Redundancy is building a bridge and an identical one immediately next to it



  • As I’m sure many people will agree, redundancy isn’t a goal. It’s a tool to be used to improve the overall performance of whatever system you’re looking to protect from failure. The biggest technology companies in the world have uptime requirements that are staggering to the rest of the world.

    Systems that if they go offline, people die, entire economies disappear, governments crumble. So, what do these types of systems require to ensure that these things don’t occur, what tool exists that provides protection against the above? Redundancy.

    Redundancy is a tool to be used in cases of life and death, to ensure extreme losses don’t occur, to ensure economies don’t disappear. Redundancy is the inclusion of extra components that are not strictly necessary to functioning, in case of failure in other components.

    Meaning that those extra components are planned to be used only in the event of a failure.

    To provide an example think of a bridge in your home town or area, by itself its important, even critical to the way of life and people in the area that use it. Redundancy is building an exact copy of that bridge, but not allowing anyone to use it unless the first bridge collapses.

    The redundant bridge cost the same as the original, it looks the same as the original, it would perform the same function as the original. But it remains unused, until there is an emergency.

    So, what does the second, identical bridge provide you? Well for one, you spent twice as much to build two bridges. It’s not helping to relieve traffic problems since you’ve designed it that only one bridge can be used at a time. It’s not improving the area aesthetically. Is there really any value in the second bridge? If I had to pay for the second bridge, I’d certainly be hard pressed to find any value in two, when one works well enough.

    So, if a single bridge is good enough, why wouldn’t a single server, switch, firewall, ISP be good enough for most cases?
    I’ve yet to have a conversation that has explained why a second bridge is required, and how it would be beneficial.

    From my point of view a second bridge is just costlier, more to maintain, and overall just more complex for no gain.

    Can redundancy be a tool to achieve better reliability? Sure. If there was a wreck on the first bridge that stopped traffic from flowing, you’d route all traffic to the backup bridge. The question is, how likely is that to occur and how often. Does the occurrence of wrecks on the bridge cause enough financial loss to the area that a second identical bridge would be worthwhile? Likely not. You’d sooner just move the wreckage and get traffic flowing again. Or in less obscure word, you’d fix the problem to get traffic flowing again.



  • I agree, and that is a good argument. @scottalanmiller convinced me of a similar idea when we discussed my project before I settled on buying a single new host. Here is something to add. If you have two bridges, it's probably likely that you could make the first bridge more reliable for less than the cost of the second bridge. So one strong bridge may be better than two average bridges. It is probably also a good idea to plan ahead and factor in the cost of a a ferry service that could be used in an emergency while the primary bridge was being repaired or replaced. So far this analogy works and has real work equivalents. This is also the reason I decided against HA, as putting my resources into a great backup solution will get me ahead in the long run.



  • @Donahue Those are all great points.



  • What is interesting about this topic of redundancy is that often, people will say "if we have a second one, we can make sure the system still works".

    And this on the face of it, generally is true. The cars can be moved to the other bridge. But the bridge still collapsed, people died and their families are mourning.

    And you're still out all of the extra money and time to have built that redundant bridge. When as @Donahue has mentioned, alternative plans could've been made, use ferries, helicopters or any other means of transit to get a car from A to B, even use the existing road. Regardless if it "takes so much longer".

    The alternative options are just that, they are there, can still always be used even if the Bridge is in service. And likely cost substantially less than what the redundant bridge did.



  • a good point that SAM mentioned to me, If you start with redundancy, you are committing the cost up front in the (most likely) unlikely event of a failure. But even if the backup strategy costs the same, you only incur those costs when you actually have that emergency.



  • On a real redundant system the second bridge is not unused. You have to use the second bridge so that you know it works if you need it.

    Preferably the second bridge would also be built by another contractor and using a different design to protect from design failures and problems with materials from the same batch.

    Redundancy is just about improving the odds.

    As humans we have a lot of redundancy, like two lungs, two ears, two hands etc. But we have only one heart. That's got to be a design failure if nothing else.



