01 CBI Over View.pdf


Year 2011 - page 1
02 System Signalling Overview Contract BS01
ASCV TRAINING
ALSTOM © 2011. We reserve all rights in this document and in the information contained therein.
Reproduction, use or disclosure to third parties without express authority is strictly forbidden.
CBI System Signalling Overview
AN INTRODUCTION TO CBI SYSTEMS
C B Yadav
CBI - TRAINING


Year 2011 - page 2
ASCV TRAINING
Introduction: CBI systems
 Basic functionality of Interlocking Systems
Interlocking
Yard


Year 2011 - page 3
ASCV TRAINING
Introduction: Interlocking
elements
 Basic functional elements of Interlocking systems:
– Point Machines
– Signals
– Track Circuits


Year 2011 - page 4
ASCV TRAINING
operations
 Route setting and locking
– Field element Actuation


Year 2011 - page 5
ASCV TRAINING
operations (2)
 Route setting and locking
– Route Checking


Year 2011 - page 6
ASCV TRAINING
behavioural model
 Interlocking as a sequential system
– yt=f(xt,ut)
– xt’=g(xt,ut)
Inputs
u
Outputs
y
Status
x
F
G


Year 2011 - page 7
ASCV TRAINING
Boolean Equations
A A
B C
D
D = A(and)B +A(and)C
 Each signalling element and internal IXL status can be coded with
a Boolean value: “True” or “False”.
 The IXL output and status functions can be expressed by Boolean
equations in the form of sums (OR) of products (AND).
 A straightforward implementation of Boolean Equation is
achieved using relays


Year 2011 - page 8
ASCV TRAINING
Why CBI
 System Dimensions
 Overall System Cost
 System Configurability
 Additional Services
Relay
Based IXL CBI
Relay
Based IXL CBI
CBI
Relay
Based IXL
CBI
Relay
Based IXL


Year 2011 - page 9
ASCV TRAINING
CBI systems
safety issues


Year 2011 - page 10
ASCV TRAINING
CBI safety issues
 No system operation (in normal or faulty condition) shall lead to
potentially harmful condition
 Normal Condition  Primary Safety
 Faulty Condition  Fail Safe Design


Year 2011 - page 11
ASCV TRAINING
Primary Safety
 Safe behaviour of Interlocking systems in normal
conditions depends upon a correct definition of IXL
Boolean equation


Year 2011 - page 12
ASCV TRAINING
Safety Assurance: risk analysis
 Risk Analysis: Severity and Frequency of Hazards
– CENELEC-ENV-50126
Category Description
Frequent Likely to occur frequently. The hazard will be continually experienced
Probable Will occur several times. The hazard can be expected to occur often
Occasional Likely to occur several times. The hazard can be expected to occur several times
Remote Likely to occur sometime in the system life cycle. The hazard can reasonably expected to occur
Improbable Unlikely to occur but possible. It can be assumed that the hazard may exceptionally occur.
Incredible Extremely unlikely to occur. It can be assumed that the hazard may not occur.
Severity Level Consequence to Persons or Environment Consequence to Service
Catastrophic Fatalities and/or multiple severe injuries and/or major damage to the environment.
Critical Single fatality and/or severe injury and/or significant damage to the environment. Loss of a major system
Marginal Minor injury and/or significant threat to the environment Severe system(s) damage
Insignificant Possible minor injury Minor system damage


Year 2011 - page 13
ASCV TRAINING
Safety Assurance: risk
evaluation and acceptance
 Risk Evaluation and acceptance
* Frequency of
occurrence of a
hazardous event
Frequent Undesirable Intolerable Intolerable Intolerable
Probable Tolerable Undesirable Intolerable Intolerable
Occasional Tolerable Undesirable Undesirable Intolerable
Remote Negligible Tolerable Undesirable Undesirable
Improbable Negligible Negligible Tolerable Tolerable
Incredible Negligible Negligible Negligible Negligible
Insignificant Marginal Critical Catastrophic
Risk Levels
Severity Levels of Hazard Consequence


