ARRC Collision Avoidance System
advertisement
ARRC Collision Avoidance System 2005 ASME/IEEE Joint Rail Conference March 16-18, 2005 Presented by Chinnarao Mokkapati Robert D. Pascoe Union Switch & Signal Inc. 3/16/2016 ANSALDO SIGNAL UNION SWITCH & SIGNAL 1 ANSALDO SIGNAL UNION SWITCH & SIGNAL 2 Alaska Rail Road Facts (2003 Data) Employees Operating Data 722 Year-round 10.8 average years of service 43.2 average age Operating Statistics Miles of track 466 main line 59 branch line 86 yards/sidings 611 Total Rolling Stock 446,162 Passenger ridership 8,324,395 Freight tonnage 102,292 Revenue car loads Trains per day 1,625 Freight cars 42 Passenger cars 60 Locomotives Train Control 33 Freights 14 Passenger - Summer 1 Passenger - Winter ~500 miles of DTC ~30 miles of CTC ANSALDO SIGNAL UNION SWITCH & SIGNAL 3 ARRC CAS Objectives • PREVENT TRAIN TO TRAIN COLLISIONS BY ENFORCEMENT OF AUTHORITY LIMITS • ENFORCE SPEED RESTRICTIONS • PROVIDE PROTECTION FOR ROADWAY WORKERS AND EQUIPMENT • IMPROVE EFFICIENCY OF OPERATIONS • INCREASE CAPACITY ANSALDO SIGNAL UNION SWITCH & SIGNAL 4 FRA Requirements • • • • • • Generation of safe mandatory directives Enforcement of authority limits Enforcement of speed restrictions Protection of Maintenance-of-Way workers and equipment Rule 236 Subpart H compliance required Performance Std: New system must be as safe or safer than the system being replaced – Operating conditions, parameters, constraints must be defined – Structured qualitative and quantitative assessment of safety (Base Case and New Case) required • Product Safety Plan or Safety Case ANSALDO SIGNAL UNION SWITCH & SIGNAL 5 Some Definitions CTC and DTC Operation Centralized Traffic Control (CTC) territory is segmented into blocks that are governed by block signals. The block signal indication authorizes movement into the block segment and specifies the speed requirement for entering the block, and for movement within the block. The Direct Traffic Control System (DTC) segments the railroad into blocks (similar to CTC) that are designated by name or milepost location in the Timetable. Significant safety is obtained by not authorizing overlapping authorities to directional trains and maintenance vehicles except in situations where work is to be performed. ANSALDO SIGNAL UNION SWITCH & SIGNAL 6 Some Definitions Track Bulletins Used in System Form A Track Bulletin is used to establish a temporary speed restrictions over territories. Form B Track bulletin item establishing protection for men or machines on track within specified limits and limiting train movement within the limits to restricted speed or another speed negotiated with the maintenance foreman. Form C Track Bulletin is used to protect restrictions placed on specific rail cars and equipment due to excess dimension or weight. Form F Track Bulletin is used to provide supplementary information to train crews. Form S Track Bulletin advises of slide zones that are in effect and contain a head end restriction if the slide zone is in effect. ANSALDO SIGNAL UNION SWITCH & SIGNAL 7 Collision Avoidance System The CAS [Collision Avoidance System] performs vital and non-vital functions. Non-vital applications are performed within the dispatcher system, and the on-board system, however, train authorities, speed, and on-track worker limits are protected via vital control logic in the office MicroLok II, and on-board to ensure the safety functions are