O Rings - A Second Look

[Stranger_On_A_Train]

scr4:

Can you explain this in a bit more detail? Is it the direction of movement and/or pressure that makes it unsuitable for an O-ring joint, or just the fact that there is movement at all?

This is going to be a little confusing without sketches, though here is a site that shows and discusses the issue WRT to the SRBs. (I don’t agree with his ultimate solution–IMHO, o-rings just aren’t a correct design for this application–but his basic details are correct.)

O-rings are intended to seal around a shaft, or in an inset channel like an O-ring Face Seal (ORFS) joint against a flat mating surface. In these applications, the pressure of the hydraulic fluid or gas trying to escape deforms the o-ring, stretching the normally circular or oval cross-section into a kind of a pointy “rugby ball” shape. (Some o-rings are epitrochoid in section but I haven’t seen any evidence that they’re actually superior.) This is what makes it an effective seal; the more pressure, the more the ring distorts, and the stronger its reaction up until it fails or degrades. However, in order to make an effective seal an o-ring must be compressed within a certain range; too little, and you don’t get enough axial pressure to make a good seal. Too much, and it can’t deform enough to stop leakage.

When you put an o-ring in a joint that sees bending across its axis (normal to the axis of the o-ring), then one side of the ring tends to be compressed less than the other. If that difference is enough (as it was with the Shuttle, owing to joint surface misalignment and bending actions during firing) then gas can leak past at that point, which not only allows the gas to escape but also causes the o-ring material to degrade (wear) if the gas is, as was the case with the SRB, hot and high pressure. Similarly, a torsional motion (about the joint axis) will distort and stretch the o-ring so that it has less “give” about its section, sort of like how your sock is much tighter if it gets twisted when you put it on. Again, this can lead to a lack of sealing and ultimate failure.

The problem with o-rings is that, while they’re self-reinforcing within their design parameters, once they get in an out-of-design condition they tend to fail rapidly and often dramatically. I recall in a former job having some valve blocks with an ORFS groove that was machined unevenly; repeatedly, when the hydraulic systems were subjected to max operating pressure (3000 psi) the joints would spray hydraulic fluid in increasing quantities until the o-ring parted and fluid just flowed out. And this was a non-catastrophic (if critical) joint.

There are a number of design solutions for an SRB-type motor that do not use o-rings; all, however, have the downside of being significantly more costly, somewhat heavier and more intenstive in fabrication and assembly time, and would require a nearly complete redesign of the SRB casing, including (probably) the casting molds for the propellent, which is a cost that nobody wanted to bear. (This was, in fact, the Morton Thiolkol argument against making any change to the joint design prior to Challenger’s demise.)

That being said, any “blank sheet” motor design is going to have its own unforseen problems and development setbacks. The joint redesign, while not ultimately remediating the root problem (IMHO), has reinforced and reconfigured the joint sufficiently that o-ring failure and problems stemming from that are significantly less risky. Given the age of the system and its short remaining deployment lifespan, it’s kind of like complaning about rattles in a Yugo; sure, the thing shakes and shudders at 56mph, but on the bright side, you’re only going to be able to drive if for two years.

Stranger

[Stranger_On_A_Train]

Here is a timeframe for the ongoing problems with the o-ring and joint design in the SRB. I believe the times and details are correct, but the comment

Jan., 28th, 1986 -

3. 11:40:15 am - the strut gives way, and the SRB pointed nose cone pierces the liquid fuel tank. The resulting explosion totally destroys the shuttle and crew.

is incorrect; although the Shuttle came apart into several pieces, the crew compartment remained essentially intact, and at least three of the astronauts activated their PEAPs (personal egress air pack) prior to impact with the ocean. (The astronauts were almost certainly killed by the force of impact.)

Stranger

[Hyperelastic]

To put the mechanics a bit simpler, O-rings are meant for applications in which there is very little tendency for the gap to open up. The walls of the joint must be relatively rigid. The trouble with the SRB joint is that the walls are not very rigid; the gap opens up a lot when the internal pressure in the motor ramps up. Plus, aerodynamic loads on the motors also affect the gap, and in the failed flight, those loads were the highest seen to date. When the gap opens, the O-ring has to have the resilience (and initial squeeze) to close the gap before bad things happen. The gap-opening issue is why Parker declined to assist Thiokol and NASA with the problem. As Feynman put it, Parker said that “the O-rings are not meant to be used in that way.” Parker was saying that if gap opening is driving your design, you are already in trouble.

