Understanding Safe Airstart Configuration and L2 Exam Question

The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

strider07928

Active Member
TRF Sponsor
TRF Supporter
Joined
Oct 22, 2022
Messages
36
Reaction score
43
Location
New Jersey
In the Tripoli L2 Certification exam, they have the following question:

When doing an air-start of an L class motor, which of the following would be considered the safest configuration?
a. A single computer driving a single initiator (answer)
b. Two computers each driving one initiator with a 0.5 second delay between firing the two initiators
c. Two computers each driving one initiator with no delay between them

I've been trying to find some background information about Air Starts to understand both the question and the answer and I haven't been able to find anything regarding safe configuration of air-starts. I find the wording of the Tripoli answer a bit confusing. Are they saying that you want to have a separate computer driving the airstart of your second motor? Or that you only want one main computer driving everything? Maybe I'm overthinking this, but I want to make sure I understand the concept they are testing with this question.

Thanks!
 
I agree that this is not a well-worded question or answer. I assume that what they were driving at was that having multiple systems have control of an airstart introduces more failure modes (more ways for the airstart to happen at an unintended time). Thus having only one system is safest, since having the airstart ignite is not safety-critical.
 
Yea, I agree with mikec.
I think what they may be getting at is motor ignition should not have have redundant systems. As mikec said, it adds a failure mode that could cause undesired ignition
As opposed to recovery deployment which is recommended to have redundant systems.

Edit: should have said "Not have redundant"
Sorry that was my typo.
 
Last edited:
Yea, I agree with mikec.
I think what they may be getting at is motor ignition should have have redundant systems. As mikec said, it adds a failure mode that could cause undesired ignition
As opposed to recovery deployment which is recommended to have redundant systems.
I disagree, airstart ignition should only have ONE control source, a failure to light the motor IS safe, and multiple control systems are uneccessary and add no additional safeties (may even introduce undesirable outcomes if one computer says yes and the other no...which one is right), the exception would be an ignition inhibitor inline between the control computer and the ignitor like a Rocket Tiltometer (which only inhibits off axis ignition, it does not actually fire the igniter).
 
Definitely a question with an ambiguous answer. I hate exam questions like that.

Deployment should be redundant systems, but as stated above keeping airstarts simple reduces the chance of aberrant behaviour and unsafe conditions.

An unlit sustainer can be recovered like a passive dart. Note that the chute has to be sized to land the full mass of the motor.
 
You folks are correct: Introducing parallel systems to ignite a rocket motor doesn’t increase safety. Instead it introduces uncertainty. Staging or air-starting should never have redundant systems.

What would be a better way to word the question without leading the candidate? We’re not trying to be coy or tricky, but we do want people to think about what the choices might mean.
 
You folks are correct: Introducing parallel systems to ignite a rocket motor doesn’t increase safety. Instead it introduces uncertainty. Staging or air-starting should never have redundant systems.

What would be a better way to word the question without leading the candidate? We’re not trying to be coy or tricky, but we do want people to think about what the choices might mean.
Steve, I would simplify the question as follows: Which would be the safest of the following three configurations for air-starting an L-Class motor?

The answers should work. I’m having difficulty understanding why the question (or the answers) would be confusing, They introduce only two variables—how many initiators? and if two initiators, should there be a delay? Nothing in either the question or the answers asks whether you should use one computer for deployment and a separate one for the air start. Pick the one that is safest and that’s the answer.

I suppose you could avoid that possibility by adding more to the answers:

a. A single channel from one computer driving a single initiator, with deployment charges fired from the same computer and redundant deployment charges fired from a second computer.

b. Two computers each with a channel driving one initiator with a 0.5 second delay between firing the two initiators, with deployment charges fired by one computer and redundant deployment charges fired by the second computer.

c. Two computers each driving one initiator with no delay between them, with deployment charges fired by one computer and redundant deployment charges fired by the second computer.

People can add other variables to the question—like, “Can I use a third computer for deployment?” Or even sillier, “what if the rocket is red?” But additional variables are not suggested by the question. A test taker should look at the three possibilities and decide which of the three is the safest. Understanding the principle—that more than one initiator decreases safety—makes the answer obvious. And of course someone will then ask, does this mean that I have to use redundant electronics for deployment when I’m doing an L Airstart? Since that isn’t one of the variables in the question or the answers, it’s not relevant to the test question. My answer would be, “if I can make it fit, I use redundant deployment regardless of the motor.“ But that isn’t what the safety code says.
 
I usually see airstart in the context of parallel outboards, so on initial reading I got a bit tripped up.

It may not be necessary to specify the airstart is of an inline single, but it may not hurt either.
 
I usually see airstart in the context of parallel outboards, so on initial reading I got a bit tripped up.

It may not be necessary to specify the airstart is of an inline single, but it may not hurt either.
I hadn’t thought about outboards, but even with outboards, you still wouldn’t ever use more than one initiator per motor. The question and answers still work.
 
One initiator _per motor_, yes.
Two initiators in the same motor simultaneously driven by the same computer is a common practice.

Regardless, the question and answers are still valid as the correct answer is the best of the three that are offered.
 
Thanks everyone! Your responses helped clarify this for me. I think I was overthinking it, but it is fairly obvious now. A main 3-channel flight computer controling the airstart, drogue and main deployment, plus a backup deployment computer. OR, two 2-channel flight computers for primary and backup drogue and main deployments, and a third independent device to control the airstart. BUT, no 2 devices controlling the airstart which is the point of the question. If there is a problem it is safer to NOT fire the 2nd motor.

Thanks again. I really appreciate you taking the time to share your knowledge.
 
Thanks everyone! Your responses helped clarify this for me. I think I was overthinking it, but it is fairly obvious now. A main 3-channel flight computer controling the airstart, drogue and main deployment, plus a backup deployment computer. OR, two 2-channel flight computers for primary and backup drogue and main deployments, and a third independent device to control the airstart. BUT, no 2 devices controlling the airstart which is the point of the question. If there is a problem it is safer to NOT fire the 2nd motor.

Thanks again. I really appreciate you taking the time to share your knowledge.
Sounds like you have it!
 
It is plain as day the way it is.
Agree. The answer was obvious to me.

For several years now, I have worked with the two-stage projects for IREC. The Design Guide used to require redundant systems for all electronics. So, the teams would propose designs with two flight computers lighting their sustainers. I would go back to each team to explain how redundant electronics really didn't increase the odds of lighting the motor all that much, but significantly increased the risk of having something bad happen. Just do one system and do it safely.

Jim
 
Agree. The answer was obvious to me.

For several years now, I have worked with the two-stage projects for IREC. The Design Guide used to require redundant systems for all electronics. So, the teams would propose designs with two flight computers lighting their sustainers. I would go back to each team to explain how redundant electronics really didn't increase the odds of lighting the motor all that much, but significantly increased the risk of having something bad happen. Just do one system and do it safely.

Jim
the IREC "redundant electronics are required" mentality is a net negative to most flyers imho. I can understand why they've put it there in theory, but in application the amount of flyers that come from IREC backgrounds that absolutely INSIST on using redundant altimeters in ALL things, including 38mm MD rockets, isn't ideal.
"but I want backup charges." Uh, fly a FC that supports that.
I'm pleased to read your comment of "The Design Guide used to require" which leads me to believe this will stop someday. Fingers crossed.
 
Last edited:
I would prefer to require IREC teams (smart people) to complete an FMEA. Redundancy could/would be an action that comes from that FMEA, plus you get coverage of other possible failure modes. Redundancy requirements by itself doesn't guarantee a reduction of risk. Design control mandates without detection actions misses half the risk reduction.
 
I would prefer to require IREC teams (smart people) to complete an FMEA. Redundancy could/would be an action that comes from that FMEA, plus you get coverage of other possible failure modes. Redundancy requirements by itself doesn't guarantee a reduction of risk. Design control mandates without detection actions misses half the risk reduction.
That's why the team I mentor does an FMEA for IREC. FMEAs have been invaluable here at work for me and likewise in rocketry, especially with the more complex systems.

In fact, at work, it has saved hundreds of thousands of dollars of product recall, on a couple of occasions.
 
Last edited:
Back
Top