"Overrule" Safety Automation; Minimum Control Valve Size

A Reader Asks Our Experts to Explain "Underwater Nuclear Reactors" and "Overrule Safety." Plus, What's the Minimum Control Valve Size in an Oil Pipeline?

By Bela Liptak

Share Print Related RSS

Q: In your recent article you briefly referred to "underwater nuclear reactors" and to the order of magnitude improvement in their safety through automation. You also talked about "overrule safety" type automation. Could you elaborate on both of these topics a little more? I do not fully understand either term ("overrule safety" and "underwater reactor").

George F. Schmidt
SolarH2Cell@aol.com

A: The underwater reactor requires a small, artificial lake with the reactor at the bottom of it, inside a containment, as shown on the left of Figure 1. Under normal operation, the containment is evacuated to provide thermal insulation for the reactor, while under emergency conditions (see the right of the figure), the thermal expansion rods expand and open the safety valves so that the water flows by gravity into the containment. This design satisfies two key requirements for "overrule safety:"

  1. Nothing and nobody can turn off either of its energy sources: thermal expansion and gravity.
  2. No other energy source is required. All external and internal energy sources can fail and the shutdown will still take place safely.

I deal with this in detail in my recent book, Automation Can Prevent the Next Fukushima. The general philosophy of "overrule safety" automation is the same for all other processes. Its key characteristic is that nothing and nobody can turn it off. Take, for example, the BP accident: If the controls were so designed that the rig would have been "automatically" disconnected from the well and moved away as soon as fire was detected, 11 lives would have been saved.

Overrule safety also applies to protection against transportation accidents or cyberterrorism. In the case of cyberterrorism, we must understand that a firewall in our digital age is nothing more than what a visitors' door was in the past, and a password is nothing but the key to that door. When applied to protect against cyberterrorism, overrule safety is simply the elimination of both the door and the key. That means the process control computers are not connected to and cannot be accessed by anything or anybody: There is no door for visitors.

Therefore, in this age of cyberterrorism, the only road to absolute safety is to eliminate all wired and wireless contact to the outside, so not even the CEO can turn off the automatic override safety system. The key profession to explain all this to the public and to start applying the concept of overrule safety automation to our control systems is our own.

Béla Lipták

NORMAL: Containment is evacuated to thermally insulate the reactor and safety valves are closed, because the thermal expansion lifting rods are contracted    EMERGENCY: Containment is flooded as soon as safety valves are opened by the thermal expansion of the lifting rods. This automatically cools the reactor.

Q: Minimum Control Valve Size in an Oil Pipeline?

I am Kaushal Shah, working as an instrument design engineer for L&T Chiyoda Limited, India. I have a question concerning the API Standard 553, Section 3: Control Valves/ Sub Section 3.1: Valve Body , Clause 3.1.9. The clause states, "The valve body size should be no less than two pipe sizes smaller than the line size. Smaller valve sizes must be reviewed to make sure that line mechanical integrity is not violated."

Here are my questions:

  1. What does line mechanical integrity mean? Are there any guidelines?
  2. How do you ensure that mechanical integrity is achieved? Is there a standard?
  3. How do you demonstrate this to a third party in cases where the control valve size is smaller than two line sizes?

Also, ASME B31.1, which provides a stress analysis technique, does not require that all lines shall have stress analysis. If I am the EPC contractor, and if I need to prove to the licensor/PMC that my valve will not cause problems to mechanical integrity, is there any laid down standard? Does any standard require that to prove mechanical integrity, stress analysis must be performed in addition to the requirement specified in ASME B 31.1?

Kaushal Shah,
kdshah@lntchiyoda.com

A:  I do not believe that the requirement of API 553 is intended to apply only to control valves. It seems to me that in order to guarantee the mechanical strength of all pipelines, all weak points should be eliminated, no matter if they are caused by inserting excessively small valves or any other undersized in-line device (flowmeter, filter, etc.). I believe that the standard should say: "Inline equipment size must not be smaller than two sizes below the size of the pipeline."

