Drive-By-Data Architecture Specification
Total Page:16
File Type:pdf, Size:1020Kb
Contract No. H2020 – 730539 CONTRIBUTING TO SHIFT2RAIL'S NEXT GENERATION OF HIGH CAPABLE AND SAFE TCMS AND BRAKES. D3.5 – Drive-by-Data Architecture Specification Due date of deliverable: 31/08/2018 Actual submission date: 14/09/2018 Leader/Responsible of this Deliverable: G. Hans, BTG Reviewed: Y Document status Revision Date Description 1 23/06/2017 Initial version, chapter 1 2 11/08/2017 Added: ch. 2.1, 2.2, 2.3 (partly), 2.4, 2.5, 2.8, 2.9, 3.2.8 Updated with parts already reviewed and with other, lesser 3 08/06/2018 innovative parts. Contributions from CAF and SNCF, Analysis of ETB topologies 4 22/06/2018 (former 2.5.3) shifted to new Annex G, Adaptation of Consist Level Quantities (0) 5 13/07/2018 Updated with all contributions received so far 6 23/07/2018 Added ch. 3.2.2 Added contributions from CAF (4.2), Siemens (2.3.1, 3.2.1, 3.3.1) 7 31/07/2018 and ASTS (3.5.6, 4.3, 4.4) Update with respect to comments received from S4R (CTA-T3.5- 8 10/08/2018 X-BTD-061-02) and with respect to peer review comments (CTA- T3.5-R-BTD-063-02); update of quantities (Table 5, Table 6) Added contributions from Siemens (3.2.9, 3.5.3), final quality check 9 17/08/2018 Prepared for TMT Review Update after TMT Review / S4R review (comments collection: 10/11 11/09/2018 CTA-T3.5-R-BTD-066-03). 12 14/09/2018 Final version CTA-T3.5-D-BTD-002-12 Page 1 of 331 14/09/2018 Contract No. H2020 – 730539 Project funded from the European Union’s Horizon 2020 research and innovation programme Dissemination Level PU Public CO Confidential, restricted under conditions set out in Model Grant Agreement X Start date: 01/09/2016 Duration: 25 months ACKNOWLEDGEMENTS This project has received funding from the Shift2Rail JU under the European Union’s Horizon 2020 research and innovation programme. Grant Agreement no. 730539. REPORT CONTRIBUTORS Name Company Details of Contribution Nerea Elorza CAF Sub-chapters: 3.4, 4.2, Annex J Daniel Gutierrez Review of all parts Rainer Mattes SIEMENS Sub-chapters: 2.3.1, 3.1.1.3, 3.2.1, 3.2.9, 3.3.1, 3.5.3, 3.5.5.5 Review of all parts Gernot Hans BTG Sub-chapters: 1, 2.1, 2.2, 2.3.2, 2.3.3, 2.4, Thomas Gallenkamp 2.5, 2.6, 2.7, 2.8, 2.9, 2.10, 3.1.1.1, 3.1.1.2, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.2.2, 3.2.3, 3.2.4, Bernd Brandstetter 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.10, 3.2.11, Benjamin Scherer 3.3.2,3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.5.1, 3.5.2, 3.5.4, 3.5.5.1, 3.5.5.2, 3.5.5.3, 3.5.5.4, 3.5.5.6, 3.5.5.7, 3.5.7, 4.1, 5, Annex A, Annex B, Annex C, Annex D, Annex F, Annex G, Annex H, Annex I Review of all parts Costantino Mariano ASTS Sub-chapters: 3.5.6, 4.3, 4.4, Annex E Fabrizio Cardoni Review of all parts Philippe Laporte SNCF-M Sub-chapters: 2.11 Clement Collet Review of all parts Wolfgang Benner DB Review of all parts Stefan Tesar CTA-T3.5-D-BTD-002-12 Page 2 of 331 14/09/2018 Contract No. H2020 – 730539 EXECUTIVE SUMMARY This report provides the Drive-by-Data architecture specification which has been elaborated within Task 3.5 of the CONNECTA WP3. The Drive-by-Data architecture aims to specify the Next- Generation Train Communication Network (NG-TCN) which is one of the main building blocks of S2R’s next generation of TCMS architectures. The report concludes the work on the definition of the NG-TCN which has been started with requirements collection (deliverable D3.1 [03]) and continued with state-of-the-art analysis (deliverable D3.2 [04]) and RAMS&Security Analysis (deliverable D3.3 [05]). Assoziated questions related to safety certification are covered in deliverable D3.4 [06]. The work was done in close coperation with S2R’s project SAFE4RAIL WP1 and reflects all the discussions and workshops we had in common with SAFE4RAIL. In summary, the main achievements of this work are: • Introduction of a new TRDP traffic class (TSN-PD) for scheduled data traffic based on standard IEEE 802.1Qbv (Time Sensitive Networking TSN). This traffic class is intended to be used for safety critical and latency critical data. • Time synchronization concept based on IEEE 802.1AS-rev as prerequisite for scheduled traffic. • Definition of a new network architecture with separated ETB lines and diverse virtual data communication planes (Figure 1) for scheduled data traffic. • Safe Data Transmission protocol and safety layer definition for the transport of safety critical data up to highest safety integrity levels (SIL4). • Safe train inauguration concept for train composition discovery with highest safety integrity levels (SIL4). • Definition of a security architecture and security methods to achieve state-of-the-art cyber security in alignment with actual security standards. Besides those functional extensions, also improvements with respect to performance (Ethernet links with 10 Gigabit transmission speed) and integration of wireless subnets (e.g. WLAN