CN113682348A - Novel interlocking dual-computer switching method based on communication - Google Patents
Novel interlocking dual-computer switching method based on communication Download PDFInfo
- Publication number
- CN113682348A CN113682348A CN202110982091.3A CN202110982091A CN113682348A CN 113682348 A CN113682348 A CN 113682348A CN 202110982091 A CN202110982091 A CN 202110982091A CN 113682348 A CN113682348 A CN 113682348A
- Authority
- CN
- China
- Prior art keywords
- host
- state
- main
- standby
- synchronization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 42
- 238000004891 communication Methods 0.000 title abstract description 8
- 230000001360 synchronised effect Effects 0.000 claims description 26
- 238000012790 confirmation Methods 0.000 claims description 20
- 230000002093 peripheral effect Effects 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 5
- 230000003213 activating effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 35
- 238000010586 diagram Methods 0.000 description 16
- 230000009977 dual effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L21/00—Station blocking between signal boxes in one yard
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L19/00—Arrangements for interlocking between points and signals by means of a single interlocking device, e.g. central control
- B61L19/06—Interlocking devices having electrical operation
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B61—RAILWAYS
- B61L—GUIDING RAILWAY TRAFFIC; ENSURING THE SAFETY OF RAILWAY TRAFFIC
- B61L19/00—Arrangements for interlocking between points and signals by means of a single interlocking device, e.g. central control
- B61L19/06—Interlocking devices having electrical operation
- B61L2019/065—Interlocking devices having electrical operation with electronic means
Abstract
The invention provides a novel interlocking dual-computer switching system based on communication, which is characterized by comprising: i is a host; II is a host; a synchronization module configured to be responsible for exchange and comparison of synchronization data between the I-system host and the II-system host, and to send master and standby states of the I-system host and the II-system host to a switching module; and a switching module configured to implement active-standby switching of the system I host and the system II host based on the active-standby state sent by the synchronization module.
Description
Technical Field
The invention relates to the field of rail transit, in particular to a novel interlocking dual-machine switching method based on communication.
Background
With the development of computer technology, in the 80's of the 20 th century, computer interlocking systems based on digital computers appeared in rail transit signal systems. The computer interlock performs logical operation on the operation command of the station operator and the information expressed on the site. And then the signal machine, the turnout and the like are controlled in a centralized way so as to achieve mutual restriction. Therefore, the high reliability of the computer interlocking system is the key for guaranteeing the safe operation of the train.
The redundancy technology utilizes a parallel model of the system, so that when equipment fails, the equipment can be automatically switched to normal equipment to continue to operate, and the reliability of the system is improved;
at present, the computer interlocking generally adopts a dual-computer hot standby redundancy mode to improve the reliability of equipment. Under normal state, the main system and the standby system run synchronously, and synchronous data are interacted in real time, so that output consistency is kept, and when the main system breaks down, the main system is automatically switched to the standby system. The existing redundancy switching mode often has the conditions of untimely alarm, wrong state of signal equipment after switching, difficult positioning of fault reasons and incapability of effectively protecting double main when equipment is in operation failure or artificial hot plug.
The existing dual master switching mode mainly has the following disadvantages:
1) the existing dual-computer switching mode causes abnormal equipment state after switching due to poor data synchronism and low real-time performance;
2) the existing dual-computer switching mode cannot quickly detect the internal operation error of software, so that the alarming and the switching are not timely;
3) the existing dual-computer switching mode cannot quickly locate a specific position causing asynchronization when the dual computers are not synchronous;
4) the existing dual-computer switching mode can not effectively protect the dual-main phenomenon in the dual-computer operation process, so that the output of a dangerous side is caused.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
In order to solve the above technical problem, according to an aspect of the present invention, there is provided a system for interlocking dual-device switching, the system including:
the synchronous module is configured to be responsible for exchanging and comparing synchronous data between two main machines and sending the main and standby states of the two main machines to the switching module, wherein the two main machines comprise an I main machine and a II main machine; and
a switching module configured to implement active-standby switching of a primary-secondary host based on the active-standby state sent by the synchronization module.
According to an embodiment of the invention, the switching module further comprises:
and the main/standby selection signal is provided for the host plug-in and the acquisition drive plug-in of the two-system host.
