Systems Reliability - Need Component Failure Probability Estimates

Help Support Homebuilt Aircraft & Kit Plane Forum:

TFF

Well-Known Member
I have known of alternators on the accessory pad overloaded as a primary alternator. They actually do an admirable job, but I know of a couple of instances where it could not top off the battery without reducing load. These were somewhat simpler systems and not over the top electronic heavy aircraft. The airplanes were generally not cross country airplanes that ended up being flown on a long cross country leaving on more systems than the normal short flights. I suspect the aircraft were built originally with standard alternators and converted for better weight and balance from the vintage. Not a true failure, but a note that load level is important.

BJC

Well-Known Member
AFS-5500 EFIS complete, sudden, in-flight failure at less than 500 hours. CPU failure.

Cole Hersee starter solenoid failure (sticking closed) around 350 hours.

Garmin SL-40 transmit failure around 350 hours.

Lots of Cessna A152 issues, many related to old co-ax, Cessna radios, flap position control, nose gear strut rebuild, etc.

Cylinder replacements on O-235, don’t recall hours, but less than 2,000.

Vacuum driven DG and AI failures, likely due to aerobatics.

New 24 volt Concorde battery failed after 8 hours in service. Replaced under warranty via Aircraft Spruce.

Bill, not directly applicable to your project, but may be relevant to other readers.

On a Pitts flying hard aerobatics:

Carbon steel crossover exhaust system crack at less than 300 hours, repaired, broke entirely off at a different weld joint about 10 hours later.

Broken oil cooler mounting flange, less than 300 hours.

Cracked engine cooling baffles, about 500 hours.

Engine mount vibration isolators crushed, around 300 hours.

Metal spinner cracked at attach holes.

PS5-C diaphragm (old type -black) bad at around 600 airplane hours, no idea how much time on the PS5-C.

Champion spark plugs didn’t last long.

Cracked fiberglass wheel fairing at around 400 hours.

Airpath panel mount compass FUBAR (not dry, but accurate to +/- 50 degrees) around 250 hours.

Wood javelins loose around 350 hours.

Aluminum cuffs around aluminum gear legs cracked around 500 hours.

Tailwheel solid tire failure around 250 hours.

Tailwheel bushing excessively worn, around 350 hours.

Tailwheel steering chains excessively around 300 hours.

Different Pitts. Replaced bungees.

BJC

Retiree

Well-Known Member
I've re-arranged your post to reply in the order in which I think things should be considered. First of all, anecdotal reports of failures are (as you know, Bill), completely meaningless from a statistical standpoint in trying to evaluate failure probabilities and MTBF's. So no matter who reports what here, in however many hours, it will not give you ANY useful information for failure probability calculations. Zero. Nada. Zilch. Nothing.
.
I am glad someone replied who knows something about statistical analysis. This a very complicated field.

wsimpso1

Super Moderator
Staff member
Log Member
What to me seems more productive than trying to estimate failure probabilities for all components on an airplane is to look for single point failures that can have catastrophic or hazardous effects. Eliminate them by building in redundancy. And look for components that tend to have gradual failure modes or give plenty of warnings that they are about to die.
Sonja,

We are way past that. There are other folks that could need the lesson, and so the comment has value in this thread.

We are considering Z-12, Z-14, and Z-101 from the AeroElectric Connection, because these electrical schemes have redundant alternators, redundant power feeds, use always hot battery buses for engine and essential avionics, etc. On my electrically dependant engine, I also have redundant transfer pumps, redundant high pressure fuel injector pumps, and am planning dual ECU. All with a mind to reducing probability of forced landings, dark cockpits, and scary days aloft.

As I explained earlier, I am looking to check my part failure probability assumptions. How often do these gadgets break in flight? As a side benefit, I have had AC23.1309-1E pointed out to me and folks have brought up a couple new failures to consider...

Billski

Last edited:

rv6ejguy

Well-Known Member
You don't want to use components which have a known short durability/ reliability record. If a lot a folks have reported component brand X fail, probably best to pick a different one that has better reliability.

You can gather all the stats you want but it still doesn't mean a very reliable part won't fail on you the very next flight.

In the aircraft world, we generally (but not always) employ redundancy to mitigate against failure of critical components- 2 mags, 2 fuel pumps etc. However most single engined aircraft only have one carb or FI servo and there are numerous other single points of failure on certified aircraft engines.

Backup electrical systems need to be able to be fully isolated from the primary power system for reasons of shorts, battery or alternator failure or alternator over voltage.

