ML19343B597

From kanterella
Jump to navigation Jump to search
Preliminary Sys Description Emergency Feedwater Sys, Eleven Oversize Drawings Encl
ML19343B597
Person / Time
Site: Crystal River Duke Energy icon.png
Issue date: 12/19/1980
From:
FLORIDA POWER CORP.
To:
Shared Package
ML19343B595 List:
References
RTR-NUREG-0737, RTR-NUREG-737, TASK-2.E.1.2, TASK-TM NUDOCS 8012240332
Download: ML19343B597 (36)
v  d  e


Text

'

O PRELIMINARY SYSTEM DESCRIPTION EMERGENCY FEEDWATER SYSTEM FOR FLORIDA F0WER CORPORATION CRYSTAL RIVER UNIT 3 1

(

5 0 i '? 2 4 033h

i i INDEX 1.0 SCOPE

! 2.0 SYSTEM REQUIREMENTS 2.1 Initiation and Control Requirements 2.1.1 General Requirements 2.1.2 Actuation Requirements 2.1.3 Level Requirements 2.1.4 Flowrate Requirements i 2.1.5 Steamline Break /Feedwater Line Break Requirements 2.1.6 Steam Generator Overfill Requirements 2.2 Fluid System Requirements 2.2.1 Branch Technical Position ASB10-1 2.2.2 Water Sources 2.2.3 EFW Pump Protection

2.2.4 EFW Support Systems i

2.2.5 Cross Connects 2.2.6 Alarms 2.2.7 Indication 2.2.8 Physical Separation 2.2.9 Fluid Flow Instabilities

! 2.2.10 Operational Testing 2.3 Codes and Standards 3.0 DESIGN DESCRIPTION 3.1 Summary Description l 2.2 Fluid System Design l 3.2.1 Suction l

3.2.2 Pumps and Discharge Cross-Connect i

, , , .--...,-.._..,....-..,.,-,-___..,-..._,,._-m.m.,,,.._._,__...-,_,r,- _ . , _ _ , ._ - , . . _ , , , - . _. , ,,

. INDEX (cont'd) 3.2.3 Emergency Feedwater Flow Control Valves 3.2.4 Steam Generator EFW Isolation Valves 3.2.5 Recirculation and Test Lines 3.2.6 Steam Supply for the EFW Turbine Driven Pump 3.2.7 Key Valve Positions 3.3 Supporting Systems 3.3.1 Power 3.3.2 Service Air 3.4 EFIC Instrumentation Description 3.4.1 Input Logic 3.4.2 Initiate Logic 3.4.3 Trip Logic 3.4.4 Vector Logic 3.4.5 Control Logic 3.4.6 Output Signals 3.4.7 Interface with Valve and Pump Controllers 3.4.8 Input Signals 3.4.8.1 OTSG Level Sensing 3.4.8.2 Main Steam Header Pressure 3.4.8.3 Trip of Main Feedwater Pumps 3.4.8.4 Trip of Reactor Coolant Pumps 3.4.8.5 Additional Input Signals Identified in 2.1.2 3.4.9 EFIC Trip Testing 4.0 SYSTEM LIMITS, PRECAUTIONS AND SETPOINTS 4.1 Limits and Precautions 4.2 Setpoints 5.0 OPERATION 6.0 CASUALTY EVENTS AND REC 0VERY PROCEDURES 7.0 MAINTENANCE APPENDIX "A"

l 1.0 SCOPE This document contains the preliminary design system description for emergency feedwater (EFW). The requirements for this system come from three sources - first, the functional requirements needed to properly interface the EFW system with the nuclear steam supply system (NSSS); second, NUREG-0578, Short Term Lessons Learned Report; third, Draft NUREG-0667, Transient Response of B&W Designed Reactors. This document contains the criteria necessary to upgrade the EFW system to comply with the intent of several recent stand-ards generally applied to new designs. In implementing these require-ments, some exceptions will be considered where the improvement in system reliability is so small that the required modification is not justified for an operating plant.

2.0 _

SYSTEM REQUIREMENTS 2.1 Initiation and Control Requirements 2.1.1 General Requirements The requirements to which the EFW control system shall be designed are:

A. The system shall provide automatic actuation of EFW, for the conditions specified in Section 2.1.4.2. The capability for bypassing certain initiations shall be provided for unit startup or shutdown in accordance with the IEEE-279 provisions for shutdown bypasses.

B. The system shall be designed to minimize overcooling following a loss of main FW event. This feature of the system is not required to meet the single failure criterion.

C. The system, including control valve positioners, sensors, control and actuation signals and their auxiliary sup-porting systems, shall be designed as a safety grade (IE) system to the extent possible. As such, it shall be independent of the ICS, NNI, and other non-safety systems.

D. Redundancy and testability shall be provided to enhance the reliability demanded of a safety grade system.

E. A single failure shall neither prevent actuation of EFW when required nor spuriously actuate the system. This criterion shall apply to the EFW system and its auxiliary supporting features. In addition to this single failure, all failures which can be predicted as a condition or a result of the initiating event requiring EFW shall be considered.

F. Indication of EFW status, flowrate and OTSG 1evel shall be available to the operator.

1

O G. The capability for a manual override of the automatic functioning of the system shall be provided. This condition shall be annunciated in the control room.

H. The capability for manual initiation of EFW shall be provided.

I. The capability for manual initiation and control shall be provided in the main control room. The capability for future installation of control from a remote shut-down panel shall be provided.

J. The system shall be designed to prevent or minimize cycling of the EFW control vcives during normal plant operation when the EFW system is not in operation.

2.1.2 Actuation Requirements EFW shall be automatically initiated after the occurrence of any of the following conditions:

e loss of all main FW as a minimum, as indicated by the loss of both main FW pumps, e Low level in either SG.

e Loss of all 4 RCPs.

e Low pressure in either SG if main FW is isolation on this parameter.

NOTE: NUREG-0667 recommends that additional EFW initiation signals be evaluated. The purpose of this evaluation is to permit automatic initiation of EFW in a more timely manner to preclude SG dryout. The required signals will detect a trip of the MFW pumps or a low SG level. Failures that stop main FW without tripping the MFW pumps (e.g., control system failures) may not be detected in time to prevent a SG dryout. The fol-lowing signals, as a minimum, should be evaluated as possible actuation signals:

o Power /MFW flow e Power /SG 1evel 2.1.3 Level

  • Requirements Three adjustable level setpoints are required.

A. Following EFW actuation, the level setpoint shall be automatically selected to approximately 2 feet if one or more RCPs are running.

2

B. Following EW actuation, the level setpoint shall be auto-matically selected to approximately 20 feet if all 4 RCPs are tripped.

C. Provision for manual selection of a high level setpoint of approximately 31 feet shall be provided. This setpoint will be selected by the operator in accordance with operating guidelines.

  • For the purpose of EW design, " LEVEL" refers to the equivalent height of a saturated liquid column (900 psia) referenced from the top of the lower tube sheet.

2.1.4 Flowrate Requirement The objecttQe of flowrate control is to minimize overcooling for low DH conditions. The EW flow rate is controlled by the rate level increase (see Section 2.1.3 for level definition). A level rate of 4 inches / minute has been estimated to be a limit which provides adequate cooling for the conditions which require EW.

Since the level rate control is a first of a kind control scheme, the system must be tested in place to verify that the setpoint satisfies heat removal requirements.

The level rate limit shall be adjustable under administrative control.

In operation, the EW flowrate is modulated to hold the level rate at the setpoint.

At the present state of development, it may be necessary to manually reduce flowrate below this limit, after 10 minutes for some low decay heat conditions.

2.1.5 Steamline Break /Feedwater Line Break Requirements A steamline break or W line break that depressurizes a SG shall cause the isolation of the main steamlines and main W lines on the depressurized SG. If isolation of the SG does not isolate the break, EFW shall be provided only to the intact SG. No sin-gle active failure in the system shall prevent EW from being supplied to the intact SG nor allow EW to be supplied to the broken SG.

(To meet these requirements the following design shall be im-plemented:

A. Isolation - Low steam pressure (below approximately 600 psia) in either SG will isolate the nain steamlines and main W line to the affected SG.

B. SG Selection -

3

e If both SGs are above 600 psig, supply EW to both SGs.

e If one SG is below 600 psig, supply EFW to the other SG.

e If both SGs are below 600 psig but the pressure difference between the two SGs exceeds a fixed setpoint (approximately 150 psig) supply EFW only to the SG with the higher pressure.

e If both SGs are below 600 psig and the pressure difference is less than the fixed setpoint, supply EFW to both SGs.)

2.1.6 Steam Generator Overfill Requirements Provisions must be made in the design to terminate main FM and EFW upon a steam generator overfill condition.

2.2 Fluid System Requirements 2.2.1 Branch Technical Position ASB10-1 BTP ASB10-1 places the following requirements on the EFW system:

A. The emergency FW system should consist of at least two full capacity, independent systems that include diverse power sources.

B. Other powered components of the emergency FM system should also use the concept of separate and multiple sources of motive energy. An example of the required diversity would be two separate emergency FW trains, each capable of remov-ing the afterheat load of the reactor system, having one se-parate train powered from either of two AC sources and the other train wholly powered by steam and DC electric power.

C. The piping arrangement, both intake and discharge, for each train should be designed to permit the pumps to supply FW to any combination of SGs. This arrangement should take into account pipe failure, active component failure, power supply failure, or control system failure that could prevent system l

function. One arrangement that would be acceptable is cross-over piping containing valves that can be operated by remote manual control from the control room, using the power diver-sity principle for the valve operators and actuation systems.

l l D. The emergency FW system'should be designed with suitable re-dundancy to offset the consequences of any single active component failure; however, each train need not contain re-dundant active components.

