simultaneously using two autopilot systems for reliability

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

simultaneously using two autopilot systems for reliability

refik
Hello,

In paparazzi, is it possible to use two complete autopilot systems for
reliability ? (each system includes GPS, imu, transmitter and autopilot, if
one of the systems is gone, the system automatically switches to other).

If it is not possible currently, I think that it will be a good choice to
implement.


We will try to fly an aircraft for 24 hours within 20km, therefore we will
need a reliable autopilot. What configuration (autopilot, imu, Gps and
modem) do you suggest to use?

Cheers,
Refik


_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
Reply | Threaded
Open this post in threaded view
|

Re: simultaneously using two autopilot systems for reliability

Aka-7
Dear Refik,
 
at the moment I think there is no implementation which would allow a redundant setup.
When you think about it there are some problems like how to connect the servos and how to do the switching (how do you decide which autopilot is "correct" at a given moment).
You would need 3 systems and a voting/switching system.
 
This will make your whole system so complex that the chance for a failure probably rises...
 
Normally Taparazzi systems are very robust and reliable. So I would go for one of the up to date systems (depending on your setup) like LISA or Umarim in standard configuration and do a lot of testing before the long duration attempt. Then monitor the values closely during flight and stop if anomalies occur.
 
Cheers
 
Marc
 
 
 
 
Gesendet: Dienstag, 26. März 2013 um 09:21 Uhr
Von: refik <[hidden email]>
An: [hidden email]
Betreff: [Paparazzi-devel] simultaneously using two autopilot systems for reliability
Hello,

In paparazzi, is it possible to use two complete autopilot systems for
reliability ? (each system includes GPS, imu, transmitter and autopilot, if
one of the systems is gone, the system automatically switches to other).

If it is not possible currently, I think that it will be a good choice to
implement.


We will try to fly an aircraft for 24 hours within 20km, therefore we will
need a reliable autopilot. What configuration (autopilot, imu, Gps and
modem) do you suggest to use?

Cheers,
Refik


_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
 
 

_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
Reply | Threaded
Open this post in threaded view
|

Re: simultaneously using two autopilot systems for reliability

Stuart MacIntosh

Good designs, manufacture and testing ensure reliability; I think redundancy is a different topic.

FWIW I forgot I left an RF modem on, it's been it is' test harness for a week.

It's a DNT900P - just checked and it seems fine. Might try leaving my Umarim on for a week and report back.

-Stuart

On 26.03.2013 22:21, [hidden email] wrote:

Dear Refik,
 
at the moment I think there is no implementation which would allow a redundant setup.
When you think about it there are some problems like how to connect the servos and how to do the switching (how do you decide which autopilot is "correct" at a given moment).
You would need 3 systems and a voting/switching system.
 
This will make your whole system so complex that the chance for a failure probably rises...
 
Normally Taparazzi systems are very robust and reliable. So I would go for one of the up to date systems (depending on your setup) like LISA or Umarim in standard configuration and do a lot of testing before the long duration attempt. Then monitor the values closely during flight and stop if anomalies occur.
 
Cheers
 
Marc
 
 
 
 
Gesendet: Dienstag, 26. März 2013 um 09:21 Uhr
Von: refik
An: [hidden email]
Betreff: [Paparazzi-devel] simultaneously using two autopilot systems for reliability
Hello,

In paparazzi, is it possible to use two complete autopilot systems for
reliability ? (each system includes GPS, imu, transmitter and autopilot, if
one of the systems is gone, the system automatically switches to other).

If it is not possible currently, I think that it will be a good choice to
implement.


We will try to fly an aircraft for 24 hours within 20km, therefore we will
need a reliable autopilot. What configuration (autopilot, imu, Gps and
modem) do you suggest to use?

Cheers,
Refik


_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
 
 

 

 

_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
Reply | Threaded
Open this post in threaded view
|

Re: simultaneously using two autopilot systems for reliability

Reto Büttner
In reply to this post by Aka-7
Hi Reflik

To all our experience it is safer to keep the UAV simple. Mostly you
detoriate your systems reliability by adding additional "safety"
devices. See our discussion:

http://lists.gnu.org/archive/html/paparazzi-devel/2011-08/msg00051.html

Regards, Reto

2013/3/26  <[hidden email]>:

> Dear Refik,
>
> at the moment I think there is no implementation which would allow a
> redundant setup.
> When you think about it there are some problems like how to connect the
> servos and how to do the switching (how do you decide which autopilot is
> "correct" at a given moment).
> You would need 3 systems and a voting/switching system.
>
> This will make your whole system so complex that the chance for a failure
> probably rises...
>
> Normally Taparazzi systems are very robust and reliable. So I would go for
> one of the up to date systems (depending on your setup) like LISA or Umarim
> in standard configuration and do a lot of testing before the long duration
> attempt. Then monitor the values closely during flight and stop if anomalies
> occur.
>
> Cheers
>
> Marc
>
>
>
>
> Gesendet: Dienstag, 26. März 2013 um 09:21 Uhr
> Von: refik <[hidden email]>
> An: [hidden email]
> Betreff: [Paparazzi-devel] simultaneously using two autopilot systems for
> reliability
> Hello,
>
> In paparazzi, is it possible to use two complete autopilot systems for
> reliability ? (each system includes GPS, imu, transmitter and autopilot, if
> one of the systems is gone, the system automatically switches to other).
>
> If it is not possible currently, I think that it will be a good choice to
> implement.
>
>
> We will try to fly an aircraft for 24 hours within 20km, therefore we will
> need a reliable autopilot. What configuration (autopilot, imu, Gps and
> modem) do you suggest to use?
>
> Cheers,
> Refik
>
>
> _______________________________________________
> Paparazzi-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
>
>
>
> _______________________________________________
> Paparazzi-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
>

_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
Reply | Threaded
Open this post in threaded view
|

Re: simultaneously using two autopilot systems for reliability

Chris Gough-2
In reply to this post by refik
Hi Refik

In my opinion it's difficult to make a the system more reliable by
adding complexity. If you have an additional component choosing which
autopilot should be in control, that device has to be more reliable
than the autopilots otherwise the system will be less reliable than a
single autopilot. The autopilots are very reliable, so it's a hard
ask.

