Simplified Approach

DanH · Feb 17, 2023

9/13/2023 - Updated drawing at post #149. EFI/EI on single bus with dual feed. EFI/EI bus and avionics busses supplied via MIDI fuses.

I'm going to post recent work, and risk being branded a heretic.

Opinion...the current approach to power supply wiring has become far too complicated, both physically and operationally. Both aspects can be simplified, if we throw out some fixed thinking.

The attached is a dual bus, dual battery, dual generation system, supporting an SDS EFI /EI, and a three screen G3X/G5. Batteries are ETX900's. Primary alternator is a B&C L60 w/ an LR3D. Backup generator is an MZ-30L. The G5 has its own battery.

Yellow: cranking system.
Green: power generation.
Red: EFI/EI.
Blue: avionics.
White: typical main bus functions.

System is effectively modular.

Nothing exotic at the main bus. No field switch, just a pull breaker, which is mostly relegated to being a test function. The LR3C handles overvoltage.

The leftmost avionics busses dovetail with the dual power inputs on many Garmin products. Single input avionics go on a bus with dual feeds. Avionics may be fed from either battery, or one.

The SDS power supply is critical. Again, feed is from either battery, or one. Each coil/fuel pump switch is a three position Honeywell 2TL1-10 wired as OFF/COIL ON/COIL & FUEL PUMP ON.

The MZ-30L has several interesting features, foremost being self-start and electronic current limiting. Here the primary purpose is powering the SDS system no matter what. As a secondary mission, it will also support limited avionics and main bus function. It's wired with a relay or contactor because it's connected to battery #1, and the regulator does have a small parasitic draw. With the ENABLE switch closed, it is in standby, and comes online if bus power drops to battery voltage or less.

Note a typical Monkworkz application ties the regulator output to the switched side of the main contactor. In that case, if set as an auto backup (regulator pin 1 open), it would not need a relay. Again, here the goal was to feed an SDS bus with the masters open.

Operational simplicity should be a major design goal. When the spit hits the fan, pilot IQ tends to go out the window, at least for a little while. So, let's make the switching intuitive, and more important, arrange it so it requires little or no pilot action given power failure.

This is going in an Aerosport panel, so all the toggles to the left of the pilot's display are for the SDS EFI/EI. The critical rockers (DPST Carlings) are below the display. Note the conceptual similarities to traditional systems. It's basically mags and masters.

For a critical flight regime (like departure), the switch settings are dead simple...they're all UP, with one exception, INJECTOR DRIVER SELECT. Given power loss at 300 feet over the trees, the entire pilot response is flip that one switch, and change tanks. Again, pretty familiar.

First pass, a basic "open or short" review doesn't turn up any critical issues, but if I missed something, hey, I'm all ears.

On a bad day, both main contactors can be opened, which immediately dumps the large loads and brings the MZ-30L on line. Avionics load is about 10A, maybe 13 running autopilot servos, and can be less. The pilot has access to both batteries and the MZ-30L, in any combination.

On a really, really bad day, the MZ-30L carries the SDS, and the G5 is on internal battery.

bjdecker · Feb 17, 2023

Galileo was a heretic.

majuro15 · Feb 17, 2023

Very nice, Dan. I see a lot of diodes. Do you have a source for those? I’ve had trouble finding diodes that would handle more than just a few amps.

wcalvert · Feb 17, 2023

Simplify!!

DanH said:
I'm going to post recent work, and risk being branded a heretic.

Opinion...the current approach to power supply wiring has become far too complicated, both physically and operationally.

Not to bash your plan, but Cut to the part where this is simplified!!

Seems to me the mission and the equipment required is the part that may be getting too complex. On the other hand, if you need the capability, your need the gear and complexity.

Please do a compare of your plan to a similar Z diagram ...

rocketman1988 · Feb 17, 2023

diagram

What DanH has drawn is very similar to what I put in my -10 several years ago. Works great.

Mich48041 · Feb 17, 2023

Dan, what is the purpose of the 1N4933G diode in parallel with the Monkworkz contactor?
If the contactor contacts develop resistance, wouldn't the diode smoke? Thanks

dmn056 · Feb 17, 2023

Thanks for this. I'm laying out my SDS EFI/Ei system at present, and your approach has given me plenty to think about.

Have you considered locking toggle switches for the EFI/EI circuits? They're not something that you want to have any chance of inadvertently knocking to off.

Also, why the three-position switches on the pumps and coils? Why are these preferable to something like separate 1TL1-2D switches on each component?

rocketbob · Feb 17, 2023

Problem with this approach is a runaway alternator that is overvolting can damage everything connected to it. Have had this happen while giving dual in a RV-6. It is best to keep busses completely independent, have some things on one and some things on the other, charging independently with a buss-tie in the event that power sources are lost. Most modern twins are wired this way.

DanH · Feb 17, 2023

majuro15 said:
I see a lot of diodes. Do you have a source for those? I’ve had trouble finding diodes that would handle more than just a few amps.