4

E. When considering a high energy line break, the system should be so arranged as to assure the capability to supply neces-sary emergency FW to the SG despite the postulated rupture of any high energy section of the system, assuming a concur-rent single active failure.

NOTE: If the EFW system is not used (and therefore not pressurized) during startup, hot standby and shutdown con-ditions, then a high energy line break in the EFW system only needs to be considered between the SG and the first check valve upstream of the SG.

2.2.2 Water Sources Seismic Category I water sources shall be provided of sufficient volume to remove decay heat for four hours and to subsequently cooldown the plant to the decay heat removal (DHR) system pres-sure.

2.2.3 EFW Pump Protection The system design shall protect the EFW pump from runout and cavitation due to high energy line breaks or single failures in the system. Any automatic pump trip features must (a) not override automatic initiation of EFW, or (b) be designed as a Class IE. system.

2.2.4 EFW Support Systems The requirement for minimum EFW operation with a single failure apply to the EFW system including support systems. These systems include :

e Electrical power o Compressed air e Cooling water 2.2.5 Cross Connects EFW system shall be designed to allow each pump to feed either steam generator. Cross connects provided for this purpose shall include normally open remotely operated isolation valves.

2.2.6 Alarms As a minimum, the following alarm outputs are required:

e High SG level 5

)

1 l

e Low SG level e Low source water level 2.2.7 Indication As a minimum, the following indication shall be provided to the operator:

e EFW flow to each SG e Startup range SG level e Operate range SG level e Key valve positions

  • e Water source inventory e Control system status (level setpoint selected) e Steam pressure to each SG e EFW pump status indication e Indications needed to check the status of EFW support systems e Additional primary system indication as required to monitor system functions and operations e Status of the EFIC system (bypass, test, tripped, etc.)
  • Direct position indication (e.g., valve stem position) shall be provided for all automatically operated valves and all remote manual power operated valves. Local manual valves in the flow path shall be locked open. Strict administrative control should be exercised over the use of these valves.

2.2.8 Physical Separation System components and piping shall have sufficient physical se-paration or shielding to protect the essential portions of the system from the effects of internally and externally generated missiles.

Functional capability of the system shall also be assured.for fires and the maximum probable flood.

2.2.9 Fluid Flow Instabilities The system design shall preclude the occurrence of fluid flow 6

a

l 1

l instabilities; e.g., water hammer, in system inlet piping during I normal plant operation or during upset or accident conditions.

2.2.10 Operational Testing Provisions shall be made to allow periodic operational testing.

2.3 Codes and Standards The EFW system shall consider the requirements of the following codes and standards:

A. General Design Criterion 2*, Design Bases for Protection Against Natural Phenomena, as related to structures housing the system and the system itself being capable of withstand-ing the effects of natural phenomena such a earthquakes, tornadoes, hurricanes, and floods.

B. General Design Criterion 4*, Environmental and fitssile Design Bases, with respect to structures housing the system itself being capable of withstanding the effects of external missiles and internally generated missiles, pipe whip, and jet impinge-ment forces associated with pipe breaks.

C. General Design Criterion 5*, Sharing of Structures Systems and Components, as related to the capability of shared sys-tems and components important to safety to perform required safety functions.

D. General Design Criterion 19*, Control Room, as related- to the design capability of system instrumentation and controls for prompt hot shutdown of the reactor and _ potential capa-bility for subsequent cold shutdown.

E. General Design Criterion 44*, Cooling Water, to assume:

(1) The capability to transfer heat loads from the reactor system to a heat sink under both normal operating and accident conditions.

(2) Redundancy of components so that under accident condi-tions the safety function can be performed assuming a single active component failure. (This may be coinci-dent with the loss of offsite powe' for certain events.)

(3) The capability to isolate componi . subsystems, or piping if required so that the r i safety function will be maintained.

F. General Design Criterion 45*, Inspection of Cooling Water System, as related to design provisions made to permit periodic inservice inspection of system components and equip-ment.

7 i

.~

G. General Design Criterion 46*, Testing of Cooling Water System, as related to design provisions made to permit appropriate functional testing of the system and components to assure structural integrity and leak-tightness, operability and per-formance of active components, and capability of the shutdown, and accident conditions.