and WPAN) are considered, preparing the NG-TCN for future IoT applications. This new NG-TCN architecture allows to replace conventional train lines for train control and provides the capabilities to integrate safety-related sub-systems like the Electronic Distributed Valve (EDV) brake (CONNECTA WP5) and ETCS signalling (X2RAIL project). Due to its ability to transport data of mixed criticality, the same communication infrastructure can be used both for TCMS functions and operator-/customer-oriented services. Furthermore, the possibility to reserve bandwidth for critical data supports the process of incremental certification: non-safety related communication cannot interfere with safety-related communication. The general objective of removing conventional train lines led to a conflict with the legacy train network architecture defined in IEC61375-2-5. This conflict was resolved with a new network architecture using separated ETB lines, and further analysis of this new architecture revealed also significant improvements with respect to reliability, functional safety and fire safety. A drawback of CTA-T3.5-D-BTD-002-12 Page 3 of 331 14/09/2018 Contract No. H2020 – 730539 this new architecture is its inability to continue communication over powerless consists1, but the advantages of the new architecture outperform by far this disadvantage. Trainset 1 Trainset 2 ETB-R ETBN ETBN ETB Line B ETB Line A ED ED ED ED ED ED ED ED Right Plane ECN ring ECN ring CS CS B-Plane CS CS CS CS A-Plane CS CS TSN-ED TSN-ED TSN-ED TSN-ED TSN-ED TSN-ED CS CS A-Plane CS CS CS CS B-Plane CS CS Left Plane ED ED ED ED ED ED ED ED ETB Line A ETBN ETB Line B ETBN ETB-L Figure 1: NG-TCN Network with virtual network planes The achievements of CONNECTA T3.5 help to contribute to S2R’s main objectives of cutting life- cycle costs, increasing railway capacity and increasing reliability and punctuality. They also provide the necessary input to launch related standardization activities within IEC TC9 WG43. 1 Some subsystems like the brake subsystem are required to be active also in this case, which requires a technical solution like for instance a local energy supply. CTA-T3.5-D-BTD-002-12 Page 4 of 331 14/09/2018 Contract No. H2020 – 730539 ABBREVIATIONS AND ACRONYMS AC Application Condition AFDX Avionics Full Duplex Ethernet AP Access Point ARP Address Resolution Protocol ASN.1 Abstract Syntax Notation 1 ATO Automatic Train Operation ATP Automatic Train Protection AUTOSAR Automotive Open System Architecture AV2 ANTIVALENT2 AVB Audio/Video Broadcasting BC Boundary Clock BCU Brake Control Unit BEP Bit Error Probability BMCA Best Master Clock Algorithm BMS Bogie Monitoring System BPDU Bridge Protocol Data Unit BSW Basic Software CAN Controller Area Network CBTC Communications Based Train Control CCTV Closed Circuit Television CCU Central/Consist Control Unit CHAP Challenge Handshake Authentication Protocol CO Consist Orientation ConsistMC Consist Master Clock COS Customer Oriented Services CPU Central Processing Unit CTA-T3.5-D-BTD-002-12 Page 5 of 331 14/09/2018 Contract No. H2020 – 730539 CRC Cyclic Redundancy Check CS Consist Switch CSM Crypto Service Manager CSMA/CD Carrier Sense Multiple Access / Collision Detection CTA CONNECTA project DA Destination Address DCU Door Control Unit DHCP Dynmaic Host Configuration Protocol DMI Driver Machine Interface DNS Domain Name System DPDT Double Pole, Double Throw DIX Digital Equipment Corp., Intel Corp. and Xerox Corp. E2E End to End EAP Extensible Authentication Protocol ECN Ethernet Consist Network ECR Ethernet Consist network Ring ECSC ETB Control Service Client ECSP ETB Control Service Provider ECU Electronic Control Unit ED End Device ED-S ED Safe ED-S.SF ED-S implementing Signaling Functions. ED-X ED-A/ED-B interface EDV Electronic Distributed Valve EMC Electromagnetic Compatibility EMI Electromagnetic Interference EMU Electrical Multiple Unit Train ERTMS European Railway Traffic Management System CTA-T3.5-D-BTD-002-12 Page 6 of 331 14/09/2018 Contract No. H2020 – 730539 ETB Ethernet Train Backbone ETBN ETB Node ETBR ETB Repeater ETCS European Train Control System EVC European Vital Computer FCS Frame Check Sequence FDF Function Distribution Framework FDT Forwarding Delay Time FDX Full Duplex FFFIS Form Fit Functional Interface FIS Functional Interface Specification FMEA Failure Mode and Effect Analysis FOC Functional Open Coupling FT AVG Fault-tolerant average GbE Gigabit Ethernet GlobalMC Global Master Clock gPTP Generalized Precision Time Protocol HMI Human Machine Interface HSR High-availability Seamless Redundancy HST High Speed Train HVAC Heat, Ventilation and Air Conditioning IANA Internet Assigned Numbers Authority IEEE Institute of Electrical and Electronics Engineers IGMP Internet Group Management Protocol I/O or IO Input/Output IoT Internet of Things IP Internetworking Protocol IPSec IP Security CTA-T3.5-D-BTD-002-12 Page 7 of 331 14/09/2018 Contract No.