>I have a client who needs "absolute" complete redundancy for their Internet
>service.
At one level, I will say that I discuss a great many options in
redundancy fromt he enterprise side in my book, "WAN Survival Guide."
But let me also quote from Chapter 7 of that book, and try to put
"absolute" in some perspective:
Extremely Fault Tolerant Networks
The US Minimum Essential Emergency Communications Network (MEECN)
originally was intended to operate for the key 20 minutes of a
massive nuclear exchange, and has evolved into a "warfighting" system
that can operate for a prolonged period. Even with extensive fault
tolerance features, continued operation of MEECN assumes multiple
mobile command posts (the user sites) and hardened or hidden weapons
sites. MEECN has multiple terrestrial, satellite, and radio
networks, one of which is one of the systems used to communicate with
ICBM silos. Does the following quote describe the environment under
which your enterprise network is expected to operate?
The below grade portion of the ICBM EHF system located in the Launch
Control Center (LCC) and/or the Launch Control Equipment Building
(LCEB) must survive and operate without damage/degradation or loss of
Emergency Action Message (EAM) reception commensurate with the above
grade portion of the EHF system including the Electromagnetic Pulse
(EMP) portion of a nuclear event anticipated for the ICBM weapon
system. The LCC and LCEB EMP environment is described in the
Minuteman Weapon System Specification, S-133-128C, Appendix III.
Nuclear survivability refers to the capability of the ICBM EHF system
to accomplish its mission in the face of hostile nuclear enviornments
resulting from an enemy attack.
The ICBM EHF system must operate throughout the "Near Neighbor"
nuclear environments and all induced High Altitude EMP (HEMP)
environments without damage degradation or loss of system parameters,
timing, keys, or ephemeris data. ICBM EHF system recovery shall be
accomplished without operator assistance and shall be no greater than
the loss of signal time specified for the Milstar system.
Operational Requirements Document (ORD): AFSPC 005-95B-I/II for the
ICBM Launch Control Centers
The hardest operational center acknowledged by the US is the North
American Air Defense Command (NORAD) headquarters inside Cheyenne
Mountain, Colorado. Its construction began in May 1961, and it went
into operational service on February 6, 1966, at a cost of $142.2
million (in 1966 dollars)
Figure 7-1: Entrance and Blast Doors to Cheyenne Mountain Operations Center
When this facility was built, nuclear-armed missiles were not nearly
as accurate as they are today, and Cheyenne Mountain actually had a
chance of surviving a limited nuclear attack. That is no longer the
case.
Audits have shown, however, that 80% of the 1994 operating cost of
Cheyenne Mountain, $152 million, is due to the mission, not the
facility. In other words, while there may not be the nuclear threat
that caused the facility to be built, there is no cost advantage to
moving its responsibilities to a more conventional building. The
cost of moving lines and antennas, however, would be high.
While your facility probably does not have the ruggedness of Cheyenne
Mountain, the First Law of Plumbing applies to many commercial data
centers: "If it don't leak, don't fix it." Build new facilities
when there is a real reason to do so. Military lessons also apply
to continuing to harden individual data centers. Just as the answer
to increasing missile accuracy was not to superharden fixed command
posts, but to go to mobile ones, there is a point of diminishing
returns in making individual data centers resistant to disasters.
Even if you make the data center totally resistant to earthquakes,
tornadoes, floods and rock concerts, the communications lines
connecting the center to its users may not be as resistant. Facility
diversity is often a far better idea than continuing to harden.
>
>I assume they should be using 2 separate links with different ISPs. What I
>don't have hands-on experience with is the physical connections and HSRP.
Have they considered how the local loops to the ISPs get diversely
routed so one backhoe doesn't get them? Power? Lighting? Air
conditioning? Staff getting to the facility during natural disasters?
>
>Will I connect both routers to the local switch and then configure HSRP
>between them?
>
>Any help would be greatly appreciated.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8421&t=8409
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
