sprucegum
New Member
I'm a bit confused why there's a universal recommendation for an LVD in a LFP bank with a BMS. The only argument I hear repeated over and over is in the form of a truism: "your BMS *should* be the last resort for protection."
But, what exactly is the technical reason for this? As far as I can see, there's little difference between the often suggested Victron Battery Protect (microcontroller with FET-based switches) and a good quality BMS (also a microcontroller with FET-based switches) in terms of the nature of how or why they might fail.
On these forums and elsewhere, I often hear it argued not to trust FETs on a BMS -- with recommendations to oversize "cheap" BMSs (with no specification whether this includes the popular "high quality" BMSs the community recommends like JBD/Overkill and JK). At some point, after oversizing the BMS by 125-200%, setting your voltage cutoffs in a super-conservative range and every other conservative practice you can think up, it seems it should be okay to then RELY on using the equipment to do what it was designed to do. No one is saying to oversize the Victron BP by 125-200%, so I'm confused about the patterns of trust and distrust. If these BMSs are really awfully unreliable, why use them or recommend them? Or, if there's higher quality BMS options, why not put your money there instead of into redundancy?
Then there's the weird loophole created for certain other solutions: I have heard it argued that BMS's that simply signal the inverter, LVD or SCC to turn off in over/under voltage situations are completely acceptable (or even preferred in terms of safety). Yet, in this instance there is only one point of failure, not two, and it's still the same technology: an Electrodacus SBMS0 simply off-loads it's critical LVD responsibility onto a Victron BatteryProtect on the argument that putting FETs in the BMS is not reliable. Does anyone else find this to be a huge contradiction?
It seems to me that safety devices can be a bit of a slippery slope. Unless each one is different in *nature*, I personally think that including multiple points of failure adds to system complexity. All else equal, complexity is often not a good thing for safety. Seems to me you should first design the system so it's very unlikely to need a safety, then rely on one well-made safety device and minimize complexity. Particularly when the only danger in this case is loss of equipment, not a fire or other human-safety risk.
So what am I missing? If the BMS should be the "last resort", why not have a third or fourth protection device?
But, what exactly is the technical reason for this? As far as I can see, there's little difference between the often suggested Victron Battery Protect (microcontroller with FET-based switches) and a good quality BMS (also a microcontroller with FET-based switches) in terms of the nature of how or why they might fail.
On these forums and elsewhere, I often hear it argued not to trust FETs on a BMS -- with recommendations to oversize "cheap" BMSs (with no specification whether this includes the popular "high quality" BMSs the community recommends like JBD/Overkill and JK). At some point, after oversizing the BMS by 125-200%, setting your voltage cutoffs in a super-conservative range and every other conservative practice you can think up, it seems it should be okay to then RELY on using the equipment to do what it was designed to do. No one is saying to oversize the Victron BP by 125-200%, so I'm confused about the patterns of trust and distrust. If these BMSs are really awfully unreliable, why use them or recommend them? Or, if there's higher quality BMS options, why not put your money there instead of into redundancy?
Then there's the weird loophole created for certain other solutions: I have heard it argued that BMS's that simply signal the inverter, LVD or SCC to turn off in over/under voltage situations are completely acceptable (or even preferred in terms of safety). Yet, in this instance there is only one point of failure, not two, and it's still the same technology: an Electrodacus SBMS0 simply off-loads it's critical LVD responsibility onto a Victron BatteryProtect on the argument that putting FETs in the BMS is not reliable. Does anyone else find this to be a huge contradiction?
It seems to me that safety devices can be a bit of a slippery slope. Unless each one is different in *nature*, I personally think that including multiple points of failure adds to system complexity. All else equal, complexity is often not a good thing for safety. Seems to me you should first design the system so it's very unlikely to need a safety, then rely on one well-made safety device and minimize complexity. Particularly when the only danger in this case is loss of equipment, not a fire or other human-safety risk.
So what am I missing? If the BMS should be the "last resort", why not have a third or fourth protection device?