According to a further embodiment of the present invention, the switch comprises at least four groups of double-pole-triple-throw modules to provide active/standby selection signals in three states, wherein the three states comprise: the mandatory I is main, the mandatory II is main and main/standby automatic selection.
According to a further embodiment of the invention, the switching module further comprises:
the system I is a main confirmation relay and the system II is a main confirmation relay, wherein the system I is interlocked with the system II to prevent the system I and the system II from simultaneously having a main state.
According to another aspect of the present invention, there is provided a dual-computer hot-standby redundancy system, including:
i is a host;
II is a host;
a synchronization module configured to be responsible for exchange and comparison of synchronization data between the I-system host and the II-system host, and to send master and standby states of the I-system host and the II-system host to a switching module; and
a switching module configured to implement active-standby switching of the system I host and the system II host based on the active-standby state sent by the synchronization module.
According to one embodiment of the invention, each of the I system host and the II system host is configured to:
the method comprises the steps of entering an initial state after starting, responding to the situation that an adjacent host machine is in a non-active state, and entering an active state, wherein in the active state, the host machine obtains an operation command from the outside, collects the state of field equipment, carries out logic operation and outputs an operation result to the outside.
According to a further embodiment of the invention, each of the I system host and the II system host is further configured to:
after starting, entering an initial state, responding to the situation that an adjacent host computer is in a main state, sending a synchronization request to the adjacent host computer, and simultaneously activating a synchronization request timer;
if the synchronization response from the adjacent host is not received before the synchronization request timer reaches a first preset threshold value, the synchronization request is sent again, and the synchronization request timer is cleared; and
entering a "synchronization" state if a synchronization response is received from the neighbor host before the synchronization request timer reaches the first predetermined threshold, wherein in the "synchronization" state, synchronization data is applied to a master system and acquired and checked.
According to a further embodiment of the invention, each of the I system host and the II system host is further configured to:
when in the 'synchronous' state, checking the received synchronous data from the adjacent host;
if the verification result is correct, peripheral data received from the adjacent host computer are updated, and an output result is calculated;
if the number of times that the calculated output result is consistent with the result output by the adjacent host reaches a second preset threshold value, entering a 'hot standby' state, wherein in the 'hot standby' state, the local host and the adjacent host run simultaneously, and when the adjacent host is in a shutdown fault, the local host enters the 'main' state; and
if the calculated output result is inconsistent with the result output by the adjacent host computer, outputting the inconsistent memory position, and if the inconsistent times reach a third preset threshold value or continuously exceed a preset time, returning to the initial state.
According to a further embodiment of the invention, each of the I system host and the II system host is further configured to:
when the system is in the hot standby state, the received synchronous data from the adjacent host computer is checked;
if the checking result is that the number of times of errors reaches a fourth preset threshold value, returning to the initial state;
if the verification result is correct, peripheral data received from the adjacent host computer are updated, and an output result is calculated;
and if the number of times that the calculated output result is inconsistent with the result output by the adjacent host reaches a fifth preset threshold value, returning to the initial state.
According to a further embodiment of the invention, the switching module further comprises an indicator light, and the switching module is further configured to: and when the output result calculated by the backup system host is inconsistent with the output result output by the main system host, giving an alarm through the indicator lamp.
Compared with the dual-computer hot standby system in the prior art, the novel interlocking dual-computer switching scheme based on communication provided by the invention at least has the following advantages:
1. the interlocking master system periodically sends peripheral data received from the outside to the standby system, and the standby system performs logic operation according to the peripheral data sent by the master system, so that the real-time performance of the dual-computer synchronous data is strictly ensured;
2. if the continuous operation of the main interlocking system and the standby interlocking system is inconsistent, an alarm is given through an indicator lamp of the switching module, so that the timeliness of the alarm is ensured;
3. the main system and the standby system synchronously operate in real time, the main system sends all logic operation results to the standby system in each period, the standby system compares the logic operation results received from the main system with the logic operation results of the standby system one by one in each period, and if the comparison result is inconsistent, the standby system immediately sends the memory position of the fault to a maintenance record, so that the specific position of the fault is quickly positioned; and
4. the switching unit effectively prevents the double main phenomenon by interlocking the two main relays.