executed in a vital fashion. The system is designed to optimize train operations by automating many dispatching, train crew, and on-track equipment operator functions. ANSALDO SIGNAL UNION SWITCH & SIGNAL 8 ANSALDO SIGNAL UNION SWITCH & SIGNAL 9 VITAL SAFETY SERVER SEGMENT MicroBlok COMPUTER AIDED DISPATCH SYSTEM SEGMENT Data Radio d i g i ta l - Provide Communications link between office and equipment Servers Generate Mandatory Directives nR tio a c Lo DGPS (Differential Correction) g rtin o ep s tive c ire nt y D eme r o rc at nd Enfo a M ith w COMMUNICATION SEGMENT Position Reference Track Integrity Signal Aspect LOCOMOTIVE SEGMENT Speed limit Authority limit Switch Position System Overview ANSALDO SIGNAL Trains UNION SWITCH & SIGNAL WAYSIDE EQUIPMENT SEGMENT 10 Train Crew Interface CAD Subsystem DGPS Onboard Computer Comms Interface Dispatcher Workstations Servers Comms Interface Tachometer meter Comms Subsystem Adminis trator Web Users Throttle/ Brake Interface Carborne Subsystem (CAS CAB) MIS Office Safety Server (CAS OSS) Comms Interface Roadway Crews Monitoring Devices (MD) ANSALDO SIGNAL UNION SWITCH & SIGNAL 11 ANSALDO SIGNAL UNION SWITCH & SIGNAL 12 General Philosophy of CAD and OSS Subsystems Block 6 Track Block 3 Block 5 (( Block 7 Block 9 Block 11 )) Existing Comms OSS Dispatcher Work Stations Servers CAD Vital Independent Check of LOA, Bulletins ANSALDO SIGNAL UNION SWITCH & SIGNAL 13 Vital Checks Done by OSS Via the OBC, the position of all trains are known to the OSS ‘Occupies’ Virtual blocks ‘un-occupies’ Virtual blocks Checks Bulletins associated with Blocks & LOA ANSALDO SIGNAL UNION SWITCH & SIGNAL 14 Network Interface Adapter Ethernet CAD Subsystem Ethernet Switch RS423 Microlok II RS423 RS423 Microlok II RS423 Microlok II H U B Microlok II RS423 OSS Hub Physical Architecture ANSALDO SIGNAL UNION SWITCH & SIGNAL 15 Software in MicroLok II Units Block 6 Block 1 Block 3 Block 5 Block 7 S#5 S#7 Block 9 Block 11 Block 13 North Executive Software • Operating System • Application Processing • Serial Communications Control • Safety Diagnostics • User Interfaces • Event Logging Application Data Tables • Track Sections defined as Virtual Blocks • Switch locations • Other identifiable points ANSALDO SIGNAL UNION SWITCH & SIGNAL 16 OBC Requirements: Profile Generation Train Location and Speed Determination Digital Track Data Map Communication via Digital Radio ANSALDO SIGNAL UNION SWITCH & SIGNAL 17 LOCATION AND SPEED DETERMINATION • DGPS • Accelerometers • Tachometers • Digital Map The result is that the OBC vitally determines its location on the rails and transmits its location to Central ANSALDO SIGNAL UNION SWITCH & SIGNAL 18 OBC Logical Architecture Locomotive Display Unit & Keypad Multi-function Unit Communications Unit Vital CPU Data Radio Vital Input Unit Conditional Power Supply Locomotive Systems obc_log ical_architecture.vsd New On Board Computer (OBC) - ATP ANSALDO SIGNAL UNION SWITCH & SIGNAL 19 Existing Network Communication System Data Radio Network: Locomotive View Base Station MCC 545C Base Station MCC 545C MC C-545C drn_loco_view.vsd ANSALDO SIGNAL UNION SWITCH & SIGNAL 20 Data Radio Network: Overview Repeater Locomotive Data Radio Locomotive Data Radio Wayside Devices Base Station Locomotive Data Radio CAD Locomotive Data Radio DDD Base Station Backbone Locomotive Data Radio Wayside Devices Locomotive Data Radio FleetTrak Base Station Locomotive Data