Its signalling Jim, but not as we know it ..

[whole diary]

[lbraine]

I recently hasd the pleasure of ambling across central Wales on train and noted the lack of signalling - or to be exact, the lack of signals themselves.

From Welshpool to Aberstwyth and Pwllheli there are not a signal in sight.

The whole Cambrian line seemed to be operated by radio signals - presumably connected to the locomotive cab. Whilst watching the magnificant scenery pass by I was left pondering about this signalling system and its implications:

1. could this be used elswhere across the West, perhaps on lesser used lines or branch lines.
2. was my presumption that over the longer term this would be a significant cost saving to running the lines as the hardware infrastrure of the signalling was removed from any equation
3. how robust has it been (I could not find much information about it onine). My observation over a week of travel was that it seemed very reliable and even allowed for some sophisticated movements ie - trains sharing platforms at station (Machynlleth)

Just posting in case anyne has more information and insight - and I am always open to education !

[stuving]

From an earlier thread:

The Cambrian lines were equipped in 2011 with a pilot installation of the European Rail Traffic Management System (ERTMS^▸ (European Rail Traffic Management System.)▸ ), a form of railway signalling. ERTMS removes the need for signals along the track by transmitting data directly to the train. This data is used to display movement authorities and other information such as temporary and permanent speed restrictions, on a screen in front of the driver.

Very much a pilot installation on a "small" line, and even now the first major ETCS^▸ (European Train Control System) implementation has only just started; full ERTMS isn't even planned. So I wonder if this installation, already orphaned technology at the time of the accident, may need replacing before long with something more conventional.

[Mark A]

The current system might have the disadvantage that, this involving single line with passing loops, it requires that all trains pause for some time at a passing loop, so progress is a bit pedestrian. (Or I might have misunderstood what's required or perhaps unlucky with every train I took).

The line up the coast is around half an hour slower end-to-end than it was in the nineteen eighties, though whether this is the changed signalling, line speeds, different requirements at flat crossings, additional rationalisation of the infrastructure, or a combination of these is another matter.

Mark

[Electric train]

From an earlier thread:

The Cambrian lines were equipped in 2011 with a pilot installation of the European Rail Traffic Management System (ERTMS^▸ (European Rail Traffic Management System.)▸ ), a form of railway signalling. ERTMS removes the need for signals along the track by transmitting data directly to the train. This data is used to display movement authorities and other information such as temporary and permanent speed restrictions, on a screen in front of the driver.

Very much a pilot installation on a "small" line, and even now the first major ETCS^▸ (European Train Control System) implementation has only just started; full ERTMS isn't even planned. So I wonder if this installation, already orphaned technology at the time of the accident, may need replacing before long with something more conventional.

Yes it was very much a pilot scheme, one of the challenges was retro fitting all of the ERTMS equipment into the rolling stock; a lot of compromises. 

A lot of lessons were learned, especially for the Automatic Train Control (ATO^▸ (Automatic Train Operation)) in the Thameslink Core and the scheme planned and now being installed for the East Coast Mainline

[lbraine]

I've read the replies as saying:

1. it was/is a pilot project.
2. seems to work - but not perfect (cost of in cab work)
3. good lessons learnt to pass on to future generations of technology (dives for Wikipedia for ATO^▸ (Automatic Train Operation))

As for line speeds - my experience going westward was the Class 158/159s did a healthy 60-70mph.

Going eastbound - we did have a couple of lengthy (10-15min) pauses at passing loops - perhaps more typical of Single Line Operation that the signalling system.

As ever - thanks for all the informed help.

[TonyK]

From an earlier thread:

The Cambrian lines were equipped in 2011 with a pilot installation of the European Rail Traffic Management System (ERTMS^▸ (European Rail Traffic Management System.)▸ ), a form of railway signalling. ERTMS removes the need for signals along the track by transmitting data directly to the train. This data is used to display movement authorities and other information such as temporary and permanent speed restrictions, on a screen in front of the driver.

Very much a pilot installation on a "small" line, and even now the first major ETCS^▸ (European Train Control System) implementation has only just started; full ERTMS isn't even planned. So I wonder if this installation, already orphaned technology at the time of the accident, may need replacing before long with something more conventional.

Could you give a short reminder of what the accident was - just for new readers who don't know about it. Obviously.

[grahame]

Could you give a short reminder of what the accident was - just for new readers who don't know about it. Obviously.

http://www.passenger.chat/19379

During the morning of Friday 20 October 2017, a train driver travelling on the Cambrian coast line in North Wales reported that long standing temporary speed restrictions were not indicated on their in-cab display. As signalling staff at the control centre in Machynlleth investigated this report, they became aware that this failure applied to several trains under their control. The temporary speed restrictions were required on the approach to level crossings so that people crossing the line had sufficient warning of an approaching train.

[stuving]

Could you give a short reminder of what the accident was - just for new readers who don't know about it. Obviously.

http://www.passenger.chat/19379

It was just a software problem! For more detailed details, follow the link.

People used to joke, darkly, about signalling systems like ETCS^▸ (European Train Control System) being dependent for their safety on the software teams that write the stuff, who know nothing about railway signalling, never making any mistakes. (Now such scare stories are about AI.) This was an example, as the safety-critical parts of the system were not (RAIB^▸ (Rail Accident Investigation Branch) said) really at SIL4 as required.

Speed restrictions are stored centrally, and sent to the train by radio. Temporary ones are loaded from a file, which involves a number of servers, with several processes running on each. One of those processes stopped, and none of the others, or anything else, registered that. But the display the signallers had to check the TSRs^▸ (Temporary Speed Restriction) were being sent out said they were when they weren't.

Which proves what? That writing software to this kind of high integrity level and getting it right  is hard, and checking it's been done right is hard too. Basing this one in part on an existing system, but not the basis for any further work, made some of this harder still. What it says more generally about the practicability of making such high-integrity systems for a reasonable cost - or at all - is by no means clear.

[Electric train]

Could you give a short reminder of what the accident was - just for new readers who don't know about it. Obviously.

http://www.passenger.chat/19379

It was just a software problem! For more detailed details, follow the link.

People used to joke, darkly, about signalling systems like ETCS^▸ (European Train Control System) being dependent for their safety on the software teams that write the stuff, who know nothing about railway signalling, never making any mistakes. (Now such scare stories are about AI.) This was an example, as the safety-critical parts of the system were not (RAIB^▸ (Rail Accident Investigation Branch) said) really at SIL4 as required.

Speed restrictions are stored centrally, and sent to the train by radio. Temporary ones are loaded from a file, which involves a number of servers, with several processes running on each. One of those processes stopped, and none of the others, or anything else, registered that. But the display the signallers had to check the TSRs^▸ (Temporary Speed Restriction) were being sent out said they were when they weren't.

Which proves what? That writing software to this kind of high integrity level and getting it right  is hard, and checking it's been done right is hard too. Basing this one in part on an existing system, but not the basis for any further work, made some of this harder still. What it says more generally about the practicability of making such high-integrity systems for a reasonable cost - or at all - is by no means clear.

One method to monitor is to have a watch dog server / system or more than one.  A system that has the same data as the operational servers and systems (there is always at least 2) and does the check of what the Signaller sees against what the Driver and ground equipment sees and vis versa .................. of course there is a high cost to such systems and will have its own software issues.

The installation on that line was seen very much as a test bed, perhaps the project team had disbanded and it was being run as BAU without the very high level of technical monitoring and support that a development project would have