Redundancy is the most effective method of achieving the highest levels of system reliability.
Redundancy is a method of increasing reliability by including a reserve. Redundancy allows you to create systems whose reliability can be higher than the reliability of its constituent elements. Reservation can be carried out by various methods, which share a common feature - the principle of redundancy. This means that, along with the main elements, nodes or blocks that perform specified functions, the system must contain redundant (backup) components that are not functionally necessary, but are intended only to maintain a certain level of system reliability. The application of the principle of redundancy leads to the complication of electronic equipment, an increase in weight, dimensions, and cost. The classification of redundancy methods is presented in Fig. 3.5.
Rice. 3.5. Classification of types of reservation
In redundant systems with replacement, a failed element is replaced with a serviceable one from among the backup ones, and this replacement is most often carried out using a switch (automatically or manually).
The advantages of reservation by replacement include:
· no need to adjust system parameters after replacing a failed element with a serviceable one;
· reserve elements can be kept in a light mode until they are included in the system, which helps preserve their resource and reduces energy consumption.
However, such systems have disadvantages:
· the need to use switches, which are the least reliable elements of electronic equipment;
· the need to create additional devices that monitor performance, find a failed element and replace it with a serviceable one.
All these disadvantages lead to the fact that redundancy by replacement is used mainly when reserving relatively large functional units of complex systems.
In systems with constant switching on of a reserve, all elements (both main and backup) are electrically connected so that they are in the same modes. This type of redundancy is calculated taking into account the consequences of element failures and the types of these failures.
The advantages of such a reservation are:
· ease of redundancy, therefore, a slight increase in the weight, dimensions and cost of the system;
· no interruptions in system operation after failures occur. Permanent backup is the only possible option in systems where even a short interruption in operation is unacceptable.
Disadvantages include:
· repaid resource consumption of reserve elements;
· failure of one of the elements leads to a change in the operating modes of the others.
The use of permanent redundancy is limited by the fact that simultaneous parallel operation of elements, nodes and blocks is possible only in some systems. Therefore, the constant inclusion of a reserve is most convenient when reserving relatively small system devices (mainly elements).
General redundancy represents the redundancy of the entire system as a whole. Separate redundancy consists of reserving the system in parts, in separate sections.
A system with general redundancy (Fig. 3.6) functions normally until the last remaining good circuit fails. Let m- redundancy ratio, that is, the number of backup circuits. If each j the th chain consists of n elements with a probability of proper operation P ij, then, using the theorem on multiplication of probabilities, we obtain that the probability of a complex event consisting in the fact that in j- circuit will not experience a single failure, is equal to the product of the probabilities of proper operation of each element of the circuit, then:
Probability of single circuit failure
Then the probability of proper operation of the system
For the case when all elements of the system have the same reliability, i.e. P ij =P, we get
Rice. 3.6. General reservation
Rice. 3.7. Separate reservation
A system with separate redundancy (Fig. 3.7) will work normally if at least one element in each of them remains operational n- links, probability of failure i-th link
Where q ij- probability of failure j th element i-th link.
Probability of proper operation of a system with separate redundancy P with equal to the product of the probabilities of proper operation P i everyone n- links
For the case of elements with identical reliability P ij =P we have
Mixed redundancy (Fig. 3.8) is a combination of general and separate, and the calculation of reliability for mixed redundancy is carried out using formulas for general and separate redundancy.
Rice. 3.8. Mixed reservation
Rice. 3.9. Efficiency of different types of reservation
To compare the effectiveness of using different types of redundancy, assume that there is a system consisting of n elements connected in series, identical in reliability, with reliability P =0.9.
As follows from Fig. 3.9, on which the calculated values of the corresponding probabilities are plotted, separate reservation is most effective, and the greater the number of elements n, the greater the advantage. However, it is necessary to remember the assumption that was used in deriving the formula for the reliability of redundant systems, namely, here the reliability of a system with a constantly switched-on reserve was calculated.
Examples of such inclusion include:
· systems consisting of several transmitters operating on a common antenna;
· radar stations containing several parallel operating indicator devices;
· parallel electrical connection of several elements (resistors, capacitors, etc.).
Let's find the average time of correct operation T s a system consisting of elements connected in parallel, one of which is the main one and the second is a backup one.
Let the failure rates of these elements be respectively equal λ 1 And λ 2. Then, with an exponential reliability law, the probability of their failure-free operation at the time t equal
; And 
For system
As is known,
After substituting the limits of integration we obtain
If the elements are equally reliable, i.e. λ 1 = λ 2 = λ, That
Where T0– average time of proper operation of one element.
For a system consisting of three parallel-connected elements of the same type, we find
In general, with a multiple of reservations m
From the last expression it follows that an increase in the multiplicity leads to a decrease in the contribution of the new reserve element to the average time of proper operation of the system. This phenomenon is explained by the fact that when constantly switched on, the backup circuits consume their operating capacity simultaneously with the main circuit.
