[c-nsp] Redundancy vs. Paranoia

Hank Nussbacher hank at mail.iucc.ac.il
Fri May 13 00:21:34 EDT 2005


On Thu, 12 May 2005, John Neiberger wrote:

My motto is always KISS.  That goes here as well.  I would go for 6500s
with dual power supplies only for the LAN and 720XVXRs for the WAN in your
case.  Always best to seperate LAN and WAN function if possible.

I have been now buying Cisco products for well over 15 years now and for
the life of me I can't remember the time a power supply went or the
processing card went.  Therefore, I buy all my routers and switches with
single processors and usually single power supplies (a dual power supply
is really only needed if you have the ability to connect each power supply
to totally seperate power sources/utilities) and have never had failures
from those aspects.  With the extra budget one should buy more remote
management boxes like remote power on boxes and remote out of band console
boxes and anything else that makes life easier.

On the other hand - PA cards fail often as do VIPs.  I can't say anything
about Flexwans yet.  Our last major failure was screwy VIPs and PA-FEs.

As others have pointed out, failures don't come from your LAN.  They come
from many, many other areas whether they be backhoes or power blackouts.

And of course there is always the lying carrier.  We were supposed to have
two totally seperate STM1 international circuits, following different
paths, yada yada yada.  One day some power failure in Sicily knocked out
both lines at once.  The carrier was hoping that would never happen.  No
amount of dual SUPs or dual PSs would have saved our network.  I always go
for different carriers for each WAN line but this particular tender was
not for me to decide so we ate it for the day.

-Hank

> I'm toying around with a handful of designs and I'm trying to get a
> better feel for the level of redundancy that would be considered sane so
> I thought I'd check here for some opinions. The designs in question
> generally deal with 6500s, 7600s, and 7200s, and the goal is to design a
> redundant routing and switching system with excellent failover
> characteristics. However, things can quickly get out of hand and I think
> they end up becoming more complex than necessary.
>
> Here's one of the things I'm pondering: how do I decide which is
> "better", a single 6513 with dual sups and dual power supplies or two
> 6513s? At what point do you jump from a single box to two boxes? Does it
> make sense to even bother with making two separate boxes fully
> redundant?
>
> I've got a 6513 as a core switch (L3, native IOS) and a 7513 as our
> core router for WAN and mainframe connectivity. Once our need for a CIP
> goes away (within a year) I've been toying with the idea of replacing
> the 7513 with two 7204VXRs. I need to terminate two DS3s and an ATM T1,
> so that part of the design is fairly simple.
>
> On the other side of the room I have a single 6513 with dual sups and
> my boss wants to me consider getting an additional 6513 for redundancy,
> and he wants them to be designed in such a way that they are both active
> for various tasks. So, now I'm faced with having multiple 6513s and
> multiple 7204VXRs.
>
> A new idea that just occurred to me is that I could replace everything
> with two 7609s that would house modules for WAN connectivity and
> security, and have a fiber gig module that breaks out to some high
> performance 48-port 10/100/1000 switches for our data center servers.
> Those switches could have an uplink to each 7609 for redundancy. I just
> started pondering this new design so I haven't really thought it
> through, but it might be easier to implement initially, easier to
> maintain in the long run, and it would actually be a simpler, more
> elegant design, which I like.
>
> Any thoughts? How much paranoia is too much? :)  And how much
> redundancy is too much?
>
> Thanks,
> John
> --
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>  +++++++++++++++++++++++++++++++++++++++++++
>  This Mail Was Scanned By Mail-seCure System
>  at the Tel-Aviv University CC.
>


More information about the cisco-nsp mailing list