I want to make my own BMS

[Cal]

I do not have statistic of BMS failure but I have not heard of BMS a lot. If 2 protections are demostrated to be enough, adding a third one or ten more is not going to offer any additional feature.

The only reason I suggested a fault tolerant system is due to your more-than-average concern of fire and major damage.

You need to be careful that your mechanization is not the actual cause of fire. Disabling charging sources at the bms can lead to component failure. I'm concerned of removing the battery connection to the charge controller before removing PV power. What about L di/dt spikes?

BTW, after some testing, I'm not a huge fan of the ADC1115. An external voltage reference is preferable. Actually, my son is also in the medical business. I'm a bit surprised the few hoops they need to jump through for approval.

 

[Cal]

In my experience (I have never been in high EMI enviroments) I have never had problems with EMI with off the self components.

Back in the '70s I worked for Bosch in electronic fuel injection (Jetronic). This one customer informed us his vehicle would stall when passing a transmitter tower. He learned if he had enough speed he could coast past the antenna and resume power again. Since then Bosch tested their products at a powerful transmitter.

 

[Bob B]

The only reason I suggested a fault tolerant system is due to your more-than-average concern of fire and major damage.

You need to be careful that your mechanization is not the actual cause of fire. Disabling charging sources at the bms can lead to component failure. I'm concerned of removing the battery connection to the charge controller before removing PV power. What about L di/dt spikes?

BTW, after some testing, I'm not a huge fan of the ADC1115. An external voltage reference is preferable. Actually, my son is also in the medical business. I'm a bit surprised the few hoops they need to jump through for approval.

I don't know a lot about the engineering aspects you guys have been discussing .... but this bolded statement represents my general philosophy for BMS control of the end devices. I don't want to be controlling the battery power itself with the BMS. Trying to control or switch the high power that may be used seems to me to increase the chances of failure dramatically based on what I have seen in my background of building controls.

 

[Bob B]

Back in the '70s I worked for Bosch in electronic fuel injection (Jetronic). This one customer informed us his vehicle would stall when passing a transmitter tower. He learned if he had enough speed he could coast past the antenna and resume power again. Since then Bosch tested their products at a powerful transmitter.

We had a guy who thought it was fun to watch us try to figure out what happened after he keyed up a 2 way radio in very close proximity to one of our controllers .... we finally caught him and it got kinda ugly.

 

[BiduleOhm]

Trying to control or switch the high power [...]

Well if you don't, something else will anyway.

 

[Factory400]

I don't know a lot about the engineering aspects you guys have been discussing .... but this bolded statement represents my general philosophy for BMS control of the end devices. I don't want to be controlling the battery power itself with the BMS. Trying to control or switch the high power that may be used seems to me to increase the chances of failure dramatically based on what I have seen in my background of building controls.

You and @Cal keep beating a dead horse.

The BMS disconnect is A SAFETY MECHANISM OF LAST RESORT FOR THE PURPOSE OF SAVING THE BATTERY CELLS EVEN IF IT BLOWS UP OTHER DEVICES IN THE PROCESS.

There are other ways to mitigate the various problems with a hard BMS disconnect - inductive spikes being one of them. But in real world applications, the system would noramllly be shut down in a very graceful way with each connected device being triggered to shut-off on its own. A smart BMS disconnect is no different than a fuse blowing. If a battery parameter is violated - a shutdown it the only valid response regardless of the potential damage to whatever is connected to it.

Why is this still being discussed? I really don't get it.

 

[Bob B]

Well if you don't, something else will anyway.

For an AC - DC charger .... I prefer to switch the input where there is less current ..... or just turn it off with a remote control. Yeah, it has to shut itself down, but that is a lot more graceful.
For an inverter, I just prefer to turn it off at the power switch.... for that to not work would require that the inverter would have to ignore the low voltage and not shut down itself .... and the power switch would have to fail.
Putting more SSR devices in the main current path is going to decrease the overall efficiency.

 

[Bob B]

You and @Cal keep beating a dead horse.

The BMS disconnect is A SAFETY MECHANISM OF LAST RESORT FOR THE PURPOSE OF SAVING THE BATTERY CELLS EVEN IF IT BLOWS UP OTHER DEVICES IN THE PROCESS.

There are other ways to mitigate the various problems with a hard BMS disconnect - inductive spikes being one of them. But in real world applications, the system would noramllly be shut down in a very graceful way with each connected device being triggered to shut-off on its own. A smart BMS disconnect is no different than a fuse blowing. If a battery parameter is violated - a shutdown it the only valid response regardless of the potential damage to whatever is connected to it.

Why is this still being discussed? I really don't get it.

Funny ... I thought you guys were beating a dead horse and just not willing to recognize your error in the way you are looking at it.

 

[Bob B]

I think it is good to discuss because this will affect the entire way the BMS operates ..... Run all the power thru the BMS needlessly .... or use external relays or SSRs to find more intelligent ways to switch the system.

 

[BiduleOhm]

For an AC - DC charger .... I prefer to switch the input where there is less current ..... or just turn it off with a remote control. Yeah, it has to shut itself down, but that is a lot more graceful.

We typically use SCC with PV panels, not AC chargers. And cutting the lower current but higher voltage panel circuit has big challenges too (I think it's actually more dangerous because the risk of arcing is higher).

For an inverter, I just prefer to turn it off at the power switch.... for that to not work would require that the inverter would have to ignore the low voltage and not shut down itself .... and the power switch would have to fail.

Some (most?) inverters don't like being turned-off while loaded.

