Redundancy

What is redundancy in network design?

The reality is that everything can fail:

• Cable breakages
• IT hardware malfunctions
• Software errors
• Power outages
• Natural disasters
• Human errors such as incorrect maintenance or the misconfiguration of network equipment and
• Malicious electronic attacks.

All these factors can cause communication network failures and majorly disrupt business services.

It is your job as the network designer to build a resilient network. One of the techniques used in building a resilient network or a self-recovery network that can withstand such failures is redundancy.

In this topic you will learn:

1. What redundancy is in networking, and why we have it in network design.
2. How to build a resilient network through redundancy.
3. How to identify and eliminate a single point of failure through redundancy.
4. Examples of redundancy in network topology.

As businesses become more dependent on networks, the consequences of network failures increase and the need to make the network resilient to failures grows as well. This has led to interest in the design of resilient networks, which are able to survive failures.

Network redundancy is a process through which redundant or additional instances (physical or virtual) of network devices, utilities and equipment are installed within network infrastructure and other elements such as back-up generators, or alternate cooling circuits are brought in to support the smooth operation of the network.

A redundant network duplicates critical elements and devices that keep the network running, so that if one path fails, another can be used. Ultimately, this means you have a backup if your primary system or hardware fails.

In most cases of a network outage or performance issue, the fault lies in the design of redundancy and resiliency.

Redundancy is one of the techniques used in achieving and maintaining a high-level of enterprise network uptime which is also known as the “five-nines availability. Five-nines availability is the 99.999%, that is “the percentage of time a network component or service is accessible to a user in a given period, usually defined as a year.’¹³

Consider the following example of network redundancy in Diagram 1. What network redundancy can you identify?¹⁴

^{Diagram 1: Network redundancy
Network Redundancy. By Bachmann Electronic. All rights reserved.}

Diagram 1 shows that the network design includes duplicate cables, stations, and routes. Therefore, even in the case of an error, no data packets to the receiving stations are lost, single failure on the transmission no longer have the effect of disrupting communication.

Activity - Network Design Example

Consider the two network design examples in Diagram 2 and Diagram 3.

Can you tell which of the two network designs would achieve redundancy and resiliency?

Explain your answer. Remember our design goal is not to only build a redundant network but also a resilient one!

^{Diagram 3: Understanding Redundancy vs Resiliency: Physical Design - Part 1. By Vology Archive. Jim Schraeder. YouTube}

One of the primary concepts to understand when considering adding redundancy to increase resilience in a network design is the crucial single point of failure.

Consider Diagram 4, an example of ineffective network architecture:

^{Diagram 4: Ineffective network architecture
Resilient Network Design Concepts. By Mark Tinka.}

In Diagram 4, if the central switch becomes faulty, it is the single point of failure and network communication will break down. The network's performance will be dependent entirely on the central switch because of the network design's single collision domain, lack of backup, and single security domain.

^{Diagram 5: Redundancy with a single point of failure
Computer Networking Problems and Solutions. By Russ White and Ethan Banks. Copyright (O’Reilly )ebook}

Consider another example of network architecture in Diagram 5. From the perspective of A and G, the network has two redundant paths. However, there is still a single point of failure at D (the centre of the network). Clearly, if D fails, communication between A and G will break down.

Note: Go back to Figure 1 and 2, reattempt the question.

Activity - Network Design Example

Consider the two network design examples in Diagram 4 and Diagram 5.

Can you tell which of the two network designs would achieve redundancy and resiliency?

Explain your answer.

^{Diagram 6: Increasing resilience through a redundant path
Computer Networking Problems and Solutions. By Russ White and Ethan Banks. Copyright (O’Reilly )ebook}

In Diagram 6, we now have two parallel paths through the network, one path through BE (A->B->E->G) and a second path through CF (A->C->F->G). The chance of both links failing at the same time is low, but this is still a possibility. If you have two paths connected in parallel, each with a total downtime of one second, then the combined total downtime is likely to be half the probable downtime of either link. The combined downtime of both links should be around 500 milliseconds or 0.5 seconds. Adding another parallel link will halve the downtime again to 250 milliseconds. As the downtime decreases, availability increases.

You cannot build a resilient network by increasing the number of parallel links. Each link added in parallel also increases the complexity of the network from the perspective of the control plane. Real resilience must be built into the entire network and the entire stack. Each part of the network system plays its own role, from applications to control planes to redundant links.

