This is the last episode of this communications-based train control (CBTC) blog series. In the last three posts, I have shared some key trends and challenges metro operators are facing, the adoption of CBTC and its associated benefits and implementation challenges, as well as Cisco’s approach to delivering a simplified, secured, and resilient onboard and trackside network. For this post, let’s reveal the complete Cisco Rail CBTC and Safety Solution.

Standard based, redundant, and modular architecture

A Data Communication System (DCS) is required to support communications between different subsystems of CBTC. It should support bidirectional data transfer with sufficient bandwidth, handle ultra-low latency and extremely low packet drop rate, and deliver ultra-reliable train-to-ground wireless. To enable vital applications like CBTC, DCS should support timely and secure delivery of train control messages and must have redundancy built-in at every level of the network architecture. This architecture is also designed with hierarchy and modularity in mind. The networking solutions needed to support major functions of CBTC are grouped into five modules including onboard, wayside wireless, wayside access, backbone, and core networks:

  • Onboard Network: Support Ethernet connectivity to CBTC devices like onboard wireless radios, train-borne controllers, and non-CBTC systems like CCTV cameras, passenger information systems, and passenger-facing Wi-Fi access points.
  • Wayside Wireless Network: Provides connectivity and power to wayside wireless radios which communicate to other wireless radios on the train-borne network.
  • Wayside Access Network: Delivers Ethernet connectivity to wayside servers such as local Automatic Train Supervision (ATS) servers/workstations, diagnostic servers, local zone controllers, and external systems like interlocking and axle counters. It also provides connectivity to the wayside wireless network.
  • Backbone Network: A fixed high throughput fiber Ethernet wide area network connecting cores and wayside network. It is formed between the station switches and the core switches.
  • Core Network: Connects the operational control center (OCC) and backup OCC (BOCC) to the rest of the DCS network. It can be a traditional L3 enterprise network, and next generation WAN connectivity with Multi-Protocol Label Switching (MPLS) and Segment Routing.

Unmatched product portfolio

This solution is made of advanced industrial IoT networking equipment that can sustain the toughest industry environment with enterprise-grade networking and security capabilities; Cisco’s lead stackable enterprise access switching platform built do reimagine connection, reinforce security and redefine experience; Cisco Network Convergence System (NCS) routers designed for cost-effective delivery of next generation services and applications.

Greater security

In response to the Transportation Security Administration (TSA) cybersecurity directives and European Union (EU) NIS2 regulation, Cisco Rail CBTC and Safety solution leverage Cisco Industrial Automation (IA) Security design guide 2.0 to implement zero trust network access (ZTNA) and defense-in-depth approach to secure the rail transit systems. The approaches are as follows:

Simplified management

Rail transit systems are highly distributed systems that cover vast wide areas and distances with many use cases over a complex network infrastructure. The network management solutions are not only required to simplify the network operation but also enable a broad set of cybersecurity capabilities.

  • Cisco Catalyst SD-WAN Solution helps transit agencies simplify their WAN operations and deliver integrated security to Cisco Catalyst industrial routers.
  • Cisco Catalyst Center offers centralized, intuitive management that makes it fast and easy to design, provision, and apply policies across your network environment.
  • Cisco Crosswork Network Controller (CNC) automation suite offers a unified platform for seamlessly deploying, managing, and monitoring end-to-end transport networks with real-time visibility and control.
  • Cisco Industrial Wireless Service is an OT service in the IoT Operations Dashboard and is used for configuring, provisioning, and monitoring Cisco URWB devices in a centralized location.


To learn more about the solution, please check out the new Cisco Rail CBTC and Safety Solution Brief.


Wei Zou

Solution Architect

IoT Product Management Networking