[c-nsp] Redundancy vs. Paranoia

Thu May 12 14:24:25 EDT 2005

> A new idea that just occurred to me is that I could replace 
> everything with two 7609s that would house modules for WAN 
> connectivity and security, and have a fiber gig module that 
> breaks out to some high performance 48-port 10/100/1000 
> switches for our data center servers.
> Those switches could have an uplink to each 7609 for 
> redundancy. I just started pondering this new design so I 
> haven't really thought it through, but it might be easier to 
> implement initially, easier to maintain in the long run, and 
> it would actually be a simpler, more elegant design, which I like.
> 

If you're doing this, you need to think about your customer model and your
SLAs. For example, if you go with dual 7609s with single Sups, you should
really be thinking about offering all customers connections to both chassis
if this is a data center model. If you're offering customers connection to
both chassis, this could affect your costing for customer connections and
the products you deploy. If this is metro ethernet aggregation then that
becomes more of a problem as you're then thinking about deploying dual
circuits to each customer which will obviously be a much larger cost.

Furthermore, if your SLAs are four hours and you follow the single Sup
model, could you really get to your data center and have a Sup replaced in
four hours? If you have people on site and a spare Sup and reliable backup
configs this is entirely possible, but if you have weak links in this chain
then you're looking at growing your SLA, which might affect your potential
sales.

As far as resiliency goes, if your customer base are looking for high
performance and good SLAs, I'd take as much as your budget is going to
reasonably allow for data center stuff. That means dual Sups and dual
chassis, and I'd definitely think about making sure all services have dual
connections. I just looked at your domain now and guess you're not providing
customer services? If you're not running data center services for customers,
and have reasonable control over the end hosts/services, and can make sure
that they have reliable failover through routing protocols, HSRP, or other
methods, then you might be able to get away without the dual Sups if you can
make sure all services are provisioned across both chassis and this failover
works.

I'm also still a big believer in keeping your core services separate from
the edge - this becomes less of a problem now there is line rate forwarding
in most places, but you don't want a DoS or other similar attack affecting
one of your core devices affecting your customer edge. If your traffic
follows the 80:20 (80% local, 20% WAN) model, you definitely want to do this
to protect your 80% from being killed by the 20% in an attack. If you're
closer to 20:80, you might decide you don't need to bother as in the event
of an attack you're going to lose your WAN and effectively everything
anyway. At this point I would be considering dual WAN links aswell and
resiliency for these routers :-)

In other words, you should be thinking about the level of control you have
over the edge services/customers/provisioning of these services, the SLA
level you intend to provide, the flow of traffic within your network, the
reliability of the failover at the edge to make this decision, and your
business model, and I would say it's entirely subjective based on these
factors.

Cheers,
Chris.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.859 / Virus Database: 585 - Release Date: 14/02/2005