In the Outback Challenge competition we were required to have an
independent failsafe device. Initially developed a "failsafe/mux"
device that with a "failover feature", it would try falling back to
the a spare autopilot before triggering a failsafe (deliberate crash).
We abandoned that because we felt it was less secure than having a
simpler failsafe and a single autopilot. To many wires, an immature
component on the critical failure path, more complexity than
absolutely necessary. I'm not convinced the failsafe made the system
any more secure either, but it was necessary because of the rules of
the competition.

Redundant communication links do make sense if link reliability is
important in your application. Any given link can fail for a number of
reasons, spatial and spatial diversity of multiple links probably adds
more than the additional networking component takes away.

For redundant GPS', I suppose the information is there to chose "the
best of many" one but my guess is that the benefit would be marginal
compared to single, well installed GPS (good location, good cable
management).

I don't know about redundant IMUs.

Split control surfaces (redundant servos) are a common precaution on
larger airframes.

Chris Gough


On Tue, Mar 26, 2013 at 7:21 PM, refik <[hidden email]> wrote:

> Hello,
>
> In paparazzi, is it possible to use two complete autopilot systems for
> reliability ? (each system includes GPS, imu, transmitter and autopilot, if
> one of the systems is gone, the system automatically switches to other).
>
> If it is not possible currently, I think that it will be a good choice to
> implement.
>
>
> We will try to fly an aircraft for 24 hours within 20km, therefore we will
> need a reliable autopilot. What configuration (autopilot, imu, Gps and
> modem) do you suggest to use?
>
> Cheers,
> Refik
>
>
> _______________________________________________
> Paparazzi-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/paparazzi-devel



--
.

_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
Reply | Threaded
Open this post in threaded view
|

Re: simultaneously using two autopilot systems for reliability

Christophe De Wagter
Redudancy:

Extra Servo's: can improve safety. They wear over time, having spare is useful.

Extra wires & connectors: does certainly not improve safety.

Extra satelite receiver: expecially in RC mode that is considered as a very good thing to do

Extra autopilot running the same code? when using the same imu/gps types with same ahrs, it will most likely give the same attitude errors in that particular flight case. So this only solves pure hardware malfunctions (broken chip) by adding extra wires (which typically break more easily than chips inflight) and connections and adding extra code to detect malfunctions.

My personal idea is that with a good hardware redesign placing both autopilots with their separate shielding and power on a single PCB, without connectors but with protecting line drivers, tvs and ferrites on all lines it can make a dual/triple board design actually safer than a single board. However, if 2 separate lisa's are placed in a plane with wires in between, I hardly doubt it will ever be safer than a single lisa.

-Christophe 


On Wed, Mar 27, 2013 at 1:55 AM, Chris Gough <[hidden email]> wrote:
Hi Refik

In my opinion it's difficult to make a the system more reliable by
adding complexity. If you have an additional component choosing which
autopilot should be in control, that device has to be more reliable
than the autopilots otherwise the system will be less reliable than a
single autopilot. The autopilots are very reliable, so it's a hard
ask.

In the Outback Challenge competition we were required to have an
independent failsafe device. Initially developed a "failsafe/mux"
device that with a "failover feature", it would try falling back to
the a spare autopilot before triggering a failsafe (deliberate crash).
We abandoned that because we felt it was less secure than having a
simpler failsafe and a single autopilot. To many wires, an immature
component on the critical failure path, more complexity than
absolutely necessary. I'm not convinced the failsafe made the system
any more secure either, but it was necessary because of the rules of
the competition.

Redundant communication links do make sense if link reliability is
important in your application. Any given link can fail for a number of
reasons, spatial and spatial diversity of multiple links probably adds
more than the additional networking component takes away.

For redundant GPS', I suppose the information is there to chose "the
best of many" one but my guess is that the benefit would be marginal
compared to single, well installed GPS (good location, good cable
management).

I don't know about redundant IMUs.

Split control surfaces (redundant servos) are a common precaution on
larger airframes.

Chris Gough


On Tue, Mar 26, 2013 at 7:21 PM, refik <[hidden email]> wrote:
> Hello,
>
> In paparazzi, is it possible to use two complete autopilot systems for
> reliability ? (each system includes GPS, imu, transmitter and autopilot, if
> one of the systems is gone, the system automatically switches to other).
>
> If it is not possible currently, I think that it will be a good choice to
> implement.
>
>
> We will try to fly an aircraft for 24 hours within 20km, therefore we will
> need a reliable autopilot. What configuration (autopilot, imu, Gps and
> modem) do you suggest to use?
>
> Cheers,
> Refik
>
>
> _______________________________________________
> Paparazzi-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/paparazzi-devel



--
.

_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel


_______________________________________________
Paparazzi-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel