Posts about: "APU" [Posts: 151 Pages: 8]

A naive glider pilot question: if fuel cut off was (inconceivably) selected, would both fuel control levers have been flipped downwards from Run to Cutoff? And if they were then immediately flipped back to the Run position, how much time would have been needed to achieve enough thrust to maintain altitude?

The simplest answer: Lo Lvl Alt Cap; Thrust to Idle; Startle Factor; Inappropriate Memory Items : ( RAT deployed; insufficient time for Eng relight.

None of the flight controls can be powered by the battery. Both the stabilizer motors and the electrically-actuated spoilers require high-voltage DC which is only available with at least one engine-driven generator or APU generator working. They cannot be powered by the RAT generator either.

The direct wiring you're referring to is intended to provide minimal control in case of a complete failure of all ACEs. It allows for control signals but does not provide power.

This incident is very perplexing to me. This is my first post on here and I am not a pilot. I have over a decade of experience in the RAAF as an engine fitter on Mirage and Hornet aircraft. Albeit a bit of time ago.
I have watched the video's and looked at the FR-24 data a hundred times. To me it looks like a normal rotation and at WoW everything starts to go wrong.
Airspeed starts dropping off immediately going by the FR-24 data. If reports are correct the pilot makes his Mayday call. FR-24 data stops.
In the video from the balcony I agree the RAT is out and operating but I can also hear the engines at idle or just above (maybe flight idle).
If the captain manually deployed the RAT this makes sense to me. In both video's I don't see any aircraft behavior that would suggest they are not flying the aircraft.
Is there an electrical fault at WoW that renders the cockpit dark and therefore manually deploying the RAT (possibly initiating APU start, inlet door is open at crash site) would make sense to restore cockpit power.
I can't understand any pilot shutting down both engines at 200ft AGL. He would surely know that his fight is over at that point.
I am not ruling out pilot error (configuration or otherwise) but my hat goes off to two pilots that I believe were trying to fly this aircraft until it hit the ground.
Sorry if my wording is a bit off but mine is military background not commercial.

Yes. I simplified. The point stands that the throttle needs to be pulled back, as it was in the ANA event, because that was a landing and not a take-off.

First, you posted a good summary. I'd have added "unanticipated hardware fault" and "unanticipated software fault" as generic causes.

Note that the thrust lever actuators are wired to the FADECs, and that the TCMA gets the T/L position from that. For TCMA to trigger, it has to determine that its FADEC (on that engine) failed to achieve a commanded reduction in thrust. So we're either looking at a weird, unprecedented edge case, or a FADEC failure, or both.

It has been mentioned before that this capability existed as part of the N2 overspeed protection: the FADEC would shut down a runaway engine by cutting its fuel before it disintegrates.
The thrust lever sensors are wired directly to the FADEC (and hence the TCMA). No data bus is involved with this item.

With a MCAS crash, it required a hardware problem with an AOA sensor, used as input to a correctly working MCAS, to cause the aircraft to behave erratically. With a correctly working TCMA, I believe it'd require two hardware problems to get TCMA to shut down the engine, as there'd have to be an implausible thrust lever reading, and a FADEC/engine failure to process it within the TCMA allowed range ("contour"?). On both engines, separately and simultaneously.

That leaves a software problem; it's not hard to imagine. The issue is, at this point it's just that: imagination. I could detail a possible software failure chain, but without examining the actual code, it's impossible to verify. We simply don't have the evidence.
I could just as well imagine a microwave gun frying the electronics on both engines. An escaped hamster under the floor peeing on important contacts. A timed device installed by a psychopathic mechanic. There's no evidence for that, either.

This process is a way to psychologically cope with the unexplained accident, but because it lacks evidence, it's not likely to identify the actual cause. We've run the evidence down to "most likely both engines failed or shut off close to rotation, and the cause for that is inside the aircraft". Since the take-off looked normal until that failure, we have no clues as to the cause hidden inside the aircraft. We need to rely on the official investigation to discover and analyse sufficient evidence. The post-crash fire is going to make that difficult.

"Both engines failed or shut off close to rotation" explains all of the evidence : it explains an unremarkable take-off roll, loss of lift, absence of pronounced yaw, loss of electrical power, loss of the ADS-B transponder, RAT deployment, the noise of the RAT banging into place and revving up, emergency signs lighting up, a possible mayday call reporting loss of thrust/power/lift, and a physically plausible glide from a little over 200 ft AAL to the crash site 50 feet (?) below aerodrome elevation .
It explains what we saw on the videos, what the witness reported, where the aircraft ended up, and the ensuing sudden catastrophe.

I don't believe we have evidence for anything else right now—I'd be happily corrected on that.

-----
Edit: the evidence of the crash photo with the open APU inlet door, and the main gear bogeys tilted forward, are also explained by the dual engine failure/shut off.

For those postulating the RAT was not deployed, what counter explanations do you have for the following clues?

• Distinctive RAT sound in the rooftop video, audio analysis here .
• RAT visible in rooftop video, example in this image .
• APU door open suggesting auto APU start, suggestive of a full electrics failure (one of the criteria for auto RAT deployment)
• Loss of ADSB data suggestive of a full electrics failure (one of the criteria for auto RAT deployment)
• Unusual gear forward tilt position, suggestive of hydraulic failure and/or full electrics failure (one of the criteria for auto RAT deployment).
• Loss of all thrust, ie dual engine failure (one of the criteria for auto RAT deployment)

Great summary. I've already mentioned the first below, but I'd add another:

• The existence (and timing) of the flyby video by a young lad who apparently lived where the footage was shot from. With planes flying past every few minutes, why would he choose to film this one, before he could even see it? The video starts with the plane still approaching, out of view, and his position suggests it was unplanned, before he could move to a better vantage point. I say he already knew it was extraordinary - from the sound.
• Eye witness account from the mother of the lad who filmed the flyby, apparently said that the plane was "shaking". I'll assume she didn't know how to describe it properly, and that maybe it sounded like it was shaking, from hearing the noise from the RAT. Or it's a translation issue of a word/s with multiple meanings or used colloquially.

One question - are there two exterior doors to the APU compartment, one on top, one below, presumably inlet and outlet of cooling airflow? I've seen photos showing two open doors, but the lower one could be something else, and busted open during the crash.

My airline emphasized no crew action for engine failure or fire until 1000 feet. At 400 feet we could only declare an emergency, request an alternate departure if needed and start the APU. It’s far more important to fly the aircraft, get it properly trimmed and insure the proper engine out ground track is being flown. Only at 1000 feet would we begin the engine fire/failure checklist. Normally even that would come after the aircraft was cleaned up and stabilized. Best flying advice I ever got was in a severe emergency the first thing you should do is wind the clock!

There is one air inlet door on the top right of the empenage. This is commanded open during APU start sequence and closes after APU shutdown.
There are maintenance access doors directly belew the APU that open up like a Clamshell.
There are other access doors nearby for example just forward of the APU firewall bulkhead there is an access door, this allows entry into the stabiliser bay rear section.
There is another stab bay access door just forward of the horizontal stabiliser on the left side which allows access to the forward stabiliser area, screw jack, fin access and the rear pressure bulkhead.
I don't think there are any others.

If it has no power it won't record anything at all, like the fact that multiple electrical systems are U/S but as a limited power supply from the RAT or APU comes on-line it would have something to record. It seems to me absurd that it is not powered at all times.

It will come as no surprise to anyone that EE bays are well protected with the sort of things you have described.
The 787 batteries are also in separate EE bays. Main one in the front and the dedicated APU battery in the power electrics bay aft of the landing gear.
They are both contained in fireproof boxes that will vent to atmosphere in the event of a thermal runaway.
I have been working on 787s for over a decade and leaks from gallies and lavs has not once been on my list of snags.

The first B744 flood event in the E&E was 25 years into the operation with one airline, and the other 2 occurred over 30 years into the operation of the type, one was uniquely a cargo loading event, and how the OEM would have guessed that some carrier would enter a wading pool worth of rain water into the E&E, they had and have my sympathy. We took action after that to avoid a repetition, but it wasn't on the radar before it ended up with a bit of excitement for the crew. They happened to have a nice clear evening when the whole cockpit went darl. The B787 has a AD out since 2016 which was added to last year related to unwanted leaks. My own event with a B777 ended up with over 6 cubic meters of ice in the belly of the B773ER, and was only found doing a walk around where there was a number of the belly drains drooling onto the ramp, which happened to be dry. An event external to the system architecture remains a high probability, and as unusual as that may be it is not without precedent, with existing AD's related to such matters extant.

When pax flush clothing and other rubbish down a vacuum toilet system, the potential for stuff to not work as advertised is not zero.

In bold.
APU autostart? Not sure really, it takes several seconds for the inlet door to open.

The pumps are load shed during (and possibly before) engine start. Available power is presumably somewhat limited when on APU only (two generators not four) and especially when you're electrically cranking the engines. When on ground and with engines stopped, aircon, IFE, and galley probably takes priority over pumping fuel to nowhere.

Once both engines are running and the four VFSGs are online, I would not expect any load shedding and certainly not of flight loads like fuel pumps.

The Airbus manuals imply or clearly state that centre pumps are inhibited when the flaps are extended, so both engines draw from the wing/main tanks. I haven't seen anything clearly matching in the Boeing manuals.