These and other features and advantages will become apparent upon reading the following detailed description and upon reference to the accompanying drawings. It is to be understood that both the foregoing general description and the following detailed description are explanatory only and are not restrictive of aspects as claimed.
Drawings
So that the manner in which the above recited features of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only some typical aspects of this invention and are therefore not to be considered limiting of its scope, for the description may admit to other equally effective aspects.
Fig. 1 is an exemplary architecture diagram of a communication-based interlocked dual-machine switching system according to an embodiment of the present invention.
Fig. 2A and 2B are schematic diagrams illustrating a switching process of a switching module according to one embodiment of the present invention.
FIG. 3 is a schematic synchronization state diagram of a synchronization module according to one embodiment of the invention.
Fig. 4 is a schematic diagram of a dynamic message interaction flow between a master system and a slave system according to an embodiment of the present invention.
FIG. 5 is a schematic flow diagram of the process flow of the standby system in the "initial state" state, according to one embodiment of the invention.
FIG. 6 is a schematic flow diagram of the process flow of the standby system in the "synchronized" state according to one embodiment of the invention.
FIG. 7 is a schematic flow diagram of the process flow of the standby in the "hot standby" state according to one embodiment of the invention.
FIG. 8 is a schematic flow chart diagram of the processing flow of the master system according to one embodiment of the invention.
Detailed Description
The present invention will be described in detail below with reference to the attached drawings, and the features of the present invention will be further apparent from the following detailed description.
Fig. 1 is an exemplary architecture diagram of a communication-based interlocked dual-machine switching system 100, according to an embodiment of the present invention. As shown in fig. 1, the interlocking dual-machine switching system 100 is composed of a synchronization module 101 and a switching module 102. The synchronization module 101 is responsible for real-time exchange and real-time comparison of the synchronization data of the two main systems through the ethernet, and sends the main/standby states of the two main systems to the switching module. Alternatively, the two main machines CAN communicate with each other through a serial port, a CAN bus and the like. By way of non-limiting example, communication between the two hosts may be performed using various transport protocols, such as UDP, TCP, and the like.
The switching module 102 changes the excitation state of the relay through the hardware switch, so as to change the logic value of the host running signal on the host plug-in unit, thereby realizing the switching of the two main units. More specifically, fig. 2A illustrates an example switching process of a switching module.
As shown in fig. 2A, the switching module may include a switch for providing the active/standby selection signal. In one embodiment, the diverter switch is a multi-set toggle switch. In one example, the multi-set-type reverse switch may comprise at least 4 sets of double pole triple throw modules providing inputs to the I/II system host card and the I/II system acquisition driver card, respectively, as shown in fig. 2B. A machine A and a machine B of each host machine plug-in respectively collect a group of signals with mutually exclusive levels and compare the signals internally, and if the input signals are all suspended, the default is that the main and standby machines are automatically selected. The acquisition driving plug-in of each system acquires the state of the selector switch, and the state comprises the following steps: force I is primary, force II is primary, and primary/secondary automatic selection.
Returning to fig. 2A, the host plug-in the master system state sends information such as the master/standby state and the synchronization state of the system to the collection driving plug-in through, for example, a FlexRay bus, and outputs the information to the indication panel of the switching unit through a hard line.
The master and standby state information of the two main machines are exchanged in real time through Ethernet, and when the double-master state is detected, the double-master state of the system can be eliminated within a plurality of cycles through a certain strategy. In one non-limiting embodiment, a dual master fence principle that can be used with the dual master fence strategy of the present invention is as follows:
the switching unit can be internally provided with a main I system confirmation relay and a main II system confirmation relay, and the main I system confirmation relay and the main II system confirmation relay receive an main I system or main II system state confirmation application command output by the output plug-in unit, convert the main I system or main II system state confirmation application command into a group of contact states and send the group of contact states to the acquisition plug-in unit for confirmation. The interlocking host plug-in judges the states of the main confirmation relay and the host plug-in, and the interlocking system can normally work only when the states of the main confirmation relay and the host plug-in are consistent (for example, the I system host plug-in corresponding to the suction of the I system main confirmation relay is in the main use, or the II system host plug-in corresponding to the suction of the II system main confirmation relay is in the main use). The switching unit can ensure that the I system main confirmation relay and the II system main confirmation relay cannot be in the suction state at the same time through the interlocking of the main confirmation relays, so as to prevent the I system main plug-in and the II system main plug-in from being in the main state at the same time. In one example, this may be accomplished by connecting the front contact of the system I primary confirmation relay and the back contact of the system II primary confirmation relay in series so that the two relays do not suck up at the same time.