Year 2011 - page 14
ASCV TRAINING
Safety Assurance: Safety
Integrity Level
 Probability of not being able to perform the required safety
function and definition of a Safety Integrity Level. Dependant on
design practice and safety related techniques
4 Very high Vital Critical Safety-critical Fail-safe
3 High Vital Critical Safety-critical High integrity
2 Medium Semi-vital Essential Safety-involved Medium integrity
1 Low Semi-vital Essential Safety-involved Low integrity
0 not specified Non-vital Non-essential Non-safety-related non-safety
Alternative descriptive words (informative)
Safety Integrity Level


Year 2011 - page 15
ASCV TRAINING
Permissive and Restrictive
Conditions
 Field elements may assume two different conditions :
– Restrictive Condition does not allow trains movement
• In case of malfunctioning restrictive condition may be assumed as
a safe condition or the closest to a safe condition.
– Permissive Condition allows trains movement
• In the case of malfunctioning, the system restores to restrictive
status.


Year 2011 - page 16
ASCV TRAINING
 Assumption:
– Non permissive actions leads to safe condition
Output value
actuated
Output Control .
Non Permissive Permissive
Non Permissive Correct Unsafe Failure Mode
Permissive Safe Failure mode Correct
Definition of Safe and Unsafe
Failure modes


Year 2011 - page 17
ASCV TRAINING
Control OUT off
No power for
moving
Point machine
Light switched off
Signal’s light
Output off
To Equipment
Control


Year 2011 - page 18
ASCV TRAINING
Indication IN off
No indication
Panel pushbutton
No indication for
point position
Point machine
No indication,
Light off
Signal’s light
Input off
From Equipment
Indication


Year 2011 - page 19
ASCV TRAINING
CBI safety architectures
 Composite Fail-Safety
 Reactive Fail-Safety
 Inherent Fail-Safety
&
Elaboration
Elaboration
>
Elaboration
Elaboration
Elaboration
Elaboration
Checker
+
Elaboration


Year 2011 - page 20
ASCV TRAINING
Composite Safety
 Simple development
 Critical element: voter
 Beware Common mode faults
Elabor
ation
Elabor
ation
Elabor
ation
Elabor
ation
Elabor
ation


Year 2011 - page 21
ASCV TRAINING
Reactive Safety
 Several techniques available
– Data coding on a single processor
– Software Diversity on a single processor
 Redundancy can be added for availability purpose
Alignment
Elaboration
Checker
Elaboration
Checker
+
+


Year 2011 - page 22
ASCV TRAINING
Inherent Safety
 Inherent fail-safe  Fault free
 Inherent fail-safe  Non hazardous fault
 Analysis has to be performed on the physical elements
– Fault tree analysis, Failure modes effect analysis, ...
 Complex devices are not suitable for inherent fail-safety
– Few inherent fail-safe physical phenomena (gravity)


Year 2011 - page 23
ASCV TRAINING
CBI systems
Interfaces


Year 2011 - page 24
ASCV TRAINING
CBI Interfaces
 Safety allocation over CBI Interfaces
Interlocking
Automatic Train Control
Data Management
Diagnostic and Maintenance Operator
Interlocking
Safety related link
Non Safety related link
Yard
Vital Subsystems


Year 2011 - page 25
ASCV TRAINING
CBI Interface to Yard Devices
 Yard Element Actuation
– Control
– Indication
Interlocking
Yard


Year 2011 - page 26
ASCV TRAINING
CBI Interface to ATC Subsystem
 Movement Authority
– Control
– Indication
Interlocking
Automatic Train Control


Year 2011 - page 27
ASCV TRAINING
CBI Interface to Other IXL
 Cross-related information (border)
– Control
– Indication
Interlocking
Interlocking


Year 2011 - page 28
ASCV TRAINING
IXL Interface to Diagnostic
Subsystem
 Diagnostic information
– maintenance requests
– system malfunctioning indication
– device ageing
Interlocking
Diagnostic and Maintenance


Year 2011 - page 29
ASCV TRAINING
IXL Interface to Data Mgmt.
Subsystem
 Remote control
– Routing Information
– Route selection
– Train info
Interlocking
Data Management


Year 2011 - page 30
ASCV TRAINING
IXL Operator Interface
 Manual or emergency operations
– Control
– Indication
Interlocking
Operator


Year 2011 - page 31
ASCV TRAINING
IXL Interface to Other Vital
subsystems
 Yard element related subsystems
– Control
– Indication
Interlocking
Vital Subsystems