That is not to say that the design is inherently flawed. The Air Force’s Titan solid motors had a similar joint design, although Titan had no secondary O-ring as in the Shuttle. Both designs had “lucky putty”. There was some controversy over whether the putty was good or bad; there was evidence that when gases blew through the putty, it would happen at a concentrated point and this could cause a localized failure of the primary seal. Some people wanted to eliminate the putty. Titan flew thousands of joints, before and after the Challenger disaster, with no O-ring failures. In my experience with both outfits, for complicated historical and sociological reaons, the Air Force was, and still is, more conservative about reliability than NASA, even though NASA’s missions are manned. So the Titan successes could have been due to more stringent launch temperature requirements.

There is an interesting minority opinion about the Shuttle disaster. On the Titan, the clevis points down, whereas on the Shuttle, it points up. Some think that the Shuttle design was more prone to collect water, which could turn to solid ice and interfere with the sealing of the joint. However, ice deposits themselves, as opposed to just the cold temperatures, were not cited in the final judgment of the Challenger accident board.

It looks like NASA’s new vehicles will be derived from the Shuttle SRBs. From a certain viewpoint, the SRBs are very reliable - only one failure in over 200 motors, which is pretty good, and there is an argument that even the Challenger failure would have been survivable had the escaping gases not breached the hydrogen tank. There is controversial analysis out there that suggests the Challenger could have actually made orbit with a failed SRB joint if the hydrogen tank hadn’t been breached. The new designs are a vertical stack, so a joint failure wouldn’t breach a fuel tank, and also, the astronauts could probably get out by firing an escape rocket.

Chuck Yeager, a good old Air Force operational veteran, was on the Challenger accident board. His contributions to the board’s work seem to consist of the single suggestion that the Shuttle simply not be flown in cold weather. It’s hard to argue with his logic, and because of Challenger, no NASA mission with segmented solids will ever fly again in cold weather. So using the SRBs as the basis for future launch vehicles does not bother me.

[DanBlather]

I always thought that having the SRB built in sections was a bad design. If I remember correctly, the reason it was done that was was because they needed to be shipped by rail (from Utah). Another vendor proposed building it in one section and shipping it by barge. Political pressures to spread the money around led to the disaster. This was combined with pressure to launch the shuttle (despite the cold weather) so that Reagan could speak with the astronauts by radio link during the State of the Union address.

[Stranger_On_A_Train]

DanBlather:

I always thought that having the SRB built in sections was a bad design. If I remember correctly, the reason it was done that was was because they needed to be shipped by rail (from Utah). Another vendor proposed building it in one section and shipping it by barge.

It is done for manufacturing reasons; the SRB is the largest solid rocket booster ever built–nearly twice the diameter of a Peacekeeper and considerably larger than the Minuteman, Trident, et cetera. The propellent has to be mixed and graduated in careful proportions, which would have been extremely difficult to do with a 150 ft long case that is 12 feet in diameter. Also, handling such an integrated motor and keeping it intact during transport would be very problematic and risky. Even if you could ship a fully integrated booster by barge, how would you get in on and off safely?

DanBlather:

Political pressures to spread the money around led to the disaster. This was combined with pressure to launch the shuttle (despite the cold weather) so that Reagan could speak with the astronauts by radio link during the State of the Union address.

I can’t absolutely refute this, but Feynman did a considerable amount of poking around on his own, quite seperate from the rest of the review board during the investigation of the Challenger disaster and concluded that there was no direct pressure from the White House to meet the launch date and no overriding internal pressures to launch; the problem of not addressing the known issue with the o-rings was an ongoing and longstanding one, not a result of transient political pressure.