Four, not counting the dinky ones on the contactor/relays coils. Driving the injectors requires 2 to 5 amps. The avionics bus could see a peak surge as high as 15, but typical is more like 6. Lots of choices in these ratings.

wcalvert said:
Not to bash your plan, but Cut to the part where this is simplified!!

Conceptually? Sure...

Please do a compare of your plan to a similar Z diagram ...

Ummm....no thanks.
.

Mich48041 said:
Dan, what is the purpose of the 1N4933G diode in parallel with the Monkworkz contactor?
If the contactor contacts develop resistance, wouldn't the diode smoke? Thanks

Joe, you always have a great eye for electrons. Bill Judge suggested it so the regulator's OV protection would not trip into lockout if the contactor was opened under load three times in the same power cycle. I suppose burned contacts could smoke the diode, but it would merely set up the possibility of a lockout.

dmn056 said:
..why the three-position switches on the pumps and coils? Why are these preferable to something like separate 1TL1-2D switches on each component?

Operational simplicity; fewer switches, simplified runup pad checks. I'd be happy to replace them with fuses and merely switch the power supply to each SDS bus, but switching the ECUs while running makes Ross nervous

rocketbob said:
Problem with this approach is a runaway alternator that is overvolting can damage everything connected to it.

Both regulators have built-in OV protection.

echozulu · Feb 17, 2023

Pretty similar to what I have with the exception I've gotten rid of Avionics masters and alternator switches. I put in a backup alternator that would carry the avionics and SDS load and the alternator voltage is set just a bit below the main alternator voltage. Failure of the main alternator should be a non-event. So two masters, two fuel pump switches, and two three position switches for ignition & ECU select is all I have.

Two buses, one for critical functions - SDS + backup power to essentials, and one for everything else. Critical/E-bus is dioded to be powered from both sides of the cabin battery contactor (dual batteries, both ETX-900s) so in the event of some sort of problem the battery can be isolated to just the critical bus by flipping off the two master switches. Or put another way, I can troubleshoot an electrical fire the same way in traditional aircraft by turning off the master switch without worrying about keeping the engine turning.

Here's the diode I've been using: https://www.mouser.com/ProductDetail/STMicroelectronics/STPS24045TV?qs=G5AQjGfRJcKPMkPqGxRltA==

I have separate switches for fuel pumps and ignition to be able to shut off one fuel pump in cruise. A three position switch for ignition will require 2 5 pin relays to reverse the switch.

rocketbob · Feb 18, 2023

DanH said:
Both regulators have built-in OV protection.

So did the altertnator that overvolted on me.

One eliminates that possibility by isolating the busses and it is a much simpler system.

BillL · Feb 18, 2023

Consideration

Dan, a lot to absorb here, but one area I do have a little experience is the MZ30. I have an enable that is on all the time, BillJ has a feature to enable a ground when the unit is operating and flash if overloaded. It is a low cost LED and takes little panel space on either side. Also, a momentary button can run this LED to ground as a test feature to ensure it is still functional. These wires are all low amperage and could take less space and $ than a large rocker.

I like to have a positive indication that the unit is working, a way to ensure the feature is operable, and some warning if the power is about to be electronically controlled to OFF.

I'll keep studying for the remainder. Thanks for posting!!!

2 Cents . . .

PS: the feature was not in the instructions (now updated as I understand) when I got the unit but Bill was almost instantly available and provided this in an email in the installation process. It took a little to understand, meanwhile I had drilled holes in my panel. My monetary button to check function is yet to be installed as the understanding came when ready for the functional test. BillJ really has an elegant design.

DanH · Feb 18, 2023

rocketbob said:
So did the altertnator that overvolted on me.

Bob, for the record, was it one of the internally regulated automotive units Van sold back in the good 'ole days?

Toobuilder · Feb 18, 2023

Curious about the need/utility to have a switch for the coils AND fuel pump since removing power from either one results in engine stopage.

Why would you want to create a situation in flight where the coils were on and the pumps off?

RVbySDI · Feb 18, 2023

DanH said:
Bob, for the record, was it one of the internally regulated automotive units Van sold back in the good 'ole days?

“Good ‘ole days”!? Still in the kits today.

DanH · Feb 18, 2023

BillL said:
....I do have a little experience is the MZ30. I have an enable that is on all the time....

I assume you're connecting the output on the switched side of the main contactor, as prescribed in the manual.

This one is tied in on the hot side of the main contactor, so it requires some sort of disconnect to untie it from the battery when parked. There's a subtle reason for the tie to the hot side.

Clearly no problem to connect the MZ's output to the main bus side when opening the main contactor does not result in engine power loss. Good example would be an aircraft with P-mags, and a carb or constant flow FI. Typically the battery bus, if present, drives a few avionics choices...the classic Nuckolls "essential" bus.

Same with an EI/EFI dependent on airframe power, IF the hot bus has the necessary amp capacity (Tim, your diode sourcing issue?), and the battery is lead acid. The system is dependent on battery power to remain aloft.

