European Initiative Linking Interlocking Subsystems
EULYNX The next generation signalling strategy for Europe
Signalling Seminar IRSE ITC – JR East Frans Heijnen 7 April 2016
With thanks to Maarten van der Werff What would you do?
European Initiative Linking Interlocking Subsystems
Situation: • You are an infra manager (…. passenger, tax payer) • Expectations concerning signalling • Huge installed base • Many generations of equipment • Obsolete within 10..20 years • Not enough budget to replace
And you know: “At all European railways these problems are similar …”
EULYNX 2 What is the problem?
European Initiative Linking Interlocking Subsystems
• Each railway project adds new assets to become obsolete again • They get overage sooner than expected • Costs depend on whoever was chosen in the past as the supplier of the system • There are potential savings but the railway is stuck with current solutions • But you don’t have a strategy for a new solution
EULYNX 3 EULYNX. What is EULYNX? European Initiative Linking Interlocking Subsystems
EULYNX is the strategic approach for standardisation of signalling systems
Because standardisation is a key factor to reduce: • A ‘technology zoo’ with many different systems, • The number of multiple incompatible interfaces • The cost involved in replacing and renewal
EULYNX 4 The vision that becomes reality
European Initiative Linking Interlocking Subsystems By systems engineering and the development process
• Use a common architecture • With a common apportionment of functionalities • Define standardised interfaces to connect systems and field elements • Closed, safe network based on open standard IT/telecom networks • Connect both interlockings and outside elements to those networks • Apply intelligent field elements for enhanced monitoring and diagnoses • For replacement of conventional interlockings, for renewals projects and • For smooth migration to ERTMS-compliant interlockings
EULYNX 5 > 10 IM’s
European Initiative Linking Interlocking Subsystems
Corporation in the signalling domain means sharing: • Know-how, • Innovations, Eulynx partner / related • Requirements, • Methods, processes, • Etc. to make standards freely available to third parties
EULYNX 6 What does EULYNX mean for the market? European Initiative Linking Interlocking Subsystems
• Common developed standards and/or standards applied in tenders • Reusable by more railways • Not tailored to a specific railway design (COTS, IP, …) • Cooperation in innovation • Faster roll out instead of more development
• More competition
Source: http://www.slideshare.net/ihudhaif/philip-citreon-unife-presentation-mena-conference, October 2014
EULYNX 7 Cooperation Model
European Initiative Linking Interlocking Subsystems
Interface to Interface to Cluster projects cluster projects
Know-how
Standard INPUT: • requirements, •specifications, Every partner may join • innovations, as many cluster projects • real developments, it deems appropriate • implementations
8 Example: Reference Architecture (1/3)
European Initiative Linking Interlocking Subsystems
• The reference architecture is conditional to all the other Cluster Projects. • Is applicable for each of the partner IM’s • Support a system design that is based on technical main stream solutions used for instance in automation and telecommunication industry • Enables safe and secured closed and open networks • Supports a modular system concept with standardised interfaces • The separation of information and energy supply is basic • Contains an IP-network and a distributed power supply
EULYNX 9 Example:
Reference Architecture (2/3) Version 2.9 – 21.10.2015
European Initiative Linking Interlocking Subsystems Remote Maintenance Train command & control System Diagnostic System control
SCI-CC SCI-CC OPC-UA OPC-UA OPC-UA Open Network EN 50159 (redundant)
