Home » Case study: At crossroads of safety

Case study: At crossroads of safety

Case study: At crossroads of safety

Egyptian National Railways is implementing microprocessor-based LxCS for 136 level crossings on electrical and mechanical signalling lines. Indian company KMIL provided research and supplied systems. B Murali Mohan explains.

Level crossing control systems (LxCS) are used for the following functions:

  • To detect train approach at level crossings (Lx).  
  • To alert road users regarding train approach by audiovisual warnings (yellow and red flashing lights, direction indicators and electronic bells).
  • After a predefined delay, to close the barriers to ensure safe train passage.
  • After detection of train, to open the barriers and turn off the audio visual warnings to the road users.  
  • To interlock the gate status with the signalling system, so that proper signals are given.
  • To record the gate closing, opening and train passage events on a digital video recorder for monitoring and future analysis, if required.
  • To continuously check the health status of subsystems and indicate/log/report any failures.

The LxCS conforms to “Safety Integrity Level-3 (SIL-3)” as per European Committee for Electro-tech­nical Standardisation (CENELEC) Safety Standards.

LxCS comprises the following subsystems:

Train arrival / departure detecting system: In mec­hanical signalling lines, the train approach condition is detected by wheel sensors, placed on the railway tracks at appropriate distances on either side of the level crossing. In electrical signalling lines, train approach and departure events are sensed based on the status of track circuits and other signalling inputs.

Wheel Sensing System (WSS) comprises Double Wheel Sensors placed on the track and an evaluator placed in the ECM cabinet inside the LxCS cabin. The double wheel sensors are contact-less electronic sensors, which sense the train movement magnetically. Based on the input from the wheel sensor, the evaluator sends the occupied/clear status to ECM for processing.

Electronic Control Module (ECM): ECM, the heart of LxCS, reads and processes field input data, and gener­ates outputs to operates the bells, flashers and barriers. It also interacts with existing railway interlocking system.

ECM comprises the following subsystems hou­sed in a stand alone cabinet:

  • Three Processor sections along with field input int­erface modules, in the form of 2-out-of-3 redundant configuration, to achieve safety and availability,
  • Two Voting Logic Modules (VLM) in hot-standby redundant configuration to achieve high availability,
  • Two SS Relay output modules,
  • Dual redundant Power Supply Modules,
  • Other Auxiliary circuit boards.
  • Surge suppressors and terminals

Service & Diagnostic (S&D) sub system: The S&D processors obtain the health status of the system and communicate any faults to a central computer over GSM Network.

Electrically operated Motorised Barriers: These are used as physical barricades to the road users during passage of train. The status of barriers is sensed by ECM with limit switches mounted in the barrier pedestal.

Hand Held maintenance Unit (HHU): A HHU with a Bluetooth interface is provided with the LxCS, and can be used to download the ECM's log files and configure the ECM as per the site-specific requirements.

Digital Video Recording System (DVRS): The DVRS consists of two IR cameras, DVR and LCD monitor. DVRS records barrier closing, opening and train passage events for future analysis. The gate image is viewed online on the monitor in the operator's room.

Power supply: The level crossing control system (LxCS) is powered from a 24V DC power source derived from the electric mains power source. A 10-hour battery backup is built in. Various regulated DC power supplies of different voltage levels required by the LxCS equip­ment are derived using DC to DC converters.

Health Monitoring Function: During normal ope­ration of the LxCS, the health of the various sub-systems and field devices is continuously monitored and any fault detected is communicated to a central server via GSM/GPRS network. On detection of any major failure, the system switches over to fail safe mode and caution signal is given to the approaching trains.

Operation of LxCS

When train approach is sensed, the LxCS initiates the gate closing sequence by turning on the yellow and red flashing lights, bells and direction indicators and after a preset delay (8-10 seconds) closing of barriers. The closure status is then sensed and inputted to the signalling system. Thus, green signal is given to the train only after the barriers are completely closed. After the train passes the gate, the LxCS starts the gate opening sequence, opening the barriers and turning off the flashing lights, direction indicators and bells.

The logic sequences in the LxCS take care of train reverse movements, interrupts and equipment failures, such that safety is ensured always. Any critical failure in the system forces the system to a fail-safe state. The Lx operator can select the mode of operation-semi-auto, restricted operation or manual-from the control panel by pushing switches.

Reliability, availability and safety

The following methodologies are followed to achieve high degree of safety, reliability and availability:

  • The main processing section of the LxCS is provided with triple redundancy with 2 out of 3 voting logic.  
  • Voting logic modules are provided in dual redundant configuration, so that failure of any one VLM will not affect the availability of the system.  
  • The solid state relays used for driving critical output signals are provided with quadruple redundancy.  
  • Two S&D Processors are provided in dual redundant configuration, so that even if one module fails, the function is not affected.
  • DC-to-DC converters are provided with hot-sta­ndby redundant configuration with no-brake switch over.  
  • On occurrence of common cause faults, the outputs are forced to fail safe state.  
  • On battery low condition, failure of WSS or signa­ling input, barriers are closed as a fail-safe measure.  
  • All PCBs, subsystems and units are subjected to environmental stress screening (ESS), to weed out weak components.
  • Design Reviews are carried out at different stages of H/W and S/W design and internal verification of design by an independent Verification team
  • Verification and validation of software done by ext­ernal agency.

The author is Director (Technical) at Hyderabad-based Kernex Microsystems (India) Limited.

Comments

Leave a Reply

Your email address will not be published.