H. Regulatory Guides 1.22, Feb 1972* Periocic Testing of Protection System Acutation Functions 1.26, Rev. 3, Sept 1978* Quality Group classifications and Radioactive Waste containing Components 1.29, Rev. 3, Sept 1978* Seismic Design Classification 1.47, May 1973 Bypassed and Inoperable Status Indication 1.53, June 1973 Application of the Single Failure Criterion 1.62, Oct 1973 Manual Initiation of Protective Actions 1.75, Rev. 2, Sept 1978 Physical Independence of Electrical systems

, (1.97, Rev.1, Aug. 1977 Instrumentation to Assess Plant Condi-tions During and Following an Accident) 1.102, Rev.1, Sept 1976 Flood Protection for Nuclear Power Plants I. IEEE Standards 279-1971* Criteria for Protection Systems for Nuclear Power Generating Stations (for initiation portions of EFW System) 323-1971* General Guide for Qualifying Class I Electrical Equipment 338-1971 Trial Use Criteria for Periodic Testing of Pro-tection Systems 344-1971* Seismic Qualification of Class 1E Electrical Equipment 379-1972 Trial Use Guide for the Application of the Single Failure Criterion 384-1974 Separation of class IE Equipment and Circuits

  • As a minimum, B&W recommends that these standards be met.

3.0 DESIGN DESCRIPTION 3.1 Summary Description The EFW system consists of two trains, each capable of supplying emergency feedwater (EFW) to either SG under automatic or manual initiation and control. A piping and instrumentation diagram is included as Figure 3.1-1 of this report.

l 1

8 i >

The system pumps (EFV pumps) take suction from either the conden-sate stordge tank or from the condensor hotwell and discharge to the SGs. In the flow path between the EFW pumps and the SGs there are isolationvalves, check valves, control valves, flow instrumentation, and pressure instrumentation to control the flow of EFW to the SGs. The fluid system design is described in Sec-tion 3.2. The instrumentation system design is described in Sec-tion 3.4.

3.2 Fluid System Design The EFW system is designed to provide a mimimum of 740 gpm of EFN to the SGs at 1050 psig within 50 seconds of system initiation signal. The system is designed as two redundant trains to insure that the system will meet these requirements with a single fail-ure. Figure 3.1-1, depiects the piping and instrumentation dia-gram.

3.2.1 Suction The primary water source for.both EFW trains is the. Seismic Category I condensate storage tank, CDT-1. Water is supplied from this tank through an 8-inch line with locked open manual valve CDV-103 to separate 6-inch lines containing normally open motor operated valves EFV-3 and EFV-4 An emergency reserve of 150,000 gallons'is maintained, as required by technical specifications, within condensate storage tank. Re-dundant indication and low level alarms for the condensate storage tank will be provided in the control room.

The main condensor hotwell is the alternative water source avail-able for the EFW system with a nominal capacity of 150,000 gallons.

Separate 8-inch lines with normally closed DC-powered valves EFV-1 and EFV-2 draw suction through an 8-inch line with locked open manual valve EFV-36. The DC-powered valves are interlocked such that they can be opened only if at least one of two DC-powered vacuum breaker valves is open.

For extended periods of EFW system operation with a loss of offsite power, an additional water source is available via the Fire Service system which has diesel-driven pumps.

3.2.2 Pumps and Discharge Cross-Connect EFW Train B pump, EFP-2, is a turbine-driven pump with a rated capacity of 940 gpm at 1229 osin pump AP. The design recir-culation flowrate is 200 gpm with a 700 gpm deliverable to the steam generators. EFW Train A pump, EFP-1 is a motor-driven pump which has the same rated capacity and recirculation flow as the Train B pump.

9 i >

The Train A and B pumps discharge through check valves and motor operated stop-check valves into 6-inch cross-connected discharge lines. The separate cross-connects contain normally open motor operated valves EFV-14 and EFV-32. These cross-connects permit either pump to feed either or both steam generators.

3.2.3 Emergency Feedwater Flow Control Valves The flow of EFW to each steam generator is controlled by normally closed pneumatically operated control valves (FWV-X1, and FNV-162,FWV-Y1 and FWV-161) in parallel paths. These control valves are designed to fail "open" on loss of air. Initiation and control instru-mentation for these valves is described in Section 3.4 of this report.

3.2.4 Steam Generator EFW Isolation Valves Each steam generator can be isolated from EFW flow by normally open motor-operated valves (FWV-11, FWV-14, FWV-32, FWV-33).

These valves are located in the parallel lines upstream of the EFW control valves. Initiation and control instrumentation for these valves is described in Section 3.4 of this report.

3.2.5 Recirculation and Test Lines Recircul.ation lines are connected to the discharge piping of the EFW pumps. Recirculation for pump protection is accomplished with normally open flow paths to the condensate storage tank consisting of small lines with check valves, locked throttle valves, and lock-open manual valves.

EFW pumps can be operability tested using the normal rec 4rru-lation flow paths to confirm the pump and pump drive capability to operate and produce the required discharge pressure with the known recirculation flow. No change to the normal EFW system valve lineup is required to perform this testing.

