What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

EFII reliability discussion ?

Larry DeCamp

Well Known Member
Rocketman1988 recently commented “ if you drill down far enough, you will find single point failures”. Yes, carbs have floats and orfices. Mechanical injection has one servo. EFII has one circuit board.

So my question is, under what assumption is a single board EFII system viable for an airplane ? You have 4or6 injectors controlled by a single brain. Not really any worse than a single fluid path to the cylinders ???

OK, then lets use two circuit boards to fire the injector coils. How is that managed if one board goes TU, or they simply disagree ?

Your comments would be appreciated.
 
Rocketman1988 recently commented “ if you drill down far enough, you will find single point failures”. Yes, carbs have floats and orfices. Mechanical injection has one servo. EFII has one circuit board.

So my question is, under what assumption is a single board EFII system viable for an airplane ? You have 4or6 injectors controlled by a single brain. Not really any worse than a single fluid path to the cylinders ???

OK, then lets use two circuit boards to fire the injector coils. How is that managed if one board goes TU, or they simply disagree ?

Your comments would be appreciated.

I can only state from our experience in the field with around 1400 aircraft and 400,000+ flight hours over 26 years on single ECU aircraft. Zero ECU failures to our knowledge. With an additional 350,000+ hours on 700 dual board ECUs, we've heard of 2 actual hard ECU failures, one unknown cause, one traced to tie wrapping sensor cables to the spark plug wires (please don't do this).

Have had a few more where the engine ran badly on one ECU where there was a wiring issue like intermittent grounds.

In the case of SDS and dual ECUs, the pilot manually switches to the backup ECU if the engine were to run rough or actually stop.
 
Last edited:
... In the case of SDS and dual ECUs, the pilot manually switches to the backup ECU if the engine were to run rough or actually stop.
I think this is a wise design choice, considering the application, the possible error modes, and the training of the user.
 
We looked at trying to automate ECU switch over years ago but after looking at how many different ways something COULD fail and permutations of those ways, it would be very hard to write software to cover all of them with certainty and without making the system more complicated and in fact maybe more likely to fail as a result.

We felt it best to leave ECU control in the hands of the pilot given the number of times the ECUs have actually failed. It's an extremely remote scenario if the system is wired correctly.

We've seen way more problems where things are not wired properly or with best practices or where there wasn't a well designed backup power system available when primary power went down.
 
...
We've seen way more problems where things are not wired properly or with best practices or where there wasn't a well designed backup power system available when primary power went down.

Well put. Despite all of the resources available that try to teach best wiring practices and electrical architectures, electricity is still a mystery to many otherwise talented and dedicated builders.

I like it when manufacturers provide detailed wiring procedures. Even for us 'sparkies' it provides a baseline that prevents unintended consequences.

If we want to diverge from the recommendation, it forces us to understand the intent, do the FEMA and take the responsibility.

VV
 
You've probably already seen it, but here's a pretty interesting case of engine failure with EFII and the resulting crash.

https://www.youtube.com/watch?v=4PHTVTw_Y2A

Cause was the fuel pumps signed off when the single breaker they were fed from (both pumps plus the hydraulic pump!) tripped as the gear was cycled.

As I said, most failures are due to bad layout, bad wiring or no backup power. This one could not be said to follow best practice.

Whoever made the decision to wire like this simply wasn't thinking at all. Having twin pumps was wasted with this strategy.
 
Just need 4 engines, each EFI powered by it's own electrical system, with two alternators per engine (8 total). That should cover all the redundancy concerns. Lose an EFI, well there's 3 other engines to take you along (sarcasm).

I wonder how the EFI systems (EFII and SDS) compare to FADEC on bigger planes in terms of single point failures and redundancy? Granted they have two engines, but those engines still aren't allowed to quit very often (ETOPS, etc.).
 
I wonder how the EFI systems (EFII and SDS) compare to FADEC on bigger planes in terms of single point failures and redundancy? Granted they have two engines, but those engines still aren't allowed to quit very often (ETOPS, etc.).

Most of our RV customers buy the dual ECU setup. All critical sensors are redundant with 2 fuel pumps as well. Only critical non-redundant part is the injectors and we have not seen one of those fail yet in 750,000+ flight hours. Mechanical FI and carbs also don't have redundant fuel delivery and that seems to be accepted.
 
Ahhh, the manual switch 👍

Thanks Ross, the switch was the missing link in my concern for isolation. This puts EFI slightly ahead of mechanical injection ( in my judgement) because you cannot reasonably employ two servos.
 
Most of our RV customers buy the dual ECU setup. All critical sensors are redundant with 2 fuel pumps as well. Only critical non-redundant part is the injectors and we have not seen one of those fail yet in 750,000+ flight hours. Mechanical FI and carbs also don't have redundant fuel delivery and that seems to be accepted.

Not sure any big airplane FADEC engines have dual fuel delivery either. Are there any big airplane pilots around that are able to speak to the redundancy in the FADEC controlling their multi-million dollar jet engines?
 
Dta

We have a single EEC for each engine, however, it has an alternate control mode…

They are very reliable but do occasionally have an issue.

It is not possible to define nor build a perfect system; every system has a failure mode.

It is all about risk mitigation…
 
Back
Top