I could argue it's even worse to do it that way since the controller can lock-up during turn-off and command the MOFSETs in cross-conduction while the high power path i still energised at 100 %. Cutting the power to the inverter will reduce the energy on the high current path by quite a lot before the controller even turn off, so even if it does something stupid there's lower chances of having damages.

Putting more SSR devices in the main current path is going to decrease the overall efficiency.

In my case the efficiency is reduced by only 0.2 % @ 300 A (which is the worst case of course) so not sure it matters a lot given how low it is, especially when a shunt has almost the same losses and nobody really cares about power losses of shunts...

Funny ... I thought you guys were beating a dead horse and just not willing to recognize your error in the way you are looking at it.

Hmm... so I make an error wanting redundancy for safety reasons in how the current gets interrupted? if yes then fine, agree to disagree I guess.

 

[Factory400]

Funny ... I thought you guys were beating a dead horse and just not willing to recognize your error in the way you are looking at it.

I am sure you have seen an E-Stop button on industrial machinery.

The purpose of that button is to halt everything immediately as a response to some sort of safety problem. There are many, many machines that can be damaged if you push that button while the machine is actually running. It can corrupt a controller, crash a spindle, mangle a part, etc, etc......
But who cares - if someone pushes that button it is because something is going terribly wrong and that button is the last available option to stop it. Any additional problems that may result from an in-process E-Stop can be dealt with after the big issue has been halted.

In the BMS context - having that protection as close to the battery as possible gives it the best chance of success if something goes badly.

 

[Bob B]

I am sure you have seen an E-Stop button on industrial machinery.

The purpose of that button is to halt everything immediately as a response to some sort of safety problem. There are many, many machines that can be damaged if you push that button while the machine is actually running. It can corrupt a controller, crash a spindle, mangle a part, etc, etc......
But who cares - if someone pushes that button it is because something is going terribly wrong and that button is the last available option to stop it. Any additional problems that may result from an in-process E-Stop can be dealt with after the big issue has been halted.

In the BMS context - having that protection as close to the battery as possible gives it the best chance of success if something goes badly.

I am advocating for the use of an E-stop switch .... I just don't want the BMS to have to do that. It should issue it's shutdown .... if for for some unlikely reason that doesn't work, there is an audible alarm ... and I decide if I need to do the E-stop.

 

[BiduleOhm]

and I decide if I need to do the E-stop.

What if you're not there? if you're not fast enough?

Also an e-fuse is impossible to implement that way.

I am sure you have seen an E-Stop button on industrial machinery.

The purpose of that button is to halt everything immediately as a response to some sort of safety problem. There are many, many machines that can be damaged if you push that button while the machine is actually running. It can corrupt a controller, crash a spindle, mangle a part, etc, etc......
But who cares - if someone pushes that button it is because something is going terribly wrong and that button is the last available option to stop it. Any additional problems that may result from an in-process E-Stop can be dealt with after the big issue has been halted.

In the BMS context - having that protection as close to the battery as possible gives it the best chance of success if something goes badly.

Damn you make good arguments, I'll let you answer for me next time... ?

I may add the e-stop almost always open a big contactor (which is usually a special contactor with redundant contacts BTW) cutting all power to the machine. There's a reason it's done that way and not just telling the PLC to stop the machine or cutting the power to the PLC only.

 

[Factory400]

I am advocating for the use of an E-stop switch .... I just don't want the BMS to have to do that. It should issue it's shutdown .... if for for some unlikely reason that doesn't work, there is an audible alarm ... and I decide if I need to do the E-stop.

For me....I don't want to be around to hit that E-Stop.

In my scenario - I am away from the system for long periods and if a problem arise, I want some guarantee that the system will be able to autonomously shut down if any defined parameter is violated.

 

[Bob B]

My system is in an RV and is also why I need the AC converter in addition to the solar .... I think once I have it operational for a while, I will "know" how it is working and won't leave it on it's own if I think there is any chance of something going wrong.
When I'm away for a significant time, the system will be shut down and the pack disconnected.

 

[Cal]

There are a lot of users where the bms provides the PRIMIARY disconnect signal to the sources. I'm sold on that approach. My charging sources know absolutely nothing about cell voltage status. Why make them the primary disconnect?

 

[Cal]

I am advocating for the use of an E-stop switch .... I just don't want the BMS to have to do that. It should issue it's shutdown .... if for for some unlikely reason that doesn't work, there is an audible alarm ... and I decide if I need to do the E-stop.

Right!

The damn cpu doesn't know the operators tie is getting wrapped around a spindle.

 

[BiduleOhm]

There are a lot of users where the bms provides the PRIMIARY disconnect signal to the sources. I'm sold on that approach. My charging sources know absolutely nothing about cell voltage status. Why make them the primary disconnect?

Yep, but that's normal conditions, it's totally fine to improve the control loop with infos from the BMS.

Here we're talking about abnormal conditions (because something got wrong with the normal control path).

 

[Cal]

Here we're talking about abnormal conditions (because something got wrong with the normal control path).

We're talking about overvoltage disconnects. This is not an abnormal condition. My bms makes the decision to disconnect the charging sources. Should the bms fail, the charging sources will limit charge at a higher voltage level.

There was a comment something like only in a blue moon (almost never) should the bms disconnect. Yes, that's correct if the bms is the SECONDARY disconnect. In my case if the bms disconnects at the bms then major voltage spikes could be seen many times per day. Spikes would be quite common. Why subject the electronics to possible failure?

 

[BiduleOhm]

We're talking about overvoltage disconnects.

What about the other protections? (low voltage, over current, over temp, low temp, ...)

Also, how do you disconnect the loads which aren't the inverter? because they won't have a control input to turn them off...