Friday, June 12, 2015

Power System Reliability Considerations Part 1

RC Big scale flying wing Focke Wulf 3x1000 (31 kg) . High reliability is needed here.

The power system is an essential part of every flying device. If the power system fails then our beloved flying platform will fall out of the sky, and sometimes the damages can even include our calibrated air data instrumentation! The solution is a redundant power system. We will discuss here on the reliability of a range of commonly used power system layouts.

Figure 1- Focke Wulf 3x1000. Redundant power system. The engineer went to great extends to ensure reliability by installing of two independent receivers

Prior to considering the performance of any layout we will first discuss the reliability of a battery pack alone. Battery packs are composed by single cells, connected in series or in parallel. There are different technologies on batteries cells, for example LiPo, NiCd or NiMh. Our reliability considerations are independent of the battery technology.

As users we're interested to know when a battery cell will fail. In other words, we want to know whether the battery will be operating during the impending 15-minute-flight. A closed-form solution for such an answer is not in our reach. Even the manufacturers of the cell are not able to provide that form of reliability information to the users. The main reason is that every battery, after leaving the factory, is exposed to different environmental conditions and workload. Such a fact degrades, or even invalidates, any experimental data gathered during the lab tests on sample batteries. In many appliances such as UPS's, a mechanism which estimates the health status of the battery based on real time data may be present. Unfortunately, this kind of estimation systems usually can't provide accurate short-term predictions. As worrisome as it can be, it is possible to charge a battery, have it perform flawlessly, with a 100% nominal charge, and the very next flight it can fail. That is because the possible causes of battery failure are a many and different in nature, and of course they are also technology dependent. The most used workaround for lack of reliable information, in mission critical system such as ours, is redundancy.

It's worth our attention to find a relationship between the single cell reliability and the battery pack reliability. To that goal, we will introduce some statistics concepts. Let's define the reliability of the cell \(i\) as \(R(\tau)_i\), \(\tau\) represent the length of a time interval. Writing \(R(\tau)_i=0.96\) we state that with a probability of 96% the battery will operate properly in the next \(\tau\) hours interval of time. From now on we will assume, as a simplification, that \(\tau\) has a constant value so we will write \(R_i=0,96\).






Figure 2 - From top to bottom. Series connection, parallel connection and parallel of series connection.

Let's suppose that we have a battery pack \(b_1\) composed by \(n=2\) identical cells in series, as depicted in figure 2. The overall reliability is \(R_{b_1}=(R_1)^n=(R_1)^2\), if the reliability of the single cell is 0.96 then \(R_{b_1}=0.9216\). A series component has a combined reliability that is lower than the single cell reliability, look the following table.

#CellsReliability %
196.0
292.2
388.5
484.9
581.5
678.3
775.1
Table 1 - Reliability of a battery pack composed by n elements in series.
Single element reliability 0.96

Now we evaluate the reliability of a pack that is composed by two identical cells in parallel connection \(R_{b_2}=1-[(1-R_1)\cdot(1-R_2)]=0.9984\). Regarding reliability, the more cells in parallel the better.

If we connect two \(R_{b_1}\) packs, composed by two cell in series, in parallel the reliability of the assembly is \(R_{b_3}=1-[(1-R_{1})^2]=0.9938\). So a parallel configuration can mitigate the reliability loss introduced by a series configuration. Keep in mind that for a full redundancy the two parallel cells/packs should have the same nominal capacity and the circuitry configuration should warrant that failure of one cell/pack does non implicate the failure of any other element (a simple solder joint will fail to do so). Refer to figure 3 for a basic diode based circuit that avoid total failure of parallels batteries packs.


Figure 3 - Diode based circuit that protects the power system from single cell short circuit. To note that this circuit cannot protect the battery if there is a load short circuit. For example is you have a shorted servo or servo line short the battery will short.

Besides the exact value of reliability and dedicated circuitry design we've demonstrated how we can affect the reliability performance of a battery pack with series and parallel layouts. However, we'd still like to know how will our battery fail The life cycle of a battery is sometimes represented with a bathtub curve diagram


When the cell is new it is possible that it has some fabrication-related defects, that will be observed in the first charge-discharge cycles. If the cell passes the early failure phase, it then enters a long operational life phase, characterized by low failure rates. At the end of the operational life phase, the wear out phase ensues, which is ended by the cell failure. Without going into details and using a common approach, the failures types can be categorized in three different sets. Infant mortality is any fail in the early stage of battery life, wear-out is any fail caused by the aging and use of the battery and the random faults are the faults that can be present at any point of the life cycle.

The most dangerous failure constitutes in an internal short: The cell temperature can increase up to ignition temperature. That will lead to fire into the airframe, see figure 5 and video 1. From an electrical point of view, a short always results in a total failure of the battery pack. On a single battery pack powered aircraft, this is equivalent to the total loss of thrust and control, usually resulting to a catastrophic crash. If redundant systems are present, usually the power to control surfaces and electronics is guaranteed but the main electrical engine may be not powered. The minimum requirement for a redundant system should be that the vehicle has the ability to be comfortably commanded to a crash land.


Figure 5 - Lipo Fire
Video 1 - RC plane landing on flames, of course a dreadful spectacle.

Into the next post we will examine a single BEC configuration against to a couple of typical redundant configurations.

Further readings

1. Cells, connection series and parallel 
2. UPS
3. MTBF definition