5 Minutes Read
UDS (Unified Diagnostic Services, ISO 14229) is the diagnostic language every ECU speaks. What has fundamentally changed is the transport layer it travels over. For three decades, UDS ran over CAN using ISO-TP (ISO 15765-2) as its transport protocol. Today it runs over TCP/IP via DoIP (Diagnostics over Internet Protocol, ISO 13400) on Automotive Ethernet. Same diagnostic language. Completely different bandwidth, architecture, and capability.
CAN-based diagnostics served the industry well through decades of domain-based ECU architectures and relatively bandwidth-light vehicle networks.
But a modern vehicle runs 70 to 100 ECUs, streams gigabytes of sensor data per hour, and receives over-the-air firmware updates that would take days over a CAN bus. The automotive Ethernet market, valued at USD 2.80 billion in 2024, is projected to reach USD 9.97 billion by 2030 at a CAGR of 23.3% (Mordor Intelligence, 2025), driven almost entirely by the mismatch between CAN’s bandwidth ceiling and modern vehicle software demands.
Why CAN Is Hitting Its Limit
UDS over CAN uses ISO-TP (ISO 15765-2) as its transport layer, segmenting UDS messages into CAN frames of up to 8 bytes (64 bytes for CAN-FD). This works efficiently for the diagnostic tasks CAN was designed for: reading fault codes, accessing live data, performing simple ECU resets. The constraint is not the UDS diagnostic language itself; it is the CAN bus transport beneath it.
CAN-FD, the fastest mainstream evolution of the standard, typically operates up to 8 Mbps in automotive production networks. That ceiling is now the binding constraint on everything a modern diagnostic session needs to accomplish.
Consider what a diagnostic session on a modern EV requires:
- ECU firmware flashing: a gateway ECU firmware image can exceed 500 MB. At CAN-FD’s maximum of 8 Mbps, transferring that payload alone takes several hours, excluding protocol overhead and retransmissions
- Parallel ECU access: CAN diagnostics are sequential by design; accessing multiple ECUs simultaneously requires gateway arbitration, multiplying session time as ECU counts grow
- ADAS sensor data: high-resolution cameras, radar, and LiDAR generate data streams that far exceed CAN-FD capabilities, requiring Ethernet-based diagnostic and data architectures that CAN-FD cannot deliver at any bandwidth setting
- Remote and cloud diagnostics: CAN has no native IP addressing. Bridging CAN diagnostic sessions to cloud platforms requires protocol translation gateways that add latency, complexity, and failure points
CAN and CAN-FD remain valid for low-speed sensor and actuator nodes in body electronics and powertrain applications, and the industry expects a long coexistence period through the 2030s (DataIntelo, 2026). But for diagnostics, OTA flash programming, and high-bandwidth ECU communication, CAN has reached its architectural ceiling.
What Diagnostics over IP (DoIP) Changes
DoIP (ISO 13400) replaces ISO-TP as the transport layer beneath UDS. Instead of segmenting UDS messages into CAN frames, DoIP encapsulates them in TCP/IP packets transmitted over Automotive Ethernet. The UDS services remain identical: the same diagnostic session management (0x10), fault memory reading (0x19), security access (0x27), and ECU programming (0x34-0x37) that engineers use today over CAN. What changes is the speed, parallelism, and remote accessibility of every one of those services.
The practical impact is immediate across three dimensions:
- Speed: 100BASE-T1 Automotive Ethernet delivers 100 Mbps; 1000BASE-T1 delivers 1 Gbps. Multi-gigabit variants (2.5/5/10 Gbps) are entering production for high-compute ECUs and central HPCs. A firmware update that takes hours over CAN-FD takes minutes over DoIP, directly reducing recall remediation time and workshop throughput costs for OEMs
- Parallelism: DoIP uses IP addressing to identify individual ECUs. Multiple ECUs can be accessed simultaneously in a single diagnostic session, eliminating the sequential bottleneck that makes CAN-based fleet diagnostics operationally expensive at scale
- Remote access: IP-addressable ECUs are natively accessible from cloud diagnostic platforms. An OEM can initiate a remote diagnostic session on a vehicle in Delhi from a backend system in Pune without a physical interface, enabling predictive maintenance, warranty analytics, and post-production CSMS monitoring as required by AIS-189
The diagnostics and OTA updates application segment of the automotive Ethernet market is advancing at a 26.5% CAGR to 2030, the fastest segment growth within the market (Mordor Intelligence, 2025), reflecting how central DoIP has become to modern vehicle service and update architectures.
Why DoIP Matters for OTA and Centralized Compute
DoIP is becoming increasingly important because modern SDV architectures centralize software and diagnostics around high-performance compute platforms. OTA updates for centralized ECUs can involve gigabyte-scale firmware packages distributed across multiple vehicle domains. CAN-based transport becomes operationally impractical at this scale.
Ethernet-based diagnostics allow OEMs to integrate OTA updates, remote diagnostics, predictive maintenance, cloud analytics, and service operations into a unified IP-based software infrastructure. This convergence is one of the biggest drivers behind DoIP adoption in modern EV and SDV platforms.
ElectRay’s FOTA Solution and eConnectX Connected Vehicle Platform provide authenticated OTA firmware delivery and cloud-scale fleet diagnostics over Ethernet-based DoIP architectures, enabling OEMs to manage ECU software lifecycle, remote health monitoring, and post-production compliance monitoring from a single IP-based infrastructure.