Here's the catch. The market is moving toward far lighter batteries with an internal BMS. This particular airplane has two ETXX900's. The BMS system internally disconnects the battery output for several reasons. Internal fault or low volts are well known. Less recognized is disconnect for over-amperage, as might be seen if we short the battery output. There's a pretty good argument which says a high amperage short is momentary only, as they tend to melt away the cable and surrounding structure. Trouble is, here the BMS has probably already taken the battery off line. It will reset in 1 to 3 minutes, which could feel like a very long time with no ignition power.

Wires 1 thru 4 on the "open or short" list.

PS: the feature was not in the instructions (now updated as I understand) when I got the unit but Bill was almost instantly available and provided this in an email in the installation process.

Yep, Bill has been great.

DanH · Feb 18, 2023

Toobuilder said:
Curious about the need/utility to have a switch for the coils AND fuel pump since removing power from either one results in engine stopage.
Why would you want to create a situation in flight where the coils were on and the pumps off?

1. To run on one pump, for reduced power demand. Budget is 30 amps when running on the MZ-30L. Nice to keep the avionics instead of an unnecessary pump, and nibble at the battery capacity only short term, like for com transmit.

That's one change of thinking here. These days, the typical "essential bus" is loaded with a heap of Garmin or Dynon, and folks try to drive it all through a diode when the main bus feed is gone. Burn me at the stake, but maybe the essential bus concept is past its prime. Here we accept the desire to keep the avionics and engine, not as a special case, but all the time.

2. Operational simplicity. On the runup pad, cycle each coil/pump switch just like a mag switch. Both up for departure.

Toobuilder · Feb 18, 2023

Thanks Dan. My "second" pump come on line with a discrete switch (in my case, a pushbutton on the throttle lever itself). I did this specifically to align with the decades of training and muscle memory to flip on the "boost pump" in an engine out, approach, or takeoff scenario. My coils can (and are) switched at the EOR check with the typical Klixon Mil spec breakers. Yes, breakers are not "switches" - but try tell that to the USAF.

As for "normal" engine on or engine off... Single switch - just like a car.

Mudfly · Feb 18, 2023

DanH said:
I assume you're connecting the output on the switched side of the main contactor, as prescribed in the manual.

This one is tied in on the hot side of the main contactor, so it requires some sort of disconnect to untie it from the battery when parked. There's a subtle reason for the tie to the hot side.

Dan,
My plan also has the Stby Alt (B&C 410-14) tied to the hot side of the main contactor. I wondered about the battery back-feed, and have been meaning to talk to the folks at B&C. Are you familiar with the inner-workings of the B&C as to whether I would also need some type of disconnect?
Thanks.

DanH · Feb 18, 2023

Mudfly said:
My plan also has the Stby Alt (B&C 410-14) tied to the hot side of the main contactor. I wondered about the battery back-feed, and have been meaning to talk to the folks at B&C. Are you familiar with the inner-workings of the B&C as to whether I would also need some type of disconnect?

Nope, sorry. Let us know.

DanH · Feb 18, 2023

Toobuilder said:
Thanks Dan. My "second" pump come on line with a discrete switch (in my case, a pushbutton on the throttle lever itself).

So pump #1 is on the main bus?

I did this specifically to align with the decades of training and muscle memory to flip on the "boost pump" in an engine out, approach, or takeoff scenario.

We should all be considering that aspect in design work. It is a key point here. All pumps and busses are ON for departure (all switches up), with a single exception, the ECU select. Subsequent power failure = flip switch, change tanks...the same response we were all taught.

What did you do with your ECU select?

Fair note...IIRC, the System 32 doesn't require an ECU select. Now if we can just wean those users off the Box 'O Diodes

Toobuilder · Feb 18, 2023

Understanding that this is the SDS pump module and has two identical pumps, yes, my primary pump is driven off the "engine bus", while the "boost pump" is activated by the "ship bus". In normal ops, the engine and ship busses are tied with a relay. But in an emergency, I can sever the two and turn of the ship master with no effect on the engine.

My ECU is a three position locking Honeywell toggle with pri-both-sec. This switch is the center position for normal ops. Immediate action in the case of engine silence is similar to my early training - boost, switch tanks, fiddle with a switch...

If that doesn't bring it back it's probably time to start looking at a landing spot

idubrov · Feb 18, 2023

Are there any concerns that a short in the "joint" devices / busses could bring the both electrical system down?

I was considering a system with two electrical busses (I guess, something similar, with SDS EFI, lots of Garmin avionics, etc) that are independent as much as possible, and the shared components is where I struggle a bit. I'll admit though that I haven't studied much yet.

For example, if there is a short in the GSA 28 / wire going to GSA 28, then hopefully the fuse that will blow up will be the servo fuse. Which maybe could be controlled by using a slower "main" fuse?

However, if the busses themselves ("dual feed" bus and the "injectors" bus) get a short somehow, they could bring both electrical systems down, right?

I guess, the same is true for the "dual" feed Garmin devices, but assuming they use internal diodes, the only "short" to affect both power sources would be the one inside the device itself -- which should be extremely rare.

