Post on 14-Dec-2014
description
Introduction to Signalling
What is Signalling in Railways?
• Signalling is Mechanism by which the station master conveys information to the Loco driver to Stop, Go with Caution or Proceed
What are the Types of Signalling Systems in Railways
• Time Interval Method
• Space Interval Method
Time Interval Method
• Trains are Spaced Over an length of a track in such a way that , if the first train stops, the following train driver should be able to stop the train in sufficient distance without colliding with the first one.
• This type is used where traffic is less and weight of the trains are less, e.g: Trams
• This Type of System cannot be used in Passenger rails since weight and traffic is High
Space Interval Method
• In this method of “Control Over Movement”, the length of the track is divided in to sections called Blocks. The Entry of a train in to the ‘Block’ is controlled in such a way that only when it is free, a train can be allowed to enter it. This means that between two consecutive trains , there is definite space interval.
• The Space Interval Method is further divided in two types as follows:
Signals
Visual Audible
Visual Audible
FixedSignal
Flare Signal
Movable Flag
Voice WhistleDetonators
Fixed Signal
Two Aspect Multi Aspect
Colour LightSignalling
Semaphore
Colour LightSignalling
Semaphore
Semaphore Signalling
• Semaphore signals are rectangular or fish tailed arm fixed to a vertical Post.
• The arm is rotated in different angles to convey information to the Loco driver.
Stop Dead Aspect Proceed Aspect
Colour Light Signals
• In This type of signalling colour lights are used to convey information to the Loco driver. This has many advantages over semaphore signals. They may be elaborated as follows:
1. The day and Night aspects are the same, so no confusion to the driver.
2. Visibility can be available for Longer ranges, so it is easier for the driver to apply brakes in time.
3. The Signals are Placed at drivers Eye Level.
4. No Mechanical Transmission and no moving parts.
Red Aspect: Stop Dead
Yellow Aspect: Caution,
Proceed and be prepared to stop at the next signal
Green Aspect:
Proceed
Double Aspect: Attention, Proceed and be prepared to pass the next stop signal at restricted speed
Elements of a Yard
• Signals
• Track Circuits
• Points
• Slots
Track Circuits
• Track Circuits are devices that convey the presence of a train on a specified length of a track
• There are many types of track Circuits available as follows:
1. DC Track Circuits
2. High Frequency Track Circuits (HFTC)
3. Audio Frequency Track Circuits (AFTC)
4. Axle Counters ( Digital & Analog )
• What ever may the technology used to detect presence of train, the final element is a relay.
Device Electronics
Tracks
Relay Contacts Available for other Higher Level Devices such as SSIs
Points • Points also referred to as switches are
mechanical devices in the railway to change the path that trains may take through a junction. The switch positions are called normal and reverse
• These mechanical switches can be manually or Electrically Operated to Change From Normal to Reverse or Vice-Versa
Tracks
Electric DC Motor
• Point Machine Operates on 110V DC
• The Point Machine is connected to the mechanical levers to switch the position of the Point
Slots
• A slot is an element of a Yard, which as Dual Control, i.e. An Element of the Yard which can be operated by Two or More Means.
• This is generally applicable for Points, Level Crossings and Ground Frames
Example: Normally a Point is operated by means of Electric Motor but whenever the motor is failed, a permission is granted by the station Master of that yard to the signalling department, so that the field staff
Can go and manually operate the point and lock it. This is done by the means of a crank handle. So that there is no detention of traffic.
What is a Railway Interlocking system
A railway interlocking system controls the traffic in a railway station, and between adjacent stations. The control includes train routes, shunting moves and the movements of all other railway vehicles in accordance with railway rules, regulations and technological processes required for the operation of the railway station
What is meant by term Interlocking In Railways
A term used for the logical relationships between physical entities in the railway yard such as points, signals, track circuits, and so on. In SSI, this is programmed in the Software; in relay-based interlocking this is hardwired into the relay circuitry, and in ground-frame interlocking it is manifest in the mechanical linkages between physical components
What is RRI
RRI Stands for Route Relay Interlocking.
An Interlocking System When built
completely using Electro mechanical relays is
called as Route Relay Interlocking System .