FIG. 3 is a schematic synchronization state diagram of a synchronization module according to one embodiment of the invention. An example single-train interlocker synchronous state transition diagram is shown in fig. 3. The states in fig. 3 are explained as follows:
the initial state: refers to a state in which the interlock is not operating normally.
The method comprises the following steps: refers to the operating state as the master. At this time, the system obtains the operation command from the outside, collects the status of the field device, performs the logical operation, and outputs the operation result to the outside.
And (3) synchronization: after the finger interlocking machine is started from a shutdown state, when the adjacent system is detected to be in a main state, the finger interlocking machine applies for the main system, obtains synchronous data and checks the synchronous data.
Hot preparation: the neighbor system is in the main state, and the process that the neighbor system and the main system run simultaneously after the neighbor system and the neighbor system are synchronously finished. In the hot standby state, the machine logic operation generates an operation result which is not output externally.
In an exemplary typical application scenario, there are two systems, I and II, and the main and standby systems are automatically selected. Suppose that I is started first, and then I enters the "initial state", and then the neighbor is inactive (because II is started later than I), so I enters the "active" state, and then works as the master. Then II is started, II enters into 'initial state', at this time it judges that the adjacent machine is main, II enters into 'synchronous' state, in this state II requests synchronous data from main system (i.e. I system) and checks the synchronous data. If the synchronization is overtime, the system returns to the initial state. When the data synchronization is successful, II enters a hot standby state. At this time, the main backup system is working normally, and the system enters into an ideal hot backup redundancy state. After entering the 'hot standby' state, the standby system and the main system keep running simultaneously and data synchronization, if the synchronization fails, the system II returns to the 'synchronization' state, and seeks data synchronization with the main system again.
In this normal operating state, when the primary (I-train) system fails, the system is shut down and returns to the "initial state". At this time, the standby system (system II) is switched to the main system under the instruction of the interlocking dual-computer switching system, namely, the standby system enters the 'main use' state. Subsequently, after the I-system recovers from the failure, it goes through "synchronization" as a backup system into "hot backup" state according to the previous flow of the II-system.
Returning to the previous normal operating state, if the backup system (system II) fails, stopping the system and returning to the initial state, and then attempting fault recovery. Furthermore, it will be appreciated that if a standby is just taking place in the previous "in sync" state, then the "original state" is also returned.
The principle and process of synchronization between the master and slave trains of the present invention will be further explained with reference to fig. 4-8.
Fig. 4 is a schematic diagram of a dynamic message interaction flow between a master system and a slave system according to an embodiment of the present invention. For convenience of explanation, in fig. 4, the host that is started first becomes the master host (hereinafter referred to as "master"), and thus is in the aforementioned "master" state, and the other host that is started later becomes the slave host (also referred to as "slave"), and finally enters the "hot standby" state after going through the "initial state" and "synchronization".
The master system can periodically send synchronous data to the backup system after entering the 'master' state. When the backup system is still in the "initial state", the received synchronization data may not be processed for the time being, but a synchronization request may be sent to the master system. And after receiving the synchronization request, the master system sends a synchronization response to the slave system. Upon receiving the synchronization response, the backup may enter a "synchronization" state.
In the "synchronous" state, the backup system checks the received synchronous data and updates the local data. Then, when the logic operation result based on the local data is consistent with the received output result of the master system for a certain period (for example, 5 periods), the slave system can determine that the master system and the slave system are synchronized, and then the slave system enters a "hot standby" state. In the "hot standby" state, the calculation result of the local data is continuously compared with the received output result of the master system, if the calculation result is inconsistent with the received output result of the master system for a certain duration (for example, 2 seconds) or for a certain number of times (for example, 5 times), the standby system is changed to the "initial state", and the synchronization process between the master system and the previous master system is restarted.
