In facilities with high demand for electricity, such as hospitals or data centers, communication between generator sets is critical to maintaining power levels. In these types of applications, generator sets are often electrically connected to help manage larger power demands. This configuration, called generator set paralleling, helps ensure more efficient load distribution and load response in the network.
One way to run a power system with a parallel generator set is to use a dedicated multifunctional generator set controller that integrates parallel control on the generator set. With the Cat® EMCP 4.4 control system, the controllers communicate with each other over the Ethernet backbone and synchronize the generator set through a connection to a single Ethernet switch.
This parallel approach is cost-effective because it combines the functionality of discrete parallel control devices and programmable logic controllers with generator set control, reducing the space footprint of the parallel cabinets, thereby reducing project investment costs. However, this approach raises questions among power system designers and users:
What happens if the Ethernet switch fails and the generator set can no longer communicate?
What happens if the link from one or more generator sets goes down and the communication between those units is interrupted?
In this case, will the power system continue to operate, distribute the load, and respond to load changes in a safe and stable manner?
For generator sets equipped with EMCP4.4 control and multiple generator data links (MGDL), the answer is yes. Caterpillar’s patented policy, known as fault protection adaptive load distribution/sag operation, is programmed in an EMCP 4.4 system to intelligently switch devices to a control scheme for uninterrupted stable operation until full communication is restored. Loss of communication also triggers alarms that alert the operator to the condition in order to speed up repairs.
Understand the risks
The traditional communication fault handling method in parallel generator sets has the risk of system instability and unsafe engine operation. In the standard response to communication failures, devices are divided into two modes: sag and synchronization. The unit in sag mode is automatically placed at a fixed predetermined target load level, such as a 50% load at the nominal frequency. Synchronous oscillation machines, also known as oscillating machines, bear most of the load variation. Only after the synchronous mode unit exceeds more than 100% of its rating does the sag unit begin to withstand the load.
This control scheme has two major drawbacks. First, sag generator sets may operate at different load percentages when communication is lost. The frequency and load on the sag curve must then be immediately adjusted. This could mean suddenly increasing or decreasing its fuel to match the frequency of the syncgeneration set, which can lead to system instability and loss of synchronization. Even after the system stabilizes, the sync group is overloaded due to increased load. While sagging generator sets can add more load, this design does not allow for this.
Another disadvantage of this approach is that it unnecessarily limits the power capacity of the system. The output power of the swinging machine changes with the load, while maintaining a constant speed and frequency on the system. When the sag unit is fixed to 50% load, it will always produce the same power output at a specific speed or frequency. Therefore, the maximum available load of such a system is limited to the combined output of the oscillating machine and the total fixed power output of the sag machine. Any load that exceeds this maximum will result in a decrease in speed and frequency. If the load increases to exceed this maximum available load, the oscillating machine may be overloaded even if the sag unit is operating much lower than its maximum capacity.
In addition, under this control mode, a combined fixed output with a minimum system load below the sag unit is not allowed. Otherwise, the system frequency will increase and the oscillating machine may become electric or reverse-powered.
Stable system performance
Leverage EMCP4.4’s fail-safe adaptive load distribution/droop operation to securely maintain stability by losing communication, seamlessly transition to fail-safe mode, and move gradually and stably to a new equilibrium point.
In this manner, fail-safe mode is triggered when no communication messages from one or more EMCP 4.4 units are received after a specified time interval. Loss of communication can be caused by a disconnected line, improper configuration, a power outage of an Ethernet router or hub device, or a power outage of an EMCP 4.4 device.
When communication is lost, the failure mode intelligently switches some of the missing units to fail-safe adaptive sag mode, while others switch to fail-safe synchronous load distribution mode. The mode of operation of updating the unit during communication loss can best serve the generator system.