Example RRI Relay Circuits
MAIN/SH. SIGNAL ROUTE SELECTION RELAY
RWKR
UNR
LR
UUYNR
GNR
Concerned CH/GF/LX_KLCR
Own
ASR
NWKR COGGNRGNR
EGRNR
MN/SH_LR
WNR
EUYNR
&
WFR
&
WFR
UYR2Concerned CH/GF/LX_YR
CNF_
LRs
What is SSI
SSI Stands for Solid State Interlocking. An Interlocking System When built using Electronics replacing traditional Mechanical Levers and Electro mechanical relays is called as Solid state Interlocking System.
Why SSIs are Required
SSIs are required to replace the existing RRI and PI Systems Since the traditional systems are very expensive and difficult to maintain because of the huge number of relays and mechanical levers used. SSIs are a better solution to the older systems since they are costing only ¼ the cost of RRI or PI and the maintenance cost is negligible and are easy to maintain.
SSI Rack
Point Machine
S2S4
S12
S13
S11SH5
Data Logger
S14
MaintenanceTerminal
Control cum Indication Panel
Relay Rack
Track Circuit
Serial Communication Links
Why SSI is cheaper than RRI
SSI is cheaper than RRI because of the following factors:
1. Number of relays Used in SSI are reduced to ¼ of Relays used in RRI
2. Cabling cost is much lesser than compared to RRI
3. Regular Maintenance is not required for SSIs
How many Types of SSIs are AvailableBased on the Deployment view SSIs are
mainly of Two Types:1. Centralized Systems: As the Name
Suggests all Controls of the system are at one place. Cables from the system are taken to the field gears of the Yard.
2. Distributed Systems: In Distributed System the Controls are Distributed across the yard and are kept near to the field gears keeping the cable length to a bear minimum
Based on the Architectural View SSIs can be classified in to following Types:
1. Single Processor
2. 2 out of 2 Systems
3. 2 out of 3 Systems
4. Hot standby Systems
These types are generally chosen by the customer based on the type of requirement such as the size of the yard, amount of traffic in the yard and budget allotted
RAMS Engineering
• Reliability: The reliability can be defined as the ability of an item to perform a required function under stated conditions for a stated period of time.
• Redundancy: The existence of more than one means of accomplishing a given function. Each means of accomplishing the function need not be necessarily identical.
• Hardware (Software Diversity): Two or more different Versions of Hardware (Software) working in a system to achieve a same result.
• Failure: The termination of the ability of an item to perform a required function.
• Maintainability: The ability of an item, under stated conditions of use, to be retained in, or restore to, a state in which it can perform its required function, when maintenance is performed under stated conditions and using prescribed procedure and resources.
• Availability: The ability of an item (Under combined aspects of its reliability, maintainability, and maintenance support) to perform its required function over a stated period of time.
What is fail safety
• Fail Safety is the concept in which even when a system fails, it fails on the safer side.
Example: A Relay when power is cut off the
Output drops resulting in a safe state
Methods to Achieve fail safety in Electronic Systems
Inputs
Processor Reading at Time 1
Processor Reading at Time 2
Fig No: 1 Time Redundancy
System Outputs
Inputs
Inputs
Processor 1Identical Software and Hardware
Processor nIdentical Software and Hardware
VOTER
Processor 1 Outputs
Processor n Outputs
System Outputs
Fig No: 2 Hardware Redundancy
Inputs
Inputs
Processor 1Hardware 1Identical Software
Processor nHardware nIdentical Software
VOTER
Processor 1 Outputs
Processor n Outputs
System Outputs
Fig No: 3 Hardware Diversity
Inputs Software 1
Software 2
System Outputs
Fig No: 4 Software Diversity
Inputs
Inputs
Processor 1Identical HardwareSoftware 1
Processor nIdentical HardwareSoftware n
VOTER
Processor 1 Outputs
Processor n Outputs
System Outputs
Fig No: 5 Diverse software on redundant hardware
Inputs
Inputs
Processor 1Hardware 1Software 1
Processor nHardware nSoftware n
VOTER
Processor 1 Outputs
Processor n Outputs
Fig No: 6 Diverse software on Diverse hardware
System Outputs
Selection Table
• Selection Table is representation of the Interlocking between Signals, Tracks, Points and Slots of particular Railway Yard.
