Abstract: To further enhance the reliability and safety of frequency measurement signals in speed control systems and prevent major accidents caused by hydropower plant governors mistakenly switching to faulty frequency measurement signals, a 2x3-out-of-2 redundancy technique is adopted. For the governor's frequency measurement signal, the 2x3-out-of-2 hardware circuit, frequency measurement alarm logic, and frequency measurement switching logic are presented. Based on a field test of a large power plant governor, the 2x3-out-of-2 redundancy measurement logic for the governor's frequency signal is experimentally verified. The results show that the governor system using B&R's "dual PCC + three frequency measurement" mode, with each of its two PCCs having three frequency measurement signals, can significantly improve the reliability of frequency measurement after program optimization, resulting in higher reliability and safety for unit regulation. The 2x3-out-of-2 frequency measurement signal redundancy technique can be promoted and applied to other large hydropower plant governor systems.
Keywords: Hydropower plant speed governor; 2x3 selection; Frequency signal; Redundancy measurement
introduction
The reliability of the governor system in hydropower plants affects the stability of generator speed and power regulation, thus determining the quality of power supply to the grid. The reliability of the frequency measurement signal plays a crucial role in the governor's regulation process. Most domestic power plant governor systems have three frequency measurement signals: one residual voltage signal and two gear disc frequency measurement signals. The residual voltage signal is the primary signal. When the residual voltage signal fails, it switches to gear disc 1; when both the residual voltage and gear disc 1 fail, it switches to gear disc 2. However, a problem exists: the governor primarily uses the residual voltage signal for frequency measurement. When the frequency deviation between the residual voltage and gear disc 1 exceeds 0.5Hz, it switches to gear disc 1. This fault switching logic cannot determine whether the fault lies in the residual voltage or gear disc 1 signal, potentially switching to the faulty signal, leading to erroneous governor regulation and even unplanned unit shutdowns. Therefore, a domestic power research institute issued a "Warning Letter Regarding the Risk of Power Fluctuations Due to Unreasonable Frequency Measurement Logic in Some Hydropower Station Governor Cabinets." The existing dual-redundant frequency measurement method has obvious defects and can no longer meet the reliable control of large hydropower units. It is necessary to study new redundant control strategies to avoid the unfavorable situation of using fault frequency signals as the main regulation signal. [1,7]
1. Fault-tolerant techniques and 2x3 redundancy
Fault-tolerant technology refers to the technology that tolerates faults to a certain extent, also known as fault masking. A system that adopts fault-tolerant technology is called a fault-tolerant system. Fault tolerance mainly relies on redundant design, which increases resources to improve reliability. Due to different resources, redundancy technology is divided into hardware redundancy, software redundancy, time redundancy, and information redundancy. Hardware redundancy obtains fault tolerance by reusing hardware. The basic idea of software redundancy is to use multiple different software programs to perform the same function, and to achieve fault tolerance by utilizing differences in software design. [2-4]
Assuming S(t) is the safety variable, R(t) is the reliability variable, λ is the failure probability, and C is the failure coverage, the following relationship between the safety and reliability of a single system can be obtained: S(t) = 1 - λ (1 - R(t)). [5]
Using a 2-out-of-3 redundancy calculation, we obtain:
R3(t)=1-[3R(1-R)2+(1-R)3], λ 3=3 λ ×2 λ ×(1-C)=6 λ 2(1-C),
S3(t)=1- λ 3(1-R3(t))=1-6 λ 2(1-C){1-[3R(1-R)2+(1-R)3]}. (1)
Using a 2x3 round-2 redundancy calculation, we obtain:
R4(t)=1-[3R(1-R)2+(1-R)3]2, λ 4=3 λ ×2 λ ×(1-C)=6 λ 2(1-C),
S4(t)=1- λ 4(1-R4(t))=1-6 λ 2(1-C){1-[3R(1-R)2+(1-R)3]2}. (2)
Since the fault coverage of the two-out-of-two and two-by-two redundancy methods is relatively weak, only the safety of the three-out-of-two and two-by-three-out-of-two methods is calculated here. In the calculation, λ = 0.1 and C = 0.9 [6]. Figure 1 shows the simulation curves of the safety under each redundancy method obtained by MATLAB programming. It can be seen that the safety of the two-by-three-out-of-two redundancy method has certain advantages. For the redundancy measurement of the speed controller frequency signal, theoretically, the two-by-three-out-of-two method is more suitable. [7]
Figure 1. Safety curves for two redundancy methods
2. Optimization of frequency measurement using a 2x3-out-of-3 approach
(1) Hardware circuit
The speed controller electrical cabinet consists of two independent B&R PCC controllers and corresponding I/O modules, communication modules, power supply modules, etc., plus an additional signal conversion module. The network frequency and machine frequency signals on the original A and B modules are retained, while the gear sprocket signals are transferred to the newly added signal conversion module. The new module only processes the two gear sprocket signals and sends the processed signals to the A and B PCC controllers respectively. The secondary wiring diagrams of the hardware circuit before and after optimization are shown in Figure 2.
