The distribution network is hierarchical. Router dist3 is located as an access POP, which services fewer customers, and therefore is not a resilient design.
The backbone/distribution/access hierarchy can be bypassed to achieve lower delays at the expense of reliability. Customer 4 may connect directly to router core2.sfo. However, if core2.sfo fails—albeit a rare event—customer 4 is effectively cut off from the network. Alternatively, customer 4 may have a backup connection via dist3.sfo.
This arrangement is satisfactory, provided that it does not confuse the role of each router. For example, directly connecting customer routers to the core router indicates that they may have to perform dial-up authentication, packet and router filtering, and packet classification. Not only will this occupy precious switching cycles on the core router, but it also could mean running a larger and possibly less reliable software image.
Other possible failure modes include the following:
All intra-network traffic is routed through core2. All traffic to other ISPs is also routed through core2, presumably to another NAP connected to a backbone router elsewhere in the network.
Traffic destined for a remote distribution network is switched through ds2, as is traffic destined for other locations in the local distribution network.
Customer 2 is re-routed through Dist2.
Customer 3 is cut off.
It is worth noting that any resilience at Layer 3 results in routing complexity. This is examined in detail in Part II. As a matter of policy, the network service provider may choose not to allow customers to connect to core routers or even to dual distribution routers.
However, in the enterprise environment, reliability affects user satisfaction. In the commercial environment, this may affect their choice of provider. Policy that simplifies engineering must be carefully balanced against customer requirements.
Policy also must be balanced against the risk of human error. A resilient routing environment might be more reliable in theory, but in practice it might have a greater risk of human configuration error, and possibly algorithmic or vendor implementation flaws.
Was this article helpful?