API 670 Overspeed Protection
Discussion
Updated 9/2008
API stands for American Petroleum Institute. Oil Refineries have a lot of rotating machinery, including turbines, so they have taken the lead in developing standards for turbine protection. The 4th edition of the standard is dated 12/2007. The publication is copyrighted and sold by API through various standards outlets. The document is 100 pages. Only a couple of pages directly relate to the overspeed protection function. The standard deals with a number of protection concepts, but the main focus is on vibration. We have summarized the overspeed requirements and included some quotes directly related to overspeed protection.
The approach to overspeed protection is to design a failsafe system that will arrest an overspeed acceleration quickly and record the highest speed reached.
It must be noted that the standard is not a piece of equipment you can buy. It is a design and operations guide. Various devices will contribute to a system design that addresses the core concepts of the standard. A Woodward Protech 203 Overspeed Protection System is a device that can be implemented as per the standard concepts to achieve the detection and initial actuation functionality of the standard. It can replace a mechanical overspeed trip mechanism, but it does not provide the final mechanical muscle to shut off the steam. The mechanical portion of the trip system needs to be evaluated to achieve failsafe reliability.
If a stop valve sticks and does not close, no upstream actuation device or logic will stop the turbine. As per the standard concept of redundancy, there arguably should be 2 stop valves in series, but there are also economic realities to balance. The standard's hardware concepts may not be applied to all system functionality. As in the case of stop valves, reliability is achieved by daily testing rather than device redundancy. Daily testing is something that is implemented at the operations level, something the trip system may support, but is not autonomically executed for a number of reasons. Daily testing is a critical part of a trip system's reliability that is typically written into the equipment operating procedures, but is often not executed at many sites throughout the industry.
The standard chooses to discard mechanical overspeed detection in favor of electronic detection because the mechanical systems have historically been problematic from various perspectives. The final actuation devices, of course, need to be mechanical, electric, hydro-mechanical, or pneumatic. Electronic detection enables numerous desirable functions not available through mechanical detection. Legacy actuation systems are typically hydro-mechanical with electric solenoid trip-oil dump or block and bleed valves.
To achieve a failsafe design utilizing electronic detection, the design must incorporate voting for confirmation, redundancy for reliability, and be configured to trip the turbine if power is lost. The Woodward Protech 203 achieves this by utilizing 2 out of 3 voting logic. The voting is hardware voting via relay coils (voting is not done by a microprocessor). There are 2 independent voting circuits (on some models), and each voting circuit outputs to separate relays.
The Woodward Protech 203 is an excellent choice because it directly addresses the standard's concepts in a simple design that is easy to implement, configure, and train personnel to use. Woodward is in the speed control business, and their Magnetic Pickup (MPU) signal conditioning is better than other offerings. The Protech 203 feature set is less than competitors like the Compressor Controls Corporation Guardian, which offers Modus and more detailed event logging, but the CCC Guardian is much more problematic and cumbersome to install, wire, and configure. The CCC Guardian's MPU inputs are finicky, requiring adjustment and calibration not necessary when utilizing a Woodward Product. An area where the Woodward Protech 203 is weak is the LCD display. It is difficult to read in less than optimal lighting environments.
Another offering is a Bafco Valve, which does the 2 out of 3 voting at the hydraulic trip solenoid level. The Woodward Protech 203 and CCC Guardian do the voting with electo-mechanical relays and drive redundant trip solenoids.
The trip solenoids are de-energize to trip. 2 solenoids are utilized to achieve redundant reliability. The trip solenoids are part of the mechanical actuation portion of the system, as opposed to the detection portion of the system that utilizes 2 out of 3 voting.
Most turbines of reasonable size will use a trip oil system to close a steam stop valve (or trip & throttle valve). Oil pressure must be supplied to the valve to permit it to open. The oil pressure will typically work against a spring. The spring can shut the stop valve quickly, and the oil pressure can open it slowly.
Smaller turbines typically use a trip oil system that passes control oil through a restriction (orifice) to create a trip oil header down stream of the restriction. Multiple devices (trip solenoid valves) can operate in parallel to dump the trip oil header to drain while control oil upstream of the restriction is maintained to drive the power piston. For such applications, Normally Open 2-Way Solenoid Valves can be utilized. The valves are arranged in parallel so either one will dump the trip oil header to drain.
Most larger turbines use a block and bleed valve rather than a restriction. For such systems, a 3-Way Solenoid Valves need to be utilized with the common port going to the stop valve. (Two 2-Way Valves, one normally open, and one normally closed may be arranged to create a 3-Way Valve). The Two 3-Way Valves cannot be placed in parallel. They have to be arranged in series.
An overspeed protection system built to a proven and accepted Standard is more reliable than a mechanical trip system, plus it offers many advantages including the ability to test the trip system without actually over-speeding the turbine. Mechanical trip systems can be unreliable for a number of reasons, and testing is a risky and expensive operation.
Many of the Protech 203 sales are driven by a customer's insurance company, who will often give the user a better insurance rate if they remove the old mechanical system and replace it with a system conforming to the API 670 Standard.
Some customer's want to keep their old mechanical trip systems, but we argue that a reliable system built to API Standard is much better than multiple systems that might be unreliable.
I have been on jobs where the end user has taken days to do required mechanical overspeed testing, often while paying multiple support vendors to standby. If the driven equipment is a pump or compressor, it will often need to be uncoupled. With a Protech 203, testing of the trip detection modules can be done without even shutting the equipment down. There is no need to drive the unit into an overspeed condition to test the detection functionality.
It is recommended that the turbine be tripped to test the mechanical actuation portion of the trip system, but for critical applications, individual components can be individually tested for proper operation without tripping the turbine if the Dump Valves have a blocking valve or the 3-Way Block & Bleed Valves have a bypass.
The systems will often pay for themselves in the monetary savings realized during just 1 or 2 overspeed trip test. These savings are reoccurring while the capital cost of implementation is a one time occurrence. Another reoccurring savings often realized is the lower insurance premium offered by a users insurance carrier.