Maximizing fault tolerance in a low-s WaP data network

The BRAIN (Braided Ring Availability/Integrity Network) is a radically different type of data network technology that uses a combination of a braided ring topology and high-integrity message propagation mechanisms. The BRAIN was originally designed to tolerate two passive failures or one passive and one active failure (including a Byzantine failure). In recent developments, the BRAIN´s fault tolerance has been increased to the level where it can tolerate two active failures (including two Byzantine failures), as long as the two failures are not colluding. A colluding failure is an active failure that supports one or more other active failures to cause a system failure. To be effective, these active failures must be syntactically correct - i.e., cannot be detected by inline error detection, such as CRCs, checksums, physical encoding (e.g. 8B/10B), protocol rules, or reasonableness checks. The probability of colluding failures happening is so low that this new BRAIN, for all practical purposes, is a two-fault tolerant network. This improvement in fault tolerance comes at no additional cost. That is, it uses exactly the same minimal amount of hardware as the original BRAIN. As an example comparison, this new version of the BRAIN requires less size, weight, and power (SWaP) than a typical two-channel AFDX network, while tolerating more faults and more types of faults. The nodes used by the BRAIN, are simplex (they require no redundancy in themselves for integrity) and the fault tolerance provided by the BRAIN can be made transparent to all application software. The BRAIN can check that redundant nodes (e.g. pair-wise adjacent nodes) produce bit-for-bit identical outputs, without resorting to clock-step self-checking pair processing that is rapidly becoming technologically infeasible due to the higher speeds of modern processors. The BRAIN also simplifies the creation of architectures with dissimilar redundancy. The design of these BRAIN improvements were guided by the- use of the Symbolic Analysis Laboratory (SAL) model-checker in a novel use of formal methods for exploratory development early in the design cycle of a new protocol.