Redundancy by replacement involves switching on backup circuits only after a failure of the main circuit. Switching on backup circuits can be done either manually or automatically. In any case, a failure indicator, a control device and a switch are required. The latter is usually relays or electronic switches.
In Fig. 3.10 shows a system where
B 1...B m– blocks of the main and reserve circuits,
n 11…n m1– input circuit switches,
n 12…n m2– output circuit switches,
U 1...B m- 1 – indicator and control devices.
Rice. 3.10. Reservation by substitution
When a unit failure occurs B 1 failure indicator sends a signal to the controller U 1 which disables B 1 by input and output, connecting the unit B 2. After a block failure occurs B 2 the system behaves similarly.
The failure of any switch results in the failure of the redundant circuit in which it is connected (provided that the failure of the switch does not disable the entire redundant system). Therefore, when calculating reliability, the switch is considered as an element connected to its block in series (in terms of reliability).
Redundancy is a method of ensuring system reliability through the use of additional tools and capabilities that are redundant in relation to the minimum required to perform the required functions. Redundancy can be used not only to increase reliability, but also to increase accuracy, stability, reliability, etc. Sometimes, instead of the term “redundancy”, the phrase “introduction of redundancy” is used. There are many similarities between these concepts, but there are also differences, so they cannot be perceived as synonyms. Redundancy is understood as the excess of weight, dimensions, performance, cost and other technical and economic indicators of a product over the minimum required. It is clear that the introduction of redundancy does not mean an automatic improvement in indicators of reliability, reliability, etc. For improvement to occur, it is necessary to appropriately manage redundant resources, create certain conditions and rules for their use, and in some cases, provide special technical and software means for updating these resources. If this is accomplished, then the introduction of redundancy becomes redundancy, and then both concepts can be considered synonymous.
The types and methods of redundancy are quite varied and depend both on the type of characteristics that need to be improved and on the class of systems in which redundancy is used. To increase the reliability of control systems, structural, functional, time, information, and algorithmic redundancy are used. Let's take a closer look at these types of reservations.
Structural redundancy. Structural redundancy (SR) is a method of increasing the reliability of technical means, which consists of using additional (backup) elements in the system that are not necessary to perform the functions assigned to the system, but are used by the system after the failure of the main elements. A characteristic feature of SR is that in an ideally reliable system, all backup elements can be removed from the system without any deterioration in the quality of its functioning. They are necessary only when there is a fundamental possibility of failure of the main elements.
Unlike a sequential system, in a system with CP, not any failure of an element leads to system failure, since the operation of the system is supported by restructuring (reconfiguration) of the structure and connecting backup elements. A system failure occurs only when a malfunction in one of the main elements cannot be compensated for by the timely connection of a functional backup element (group of elements).
A remarkable property of SR, which explains its widespread use, is that the introduction of backup equipment, increasing the total failure rate of elements (primary and backup), significantly reduces the failure rate of the system. As a result, other reliability indicators also improve. And, conversely, in contrast to a sequential system, where any simplification is useful from the point of view of reliability, in a redundant system, simplification by removing redundant elements worsens reliability indicators. In the presence of a flow of failures of SR elements, it allows for continuous operation of the system for a period of time that is many times greater than the average time to failure of a non-redundant system. In systems consisting of several simultaneously operating devices of the same performance, in which the failure of one of the devices reduces the overall system performance, CP stabilizes the system performance.
To effectively use SR, it is sometimes necessary to involve other types of redundancy, for example temporary, in order to guarantee timely detection of failures and timely connection of backup equipment. Information and algorithmic reservations are used for the same purposes.
Structural redundancy methods.
MSRs differ:
By the scale of reservation;
The ratio of the number of main and reserve elements;
Method of switching on the reserve;
Operating mode of reserve elements;
Methods for connecting backup equipment.
Reservation is called general if the entire sequential system is reserved, separate (element-by-element) if individual elements of a sequential system are reserved, and group if a group of system elements is reserved. A set of main and reserve elements that replace each other if one of the elements fails is called a redundant group. With general redundancy, there is only one redundant group in the system; with separate redundancy, there are as many redundant groups as there are elements in the sequential system. With group reservation, the number of reserved groups has an intermediate value. A system with a structural reserve fails when at least one of its redundant groups fails. In the structural reliability diagram, redundant groups are connected in series, which means the probability of a failure of a redundant group can be defined as:
Sliding reservation or with ambiguous correspondence is used when all the main elements of the system are the same. Reserve elements are not assigned to certain main elements, but can replace any of them.
The main parameter of structural redundancy is the multiplicity k, which is the ratio between the total number of elements of the same type n and the number r of working elements necessary for the functioning of the system:
The value of k can be an integer, if, and a fraction, if. In the latter case, the fraction cannot be reduced.
