On the redundancy subject, per the NAR L3 requirements, section 2.3 -
"Redundancy
must be present in the power sources, safe and arm provisions, control
logic, and output devices (e.g. bridgewires, electric matches). Redundancy
is not required in the energetic materials (e.g. black powder charges),
parachutes, attach points, risers, and disconnects." Thus, the questions
of "what if you're powering things off the same battery" or "what if you're
using the same switch for both systems" is already answered by the
requirements for the cert. I think "power sources" is explicit enough, but
"safe and arm provisions" says to me you have to have separate physical
switches for each altimeter, not just two poles in the same switch.
The way I was going to use the Schurter switches in my L3 would've been to
have one switch controlling power to each altimeter and the continuity of
its respective drogue charge (bc if one dies than the other's useless
anyway), then have a third switch that would control continuity for both
main charges...the way I see it, from a safety perspective (not worrying so
much about passing the cert), the drogue charge is your critical event,
anyways, bc that's the one that keeps it from going ballistic, so using
that as the criteria for failure (again, not cert failure, but "destroying
somebody's car or head" failure), this scheme would not experience a
critical failure if any one component failed. You could add an extra
switch so each main has its own, to make the whole system truly
single-failure redundant and "cert-fail-proof," but if you're hurting on
space, that may not be an option.
On Thu, Jan 12, 2017 at 11:07 AM, Gregory Lyzenga <lyzenga@xxxxxxxxx> wrote:
On Jan 12, 2017, at 10:18 AM, R Dierking <applerocketry@xxxxxxxxxxx>
wrote:
*The topic of redundancy is interesting and maybe deserves a separate
thread. I’ve seen it has different meanings. For example, someone says
their deployment system is redundant but the two systems share the same
battery or activation switch, which can be done with the 110/220 because it
has two circuits. So, what if you are using the same type of switch, or
say deployment system (i.e. two e-matches from the two triggering systems
in the same BP canister), is your system truly redundant? I’ve even
considered using different makes of batteries, or not using ones from the
same package.
This is a slight digression from the original thread, but yes Richard you
make an excellent point. I barely dodged a serious redundancy bullet at
the last launch I flew at… My standard operating procedure on my L2
electronic deployment flights is to provide redundant systems for drogue
deployment as a guard against a ballistic crash. My primary is a
Perfectflite altimeter firing an ematch in a BP charge tube. My backup is
a g-switch timer firing a separate ematch in the same BP charge.
Sounds pretty redundant, right? Well, yes and no. I made a serious error
in judgement by trying to save weight and powered both electronics from the
same 9v battery. Although I’ve done this dozens of times and it always
worked perfectly, I guess in my heart I knew it was a disaster waiting to
happen… Like all good disaster stories, this just needed to wait for the
intersection of a second triggering factor. My second error in judgement
was that I found what seemed to be a great deal on eBay for ematch
replacements, and since my ematch supply is dwindling I decided to buy a
batch. I tried one out with a 12 volt battery in the garage and it seemed
to fire nice and hot, so I decided what the heck, I’ll put one in my next
flight. Thinking I was being wisely redundant, I used only one of these
matches for the primary drogue and one of my old tried and true matches
for the backup, thinking I’d be safe that way. Wrong.
It all seems so obvious now, but I guess I wasn’t thinking. The el cheapo
ematch has a much higher current draw than a good match (duh) and at apogee
firing it pulled the battery voltage down to almost zero and the charge did
NOT fire. The voltage brownout sent the Perfectflite into a coma and the
rocket was on its way to oblivion. Now I guess it’s true that God protects
fools, drunkards and rocketeers, because against all odds, the backup timer
survived the brownout without resetting, so the rocket landed under drogue
after all and I didn’t have to recover the rocket with a shovel. Only
after doing the flight post-mortem did I realize how close I’d come to a
really bad day. A good reminder not to get complacent!
- Greg
----------------------------------------------------------
Gregory A. Lyzenga <lyzenga@xxxxxxx>
Dept. of Physics, Harvey Mudd College (909) 621-8378
Claremont, CA 91711-5990 mobile (626) 808-5314