Year 2011 - page 32
ASCV TRAINING
CBI systems
Communication interfaces


Year 2011 - page 33
ASCV TRAINING
CBI Safety related
communication
 Closed Transmission Systems
– CENELEC 50159-1
 Open Transmission Systems
– CENELEC 50159-2
Interlocking
Other Subsystem
Transmission
System


Year 2011 - page 34
ASCV TRAINING
Transmission systems
 No specific assumption is made on transmission systems
 Both safety related and non safety related equipment
can be connected to the same transmission system


Year 2011 - page 35
ASCV TRAINING
Transmission systems
Architectures
 Copper Wire link
 Optic Fibre link
 Radio link
1 2 3 4 5 6
7 8 9 101 1 12
A
B
1 2x
6x
8x
2x
9x
3x
1 0x
4x
11x
5x
7x
1x
Et
h
e
r
net
A
12 x
6x
8x
2x
9x
3x
1 0x
4x
1 1x
5x
7 x
1 x
C
R S C S T R R D TD C D
T AL K / D A T A
TA L K R S C S T R R D TD C D
T AL K / D A T A
T A L K


Year 2011 - page 36
ASCV TRAINING
Copper wire transmission
systems
 Local or Geographical connection schemes
 Various speed (slower in Geographical)
 Large equipment availability
1 2 3 4 5 6
7 8 9 101 1 12
A
B
1 2x
6x
8x
2x
9x
3x
1 0x
4x
11x
5x
7x
1x
Et
h
e
rn
et
A
12 x
6x
8x
2x
9x
3x
1 0x
4x
1 1x
5x
7 x
1 x
C
R S C S T R R D TD C D
T AL K / D A T A
TA L K R S C S T R R D TD C D
T AL K / D A T A
T A L K


Year 2011 - page 37
ASCV TRAINING
Optic Fibre Transmission
systems
 Unidirectional medium
 Highest speed


Year 2011 - page 38
ASCV TRAINING
Radio Transmission systems
 Various speed
– Slow (GSM/R)
– Fast (Spread Spectrum)
 Great flexibility
 Coverage


Year 2011 - page 39
ASCV TRAINING
Transmission Systems: Safety
Considerations
 Transmission system shall be considered as non trusted
 Safe communication has to be guaranteed by safety
protocol
– Detect Errors
– Initiate a safety reaction


Year 2011 - page 40
ASCV TRAINING
Transmission Systems: types of
Error
 Errors on message
– Transmitter identity error (Masquerade)
– Message type error (Insertion)
– Message data error (Corruption)
 Time errors
– Delay Error (Delay, Deletion)
– Sequencing Error (Repetition, Re-sequencing)


Year 2011 - page 41
ASCV TRAINING
Transmission Systems: Error
Countermeasures
 Message sequencing
 Time Stamp
 Timeout
 Feedback information
 Source and destination Identification
 Message Identification (Open Transmission Systems)
 Safety code
 Cryptography (Open Transmission Systems)


Year 2011 - page 42
ASCV TRAINING
CBI systems
Environment


Year 2011 - page 43
ASCV TRAINING
CBI Systems: Environmental
Considerations
 CBI operation has to be considered in the appropriate
environment
– Electromagnetic Environment (CENELEC EN50121)
– Electrical Environment (CENELEC EN50122 - EN50124)
– Climatic and geographic Environment (CENELEC EN50125)


Year 2011 - page 44
ASCV TRAINING
 Electro Magnetic Compatibility
Susceptibility / Emission
 Shielding
CBI Systems: Electromagnetic
Environment
S
D S
D


Year 2011 - page 45
ASCV TRAINING
CBI Systems: Electrical
Environment
 Separation between CBI and yard potentials
 Operator protection against dangerous voltages
 CBI-Yard Galvanic Isolation, Over-voltage protection,
Earthing, Conductors isolation
CBI
Yard
device


Year 2011 - page 46
ASCV TRAINING
CBI Systems: Climatic and
geographic Environment
 Environmental conditions
– Temperature, Humidity, Pollution, Vibration
 Different requirements based upon system location
– Building (with or w/o air conditioning)
– Shelter (with or w/o air conditioning)
– Cubicle
 Device selection, Conformal Coating, Mechanical
improvements

TRANSPORT
Thank You
www.alstom.com
- - P 47

01 CBI Over View.pdf

More Related Content

What's hot

Recently uploaded

01 CBI Over View.pdf