According to the method of switching on the reserve, they are distinguished:
Redundancy with always-on reserve;
Reservation with inclusion by substitution.
Rice. 4
Schemes of general (a) and element-by-element (b) permanent redundancy are shown in Fig. 4. When switched on continuously, the main and backup elements (subsystems) function simultaneously, starting from the moment the system is turned on (Fig. 4, a and b). Permanent reservation is passive. When switched on by replacement (Fig. 4, c and d), which is active redundancy, backup elements (subsystems) are put into operation only after the failure of the main ones. Before this, they are in a storage state (unloaded reserve), partially enabled (light reserve), or fully enabled (loaded reserve). When the reserve is loaded, the reserve elements have the same failure rate as the main elements, i.e.
With an unloaded reserve, the failure rate of the reserve elements is many times less than the failure rate of the main elements, so it can be considered in calculations. Light reserve occupies an intermediate position when
Replacing a failed primary element with a backup one can be done manually, semi-automatically or automatically. In the first case, no switching equipment is required, but the switching time is quite long. For automatic switching, a special automatic transfer switch is used. It reduces switching times to a few seconds or fractions of seconds, but is itself ultimately reliable. With semi-automatic switching, part of the functions is performed by the machine, and the other by the operator.
Since structural redundancy is associated with additional costs for backup elements, the latter should pay off by increasing the reliability of the system and reducing losses from its failures. The easiest to determine redundancy efficiency indicators are the following:
where is the gain due to an increase in the average time to failure of a redundant system compared to the operating time of a non-redundant system; - similar indicators for increasing the probability of failure-free operation and reducing the probability of failure. Reservation is effective if the indicator value is longer than one.
Temporary reservation (time reservation)
Temporary backup (TR) is a method of increasing reliability in which the system, during operation, is given the opportunity to spend some time, called reserve, to restore technical characteristics. The time reserve can be spent on switching the structural reserve, detecting and eliminating failures, repeating work invalidated by failures, and waiting for loading in a working state. You can specify multiple backup time sources.
Time reserve can be created by increasing the time allocated to the system to complete a task and called operational time. It also occurs when creating a performance reserve for the entire system or its individual devices, and without increasing the operating time. The performance reserve, in turn, arises when the speed of elements increases or when several devices (systems) of the same or different performance are integrated to perform a common task.
In systems, the result of which is assessed by the volume of produced (processed) product, a time reserve can be created due to internal reserves of output products. In ASOIU such products are information, in energy supply systems - electrical energy, in water supply systems - water resources, in machine-building enterprises - parts, assemblies, devices, etc. To store stocks, special storage devices are provided: memory devices, batteries, tanks, bunkers, etc. Until the stock is exhausted, the product goes to the output of the system, and the systems adjacent to it, without “noticing” the partial or even complete cessation of its functioning, consider it efficient.
Another source of time reserve is the functional inertia of processes occurring in the system. In the operation of many technical systems, minor interruptions are allowed that occur without loss of quality of operation (as long as the controlled parameters are within tolerances), which can be used to restore its functionality. Automated process control systems, temperature control systems, dispatch control systems, life support systems for aircraft and other mobile vehicles, etc. have such properties.
For systems with VR, a malfunction is not necessarily accompanied by a failure of the system, even if its elements are connected in series, since it is possible to restore functionality during reserve time. SVR failure is an event consisting of a malfunction that causes unacceptable consequences or is not eliminated within an acceptable time. The reliability of the automated control system is assessed based on the results of fulfilling the established time limits along the entire trajectory of operation or based on the results of completing a certain task.
The task is given:
Sequence and scope of work;
Established points for the beginning and completion of work stages;
Restrictions on the use of various resources available to the system;
Restrictions on mutual assistance and interaction of various devices.
Therefore, tasks are distinguished:
One-stage;
Multi-stage;
Brigade;
Individual (autonomous);
Group;
Arriving before the system starts operating (according to schedule);
Arriving during the operation of the system (at random times according to requests). Completion of a task is an event consisting in the completion of a given amount of work with established restrictions on the time of completion of all work and their individual stages and when the requirements for the quality and rhythm of the system are met. Violation of established requirements and restrictions is considered as a failure of operation. Therefore, a failure of a control system can be defined as an event that leads immediately or with some delay to the failure of a task, to a failure of operation.
To identify signs of CVR failure, it is necessary to keep statistics of time losses and carry out special measurements, for example, of product inventories in storage devices. Structurally, in a generalized form, the time management system can be considered as a combination of the original object and the time reserve (Fig. 5).
After a system failure, the time reserve begins to operate. System failures can vary in consequences. If a failure causes only a delay in the completion of the task, but does not lead to repetition of the work, then it is called non-impairing or non-destructive. Otherwise, it is called depreciating or destructive. Depreciation of work performed can be complete or partial. Due to the presence of depreciating failures, the entire operating time of the system is divided into useful and depreciated. Useful operating time is the operating time that is not depreciated by system failures, and depreciated operating time is operating time that is not included in the useful operating time. Time reservation is widely used in computers, computer networks, and communication systems. The use of VR is especially effective in combating failures and interference. It is often used to improve the efficiency of other types of redundancy.