May I ask where this information of load shedding comes from please
In my experience the APU supplies enough power to run all systems. Hydraulic pumps, fuel pumps etc

We know (from the 248-day bug) that full AC power failure is possible and we see from the RAT and landing gear orientation that full AC power failure was likely within ~10 seconds of leaving the ground.

I also don't see any evidence that engine driven fuel pumps alone must be able to handle this scenario: provide enough fuel flow for takeoff and climb, even while the pitch is rotating, even in a hot environment with significant weight, even while the gear is stuck down.

I know that the engine driven pumps have documented limitations and that the regulations allow for some limitations. I know that at least one of these limitation is high altitude and I _suspect_ that the design intends for this unlikely scenario (engine driven fuel pumps alone with no AC pumps) to guarantee enough fuel flow to get to an airport and land. I also suspect that the APU is expected to solve loss of all AC generators - and as we know, there wasn't enough time for it to start in this scenario.

I believe that particular bug is fixed, though it's always possible there's other issues causing a total AC loss.

Not really relevant to what you quoted though, as the scenario in question requires:

• Engines running on centre tank fuel during takeoff while the aircraft is operating normally
  • We don't know for certain if this is the case. It seems to be but it's not something that happens on other families.
• Then, total AC failure stopping fuel boost pumps.
• Engines suction feed from contaminated/full-of-water wing tanks.

The aircraft has two engines and should be able to climb out on one, plus it dropped like a rock . 'Significantly degraded' thrust isn't really compatible with what we saw. You'd also expect the engines to recover pretty quickly as it leveled off.

The limitations at high altitude are primarily air/volatiles degassing out of the fuel. That's not going to be much of an issue at sea level, even if the engines are a bit higher up during rotation.
APU is a nice-to-have; it's on the MEL. If you lose all four generators, it's because of some major carnage in the electrical software/hardware and chances of putting the APU on line even if it's operating are very slim.

On the 767, 757 and A330 anytime you are in single generator operations the aircraft is load shedding. The 787 with a totally different electrical system might function differently.

As an electronics and software engineer who has read the AD and related materials on the 248 day bug my understanding is that:

1. The specific 248-day integer overflow was patched, and before the fix was rolled out, the AD required this system to by power cycled every 120 days to prevent overflow
2. The PCU software still has the functional requirement to be able to command all AC GCUs to enter failsafe mode, this means that while the initial bug was fixed, the ability for this particular software system to command the same result is still a functional part of the architecture - presumably for safety management of the AC system
3. This was not the first or last "software overflow error" issue in Boeing or even in the 787

Although I'm not qualified in aviation engineering I do believe from an engineering safety standpoint that this architecture creates a rare but entirely feasible scenario in which the aircraft would be without AC power for at least 30 seconds until the APU could restore it.

I do agree that the engine driven pumps should be able to provide fuel alone, the whole point of these pumps is to keep the plane flying within some limitations, high altitude is one of those limitations, I propose that there may be others based on the following:

• Some more knowledgable people here have proposed or countered vapour lock, fuel contamination and automatic fuel cut-off theories to various degrees - even if these are not enough on their own, loss of electrical during rotation at high temperature could combine with these in a way we have not yet considered
• Thrust is nonlinear, and while I'm not qualified to say how much loss of fuel flow or loss of thrust would be critical in this scenario we do know that it was a hot takeoff with significant weight and gear remaining down - I know others here have run sims but I don't think anyone has focused on specific thrust / fuel flow params
• While electric fuel pumps might not be physically necessary for takeoff, my final point is: why are they required for takeoff? Is it not to mitigate cavitation, fuel sloshing at rotation, or any other kind of problem that might be relevant here?

Similar failures have happened on 737s/A320s/A330s and others. I'm not denying it's possible. There's a reason it's a certification requirement for the engines not to be dependent on aircraft power. The APU is MELable and battery starts are not extremely reliable.

Thrust is non-linear and complex. Reaction engines (i.e. fans, props) are generally most efficient at minimum power - lowest excess velocity. Turbine engines are generally most efficient at high power. These cancel out somewhere in the middle. With two engines at low power, you also don't have the drag from the dead engine or the drag from the rudder countering yaw.

Cavitating destroys pumps rapidly - someone upthread said replacing the fuel pump immediately is SOP if it has suction fed. Expect end of life in tens of hours rather than tens of thousands.

Some aircraft have switched to using jet/venturi pumps powered by returned fuel, like the A220. The electric boost pumps there are mainly for redundancy and are shut down in cruise; only one in each wing tank. Some A320s replace the centre override pumps with venturi transfer pumps.