• It gives the conditions required for setting a route i.e. Reception and dispatch of trains
Route No Button Press Approach Locked By Tracks
Back Locked By Tracks
Controlled By Tracks
Detects Points Conflicting Routes
Slots Involved
GN UN Normal Reverse
s1_TDMA S1 TDMA 1AT 1BT,1CT,11BT,12T
1BT,1CT,11BT,12T,DMT
11,12,18 S30_TDMA CH1,CH2
S30_TDMA s30 TDMA T6 T6,T30,T40,T50
T6,T30,T40,T50,DMT
11,15,18,12
S1_TDMA,SH10_TUM
CH1,CH2,CH3
Software Flow in SSI systems
Start
Post Routines and diagnostic Functions
Establish Communication with Subsystems
Scan for Yard Inputs
A
Interlocking Logic
Set Field Outputs
Outputs Read Back and inform supervisory
Log Data in Data Logger
Start
How errors are detected in SSI Systems
Post: Power on Self test• After power ON, each processor would start
its operation from a predefined vector location irrespective of its previous state. In this state each processor first defines all control registers of internal and external peripheral devices. It then performs a series of self-checking functions to ensure the healthiness of all its internal components.
• Within POST, each processor performs following checks.
• RAM test• ROM test• I/O Bus Test• Processor Identity Check• Address Check• I/O Configuration Check• Relay Input Integrity Check• Shutdown Control Voltage Check
Diagnostics
• Diagnostics are a series of tests conducted on the hardware by the processor to check their Integrity.
• The Tests performed in diagnostics are listed below:
• RAM test
• ROM test
• I/O Bus Test
• Processor Identity Check
• Address Check
• I/O Configuration Check
• Relay Input Integrity Check
• Shutdown Control Voltage Check
Operational Modes of SSI
POST
Degraded Mode
Normal Mode
SafeShutdown
mode
Power ON
Or UserReset
T1
T4 T3
T5
T6T7
T2
Need for Independent Verification and Validation
♦ Complexity of computer based interlockings demands rigid procedures and strict requirements for verification and validation
♦ Computer based technologies allowed for a new approach towards signalling rules
♦ Computer technology allows much more functional flexibility through the software
♦ CENELEC standards have been elaborated and introduced♦ Reorganization of the railway companies, which among other issues
caused that V&V activities have been split up and assigned to independent organizations
All these changes offer chances as well as threats for a professional verification and validation of interlockings.
What are Fail safe Tests
• Fail safe tests are one of tests carried out after system Integration.
• In these tests deliberately faults are injected in to the system and the outputs of the system are measured and results should be on the safer side
What is FMEA
• FMEA Stands for Failure Modes and Effect Analysis
• FMEA is a part of the fail safety tests that are conducted on the system. This the vital part of Validation and for obtaining safety Certification.
• FMEA can be done on card Level and At a System Level
Example:
Card1 Card2
Card3 Card4
Component
System
System Outputs
• In the above Example if the component fails in the Card1, Card1 may fail or may not fail and if the component failure is detected Card1 will fail. If Card1 fails and if it is a non-Vital Card, the system will still function, but if the card is Vital Card, the system will go to shut down.
• In all the above process the system outputs should be noted and in none of the cases the output should be un safe.
