[c-nsp] Redundancy vs. Paranoia

Jessup, Toby Toby.Jessup at qwest.com
Thu May 12 15:11:40 EDT 2005 

I won't attempt to answer the subjective question "how much is enough"
since the answer is "it depends".

Regarding the WAN side of your question, it can be said that the highest
degree of system reliablility is achieved when redundant transmission
paths are highly diverse -- different equipment on both ends, different
locations, different provisioning of the transmission path, different
service provider products (when end-to-end redundant). And when
redundant WAN systems combine highly diverse transmission paths, the
paths tend to be unequal (different capacity, latency, etc.) and
balancing traffic loads becomes more complex or impossible.

Since adding complexity is counter-productive in a design that seeks
maximum reliability, attempting to precisely balance traffic loads
should not be a priority. No one at NASA ever discusses load balancing
on backup systems. A primary/standby secondary WAN design with highly
diverse provisioning is the most fault-tolerant WAN design possible (and
also recognize that such systems must be maintained, documented and
tested by staff).

So, just keep a clear view of your employer's business goals/budget in
the design process. If absolute system survivability is the goal (big
bucks), management should not also insist on cleverly load balancing WAN
links -- that would be irrational. A standby secondary service can be
inexpensive -- usage-based billing may be available on the standby
secondary access line service and use ACLs, whatever, to permit only
mission-critical traffic flows on the minimum-capacity backup path
during a failure. How often does an optically-provisioned (?) primary
service in an urban environment actually fail?

Toby Jessup 
Qwest Communications
National Technical Services
1600 Seventh Avenue, Room 1911
Seattle, WA 98191
(206) 224-5565

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of John Neiberger
Sent: Thursday, May 12, 2005 10:45 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Redundancy vs. Paranoia


I'm toying around with a handful of designs and I'm trying to get a
better feel for the level of redundancy that would be considered sane so
I thought I'd check here for some opinions. The designs in question
generally deal with 6500s, 7600s, and 7200s, and the goal is to design a
redundant routing and switching system with excellent failover
characteristics. However, things can quickly get out of hand and I think
they end up becoming more complex than necessary.

Here's one of the things I'm pondering: how do I decide which is
"better", a single 6513 with dual sups and dual power supplies or two
6513s? At what point do you jump from a single box to two boxes? Does it
make sense to even bother with making two separate boxes fully
redundant?

I've got a 6513 as a core switch (L3, native IOS) and a 7513 as our core
router for WAN and mainframe connectivity. Once our need for a CIP goes
away (within a year) I've been toying with the idea of replacing the
7513 with two 7204VXRs. I need to terminate two DS3s and an ATM T1, so
that part of the design is fairly simple.

On the other side of the room I have a single 6513 with dual sups and my
boss wants to me consider getting an additional 6513 for redundancy, and
he wants them to be designed in such a way that they are both active for
various tasks. So, now I'm faced with having multiple 6513s and multiple
7204VXRs.

A new idea that just occurred to me is that I could replace everything
with two 7609s that would house modules for WAN connectivity and
security, and have a fiber gig module that breaks out to some high
performance 48-port 10/100/1000 switches for our data center servers.
Those switches could have an uplink to each 7609 for redundancy. I just
started pondering this new design so I haven't really thought it
through, but it might be easier to implement initially, easier to
maintain in the long run, and it would actually be a simpler, more
elegant design, which I like.

Any thoughts? How much paranoia is too much? :)  And how much redundancy
is too much?

Thanks,
John
--
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list