Direct SCI-CC SCI-CC SCI-CC SCI-TSS command SCI-ILS SCI-ILS SCI-ILS over SCI-CC OPC-UA OPC-UA Communication & Communication & Communication & Security Communication & Security Security Security Adjacent Trackworker RBC Electronic Interlocking Safety SCI-RBC Electr. Core system Interlocking System Interlocking Diagnostics Time Interlocking CommunicationSecurity& & Technician’s Controls stamp Communication & CommunicationSecurity& Logic and Security Adjacent Safety Module Juridical Equipment Recorder Proprietary interface Relay diagnostics & Control Power Interlocking Event logger Communication & Security adapter supply SCI-(X) Closed Network EN 50159 (redundant) Legend: Diagnosis Network SCI: Standard Communication Interface; ILS: Interlocking System; Power Supply RBC: Radio Block Centre; LX: Level Crossing; SCI-TSS SCI-LX SCI-TDS SCI-PM SCI-LS SCI-LEU SCI-IO
LS: Light Signal; OPC-UA TDS: Train Detection System Communication & Communication & Communication & Controller PM: Point Machine; Security Security Security PM LS LEU I/O controller (standardised in EULYNX) CC: Command and Control; IO: Generic I/O Module; Trackworker Level Train LEU: Lineside Electronic Unit; Safety Crossing Detection Balise Field elements I/O: Input/ Output System System System (not standardised in EULYNX) TSS: Trackworker Safety System KISA Encryption Box EULYNX 10 10 SV E2 E6 E5 E3 E4
<
System ESTW- SCI-SCWS SCI-LEU SCI-RBC SCI-RBC SCI-CC SESTW1 SCI-CC SESTW2 SCI-CC SESTW3 SCI-CC SCI-ILS SCI-LX E1 European Initiative Linking InterlockingNeuPro Subsystems (Stellbereich ESTW-
ZE) DESTW1 Teilsystem ESTW-ZE *2) *2) *2) AESTW1
Datenträger LV Projektierung AWAB1 AUAB1
ALV1 Teilsystem Ladeverfahren OESTW1 Fk D DLV1
P OLV2 OUAB1 Fk LV Fk OLV1 LV SCI-LS SCI-TDS SCI-PM-C SCI-IO SV E6 AWAB1 ALS1 AUAB1 Teilsystem LS Teilsystem Az-System Teilsystem Weiche Teilsystem EA
D DLS1 SCI-ACEU DUAB1 D LSAB AzA WAB UAB SV E5 E2 SV OLS1 SLS1 SAZ1 SAZ3 AWAB2 E4 SWAB1 AUAB2 *1) Stellbare ALS2 OAZ1 ZP ZDP Signaloptik DAZ1 SCI-ACEU DAZ2 SLS4 SLS3 SLS2 AAZ1 OWAB1 DWAB1 E3 SUAB1 SUAB2
SAZ2 OLS2 SAZ4 Signalbegriffabhängig Signalbegriffabhängig Signalbegriffabhängig AzA im Weichen- BD R Tf Fk D Nachbar SV Fk D SV antrieb Fahrtanzeiger LEU-P PZB/ GPE Stellbereich EA-Umsystem
Datenträger Diagnose lokal BD Projektierung
Legende und Bemerkungen DLV1 DESTW1 Geplante Entwicklung OUAB1 DUAB1 Informationsobjekte werden über R SAZ2 OWAB1 Teilsystem Übertragungssystem Rad Systemarchitekturvorgabe ESTW-NeuPro D DWAB1 OAZ1 übertragen Systemarchitektur ESTW-NeuPro Diagnosesystem OLV2 P OLS1 Fk Prozessdatenschnittstelle DLS1 SAZ4 Steuerungsschnittstelle Monteur OESTW1 Doku-Nr.: 2015-ESTW-NeuPro.52 (herstellerabhängig) DAZ1 Abnahmeprüfer (Hersteller)/ Aktuelle Version: 0.5 Stand: 17.12.2015 Fachkraft- OLV1 Schnittstelle Instandhaltung/ LST Bearbeitungsstand: Reivew durchgeführt (I.NPS 411 Schneider) Bedienung/Anzeige Verbinder zum Autor: Hon/ Wallasch Diagnoseschnittstelle Verbinder zur Verbinder zu Datenträger SV Tf BD Stromversorgung AWAB2 Stromversorgung NeuPro-Basisdaten Triebfahrzeugführer Datenträger Herausgeber: NeuPro- Systemdatenschnittstelle Verbinder zum Verbinder zum BD ALS2 DB Netz AG D LV Basisdaten Diagnosesystem Teilsystem Ladeverfahren R Verbinder zur Rad OLS2 Tf Programme und Digitale LST *1) Schnittstelle ist standardisiert spezifiziert AUAB2 Verbinder zu Verbinder zu Anforderungsmanagement und Testcenter LST/ETCS (I.NPS 411) *2) nur bis zur Implementierung von SCI-CC Fk Fachkraft LST/ P Abnahmeprüfer Triebfahrzeugführer EULYNX Monteur(Hersteller) 11 Example: Interface specification
European Initiative electronic interlocking – train detection Linking Interlocking Subsystems
