X  ABNORMAL OPERATION

 

          In the foregoing we mainly discussed the system operating normally.  In  the following sections, we begin to discuss how the system handles abnormal situations.  It is anticipated that these should be exceedingly rare; but rare or not, a prudent system architect must anticipate failure and insure that when, or if, it fails, it fails in a safe mode.

         

 

          A.  Communication Failure

              

          The system can not be allowed to operate if the communication system fails.  To borrow an expression from a popular movie, “Failure is not an option”.  The system must be provided with redundant radio communication facilities separated by geography.  If a landline fails, a router immediately re-routs the communication around the affected line.

 

          Not withstanding, we must begin to think the unthinkable.  If an entrance station looses communication, that station immediately embargoes further launching on the system.  If for any reason, the failure is not just an isolated failure at a single station, the entire line or the entire system is embargoed from further launching.

 

          Positive radio communication is maintained, through the several sector monitors, with every carrier on the system.  Periodic check messages are transmitted frequently to insure this.  It is one more advantage of a distributed control system that if communication with a central authority is severed, the carrier is not rendered uncontrolled.

 

          A failure in this requires that the system be shut down.  Both launch functions and transfer functions will be cancelled, thus precluding any potential conflict.   Carriers will continue on their present line regardless of their original intention. . 

 

          It is imperative that this shut down is not done precipitously.  Each packet leader will slowly reduce the speed of his packet in a prescribed protocol.  This to insure that following packets, that for one reason or another are not responding have ample time to react to the slow down.

 

          Each packet will leave the system at the next appropriate exit.  The vehicles will exit, and the empty carriers will be routed back to the guideway.

 

            

          B. Overflow

         

          As was indicated, each exit station, whether destination or transfer, must provide a buffer to absorb peak loads.  This is essentially a section of track, perhaps several hundred feet long.  This allows an exiting carrier to leave the main line with no disruption to the remaining packet.  We re-emphasize that this capability is essential to the operation of a well-ordered system.

 

          Occasionally this buffer may overflow i.e., for the moment, the buffer can not handle an additional carrier.  In that instance, the buffer overflow monitor will notify the system monitor.  The system monitor will, in turn, cause the station-to-carrier net to broadcast a general alert to all carriers upstream of the overflow.  Each affected carrier is provided an alternate and it exits there normally.        

 

         

          C.  System Blockage

 

          One disadvantage of a rail-based system is that it is particularly vulnerable to blockage; one can't simply drive around.  Accordingly, this places a special emphasis on the maintenance of track and rolling stock.  Continuous self-checking, and a frequent and thorough maintenance regimen are essential to insure carrier reliability.  Fortunately the system controls its own destiny; after it is loaded onto a carrier, the vehicle plays no further part in the operation.  The system is in no way dependent on the electrical or mechanical condition of the transported vehicle.  Moreover, as a restricted access system there are no grade crossings or other opportunities to collide with non-system objects.  Thus blockages should be rare.

 

          Nevertheless, a prudent system designer must provide for this possibility, no matter how remote.  The system must halt all upstream traffic.  All packets would then be instructed to exit the line at the next station, thus clearing the line (at least to the obstruction.)  It might be necessary for a packet to backup in order to reach an exit.  One would want to be very sure that the line was clear before ordering this.

 

          All vehicles would exit.  Those commuters whose destination were beyond could make their way on the surface to an unobstructed entrance station, wait, or seek alternate means.  Restricted service to unaffected destinations could then be restored in accord with an emergency scenario developed for this precise situation.

 

          It is probable under these circumstances that the next exit station would have insufficient docking space to accommodate all carriers expeditiously. This would require the exiting process to proceed quite slowly.  Each carrier, in turn, would dock, discharge its load, and return to the system.

 

 

          D.  Power Failure

         

          Every effort must be made to maintain the integrity of the power distribution system.  It is anticipated that electrical power would be supplied along the system in a standard 60 Hertz distribution line.  If direct current is chosen as the final distribution mode, we anticipate numerous trackside rectifiers.  In this manner, the decision to use public utility power or a dedicated plant is simply one of advantageous choice.  Numerous ties to the regular grid would facilitate service restoration.

 

          In any event all upstream traffic must be halted and a decision made whether to clear the system, or await restoration of power.  To accommodate the former, each carrier would have a battery backup with enough energy to sustain the electronics and to drive the carrier slowly to the next exit.  Exit would be effected as described above.