Scribd
Upload
633 views20 pages

Basics of Railway Principles (Signalling/Interlocking)

1) The document discusses signalling and safety systems used in Dubai Metro, including interlocking, continuous automatic train control systems, axle counting, and different types of signalling systems. 2) It explains the fail-safe principle of signalling design where every failure has a safe reaction and the system defaults to the lowest energy or "safe" state. Redundancy using additional hardware and software resources is employed to achieve safety. 3) Essentials of interlocking to ensure safety include preventing running signals from being changed unless all points are correctly set to avoid conflicting train movements on the same line.

Uploaded by

Vishwanath S Garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
633 views20 pages

Basics of Railway Principles (Signalling/Interlocking)

1) The document discusses signalling and safety systems used in Dubai Metro, including interlocking, continuous automatic train control systems, axle counting, and different types of signalling systems. 2) It explains the fail-safe principle of signalling design where every failure has a safe reaction and the system defaults to the lowest energy or "safe" state. Redundancy using additional hardware and software resources is employed to achieve safety. 3) Essentials of interlocking to ensure safety include preventing running signals from being changed unless all points are correctly set to avoid conflicting train movements on the same line.

Uploaded by

Vishwanath S Garg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

Safety Concept & Practices

in Signalling
Presented by
Vishwanath Garg
ATC Engineer
Dubai Metro
Signalling and Safety Systems
Interlocking

Control room Point


machine

Computer room

Point machine

Axle counting
Continuous
automatic train
control system S- bond
Axle counting

Intermittent
Continuous automatic train control
automatic train system EUROBALISE
control system

Intermittent
train control
system
Signalling Overview

Automatic Train
Operation ATO ATS Automatic Tra
Supervision

Automatic Train Interlocking


Protection
ATP IS

Safety Layer
What is Fail Safety?

 Failures- whether Equipment or Human


 - can be minimized
 -but can not be eliminated
 Therefore, steps are required to be taken to ensure that there
is no unsafe effect of failure
 Signalling Systems are designed in such a way that every
Failure has a safe Reaction
 This is called Fail – Safe Principle
Fail – Safe Principle

 Fundamental principle of design of Signalling


system is:
 --- safe state corresponds to the lowest energy level
 --- to keep the system in a permissive state, constant
energy/effort should be applied
 This ensures that due to any inadvertent situation or
failure,the system comes back to the state of lowest
energy—ie. Safe Sate
Normal system Fail safe Signalling
design System design

Equipment
Failure Equipment
Failure

Unsafe
Safe Unsafe Safe reaction
reaction reaction reaction
Fail - safety

 Fail – safe Principle is adopted in the design of all


signalling systems- mechanical, relay based as well
as software based systems
 Example- Semaphore Signal
 -Mechaniical design is such that”stop” aspect is the stable state
 -Constant Force required to keep required to keep the signaling “
proceed” aspect.
 Signal returns to “stop” aspect in case of breakage of transmission wire
or any other failure.
Fail – Safety-Examples

 Signalling Relays:
 -Stable state- Dropped (Maintained by gravity/spring
action)- safe state
 - Red signal aspect controlled by Relay-” dropped”- which
is lowest energy state.
 - permissive aspect controlled by Relay –”picked up”
 - Constant current required to maintain the relay in “picked
Up”
Software Based Systems

 Software based Signalling systems require


repeated positive action to be taken to be
taken by- both,software as well as hardware
to keep it in permissive state.
 Disruption of this positive action due to any
failure results into reversion of the system to
safe state.
Microprocessor and other
component
 Disadvantage  Advantage
 Are not fail safe  Speed
 Don’t have well  ability to perform
defined failure modes complex task
 Are not reliable enough
to meet 10-9 unsafe  Miniature size
failures/our. They are  Low price
approx. 10-5 to 10-6

Then How is Safety Achieved?

 Employ more resources than required


(redundancy)(both hardware & software)
 Self check procedures to detect a fault within
given time period dt such that prb. Of
occurance of a fault within dt is <10
-9

 watchdog timers
What is Redundancy?

 Redundancy:
 Is the use of additional resources(whether hardware or
software) than required for the normal functioning of the
system
 The additional resources should be configured judiciously to
obtain max. advantage in terms of safety and reliability
 The amount and type of additional resources and its
configuration will depend on the safety and reliability
requirements.
PF =P2 , PWSF =2P
UNIT 1

OR
UNIT 2
This Will not increase safety

PF = 2P , PWSF =P2
UNIT 1

AND

UNIT 2
PF =Probability of failure
Safety PWSF =Prob.of wrong
Availability
side failure
Types of redundancy

 Dual hardware redundancy


 Dual hardware redundancy with 100%
standby
 Triple modular redundancy(TMR)
 Software redundancy-single hardware
Dual hardware Redundancy
(2 oo2)
Assumption : both units of hardware will not fail
simultaneously
PF = 2P, PWSF = P2
Unit 1

comparator
Unit 2
Dual HW red+100% standby
(2-2oo2)
Unit1/A
PF =4P2 PWSF = 2P
2

Comparator A
Unit 2/A

Subsystem1
OR

Unit 1/B

Comparator B

Unit 2/B

Subsystem 2
Triple Modular Red.(TMR)
(2oo3)
Asmpn: 2 units will not fail simultaneously
Unit 1 PF = 3P2
2
PWSF =3P

Unit 2
Majority voter
Unit 3
Software redundancy- single
hardware
Assmpn: independent Softwares will react
differently for a HW fault

Software A

comparator
Software B
Single hardware
Self Check & Watchdog timers

 Periodical check of microprocessor,


buses,memory, peripheral especially input
circuits
 Watchdog timers-within specified time
window if command is not received then
system goes to safe state.
Essentials of Interlocking
(as per indian railway SEM)

 It shall not be possible to take ‘OFF’ a running signal, unless all points
including isolation are correctly set, all facing points are locked and all
interlocked level crossing are closed and locked against public road for the
line on which the train will travel including overlap.
 After the signal has been taken ‘OFF’ it shall not be possible to move any
points or lock on the route, including overlap and isolation, nor to release
any interlocked gates until the signal is replaced the ‘ON’ position.
 It shall not be Possible to take ‘OFF’ at the same time, any two fixed signals
which can lead to any conflicting movements.
 Where feasible, points shall be so interlocked as to avoid any conflicting
movement.

You might also like