3.2.6 Steam Supply for the EFW Turbine Driven Pump .,

Steam supply for the EFW pump EFP-1 turbine is obtained from both steam generators through six-inch lines containing' check valves MSV-186 and MSV-187, and normally-open DC motor operated stop-check valves MSV-55 and MSV-56. The check valve and motor operated valve provide redundant isolation capability to preclude blowing down the good steam generator in the event'of steam line or feed line break. Downstream of these valves the lines join to form a common supply to the pump turbine. Upstream of the turbine is normally closed DC motor operated valve ASV-5. A des-cription of the controls for this valve is contained in Section 3.4. An alternate steam source is provided from the auxiliary 10

steam system which is tied to fossil fired Crystal River Units 1 and 2. This backup steam source is manually valved into ser-vice when required.

Turbine exhaust is vented to the atmosphere.

3.2.7 Key Valve Positions Direct position indication (e.g., valve stem position) is re-quired on all remote power operated valves. To comply with this requirement, the following valves require position indica-tion:

E FV- 3 EFV-11 FWV- 35 EFV-4 EFV-33 EFV-14 E FV-1 EFV-32 MSV-55 E FV-2 FWV-X1 MSV-56 FWV-Y1 ASV-5 EFV-7 FWV-161 E FV-8 FWV-162 FWV-34 3.3 Supporting Systems The EFW turbine driven pump, and turbine are self-contained entities without dependencies on secondary support systems. The bearings on the turbine and pump are lubricated by slinging oil from reserviors near the bearings. Lube oil cooling is accom-plished by heat transfer _ to the pumped fluid.

4 The EFW motor driven pump and pump motor bearings are lubricated by slinging oil from reserviors near the bearings. Lube oil and motor cooling is provided by the nuclear service closed cycle cooling system. Two of the three cooling water pumps receive diesel-backed power.

3.3.1 Power The two EFW trains are powered from diverse power sources. EFH pump EFP-2 is turbine driven and EFW pump EFP-1 is. AC power; motor driven with back-up power from the diesel generator. The follow-ing normally open valves in the EFW system are also on AC power with back-up power from the diesel generator: EFV-3, EFV-4, EFV-7, and EFV-8.

To ensure EFW flow in the event of a _ loss of all. AC power, the i turbine driven pump train derives its power from the steam gener-ators for the pump and from a battery-backed DC buss for its steam supply valves. The following valves are battery backed DC power: EFV-1, E FV-2, EFV-11, EFV-33, _ EFV-14, EFV-32, MSV-55,

MSV-56, and ASV-5.

3.3.2 Service Air EFU flow control valves are pneumatic with FWV-X1 and FWV-161 11 i i

i I

supplied from system A, FWV41 and FWV-162 supplied from system B of separate redundant air reservior systems with diesel backed air compressors.

3.4 EFIC Instrumentation Description The emergency feed initiation and control system (EFIC) is an instrumentation system designed to provide the following:

1. Initiation of emergency feedwater (EFW),
2. Control of EFW at appropriate setpoints (approx. 2, 20 and 31 feet),
3. Level rate control when required to minimize overcooling,
4. Isolation of the main steam and main feedwater lines of a depressurized steam generator,
5. The selection of the appropriate steam generator (s) under conditions of steamline break or main feedwater or emergency feedwater line break downstream of the last check valve,
6. Termination of main feedwater to a steam generator on approach to overfill conditions, and
7. Termination of EFW to a steam generator on approach to overfill conditions.

The emergency feed initiation and control system (EFIC) is illustrated in Figures 3.4-1 thruough 3.4-7. Figure 3.4-1 illustrates the EFIC organization while the remaining figures illustrate the individual logics that comprise the system.

The EFIC - see Figure 3.4 consists of four channels ( A,B,C,

& D). Each of the four channels are provided with input, initiate, and vector logics. Channels A and B also contain trip and control logics.

Each channel monitors inputs by means of the input logic, ascer-tains whether action should be initiated by means of the initiate logic and determines which SGs should be fed by means of the vector logic.

Channels A and B monitor initiate signals from each of the four initiate logics by means of the trip logics to transmit trip signals when required. Channels A and B also exercise control of emergency feedwater flow to the SG by means of control logics to maintaim SG level at prescribed values once EFW has been initiated. In addition, Channels A and B monitor SG A and B overfill signals originating in the Channel A, B, C and D initiate logics. By means of trip logics, Channels A and B terminate all feedwater to a steam generator that is approaching overfill.

12 i

3.4.1 Input Logic The input logic, depicted in Figure 3.4-3, is located in each of the channels. The input logic:

1. receives the unput signals listed in Figure 3.4-3,
2. provides input buffering as required,
3. compares analog signals to appropriate setpoints to develop digital signals based on analog values,
4. provides for the injection of test stimuli, and
5. provides buffered Class IE signals and isolated non-)E signals.

3.4.2 Initiate Logic The initiate logic, depicted in Figure 3.4-4 is located in each channel. The initiate logic derives its inputs from the input logic and provides signals which result in the issuance of trip signals via the trip logics in Channels A and B.