DanH · Feb 18, 2023

idubrov said:
Are there any concerns that a short in the "joint" devices / busses could bring the both electrical system down?

I published an "open or short" list in the first post. It's required homework. Number every wire. Examine each one individually, and work out what happens if that specific wire goes open or gets shorted. Not unusual to find something which needs rearranged. Sometimes you get a real surprise.

For example, if there is a short in the GSA 28 / wire going to GSA 28, then hopefully the fuse that will blow up will be the servo fuse. Which maybe could be controlled by using a slower "main" fuse?

The bus feeds get circuit protection (fuse, fusible link, ANL, CB, etc) with a rating much higher than the individual device feeds. There's nothing hopeful about it. In your example, the 5 amp servo fuse would melt before the 20 amp feed fuse got warm.

However, if the busses themselves ("dual feed" bus and the "injectors" bus) get a short somehow, they could bring both electrical systems down, right?

No. That's why each bus feed gets circuit protection.

scsmith · Feb 18, 2023

I'm way behind the curve on understanding dual electrical systems for all-electric op's and this is the perfect excuse to catch up. A 'simpler' systems so I can start to grasp the basics.

So forgive a few questions that might be 'dumb'.

1. Could the two avionics masters be a single DPDT switch that would take care of both? Seems like if one side dies, the diodes will keep it working with both switches 'on'. A single avionics master would be more like a traditional scheme.

2. You pull power for the avionics bus on the hot side of the master contactors. This means that opening both masters does not kill the avionics. Seems like traditional schemes and training is in the event of smoke in the cockpit, you turn off the master, so one action turns everything off. Then you can turn off all the individual devices, bring the master back on, and see what systems you can power back up without getting more smoke.
Not a big deal, but with your system, the correct action in the event of cockpit fire is probably both masters off and both avionics masters off. 4 switches.

3. Combining #1 and #2 here, seems like a single DPDT avionics master that is connected to the switched side of the master contactors would be a good choice. What are the reasons why not?

4. This may be outdated thinking, but I power down my avionics bus for engine start and engine shut-down. But I need the engine monitoring box powered during start so I see oil pressure, amps, rpm, etc immediately. Of all the electronic boxes, the EMS also is the most essential for continued emergency operation. So, I would be tempted to put the EMS on the SDS bus so it is separate from the other avionics. I suppose if you have EFIS and EMS combined in one box (as is more normal I guess) then that box needs to be powered all the time, but I still want radios, transponder off for engine start and shut-down.

5. Probably more a question for Ross, but does it really take 5 switches to run the SDS? Couldn't some of those functions be tied together so that just two switches, analogous to two mag switches, would run everything? As you noted, its all got to work or none of it works, so it seems like the pumps, coils, and injectors fed by each source could all be activated from one switch. So just two switches for the two sources.

6. Is there a battery failure mode that could result in a battery acting like a big sink (internal short) that could drain the other battery and overload the alternator(s)? If such a thing can happen, would you be able to tell which one so you could turn off that master? And I imagine the diodes in the parallel avionics buses and SDS buses are sized to tolerate that without frying?
And the Garmin devices that dual inputs - can they tolerate a short on one input?

I'm betting there are other newbies to the subject that will learn from your answers too.

idubrov · Feb 18, 2023

DanH said:
There's nothing hopeful about it. In your example, the 5 amp servo fuse would melt before the 20 amp feed fuse got warm.

What guarantees this property if there is a 100A short current? Technically, both should trip. Why 5A would necessarily trip faster?

DanH said:
No. That's why each bus feed gets circuit protection.

Ah, right. However, it seems like the short on the rightmost blue buss would still bring two other blue busses down?

DanH · Feb 18, 2023

Toobuilder said:
Understanding that this is the SDS pump module and has two identical pumps, yes, my primary pump is driven off the "engine bus", while the "boost pump" is activated by the "ship bus". In normal ops, the engine and ship busses are tied with a relay. But in an emergency, I can sever the two and turn of the ship master with no effect on the engine.

A typical essential bus arrangement.

1. Normal ops, relay closed, short the engine bus. What happens?

2. Open the relay, and you're feeding the entire engine bus load with a diode, yes? Do you cycle the relay switch on the runup pad to see if that feed is intact?

(Recall your previous question (post 14) about the progressive switching, coil alone (middle) and coil plus pump (up). A "just like a mag check" switch cycle on the runup pad checks both bus feeds, both pumps, both coils, and both ECUs. Short either SDS bus and it still runs. The only short risk is the injector bus. Grounding it will probably pop both diodes. I'm still noodling mitigation for that.)

My ECU is a three position locking Honeywell toggle with pri-both-sec.

Sounds like power feed to the ECUs. Failing that switch takes out both ECUs? And you have another switch controlling the injector relays, i.e. which ECU has control of the injectors?