Before accepting the pipe size, you should consider the possibility that it is oversized and should be reduced. In the past, I have often found that when I sized a valve, and it came out to be more than two sizes below that of the pipe, that was a hint that somebody goofed and oversized the pipe. Therefore, you should also check if the pipeline was properly sized (not oversized). In other words, check not only the maximum flow, but also the pressure drop assigned to the valve, which, if unnecessarily high, not only reduces the valve size, but also wastes a lot of valuable energy.

Béla Lipták.
liptakbela@aol.com

A: I do not have a copy of API 533, but my interpretation is that API is concerned about the risk of creating a weak point in the piping system if the valve is too small. This can happen with high-pressure-drop control valves. The sizing requirements for the valve can result in a valve which is significantly smaller than the adjacent pipe. It is not unusual to have a required valve size of only 4 in. to control flow in a 12-in. pipe, or to control the flow of gas/steam in a 16-in. pipe.

Installing a 4-in. valve in a 12-in. pipe system will result in very high bending loads at the connection between the valve and the pipe and on the valve itself. The consequences can include flange leakage, premature failure of weld joints or severe sticking of the valve due to distortion of the valve body.

ASME B31.1 provides methods for calculating pipe loads. Pipe engineers and valve engineers can use these calculations to assess mechanical integrity. There are a couple of options for solving problems:

  • Make the valve larger, i.e., provide a 12-in. valve for 12-in. pipe.
  • Use a reduced trim size inside a larger valve; i.e., 4-in. trim inside a 12-in. valve. Small trim size may be needed in some cases to optimize flow control and turndown.
  • Apply a special valve design that incorporates suitable pipe expansions and wall thickness reinforcement to improve mechanical integrity; i.e., use 4-in. trim inside an 8-in. valve body with 8-in. x 12-in. expanders that are of heavier schedule than adjacent pipe. In my experience, this is quite common in steam letdown and steam conditioning systems.

Stephen Freitas
sf@ccivalve.com

A: I was a member of the API Committee on the Refinery Equipment Subcommittee on Instruments a long time ago, and 553 sounds familiar. It is probably a recommended practice. You have a valid question and one not answered in the standard or specification.

These standards and recommendations advise against control valves much smaller than the pipe size. The reason is that the body of such a valve can be expected to experience mechanical stresses far beyond what it can handle, and this can result in body failure. (Installers are notorious for casually and commonly forcing pipe into alignment with little concern for attached equipment).

The usual reason for discovering that a small valve is sufficient is because the pipeline is far oversized.

For many styles of valves, the manufacturers can provide the required reduced trim size in larger valve bodies and solve this problem. This cost is usually far less than replacing the large pipe. It also might be a good idea to verify the provided flow data before purchasing the valve. People do make mistakes. Density and specific gravity are often confused, dimensions copied in error and so on.

Cullen Langford
CullenL@aol.com

A: To provide an explanation, let me assume that your pipe line size is 12 in. (DN300), and you intend to use a 6-in. (DN150) valve. Let us also assume that the velocity of liquid in the pipeline is 2 m/sec. If you install a reducer DN300 x DN150, the velocity in the reduced pipe section (DN150) will be approximately 5 m/sec. If it is a ship-loading or unloading pipe, then normal velocities will be much higher (say 4 m/sec) and, hence, the velocity in the reduced pipe section will be ~ 18 m/sec. This is far too high a velocity for a pipe, and the reducer/welded section will be eroded by the liquid velocity, thus weakening the mechanical integrity of the pipe. This is why API 553 does not allow more than two pipe sizes reduction.

Raj Binney
binney4family@internode.on.net

A: The requirement is a valid one. Going down more than two line sizes will mean that the weakest part of the pipework is at the control valve attachment. The pipe size has been predicated on a velocity constraint, and reducing the attachment from, say, NB6 to NB3 (two sizes down) will give four times the velocity in the attachment. NB6 to NB2 (three sizes down) will be roughly nine times the velocity. Erosion in pipework is a high power function of velocity (perhaps 7th order). Therefore, the requirement to keep body size up is valid.

Exit velocity from a control valve body in liquid service is normally recommended to be no higher than 10 m/s (better, 5 m/s). The trim velocity to remove excess pressure is independent of the body velocity. Anti-cavitation trim, with multiple pressure drop stages to avoid dipping into the cavitation region, has very high velocities and requires special materials.