Last edited:

proppastie

Well-Known Member
Log Member
looking at my data (never had bothered to think about it) I am surprised at how much pilot error and deficient maintenance was a factor in my anecdotal overall system reliability. I do my own maintenance and am reminded of the saying "never buy a mechanic's car"

Last edited:

wsimpso1

Super Moderator
Staff member
Log Member
I have known of alternators on the accessory pad overloaded as a primary alternator. They actually do an admirable job, but I know of a couple of instances where it could not top off the battery without reducing load. These were somewhat simpler systems and not over the top electronic heavy aircraft. The airplanes were generally not cross country airplanes that ended up being flown on a long cross country leaving on more systems than the normal short flights. I suspect the aircraft were built originally with standard alternators and converted for better weight and balance from the vintage. Not a true failure, but a note that load level is important.
This is thread drift, but I shall bite.

The FIRST STEP in a properly crafted electrical system is to do a loads analysis so that we know how big our charging system must be. Sounds like someone missed that day in school. After that we come up with our minimum equipment to get on the ground when the main power supply goes down. In our cases, we have both opted for a main alternator, an auxiliary alternator, and a substantial battery (or two) with multiple paths to get electricity to the power consumers we know we need to get down safe. Lose the the main, and yes, we will have shed some load to stay within the auxiliary alternator's capacity.

A charging system that can not make all of the current required to fly normally and leave 10% in reserve to recharge the battery is not what I would prefer to fly, but there are options for people with airplanes like this:
Back to understanding failure modes so we can craft an adequately reliable airplane.

Billski

TFF

Well-Known Member
I know you know what the system should be, but most don’t. Most want the convenience or the pad mount and don’t consider what it can do. Understanding the is the failure point.

rv6ejguy

Well-Known Member
Our EFI customers are generally opting for a single battery and dual alternators or two of both, especially in the RV-10 world.

This is the B&C pad driven backup alternator. The main alternator is usually a larger B&C driven off the flywheel end via the belt.

You should have OV protection. Perihelion and B&C both offer products to accomplish this.

If your airplane is electrically dependent, you'll want a robust backup power system if the primary goes down, especially over rough terrain, at night or IFR. I recommend you don't skimp here if your typical mission includes these things. Having it onboard is better than wishing you had it...

PMD

Well-Known Member
I know I am preaching to the choir, but: In your critical path analysis, you will of course make your backup systems that are critical to continued flight. Electrically, IMHO, that means an all-electro-mech critical bus that feeds your essential-for-flight alternatively to main system. Have been going through this with industrial systems (portable) lately, and something that was spec'd as backup switching directly to device relays turned out to have been built with switched input to digital controller - and when the controller failed an ultra-critical piece of equipment (fortunately, on a not-as-critical job near enough to home base for me to drag a whole backup plant down to finish). As much as I HATE magnetos, they at least are down to engine mechanical drive as the sole critical failure point.

Now we see how these kinds of discussions can result in a second engine on the wing. If you want to see difficult choices, add in putting an electronically controlled diesel to the single engine equation.

gtae07

Well-Known Member
I lost a whole post full of anecdotes, but I'll try to recall some of it...
In my 200 hours:
Alt field CB kept tripping (RV-6) - loose terminal screw on the back
Mixture lever binding and can't get to full (RV-6) - exhaust hangar failing and letting the exhaust hit the mixture arm
Accidentally hit the avionics master switch in turbulence and lost the whole panel, and (RV-6) - day VFR so no issue. Software bug in the Skyview meant it didn't switch over to the backup battery like it was supposed to
Window latch fell off on taxi to runup area (C-150)
Slow oil leak causing mist on windscreen (C-172)

Van's fuel selector hard to turn and leaking (~1200hr)
Electric TC gyro ate itself (~900hr) - replaced with Skyview upgrade
Skyview radio squealing (800hr on the radio) - contact cleaner seems to have worked
Prop bolts and prop coming loose (don't recall the hours but it was in the low hundreds) - turns out there's not supposed to be paint on the front of the flywheel. New prop hub and flywheel here...

Also one thread on VAF that's especially relevant to those of us using EFI:

BJC

Well-Known Member
Also one thread on VAF that's especially relevant to those of us using EFI:
And, perhaps, even more important within the first 50 - 60 hours of flying with a composite fuel tank.