^{Diagram 7: Multiple subnetworks with redundancies in link, distribution, and access layers
Resilient Network Design Concepts. By Mark Tinka.}

Diagram 7 shows multiple redundancies at different layers of the network with multiple subnetworks. At the core of the distribution layer, redundant routers were added, and multiple paths were provided to each from the lower layer.

Consequently, redundancy can be applied at the component level, the server level, the network link and the data path level. For component redundancy, it needs to involve the duplication or the back up of parts like power supplies, processor, fans and so on.

Server redundancy involves the protection of data with backups, the use of hot standby servers and the use of load balancers. The network links/data path redundancy method involves provisioning physical redundant connections between network devices and allowing for hot backup paths and parallelism (routing).

What to consider in network redundancy design

^{Diagram 8: What to consider in network redundancy design
How to build a resilient network design. By John Cavanaugh. All Rights Reserved, Copyright 2000 - 2022, TechTarget}

Diagram 8 shows the different network components to consider in network redundancy design.

Understanding and addressing what can be mitigated is important, but also having a strategy in place for the items that cannot be mitigated.

Before we start planning high availability, we need to ensure that there is an actual business problem to solve.

The first step in developing a strategy for high availability is to understand what impact a network outage of various systems would have on our ability to do business. The question of “How much network availability do I need?” is kind of like asking how long a piece of string is - it completely depends on the impact the network outage would have on your business.

Multi-homing and First Hop Redundancy Protocol (FHRP)

Let us now consider common network design and management techniques that can be applied upstream by end users to take advantage of network design redundancy. We will first describe ‘homed’ networks with some examples, followed by First Hop Redundancy Protocol (FHRP).

‘Homed (Single-homed, dual-homed, or multi-homed) network design topologies generally describe how end-users can connect (using Border Gateway Protocol (BGP)) to one or more Internet Service Providers (ISPs).’¹⁵

Single Homed Network

^{Diagram 9: Single-homed network design
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

Diagram 9 describes a single-homed network where only one connection exists between the user and the ISP. Since there is just one exit path in the network design, BGP (Board Gateway Protocol) is not necessary. You can also use just a default static route pointing to the ISP.

The advantage of a single-homed connection is that it is inexpensive, the disadvantage is that you do not have redundancy. The link is a single point of failure (Any breakage in the link will cause disruption in the whole connection), but so is using a single ISP.

Dual-Homed Network

The dual homed connection adds some redundancy to the network design.

In Diagram 10, the end-user is still only connected to a single ISP but uses two links instead of one.

^{Diagram 10: Dual-homed topology with single routers on both ends
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

^{Diagram 11: A Dual-homed topology with two routers on the ISP side
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

There are different variations for dual homed network design. In Diagram 11, the ISP has a second router. It is also possible to have a second router on the end-user’s side and a single router at the ISP. For even more redundancy, add a second router at both sides. Diagram 12 offers more redundancy compared to Diagram 10 and 11’s topologies.

^{Diagram 12: A Dual-homed topology with two routers on both sides
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

In Diagram 12, two links and two routers were added on both ends. One disadvantage of this design is that only a single ISP is still being used.

Multi-Homed Network Topology

Multi-homed network connection involves connection to more than one ISP at the same time; hence at least two different ISPs need to be involved for a multi-homed network connection.

A multi-homed topology can also be single or dual. For single multi-homed network design, only a single link exists between any of the ISPs. Diagrams 13 and 14 are examples of a Single Multi-Homed Network. Both networks use two different ISPs.

^{Diagram 13}

^{Diagram 14
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

Diagrams 15, 16 and 17 are all dual-multi-homed network topologies. They all involve multiple ISPs and redundant paths between the end user and each ISP.

^{Diagram 15
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

With Diagram 15, even though there are redundant ISPs and links, the router at the user’s end is still a single point of failure. This can be improved by adding a second router as in Diagrams 16 and 17.

^{Diagram 16}

^{Diagram 17
Single/Dual Homed and Multi-homed Designs. By networklessons.com © 2013 - 2022 NetworkLessons.com}

In general, multi-homing nodes help minimise or remove single link failure.

So far, you have learnt how to build redundancy and high availability in your network design. The question is, how can end-users take advantage of these?

Check out the following video on ISP redundancy.

You are already providing more than one router for a segment so that if one of the routers fails, the other will continue to provide services to the segment. Now, you want to provide users with a way to move their traffic from one default gateway to another.

Every host connected to the organisation's network requires a router, which acts as the host's default gateway when connecting to the Internet. But what happens if the gateway router goes offline, or the configuration changes the default gateway IP? The users inside the organisation will have a longer service outage or downtime if the gateway router is replaced. This is not an effective way to deal with this issue.