Rice. 5
Time reservation methods
The classification of structural reservation methods can partially be extended to temporary reservation methods. Among the VR methods one can distinguish general, separate, group, with integer and fractional multiplicity. With general reservation, the created time reserve can be used by any element of the system. With separate VR, each element is provided with its own time reserve, which cannot be used by other elements. In group VR, the time reserve is intended for any element included in this group and cannot be used by elements outside the group. The VR multiplicity is the ratio of the amount of time reserve to the minimum time for completing the task. It can be integer or fractional.
If it is possible to increase during the operation of a system with a time reserve (SVR), a distinction is made between a non-replenishable and a replenished time reserve. A non-replenishable time reserve is created in advance, before the start of work, and does not increase during the completion of the task. When all elements of the system are in working order, the current value of the time reserve does not change, but in the event of element failures it can decrease abruptly (with depreciating failures) or linearly depending on time when the system is inoperative. The replenished reserve increases according to a certain law when the entire system is in working order, as well as during the restoration of the functionality of some failed elements. The instantly replenished reserve is restored to its original level in a jump immediately after the repair is completed. Both types of time reserve can be used in the same system - then it is called combined or mixed. When making a separate or group reservation, additional restrictions may be placed on the method of replenishing and using the time reserve. In this case, it is called a reserve with complex restrictions.
As with structural redundancy, according to the type of structure, a distinction is made between SVRs with serial, parallel, series-parallel connection of elements, as well as SVRs with a network structure. However, there are some peculiarities here. So, there are two types of series connection: basic and multiphase. With the main connection, there are no product storage devices in the system (Fig. 6, a).
Rice. 6
With a polyphase connection, there is at least one storage device in the system. The number of phases is determined as the number of drives increased by one (Fig. 6,b). Parallel connection also has two types: redundant and multi-channel. With a backup connection, there are clear differences between the primary and backup elements. Functional main elements are in operation. Reserve elements, regardless of the mode (loaded, unloaded, light), are not put into operation while the main elements are operational (Fig. 6, c). In a multi-channel connection, there is no distinction between primary and backup elements. All elements connected in parallel participate in the work, and the results of their work are used in one way or another when forming the results of the entire system. If the elements are characterized by performance (throughput, speed, power, etc.), then in a system with a multi-channel connection of elements a performance reserve can be created, in contrast to a system with the minimum required number of elements (Fig. 6d). Examples of SVR with series-parallel and parallel-series connection of elements are shown in Fig. 6, d-z. More complex structures can be built recursively.
Functional redundancy
Functional redundancy (FR) is a method of increasing reliability that uses the property of technical systems (as well as living organisms, biological and social systems) to ensure failure-free operation in the event of element failures due to the redistribution of functions and more intensive operation of elements that performed only their main functions until failure. They are capable of performing additional functions only temporarily, and this may be accompanied by some deterioration in the overall quality of work, but within acceptable limits. With FD, there are no “extra” elements in the system - they are all necessary to perform the required set of functions. A characteristic feature of this type of redundancy is precisely the fact that even from an ideally reliable system not a single element can be removed without causing a redistribution of the functions of the elements and an increase in their functional load on an ongoing basis, possibly with a transition to more difficult operating modes.
The use of DF is usually accompanied by the introduction of information and algorithmic redundancy.
Information backup
In modern control technology and information computing technology, information redundancy and information redundancy are used to improve many characteristics. It affects indicators of reliability, reliability of information processing and transmission, calculation accuracy, and productivity. Methods for introducing information redundancy are very diverse. Information redundancy exists in the form of redundancy of the internal information language of data processing and transmission devices, in the form of redundancy of noise-resistant codes. It can be introduced both as redundancy of data arrays as part of a data file, and as redundancy of the file structure in computer memory. It is safe to say that without information redundancy in one form or another it is impossible to imagine any information process in an automated information system. Often, without information redundancy, other types of reservation cannot be used. Without dwelling on the indirect ways in which information redundancy influences reliability indicators, we will only note the main ways of direct influence. Information redundancy (AI) reduces:
Flow of system failures, since all element failures become system failures; if the consequences of an element’s failure can be eliminated using AI, then it is not considered a system failure;
Recovery time by reducing the amount of work devalued by failure; at the same time, the time spent on repeating the depreciated part of the work decreases and the useful operating time increases;
Recovery time by reducing the time to detect and troubleshoot a fault.
