SpaceX has confirmed that one of the engines on its Falcon rocket flamed out mid-flight during the launch of its resupply mission to the International Space Station. Around one minute after takeoff, the SpaceX team noted an anomaly on one of the first stage Merlin engines and shut it down. The Falcon is equipped with nine Merlin …
with nine times as many nozzles, it might be nine times more likely to fail. In the early days there was experiments with "many" nozzle engines.
But it still got there didn't it?
It depends on the relative probability of "the failure in an engine which takes everything with it" vs. "the failure in an engine which just shuts the engine down".
Basically, all your eggs in one sturdy basket.....?
More specifically, it's nine times more likely to suffer *an* engine failure (and even then, not quite), but certainly not nine times more likely to fail entirely.
IT Angle......therefore Raid 5 array of 9 disks is more risky than a Raid 5 array of 3, a Falcon 9 with a hot spare perhaps ? ;)
"It depends on the relative probability of "the failure in an engine which takes everything with it" vs. "the failure in an engine which just shuts the engine down"."
In addition to the engine out F9 has each engine *enclosed* in a Kevlar blast shield, somewhat like the nacelle of a jet engine on commercial aircraft.
But the engine did *not* explode. Spacex state the engine was running and experienced a pressure rise, which blew out some panels *designed* to relieve that pressure.
However the revised trajectory seems to have been *much* less efficient and so the 2nd stage had to burn more to compensate for the losses, stuffing the plan to plan to place the Orbcomm satellite in its planned orbit (but it's still working).
"However the revised trajectory seems to have been *much* less efficient and so the 2nd stage had to burn more to compensate for the losses, stuffing the plan to plan to place the Orbcomm satellite in its planned orbit (but it's still working)."
According to ORBCOMM, the satellite deliberately wasn't boosted into a higher orbit because the altered Falcon 9 trajectory did not place it inside the required ISS safety window for the second stage burn:
The Soviets during the Space Race trended toward multiple smaller engines while the Americans preferred one big engine. The main issue in the 1960's I think was that for the Soviet engines, you had to make sure all of them worked because there was no margin for even a single-engine failure. It wasn't just a matter of power but also of balance. If one of them blew, the odds are the thrust would become so uneven as to send the rest of the craft into a death spiral. Under that kind of math, the American design made more sense since you had fewer potential points of failure.
I would imagine in this case that SpaceX has taken a single failure into consideration and had means to compensate for it (albeit not ideally), but this moment probably will have the designers sitting down in the morning and having serious discussions.
The "early" days did not have today's engine control and management systems. So a design which was not feasible in the "early" days may be the right way of doing it today.
In any case - the most long lived and successful launcher - the Soyuz is a multi-engine/multi-nozzle design.
I correct myself about the American design in the 60's. Even the Saturn V had multiple nozzles but even then they accounted for a single-engine failure. Still, with fewer engines, there were fewer things to go wrong. The trick then even as now has been to get the right balance between redundancy and delicacy (more engines makes the system both more robust--able to withstand a non-catastrophic failure--and more delicate--more prone to an outright catastrophic failure--at the same time).
Less engines, albeit more powerful, saves weights also, allowing for larger payloads at higher speeds (how many crafts Russia sent beyond Mars?). AFAIK Soyuz multi-nozzle design was chosen because of instability of gas flow within larger ones, something that was solved in the very large Saturn and Shuttle main engines.
Choosing a lot of less powerful engines and adding a lot of electronics to control them and try to compensate in case of failure could be actually a "cheaper" solution that designing large reliable engines which is far more complex and costs more, but it means relying on another systems which may have issues too - how many missions failed due to a computer bug?
+10 for redundancy and good design
I don't remember the details but the Soviet N1 with its 30 or so engines was designed to tolerate failure of up to (I think) 3 of them. The problem was that it kept losing more than that...
Provided (big proviso!) failures are always non-destructive, it's more like you've got (at least) one spare engine. Think of a passenger jet. It's not unheard of for an engine to fail mid-flight, but it's usually no big deal. It's all but unheard-of for a plane to come down because of both engines failing.
Bad idea to put all your eggs in one basket if you can avoid doing so.
Well obviously if it still works with some nozzels failed, then x9 more likely nozzle failure is not a problem.
Actually the flight may be a very expensive failure for the Satellite owner as the next stage burn was unsafe to do. But undoubtedly a step forward vs Shuttle. I may not have worded the original post clearly.
Indeed that was what I meant!
Strictly speaking, the statement is still true. What you described are design elements to reduce the probability of "the failure in an engine which takes everything with it." This is something at which good engineers excel.
I'd also note that a "failure which takes everything with it" isn't necessarily an explosion. If an engine came loose and slammed into another engine (or worse engines) and disabled its capability to direct thrust, that could be just as catastrophic as the more visually impacting explosion. Indeed depending on when in flight it happened, ground control might have to activate the self-destruct which would be visually stunning.
Good and bad news
Wonderful that they had one engine out and carried on. But I'd be very concerned at the in-flight failure rate of the Merlin. Which is, with 4 flights and one engine out (of 36) , standing at just under 3%. I'd be much happier with that figure down well under 1%.
Another inflight failure, if it were to come soon after this one...and NASA may begin to lose confidence?
Re: Good and bad news
One of the reasons they're not handling human transport duty to SpaceX right away is because the Merlin / Dragon is a new design in its early revisions, therefore prone to little mishaps like this one. As launches pile up, enough data will be accumulated to iron such glitches.
Re: Good and bad news
Though as mentioned the Saturn V had engine failures on two of its 13 launches which gives much the same reliability at 2 of 65.
Re: Good and bad news
The real problem would be if there were two engines out. According to your calculations that would be 3% of 3%, or 0.09%.
