I want to make my own BMS

[Factory400]

The main problem is that I only want 2 wires coming from my battery V+ and V-.

I also want a standole system. Not a system that requieres comunication with the other parts. When you talk about failsafe the last thing you can do is trust in other components using comunication. In terms of informative during normal operation is good to talk with other components but in case of fail I do not think so.

In my opinion not having mosfet in the power path is completly impossible. Yes, you can avoid them in the BMS but we are forgeting that chargers and inverters are SMPS completly done with FETs. Dozens of them. The reason of failure, shorting drain to source, is the overvoltage in the gate. This can happend due to transients. It can happend in duty cycle operations like SMPS but in steady state operations like a BMS this is not a source of failure. Another source of failen is high transient in the V drain source voltage but using 100V rated voltage fets in 48v applications is not common. This happens because the transient is coupled into the gate capacitancy bringing us the previous scenario. But in the end all this failures come from a non adequate use of the mosfet, not from a random failure.

I do not want to say that failing fets is a myth but reminds me to the accidents produced by battery explosions. Everybody talks about them but I have never seen a explosion caused by battery failure. Everytime the reason has been inadequate use or external problems. How many times have you seen fets filing in high quality devices like Outbacks equipment?

I think mosfets are exatly the same scalable as relays. With relays you change the relay, with mosfet you put more. The problem is that normally manufacturers don´t do BMS flexible enough to add more mosfets. Many people just add BMS in parallel.

Pretty much agree with all of that.

In MOSFET world.....switching many hundreds of amp is not a problem and the overall solution size is much smaller and more reliable than relays.
The designer needs to decide early on how much thermal rise is accessible and then is a matter of choosing appropriate devices and the appropriate qty of them in parallel to get the circuit ESR at whatever level is needed. If using high-side gate drivers, there are a lot of amazing devices to choose from.

I would only use relays for total isolation safety but only zero current flow.

 

[Pidjey]

Uh......nope.
I have blown up a LOT of FET's over the course of designing a LOT of commercial power electronics projects and they don't typically fail closed.

I think 2 different ways of failing are mixed. One way of failing is is overvoltage in the Vgs by Vgs or by coupled spike from Vds. In this situation it shorts drain source. If you burn it due to overcurrent they normally opens.

 

[Factory400]

Some parts for reference:


LTC3300: Active balance controller $15
https://www.digikey.com/en/products...TC3300ILXE-2#PBF-ND/4356531?itemSeq=347306861
https://www.analog.com/media/en/technical-documentation/data-sheets/LTC3300-2.pdf

MA5421-AL:Balance inductor for LTC3300
https://www.coilcraft.com/en-us/pro...sformers/power-converter-transformers/ma5421/#


LTC6803: Battery Monitor $24.00
https://www.digikey.com/en/products/detail/analog-devices-inc/LTC6803IG-4-PBF/2620009
https://www.analog.com/media/en/technical-documentation/data-sheets/680324fa.pdf

LTC6811: Battery Monitor 16bit $22.00
https://www.digikey.com/en/products/detail/analog-devices-inc/LTC6811HG-2-PBF/6235371
https://www.analog.com/media/en/technical-documentation/data-sheets/LTC6811-1-6811-2.pdf


LT8584: Balanacing IC $7.34
https://www.digikey.com/en/products/detail/analog-devices-inc/LT8584EFE-PBF/4488942
https://www.analog.com/media/en/technical-documentation/data-sheets/8584fb.pdf

TI Battery Management:
https://www.digikey.com/en/products/detail/texas-instruments/BQ7693000DBTR/6571639


Perhaps add active health monitoring:

Electrochemical Impedance Spectroscopy (EIS) for Batteries
https://www.analog.com/media/en/reference-design-documentation/reference-designs/CN0510.pdf
https://www.analog.com/en/design-ce...he-lab/CN0510.html?doc=CN0510.pdf#rd-overview
https://www.digikey.com/en/products...e=505&utm_medium=supplier&utm_campaign=buynow
DIGIKEY: EVAL-ADICUP3029-ND
https://www.digikey.com/en/products...e=505&utm_medium=supplier&utm_campaign=buynow
DIGIKEY: 505-EVAL-AD5941BATZ-ND

 

[John Frum]

The main problem is that I only want 2 wires coming from my battery V+ and V-.

What about the sense/balance leads?
I'm just talking about replacing the b- and p- high current path with 3 sets of switches with no voltage or current.

I also want a standole system.

That is where we differ.

Yes, you can avoid them in the BMS but we are forgeting that chargers and inverters are SMPS completly done with FETs. Dozens of them.

Yes but we are talking about the design of the bms.

 

[Pidjey]

If I was designing my own BMS......

I would go with a controller:module architecture where the brains of the operation are on one PCB with multiple communication ports for various functions and features. While most of the control and monitoring can be done over common signaling schemes from RS232 to CAN and many inbetween......critical ALARM level signals should be conveyed over a dedicated line what will trigger a disconnect when any device asserts a failure. This allows the system to maintain a safety net even if/when the primary control system has failed.

Critical functions should be as analog as possible or at least programmatically isolated from the main application code. This would include over current protection and over/under cell voltage among others. You should expect the basic safety mechanisms to be functional even if the uC blows up and smokes out.

As for load switching.....MOSFETs are the only answer IMHO. Relays that a load break rated are big and expensive, however if the primary switching mechanism is MOSFET based, a mechanical relay that is NOT load break rated can be used for positive isolation with higher voltage systems. Those relays are much smaller and less expensive. High side switching with MOSFETs is trivial and it puts the designer in a position to use VERY high performance devices with sub mOhm RdsOn. If number of those in parallel, very high current handling is possible with very modest thermal rise.

Linear Tech (Analog Devices) and TI makes some exellent BMS control devices. If you are a glutton for punishment, you could go more discrete but I cannot imagine there are many good arguments for not using extremely well vetted controllers. Both companies also have excellent options for passive and active balancing. These devices will continue to work perfectly even if the controlling MCU is dead.

For current monitoring.....please integrate the shunt with the ADC circuit. Victron uses this architecture for their Smartshunt and it delivers enough performance that you can actually count on its energy accumulator data. TI has recently developed the INA228 which can be used as the basis for a very accurate energy monitor that is also rather simple in practical design - as long as it is very close to the shunt. It is a 20bit ADC and if you want to make use of that resolution, a tight design is needed.

The main controller should have com ports for cell monitoring, an optional balancer, charger input port controller, output switch port controller, shunt, temperature, heating pad controller, optional remote display, optional WiFi/BTLE connection, optional hardwire Ethernet. That way, you can configure something very basic all the way to ridiculous.

I am aligned in your idea. As MCU for comunication and so on I will use STM32 MCUs just because convenience. It is the brand I currently use at work. I have seen that LT and TI have the dominance currently on the market. As an example I am deciding how to implement the protection, harwared or software based. Hardware should be always the best but software I do not know if it is bad enough. In my experience I have never have problems with MCUs failing if code is simple and well done. Bugs can be the real problem.

For example for protection in thinking in software based:

https://www.ti.com/lit/ds/symlink/bq77216.pdf

Hardware based:

https://www.ti.com/lit/ds/symlink/bq76942.pdf

 

[Factory400]

I am aligned in your idea. As MCU for comunication and so on I will use STM32 MCUs just because convenience. It is the brand I currently use at work. I have seen that LT and TI have the dominance currently on the market. As an example I am deciding how to implement the protection, harwared or software based. Hardware should be always the best but software I do not know if it is bad enough. In my experience I have never have problems with MCUs failing if code is simple and well done. Bugs can be the real problem.

To be clear - I am not really worried about the MCU hard failing compared to how much I worry about some stupid bug in the firmware.

I have, however, had various customers blast external IO with either some bad voltage/current that damaged the system in a way that the MCU could not continue. I could go super crazy protecting every external connection from every imaginable failure, but it is easier for me to design the system so that the MCU has no impact on the safety critical functionality.

Firmware is another story. No matter how you slice it, the code always ends up with some weak points. You can use internal or external watchdogs for lockup recovery but that does not always catch some wierd corner case that the code is unable to handle. Again, IMHO - it is easier to just make the MCU less critical so that if something weird sneaks through - who cares?

 

[Pidjey]

What about the sense/balance leads?
I'm just talking about replacing the b- and p- high current path with 3 sets of switches with no voltage or current.


That is where we differ.


Yes but we are talking about the design of the bms.

As BMS is together with the battery, I do not want more than 2 cables coming from my battery+BMS.

Yes, we are talking about the desing of the BMS. I just want to say that in a whole solar system there are dozens of FETs in the power path and they don´t fail so failure I do not think is a reason. If scalability is the problem that can be solved with paralel FET modules.

 

[Factory400]

As BMS is together with the battery, I do not want more than 2 cables coming from my battery+BMS.

Yes, we are talking about the desing of the BMS. I just want to say that in a whole solar system there are dozens of FETs in the power path and they don´t fail so failure I do not think is a reason. If scalability is the problem that can be solved with paralel FET modules.

Totally.