The initiate logic issues a call for ERI trip (to 'the trip logic) when:

1. all four RC pumps are tripped,
2. both main feedwater pumps are tripped,
3. the level of either steam generator is low,
4. either steam generator pressure is low, or
5. either of two anticipatory trip (trips not yet assigned) are present.

Other functions of the initiate logic are:

1. issue a call for SG A main fcedwater and main steamline iso-lation when SG A pressure is low,
2. issue a call for SG B main feedwater and main steamline iso-lation when SG B pressure is low,
3. signal approach to SG A overfill when SG A level exceeds a high level setpoint,
4. signal approach to SG B overfill when SG B level exceeds a high level setpoint, and
5. provide for manually _ initiated individual shutdown bypassing of RC pumps, main feedwater pumps, and SG pressure initiation of EFW as a function of permissive conditions. The bypass (es) 13

o-are automatically removed when the permissive condition terminates

6. Provide for maintenance bypassing of an EFIC initiate logic.

3.4.3 Trip Logic The trip logic is illustrated in Figure 3.4-5. The trip logic of the EFIC employs a 2 (1-out-of 2) format. This format pro-vides for easy one step testing from input logic test switches to the initiated controllers. Testing is facilitated by locat-ing the AND portion of the 2(1-out-of-2) logic in the controller.

A characteristic of coincidence logic systems is that a test stimulli inserted at the input propagates to the first AND ele-ment of the system and no further. Since the first AND element of the EFIC is in the controller, test stimuli inserted at the input logic will be propagated to each controller.

The trip logic is provided with five 2 (1-out-of2) trip networks.

These networks monitor the appropriate outputs of the initiate logics in each of the channels and output signals for tripping:

1. emergency feedwater.
2. SG A main steamline isolation.
3. SG B main steamline isolation.
4. SG A main feedwater isolation.
5. SG B main feedwater isolation.

It should be noted, for the later discussion of the vector logic, j

that the trip logic outputs a signal when a 2 (1-out-of-2) trip of EFW occurs. Also, note the presence of the vector enable switch.

Refer to Figure 3.4 trip logics are contained in Channels A and B only per the two train EFW system.

Fpr each trip function, the trip logic is provided with two

( manual trip switches. This affords the operator with a means of manually tripping the selected function by depressing both switches. The use of two trip switches allows for testing the trip ~ switches and also reduces the possibility of accidental manual initiation.

l i Once a trip of the trip bus occurs, the trip is latched. A manual reset ' switch is provided for breakdown of the latch.

On a trip occurs, the trip can only be removed by manual reset action following return ofthe initiating parameter to an untrip l value except as described in the next paragraph.

l 14 1 ,

.i So that the operator may resume manual control of EFIC initiated devices following a trip, each trip logic is provided with a manual pushbutton. Operation of the manual pushbutton:

1. will have no effect on the trip logic so long as a trip condition does not exist.
2. will remove the trip from the trip bus only so long as the switch is depressed in the case of a one half trip (either bus but not both tripped). This allows for testing the manual function.
3. will remove the trip from both busses so long as a full trip (both busses are tripped) exists. This is accomplished by means of latching logic. Institution of the manual function also breaks the trip latches so that, if the initiating stimuli clears, the trip logic will revert to the automatic trip mode in preparation for tripping if a parameter returns to the trip region.

Trip signals are transmitted out of the EFIC by activating a relay thereby gating power onto trip busses. In this manner, the EFIC provides power to energize the control relays whose contacts form the AND gates in the controllers.

3.4.4 Vector Logic The vector logic - Figure 3.4 apperars in each of the EFIC channels - Figure 3.4-1. The vector logic monitors:

1. SG pressure signals,
2. SG (A and B) overfill signals, and
3. EFW trip signals (vector enable) originating in Channel A and B emergency feedwater valves.

l The vector logic developes signals for open/close control of steam generator A and B emergency feedwater valves.

The vector logic outputs are in neutral state (neither open nor close) until enabled by trip signals (vector enable) from the channel A or B trip logics. Once enabled, the vecotr logic will issue close commands to the valves associated with any SG for which an overfill signal exists.

When enabled and with no overfill signals present, the valve open/close commands are determined by the relative values of steam generator pressures as follows:

15

~ __ ,. _ . _ - .

.i SG A Valve SG B Valve Pressure Status Command Command SG A & B>Setpoint Open Open SG A > Setpoint & SG B < Setpoint Open Close SG A < Setpoint & SG B > Setpoint Close Open SG A < Setpoint & SG B < Setpoint And SG A & B Within 150 Open Open SG A 150 psi > SG B Open Close SG B 150 psi < SG A Close Open 3.4.5 Control Logic The control logic is depicted in Figure 3.4-2. The logic for operation of the transfers (T1, T2, T3, T4, TS, T6, T7, and T8) depicted in Figure 3.4-2a is illustrated in Figure 3.4-2b.