Re: Good and bad news
Try nearer 1 in 43. Anomaly (valve slightly slow to open) <> equal to major premature engine shutdown.
Are you not entertained?
Re all those folks who were yawning "business as usual" earlier today.
Good for SpaceX
Great price/performance ratio for something that had 1/100 the budget of any NASA program engine design.
AND it kept on going. When the Atlas ICBM design was being reused for early manned space flight, it blew up on the pad several times, only these were either unmanned or chimp trials.
Don' worry mon, be happy, de get da bugs out soon.
I'm sorry. If your unimpressed by a space rocket that survives one of it's engines turning off/exploding, you have no heart! I'm well impressed by the fact it still made a successful launch.
Simply proves the old adage
It's not how big your motor is but how you use it to compensate.
Re: Simply proves the old adage
Something about tailpipes comes to mind too.
It didn't damage the other motors so the control system and design gets +1 vote from me. RAID5 (or maybe RAID6) goes into space.
Very few people in the US are happy about relying on the Russians for ISS resupply
That was always the case.The ISS needs enough docked vehicles to return the entire crew to Earth, and the Soyuz was the only vehicle that could stay up for six months, All the Shuttle could and did do, was to take one crew member up and bring another back.
Re: Very few people in the US are happy about relying on the Russians for ISS resupply
Together so large payloads no cargo ship can actually handle - and Shuttle was able to bring them back also. Oh, and there was all that EVA capabilities.... everything lost now.
I have it on good authority that the Falcon 9 has just been issued with a certificate of approval by one Jebediah Kerman.
Recovering the first stage?
Does anyone know what happened to the first stage after separation? I assume it splashed down somewhere. Will it be recoverable? Because I'll bet that there are a number of SpaceX engineers who want to go over that thing with tweezers.
Also, when they finally get the first stages landing vertically using the rocket engines, it will be hella impressive.
The opposite of confidence building
The fact that the rocket got to orbit despite a failure does not mean the failure was insignificant. It means things are not working as expected, which means they do not understand what they thought they understood. For all anyone knows at this point, there may have been a 90% probability that the explosion would damage an adjacent engine, and they just lucked out this time.
Both of the shuttle disasters are transparent examples of this sort of management self-delusion that problems that occurred frequently (o-rings partly melting, foam occasionally falling) were not problems, because nothing bad had happened. Yet.
That does not mean Space X is a bad company, nor that its rocket isn't better than everyone else's, or that NASA is wrong to contract for it. This actually is rocket science, after all. Rather, it means there is serious engineering work to do; It is 10x more serious since Space X apparently thought they had solved a similar problem, so both the engine and their mechanism for assessing the engine's behavior are both wrong.
Re: The opposite of confidence building
"The fact that the rocket got to orbit despite a failure does not mean the failure was insignificant. It means things are not working as expected, which means they do not understand what they thought they understood. For all anyone knows at this point, there may have been a 90% probability that the explosion would damage an adjacent engine, and they just lucked out this time."
Reports indicate that SpaceX had taken such a scenario into consideration. Each engine has a blast shield to help safeguard adjacent engines from blasts. From what I've read, these weren't called into play because the engine in this case, despite a failure, failed safely (meaning as per a design which caused the engine pieces to blow away from the craft, minimizing risk to the other engines).
So on a scale of "This did not just happen" to "Break out the bottles", this probably rates as a "Eh...get the design team in here; we've got things to look at."
Actually on the last Saturn V unmanned mission, Apollo 6, two engines failed on the second stage. The rocket still made it to a lower orbit so the mission could still go on. According to the Discovery series "Moon Machines",
the investigation showed that an engine suffered a failure and shutdown. The system tried to compensate the thrust and shutdown another engine to do so while burning the rest of the engines more, however the wrong engine was shut down! The rocket started taking a more horizontal trajectory and finally limped to orbit. The cause was that the wires had been crossed and the wrong engines were wired up. The solution was to make the wires shorter so that they could only be connected on the correct engine!
Re: Apollo 6
The Apollo 6 engine failures occurred on the SII stage, which used J-2 LH2/LOX engines. The propellant feed lines contained bellows to allow for expansion and contraction as the cryogenic liquid flowed through the metal and caused it to shrink. When run at ground level in normal atmosphere the surrounding air liquified and then froze in the bellows' corrugations, acting as a vibration damper. When the engines were run during a real launch, there was insufficient atmosphere around at the 200,000 foot ignition altitude for this to happen, as a result the bellows vibrated and ruptured in this case, leaking propellant and causing the engine to shut down as the chamber pressure fell.
The fix was quite simple, the propellant lines had the bellows removed and a simple bend was introduced to allow for expansion/contraction without risk of damaging vibration.
Mine's the one with the Saturn V engineering handbook in it....
Ah come on...
they could have done a better job without the engine flameout....
I mean it's not rocket science.
Brilliant design allowed the vehicle to get to orbit.
But engines are not supposed to blow up! Time to roll up the sleeves boys... you've got some work to do.
RAID for rockets
Disk drives are not supposed to crash either. As long as the failures are predictably confined, this design equates to RAID for rocketry.
This was a significantly reduced payload, though...
This was a 500 kg payload, not the full payload that is expected of Falcon 9. I cannot find whether this is 50%, 10% or 90% of the rated payload, though. Does anyone have those numbers?
If the affects would be worse at rated-payload (they probably would), then this might have been a crew-rescue situation. We need to learn more.
It is not really a cost savings if the risks have been dialed-up too high. Beagle 2 was radically cheaper than Curiousity, but it totally missed expectations. I do hope that lessons-learned lead to more effective, low cost futures.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs