A couple days ago we were talking about redundancy and reliability in the APM:Plane 2.74 thread. I have been thinking about how to add more redundancy without adding too much complexity and cost. I have been thinking about how to safely guide a plane after a total APM failure. This requires not giving the APM control of every servo, and hooking one of two elevator servos and the rudder servo directly to the receiver which is powered by a different source. This means that during autoflight, the APM will have to be tuned to make do with only half an elevator and no rudder. I believe that is totally doable, but not a very elegant solution. So then i was thinking how to backup the control of a servo so that it could still be utilized if the APM was dead.
Is it possible to simply Y-splice a servo signal line between the APM and the Rx so both had simutaneous control? So during auto flight the servo would be getting signals from the APM unless the pilot moved the sticks, then there would be two different signals being sent to the sevo at the same time. I wonder what a servo would do? Would it freak out and jitter, or would it simply react to the sum of the signals and behave sort of like the Stick_Mixing parameter?
I know this is a ridiculous idea, so feel free to ridicule it. Perhaps there is a more elegant way of sharing a servo for redundancy. Ideally the APM would have a true RX pass through that would function with no power. I don't know if such a device could be created as a stand alone unit, or if there could be a software solution.
Redundant system integration is the key to our success in the eyes of the FAA, so it is a conversation worth keeping active.
Replies
Hello all together,
I just found this discussion.
This morning I also posted something in this direction. It might be interresting for you.
Please check: http://diydrones.com/profiles/blogs/soon-availible-redundancy-for-a...
Regards, Robert
HI Iskess,
I am building 2 pipeline surveillance planes with a backup parachute landing, and we should have the fail-safe or redundancy as priority. I am new in small UAV, so my ideas might be not working but I was thinking of them.
1- If we can put 2 x APM, in a way that if the first one goes off, the second one will continue its work.
2- If both go off, we can use the FailSafe Mux from https://store.3drobotics.com/products/failsafe-mux for the RX to take control
3- All items are connected to the main batteries, and one additional battery for backup power at least to do a parachute landing or continue helping the APM to do the RTL or give power to the RX to control it.
4- If we can have parallel ESC as well, if applicable.
What else do we need to make a 101% redundant plane? Did I miss any point? and of course there are some small accessories to make the 4 above points functional. What are they?
If you can help us, it will be great or if anyone can do.
We have 2 planes, one of them has double engines. (For extra camera payload and safety).
HI,
The Autopilot can be the Pixhawk and not necessarily the APM, if it works to have 2 autopilot for redundancy.
We are looking to have a working solution.
I saw that you have been recommended to use Batshare for battery backup. https://www.smart-fly.com/Products/BatShare/batshare.htm
I was reading somewhere, that we can put an additional Rx as backup , but how to do the connection between them?
This appears to happen without a GPS lock in all modes except stabilize and manual. Just flies right into the ground. (lost GPS lock a few times last week)
Yesterday I tested what happens if you fly with an obstructed pitot tube. (airspeed sits at 0 m/s)
Result: the plane goes completely haywire.
You cannot use any mode but manual safely. FBWA is still flyable, but you have to be very careful with controls, because the plane risks stalling due to excessive control surface movement.
Any auto mode = crash, if you are not quick enough to diagnose the problem and/or switch to manual.
I did some work in this area last year. We never built the system designed but it should work. We decided to go with redundant receivers, one connected to the APM and one not. The key was to use a PowerBox receiver failsafe system. All the servo outputs go through it and all servos connect to it. One of the receivers is wired to the APM. The other direct to the Powerbox. The APM is then wired to the Powerbox. The failsafe can be set to fail over on trigger by a dedicated RC channel, RSSI input level, or receiver PWM output failure. This offers the added advantage of handling all the power requirements for the receivers, APM, and servos separately using redundant batteries. Not exactly cheap, but it should work.
I've used Powerbox systems in large RC aircraft for years with single and dual receivers. Never had a problem.
www.powerbox-systems.com
Its a good thing the failsafe issues and concerns have been revived.
I've had two crashes with APM2.0 and APM2.5 some time ago with Autopilot-to-Manual switch over not working at a high enough altitude to recover. There was an RTL dive issue during the early stages of APM2.0 and we experienced the compass getting disoriented after a previous rough landing with APM2.5 which we did not see coming during launch. On both occasions, the switch-over to manual did not work. After an APM2.5 reset, everything works fine again. I no longer use the APM2.0.
I remember Jordi Munoz designing a tiny ServoMux back in 2009(?)but now its no longer sold or supported here. So I bought a buddy box from HK some time ago. Works great. I can switch on-the-fly between a boosted Spektrum (Master) and Futaba(slave) radio xmtrs if there is a need to override the Autopilot. If there are two operators they can even swap control at different places in manual/stab mode (or even auto mode) to get to a better landing area or extend the range of control. The Slave has a simple Auto Stab controller now (with LR FPV) for simple redundancy. The Master controls the APM 2.5. and the manual 'override' switch. Maybe we can add another APM in the future for true redundancy and the possibility of automatically 'switching over' during a failed autopilot condition.
Also working on a parachute system.
Not a complete foolproof, 'catch all', or low cost solution but can save me the aggravation of losing the drone and possibly crashing on people or property and rebuilding or making a new one (especially if its carrying an expensive payload).
Just sharing this set-up in case it would benefit others. For sure there will be better ideas from the community.
I think the APM already has a funtion that bypasses the signals when it fails, but I'm not sure of that.
Now that we are talking about redundancy: I'm planning to buy a wing/elevon plane as a stepup from my ol' bixler, and I will fit it with four servo's. I will split each elevon in half and have each halve controlled by one servo. That way when a servo fails (and they will fail) It will not result in loss of control.
I also would like to see dual airspeed sensor usage in APM, so we have redundant airspeed measurement.
Am I right in saying the APM already has a physical bypass, so that if the APM fails the RX inputs are passed directly to the outputs? I vaguely recall that when in mode 6 ('hard' manual) it engages this passthrough? Or did I imagine all of that?
Obviously this doesn't guard against the APM going bonkers only crashing or losing power (a power loss that doesn't affect the RX)