Dan Langhout · Feb 18, 2023

MZ-30L Contactor

Maybe I'm missing something - but based on the schematic it looks like the MZ-30L contactor cannot be activated unless the MZ-30L is already producing current. Maybe this is by design?

hgerhardt · Feb 18, 2023

Couple of observations:

1. Turning off both Masters will not interrupt power to the Main bus (if the engine is running). The alternator will happily keep alternating until you interrupt its Field power. You could fix this by using DPDT Master switches so that one set of contacts in each switch turns off Field power at the same time as turning off the main contactor.

2. Since you're "simplifying" here, why not get rid of the Starter contactor? As long as you're using a Skytec LS or equivalent with on-board solenoid, that will work as a contactor too. The inrush current into that starter-mounted solenoid is too great for a typical Start switch, so use a Bosch-style ISO ("ice cube") relay to power the solenoid coil. The only concern with this scheme is you have 24" of hot cable firewall-forward. But if the intrepid pilot remembers to turn off the Master(s) before crashing, it's not a concern.

rocketbob · Feb 18, 2023

DanH said:
Bob, for the record, was it one of the internally regulated automotive units Van sold back in the good 'ole days?

Yes. 14684.

CF86301 · Feb 18, 2023

echozulu said:
Here's the diode I've been using: https://www.mouser.com/ProductDetail/STMicroelectronics/STPS24045TV?qs=G5AQjGfRJcKPMkPqGxRltA==
.

Now THAT's an appropriate diode.

Toobuilder · Feb 18, 2023

DanH said:
...Sounds like power feed to the ECUs. Failing that switch takes out both ECUs? And you have another switch controlling the injector relays, i.e. which ECU has control of the injectors?

Yes. If this switch dies in service, the engine quits. Ecu, coils, pumps. No workie.

David Paule · Feb 18, 2023

I'm taking Dan's suggestion and working through the power portion of my electrical system wire by wire. There are too many unknowns at this time, such as what's the effect when my B&C 40 amp alternator's ground fails open. That sort of thing. And there are too many others.

But the point I need to make is that this is a super approach to starting an electrical system trouble-shooting guide. For example, several wire failures have the effect of making the starter inoperative. I am keeping a maintenance manual, and now I can have a section in the electrical portion on troubleshooting. Line item, starter inop, and then list the various known failures that can cause this.

Thanks, Dan!

Now all I need is about six weeks in an intensive electrical systems cause and effects class and I'll be ready to complete this.

Dave

DanH · Feb 18, 2023

scsmith said:
1. Could the two avionics masters be a single DPDT switch that would take care of both? Seems like if one side dies, the diodes will keep it working with both switches 'on'. A single avionics master would be more like a traditional scheme.

Could make it work, but the traditional complaint is all the avionics on a single switch.

2. You pull power for the avionics bus on the hot side of the master contactors. This means that opening both masters does not kill the avionics.

Nor the engine.

Seems like traditional schemes and training is in the event of smoke in the cockpit, you turn off the master, so one action turns everything off. Then you can turn off all the individual devices, bring the master back on, and see what systems you can power back up without getting more smoke.
Not a big deal, but with your system, the correct action in the event of cockpit fire is probably both masters off and both avionics masters off. 4 switches.

True. Use four fingers?

I kid a little, but seriously, this one is an Aerosport panel with rockers like piano keys. On any panel, it's just a matter of arrangement. Really dumb would be scattering those four switches all over the place.

3. Combining #1 and #2 here, seems like a single DPDT avionics master that is connected to the switched side of the master would be a good choice. What are the reasons why not?

What you're suggesting is more or less old school certified practice. Current EAB practice (Nuckolls et al) piles avionics on an "essential bus" and gives it a battery direct backup feed via a diode. Think about it in the context of your question.

Now consider the architecture as presented...or again, the essential bus feed above. If an avionics bus or the wire connecting it to power was actually shorted, the circuit protection device (fuse, fusible link, ANL, breaker) feeding that wire would blow. If it has a problem, it turns itself off. If it doesn't have a problem, why turn it off?

4. This may be outdated thinking, but I power down my avionics bus for engine start and engine shut-down. But I need the engine monitoring box powered during start so I see oil pressure, amps, rpm, etc immediately. Of all the electronic boxes, the EMS also is the most essential for continued emergency operation. So, I would be tempted to put the EMS on the SDS bus so it is separate from the other avionics.

Nicely illustrates how different folks find different things to be essential.

I'm suggesting we not decide which child to throw to the wolves. The real goal is to keep the avionics bus up and running.

So, I would be tempted to put the EMS on the SDS bus so it is separate from the other avionics.

Why is the SDS bus a safe place, but we need to kill the avionics bus?

I suppose if you have EFIS and EMS combined in one box (as is more normal I guess) then that box needs to be powered all the time..

The G3X system is an entire array of modular devices, mostly remote, all tied together with conventional wiring and CAN bus. It's the far opposite of all in one box, and to a certain extent, it's all or nothing. Seems to be the trend.

...I still want radios, transponder off for engine start and shut-down.

Ahhh, then you'll love the new approach. Light up the whole panel on one battery, and crank on the other. All your worry parts are isolated from cranking gremlins.

