背景知识:
A350采用了全新的航电系统设计:Integrated Modular Avionics (IMA). IMA 和传统航电的区别就像是冯诺依曼结构和之前的计算机结构之间的区别。传统航电某个硬件就对应某个功能,从大小、内部结构、I/O 等设计上可能都完全不同,航电之间也只能靠电缆连接,而且电缆的规格可能都不同。
IMA模块包括 The Core Processing Input/Output Modules (CPIOMs) 和 The Common Remote Data Concentrators (CRDCs)
CPIOM 相当于统一硬件规格,统一输入/输出(I/O)接口的通用计算机,不同的航电只是装在上面的软件。如果一个系统的软件比较复杂,占用资源较多,那可能就一个软件用一整个CPIOM,如果软件比较简单,可能就几个软件一起装在一个CPIOM上。因为是统一配置和 I/O,CPIOM之间的通讯也可以统一规格,非常方便实现 AFDX 高速数据网络。
如上面这些图所示,CPIOM就是电脑,一个CPIOM可以装多个系统的航电系统软件,同样的软件也可以装在不同的CPIOM中,作为冗余。CPIOM 有两类,H 和 J,H 类有3组,J类有4组,一共7组。每一组有一个或多个CPIOM,负责一个或多个飞机系统的航电。
几个警告:
很多系统有本地控制器,即硬件自带的控制器,另外还有在 CPIOM 上的控制软件(applications)。一般来说,本地控制器用于基础功能,控制软件用于高级功能。如果控制软件故障了,或者所在的 CPIOM 故障了,系统的基本功能仍然可以工作。
但在不正常程序中,由于命名和描述原因,有的地方很难分辨出到底是本地控制器还是 CPIOM 软件故障。下面以空调/增压/通风系统中的例子来说明。
1 AIR ENG 1(2) BLEED MONITORING + CTL FAULT 与 AIR ENG 1(2) BLEED FAULT 的区别
安装在 H43 和 H44 上的 Bleed Air System (EBAS) 如果故障了,相应发动机引气一些高级功能,比如监控、隔离。但引气仍然可以以降级模式工作,压力控制变成气动模式。
而 AIR ENG 1(2) BLEED FAULT 则是由于超温、超压、低压、系统控制故障、失去逆流保护等原因会导致失去发动机引气。发动机引气会自动关闭,如果没有关,ECAM 程序则要求机组关闭。这个就不是 CPIOM 软件问题了。
2 COND TEMP CTL FAULT 与空调系统章节提到的 pack controller 不是一个东西
这个警告的不工作系统中提到两部 pack controller 故障时,两部 PACK 只能提供固定温度。而在系统章节描述中,又提到如果 pack controller 故障,相关 PACK 就失去了。
空客在回复中解释说系统章节提到的 pack controller 是本地控制器,称为 Air System Control Unit (ASCU)。 而 COND TEMP CTL FAULT 警告中的 pack controller 是指 CPIOIM H41 和 H42 上安装的 Air Conditioning System(ACS)软件。ACS 能提供优化地温度控制,而 ASCU 则负责基本功能。至于都叫 pack controller,空客说“however, as both the ASCU and ACS are both pack controllers, we currently have no plans to revise the content.”我觉得这很敷衍,至少可以加个括号标注一下吧。
3 COND VENT CTL DEGRADED 也只是 CPIOM 中的软件故障
Ventilation control system (VCS) 是在 CPIOM H4 上的软件,所以就算故障也不是彻底失去通风功能,而只是 DEGRADED,失去一些高级功能,比如 Air Management, Cabin Air Recirculation, Compartment Air Extraction, Commercial Equipment Ventilation, Cabin Crew Rest Compartment ventilation and all monitoring.
以下是相关 TechRequest 原文,文中图片就不重复贴出了,可以参考上文:
Q: AIR ENG 1(2) BLEED MONITORING + CTL FAULT
"The monitoring and the control of the engine 1(2) bleed air system is failed due to the failure of both EBAS control channels of the affected side."
"The monitoring capability and the isolation capability of the engine bleed air system are lost on the affected side. The temperature regulation is degraded."
What is the EBAS control channel? There's no description on DSC section. However it only need crew awareness. Is both EBAS control channels failure equal to Bleed air system control failure? If yes, what's the difference between AIR ENG 1(2) BLEED MONITORING + CTL FAULT and AIR ENG 1(2) BLEED FAULT? And is "crew awareness" means this problem affect a little or there'll be other detail alerts?
A:
Airbus has carefully reviewed your query and we would like to provide you with the following information:
The Engine Bleed Air System (EBAS) supplies high-pressure air to the different systems in the aircraft.
The EBAS control channel helps control and monitor the bleed air system. One control channel is hosted in the CPIOM H43 or H44 and CRDC B05 or B02 and the other control channel is hosted in the associated Bleed and Overheat Monitoring Units (BOMUs). Refer to CSC A350 FCOM Aircraft Systems/36-Bleed Air/Overview.
When both EBAS control channels fail, the monitoring capability and the isolation capability of the engine bleed air system are lost on the affected side. This will cause the AIR ENG 1(2) BLEED FAULT also. However, these two ECAM alerts are not exactly the same as the AIR ENG 1(2) BLEED FAULT could be caused by other failures too. Refer to AIR ENG 1(2) BLEED FAULT.
As there is no actions to be completed in flight, the ECAM alert AIR ENG 1(2) BLEED MONITORING + CTL FAULT only requires “Crew Awareness”.
Q_2:
So when both control channels fail, AIR ENG 1(2) BLEED MONITORING + CTL FAULT & AIR ENG 1(2) BLEED FAULT both will be triggered. That seems AIR ENG 1(2) BLEED MONITORING is just like a additional reminder. Be it so, why not set it as a subtitle of AIR ENG 1(2) BLEED FAULT?
A_2:
Please disregard our answer to Q1 in TechRequest 80763456/003.
First of all, we confirm that when AIR ENG 1(2) BLEED MONITORING + CTL FAULT triggers the AIR ENG 1(2) BLEED FAULT does no trigger the AIR ENG 1(2) BLEED FAULT.
When the EBAS control channel fails the monitoring capability and the isolation capability of the engine bleed air system are lost on the affected side but the bleed is still available. In degraded mode, the pressure control is in pneumatic mode. This means that the HP valve operates in pneumatic mode and regulates the downstream bleed pressure but the bleed is still available.
The main difference is that with AIR ENG 1(2) BLEED FAULT there will be no bleed air from the affected side. However, for AIR ENG 1(2) BLEED MONITORING + CTL FAULT the monitoring and isolation capability is failed but the bleed can still be provided in pneumatic control pressure mode.
Q: COND TEMP CTL FAULT
The situation after pack controller failure is incionsistent with description of DSC section. Does "pack is lost" means totally fail?
A:
The packs are controlled by two local controllers called Air System Control Unit (ASCU). The interface to other aircraft systems is realized via a Gateway through the CPIOMs. So, the sentence "pack controller fails" in FCOM PACKS system description is linked to the ASCU. If an ASCU Fails, the associated pack is lost. In case both CPIOMs are lost ("all ACS applications"), the ASCUs do not receive information from other aircraft systems, but the packs remain operative (in a backup mode).
Q_2:
According to your explanation, "If both pack controllers are fialed" in procedure meas CPIOMS failure insdead of ASCU failure. I think it's a bit confusing to crew. Can it be described more precise?
A_2:
We would like to clarify that the ASCUs and their related CPIOM ACS applications control and monitor the packs. As the condition in the ECAM alert refers to the failure of the ACS applications part of the pack controller, the temperature control (PACKS 1+2 operate at FIXED TEMP) is lost but the packs remain operative. In the Aircraft Systems/21 – Air Conditioning/Air Condition Generation/Packs the sentence “In the event a pack controller fails, the associated pack is lost.” is the ASCU part that controls the pack. If the ASCU fails, the packs will be lost. We understand CSCs concern, however, as both the ASCU and ACS are both pack controllers, we currently have no plans to revise the content.
Q: COND VENT CTL DEGRADED
The triggering conditions: Both ventilation control systems are lost. Why does loss of both control systems only result CTL DEGRADED instead of FAULT?
A:
The ECAM alert COND VENT CTL DEGRADED is triggered if both CPIOMs, which are hosting the Ventilation Control System (VCS) application, are not operational or faulty OR both VCS applications have failed.
In this case the avionics ventilation, which is the most important function of the VCS, remains available in the default configuration. This is because no VCS software is needed to operate the avionics ventilation in the default configuration.
However, the function of the VCS is considered as DEGRADED because of a loss of Air Management, Cabin Air Recirculation, Compartment Air Extraction, Commercial Equipment Ventilation, Cabin Crew Rest Compartment ventilation and all monitoring. Apart from that, FWS and CDS indication is no longer available.