For each SG ( A and B) there are two controls which are auto-matically selected by transfers T1 and T5 respectively. See Figure 3.4-2b - the two foot level setpoint control is selected when an EFW trip occurs with one or more reactor coolant pumps operating. A level rate control with a twenty foot setpoint is selected when an EFW trip occurs with no reactor coolant pumps operating. The level control circuit is industry standard; the unique level is discussed below.

The characteristics of the level rate limited follower are impor-tant in the following discussions. As the level signal changes, the rate output of the follower will follow it exactly so long as the rate of change does not exceed the predetermined rate limit values. The rate limit values given (4 inches per minute for increasing level rates and 200 inches per minute for de-creasing level rates) are approximate for purposes of illus-tration. If level rate is increasing at greater than four inches per minute, the output of the rate limited follower will increase at four inches per minute. Once the rate of increase decreases to four inches per minute or less the output rate of increase will follow the input rate of increase. The function is similar for decreasing level except that the rate limit is approximately 200 inches per minute.

Reference Figure 3.4-2b - with no P.C pumps operating the twenty foot setpoint will be select'ed and applied to one -input of the

~

low selector. As SG level falls, the output of the rate limited follower will lag actual level by twelve inches (twelve inch bias added to the level signa'l in the summer). When the rate 16 1- 3

6 limited signal (level plus twelve inches) becomes less than twenty feet, the rate limiter signal will appear at the sub-tractor (delta). The output of the subtractor will be approxi-mately a negative one foot level error signal which will start opening the control valve ever wider through the proportional plus integral . The increasing flow should halt the drop in level and ultimately start the leve to increase toward the set-point.

If the level increase is more rapid than four inches per minute, the error signal out of the subtractor will decrease. This is due to the fact that the direct level input to the subtractor is not rate limited while the rate limited signal is. This ac-tion will control the control valve so that the rate of approach to the setpoint does not exceed four inches per minute.

When level exceeds nineteen feet, the low selector will lock the twenty foot setpoint into the subtractor. During the last foot of level increase the error output of the subtractor will gradually reduce.

See Figure 3.4-2b - transfer logics 4 and 8 allow for selection of a manually inserted setpoint (illustrated as a twenty eight foot setpoint). The logic is arranged so that manual may be selected before and after an EFW trip. However, the twenty foot setpoint will automatically be selected on the occurrence of an EFW trip.

See Figure 3.4-2b - transfer logics T2, T3, T6, and T7 allow for selection of hand control of emergency feedwater control valves before and after an EFW trip. However, automatic oper-ation will automatically be selected on the occurrence of an EFW trip.

3.4.6 Output Signals Figure 3.1-1 illustrates the application of EFIC signals to a simplified emergency feedwater system. Salient features of the arrangement are:

1. The channel A EFW trip signal starts the electric emergency feedwater pump. The Channel B trip logic admits steam to l

the turbine powered emergency feedwater pump. With this l arrangement, at least one pump will be started with a sin-gle failure of the A or B trip logics.

Also, given a failure of channel A, B, C, or D initiate lo-gics, both pumps can be started due to the 2 (1-out-of-2) character of the trip logic. The cross-connects between l

the discharges of the two emergency feedwater pumps allows either pump to supply feedwater to both SGs.

2. If the cause of the EPA trip is low SG pressure in SG A, EFW will be tripped as in 1 above. In addition, the trip I 17

logics in channels A and B will issue SG A main steamline and main feedwater isolation trip signals. The channel A and B trip logics will redundantly isolate SG A main feed-water. With the occurrence of low pressure in SG A main FW to that generator will be terminated in the presence of a single failure.

3. Isolation of SG B main steam and main feedwater lines occurs in the same way as descrived in 2 above for SG A except that the channel A and B Sg B main feedwater and main steam-line trip logics are employed.
4. Given the condition where both SG pressures are low, the events described in both 2 and 3 above will occur.
5. The emergency feedwater path to each SG consists of para-llel control valves and parallel isolation valves. This allows feeding when required in the presence of a single valve failure. It also allows closure of the flow path when required in the presence of a single failure. Since each of the four valves receives vector close signals from different channels, the path will be closed when required by the vector logics in the presence of the failure of a single vector logic.

In the open direction, the isolation valves receive open vector commands, from channels C and D, when feeding of the SG is required. The control valves, under these conditions will open as dictated by the control logics in channels A and B. In this way, a generator will be fed when required in the presence of a failure of channel A, B, C, or D. ,

3.4.7 Interface with Valve and Pump Controllers All valve and pump controllers shall be designed such that signals from the EFIC system will override any other control signals. Also, when an EFIC signal is removed, the controller design shall be such that valves (other than the EFU control valve) will not change position and pumps will not change state without a specific manual command. When the vector logic close command to the EFW control valve is removed, the control valve shall be positioned as required by the EFW control system or the manual control as selected.