5. Probably more a question for Ross, but does it really take 5 switches to run the SDS? Couldn't some of those functions be tied together so that just two switches, analogous to two mag switches, would run everything? As you noted, its all got to work or none of it works, so it seems like the pumps, coils, and injectors fed by each source could all be activated from one switch. So just two switches for the two sources.

Exactly what I drew first, but switching ECU power when running makes Ross nervous. As drawn now, the ECU power goes on before cranking and stays on for the duration.

6. Is there a battery failure mode that could result in a battery acting like a big sink (internal short) that could drain the other battery and overload the alternator(s)?

Not the battery, but shorting one of the big wires may cause the EarthX BMS to disconnect output. It's a sensible protection, given the battery's low internal resistance, and this design accommodates it. Wait one to three minutes and the battery re-connects.

If such a thing can happen, would you be able to tell which one so you could turn off that master?

Turn 'em both off and forget about it. Here the main bus is the sacrificial child. You lose the big alternator, but also all the big loads...lighting, heated seats, heated pitot, etc.

And I imagine the diodes in the parallel avionics buses and SDS buses are sized to tolerate that without frying?

Pick diodes with higher amp ratings than the circuit protection device feeding the bus.

And the Garmin devices that dual inputs - can they tolerate a short on one input?

I'll assume the Garmin gang would have done the same.

Fun stuff Steve, thanks for asking.

dmn056 · Feb 18, 2023

Another question about the EFI/EI system. I'm not an expert on this stuff, so feel free to tell me I'm typing nonsense, as long as you tell me why it's nonsense.

I don't know what the failure rates of the SDS system components are (negligible I hope), but I'm guessing that the pumps would be the most likely items to either fail or draw over-current, and to have the shortest lives. Therefore, it might be useful to have the pumps switched separately, both for failure modes and for powering down one or other of them during cruise, without affecting other system components. Is this something you have some thoughts on?

DanH · Feb 18, 2023

idubrov said:
What guarantees this property if there is a 100A short current? Technically, both should trip. Why 5A would necessarily trip faster?

I dunno. Give it a try.

However, it seems like the short on the rightmost blue buss would still bring two other blue busses down?

If you short the bus itself, absolutely true. Same for the injector bus. However, we're not talking about a naked brass bar screwed to a row of breakers. Way too old school. Lots of well protected bus products out there.
.

DanH · Feb 18, 2023

dmn056 said:
...it might be useful to have the pumps switched separately, both for failure modes and for powering down one or other of them during cruise, without affecting other system components. Is this something you have some thoughts on?

Yep. That's what I did.

DerekS · Feb 18, 2023

One more who thinks like rocketbob

Hi Dan,

In my case it was an externally controlled alternator with the built in overvoltage control that did in a bunch of memorably expensive avionics.

My dad had a lightning like discharge that took out one bus while flying a plastic airplane in ice crystals, so two examples from my experience were high voltage was an issue as much as low voltage.

With a bus tie you can get electrons anywhere you want but you don't have the complexity of multi sourcing busses separately, and most of the time its running as two fully separate systems.

I'd normally sit quietly, but you opened with "Simplified Approach" so figured I'd throw my mouse trap into the ring.

Split the devices so that the loss of either bus is not critical - and then give a battery and alternator to each.

One relay after the battery masters from each battery can connect bus1 to bus 2 with a #2 wire. This relay remains off, except in case of a failure where for whatever reason I want to power something on the other side or if I want a few more amps to start the engine.

Derek

Carl Froehlich · Feb 18, 2023

DanH said:
SNIP

Turn 'em both off and forget about it. Here the main bus is the sacrificial child. You lose the big alternator, but also all the big loads...lighting, heated seats, heated pitot, etc.

This is the first immediate action for any electrical fault on my planes - open both master solenoids. The panel retains power as it is feed via a separate feed from each battery - on the battery side of the masters. Once done the most stable and reliable power backup mode is established. The choice then is to trouble shoot or continue full IFR flight capability for 2-3 hours, land and figure it out on the ground.

I suggest we shift our thinking from “backup batteries” to “backup operating modes”.

Carl

DanH · Feb 18, 2023

Dan Langhout said:
Maybe I'm missing something - but based on the schematic it looks like the MZ-30L contactor cannot be activated unless the MZ-30L is already producing current. Maybe this is by design?

Great question Dan. It produces current as soon as the pin 1 connects with pin 6 (blue). The current path is the contactor coil (green). Contactor closes. If voltage on the battery side is below 13.7, the MZ continues output. If above, it goes into standby, no output, but contactor remains closed because the coil remains powered from the battery side. It's latched as long as the coil has a path to ground, i.e. enable switch closed.
.

DanH · Feb 18, 2023

hgerhardt said:
1. Turning off both Masters will not interrupt power to the Main bus (if the engine is running). The alternator will happily keep alternating until you interrupt its Field power.

