How do you design fault-tolerant avionics architecture meeting 10^-9 per flight hour requirements?

Achieving 10^-9/FH (one failure per billion flight hours) requires systematic architecture design. Strategies: Redundancy - dual, triple, or quad channels with voting (2-out-of-3, etc.); Active-active or active-standby configurations; and Dissimilarity (different hardware/software) prevents common-mode failures. Monitoring: Self-test and cross-channel comparison, Watchdog timers, and Built-In Test (BIT) for fault detection. Reconfiguration: Automatic fault isolation and reconfiguration, Graceful degradation to reversionary modes, and Pilot alerting for degraded states. Analysis: Fault tree analysis (FTA) calculates system failure probability, Markov analysis for complex repairable systems, Common cause analysis (CCA) per ARP 4754A, and Dependent failure analysis. Practical considerations: Component failure rates from MIL-HDBK-217 or field data, Coverage factors for fault detection, Latent failure exposure time, and Maintenance intervals affect availability. Architecture validated through reliability analysis, simulation, and test.