Stranger

[Stranger_On_A_Train]

From here:

The SRBs are the largest solid rockets ever designed. They are 149 feet high and 12 feet in diameter. and produce 2.65 million pounds of thrust each at liftoff. Each SRB consists of four segments of solid propellant vertically stacked with a nose cone o n top. This nose cone contains the propellant igniter, electronic devices which interrelate with the orbiter, and parachutes for recovery at sea. A nozzle, located at the booster’s base has a 7º gimbaling capability to steer the STS during ascent.

Because this solid rocket is larger than any built previously, each SRB is made in segments. This allows better control of making a uniform mixture of propellant. This propellant contains by weight, 16% aluminum powder fuel, 70% ammonium perchlorate oxidizer, 12 % polybutadiene acrylic acid acrylonitrile which is a binding agent, 2% epoxy used for curing, and iron oxide to help control the burning rate. The mixture of these materials looks like a dense viscous plaster which is poured into a mold where it is dried (cured) for several days resulting in a material that looks and feels like a rubber eraser or hard putty. Each booster weighs 1.3 million pounds which is easily lifted from the pad by its 2.65 million pounds of thrust. The residual thrust lifts the orbiter and the ET as well.

Stranger

[Rick]

Stranger On A Train:

There are no o-rings inside your car engine. There are piston seals, which occasionally need to be replaced if your car is driven very hard or has sloppy tolerances, but these do not behave like o-rings and are made of babbit metal (cast iron or ductile steel), not elastomer. O-rings in hydraulic systems (with which I am most familiar) fail regularly but almost never in any catastrophic manner; it is indicated by slight leakage of hydraulic fluid.

Stranger

[nitpick]Actually on some engines there are o rings inside you engine to seal oil passages. On the car I have parked outside right now there are, let me see, 5 o-rings inside the sump for moving the oil around.
Oh and they are called rings, piston rings, not pistons seals, rings.[/nitpick]
Other than that great set of posts, thanks.

[David_Simmons]

DanBlather:

I always thought that having the SRB built in sections was a bad design. If I remember correctly, the reason it was done that was was because they needed to be shipped by rail (from Utah). Another vendor proposed building it in one section and shipping it by barge. Political pressures to spread the money around led to the disaster. This was combined with pressure to launch the shuttle (despite the cold weather) so that Reagan could speak with the astronauts by radio link during the State of the Union address.

As Stranger said, Feynam looked into this story about Reagan and couldn’t find any evidence for it so he put it aside as not proved.

Feynman was quite critical, verging on being wroth, with NASA and Thiokol managers. For example when they were asked about reliability of the Shuttle and the solid booster they gave numbers like .999. As Feynman pointed out, to demonstrate that reliability hundreds of consecutive tests without a failure would have to be conducted and no such test program had ever been conducted. They were just blowing smoke. Just as a data point, if you want to demonstrate 0.99 success rate at 99% confidence you must conduct 460 tests with no failures. And when you proudly announce a .99 sucess rate you will be wrong and the sucess rate will be less than that one time in every hundred such statements.

As another example. The booster O-rings were not supposed to erode at all in the design. However on some flights it was found that they eroded about 1/3 of the way through. NASA and Thiokol managers called this a factor of safety of 3. And they didn’t change their mode at all as a result of Challenger. Blocks of frozen insultation regularly fell off the liquid rocket during launch and struck the shuttle. They were lucky for quite a while in that none of the events resulted in failure. As a result they seemed to assume that none ever would cause damage.

[Stranger_On_A_Train]

David Simmons:

For example when they were asked about reliability of the Shuttle and the solid booster they gave numbers like .999. As Feynman pointed out, to demonstrate that reliability hundreds of consecutive tests without a failure would have to be conducted and no such test program had ever been conducted. They were just blowing smoke. Just as a data point, if you want to demonstrate 0.99 success rate at 99% confidence you must conduct 460 tests with no failures. And when you proudly announce a .99 sucess rate you will be wrong and the sucess rate will be less than that one time in every hundred such statements.