Very true. Personal preference is a pull breaker, but that does require a separate action. Ok, I'll look at it. The Carling rockers in the Aerosport panel are DPST, so there are some contacts available.

2. Since you're "simplifying" here, why not get rid of the Starter contactor? As long as you're using a Skytec LS or equivalent with on-board solenoid, that will work as a contactor too. The inrush current into that starter-mounted solenoid is too great for a typical Start switch, so use a Bosch-style ISO ("ice cube") relay to power the solenoid coil. The only concern with this scheme is you have 24" of hot cable firewall-forward. But if the intrepid pilot remembers to turn off the Master(s) before crashing, it's not a concern.

My RV-8 is wired exactly that way. Moved a wire inside the NL inline starter. The how-to was available from Plane Power before it went over to Hartzell.

DanH · Feb 18, 2023

DerekS said:
In my case it was an externally controlled alternator with the built in overvoltage control that did in a bunch of memorably expensive avionics.

Thanks Derek. I had not heard of an LR3D failing to control an OV event. It was an LR3D, yes?

BTW, I like a well considered twin bus system too, and have encouraged them right here. The illustration below is from an old post; system development block diagrams, IFR on the left, VFR EI addition on the right.
.

DerekS · Feb 18, 2023

Yep

It was, though I tried hard not to name them

.. Sent it back and it came back no fault found though. Unfortunately for this one I was paying the bill but not doing the troubleshooting so never got a good answer as to why. My best guess was some sort of local ground fault that made it sense low voltage, (same as the OV sensed) so it drove the alternator to full output. Its replacement worked well for more than 5 more years.

For the rest of the design, I'm a fan of pulling the avionics from the "wrong" side of the master. Saves an amp of draw when you don't need it, avoids a failure mode and even an unfamiliar pilot will hit the avionics switches if they don't go dark when they "should". Even a better idea for the folks with a single battery system. Its a little unconventional but not in the heretic category by far.

I do share the concern on the field, smelling smoke, hitting all the switches and still having power generating heat. Too much thinking required to pull the breaker.

After that we get in to preferences and alternate thoughts...

I've never been a fan of pick the bus switches. I have a hard enough time chasing and understanding electrical gremlins on the ground when I have lots of time to think, and most of the time pick a bus means I need to understand both the capabilities of the bus I'm asking for, and the nature of the loads that I'm applying which is more than I want a new to the plane pilot to have to think out when stuff starts flying.

In a similar vein, as long as the propellor spins and the G5 stays lit - a power failure does not need to be a memory action emergency even IFR. You have time to figure out what you want to do, what loads you want to shed and what needs power. My primary design criteria is to be as intuitive to understand as possible rather than to have quick solutions to the failures I design in. I default to CBs grouped by bus since I can then make the decisions as to what I feed power to to be minimal needs to get on the ground and find the source of the smoke. Dual AV busses and fuses works too, but requires more thinking to make sure the split works for all scenarios. For example, a bad ADHRS that is creating noise, can I turn it off and have stuff revert to screens I still want to fly from? Any single failure is as far as I go, but looking at each one is a good idea. 23.1309

For dual bus OV scenario it gets interesting where you need to power the injectors. My only thought there would be putting zener diodes and CB in the circuit each side of the injector feed to create a local OV protection. I haven't convinced myself though that there isn't a better answer here yet.

Derek

rocketbob · Feb 18, 2023

Bus tie

Common on turbine aircraft. Link below to a snip of a Falcon 900 system diagram.

https://i.imgur.com/tcR5c5O.jpg

rv8ch · Feb 19, 2023

idubrov said:
What guarantees this property if there is a 100A short current? Technically, both should trip. Why 5A would necessarily trip faster?

I think Ivan has a point. I have no idea if the small 12v products we use in our aircraft can cause this kind of failure, but I have seen this in the real world in my datacenters.

We used an Automatic Transfer Switch (ATS) connected to A and B (a.k.a. Red and Blue) power feeds, and it provided power to the rare single-feed devices our customers sometimes wanted to use. A fault in this single-feed device took down both A and B feeds in the rack when the ATS dutifully switched to the B feed after blowing the A breaker.

Can't say if the risk is high enough to warrant a design change, especially since we're talking about a SEP aircraft and targeting a simplified electrical system.

keitht · Feb 19, 2023

rocketbob said:
Common on turbine aircraft. Link below to a snip of a Falcon 900 system diagram.

https://i.imgur.com/tcR5c5O.jpg

Bob,
I dont see the relevance of the Falcon power system architecture any more than I would consider the architecture of any twin engined aircraft with an APU to be relevant to our single engine aircraft.
For our aircraft we should be thinking of system architectures that allow continued safe flight in IFR conditions for a limited period of time with a reduced level of capability but with a very low probability of any cascading failures. This necessarily results in a high level of separation between the “full up” system and the functionality after the first failure. This concept is completely contrary to the systems architectures employed in transport category and business jet category aircraft where the philosophy is for system reconfiguration to be able to absorb the failed component through redundancy and high integrity monitoring functions.
In my view we should be thinking about system architectures that have primary and residual strings where a failure in one string cannot propagate into the other either directly or by operator selection. Two alternators and/or two batteries where there is no capability for intertie should be the baseline if we want to aim for simplicity and fidelity in the FMEA. This necessarily increases the probability of overall system failure but increases the probability of retaining sufficient system functionality for a safe approach and landing after that first failure. The big problem with doing a simple binary (open -shorted) FMEA is that it doesnt represent real life - there are always the subtle failures that will only come to the light of day by doing extensive fault insertion on a representative rig and a more comprehensive FMEA.
In my experience - if the fundamental system architecture is not matched to the requirement no amount of patching and tweaking will fix it. We need to be focussed on system availability and integrity through simplicity.