IanH.Gibson
gibs0108@optusnet.com.au

A: The section is now 4.1.2.9 in API 553. There is no actual standard to answer your questions, but they are sometimes explained in client/end-user specifications/design criteria.

Section 4.1.2.9 is a very clear engineering common sense statement, and similar statements are found in many client and engineering house piping design criteria specifications. For example, above a certain pipe you should only use a minimum 2-in. nozzle (e.g., for thermowell connections). When you are transporting large pipework, it is easy to knock off small nozzles. That is also why they are specified to a much higher schedule than the pipework.

For mechanical integrity, you should read mechanical strength. If you have a 42-in. pipe, (on the project I am working on) the forces exerted by the pipework on the valve and other in line fittings can be substantial. A valve will have certain wall thickness which is designed not only for the pressure/temperature rating to satisfy the process conditions, but also to "support" the mechanical structure of the valve. The vendor should know how much force the valve can take (compression, tension, shear, etc.). Even with line size valves, excessive piping misalignments can cause undue stress on the valve when it is bolted up.

So if you are using a valve much smaller than the pipe size, you will need to calculate how much force is applied when you bolt up the pipework to the valve. This is usually calculated by the piping stress group. Stress can be caused by either a misalignment of the pipework or just by the weight of the pipe itself. There are tolerances for misalignment, but these do not cause a problem for the matching valve size. There are also piping standards for what structural steel supports are required. Again, these do not cause a problem for the matching valve size.

It is impossible to have a set of standards/codes on a bookshelf and pretend that it will cover all the engineering requirements. The stress analysis is normal engineering practice. The piping discipline in general and the piping stress discipline specifically have established practices and checklists that cover what has to be looked at. There is no mystery about this.

Being a good control and instrumentation engineer also involves good practical understanding of the process and mechanical aspects. Again, there is no mystery about what instrument and controls engineers need to do in this matter. What I always stress with my young engineers is to take a step back and look at the basics of the problem. Yes, there are some difficult applications where the solution may be elusive and will take a SME and a lot of work to solve. However the steps required for the design process is absolutely standard in any established engineering company.

The way to learn this is to do it under the guidance of experienced engineers. This has been the way it has been done successfully forever. Unfortunately, in recent years I have seen a deterioration of engineering skills in the whole industry, and people are forgetting what it takes to do engineering. People are becoming so specialized that in the end, they know nothing. I firmly believe that the expert knows the whole scope. In other words, he or she is a generalist covering many disciplines.

In summary, it is important to understand the code/standards and read up on the established textbooks. But make no mistake, you will not find all your answers there. They do not always tell you how to design.

Simon Lucchini
Simon.Lucchini@Fluor.com

Share Print Reprints Permissions

What are your comments?

Join the discussion today. Login Here.

Comments

  • I almost always agree with Bela Liptak, but I must take exception to one of his "overrule safety" solutions to the nuclear power plant problem. You cannot isolate a nuclear power plant from ANY external data communications. I seem to recall an NRC requirement for "remote operation" of a nuclear power plant in case the local control center becomes damaged or is otherwise inoperable. The requirement was for that plant to be operated from a distant location sufficient to regain control and safely operate it or shut it down in an orderly manner. This does not require an Internet connection, but it is a communications line out of the plant.

    I have often heard people exclaim that there should be no internet connections to the process control network, as a solution to the potential for control systems being "hacked." Well, that didn't protect the Iranian uranium enrichment plant from the Stuxnet virus that was probably planted into the operating system of the Siemens System 7 at least a year before it was shipped. These days, it is unrealistic to insist on NO internet connection for any process control system. There are too many necessary vendor support services connected via the Internet that are necessary to keep a modern process control system and the attached smart instrumentation in good repair and fully operational. As always, the Internet connection must be secure an allow only previously authorized connections. It's not impossible to achieve protected access, and all communications must be encrypted to prevent damage and covert data transmission. I didn't say it was easy, and it is usually not fast, but protected Internet connections must be allowed.

    Reply

RSS feed for comments on this page | RSS feed for all comments