Actually, IIRC (my copy of What Do You Care What Other People Think having been purloined by some wanker I used to work with), Feynman was having one of his “loose gun” meetings with NASA engineers responsible for reliability assessments, and he asked all the engineers to submit (via ballot) what their estimate for catastrophic failure would be. Most came in somewhere between 1:300 and 1:1000 (all were just off the hip guestimates) but the manager of the group initially refused to provide an estimate, arguing that the problem was too complex for a simple answer, then relented and stated that the probability of success was “1-?”, ? then being (arbitrarially) defined as “1 in 100,000” (hence, 99.999% success). The engineers were agast, as there was absolutely nothing to justify this answer.

Obviously, NASA was not then, and was not later (and arguably is not now) making reasonable, reliable estimates on the chance of failure of a launch. With commercial boosters, 99% would be a phenomenal success rate, given the vast number of things that could possibly go wrong. Obviously, one wants the highest rate of success for a manned mission, but making improbabily high wild ass guesses doesn’t actually imrpove matters.

Stranger

[Hyperelastic]

David Simmons:

Feynman was quite critical, verging on being wroth, with NASA and Thiokol managers. For example when they were asked about reliability of the Shuttle and the solid booster they gave numbers like .999. As Feynman pointed out, to demonstrate that reliability hundreds of consecutive tests without a failure would have to be conducted and no such test program had ever been conducted. They were just blowing smoke. Just as a data point, if you want to demonstrate 0.99 success rate at 99% confidence you must conduct 460 tests with no failures. And when you proudly announce a .99 sucess rate you will be wrong and the sucess rate will be less than that one time in every hundred such statements.

Bayes’s method offers a cheaper route to estimating the probability of very rare failures. You assume a model (which parameters are relevant and how they functionally determine the reliability), then write down a subjective (although not arbitrary) prior distribution, then use Bayes’s Rule to calculate a posterior distribution from observed data, of which there may be only a few.

The problem with this method mainly lies in determining the model and the prior distribution. You can fool yourself in a number of ways here. The model and the prior can be checked to see if they truly reflect your prior beliefs, but in practice they rarely are.

Not that this method was followed by NASA. They were talking out of their asses.

[Joey_P]

TokyoPlayer:

At the time, a friend from school worked as a tech at the company which manufacturered the o-rings, and verified that this was the spec.

I have nothing useful to add, but IIRC, that would be Ladish (in Milwaukee, Wisconsin), just a few blocks from where I live and work.

[Hyperelastic]

Joey P:

I have nothing useful to add, but IIRC, that would be Ladish (in Milwaukee, Wisconsin), just a few blocks from where I live and work.

It was Parker. The O-ring division in Lexington, Kentucky.

[David_Simmons]

Hyperelastic:

Bayes’s method offers a cheaper route to estimating the probability of very rare failures. You assume a model (which parameters are relevant and how they functionally determine the reliability), then write down a subjective (although not arbitrary) prior distribution, then use Bayes’s Rule to calculate a posterior distribution from observed data, of which there may be only a few.

The problem with this method mainly lies in determining the model and the prior distribution. You can fool yourself in a number of ways here. The model and the prior can be checked to see if they truly reflect your prior beliefs, but in practice they rarely are.

Not that this method was followed by NASA. They were talking out of their asses.

And I believe that might be useful for checking whether or not parts are defective. When it comes to shuttle reliability the money saved in fewer tests for reliability might very well be paid out in tests to confirm the model and prior distribution.

[Joey_P]

Hyperelastic:

It was Parker. The O-ring division in Lexington, Kentucky.

ahh, upon doing about 30 seconds or research, I see that Ladish does indeed make parts for NASA, but assuming you correct (not that I have any reason not to), Parker must have made the O-ring in question. I had just always heard that Ladish made that part. Ladish does specialize in seemless o-rings so it’s an easy mix-up.

[Cartooniverse]

Joey P:

Ladish does specialize in seemless o-rings so it’s an easy mix-up.

Considering the catastrophe that ensued due to o-rings, one might be tempted to categorize them as unseemly rather than seemless.

[Joey_P]

Cartooniverse:

Considering the catastrophe that ensued due to o-rings, one might be tempted to categorize them as unseemly rather than seemless.

Hey now, it was 11:30 at NIGHT and I had just finished laying sod (it’s best to do that in the middle of the night, right), cut me some slack.