UDS over CAN vs UDS over DoIP: Head-to-Head Comparison
| Attribute | UDS over CAN (ISO-TP / ISO 15765-2) | UDS over DoIP (ISO 13400 / Automotive Ethernet) |
|---|---|---|
| Standard | ISO 11898 (CAN) + ISO 15765-2 (ISO-TP) | ISO 13400 (DoIP) over IEEE 802.3 Ethernet |
| Maximum bandwidth | CAN: 1 Mbps / CAN-FD: 8 Mbps | 100 Mbps (100BASE-T1) to 10 Gbps (Multi-Gig) |
| Transport protocol | CAN frames, J1939 / UDS over CAN | TCP/IP with UDS payload |
| Diagnostic session | Sequential, single ECU at a time | Parallel, multiple ECUs simultaneously |
| OTA flash programming | Slow: ~4 hours for large ECU | Fast: minutes for same payload |
| Remote diagnostics | Not natively supported | Native: IP-addressable, cloud-accessible |
| Wiring harness impact | Multiple dedicated bus wires per domain | Zonal Ethernet architectures can significantly reduce harness complexity and weight |
| Architecture fit | Domain-based ECU networks | Zonal and centralised SDV architectures |
| Cybersecurity support | Limited; no native encryption | TLS, authentication, ISO/SAE 21434-aligned |
The Architecture Shift: From Domain to Zonal
DoIP is not just a faster diagnostic protocol. It is a symptom of a deeper architectural transformation. Domain-based E/E architectures, where ECUs were grouped by function (powertrain, body, ADAS, infotainment) with CAN buses connecting each domain, are being replaced by zonal architectures in which ECUs are grouped by physical location, connected through zone controllers on a high-speed Ethernet backbone.
Zonal architectures enabled by Automotive Ethernet reduce wiring harness weight and complexity by an estimated 20 to 40% (DataIntelo, 2026), a critical advantage for electric vehicles where every kilogram of wiring reduces range. Time-Sensitive Networking (TSN, IEEE 802.1) extends Ethernet with deterministic latency and synchronized communication required for safety-critical automotive systems, enabling ADAS sensor fusion, powertrain control, and diagnostics to share a single Ethernet fabric without interference.
AUTOSAR Adaptive, the software architecture framework for high-compute EV platforms, is built on Ethernet and SOME/IP (Scalable service-Oriented MiddlewarE over IP) as its primary communication foundation. DoIP slots directly into this architecture as the diagnostic transport interface, gradually replacing ISO-TP-based diagnostic transport in high-performance Ethernet-connected domains.
For EV programs targeting SDV architectures, UDS over DoIP is not an optional upgrade; it is the diagnostic baseline the architecture assumes. AUTOSAR Classic ECUs on CAN continue to use ISO-TP, and gateway ECUs handle the transport layer translation between the two domains transparently during diagnostic sessions.
ElectRay’s UDS Stack and ZEVonUDS Stack support both CAN-based and DoIP transport layers, enabling diagnostic continuity across CAN-based legacy ECUs and Ethernet-connected SDV platforms within the same vehicle architecture.
Cybersecurity and the Transition Challenge
Moving from ISO-TP to DoIP as the UDS transport layer introduces security responsibilities that CAN-based diagnostics never carried. ISO-TP frames are broadcast on a shared CAN bus with no authentication, encryption, or access control. This was acceptable when diagnostic access required physical bus connection through an OBD port. A DoIP-enabled ECU with an IP address reachable over a telematics connection or fleet management platform is a fundamentally different security posture.
DoIP over Automotive Ethernet typically requires secure communication mechanisms such as TLS, authentication, secure gateways, and network segmentation for external diagnostic access, UDS Security Access (Service 0x27) with Hardware Security Module (HSM)-executed seed-key exchange, network segmentation through firewall rules on zone controllers and gateway ECUs, and IP-level intrusion detection.
India’s AIS-189 and UNECE R155 both require this hardening as part of a certified Cybersecurity Management System (CSMS). Remote diagnostic access that is not authenticated and encrypted is a type approval risk, not just an engineering one.
The transition from CAN to Ethernet is also not instantaneous. Most vehicles produced today run mixed networks: Ethernet backbones between zone controllers and HPCs, with CAN and LIN retained at the leaf node level for sensors and actuators. Gateway ECUs must translate between these domains, and diagnostic sessions must navigate them transparently. Hybrid CAN-Ethernet vehicle architectures are expected to remain common throughout the current SDV transition phase as new vehicle programs transition fully to Ethernet-native architectures.
ElectRay’s Secure Flash Bootloader and FOTA Solution support authenticated firmware delivery across both CAN and Ethernet-connected ECUs, with HSM-backed signature verification and UDS Security Access integration aligned with AIS-189, AIS-190, and ISO/SAE 21434.
Conclusion
UDS has not changed. ISO-TP to DoIP is a transport layer decision, but it is one with system-level consequences across bandwidth, architecture, security, and regulatory compliance. The diagnostic sessions engineers run today over CAN will run identically over DoIP; what changes is how fast they complete, how many ECUs they can reach simultaneously, how far away the diagnostic tool can be, and how securely the session is authenticated. With the automotive Ethernet market growing at 23.3% annually and the DoIP diagnostics segment at 26.5%, OEM programs relying exclusively on CAN-based diagnostic architectures for future SDV-scale platforms risk creating long-term scalability and lifecycle management challenges. The transport layer has changed. Everything downstream of it must follow.