Concept of Operations (ConOps)
Concept of Operations (ConOps)
Coordinated CAV Operations
Under normal conditions, CAVs will be able to coordinate with little risk of interference from outside actors or unexpected events. The protocols which guide CAV operations and the map coordinates which show current lane boundaries will enable coordinated CAV activities such as platooning and safe lane changes. Protocols will be based on CAV functionality and on the ability of CAVWAY Controllers (CCs) to transmit information to nodes and CAVs via CAVNET. Lane assignment, which may require CAVs to change lanes at times, will normally be based on how far a CAV is from the downstream node at which it will leave a CAVWAY. To enable safe lane changes while preserving constant speeds and spacing, CC will require that CAV speed in one lane differ from that in adjacent lanes.
Davius' eighth commandment
On a Tour de France, remember protocols and the peloton.
The peloton - French for "platoon" - is a fixture in long-distance bicycle racing. Because some riders behind can draft on riders directly in front, peloton members can save energy and catch up to breakaway riders who take early leads.
Platooning, as used here, refers to CAVs traveling in a single lane at constant speeds and spacing. Think of each CAV riding in a "box" such that it is the boxes which travel at constant speeds; this allows us to imagine empty boxes, open for CAVs changing lanes.
On a CAVWAY, CAVs will use protocols to form platoons autonomously, that is using their own decision-making abilities to maintain correct speeds and spacing and to change lanes as appropriate when it is safe.
Load monitoring and access control
Platooning will not be sufficient to maintain continuous traffic flow. A CAVWAY will also monitor traffic loads and control CAV access such that traffic does not exceed capacity. Normally, the capacity of a two-lane CAVWAY in one direction, between node N(i) and downstream node N(i+1), will be the sum of the maximum number of CAVs which can travel in each lane. One constraint is that the number of CAVs exiting at node N(i+1) cannot exceed the capacity of the rightmost lane. Another constraint might be that all CAVs in the right lane between N(i) and N(i+1) must exit at N(i+1).
Protocols designed to enable CAVWAY nodes to maintain continuous flow, while using as much CAVWAY capacity as possible, will be subject to continual improvement; the work described here is intended to demonstrate feasibility rather than to assure optimal performance.
Periodically, each CAV will send a health-status message (including position, velocity, and status) to CC. The CAV will use a status field to 1) indicate that it is operating within specifications, 2) warn CC of an “out-of-spec” condition, or 3) send an alarm, that it is unable to continue safe operation.
CC will send broadcast, multicast, and point-to-point messages to CAVs and nodes to update CAVWAY maps, modify protocols, and mitigate problems. Upstream nodes will forward messages, such as heartbeats and alerts, from CAVs to CC. CAV alerts will include 1) warnings indicating that onboard gauges show fuel, pressure, temperature, or voltage out of tolerance, and 2) alarms, indicating an inability to continue safe travel. Nodes will send CAV action alerts to indicate to CC when a CAV has been denied access, entered an access queue, or entered or exited a CAVWAY; nodes will also send node malfunction and intrusion-detection alerts to CC.
CC will broadcast messages, including time and map updates to all nodes to be forwarded to local CAVs. In response to a CAV alert, CC might send an action message to the CAV to exit, move to the spare lane at the side of the corridor, or stop in lane.
CAVWAYs are charged with keeping the CAV-System environment safe for CAVs. When abnormalities arise, the CAVWAY must restore conditions to normal. CAVWAYs can thus be designed to address the local environment, including weather and geologic conditions.
Accidents and Malfunctions
Driver error will, by definition, be absent in CAV Systems. Designers will use worst-case design and redundancy to reduce the probability and the impact of accidents and malfunctions. Adherence to conservative system monitoring and maintenance guidelines can be expected to reduce the frequency of malfunctions. Since running out of fuel would be a hazard, checks to assure that each CAV has enough fuel to reach its destination will be required.
When malfunctions occur, an emergency-response network will support recovery and return to normal operation. Each CAVWAY will be designed to
A blocked lane will be considered an abnormal condition. In response to a blocked lane resulting from a CAV alarm or malfunction, CC will send a Re-route, Rescue, Remove, and Restore (R4) message. The R4 message will direct the closest node to the scene with an available rescue vehicle to dispatch that vehicle to the blockage site to restore normal conditions. To maintain continuous traffic flow, CC might broadcast a map-update message to establish a detour around the blockage or a merge to combine traffic from two lanes into one.
Figure 5 at right illustrates how CC might use CAVNET to 1) establish a detour to allow CAVs to bypass a stalled CAV, and 2) open a path to the stalled CAV for a rescue vehicle to aid travelers, remove the stalled CAV from traffic lanes, and restore normal conditions. The detour diagrammed in Figure 5, which shows blockage in lane 2 of a 3-lane corridor, moves traffic from lanes 2 and 3 into lane 3 and the spare lane respectively and frees a path for a rescue vehicle. Virtual lane dividers, shown as broken lines, indicate the detour. A clear lane 2 allows the rescue vehicle to
One CAV may exchange messages with nearby CAVs (within range on the wireless network) to cooperate as necessary, particularly in abnormal situations such as emergency speed or lane changes and corridor exits. CAVs might also exchange messages with nearby nodes.
Abnormal conditions include corridor surface hazards, stalled CAVs, unprotected work zones, and severe weather such as extreme temperatures or rain, ice, wind, or snow. A human threat against any part of a CAV System is an abnormal condition. Fog is considered normal since CAVs will use maps and navigation, rather than human eyesight, to stay in lanes and preserve spacing.
Requirements to respond to abnormal conditions will fall to state agencies, to be addressed by requirements on their CAVWAYs. Requirements include assuring the safety of all travelers, maintaining continuous traffic flow to the extent possible, and restoring normal conditions.
Hazardous External Conditions
Extreme weather conditions such as tornadoes, hurricanes, blizzards, sandstorms, or floods will impose the requirement that CC assure the safety of all travelers by slowing or temporarily halting traffic flow. Assessment of hazardous conditions may require human intervention to determine whether and when normal traffic flow can be restored without jeopardizing traveler safety.
Threats, Major Disruptions, and Low Probability Events
Under adverse conditions including 1) human vandalism, criminal activity, or terrorism, 2) major accidents such as a bridge collapse or extensive blockage resulting from collisions, or 3) low-probability events such as a plane crash on a CAVWAY, CC might need to bring traffic to a halt and call for human intervention.
Intentional damage caused by outsiders will be mitigated by physical security, barriers and locks. Surveillance raises the cost to criminals and the probability that they will be apprehended. Computer-account hacking and compromise of integrity cannot be allowed to jeopardize any mass-transit system or its travelers. The separation of the CAVWAY reservation system and emergency response network from public networks, such as the Internet, will reduce such vulnerabilities. The state will be obligated to protect traveler privacy and security and assure that neither the CAVWAY nor public safety can be endangered. The fail-safe process will limit damage resulting from an unforeseen attack. CAV Systems will not rely on a single navigation system, such as GPS; a ground-based backup will be deployed.
Those who operate, maintain, and monitor CAV Systems will be responsible for public safety. They will be carefully screened, well-trained, and highly motivated to protect the system and all travelers. Changes to system hardware and software will have to be approved by at least two people to lower the probability of insider abuse.
Embedding most of the traffic control in CAVs and away from a central authority will lower the probability of creating single points of failure. Critical shared components such as the CAV-System Clock, any reservation systems, the navigation system, and the emergency response network will require high security.