Home > Articles > Security > Network Security

  • Print
  • + Share This

The Tradeoffs

Typical of most network decisions, which dial backup methodology to use to implement link backup is not always a clear choice. Each approach has advantages and disadvantages, and whether a particular feature is an advantage or a disadvantage depends on the application. Some of the more critical tradeoffs include speed of response to failure, reliability of response to failure, call stability, testability, link performance, and ease of implementation.

  • Speed of Response to Failure: When properly configured, all three approaches respond immediately to a hard failure of the primary link. A soft failure triggers dialer watch or dial-on-demand routing as soon as the loss of connectivity is detected by the routing protocol running over the link. Cisco routers using dial-on-demand routing may see an addition delay of up to 60 seconds while waiting for the background update of floating static routes. On the other hand, if the link failure is not detected at the interface level, backup interface will never trigger the backup call.

  • Reliability of Response to Failure: Backup interface commands only respond to a link problem that the router can detect as a physical or link layer down on the interface. Any event that can trigger the backup interface commands will also immediately remove the associated destinations from the routing tables so that dialer watch or dial-on-demand will also respond correctly. Conversely, failures inside the WAN that are not reported by the physical or link layer protocols will not trigger backup interface, but when detected by the routing protocol will cause dialer watch or dial-on-demand routing to bring up the backup link. Note that none of the three will protect against the situation in which the primary link is good enough to support the exchange of routing protocol packets but not good enough to support production traffic.

  • Call Stability: Backup interface merely removes the dial link from standby state; it's up to the designer to ensure that the call will be dialed and redialed as required. Dial-on-demand routing requires interesting traffic to force dialing and keep the link up, so if there is insufficient traffic the link may drop when it should be up. On the other hand, dial-on-demand routing allows taking advantage of the cost savings possible by only activating the dial link when traffic actually requires it.

  • Testability: Testing the dial backup link when using backup interface can require going into configuration mode on the remote router, removing the backup interface command from the running configuration, verifying that the dial link comes up correctly, and then restoring all backup interface commands defined on the interface. This is not only a cumbersome procedure, but also a risky one from the viewpoint of security, as it requires the ability to reconfigure the router; only the integrity of the operator prevents adjusting other parameters. Testing backup interface by taking down the primary link and waiting for dial backup to restore communications, while effective, disrupts production traffic.

  • Testing the dial backup link when using dialer watch or dial-on-demand routing can be designed into the implementation so that only a simple ping command is required. If the ping succeeds, the dial backup link is functional and able to carry traffic when required. The tester doesn't require any privileges on the router, nor is production traffic affected while the testing is executedÑeven if the testing is automated and executed while the backup link is already in use carrying production traffic.

  • Link Performance: Backup interface has the advantage that the dial backup line can be used not only for backup, but also for bandwidth augmentation. The ability to use an ISDN line for additional bandwidth on demand is lost when using dialer watch or dial-on-demand routing. On the other hand, when using dialer watch or dial-on-demand routing, it's easier to use the same line to back up multiple primary links.

  • Ease of Implementation: Backup interface is trivial to implement, making it the choice where skills are not available to develop a complex configuration that works reliably. At the same time, its simplicity can mask the fact that the implementation is not fully functional. For example, backup interface users with frame relay links must configure end-to-end keepalives to avoid downtime due to many typical frame relay failures. Dial-on-demand routing is the most complex to implement reliably, particularly in environments where dialer watch should be used but isn't because of other constraints. All should be well within the skillset of a competent designer.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.