[c-nsp] Redundancy vs. Paranoia

Mike Bernico mbernico at illinois.net
Thu May 12 16:35:58 EDT 2005 

I tend to like redundant boxes, if only for the fact that I can pull one
down (very carefully) for maintenance during our maintenance windows
without breaking the entire network.  


The bigger question however is "how much redundancy is too much?"  As
others have already answered, it depends.   That being said, imagine a
graph with redundancy on the x axis and availability on the y.  As you
add redundancy availability should increase.  However, in the BEST CASE
there is a point of diminishing returns.  In many cases I've seen
networks where availability begins to actually decrease due to
complexity.  

I recently worked on a network that could trace every single failure it
had over the last two years to complexity.  This was an extreme case,
and involved 4 redundant boxes for every function and 8 paths upstream.
That being said, this network's uptime was undoubtedly negatively
impacted by too much redundancy.  You can address some of these
complexity issues with good change control and careful documentation,
but in the end their down time (in terms of MTBF, but especially MTTR)
will be reduced by simplicity.  

Redundancy is a good thing, but too much is bad.  The trick is knowing
when to quit.  :)

Mike



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of John Neiberger
Sent: Thursday, May 12, 2005 12:45 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Redundancy vs. Paranoia

I'm toying around with a handful of designs and I'm trying to get a
better feel for the level of redundancy that would be considered sane so
I thought I'd check here for some opinions. The designs in question
generally deal with 6500s, 7600s, and 7200s, and the goal is to design a
redundant routing and switching system with excellent failover
characteristics. However, things can quickly get out of hand and I think
they end up becoming more complex than necessary.

Here's one of the things I'm pondering: how do I decide which is
"better", a single 6513 with dual sups and dual power supplies or two
6513s? At what point do you jump from a single box to two boxes? Does it
make sense to even bother with making two separate boxes fully
redundant?

I've got a 6513 as a core switch (L3, native IOS) and a 7513 as our
core router for WAN and mainframe connectivity. Once our need for a CIP
goes away (within a year) I've been toying with the idea of replacing
the 7513 with two 7204VXRs. I need to terminate two DS3s and an ATM T1,
so that part of the design is fairly simple.

On the other side of the room I have a single 6513 with dual sups and
my boss wants to me consider getting an additional 6513 for redundancy,
and he wants them to be designed in such a way that they are both active
for various tasks. So, now I'm faced with having multiple 6513s and
multiple 7204VXRs.

A new idea that just occurred to me is that I could replace everything
with two 7609s that would house modules for WAN connectivity and
security, and have a fiber gig module that breaks out to some high
performance 48-port 10/100/1000 switches for our data center servers.
Those switches could have an uplink to each 7609 for redundancy. I just
started pondering this new design so I haven't really thought it
through, but it might be easier to implement initially, easier to
maintain in the long run, and it would actually be a simpler, more
elegant design, which I like.

Any thoughts? How much paranoia is too much? :)  And how much
redundancy is too much?

Thanks,
John
--
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list