More specifically, FIG. 5 is a schematic flow diagram of the process flow of the backup system in the "initial state" state, according to one embodiment of the invention. As shown in fig. 5, the system first confirms whether it is working as a backup, and if not, the process ends. If it is backup, it is further determined whether it is currently in the "initial state". If not in the "initial state," the process ends. If in the "initial state", the backup system sends a synchronization request to the primary system and simultaneously activates a synchronization request timer. Subsequently, the synchronization request timer starts counting. If a synchronization response is received from the master before the timing reaches a threshold (e.g., 5 cycles), the synchronization request timer is turned off, the local data is updated, and the status is modified to "synchronous", and the process ends. When the timing reaches a threshold (for example, 5 cycles), if the synchronization response is not received, the synchronization request is retransmitted, and the synchronization request timer is cleared.
FIG. 6 is a schematic flow diagram of the process flow of the standby system in the "synchronized" state according to one embodiment of the invention. As shown in fig. 6, the system first confirms whether it is working as a backup, and if not, the process ends. If the backup is present, it is further determined whether the current state is "in sync". If not, the process ends. If in the "in sync" state, the received input data is checked. In one non-limiting example, data checking may be performed by, for example, CRC or MD4 security code.
And if the verification result is correct, updating the peripheral data received from the master system, and calculating an output result. For example, the slave system may calculate the output result based on the peripheral data received from the master system and the logical state of the device in the same manner as the master system. The content of the computation may include, but is not limited to, logic operations of the interlocking application, such as button analysis, routing maintenance, signal opening, and the like. Subsequently, the calculated output result is compared with the output result of the master system.
If the two are consistent, the data inconsistency counter is cleared and the data consistency counter is increased by one. Subsequently, it is determined whether the data coincidence counter is greater than a threshold (e.g., 5). If the data inconsistency is greater than the threshold value, the state of the backup system is converted into a hot backup state, and meanwhile, the data inconsistency counter and the data consistency counter are cleared, and the process is finished. If not, the process ends, waiting for the next time input data is received and the process is re-executed.
And if the result of checking the received input data is incorrect or the result of comparing the calculated output result with the output result of the master system is inconsistent, resetting the data consistency counter, adding one to the data inconsistency counter and prompting the inconsistent memory position. Subsequently, it is determined whether the data inconsistency counter is greater than a threshold (e.g., 5). If the value is larger than the threshold value, the state of the backup system is changed into an initial state, and meanwhile, the data inconsistency counter and the data consistency counter are cleared, and the process is ended. If not, the process ends, waiting for the next time input data is received and the process is re-executed.
FIG. 7 is a schematic flow diagram of the process flow of the standby in the "hot standby" state according to one embodiment of the invention. As shown in fig. 7, the system first confirms whether it is working as a backup, and if not, the process ends. If the system is standby, whether the system is in a hot standby state or not is further determined. If not, the process ends. If the state is in the 'hot standby' state, the received input data is checked.
And if the checking result is incorrect, the checking error counter is increased by one. Subsequently, a determination is made as to whether the check error counter is greater than a threshold (e.g., 5). If the value is larger than the threshold value, the state of the backup system is converted into an initial state, meanwhile, the check error counter is cleared, and the process is ended. If not, the process ends, waiting for the next time input data is received and the process is re-executed.
And if the checking result is correct, resetting the error checking counter, updating the peripheral data received from the master system, and calculating an output result. Subsequently, the calculated output result is compared with the output result of the master system.
If the two are consistent, the data inconsistency counter is cleared, and the process ends. If the two are not in agreement, the data disagreement counter is incremented by one, and then it is determined whether the data disagreement counter is greater than a threshold (e.g., 5). If the value is larger than the threshold value, the state of the backup system is changed into an initial state, and meanwhile, the data inconsistency counter and the data consistency counter are cleared, and the process is finished. If not, the process ends, waiting for the next time input data is received and the process is re-executed.
The above describes the processing flow of standby system in "initial state", "synchronization" and "hot standby" states. In an additional embodiment, the backup sends backup data to the master periodically in any state.
