info@relesoft.io

Notes on implementing RaSTA protocol

Niko Reunanen

Rail Safe Transport Application (RaSTA) is a communication protocol for safe and highly available communication between railway systems. There are many other communication protocols available, including Transmission Control Protocol (TCP). What makes RaSTA relevant? Well, it is the official communication protocol of EULYNX, which is an European initiative to standardise interfaces and elements of the signalling systems. Therefore, it is important for railway signalling system designers to understand RaSTA.

EULYNX defines Process Data Interface protocol (PDI) to exchange functional information between communication partners. Its protocol stack relies on a safety, retransmission and redundancy layer for safe communication according to EN 50159. The protocol used to implement the layer is called Safe Communication Protocol (SCP).

RaSTA is the SCP of EULYNX. Therefore, you have to implement RaSTA for your EULYNX – compatible interlockings and object controllers. Otherwise they will not connect or exchange bytes with other EULYNX – compatible systems. Needless to say that it is critical to implement RaSTA correctly.

Relesoft has implemented RaSTA for multiple EULYNX – compatible systems, including Relesoft Gateway, which is EULYNX adapter for relay interlockings. We wish that our findings and this post helps you to implement RaSTA because is a foundational component of EULYNX.

Relesoft RaSTA implementation notes

Correctness

  • Write integration and sequence tests for message retransmission, which can be tricky to implement. Do not expect the retransmission mechanism to work correctly with your first iteration. Make sure to test the specification retransmission sequences 5.7.3.2 and 5.7.3.3.
  • Sequence numbers in their many forms in safety layer are encoded as unsigned 32bit integers. Make sure to wrap them around to zero if they overflow 2^32-1 during increment. Write specific test cases for the overflow of SN_T, SN_R and PDU_CTS.
  • Use the specified random initialisation of sequence numbers in safety layer. This will make your integration tests much easier to understand. For example, if you run two RaSTA instances simultaneously, then the random initialisation makes it much easier to distinguish from each other.
  • The specification defines only seven official sequence diagrams of correct exchanges of messages. Their actual specification and code coverage is relatively small. Make sure to write tests to cover the entire event-state matrix.
  • Read the event-state matrix carefully. For example, when receiving a retransmission request with SNinSeq==false in Up state, notice that you also have to send a retransmission request after finishing the normal message retransmission procedure.

System

  • It makes life easy and the corresponding data structures clean to associate one RaSTA connection with an instance of the RaSTA layers.
  • The specification does not say how to discover the remote transport devices. One straightforward approach is to keep a register of k newest and distinct IP addresses that have sent network packets to you. Then you can simply send redundancy layer packets to these IP addresses.

Deployment

  • Eventually you have to connect with external, 3rd party RaSTA implementations. This can uncover bugs in your implementation and in the external implementation at the remote. It is crucial to have a good logging for your RaSTA with sequence numbers, timestamps, socket activity and so on. Otherwise it will be challenging or impossible to locate the problems in your code, or to prove that the external RaSTA has problems.
  • External systems induce latency from network transfer and processing time. You might encounter problems that are not evident in your local development environment with an instantaneous loop-back connection. For example, if the remote has not confirmed your messages in a while, then your next sent messages might have stale timestamps if they are assigned only when created for send queue. Write a test that simulates a remote that confirms your messages slowly.

We can test your RaSTA implementation

Relesoft Test Center has a suite of tests to test your RaSTA, including black-box server tests that are important for object controllers. If you are interested in learning more, or if you have anything else on your mind, please contact us at info@relesoft.io

Leave a Reply

Your email address will not be published. Required fields are marked *