Many protocols can be used to prevent this type of single point of failure in a network. One of these protocols is the First Hop Redundancy Protocol (FHRP).

It is a hop redundancy protocol designed to provide redundancy to the gateway router within the organisation’s network by using a virtual IP address and virtual MAC address.

FHRP presents a virtual default gateway to the organisation’s network to provide near to 100% network uptime.

To implement FHRP, two or more routers must be used as the gateway router. One router will be used as an active router (gateway router), and the other router will be standby router. If the active router goes offline, the standby router will take its place to be the gateway router for all the hosts. You can see these network design differences in FHRP in Diagrams 18 and 19.

^{Diagram 18: Network design without FRHP
First Hop Redundancy Protocol (FHRP). ©2022 Cisco Systems, Inc. Cisco.com}

^{Diagram 19: Network design with FHRP implemented}

Depending on the needs or requirements of the user, there are various FHRP implementations available on Cisco equipment, including:

• Hot Standby Router Protocol (HSRP)
• Virtual Router Redundancy Protocol (VRRP)
• Gateway Load Balancing Protocol (GLBP).

Hot Standby Router Protocol (HSRP- RFC 2281)

A large group (cluster) of routers known as the standby group or HSRP group are used in the Cisco-exclusive router redundancy technique known as HSRP. This presents the illusion of a single virtual router to a host. All the routers within the cluster will have the same virtual IP address and virtual MAC address.

The two Hot Standby Router Protocol (HSRP) could be in any of the following states at any point of time:

• Active Router– the router that actively sends and receives a packet to the host within the organisation. It is the default gateway router. Only one active router will be selected among the cluster of routers. If the active router fails, a single router is elected from the standby group to take over as the active router. These changes will not affect the hosts. The hosts keep the same IP and MAC address settings.
  
  HSRP active and standby routers send periodic HSRP messages once the election process has been completed.
• Standby Router– the router/s that are on standby in case the incumbent active router goes offline, among the standby router will be chosen as the active route.

Some features of HSRP:

• HSRP uses both active and standby routers to make a failover seamless in the network, thus providing better redundancy.
• HSRP uses the numerically highest IPv4 address as the active router to determine the active and standby router.
• HSRP also uses the “HSRP priority” option to determine the active router for better control of the election process. The router configured with the highest priority value is elected as the active router. If all routers have equal priorities, the router with the highest numerical IP address will be elected as the active router.

^{Diagram 21: Simple network configuration using HSRP
Resilient Network Design Concepts. By Mark Tinka.}

Router 1:

• interface ethernet 0/0
• ip address 169.223.10.1.255.255.0
• standby 10 ip 169.223.10.254

Router 2:

• interface ethernet 0/0
• ip address 169.223.10.2.255.255.255.0
• standby 10 priority 150 pre-empt delay 10
• standby 10 ip 169.223.10.254
• standby 10 track serial 0 60

Virtual Router Redundancy Protocol (VRRP)

Virtual Router Redundancy Protocol (VRRP), is a vendor-neutral redundancy protocol that groups a cluster of physical routers (two or more routers) to produce a new single virtual router.

VRRP enables redundancy by assigning the same virtual gateway IP address and MAC address on all physical routers within the VRRP group.

VRRP is very similar and almost has the same concept as HSRP. The only difference is that pre-emption is enabled by default on VRRP, while on HSRP, it needs to be configured manually.

The two states of Virtual Router Redundancy Protocol (VRRP) are:

• Master Router– the current default gateway of all the hosts within the organisation. It is actively sending and receiving packets to the hosts.
• Backup Router – The backup router will take the role of the master router during the failover or when the master router goes offline.

Gateway Load Balancing Protocol (GLBP)

In GLBP, all routers in the GLBP group share the same virtual IP address but use different MAC addresses with all the virtual routers participating in the forwarding of packets.

As compared to HSRP and VRRP, GLBP is a bit different. With GLBP, routers within the group are allowed to do load balancing. All the traffic transmitted to the default gateway IP address will be load-balanced one at a time or in a round-robin manner among the routers within the group. GLBP has the same state as HSRP, called active and standby. The mechanism of GLBP’s active and standby state is the same as HSRP’s active and standby state.

^{Diagram 22: GLBP
Name of website. Name of author C Copyright.}

On a final note: All these redundancies will be futile if you do not test or monitor your network architecture proactively.

Activity - Configure HSRP

Use Cisco Packet Tracer software to configure HSRP.

Share your answers in the forum. Discuss and comment with your peers.