for the board at the left, I am considering two boards (master and slave).
for each board (i.e. microcontroller), two CAN ports, one of them goes to BUS A and the other one to BUS B.
For the right side, I did a mistake in drawing. there should be one connection from each BUS to the computers. not more.
CRC should handle (detect) the errors to some stage. but in safety critical applications, usually a duplicated CAN port is recommended.
But can the synchronization of the ports be an issue?
what is the reliability of the CAN protocol itself?
In literature of the subject, time redundancy is also recommended. meaning that sending each packet of data at least for three times, and apply voting on them in the receiver side!
any experience on this?
- - - Updated - - -
- - - Updated - - -
this is also important. but I assume the main idea in using different types of redundancy (both hardware, information and time) can aldo be handling the problems in noisy environments.