Modelization of the rail traffic management system

Enslaved vs self-driving transport

This paper provides a contribution to the various concepts currently being developed to define
conceptual and functional architectures for rail traffic management systems and signalling
systems at large. It includes recalling the conceptual layers of any rail traffic management
system, past, present and future, and the informational interfaces connecting them. It appears
that the automatic control (i.e., automation) of rail traffic is accessible (the wording
"autonomous driving" therefore seems ill-suited).

Reminder
Such a system shows many analogies with the layered system defined by telecom network
standardization (ISO). Hense, to facilitate the understanding of the presentation, let us make
a brief reminder of the layers and an analogy to the IP layers (internet protocol) described in
Figure 1):

Figure 1
Thus, according to the IP approach, a message emitted by an application layer (red) will pass
through the transport layer (blue), then the Internet layer (green) before transiting onto the
physical layer (yellow). As the technology changes support the physical layer, the message can
briefly go back to the top layer. The message can be cut into successive sub-parts, and
repeated in case of transmission failure. In the end the message crosses again the different
layers to reach wholly and be integrated in its final destination at the application layer (red).
This process constitutes a modern, low-hierarchical approach, where it is possible to "hang"
applications within the higher application layer (red), regardless of technological changes
happening at the physical and/or the Internet layers.
The analogy with the rail system clearly appears: rail traffic is the message (not secluded, nor
repeatable it is true); the free and secure railway line made available to rail traffic is the
physical layer; the anti-collision catch-up mechanism is the Internet layer; the routing
mechanism of rail traffic (in a single package called “train”) is the transport layer; and the
management of traffic and the definition of application priorities is the application layer.

Systems conceptual description

1
Whatever sets of technical solutions implemented in different Countries, with their different
signalling cultures (there are five that we could define in more detail: FR, D, UK, US, RS), the
railway system engineer easily recognizes in each of these models the same "functional
layers" that we will describe later on.
It should be noted, however, that in facts the majority of current technical subsystems (Levels
0 to 3) do not strictly respect this decomposition and extend their functional performance
over more than one layer. This feature usually confuses the mind of non-specialists who
discover railway traffic management and signalling systems.
To make ito easier to read the terms of the analogy with previously defined
telecommunications systems: NOTE: Typically, the TCP/IP model is described in the opposite
direction, from Link Layer to the Application layer. Here it is described in the opposite direction
to make the railway context more natural to understand.
- Layer 4 → « Link » layer ;
- Layer 3 → "Internet" layer;
- Layer 2 → "Transport" layer;
- Layer 1 → "Application" layer.

Thus, here lies the core element of our paper: the definition of the functional levels of any
rail traffic management system:

Layer 0: Contractualization: Definition of movement in contractual terms between → the

traffic loader, the rail operator and the infrastructure manager to support it - the useful
technical systems are upstream of the technical systems of the real-time traffic management;

Layer 1: Command of the Movement: Input into the original technical system → (A)
destination (B) of movement. It consist in the uploading of this new movement in the traffic
programming system. The movement M is associated with a "label" describing the technical
characteristics of traffic that can impact, on the one hand, access to certain branches of the
networks (external dimensions, axle load, electrification, on-board equipment, etc.) and, on
the other hand, operational conditions of transport performance (braking capabilities, speed,
stopping distances, acceleration ability, etc.);

Layer 2: Network Traffic Management: The system ensures the topological and time routing
of the movement, with several possible routes. The choice of train paths that can be allocated
are induced from the characteristics of the previously defined label. The movement is thus
inserted into the "layout." The real-time optimization of the layout is based on the data input
of the infrastructure state and the traffic position (generated by or transmitted by the infra).
Layer 2 controls the layer 3 in real-time, in order to direct traffic by the most efficient path
from A to B, by a path compatible with the constraints and characteristics of traffic. This is to
create the conditions for an enslavement of the position of the trains (they position
themselves and obey) through anti-collision management (i.e., spacing);

2
Layer 3: Network nodes Management to secure the traffic → The gradual establishment of
new routes ("connection" in terms of telecom and "mechanical continuity" in terms of railway
sense) is controled by the layer 2. Throughout its implementation process. The layer 3
provides safe and real-time local management of nodes. It requires data input on the field
element positions and of the traffic conditions from layer 4, as well as the input of information
judged unsafe for layer 2. The position of the circulations is monitored in real time, to free
the node that has been crossed;

Layer 4: Traffic collision protection (block) → When traffic is on a link between two railway
nodes (channel between routers), the layer 4:
- informs traffic of the available space between it and the previous traffic and prohibits any
vehicle coming closer than within the stopping distance;
- informs the traffic of the available space between it and the next node entrance, if it is unable
to ensure its passage;
- ensures its safety in view of the possible subsequent traffic;

