Blogs

Power System Reliability Considerations Part 2

Posted by JLJu on August 14, 2015 at 10:30am

Intro.jpg

F16 Aerobatic maneuver, Thunderbirds Aerobatic Team

This article is a follow-up on the previously presented results. We will examine the power system of a model airplane from the aspect of reliability. Common equipment configurations will be used as examples.

In a vehicle where the primary power source are electric batteries, the most crucial power consumers are the motor, the avionics and the servos. From now on, for the sake of simplicity, we will refer to the powerplant of the aircraft (which is tasked with producing thrust) as the “thrust” system, whereas the rest of the electric power consumers on the aircraft will be called the “control” system. We will carry out a high level analysis, since too much detail would eventually distract the reader from the most relevant factors.

Refer to Figure 1: our first layout consists of a single battery pack connected to the ESC. Control and thurst are powered by the ESC. Our working hypothesis is that the different failures modes can be considered independent.

figure1%2BLayout%2B1.png

Figure 1. Single battery system

Let's select the battery pack reliability value at \(R_p=0.96\) and the reliability value of the ESC at \(R_{ESC}=0.98\). The battery and the ESC should be working at the same time, so for the first layout, the reliability is \(R_{l1}=R_p \cdot R_{ESC}=0.940\). We notice that the overall reliability is lower than the reliability values of each single component. Moreover, our system is not redundant, since the failure of each component causes the failure of the overall system.

Our second layout consists of two independent batteries, one for thrust and one for control. One battery is physically connected to the motor's ESC and the other is connected to a BEC circuit that supplies the control module. Usually, the power related to the thrust system has more capacity and nominal voltage than the control battery.

figure2%2BLayout%2B2.png

Figure 2. One battery for thrust, one battery for control

Let's set the reliability value of the battery packs to \(R_p=R_c=0.96\), the reliability value of the ESC to \(R_{ESC}=0.98\) and the reliability of the BEC to \(R_{BEC}=0.98\).

Under nominal system operation, the two batteries, the ESC and the BEC should be operational at the same time. From this aspect, the reliability of the second layout is \(R_{l2}=R_p\cdot R_{ESC}\cdot R_c\cdot R_{BEC}=0.885\). At first, this result seems wrong: Despite having used more equipment, the overall reliability is now lower than the initial 0.940 value from Layout 1. Until now we haven't considered in detail what happens when a part of our system fails and that led us to non-comparable results. In fact, under careful examination, the second layout has extended capabilities. In layout 1 we have a probability \(1-R_{l1}=0.06=6\%\) of a total power loss, and if this unfortunate event happens then we will lose control of the vehicle as well as any ability to safely (crash) land the unit. Revisiting layout 2, we calculate the probability to lose completely the vehicle control. The cases that lead to a catastrophic failure are those that include a simultaneous failure of both the batteries or both the ESC and BEC. The following table presents all such failure cases.

Case #

Battery P

 Battery C

 ESC

 BEC

1

fail

fail

fail

fail

2

fail

fail

ok

fail

3

fail

fail

fail

ok

4

fail

fail

ok

ok

5

fail

fail

fail

fail

6

ok

fail

fail

fail

7

fail

ok

fail

fail

8

ok

ok

fail

fail

Table 1. Failure modes that lead to total power loss equivalent to Layout 1

Combining the probabilities of the cases indicated in the table, we get the following expression for reliability \(R_{l2flat}=1-((1-R_p)\cdot(1-R_c)+(1-R_{ESC})\cdot(1-R_{BEC}))=1-(0.0016+0.0004)=0.998=99.8\%\). Now the odds changed to being favorable to Layout 2. However from a user's point of view, it is more interesting to know the value of the probability that the vehicle is still controllable (at least to some degree) after a failure. The necessary condition for controllability is that the BEC and its battery are still working properly.

Refer to the next table. In cases 9 to 12 the pilot will have a chance to land the aircraft safely.

Case #

Battery P 

Battery C 

ESC 

BEC

9

fail

ok

fail

ok

10

ok

ok

fail

ok

11

fail

ok

ok

ok

12

ok

ok

ok

ok

Table 2. Failure modes that lead to a controllable (crash) land.

The reliability related to this minimum guaranteed performance is \(R_{l2user}=R_c\cdot R_{BEC}=0.940\). This value is the same as the value of the first layout. With this method of analysis, the advantage of layout 2 over layout 1 not so clear anymore. However, the situation can be radically different if there is a relationship between the reliability of batteries/ESC/BEC and the corresponding capacity/max-current/etc or there is a dependency among the reliabilities of single items.

All things said, however, by inspection of layout 2, it is evident that it does not offer any physical redundancy, so statistics apart, it's wise to not expect any sudden reliability increase.

figure3%2BLayout%2B3.png

Figure 3. One battery for thrust, dual batteries for control

In this layout number 3, we have a battery that goes straight to the ESC and a redundant voltage regulator, powered by two separated batteries, which feed the control system. The working hypothesis is that the redundant voltage regulator will continue to work even if one battery fails. The most tricky failure to handle for the voltage regulator is a battery cell short. Fortunately even regulators at RC grade can handle this condition [1].

Back to the math, this layout is more reliable as the system composed by voltage regulator with \(R_v=0.98\) and two batteries with \(R_c=0.96\).

\(R_{l3}=1-((1-R_c\cdot R_v)(1-R_c\cdot R_v))=1-0.0035=0.996=99,6\%\) [2]

Using the same battery pack type, layout 3 offers augmented reliability, and that result was reached by means of physical components redundancy.

Typically, the weakest link in the chain affects the system reliability the most, so prior to purchasing or building an expensive or complex reliable thrust system, an analysis of the reliability of the whole aircraft system should be performed. It will be useless to have an amazing thrust system with undersized servos.

References

[1]

For example

Smart-Fly - PowerSystem Eq6 Turbo Plus- Battery input protected

[2]

Mc Dowall (2005), Lies Damned Lies and Statistics: The Statistical treatment of Battery Failures , Retrieved 09/07/2015

E-mail me when people leave their comments –
Follow

You need to be a member of diydrones to add comments!

Join diydrones

Comments

  • JLJu September 1, 2015 at 7:56am

    Hi John,  I've just returned home from holidays. Terminology is relevant, however inside a entry level short article can be negligible. Of course any contribution is welcome.

  • John Rambo August 17, 2015 at 3:15am

    I believe one should begin from specifying the terminology first. I.e. mapping from IT world, we'd have:

    • HA - High availability (i.e. 3x nines - 99.9%). Active + Passive battery etc. For lightweight, non-lethal UAVs.
    • FT - Fault Tolerance (5x nines, mission critical stuff). 3x Active+Active battery. For lethal UAVs.
    • DR - Disaster recovery (RPO - amount of flight data lost / RTO - failsafe metrics, i.e. when the radio beacon kicks-in. or parachute deploys)

    Each of above will require a separate design and component layout. One FC (Flight Controller) with multiple batteries, of multiple FCs with multiple batteries. Redundant ESCs, Diode OR-rings, Reset Timers, current share controllers etc.

    Somehow I have a feeling FAA is doing a hard work defining the above, and we'll soon see similar requirements applied for your UAVs in order to certify it (and get a licence).

This reply was deleted.