Redundancy management and synchronization in avionics communication products

This paper describes how avionics communication product is being managed in a redundant configuration while performing flight operations. The description covers the architecture of the communication products like CMU (Communication Management Unit), in connection with associated redundancy design requirements; methods for data exchange / synchronization between redundant computers, technique used to identify a failed computer / CMU, notify this failure on-board to the crew, changing the mastership of the computer, methods for recovery of the failed computer. In addition this describes about the number of redundant computers that are required to fulfill the criticality / safety levels of the aircraft operations; how dissimilar architecture concepts could be leveraged to provide protection against common mode failure triggers. Non-failure situations like performance degradation of a computer (operating closer to failure ranges), degradation of redundancy management / synchronization capabilities of a computer should also be considered as factors necessitating the change of mastership. The debugging / built-in testability features would also depend up on the redundancy management architecture used to build the final product. There is a lot of challenge involved is testing the redundancy management, since we require a core functionality (decision of core functionality to be used) to test redundancy.