FIG. 8 is a schematic flow chart diagram of the processing flow of the master system according to one embodiment of the invention. As shown in fig. 8, the system first confirms whether it is operating as a master, and if not, the process ends. If it is the master, it is further determined whether a synchronization request is received. If no synchronization request is received, the process ends.
If a synchronization request is received, the synchronization request timer is cleared. Subsequently, the synchronization data is sent to the backup. The data may include peripheral data and logical operation results received by the master. Thereafter, the process ends.
What has been described above includes examples of aspects of the claimed subject matter. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the claimed subject matter, but one of ordinary skill in the art may recognize that many further combinations and permutations of the claimed subject matter are possible. Accordingly, the disclosed subject matter is intended to embrace all such alterations, modifications and variations that fall within the spirit and scope of the appended claims.
Claims (10)
1. A system for interlocking dual-machine handoff, the system comprising:
the synchronous module is configured to be responsible for exchanging and comparing synchronous data between two main machines and sending the main and standby states of the two main machines to the switching module, wherein the two main machines comprise an I main machine and a II main machine; and
a switching module configured to implement active-standby switching of a primary-secondary host based on the active-standby state sent by the synchronization module.
2. The system of claim 1, wherein the switching module further comprises:
and the main/standby selection signal is provided for the host plug-in and the acquisition drive plug-in of the two-system host.
3. The system of claim 2, wherein the switch comprises at least four sets of double pole, triple throw modules to provide active/standby select signals in three states, wherein the three states comprise: the mandatory I is main, the mandatory II is main and main/standby automatic selection.
4. The system of claim 1, wherein the switching module further comprises:
the system I is a main confirmation relay and the system II is a main confirmation relay, wherein the system I is interlocked with the system II to prevent the system I and the system II from simultaneously having a main state.
5. A dual-server hot-standby redundancy system, comprising:
i is a host;
II is a host;
a synchronization module configured to be responsible for exchange and comparison of synchronization data between the I-system host and the II-system host, and to send master and standby states of the I-system host and the II-system host to a switching module; and
a switching module configured to implement active-standby switching of the system I host and the system II host based on the active-standby state sent by the synchronization module.
6. The system of claim 5, wherein each of the I system host and the II system host is configured to:
the method comprises the steps of entering an initial state after starting, responding to the situation that an adjacent host machine is in a non-active state, and entering an active state, wherein in the active state, the host machine obtains an operation command from the outside, collects the state of field equipment, carries out logic operation and outputs an operation result to the outside.
7. The system of claim 6, wherein each of the I system host and the II system host is further configured to:
after starting, entering an initial state, responding to the situation that an adjacent host computer is in a main state, sending a synchronization request to the adjacent host computer, and simultaneously activating a synchronization request timer;
if the synchronization response from the adjacent host is not received before the synchronization request timer reaches a first preset threshold value, the synchronization request is sent again, and the synchronization request timer is cleared; and
entering a "synchronization" state if a synchronization response is received from the neighbor host before the synchronization request timer reaches the first predetermined threshold, wherein in the "synchronization" state, synchronization data is applied to a master system and acquired and checked.
8. The system of claim 7, wherein each of the I system host and the II system host is further configured to:
when in the 'synchronous' state, checking the received synchronous data from the adjacent host;
if the verification result is correct, peripheral data received from the adjacent host computer are updated, and an output result is calculated;
if the number of times that the calculated output result is consistent with the result output by the adjacent host reaches a second preset threshold value, entering a 'hot standby' state, wherein in the 'hot standby' state, the local host and the adjacent host run simultaneously, and when the adjacent host is in a shutdown fault, the local host enters the 'main' state; and
if the calculated output result is inconsistent with the result output by the adjacent host computer, outputting the inconsistent memory position, and if the inconsistent times reach a third preset threshold value or continuously exceed a preset time, returning to the initial state.
9. The system of claim 8, wherein each of the I system host and the II system host is further configured to:
when the system is in the hot standby state, the received synchronous data from the adjacent host computer is checked;
if the checking result is that the number of times of errors reaches a fourth preset threshold value, returning to the initial state;
if the verification result is correct, peripheral data received from the adjacent host computer are updated, and an output result is calculated;
and if the number of times that the calculated output result is inconsistent with the result output by the adjacent host reaches a fifth preset threshold value, returning to the initial state.