Algorithmic Reservation (AR)
To perform the tasks facing the system, it is necessary not only to have a certain amount of information about the nature and conditions of the task, about the processes occurring in the system and the environment, but also to ensure the processing of this information in accordance with the functioning algorithms. Each system can be associated with an algorithm of minimal complexity. All other algorithms containing an additional number of operators will be redundant compared to the minimum algorithm. AR is introduced to overcome interference and random disturbances caused, in particular, by failures of hardware elements. It is used in interaction with other types of reservation and in some cases is a necessary condition for their implementation.
4 Calculation of the reliability of non-recoverable systems with constant reserve
General constant reservation with an integer multiplicity. The failure probability Q p of t elements operating in parallel at r = 1 is determined by expression (2), whence for equally reliable elements
The lower the probability of failure of each element, the higher the effectiveness of continuous redundancy. Thus, if q = 0.1 and 0.01, and k = 1, then the gain in reducing the probability of failure during redundancy will be 10 and 100, respectively. Let us consider the relationship between the reliability indicators of a group of redundant elements, the redundancy factor k and the duration of operation of elements t at exponential the law of distribution of the time of their failure-free operation. If the failure rate of each element, then according to (1.12), (1.21), (1.22) we have
Graphs of changes in P P (t/) and p (t/)/ depending on the redundancy ratio and the duration of system operation are presented in Fig. 7. They show that constant reservation is effective at the initial stage of system operation, when t.
For a group of redundant elements, mean time to failure
Rice. 7
The operation of the group of redundant elements under consideration is characterized by a sequential transition as failures occur from m working elements to m-1, m-2 and further to one, the failure of the latter leads to the failure of the entire group. This sequence of transitions is illustrated by the graph presented in Fig. 8. At random times t 1, t 2, etc., element failures occur, the number of working elements n(t) gradually decreases. Since in each of the sections T 1 = t 1, T 2 = t 2 - t 1, etc., the joint functioning of t, t-1, etc. elements takes place, then random time intervals T 1, T 2, ...,T t have an exponential distribution with failure rates m, (t-1), ..., respectively, and average duration 1 = 1/(m), 2 = 1/[(t-1)], = 1 /. Since, the value of the average time to failure of a group of redundant elements is determined as 1/(m)+1/[(t-1)]+ 1/.
Rice. 8
Redundancy of two-pole elements. In most cases, backup elements are connected in parallel to the main one. However, when differentiating types of failures, redundancy for each of them can be carried out using different methods of switching on reserve elements. The most characteristic in this regard is the redundancy of elements in case of failures such as “open” and “short circuit” (SC). For two-pole relay-type elements that have two possible states 1 and 0, these failures correspond to non-operation in the presence of a control signal and false operation in the absence of the latter.
When connecting relay elements in series (Fig. 9a), failure of any of the elements leads to the absence of a circuit between points a and b. Thus, for this type of failure, the series connection of relay elements is basic. For false trip failures, the series connection is redundant because this type of circuit failure will only occur if two elements fail.
Rice. 9
From what has been considered, it follows that two structural diagrams correspond to the same connection of elements for these types of failures. When relay elements are connected in series, redundancy is provided for faults of the short circuit type. If the probability of failures of this type for each element is q, then B a = q/q 2 = q -1. For failures such as an open circuit, i.e. sequential connection of relay elements leads to an increase in the likelihood of failures such as an open circuit. When relay elements are connected in parallel (Fig. 9, b), redundancy is provided for failures of the open type with an efficiency of B Q = 1/q, and for failures of the short circuit type the reliability is reduced.
Fractional redundancy. With fractional redundancy, the system can function if r of n similar elements working in parallel are in working condition. The system fails if the number of failed elements is z. Using the state enumeration method, we determine the probability of failure of such a system
In each state, the number of operable elements is n - z, and the probability of this state, then
where C n z = n!/ is the number of combinations of n elements in z, and 0! = 1; =1. At<<1 .
With an exponential law of distribution of failure-free operation time and failure rates of each element
Since without a reserve the system includes r operating elements, the probability of failure of the original system when assessing the effectiveness of the reservation is 1-(1-q) r. So, if the system includes three parallel operating elements and r = 2, then at q = 0.1, k = 1/2, m = 2 according to (11)
A type of permanent reservation with a fractional multiple is reservation with majority voting (majority). A block diagram of a system using this redundancy method is shown in Fig. 10. An odd number of elements operate in parallel, their output signals x 1, x 2,..., x n are fed to the input of the voting element Г (quorum element), the output signal of which coincides with the signal of the majority of elements. Systems with this type of redundancy usually use three elements, less often five. For the system to be operational, the correct operation of most elements is necessary. System failure occurs when the number of failures z m = (n + 1)/2.
Rice. 10
Rice. eleven
The probability of failure of a system with majority redundancy with n = 3 and n = 5 equally reliable elements according to (10) is respectively:
Q 3 = 3q 2 - 2q 3; Q 5 = 10q 3 - 15q 4 + 6q 5. (12)
The efficiency of this reservation method for n=3 is B Q = q/(3q 2 - 2q 3) = 1/(3q - 2q 2). If q< 0,5, резервирование эффективно, при q = 0,5 надежность системы при резервировании не изменяется, а при q >0.5 redundancy leads to a decrease in reliability.