3.4.8 Input Signals 3.4.8.1 OTSG' Level Sensing Figure 3.4-8 contains the proposed arrangement for OTSG level ,

sensing. The acceptability of this design will depend on the accuracy of the measurement. This accuracy will be determined in the detailed design.

18 1

,d' To provide for low level control and initiation signals for the emergency feedwater, four differential pressure transmitters (dP transmitters) will be added. The sensing lines for these transmitters will be connected between the existing level sens-ing connection located 251 inches above the datum line of the OTSG (277" above the face of the tube sheet) and the drain line connections located 5" below the face of the tube sheet.

To provide high level control and overfill protection signals, four dP transmitters will be added. The upper sensing connec-tions will be manifolded with the upper sensing line of the existing operating range level transmitters. The lower sensor connection will be connected to the drain line connections.

There are four drain line connection (located approx. 5" below the face of the tube sheet) which can be used for the lower sensing lines of all added transmitters. These will be mani-folded as necessary to best serve the redundancy requirements.

3.4.8.2 Main Steam Header Pressure To provide for steam generator pressure input, four transmitters will be provided on each steam generator.

3.4.8.3 Trip of Main Feedwater Pumps To input, pump trip indication signals will be provided parallel from pressure switches used for anticipatory reactor trip in-put through the NI/RPS.

3.4.8.4 Trip of Reactor Coolant Pumps To input pump trip indication, signals will be provided from NI/RPS. These inputs are from power pump monitor units.

t l 3.4.8.5 Additional Input Signals Identified in 2.1.2 l

This section to be completed as part of the detailed design.

3.4.9 EFIC Trip Testing Figure 3.4-7 illustrates the trip philosophy of the EFIC in simplified form for one EFIC trip function (e.g., EFW trip).

For purposes of the following discussion, the test pushbuttons l

I associated with each bistable is capable of forcing the histable input into the trip region. The bistables employ a low dead-band so the bistable will reset once the pushbutton is released.

Complete trip testing (input to controlle s) may be initiated from the input logic in each of the channeis. Depressing the pushbutton in Channel A will trip the Channel A bistable and:

19 J

d

1. The Channel A initiate logic will transmit initiate signals to both the Channel A and B trip logics.
2. The Channel A and B trip logics will half trip (trip one of the two trip busses).
3. The Channel A and B trip logics will latch in the half trip. The half trip will be retained after reset of the bistable. This tests the latching circuit.
4. Each controller receiving the half trip will acknowledge the half trip by transmitting a test confirmation signal assuming all controllers are functioning properly.
5. A full complement of test confrim signals will satisfy the AND gate in both Channel A and B. The result is that the confirm lamps will indicate test success.
6. The trip logic reset switches can now be depressed to reset the half trip. The confirm lamp should go out.
7. If some but not all controllers were to respond due to a malfunction, the confirm lamp will flash. (Off normal may may be indicated by some means other than flashing in the final design).

4.0 SYSTEM LIMITS, PRECAUTIONS AND SETPOINTS 4.1 Limits and Precautions

1. EFW Flow Limits Maximum allowable flow - Later gpm/SG Minimum allowable flow - Later gpm/SG
2. SG Level Limits Maximum allowable level - Later feet Minimum allowable level - Later feet
3. ER4 Pump Suction Pressure EFP-1 minimum NPSH - Later feet EFP-2 minimum NPSH - Later feet
4. System Limits (Design)

Pressure - Latergsig Temperature - Later F

5. Minimum Pump Recirculation l E FP-1 Later gpn Later gpm EFP-2 20

,t/

4.2 Setpoints This section will be completed as part of the detailed design.

5.0 OPERATION The EFW system operation will be defined as part of the detailed design. The following modes of operation will be considered.

1. Hot shutdown to full power.
2. Cooldown from hot shutdown to cold shutdown.
3. Heatup from cold shutdown to hot shutdown.

6.0 CASUALTY EVENTS AND REC 0VERY PROCEDURES This section will be completed as part of the detailed design.

1. Periodic tests.
2. Maintenance at power.
3. Maintenance during cold shutdown.

l 21

4/

APPENDIX A TABULATION OF DRAWING NUMBERS VS. FIGURE NUMBERS FOR CRYSTAL RIVER-3 EFW SYSTEM FIGURE NUMBER B&W DRAWING NUMBER 3.1-1 1121232D 3.4-1 1121443E 3.4-2a 1121436C 3.4-2b 1121435C 3.4-3 1121437C 3.4-4 1121438C 3.4-5 1121442D 3.4-6 1121439B 3.4-7 1121440C 3.4-8 1121441C i

l

[

i i

1 i

Retrieved from "https://kanterella.com/w/index.php?title=ML19343B597&oldid=2481562"