10. The system of claim 9, wherein the switching module further comprises an indicator light, and the switching module is further configured to: and when the output result calculated by the backup system host is inconsistent with the output result output by the main system host, giving an alarm through the indicator lamp.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110982091.3A CN113682348A (en) | 2021-08-25 | 2021-08-25 | Novel interlocking dual-computer switching method based on communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110982091.3A CN113682348A (en) | 2021-08-25 | 2021-08-25 | Novel interlocking dual-computer switching method based on communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113682348A true CN113682348A (en) | 2021-11-23 |
Family
ID=78582530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110982091.3A Pending CN113682348A (en) | 2021-08-25 | 2021-08-25 | Novel interlocking dual-computer switching method based on communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113682348A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003429A (en) * | 2021-12-30 | 2022-02-01 | 中国铁道科学研究院集团有限公司通信信号研究所 | Double-system state control method and system of safety demanding system based on 2oo2 x 2 |
| CN114637271A (en) * | 2022-03-16 | 2022-06-17 | 天津津航计算技术研究所 | Testing tool applied to acquisition and drive alignment of interlocking system |
| CN115009326A (en) * | 2022-07-05 | 2022-09-06 | 兰州大成铁路信号有限公司 | Electronic execution unit and redundant system for controlling safety lamp of railway signal machine |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2334499A1 (en) * | 1992-06-12 | 1993-12-23 | The Dow Chemical Company | Secure front end communication system and method for process control computers |
| DE102004038205A1 (en) * | 2004-08-05 | 2006-03-16 | Deutsche Bahn Ag | Rail vehicle`s drive operation effecting method, involves taking updated vehicle relevant driving information from non-volatile memory after failure of data processing unit, and updating it by bidirectional radio information transmission |
| US20080095121A1 (en) * | 2002-05-14 | 2008-04-24 | Shattil Steve J | Carrier interferometry networks |
| CN101513887A (en) * | 2008-12-29 | 2009-08-26 | 卡斯柯信号有限公司 | Method for competition type hot standby switching of intelligent automatic train monitoring system |
| US20110060938A1 (en) * | 2008-05-12 | 2011-03-10 | Casco Signal Ltd. | Computer interlocking system and code bit level redundancy method therefor |
| CN104268037A (en) * | 2014-09-10 | 2015-01-07 | 上海自仪泰雷兹交通自动化***有限公司 | Hot redundancy interlocking subsystem and main and standby switching method thereof |
| CN104401365A (en) * | 2014-10-16 | 2015-03-11 | 北京交控科技有限公司 | Realization method of ATO (automatic train operation) hot standby and ATO hot standby |
| CN105187248A (en) * | 2015-09-16 | 2015-12-23 | 浙江众合科技股份有限公司 | Redundancy switching system |
| CN110380915A (en) * | 2019-08-26 | 2019-10-25 | 湖南中车时代通信信号有限公司 | A kind of hot backup redundancy monitoring device based on secure communication protocols |
| CN112615728A (en) * | 2020-11-17 | 2021-04-06 | 卡斯柯信号有限公司 | Simulation system master-slave switching method based on railway safety communication protocol |
-
2021
- 2021-08-25 CN CN202110982091.3A patent/CN113682348A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2334499A1 (en) * | 1992-06-12 | 1993-12-23 | The Dow Chemical Company | Secure front end communication system and method for process control computers |
| US20080095121A1 (en) * | 2002-05-14 | 2008-04-24 | Shattil Steve J | Carrier interferometry networks |
| DE102004038205A1 (en) * | 2004-08-05 | 2006-03-16 | Deutsche Bahn Ag | Rail vehicle`s drive operation effecting method, involves taking updated vehicle relevant driving information from non-volatile memory after failure of data processing unit, and updating it by bidirectional radio information transmission |
| US20110060938A1 (en) * | 2008-05-12 | 2011-03-10 | Casco Signal Ltd. | Computer interlocking system and code bit level redundancy method therefor |
| CN101513887A (en) * | 2008-12-29 | 2009-08-26 | 卡斯柯信号有限公司 | Method for competition type hot standby switching of intelligent automatic train monitoring system |
| CN104268037A (en) * | 2014-09-10 | 2015-01-07 | 上海自仪泰雷兹交通自动化***有限公司 | Hot redundancy interlocking subsystem and main and standby switching method thereof |
| CN104401365A (en) * | 2014-10-16 | 2015-03-11 | 北京交控科技有限公司 | Realization method of ATO (automatic train operation) hot standby and ATO hot standby |
| CN105187248A (en) * | 2015-09-16 | 2015-12-23 | 浙江众合科技股份有限公司 | Redundancy switching system |
| CN110380915A (en) * | 2019-08-26 | 2019-10-25 | 湖南中车时代通信信号有限公司 | A kind of hot backup redundancy monitoring device based on secure communication protocols |
| CN112615728A (en) * | 2020-11-17 | 2021-04-06 | 卡斯柯信号有限公司 | Simulation system master-slave switching method based on railway safety communication protocol |
Non-Patent Citations (2)
| Title |
|---|
| 贾淋然: "计算机联锁***在铁路通信方面的运用", 《信息安全与技术》 * |
| 韩红彬等: "HXD2系列电力机车MPU软件结构设计", 《铁道机车与动车》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003429A (en) * | 2021-12-30 | 2022-02-01 | 中国铁道科学研究院集团有限公司通信信号研究所 | Double-system state control method and system of safety demanding system based on 2oo2 x 2 |
| CN114003429B (en) * | 2021-12-30 | 2022-03-29 | 中国铁道科学研究院集团有限公司通信信号研究所 | Double-system state control method and system of safety demanding system based on 2oo2 x 2 |
| CN114637271A (en) * | 2022-03-16 | 2022-06-17 | 天津津航计算技术研究所 | Testing tool applied to acquisition and drive alignment of interlocking system |
| CN114637271B (en) * | 2022-03-16 | 2024-03-15 | 天津津航计算技术研究所 | Testing tool applied to production-drive alignment of interlocking system |
| CN115009326A (en) * | 2022-07-05 | 2022-09-06 | 兰州大成铁路信号有限公司 | Electronic execution unit and redundant system for controlling safety lamp of railway signal machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113682348A (en) | Novel interlocking dual-computer switching method based on communication | |
| EP3690657B1 (en) | Computer-based interlocking system and redundancy switching method thereof | |
| CN107634855A (en) | A kind of double hot standby method of embedded system | |
| US7721149B2 (en) | Method for verifying redundancy of secure systems | |
| CN201909961U (en) | Redundancy control system | |
| CN103647781A (en) | Mixed redundancy programmable control system based on equipment redundancy and network redundancy | |
| US20160292106A1 (en) | Bus Participant Device and Method for Operating a Bus Subscriber Device | |
| CN1758622A (en) | Heterogeneous multi-bus data transmission method between information processing device | |
| CN107248933A (en) | A kind of method of the double main protection of rail traffic signal system | |
| WO2011131081A1 (en) | Method and apparatus for implementing redundancy serial bus | |
| WO2009137988A1 (en) | Code bit level redundancy method for computer interlock ing system | |
| CN103678031A (en) | Double 2-vote-2 redundant system and method | |
| CN108073105A (en) | Safety PLC device and implementation method based on isomery dual processor redundancy structure | |
| CN113791937B (en) | Data synchronous redundancy system and control method thereof | |
| CN110758489A (en) | Automatic protection system of train | |
| CN115913906A (en) | Redundancy control system and method for ship | |
| EP0507299A2 (en) | Loosely coupled multiplexing control apparatus and method | |
| CN111891192B (en) | Train overspeed protection equipment, control method and dual-machine hot standby system | |
| CN106656437A (en) | Redundant hot standby platform | |
| CN114024655A (en) | High-speed rail dual-system parameter synchronization method and device based on state machine | |
| JP2004058793A (en) | Electronic interlocking device | |
| CN107942646B (en) | Safety independent active/standby switching equipment and method | |
| JPH09114507A (en) | Duplex system for programmable logic controller | |
| CN114003429B (en) | Double-system state control method and system of safety demanding system based on 2oo2 x 2 | |
| JP2941387B2 (en) | Multiplexing unit matching control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211123 |
|
| WD01 | Invention patent application deemed withdrawn after publication |