Fault protection Adaptive sag operation changes over time as the load changes to stabilize the system
For example, if the units that have lost communication are still running and on the bus, they must be guaranteed to operate safely. Caterpillar’s patented MGDL system uses knowledge of network topology, which is conservative for lost units. Loss of communication causes network separation. Each cell is divided into synchronous load distribution groups and sag groups based on the following elements:
- The number of units that are still in communication in the total expected number of controls
- Minimum number of MGDL units
How EMCP 4.4 addresses separation in networks
Depending on where communication breaks in the network, four basic separation network scenarios are applied.
Scenario 1: If the controller (e.g., unit 01) detects less than half of the expected number of online controls, the minority controls operate in fail-safe adaptive sag mode and remain balanced in fail-safe adaptive synchronous load distribution mode.
Scenario 2: If the controller (e.g., unit 01) detects more than half of the expected number of online controls (most), the majority of the controls operate in fail-safe adaptive synchronous load distribution mode and remain balanced in fail-safe adaptive sag mode.
Scenario 3: If the controller detects that the expected number of controls on the network is exactly half, there are two possibilities: if the control detects the minimum number of units, that unit and half of the other units are running in fail-safe adaptive synchronous load distribution mode, and the other half are operating in fail-safe adaptive sag mode. If the control does not detect the minimum number of cells, the opposite is true. 
Scenario 4: If multiple separations in the network occur at different times, it is possible to end up with controls that run only in fail-safe adaptive sag mode, and not controls that run in fail-safe adaptive synchronous load distribution mode.
A simplified example illustrates how a generator set responds to communication interruptions under a fail-safe adaptive load distribution/sag run control strategy. In this case and other cases, the generator set follows procedural instructions to move smoothly to the equilibrium point from which the system responds appropriately to take on or offload the load, rather than quickly jumping to a predetermined output level.
Whether the unit is heavy or light in the event of an outage, the control strategy adapts and stabilizes the system. The unit responds smoothly to the load in a safe, slow manner with a pre-programmed load curve. In addition, this method retains a greater system load capacity than traditional communication fault response.
When a communication interruption is detected, the genset in most groups enters modified synchronous operation, while the genset in a minority group enters adaptive sag mode, first “freezing” at its final load level. As the load increases, the increase is absorbed by the synchronization unit. The load on the sag unit does not change.
As the load increases further, the synchronization unit continues to accept loads of up to 80% capacity. At this point, the synchronous unit refuses to be subjected to more load, the frequency decreases and the sag unit is subjected to more load. A similar process occurs when the load is reduced.
Fault Protection Adaptive Load Distribution and Fault Protection Adaptive Sag Mode have two basic effects:
- Seamlessly switch the fleet to fail-safe operation mode while continuing to deliver load, minimizing disruption to the system.
- Provides even load distribution between units to better serve loads by preventing premature underload or overloading of synchronous units
Return to normal
Fail-safe synchronous load distribution and fail-safe adaptive droop modes are only used for fail-safe operation and are not suitable for long periods of normal operation. While generator systems operating in fail-safe mode will adequately meet the system load, normal MGDL load distribution is a more reliable and stable mode of operation.
After fail-safe mode is enabled, the system needs to investigate. An alarm indicates when a loss of communication has occurred. Depending on how the alarm system is configured, it may take the form of a flash, audible signal, text message, or call operator smart phone or some combination thereof. After receiving an alert, you should take the correct troubleshooting steps as soon as possible to get the system back up and running.
Load distribution protocols are designed to make transition to fail-safe mode and exit fail-safe mode as seamlessly as possible, although not absolutely guaranteed. Changes in load distribution gain and system load can significantly affect the ability to convert between failure protection and normal operating modes without interference.
In summary, the fault protection adaptive load distribution/sag operation control strategy provides unique advantages that provide stability even after a single point of failure in a multi-generator set power system.
If you want to know more about Caterpillar power products and solutions, or if you want to get more information about the content mentioned in this article, you can leave a message to us in the official account dialog box, and we will arrange someone to communicate with you further.
![](/wp-content/uploads/2021/08/WhatApp-Icon.png"){kind=icon}
0 Comments