中国安全科学学报 ›› 2026, Vol. 36 ›› Issue (6): 262-270.doi: 10.16265/j.cnki.issn1003-3033.2026.06.0794

• 智能安全技术 • 上一篇    

基于3oo5-Y的铁路信号安全云平台冗余结构设计

尚麟宇1(), 黄苏苏1,2,**(), 魏东冬1, 刘明端1, 李科1   

  1. 1 中国铁道科学研究院 通信信号研究所, 北京 100081
    2 北京交通大学 自动化与智能学院, 北京 100044
  • 收稿日期:2026-02-04 修回日期:2026-04-18 出版日期:2026-06-28
  • 通信作者:
    ** 黄苏苏(1988—),女,江苏南通人,硕士,副研究员,主要从事轨道交通列车运行控制技术方面的研究。E-mail:
  • 作者简介:

    尚麟宇 (1988—),男,辽宁沈阳人,硕士,高级工程师,主要从事铁路通信信号技术方面的工作。E-mail:

    魏东冬,副研究员

    刘明端,副研究员

    李科,副研究员

  • 基金资助:
    国家自然科学基金资助(U2468202); 中国国家铁路集团有限公司科技研究开发计划项目(J2024X002)

Redundant structure design of railway signaling safety cloud platforms based on 3oo5-Y architecture

Shang Linyu1(), Huang Susu1,2,**(), Wei Dongdong1, Liu Mingduan1, Li Ke1   

  1. 1 Signal & Communication Research Institute, China Academy of Railway Sciences Corporation, Beijing 100081, China
    2 School of Automation and Intelligence, Beijing Jiaotong University, Beijing 100044, China
  • Received:2026-02-04 Revised:2026-04-18 Published:2026-06-28

摘要:

为提升铁路信号系统在云平台环境下的运行可靠性与防御共因故障的能力,在传统五取三(3oo5)架构基础上,提出一种基于异构虚拟化(VMware与基于内核的虚拟机(KVM)组合)部署的3oo5-Y(Y表示异构)冗余结构设计方案。通过构建三取二(2oo3)、3oo5与七取四(4oo7)等典型冗余结构的可靠度与安全度函数模型,对比分析不同冗余节点数量对系统性能的影响。并结合共识算法理念,设计无第三方软件依赖的三态节点控制及随机超时一致性表决机制。结果表明:在单元可靠度大于0.9的高可靠水平区间内,冗余结构的可靠度与安全度均随节点数量的增加而提升(排序为4oo7>3oo5>2oo3)。相较于同构3oo5结构,3oo5-Y结构以微小的绝对可靠度折损为代价,有效降低高度同构带来的共因故障风险。此外,在限制双KVM节点不同时故障的条件下,该系统能容忍最多2个节点失效。3oo5-Y异构冗余架构有效兼顾系统部署的经济性与异构一致性比较功能,在保障系统极高安全性的前提下,维持了云端架构的高可用性。

关键词: 五取三异构(3oo5-Y)结构, 铁路信号, 安全云平台, 冗余结构, 异构虚拟化

Abstract:

To enhance the operational reliability and the capability to defend against common cause failures of railway signaling systems in cloud platform environments, a 3oo5-Y(Y denoting the heterogeneous scheme) redundant architecture based on heterogeneous virtualization (a combination of VMware and Kernel-based Virtual Machine(KVM)) deployment was proposed on the basis of traditional 3oo5 architecture. First, reliability and safety function models for typical redundant architectures, such as 2oo3, 3oo5, and 4oo7, were constructed to comparatively analyze the impact of different numbers of redundant nodes on system performance. Second, combined with the consensus algorithm theory, a three-state node control and random timeout consistent voting mechanism was designed without relying on third-party software. The results show that within the high-reliability interval where the unit reliability exceeds 0.9, both the reliability and safety of the redundant architectures increase with the number of nodes, with the performance ranking of 4oo7 > 3oo5 > 2oo3. Compared with the homogeneous 3oo5 architecture, the risk of common cause failures induced by high homogeneity is effectively reduced by the 3oo5-Y architecture at the cost of a marginal compromise in absolute reliability. Furthermore, under the constraint that the two KVM nodes do not fail simultaneously, a maximum of two node failures can be tolerated by the system. In conclusion, the deployment economy and heterogeneous consistency comparison functions are effectively balanced by the 3oo5-Y heterogeneous redundant architecture, and the high availability of the cloud architecture is maintained while extremely high system safety is ensured.

Key words: 3-out-of-5 (3oo5-Y) architecture, railway signaling, safety cloud platform, redundant structure, heterogeneous virtualization

中图分类号: