---------------------------------------------------------- AeroElectric-List Digest Archive --- Total Messages Posted Sun 04/21/24: 5 ---------------------------------------------------------- Today's Message Index: ---------------------- 1. 05:46 AM - Re: Re: Switch Schemes for Reliability (Bob Verwey) 2. 07:31 AM - Re: Switch Schemes for Reliability (Ceengland) 3. 05:35 PM - Re: Switch Schemes for Reliability (wsimpso1) 4. 05:39 PM - Re: Switch Schemes for Reliability (wsimpso1) 5. 06:06 PM - Re: Re: Switch Schemes for Reliability (Alec Myers) ________________________________ Message 1 _____________________________________ Time: 05:46:46 AM PST US From: Bob Verwey Subject: Re: AeroElectric-List: Re: Switch Schemes for Reliability Thought provoking post..looking forward to the responses from the brains trust On Sun, 21 Apr 2024, 01:20 wsimpso1, wrote: > > > Recently I spotted a document from a well known brand of EFII recommendin g > an =9CEssential Buss=9D backed up with a Aux Battery and simp le switch to > connect it. While this is supposed to make powering the engine possible > even if the Main Battery Bus goes cold, it also appears to make possible > powering the cold bus with many things connected through a single or few > fuses on the hot bus. Sounds like a recipe for blown fuses followed by > forced landings and maybe even dark avionics to me. What do you guys thin k > about how to power engine buses? > > Then I came across some videos (IIRC, Bob Nuckolls, but I can not find > those videos now) where two LightSpeed ignition modules were powered > through a common connection and caused them both to go cold followed by a > deadstick landing. > > With my consciousness suitably raised and supported by Bob Nuckolls =99, I > pored through switch and wiring schemes in an attempt at avoiding back > powering cold buses, and even thought about mechanically gating these > switch pairs to prevent switch setting combos we should avoid. > > The danger discussed by Bob (and reinforcing my recently raised > consciousness) is that you can have one element connected to both buses. > Let=99s just think of two switches wired to power two pumps from tw o buses by > having one buss on one switch with both pumps, the other bus to the other > switch also for both pumps. With two 700-2-10=99s we have several s witch > states, two of which are powering the same pump from both buses. (Main > A/Aux A or Main B/Aux B). Yeah, the pilot should remember not to double > connect elements, but pilots ARE human. > > Look it over and it looks like =9Cno big deal=9D to have both buses connected > to one pump while both buses are hot. But we want to be failure tolerant. .. > > Imagine one bus goes cold =93 all the elements on the cold bus are connected > through one fuse on the hot bus =93 fuse goes pop! Among all the ot her fuss > with a cold bus, the engine is windmilling. Once the pilot gets the light > back on, the attitude and navigation gadgets rebooted, our pilot sees the > fuel pressure alarm and wants to restore pressure to the injectors. Yes, > the switches for the EFI pump will get exercised, looking for a setting > that restores fuel pressure. Trouble is one state is off, another state > will blow the other fuse, more states are now unintentional =98off =9Ds, and > only one state will run the airplane. Remember to fly the airplane while > getting all of this sorted. This difficult human factors situation has hi gh > likelhood for becoming a =9CGreek Tragedy=9D. Nope, let =99s avoid all that. > > First thought was =9CCan I build some sort of mechanical gate that prevents > the back power combinations?=9D Best scheme I came up with is kind of > inelegant with a little plate with notches for switch handles on a pivot > attached between two switch handles. Try to move one handle to a prohibit ed > combo and it drives the other switch to an allowed position. Not sure I > want to do that five places in my airplane, but it could work. > > Another scheme is to run only one element (like one pump) per switch and > select from buses on each switch. No back powering, but we do have some > reduced redundancy at lower probability orders. So, how do we make our > decision on just how to build? > > And are there other schemes that could work for this scenario, access bot h > buses and both pumps or other elements, and keep us from having a > windmilling prop? > > More in the next post. > > Billski > > > Read this topic online here: > > http://forums.matronics.com/viewtopic.php?p=513480#513480 > > =========== =========== =========== =========== =========== > > ________________________________ Message 2 _____________________________________ Time: 07:31:32 AM PST US Subject: AeroElectric-List: Re: Switch Schemes for Reliability From: "Ceengland" I don't know what happened to my previous post in this thread, but what showed up in this forum version had nothing of what I sent in the email. Here's what I wrote earlier: I'll take a short swing at it, by simply describing my thought process & resulting decisions. I decided that *buses* don't fail. As long as they're installed properly and inspected regularly, they should be given the same confidence as wing spars. Power supplied to one could fail, in which case a backup source should be available. With that starting point, I planned two buses; one with *everything* for the electrically dependent engine, and the other for airframe power. Crossfeed ability between the two. Individual circuits protected by individual fuses, protecting the bus. I have redundant fuel pumps, etc, but both are controlled from the engine bus. Even then, switchology was still more complicated than I wanted, but it was stripped down as clean as I could reasonably get it with the 'unconventional' engine. Trying to power each item (if you're doing the pumps, the ECUs need it too, etc etc) from multiple source buses seems to me like planning for multiple failures in the same function-path on the same flight, a possibility so remote that the mitigation attempts actually increase the risk, and it's also a strong magnet drawing one into pilot overload if something does go south in flight. We manage to mismanage stuff in stressful situations even with all the control motions being hardwired by decades of flying. A radical departure in 'switchology' beyond that absolutely required, and/or multiple added layers, seems to me to make it more likely that something minor will become something major very easily. Just my thought path and results; yours will likely vary. Charlie -------- Charlie Read this topic online here: http://forums.matronics.com/viewtopic.php?p=513484#513484 ________________________________ Message 3 _____________________________________ Time: 05:35:09 PM PST US Subject: AeroElectric-List: Re: Switch Schemes for Reliability From: "wsimpso1" [quote="alec(at)alecmyers.com"]Isnt that what Schottky diodes are for? This and another post suggested diode isolation. Trouble with adding elements to our systems is they too have failure modes, downstream effects, etc. Diodes can and do fail open and fail closed. So, we have to put them in the Fault Tree and Failure Modes and Effects work, estimate failure rates, and see if they help or hurt for forced landings and dark avionics suites. Have not done it yet, but might yet. Billski Read this topic online here: http://forums.matronics.com/viewtopic.php?p=513492#513492 ________________________________ Message 4 _____________________________________ Time: 05:39:17 PM PST US Subject: AeroElectric-List: Re: Switch Schemes for Reliability From: "wsimpso1" [quote="Eric Page"]Have you looked at Bob's newest electrical architecture, Z-101B? http://www.aeroelectric.com/PPS/Adobe_Architecture_Pdfs/Z101B.pdf Yes. I have been keeping up. A friend is using it in his RV-7. Same issue comes up there - how do we run our engine and such without reducing function when stuff breaks? Billski Read this topic online here: http://forums.matronics.com/viewtopic.php?p=513493#513493 ________________________________ Message 5 _____________________________________ Time: 06:06:30 PM PST US From: Alec Myers Subject: Re: AeroElectric-List: Re: Switch Schemes for Reliability I suspect the failure rate of a single correctly specified diode is many many orders of magnitude lower than a mechanical switch. And you can parallel two, three or four such diodes if you wish. On Apr 21, 2024, at 20:35, wsimpso1 wrote: [quote="alec(at)alecmyers.com"]Isnt that what Schottky diodes are for? This and another post suggested diode isolation. Trouble with adding elements to our systems is they too have failure modes, downstream effects, etc. Diodes can and do fail open and fail closed. So, we have to put them in the Fault Tree and Failure Modes and Effects work, estimate failure rates, and see if they help or hurt for forced landings and dark avionics suites. Have not done it yet, but might yet. Billski Read this topic online here: http://forums.matronics.com/viewtopic.php?p=513492#513492 ------------------------------------------------------------------------------------- Other Matronics Email List Services ------------------------------------------------------------------------------------- Post A New Message aeroelectric-list@matronics.com UN/SUBSCRIBE http://www.matronics.com/subscription List FAQ http://www.matronics.com/FAQ/AeroElectric-List.htm Web Forum Interface To Lists http://forums.matronics.com Matronics List Wiki http://wiki.matronics.com Full Archive Search Engine http://www.matronics.com/search 7-Day List Browse http://www.matronics.com/browse/aeroelectric-list Browse Digests http://www.matronics.com/digest/aeroelectric-list Browse Other Lists http://www.matronics.com/browse Live Online Chat! http://www.matronics.com/chat Archive Downloading http://www.matronics.com/archives Photo Share http://www.matronics.com/photoshare Other Email Lists http://www.matronics.com/emaillists Contributions http://www.matronics.com/contribution ------------------------------------------------------------------------------------- These Email List Services are sponsored solely by Matronics and through the generous Contributions of its members.