Figure 2 Hardware loop logic before and after optimization.
(2) Frequency measurement alarm logic
The newly optimized program introduces three comparison variables: F5, F6, and F7. Specifically, F5 = |machine frequency - gear 1|; F6 = |machine frequency - gear 2|; and F7 = |gear 1 - gear 2|. The optimized frequency measurement alarm logic for each PCC set is shown in Figure 3.
When F5 > 0.5Hz, F6 > 0.5Hz, and F7 < 0.3Hz, a frequency deviation fault is reported; when F5 > 0.5Hz, F6 < 0.3Hz, and F7 > 0.5Hz, a gear 1 deviation fault is reported; when F5 < 0.3Hz, F6 > 0.5Hz, and F7 > 0.5Hz, a gear 2 deviation fault is reported. The alarm display window on the screen shows fault alarm quantities for frequency deviation, gear 1 deviation, gear 2 deviation, frequency sampling, gear 1 sampling, and gear 2 sampling, and the alarm signals are transmitted to the monitoring system via RS-485 communication.
Figure 3 shows the optimized PCC frequency measurement and alarm logic for each set.
(3) Frequency measurement switching logic
The original program judged one residual voltage signal and one gear disc signal. Under power generation conditions, if the deviation between the residual voltage and gear disc measurement values exceeded 0.5Hz, it switched to the gear disc signal and adopted a mechanical speed measurement method. The optimized program judged one residual voltage signal and two gear disc signals. Under power generation conditions, if the residual voltage was compared with both gear disc 1 and gear disc 2, and the residual voltage channel was fault-free, the residual voltage signal was used as the primary signal. If the residual voltage signal was faulty, but both gear disc 1 and gear disc 2 were normal, the speed measurement method of gear disc 1 was used. If the residual voltage signal was faulty, or one of the gear discs (1 or 2) was faulty, the other gear disc signal with good quality was used as the primary signal. The PCC frequency measurement switching logic before and after optimization is shown in Figure 4.
Figure 4 shows the switching logic for each PCC frequency measurement set before and after optimization.
3. Experimental Verification and Analysis
To verify the optimized frequency measurement alarm logic and frequency measurement switching logic, a static test was conducted at a large hydropower plant in China. Simulating the governor entering the generating state, a relay protection device was used to transmit frequencies, inputting 50Hz signals to one residual voltage channel and two gear channels respectively. This enabled both B&R PCCs (A and B) to detect and display the three initial 50Hz frequency measurement signals. Simulated fault conditions included: ① Fault condition one: The residual voltage signal deviates from the other two signals by more than 0.5Hz, while the other two deviates by less than 0.3Hz; ② Fault condition two: The gear 1 signal deviates from the other two signals by more than 0.5Hz, while the other two deviates by less than 0.3Hz; ③ Fault condition three: The gear 2 signal deviates from the other two signals by more than 0.5Hz, while the other two deviates by less than 0.3Hz.
