devices with internal flexibility sipes, including siped chambers for footwear
US8125796B2 (en) 2007-11-21 2012-02-28 Frampton E. Ellis Devices with faraday cages and internal flexibility sipes
US8429735B2 (en) 2010-01-26 2013-04-23 Frampton E. Ellis Method of using one or more secure private networks to actively configure the hardware of a computer or microchip

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3544777A (en) * 1967-11-06 1970-12-01 Trw Inc Two memory self-correcting system
GB2084770A (en) * 1980-08-26 1982-04-15 Italtel Spa Data exchange between a pair of computers operating according to the masterslave principle and a support computer
DE3328405A1 (en) * 1983-08-05 1985-02-21 Siemens AG, 1000 Berlin und 8000 München Control elements of a fault-tolerant multicomputer system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5251299A (en) * 1985-12-28 1993-10-05 Fujitsu Limited System for switching between processors in a multiprocessor system
JP2560510B2 (en) * 1990-03-06 1996-12-04 日本電気株式会社 Network management manager switching method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3544777A (en) * 1967-11-06 1970-12-01 Trw Inc Two memory self-correcting system
GB2084770A (en) * 1980-08-26 1982-04-15 Italtel Spa Data exchange between a pair of computers operating according to the masterslave principle and a support computer
DE3328405A1 (en) * 1983-08-05 1985-02-21 Siemens AG, 1000 Berlin und 8000 München Control elements of a fault-tolerant multicomputer system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999059067A1 (en) * 1998-05-14 1999-11-18 Motorola, Inc. Method for switching between multiple system hosts
US6209051B1 (en) 1998-05-14 2001-03-27 Motorola, Inc. Method for switching between multiple system hosts
DE19832060A1 (en) * 1998-07-16 2000-01-20 Siemens Ag Double processing unit
DE19832060C2 (en) * 1998-07-16 2000-07-06 Siemens Ag Duplicate processor device
DE19950131C1 (en) * 1999-10-18 2000-11-02 Siemens Ag Integrated circuit with microsynchronised redundant components
WO2001029667A2 (en) * 1999-10-18 2001-04-26 Siemens Aktiengesellschaft Integrated circuit with doubled synchronous and asynchronous components
WO2001029667A3 (en) * 1999-10-18 2001-12-06 Siemens Ag Integrated circuit with doubled synchronous and asynchronous components
US6892345B1 (en) 1999-10-18 2005-05-10 Siemens Aktiengesellschaft Integrated circuit including duplicated synchronous and asynchronous components
DE19951541C1 (en) * 1999-10-26 2000-10-26 Siemens Ag Integrated circuit component, e.g. ASIC
WO2001031443A2 (en) * 1999-10-26 2001-05-03 Siemens Aktiengesellschaft Integrated electronic component with a duplicate core logic and hardware fault injector for test purposes
WO2001031443A3 (en) * 1999-10-26 2001-12-27 Siemens Ag Integrated electronic component with a duplicate core logic and hardware fault injector for test purposes

Also Published As

Publication number Publication date
DE69308868D1 (en) 1997-04-17
ZA936351B (en) 1994-05-19
EP0663086B1 (en) 1997-03-12
ES2099473T3 (en) 1997-05-16
BR9307149A (en) 1999-03-30
NO951204L (en) 1995-05-22
ITMI922261A0 (en) 1992-09-30
DE69308868T2 (en) 1997-09-04
CN1086364A (en) 1994-05-04
ATE150192T1 (en) 1997-03-15
EP0663086A1 (en) 1995-07-19
ITMI922261A1 (en) 1994-03-30
GR3023113T3 (en) 1997-07-30
NO951204D0 (en) 1995-03-29
US5784551A (en) 1998-07-21
IT1255618B (en) 1995-11-09

Similar Documents

Publication Publication Date Title
EP0663086B1 (en) Duplicate control and processing unit for telecommunications equipment
US5901281A (en) Processing unit for a computer and a computer system incorporating such a processing unit
EP0273043B1 (en) Triple-redundant fault detection system and related method for its use
US4757442A (en) Re-synchronization system using common memory bus to transfer restart data from non-faulty processor to failed processor
CA1176337A (en) Distributed signal processing system
US5495570A (en) Mirrored memory multi-processor system
CA1310129C (en) Interface of non-fault tolerant components to fault tolerant system
US3810121A (en) Timing generator circuit for central data processor of digital communication system
US5251299A (en) System for switching between processors in a multiprocessor system
EP0414379A2 (en) Method of handling errors in software
EP0415551A2 (en) Protocol for transfer of DMA data
EP0415545A2 (en) Method of handling errors in software
EP0514075A2 (en) Fault tolerant processing section with dynamically reconfigurable voting
JPS586975B2 (en) remote modem adapter
CA2032067A1 (en) Fault-tolerant computer system with online reintegration and shutdown/restart
JPH01154241A (en) Synchronized double computer system
RU2455681C1 (en) Fault-tolerant computing system with hardware-programmed function of fault-tolerance and dynamic reconfiguration
US5163138A (en) Protocol for read write transfers via switching logic by transmitting and retransmitting an address
EP0415549A2 (en) Method of converting unique data to system data
AU569615B2 (en) Improvements in or relating to computers
US4631661A (en) Fail-safe data processing system
EP0416732B1 (en) Targeted resets in a data processor
LALA Advanced information processing system
EP0265366B1 (en) An independent backup mode transfer method and mechanism for digital control computers
KR100228306B1 (en) Hot-standby multiplexer and implementation method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): BR NO US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1993920731

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 08411686

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1993920731

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 1993920731

Country of ref document: EP