Majority redundancy is widely used in protection systems for reactors and heating equipment. Thus, the system of protection against excess pressure in the boiler drum, shown in Fig. 11a, includes electric contact pressure gauges M1, M2, M3, a power relay CP and an electric pressure relief valve K. The protection system is triggered when the contacts of any two of the three pressure gauges are closed. The connection diagram of the pressure gauge contacts is shown in Fig. 11, b. Current flows through the winding of the CP power relay when any two pairs of contacts are closed; a special quorum element is not required in such systems. Failures of the type “false activation” or “non-operation” in the system occur with corresponding failures of two out of three pressure gauges, i.e. this backup method is equally reliable for both types of failures.
Rice. 12
Element-by-element reservation. The reliability of a system containing groups of elements or individual elements with element-by-element redundancy is calculated using the general constant redundancy formulas (1), (2), (10). So, if the system consists of n sections with element-by-element redundancy of integer multiplicity k i , then the probability of failure-free operation of the system
where q ij is the probability of failure of the j-th element included in the i-th redundancy section.
To compare the effectiveness of general and element-by-element redundancy, we compare the failure probabilities of two systems that include the same n(k+1) number of equally reliable elements (Fig. 12). In the first case (Fig. 12, a) a general redundancy of a system of n elements with a multiplicity of k is carried out, in the second case (Fig. 1 2, b) with element-by-element redundancy, each of the n elements of the system has k reserve ones.
Probability of system failure with shared redundancy
Assuming that the probability of failure of each element q<<1 и (1- q) n 1 - nq, получаем. Для раздельного резервирования, используя (13) и считая q<<1, получаем
The efficiency of element-by-element reservation compared to the general one will be n k. With increasing depth n and multiplicity k of redundancy, its efficiency increases. The use of element-by-element redundancy is associated with the introduction of additional connecting elements that have limited reliability. In this regard, there is an optimal depth of redundancy n opt; when n>n opt, the redundancy efficiency decreases.
Permanent redundancy means that the failure of one or more elements of the redundant system, as a whole, does not affect its operation. The elements are permanently connected, the circuit is not rebuilt. When creating such systems, it is necessary to take into account the various consequences that result from the failure of elements.
The diagram of this redundancy method is shown in Fig. 1
The redundant elements are connected in parallel with the main one during the entire period of operation. The elements are permanently connected. Failed elements are not disabled. There is no restructuring of the scheme.
b Advantage This scheme is due to its simplicity and absence of interruptions in work.
b Disadvantage - increased resource consumption of reserve elements, because they are in working mode constantly.
This method is most appropriate when reserving small elements (relays, resistors, small circuits, etc.)
There are general and separate reservations.
General reservation- this is a reservation in which the reserved element is the object as a whole.
The general redundancy scheme is shown in Fig. 2.
Separate reservation- this is a reservation in which individual elements or their groups are reserved. The separate redundancy scheme is shown in Fig. 3.
In the first case, for the main system to fail, it is enough that one element in each circuit fails. In the second case, a system failure occurs when any element from the main circuit and all backup ones fail.
In order to compare different methods of redundancy and select the optimal one from the point of view of obtaining the most reliable system, or the number of elements, or another criterion, various types of redundancy are calculated and compared.
Let's compare two types of system redundancy, general and separate. Let us assume that all elements are the same and have an equal probability of failure q.
ь Then for general reservation.
The probability of failure of the main system is determined as follows
The probability of failure of the redundant system Q op will be equal to
ь In case of separate reservation.
If the probability of failure is very small, then, expanding the right-hand sides of the formulas into series in powers of n and neglecting terms with q to a power greater than one, we obtain.
Classification of system redundancy methods
The currently achieved level of reliability of the element base of electronics, radio engineering, mechanical elements, and electrical engineering is characterized by failure rate values λ=10 -6 ...10 -7 1/h. In the near future we can expect this level to rise to λ= 10 -8 1/h. This will make it possible to increase the time between failures of a system consisting of N = 10 6 elements to a value of 100 hours, which is clearly not enough. The required reliability of complex systems can only be achieved by using various types of redundancy.
Redundancy is one of the main means of ensuring a given level of reliability (especially failure-free operation) of an object when its elements are insufficiently reliable.
In accordance with GOST 27.002-89 reservation is the use of additional means and (or) capabilities in order to maintain the operational state of an object in the event of failure of one or more of its elements. Thus, redundancy is a method of increasing the reliability of an object by introducing redundancy. In its turn, redundancy - These are additional tools and (or) capabilities that are beyond the minimum required for the object to perform specified functions. The purpose of introducing redundancy is to ensure the normal functioning of an object after a failure occurs in its elements.
