Not all communications networks are the same. For telecommunications network operators in railways, public authorities, transport and utility companies, maximum availability of mission-critical data and reliable data transmission of sensitive information is vital. These factors set them apart from the majority of fixed-line and mobile telephony networks. KEYMILE has focused the main demands on safety-critical communications networks on three core issues.

Extremely high reliability is one of the major criteria that safety-critical communications networks belonging to fire brigades, rescue services, electricity plants, water companies, police, railway firms, and the road traffic and aviation sector have to fulfil. The potentially serious impact of interruptions in communication on these areas is easy to imagine. As data failure is not an option, all the necessary precautions have to be taken to prevent it.

In many areas, safety-critical applications use the same technologies as public telecommunications networks. However, important differences have to be considered when planning and operating these types of networks. KEYMILE, one of the leading manufacturers of next-generation data transmission systems, has summed up the main demands in three core issues: Maximum network availability, conservative network design and long innovation and replacement cycles communication networks.

While 99.999% availability is required for the public networks (a maximum of about five minutes failure per year), the figure of safety-critical applications, for example in the case of energy suppliers, is 99.9999% (a maximum of 32 seconds failure per year). One of the most effective measures created to comply with this demand, is redundancy of the critical hardware components, such as the power supply and core units.

Where the power supply is concerned, both the power units and the connections are redundant. The transmission paths are also redundant and have fast switching mechanisms. Communication at transmission level is primarily based on SDH networks. Here, the transmission paths are secured with functions such as path protection (protective switching at line level) or multiplex section protection, a replacement connection protects exactly like a fibre connection.

Typically, switching times of under 50 milliseconds are required. Certain Ethernet/IP-based protective mechanisms (RSTPs, redundant routing paths), such as those sometimes used in public networks, are not suitable for usage in networks requiring a high level of availability.

Service failures in safety-critical communications networks are luckily very seldom. If they occur, it is often not the fault of a systems component failing, but a design fault in the network architecture or the equipment. The convergence or switching time in spanning tree networks in more complex network topologies appeared to vary considerably.

Where network elements are concerned, it is the growing complexity of the software that is noticeable above all. Even with in-depth development and systems tests, not all scenarios can be covered, so that in day-to-day operations unexpected situations and malfunctions can occur. As a result, network operators do not use new technologies until these have proved themselves for many years in less critical applications. For many years, the main task in this area has been to migrate the traditional circuit-switched transmission to packet-switched transmission.

Packet-based technologies, such as IP and MPLS, are already used in safety-critical communications networks for less safety-relevant services. Therefore, it will still take a few years before quality of service mechanisms in Ethernet networks have reached a sufficient level of maturity to allow complete replacement of the TDM infrastructure in use today.

Long innovation and replacement cycles communication networks for safety-critical applications are mostly found in infrastructures, such as those in railway networks where they remain in service for many years. When selecting components and suppliers, long-standing availability of replacement components and maintenance are required. In this case, it is a period of about 20 to 25 years.

Another aspect is constantly maintaining support of traditional interfaces, such as X.21/V.11 or V.24/RS232, so that due to the discontinuation of systems components no more network elements or terminal equipment have to be replaced whose interfaces would no longer be available. The development of safety-critical communications networks is always a conflict between compatibility with the existing systems and the integration of standard components in customised solutions, as well as domestic and international safety standards like CENELEC 50159 (safety-relevant communication in transmission systems for railway applications), or IEC 61508 (functional safety of safety-related electrical/electronic/programmable electronic systems).

“The high availability required, assumes huge stability of safety-critical communications networks. It is crucial that the systems are fully redundant. Power supply, critical systems components and the transmission paths are redundant, so that if one path fails the service is not affected,” explains Mario Wolf, project manager of safety-critical systems at KEYMILE. “Partnering with experienced specialists helps operators of safety-critical communications networks to retain an overview and safeguard key services in the long term thanks to sustainable planning.”