Layer 5: this last level actually represents the train, that is, the "message" that dialogues
with the other nodes to cross, which conceptually makes it a kind of mobile node interacting
at each level. This message is neither unbreakable, duplicable, nor reproducible... which
makes it different to conventional transmission networks.
No doubt one could detail this aspect by specifying the interactions tending towards the
enslavement of the position of the circulations (i.e., of the message) with the vision of the
traffic control layer (indirectly or directly via the ATOs). Traffic exchanges regularly with the
"channel" where it circulates in order to locate itself and requires new "free way
authorizations" (limit of guaranteed safe progress). The received information can be used to
describe the opened channel, to determine the maximum speed of progress. The input data
will enable onboard the train, to establish the optimal traffic speed in function of other traffic
and network conditions. In this case, the progress of traffic can thus be totally controlled by
the upper automation layers of rail → automation of rail traffic.
Figure No. 2 describes the proposed cross-cultural conceptual architecture that facilitates the
safety demonstration of the automatic train. Here’s some comments about it:

• Layers 1 and 2 are essentially pre- and post-operational in the sense of traffic
performance (i.e., at the best immediate time). The other layers are closer to real time.
• Processing of layers 0, 1, and 2 and the information generated by these levels do not
contribute to the rail traffic safety.
• Exchanges between layers 2 and 3 do not manage safety information that can impact
the physical integrity of the railway traffic carrying out the M movement, even in the
case where the layer 2 commands the position of the field elements, as designed for
the SBB SmartRail4.0 architecture, carried out by the PRCI architecture in France.
• The processing of layers 3, 4, and 5 and the information exchanged between these
layers contribute to traffic safety. This has an impact on the techniques of "safety"
compliance as well as network segregation for "security" compliance.

3
• In the event that layer 2 commands the "connections" (routes) to be made by layer 3,
the local control of these "connections" can be carried out in "local control mode" by
maintenance agents (ensuing system resilience). This is the option chosen for PRSI
architectures in France.
• The recovery of traffic location data from level 5 to layer 2 is generally not carried out
safely. With ETCS L2 or 3, layer 4 gets access to this location safely, data that can be
sent from layer 4 to layer 2 in the same way.
• Advances in digital technologies now allow us to imagine a "flat" architecture allowing
each processing centre to communicate with each others (including data input on
location, from level 5 to level 2) with the renoncement of the historical principle of
subsidiarity. There are many constraints on quota of transmission channels, safety, and
security demonstrations. A "formal" modelling of the exchanges then seems
necessary.
• In order to make the link with the current solutions, it should be pointed out that:

- Level 2 → layer traffic management and regulation (TMS);

- Level 3 → route-setting layer within the various "signal polygons"s crossed by traffic
(road setting layer by IXL);
- Level 4 → traffic spacing layer ("block" ground portion);
- Level 5 → on-board equipment layer assisting driving ("block," "cab signalling,"
"speed control").

4
 Multi-layered description of the rail traffic management system

Layer 1: Movement Command A → B

Contract → Place of origin, destination,
train characteristics, departure time..

Layer 2: (ATS) Traffic management on

the Movement
A-B Network → Inter-node routing
through the network, transport channels
adapted to the characteristics of the train...
SIL0 or 2

SIL4
Layer 3: Management of network
nodes to ensure the movement
A-B → Routing traffic within the nodes
(mechanical continuity), connection between
adapted transport channels...

Layer 4: ATP - Traffic collision

"Safe" information exchanges (impacting traffic safety)

protection (block)
Movement A-B → Safe space with other
traffic, wayside part of cabin signaling...

Layer 5: (ATO) - Traffic control

(indirect or direct: ATO)
A-B Movement →Nature of channel
Maximum Speed Sign, Speed Control,
signaling wayside Part of Cabin...

Figure 2

5
 Match between model in "layers" and technical "levels" on the RFN
(simplified vision)

Evolution
Layer 1

Layer 2 AC Control AC Control AC Control AC Control AC Control

Point Mac
PRSI info Level 0 Level 0

Layer 3 Unified PrS or

Mechanical BREASTS
PRSI ITI Level 1 Level 1
Post
relay ITI ITI
Level 2 Level 2
Layer 4 BM, BAL, BM, BAL,
BAPR... BAPR... Ball/Sgx ou Level 3 Level 3
Signals Signals TVM Ball - TVM ETCS

Layer Driving Driving Driving Driving ETCS

agent agent / agent / agent /
AdC or
(*) 5 KVB KVB - TVM KVB - TVM
ATO

(*) The TVM is the cab signaling (readable in the driver's cabin as opposed to the side
signals) of the High Speed Lines (French, Belgian, English). Instead of indicating the state
of occupancy of the downstream block, TVM 430 gives an indication of speed. If
European railways chose for their high-speed lines to let drivers free of their driving, the
TVM 430 is coupled with a speed controller that is not considered safe.
Figure 3