Figures 5-7 show the waveforms of analog quantities and fault output quantities under three different fault conditions. The conversion between the y-coordinate code value and frequency (Hz) for each analog quantity is: sampled code value ÷ 4000 = frequency (Hz) value. Analysis of Figures 5-7 shows that:
(1) In Experiment 1, after 64s, when the residual voltage becomes 50.7Hz, the toothed disk 1 becomes 50.1Hz, and the toothed disk 2 becomes 50Hz, there are variables F5=0.6Hz, F6=0.7Hz and F7=0.1Hz, which correspond to samples 2399, 2799 and 400 in the waveform recording curve of Figure 5, respectively. At this time, since F5 and F6 are both greater than 0.5Hz and F7 is less than 0.3Hz, the program reports a frequency deviation fault, and the main signal F[0] is changed from the original residual voltage sampling (Unit_Freq_Smple) value 202800 (50.7Hz) to the toothed disk 1 sampling (Freq_CP_Fdbk) value 200402 (50.1Hz).
(2) In Experiment 2, after 86s, when the residual voltage becomes 50Hz, the toothed disk 1 becomes 50.7Hz, and the toothed disk 2 becomes 50.1Hz, there are variables F5=0.7Hz, F6=0.1Hz and F7=0.6Hz, which correspond to samples 2796, 396 and 2400 in the waveform recording curve of Figure 6, respectively. At this time, since F5 and F7 are both greater than 0.5Hz and F6 is less than 0.3Hz, the program reports a toothed disk 1 deviation fault, and the main signal F[0] still selects the residual voltage sampling (Unit_Freq_Smple) value of 200007 (50Hz), which remains unchanged.
(3) In Experiment 3, after 25s, when the residual voltage becomes 50.1Hz, the toothed disk 1 becomes 50Hz, and the toothed disk 2 becomes 50.7Hz, there are variables F5=0.1Hz, F6=0.6Hz and F7=0.7Hz, which correspond to samples 402, 2398 and 2800 in the waveform recording curve of Figure 7, respectively. At this time, since F6 and F7 are both greater than 0.5Hz and F5 is less than 0.3Hz, the program reports a toothed disk 2 deviation fault, and the main signal F[0] still selects the residual voltage sampling (Unit_Freq_Smple) value of 200404 (50.1Hz), which remains unchanged.
In summary, the optimized program's frequency measurement alarm logic and frequency measurement switching logic are consistent with the fault simulation test results, indicating the correctness of its three-to-two logic optimization.
4. Conclusion
To address the risk of a major accident caused by a hydropower plant governor accidentally switching to a faulty frequency measurement signal, a 2x3-out-of-2 optimization design was implemented for the governor's frequency measurement signal. The design includes a 2x3-out-of-2 redundant hardware loop, frequency measurement alarm logic, and frequency measurement switching logic. Field tests on a large hydropower plant governor were conducted to verify the 2x3-out-of-2 redundant measurement logic for the governor's frequency signal. The results show that in a governor system employing a "dual PCC + three frequency measurement" mode, each of the two B&R PCCs has three frequency measurement signals. The optimized program significantly improves the reliability of frequency measurement, resulting in higher reliability and safety for unit regulation. The 2x3-out-of-2 frequency measurement signal redundancy technology can be widely applied to other large hydropower plant governor systems.
Figure 5 Waveforms of each variable in Experiment 1
Figure 6. Waveforms of each variable in Experiment 2
Figure 7 Waveforms of each variable in Experiment 3
References:
Yu Jiwei, Tian Xianbin, Cai Weijiang. Application research of three-choice-two-redundancy measurement technology in the speed control system of hydropower units [J]. Automation Information, 2012(3):54-56.
Ye Yinzong, Pan Rifang, Jiang Weisun. Fault detection and diagnosis of dynamic systems. (Review). Information and Control, No. 6, 1985.
Zhou Donghua. Fault-Tolerant Control Theory and Its Applications, 2000.
Zhang Xinjia. Fault-tolerant control theory and its applications. 1991.
Huang Yuheng. Practical Calculation Methods for System Reliability. 1986.
Ren Peng. Redundant Structural Design of Two-out-of-Three Structures [D]. Southwest Jiaotong University, 2009.
Li Zheng, Shi Haidong, Zhao Yong. Research on signal redundancy technology of hydropower plant speed control system based on 2x3-out-of-2[J]. Hydropower Plant Automation, 2018, 39(02):62-66.