BJC

rv7charlie

Well-Known Member
AFS-5500 EFIS complete, sudden, in-flight failure at less than 500 hours. CPU failure.
This^ is what Bob Nuckolls (and I) was/were trying to tell you over on the AE list. EFIS hardware is incredibly reliable, but that doesn't mean it *never* fails. A wing spar is critical to finishing the flight safely, but simply cannot be backed up, so we are forced to accept that risk, or not fly. An EFIS, on the other hand (assuming you're flying in IMC) is also critical to finishing the flight safely, but it *can* be backed up with another instrument for very little weight penalty and relatively little financial penalty, considering the alternative. That's why 'reliability' isn't a design/configuration factor when doing FMEA.

You can ask what brand of widget is the best financial value, but brand/value is irrelevant in how that widget is integrated into the system (meaning, in this case, whether there's a backup). In some cases, you can even accept lower reliability in exchange for significantly reduced cost. For example: The switches B&C sells for $5-$10 won't be as reliable as a $50-$75 milspec switch, but if there are two of the B&C switches controlling a primary & backup system, or even two switches controlling the same flight-critical system, the two $5 switches are *safer* than one$50 milspec switch.

Real world question: With electronic fuel injection, you'll have two electric fuel pumps. Which is safer; one $75 milspec SPDT center-off switch to control the two pumps, or a pair of$5 B&C SPST switches, each controlling one pump?

Pops

Well-Known Member
Log Member
51 years of your flying life comes out to about how many hours of flying time? No doubt a lot more than my measly 2200 hours...
Yes, but I never was very good at keeping logs. It would be a very rough guess. Don't keep of my auto hours either .
In 7 years of flying for our company my highest time in one week was 76 hrs. I remember that because I was tired . Told my boss, ( My wife) that I didn't want to see an airplane for a couple of weeks. After a couple good nights sleep, I was ready to go again.

BJC

Well-Known Member
This^ is what Bob Nuckolls (and I) was/were trying to tell you over on the AE list.
No, you haven’t been trying to tell me anything over on the AE list. I haven’t been there in many years.

I’ve designed, installed and maintained enough analog and digital control systems to understand potential failures.

BJC

PMD

Well-Known Member
Real world question: With electronic fuel injection, you'll have two electric fuel pumps. Which is safer; one $75 milspec SPDT center-off switch to control the two pumps, or a pair of$5 B&C SPST switches, each controlling one pump?
This is what my thinking has become for modern engine management systems. We need to look seriously at eliminating ANY single failure point: i.e. two complete injection/ignition systems. For diesels, I would prefer to see two injectors per cylinder (possible, even probably with appropriate engine design). Since that means HPCR today, though, the real problem is the size, cost and weight of a second high pressure fuel pump. In all cases, either redundant sensors or a failsafe ECU that does some kind of fault identification and isolation of obviously bad data. And as you asked: two electric pump feed switches from separate breakers.

From my anecdotal list: Once had a rock go through landing light leaving a gravel strip in the North. The resulting cold air leak blasted onto the crankcase vent on the "hot" side of the baffling (American Yankee = O-235), froze a plug of moisture, blew the front crank seal out and pumped all of the oil overboard. Did 125 miles descending from 8 or 10k at just above idle with nothing but foam in the sump. VERY remote area, but had radio contact for anticipated rescue. But just goes to show even certified airplanes don't anticipate every possible critical failure point.

wsimpso1

Super Moderator
Staff member
Log Member
Yes, but I never was very good at keeping logs. It would be a very rough guess. Don't keep of my auto hours either .
In 7 years of flying for our company my highest time in one week was 76 hrs. I remember that because I was tired . Told my boss, ( My wife) that I didn't want to see an airplane for a couple of weeks. After a couple good nights sleep, I was ready to go again.
This is all ballpark estimating - If you can bracket it between a couple numbers, I will take it. 20,000? 30,000?

Pops

Well-Known Member
Log Member
Every added part is a new part that can fail.

rv6ejguy

Well-Known Member
These discussions quickly get off the rails it seems. In a single engined aircraft, there are plenty of single points of failure and many happen much more frequently than some folks think. While people design systems for remote possibility scenarios, they seem to forget they are still flying with one engine. Crank failures, rod failures, jug separation, accessory gear failures, dual mag failures, oil pump failures, dropped valves etc. have all happened and killed people or caused forced landings. I've had friends killed by mechanical engine failures.

If you're over the mountains, water, forests, flying at night or IFR and your single engine stops for any reason, you will be having a real emergency with potentially fatal results.

Mitigate your risks with good decision making in both system design,/component choices and flying choices.

rv7charlie

Well-Known Member
No, you haven’t been trying to tell me anything over on the AE list. I haven’t been there in many years.

I’ve designed, installed and maintained enough analog and digital control systems to understand potential failures.

BJC
Sorry; that was intended to address Billsky, who asked for our experiences in the original post.

BJC