 

[Pidjey]

To be clear - I am not really worried about the MCU hard failing compared to how much I worry about some stupid bug in the firmware.

I have, however, had various customers blast external IO with either some bad voltage/current that damaged the system in a way that the MCU could not continue. I could go super crazy protecting every external connection from every imaginable failure, but it is easier for me to design the system so that the MCU has no impact on the safety critical functionality.

Firmware is another story. No matter how you slice it, the code always ends up with some weak points. You can use internal or external watchdogs for lockup recovery but that does not always catch some wierd corner case that the code is unable to handle. Again, IMHO - it is easier to just make the MCU less critical so that if something weird sneaks through - who cares?

I agree with that. I work with biomedical applications (implants) where code MUST be safe. Even I think I can make the code with no bugs, I am a human and I can insert one. The problem also comes when adding more funcionalities like SoC calculation that can affect the protection code. For this reason I will go with hardware protection and leave the MCU for the fancy functionalities.

 

[John Frum]

If scalability is the problem that can be solved with paralel FET modules.

A bms without fets in the current path is a one size fits all device.

 

[Factory400]

A bms without fets in the current path is a one size fits all device.

I don't see the purpose of a BMS that cannot disconnect the battery - that is part of the 'MANAGEMENT' mandate implied in the the name - BMS

 

[John Frum]

I don't see the purpose of a BMS that cannot disconnect the battery - that is part of the 'MANAGEMENT' mandate implied in the the name - BMS

It uses remote switching to disable the charge and or discharge devices.
Its can also signal a shunt trip to disconnect the battery entirely.

Shunt Trips - Shunt Trip Circuit Breakers

A shunt trip is an optional accessory device that electricians and/or manufacturers install to a circuit breaker. This is known as a shunt trip circuit breaker. Some circuit breakers allow shunt trip kits to be installable in the field. Others require factory installation when ordering the...

www.relectric.com

 

[Pidjey]

A bms without fets in the current path is a one size fits all device.

I agree with you in some way. But, in my opinion, there is a common misconception in FET based BMSs. I think this is created from non-configurable fet BMSs. A BMS with mosfets rated for 100A doesn´t mean that you cannot use it for 3A. If it is not configurable you are forced to stay at 100A current limit but if you can cofigure it you can work with 3A limit.

In any case, I agree that it is easier to replace a relay, but in my opinion it is the only advantadge over FETs and I do not think it is enough.

 

[Factory400]

It uses remote switching to disable the charge and or discharge devices.
Its can also signal a shunt trip to disconnect the battery entirely.

Not sure what a 'shunt trip' is

In my earlier suggestion - I proposed a basic battery monitor that can have optional modules for the various advanced functionality connected.
Kinda like the basic idea of the Chargery system. The end user can choose their own adventure after that - relays, MOSFETs, whatever.

In the end - you will have something in the high-current path to interrupt the current flow. That is going to be a relay or MOSFETs.
I would never use a relay for that. High resistance, high-holding current, modest reliability compared to MOSFETs.

 

[John Frum]

Not sure what a 'shunt trip' is

I linked a description.

 

[John Frum]

I would never use a relay for that.

I would avoid it also.

 

[Factory400]

I linked a description.

For systems in the many hundreds of amps - those are HUGE and HEAVY and EXPENSIVE.

 

[Pidjey]

I just forgot to talk about balancing. I am not focusing in that. As I know that active balancing is not strictly necesary I like the concept. I am developing my own system based in a new approach. Currently I am just simulating it. Let´s see what happens. The easiest would be passive.

 

[Factory400]

I just forgot to talk about balancing. I am not focusing in that. As I know that active balancing is not strictly necesary I like the concept. I am developing my own system based in a new approach. Currently I am just simulating it. Let´s see what happens. The easiest would be passive.

The TI and LT monitors have integrated passive balancing with internal FETs and also support external FETs/dissipation elements for higher current.

They also have rather complete active balancing controllers for very efficient, high-current active balancing. A novel approach is up to you, but perhaps take a look at these so you have a baseline for what you can get off the shelf without the design cycle of something all-new.

 

[John Frum]

I just forgot to talk about balancing. I am not focusing in that. As I know that active balancing is not strictly necesary I like the concept. I am developing my own system based in a new approach. Currently I am just simulating it. Let´s see what happens. The easiest would be passive.

The big blue 280 amp hour prismatic cells require more balance current that many BMSs can muster. Especially if you draw them down into the low knee.
I'm putting 10 awg wires inplace of the sense/balance leads that run back to a terminal block so that I can use a dedicated active balancer occasionally without messing with joinery at the battery.
I can also use this terminal block to connect a capacity tester if a cell really drifts.