[aexaey]

Regarding first paragraph of the story (redundant pair or routers crashing at once), it worth mentioning one possible neat trick to avoid this: When having a redundant pair of devices (routers, etc.), make sure such pair is comprised of devices made by different vendors - thinking here being that if there is a bug that triggers router crash, it's unlikely that two different vendors would be vulnerable to the same one.

Or with a generous budget, you can do what BT have done with their 21CN project: For each macro-block (access, aggregation, core), have two redundant networks each one built by a different set of vendors.

[_yy]

No such thing as session synchronization for different vendors. You also need to configure everything for both of these vendors, which may or may not have equal feature sets.

[jerf]

It's hard to have independence without independence. You want separate, you're going to have to deal with separate.

[unethical_ban]

It's not about avoiding bugs or vendor vulns when you talk about HA in a network config. It's about hardware failures or individual crashes.

[_yy]

Yeah but no sane organization is going to do that. It would create so much headache.

[jerf]

A sane organization will do it if the benefits outweigh the risks. An organization with sufficient risks will chose it. Most won't, because the risks (specifically, hard cash) won't be outweighed by the benefits.

But that's incidental to what was my real point, which is that if you do want a separate network, it has to be separate. Tie your two "separate" networks together with integration and you're returning single-points-of-failure back into the mix. Granted, practicality may dictate a couple of those... integrated authentication comes to mind... but you don't want the two separate networks to be all slickly and smoothly integrated for the most part.

[jlgaddis]

Maybe for firewalls (synch'ing state), but for routers there's VRRP, at least.

[aexaey]

In the context of hosting/cloud network what would probably be load balancer / reverse proxy which has the most state/sessions. And incidentally, LBs are probably the piece of dedicated network iron most ripe to be replaced with a bunch of commodity servers and some software.

Regardless, statefulness is bad of course, and less of it you have, the better you are off - we've seen this time and again: share nothing arch[1], Amdahl's law[2], locks-vs-RCU[3], memorizing tcp flows-vs-IP header hash[4,5], etc... Being able to make decision on current packet/memory access here and now, independently, without having to keep track of other flows/connections/sessions/threads beats alternative approaches every time [6].

[1] https://en.wikipedia.org/wiki/Shared_nothing_architecture

[2] https://en.wikipedia.org/wiki/Amdahl's_law

[3] http://www.rdrop.com/users/paulmck/RCU/hart_ipdps06.pdf

[4] https://tools.ietf.org/html/rfc2992

[5] http://www.juniper.net/techpubs/en_US/junos13.2/topics/conce...

[6] Intel's heroic effort to maintain cache coherency at all cost is a notable exception, although opinions vary wildly on whether this is actually the best thing to do, and how long they will be able to sustain it.

[SFjulie1]

This topic is often discussed on nanog

The answers is the same as in software industry: Configuration management.

Plus it makes then harder to develop corporate cultures of deploying well known patterns that makes routers best used.

Plus it increases the surface of vulnerability for government backdoors.

In real life, there is a trend for going BSD box for cost/formation/stability/security reasons in the ISP world ... especially in non US countries that are getting kind of thinking the USA is becoming the new USSR in terms of systematic spying on every one.

These Europeans really don't get it, isn't it? They never were in the middle of cold war spying insanity where both power would puppet so called terrorists groups to make sure citizen would vote the right way under the fear.

What a bunch of stupid persons not believing that business companies are incorruptible and think they have incentive to betray them in exchange for gvt subsidies/regulations.