KeithTurner

Toobuilder · Feb 19, 2023

dmn056 said:
Another question about the EFI/EI system. I'm not an expert on this stuff, so feel free to tell me I'm typing nonsense, as long as you tell me why it's nonsense.

I don't know what the failure rates of the SDS system components are (negligible I hope), but I'm guessing that the pumps would be the most likely items to either fail or draw over-current, and to have the shortest lives. Therefore, it might be useful to have the pumps switched separately, both for failure modes and for powering down one or other of them during cruise, without affecting other system components. Is this something you have some thoughts on?

The dual pump module is for redundancy. One does not need to run both pumps except for those critical phases of flight most of us were trained about in our initial flight instruction. That said, you do need at least one functioning to make the engine go, so I question the need to have the primary pump switched independantly of the ECU or ignition. I do not. I do have circuit protection however, so if it shorts it will drop off line and of course if it just dies, then no action required to save the buss.

DerekS · Feb 19, 2023

Keith,

I think we are thinking along similar lines. My primary message is that once Dan decided to go dual battery, dual alternator an opportunity presents itself to have two fully isolated power sources and isolated equipment, where either can get him on the ground. Two fully separate systems can't interfere with one another, and solves things like OV.

If you can keep them separate you don't need fault detection etc, which you need if you have fail over in the background. Fewer interconnection options means no complicated drawings on the panel.

Ultimately not having a bus tie is the cleanest but I hit limitations. For example:
1. I can fly an approach on either bus, but not necessarily the one I want/need since I don't have two of everything. The bus tie, and pulling a bunch of breakers lets me solve some edge cases.
2. If I lose an alternator belt, I'd really like to get power to both sides of the engine just in case I get the double failure that we aren't supposed to design for.

The tie would be open almost all the time, but sometimes its nice to have both belt and suspenders, and for me one interconnect was better than multipule pick a bus logics.

rocketbob · Feb 19, 2023

keitht said:
Bob,
I dont see the relevance of the Falcon power system architecture any more than I would consider the architecture of any twin engined aircraft with an APU to be relevant to our single engine aircraft.

KeithTurner

Not sure what you're talking about. Its a very simple concept. Put things on one bus, put things on another. If power supply goes offline from one, the busses get tied to keep everything powered.

DanH · Feb 19, 2023

Let's not argue about Falcons. It's managed with CRM and checklists.

Our goal should be different; design for benign.

When something abnormal happens, the best system requires no pilot intervention at all. If intervention or management is required, it should simple and intuitive.

Humor an example. Note the dual bus block diagram I posted above has no crosstie contactor. Having one requires the PIC to sort out why the dead bus went dead, before he/she connects it to the live bus.

Our presumed PIC is a non-professional who bought the airplane second hand, and really knows very little about the underlying system architecture. It's almost guaranteed that given an inflight abnormality, he is nervous, with a temporary IQ score below his norm.

Ok, apply the OV scenario to the dual bus system. One of the alternators starts pushing 60V. All the avionics on that bus burn and go dark. There's a little burn smell in the cockpit. Pulse rate goes to 150. Can we really expect our PIC to search out the two bus voltmeters and eliminate OV as the cause before he hits the crosstie switch...in particular when the voltmeter for the failed bus was on the now failed screen?

There are two keys to embracing intuitive simplicity. The first is to be humble. So often these discussions devolve into "Well, it's my airplane, and I know how it works!". Yep, Steve Canyon, Chuck Yeager, and you. Me? I once crashed a race bike because I got task-saturated by the splash of a water puddle.

The second is embracing a reality; on some future day, some other poor sod will be flying it. He is not as smart. Design for him.

Simplified Approach

Legacy Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Legacy Member

Well Known Member

Well Known Member

Well Known Member

Legacy Member

Well Known Member

Well Known Member

Legacy Member

Attachments

Legacy Member

Well Known Member

Well Known Member

Legacy Member

Legacy Member

Well Known Member

Well Known Member

Legacy Member

Well Known Member

Well Known Member

Legacy Member

Well Known Member

Well Known Member

Well Known Member

Active Member

Well Known Member

Well Known Member

Legacy Member

Well Known Member

Legacy Member

Legacy Member

Well Known Member

Well Known Member

Legacy Member

Legacy Member

Legacy Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Well Known Member

Legacy Member