There are various reservation methods. It is advisable to separate them according to the following criteria (Figure 4.7): type of redundancy, method of connecting elements, multiplicity of redundancy, method of switching on the reserve, mode of operation of the reserve, restorability of the reserve.
Figure 4.7 – Classification of redundancy methods
Structural redundancy, sometimes called hardware (element, circuit), involves the use of reserve elements of the object structure. The essence of structural redundancy is that additional elements are introduced into the minimum required version of the object. The elements of the redundant system have the following names. Main element- an element of the object structure necessary for the object to perform the required functions in the absence of failures of its elements. Reserve element - an element of an object intended to perform the functions of the main element in the event of failure of the latter.
The definition of the main element is not related to the concept of minimality of the main structure of the object, since an element that is the main one in some operating modes can serve as a backup in other conditions.
Reserved element- the main element, in case of failure, for which a backup element is provided in the facility.
Figures 4.8 – 4.10 show connection diagrams of the main and backup elements, the so-called parallel connection of elements. A system with parallel connection of elements is a system that fails only if all its elements fail.
Figure 4.8 – Example of parallel connection of elements
a – schematic diagram, b – design diagram
Figure 4.9 – Example of parallel-series connection of SUKhTP elements
a - functional diagram, b - design diagram
Figure 4.10 – Example of a bridge connection of elements
Temporary reservation associated with the use of time reserves. In this case, it is assumed that the time allocated for the object to perform the necessary work is obviously greater than the minimum required. Time reserves can be created by increasing the productivity of an object, the inertia of its elements, etc.
Information backup- This is redundancy using information redundancy. Examples of information redundancy are multiple transmission of the same message over a communication channel; the use of various codes when transmitting information over communication channels that detect and correct errors that appear as a result of equipment failures and the influence of interference; introduction of redundant information symbols when processing, transmitting and displaying information. Excess information makes it possible to compensate, to one degree or another, for distortions in transmitted information or eliminate them.
Functional redundancy- redundancy, in which a given function can be performed in various ways and technical means. For example, the function of transmitting information to an automated control system can be performed using radio channels, telegraph, telephone and other means of communication. Therefore, the usual average reliability indicators (mean time between failures, probability of failure-free operation, etc.) become uninformative and insufficiently suitable for use in this case. The most suitable indicators for assessing functional reliability are: the probability of performing a given function, the average time to complete a function, the availability rate for performing a given function.
Load redundancy- this is redundancy using load reserves. Load redundancy, first of all, consists in ensuring optimal reserves of the ability of elements to withstand the loads acting on them. With other methods of load backup, it is possible to introduce additional protective or unloading elements.
The listed types of redundancy can be applied either to the system as a whole, or to individual elements of the system or to their groups. In the first case, reservation is called general, in the second – separate. The combination of different types of reservation in the same object is called mixed.
Based on the method of inclusion of reserve elements, a distinction is made between permanent, dynamic, replacement, sliding and majority reservation. Permanent reservation- this is a reservation without rebuilding the structure of an object in the event of a failure of its element. For permanent redundancy, it is essential that in the event of a failure of the main element, no special devices are required to activate the backup element, and there is also no interruption in operation (Figures 4.11 - 4.13). Permanent redundancy in the simplest case is a parallel connection of elements without switching devices.
Figure 4.13 – Mixed redundancy with always-on reserve
Dynamic reservation- this is a redundancy with restructuring of the structure of an object when a failure of its element occurs. Dynamic reservation has a number of varieties.
Reservation by substitution- this is dynamic redundancy, in which the functions of the main element are transferred to the backup one only after the failure of the main element. Including a reserve by substitution (Figures 4.14, 4.15) has the following advantages:
– does not violate the reserve operating mode;
– preserves the reliability of backup elements to a greater extent, since when the main elements are operating they are inoperative;
– allows you to use a reserve element for several main elements.
A significant disadvantage of replacement redundancy is the need for switching devices. With separate redundancy, the number of switching devices is equal to the number of main elements, which can greatly reduce the reliability of the entire system. Therefore, it is beneficial to reserve large units or the entire system by replacement, and in all other cases - with high reliability of switching devices.
Rolling reservation- this is reservation by replacement, in which a group of main elements of an object is reserved by one or more reserve elements, each of which can replace any failed main element in this group (Figure 4.16).
Figure 4.16 – Sliding reservation with same-type (a) and heterogeneous (b) elements
Widely used in control systems majority reservation(using "voting"). This method is based on the use of an additional element called a majority, or logical, element. A logic element allows for comparison of signals coming from elements performing the same function. If the results match, they are transmitted to the output of the device.