VCCP
0
VCCP
0
BD0BD1BD2BD3BD4BD5BD6BD7
DL_LENDL_OE#
VCCP
BD8BD9BD10BD11BD12BD13BD14BD15 BD7
BD1
BD6BD5
BD2
BD4BD3
BD0BD8BD9BD10BD11BD12BD13BD14BD15
DL_LENDL_OE#
VCCP
U16
74HC573
111
20
1918171615141312
23456789
OELE
VCC
1Q2Q3Q4Q5Q6Q7Q8Q
1D2D3D4D5D6D7D8D
U17
74HC573
111
20
1918171615141312
23456789
OELE
VCC
1Q2Q3Q4Q5Q6Q7Q8Q
1D2D3D4D5D6D7D8D
C150.1uf
C160.1uf
Data Loop Test
Sample Circuit
FMEA Sample Sheet
Sno IC Reference Number Pin No Type of Fault Results
Card Level System Level
1 U17 1 Struck at 1Card shall shut down since the
data loop test will failSystem will function in
2 out of two mode
2 U17 1 Struck at 0Card shall shut down since the
data loop test will failSystem will function in
2 out of two mode
3 U17 1 OpenCard shall shut down since the
data loop test will failSystem will function in
2 out of two mode
4 U17 2 Struck at 1Card shall shut down since the
data loop test will failSystem will function in
2 out of two mode
5 U17 2 Struck at 0Card shall shut down since the
data loop test will failSystem will function in
2 out of two mode
6 U17 2 OpenCard shall shut down since the
data loop test will failSystem will function in
2 out of two mode
How Safety Integrity Levels are calculated
• A fundamental problem in estimating reliability is whether a system will function in a prescribed manner in a given environment for a given period of time. This depends on many factors such as the design of the system, the parts and components used, and the environment. Hence it is necessary to consider the reliability of a system as an unknown parameter that is defined to be the probability that the given system will perform its required function under specified conditions for a specified period of time.
• Let S(t) be the number of surviving components still operating at time t after the beginning of the ageing experiment, let F(t) be the number of components that have failed up to time t.. then the probability of survival of the components, also known as the reliability R(t), is
• R(t) = S(t) / N --- (1)• The probability of failure of the components, also known as the
unreliability Q(t), is• Q(t) = F(t) / N --- (2)• Since total number of components, (N) = S(t) + F(t) --- (3)• By adding (1) and (2) equations and substituting equation (3) in the
result, we get • R(t) + Q(t) = 1• The failure rate, also known as the hazard rate, Z(t) is defined to be the
number of failures per unit time compared with the number of surviving components;
• Z(t) = [ dF(t) / dt ] / S(t) --- (4)
• i.e. Z(t) = λ --- (5)• To get the reliability in terms of failure rate, combine
equations (1) (4) &(5). After combining and integrating the final expression we get the reliability in terms of failure rate is
• R(t) = -ℯ λt --- (6)• It is understood that the reliability of a system falls down
as the system hazard rate rises exponentially as shown in Fig. (2)
• The above relationship is known as the exponential failure law; λ is typically expressed as percentage failures per 1000 hours or as failures per hour. When the product λt is small, equation (6) becomes
• R(t) = 1 – λt --- (7)• This gives the system reliability for system failures
occurring during the useful life period that are entirely due to component failures.
• THRS FRA/SDRA X FRB/SDRB X (SDRA + SDRB) ------------ (17)
• SDRS SDRA + SDRB • Here FRs stands for potential hazardous failure rates.• If periodic testing times are used as detection times then
above eqn 17 may be used with mean test times• i.e T/2 +negation time = SDT = 1/SDR
---------------------- (18)• For practical conditions the negation time is practically 0
(micro seconds) in our calculations SDT = 1/SDR = T/2 • In our calculations we have still considered the actual
time as T SDT = 1/SDR = T -------------------- (19)
• The time T as explained above is the detection and negation time.• The reports generated by the software are enclosed in the annexure 1.• In the report under the heading environment quality different levels of
quality can be specified as described below:• Level 0: Components procured on commercial considerations only,
with no evidence of reliability. • Level 1: Components are procured on commercial considerations, but
with evidence (usually from the component vendor) of reliability. • Level 2: Components are procured on the basis of sufficient quality
and Reliability demonstration. Procurement specifications require that the components have suitable reliability for the purpose
• Level 3: Fully assessed reliability.
Table for SIL Allocation
Tolerable Hazard Rate THR per hourAnd per function
Safety Integrity Level
10-9 <= THR < 10-8 4
10-8 <= THR < 10-7 3
10-7 <= THR < 10-6 2
10-6 <= THR < 10-5 1
Presented By
Sandeep Patalay
Email: sandeep.patalay@gmail.com