• Protocol development started as combined Document structure: ÖBB, SBB and DB-requirements (DACH); 1 General Information • Applicable for both track circuits and axle 2 Interface Environment counters 3 Functional Requirements • Now, with contributions of many other 4 Non-functional Requirements 5 Technical Requirements infrastructure managers 6 Migration Scenarios 7 Appendix A: Functional Scenarios • Follow up iteration steps are planned 8 Appendix B: Subsystem Requirements • Diagrams modelled with SysML 9 Change Log • To be used in next tenders (projects, developments) First implementation in Germany: Annaberg/Buchholz this year EULYNX 12
Example: Interface specification SCI – ILS
European Initiative electronic interlocking – electronic interlocking Linking Interlocking Subsystems
• Started with results INESS Document structure:
• DB interface specification provides the basis 1 General Information 2 Interface Environment for the EULYNX interface specification 3 System Use-Cases • This interface is already approved only by DB 4 Functional specification model 5 Non-functional Requirements and will be in operation by the end of this year 6 Technical Requirements 7 Migration Scenarios in Kreiensen. 8 Change Log • The next release of this specification will include the requirements from others. First implementation Siemens / Bombardier • Currently System Use Cases are being defined in Kreiensen, Germany, December 2015
EULYNX 13 How have requirements been captured over the years European Initiative Linking Interlocking Subsystems
Written documents with text phrases like this:
“for any route to be set there should be no conflicting routes; all points should be locked; all track circuits should be free, ….; in case any track circuit is not free ... Then ....”
These documents are complex, often contradicting themselves due to errors or omissions. Some are over a hundred years old.
A first improvement was the use of a formal tool (DOORS) to make them clear, together with a requirement that any statement should be:
EULYNX 14 Requirement capture - 2
European Initiative Linking Interlocking Subsystems
EULYNX 15 Requirement capture - 3
European Initiative Linking Interlocking Subsystems
But this is not enough.
Next step:
The use of UML, SYSML, etc. in order to model the requirements and to apply formal processes to formulate, verify, test and validate them.
EULYNX uses a subset of SYSML due to the fact that part of the SYSML grammar allows for ambiguous statements.
How is the process:
EULYNX 16 Functionality Capture
European Initiative Linking Interlocking Subsystems
How do we do this:
1. We gather a list of functional requirements:
EULYNX 17 Use Cases
European Initiative Linking Interlocking Subsystems
EULYNX 18 Use Case
European Initiative Linking Interlocking Subsystems
EULYNX 19 Model Overview
European Initiative Linking Interlocking Subsystems
EULYNX 20 Executable model
European Initiative Linking Interlocking Subsystems
EULYNX 21 State Machines
European Initiative Linking Interlocking Subsystems
• The model is being implemented in executable state machines. With these state machines one can check for:
1. Completeness 2. Dead ends 3. States never used 4. Simulation 5. Testing by a principals tester 6. Etc.
• This whole process leads for the first time to a formalised approach for the whole Cenelec V-cycle. The state diagrams are direct impact for the software development process. The test scenarios for the model testing form the core of the test scenarios for product testing and product reference testing to show that the product is conform with the standard.
EULYNX 22
Status & Outlook • 21 September:
European Initiative Innotrans Linking Interlocking Subsystems
National interface requirements combined in a common architecture
Step by step approach, now early adapters, later de facto standard
Development contracts or realisation contracts: same results
Challenges:
- Management of Signalling Projects need to meet lower overall costs, leading to:
- A wider use of standards in Europe, for conventional and ERTMS interlockings.
WWW.EULYNX.EU
EULYNX 23