Figure 4.17 shows redundancy based on the “2 out of 3” principle, i.e. any two matching results out of three are considered true and are passed to the output of the device. Many circuits of control and protection system (CPS) subsystems are built on this principle. You can use the “3 out of 5” ratio, etc. The main advantage of this method is to ensure increased reliability in case of any types of element failures and increase the reliability of information-logical objects.
Figure 4.17 – Majority reservation
The degree of redundancy is characterized by the multiplicity of redundancy. Reserve ratio is the ratio of the number of reserve elements of an object to the number of main elements reserved by them, expressed as an unreduced fraction. Redundancy with integer multiplicity occurs when one primary element is backed up by one or more backup elements.
Reservation with fractional multiplicity – This is a reservation when two or more elements of the same type are reserved by one or more backup elements. The most common option for fractional redundancy is when the number of main elements exceeds the number of reserve elements. A reservation whose multiplicity is equal to one is called duplication.
Depending on the operating mode of the reserve, there are loaded, light and unloaded reserves. Loaded reserve – This is a reserve that contains one or more reserve elements that are in primary element mode. It is assumed that the elements of the loaded reserve have the same level of reliability, durability and storability as the main elements of the object that they reserve. Light reserve – This is a reserve that contains one or more backup elements that are in a less loaded mode than the main one. Light reserve elements, as a rule, have a higher level of reliability, durability and storage than the main elements. Unloaded reserve- this is a reserve that contains one or more reserve elements that are in an unloaded mode before they begin to perform the functions of the main element. For elements of an unloaded reserve, it is conventionally assumed that they never fail and do not reach the limit state.
Redundancy, in which the operability of any one or more reserve elements in the event of failures is subject to restoration during operation, is called backup with restoration, otherwise it occurs backup without restoration. The recoverability of the reserve is ensured by monitoring the operability of the elements. If there is redundancy, this is especially important, since in this case the number of hidden failures may be greater than in the absence of redundancy. Ideally, the failure of any element of an object is detected without delay, and the failed element is immediately replaced or repaired.
TOPIC: “Classification of reservation methods”
PLAN:
1. Redundancy and redundancy
2. Classification of reservation methods
In accordance with GOST 27.002-89, redundancy is the use of additional means and (or) capabilities in order to maintain the operable state of an object in the event of failure of one or more of its elements. Thus, redundancy is a method of increasing the reliability of an object by introducing redundancy.
In turn, redundancy is additional means and (or) capabilities beyond the minimum required for an object to perform specified functions. The purpose of introducing redundancy is to ensure the normal functioning of an object after a failure occurs in its elements.
There are various reservation methods. It is advisable to separate them according to the following criteria (Fig. 1): type of redundancy, method of connecting elements, multiplicity of redundancy, method of switching on the reserve, mode of operation of the reserve, restorability of the reserve.
The definition of the main element is not related to the concept of minimality of the main structure of the object, since an element that is the main one in some operating modes can serve as a backup in other conditions.
Redundant element - the main element, in case of failure of which a backup element is provided in the object
Time reservation is associated with the use of time reserves. In this case, it is assumed that the time allocated for the object to perform the necessary work is obviously greater than the minimum required. Time reserves can be created by increasing the productivity of an object, the inertia of its elements, etc.
Information redundancy is redundancy using information redundancy. Examples of information redundancy are multiple transmission of the same message over a communication channel; the use of various codes when transmitting information over communication channels that detect and correct errors that appear as a result of equipment failures and the influence of interference; introduction of redundant information symbols when processing, transmitting and displaying information. Excess information makes it possible to compensate, to one degree or another, for distortions in transmitted information or eliminate them.
Functional redundancy is redundancy in which a given function can be performed in various ways and by technical means. For example, the function of quickly shutting down a water-cooled power reactor can be achieved by inserting safety rods into the core or by injecting a boron solution. Or the function of transmitting information to an automated control system can be performed using radio channels, telegraph, telephone and other means of communication. Therefore, the usual average reliability indicators (mean time between failures, probability of failure-free operation, etc.) become uninformative and insufficiently suitable for use in this case. The most suitable indicators for assessing functional reliability: the probability of performing a given function, the average time to complete a function, the availability rate for performing a given function
Load redundancy is redundancy using load reserves. Load redundancy, first of all, consists in ensuring optimal reserves of the ability of elements to withstand the loads acting on them. With other methods of load backup, it is possible to introduce additional protective or unloading elements
Based on the method of inclusion of reserve elements, a distinction is made between permanent, dynamic, replacement, sliding and majority reservation. Permanent redundancy is redundancy without restructuring the structure of an object in the event of a failure of its element. For permanent redundancy, it is essential that in the event of a failure of the main element, no special devices are required to activate the backup element, and there is no interruption in operation (Fig. 5.2 and 5.3).
Permanent redundancy in the simplest case is a parallel connection of elements without switching devices.
Dynamic redundancy is a redundancy with restructuring of the structure of an object when a failure of its element occurs. Dynamic reservation has a number of varieties.