Radio ANSALDO SIGNAL UNION SWITCH & SIGNAL Wayside Devices data_radio_network.vsd 21 Code System Architecture VHLC VHLC Note: T he “Line” Code Line type includes phone lines, fiber optic cable, and digital carrier over copper cable. Code Station Communications Backbone “Code Line types” Line CAD System Comm Server 1 Active CodeLine Server T ask Comm Server 2 VHLC On-Line Packet Switch Microw av e Radio VHLC Code Station Dormant CodeLine Server T ask Off-Line Packet Switch Digital Radio Infrastructure Configuration Data VHLC Note: Not a Hot Standby; can be swapped/patched in if needed SCT E: UDP/IP AT CS VHLC Code Station T rack Diagrams CFAs Central Office Wayside ANSALDO SIGNAL UNION SWITCH & SIGNAL code_system_interface.vsd 22 Communication Backbone ANSALDO SIGNAL UNION SWITCH & SIGNAL 23 MONITORING DEVICES Rail Integrity Switch Position Signal Aspect in CTC ANSALDO SIGNAL UNION SWITCH & SIGNAL 24 The Locomotive’s ATP Interrogates Three Wayside Devices using a short range data radio: A Rail Integrity Device Broken Rail Detection MicroTrax Short Range Data Radio Locomotive Device A Switch Position Device Short Range Data Radio N Locomotive Device Normal or Reverse A Wayside Signal Device Broken rail R Short Range Data Radio Locomotive Aspect Device Aspect ANSALDO SIGNAL UNION SWITCH & SIGNAL 25 CAS Safety Assurance • Safety resides in OSS and OBC, though CAD performs some safety-related functions • OSS is implemented on US&S MICROLOK II Platform • OBC implemented on US&S MICROCAB Platform • These platforms use a combination of Inherent Fail-Safety and Diversity & Self-Checking safety architectures • Certified by independent safety assessors • Extensive service history ANSALDO SIGNAL UNION SWITCH & SIGNAL 26 CAS Safety Assurance • Compliance with FRA Rule 236 Subpart H • Risk analysis of CAD-only DTC/CTC Operation (Base Case) • Derive safety requirements for CAS • V&V of CAS design and operation • Risk analysis of CAS (CAS Case) • Risk assessment – Show CAS provides higher safety than CAD-only DTC/CTC operation ANSALDO SIGNAL UNION SWITCH & SIGNAL 27 Risk Analysis • Conduct Hazard Analyses – PHA – O&SHA SSHA • Determine MTTHE using FFTA ANSALDO SIGNAL UNION SWITCH & SIGNAL 28 Derive safety requirements for CAS • Potential hazards in Base Case • FFTA of CAS elements • CAS subsystem safety requirements ANSALDO SIGNAL UNION SWITCH & SIGNAL 29 V&V of CAS design and operation • • • • • Normal operation Systematic faults Random hardware faults Common Mode faults External influences ANSALDO SIGNAL UNION SWITCH & SIGNAL 30 Risk analysis of CAS (CAS Case) • Conduct Hazard Analyses – PHA – O&SHA SSHA • Determine MTTHE using FFTA ANSALDO SIGNAL UNION SWITCH & SIGNAL 31 Risk Assessment • Show CAS provides higher safety than CAD-only DTC/CTC operation • Submit PSP – 20 elements required per FRA Rule 236.907 ANSALDO SIGNAL UNION SWITCH & SIGNAL 32 Project Timeline 4/16/2005 - 10/16/2005 2005 Peak Season 2005 4Q 2004 System Definition Complete 4/15/2006 - 10/15/2006 2006 Peak Season 2006 11 / 2005 CAD SAT Complete 1 / 2006 CAD Cutover complete 2007 06 / 2006 Office Safety and OBC FAT ANSALDO SIGNAL UNION SWITCH & SIGNAL 10 / 2006 Office Safety and OBC SAT 2 / 2007 Revenue Service 33 Conclusions • CAS is a practical, relatively inexpensive PTC System • Scalable for larger systems • Uses proven safety architectures • Credible, straight-forward safety proof ANSALDO SIGNAL UNION SWITCH & SIGNAL 34