  • @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    As humans we have a lot of redundancy, like two lungs, two ears, two hands etc. But we have only one heart. That's got to be a design failure if nothing else.

    Not necessarily. Like evolutionary scientists always say... everything comes at a cost. Having two hearts means higher energy usage and organic material (cost.) Humans with two hearts might be less able to survive than humans with one heart. Having two hearts might have problems like dual controllers SANs do... imagine if the electrical signals from one heart caused the other to misfire sometimes. Or if the second heart was so "expensive" that it caused the species to go extinct because during times of stress that we starved to death. Or that the second heart sometimes fired when it wasn't supposed to causing brain hemorrhages from which we often died. Or what if simply a second heart tended to fail with the first one, due to shared environmental conditions.

    Very few living things acquired two hearts. If intelligent design, we have to believe that it was intelligent to know it was a bad idea. If evolutionary, we have to believe that nature selected the single engine model as more reliable.

    Hands, ears, eyes... these are not redundant parts. They are systems that use both and need both for full functionality. That's not redundancy. If those things fail, we can survive with only one. But we are far less capable. We lose depth perception, lifting power, ability to manipulate things, etc. Even lungs, having two is needed for normal capacity. Lose one, and you struggle quite a bit. Especially when you are sick.



  • @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    On a real redundant system the second bridge is not unused. You have to use the second bridge so that you know it works if you need it.

    This isn't redundancy, this is testing your backup. IE: Let see if we can get the cars from A to B using this second bridge.

    Nothing about cars getting from A to B needs to be nearly as quick or practical as the original bridge. The cars just need to get from A to B.

    Preferably the second bridge would also be built by another contractor and using a different design to protect from design failures and problems with materials from the same batch.

    The practicality of hiring two design firms to each build a single bridge, right next to each other, and make sure both bridges are capable of working together aren't at all realistic. You'd just use the same firm and tell them to build a bridge that looks different, but is meant for the same purpose.

    Redundancy is just about improving the odds.

    No, redundancy is not about improving the odds. Redundancy is about having a redundant item.

    As humans we have a lot of redundancy, like two lungs, two ears, two hands etc. But we have only one heart. That's got to be a design failure if nothing else.



  • @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    Redundancy is just about improving the odds.

    Redundancy is a tool, that hopefully improves the odds. In loads of cases, it hurts the odds. That's pretty much the point. Redundancy only makes sense under specific conditions which has to take into consideration the cost of the redundancy, the risk, the impact of the risk factors, and the utility of the redundancy. Some redundancy is so useful that it seems absurd to not have it. Other redundancy is so useless that we'd never do it. Most redundancy goes somewhere in the middle and we have to evaluate it.



  • @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    Redundancy is just about improving the odds.

    No, redundancy is not about improving the odds. Redundancy is about having a redundant item.

    Let me rephrase it. The purpose of redundancy is to improve the odds.



  • @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    Redundancy is just about improving the odds.

    No, redundancy is not about improving the odds. Redundancy is about having a redundant item.

    Let me rephrase it. The purpose of redundancy is to improve the odds.

    But in your very example of evolution. If redundancy is such a great thing, certainly we would have 2 of literally organ.

    Better odds if one dies, right? Not quite true as @scottalanmiller has mentioned.



  • @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    The practicality of hiring two design firms to each build a single bridge, right next to each other, and make sure both bridges are capable of working together aren't at all realistic. You'd just use the same firm and tell them to build a bridge that looks different, but is meant for the same purpose.

    That actually costs as much as a second firm. I think using two firms is actually the norm when doing this.



  • The liver is a good example of another approach. If the liver is damaged, it can regrow. There is still risk of total failure, but it is an expensive organ. But to make it more reliable, it has regrowth adaptability. And generally outperforms a lot of organs that are redundant.



  • @scottalanmiller said in Redundancy is building a bridge and an identical one immediately next to it:

    @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    The practicality of hiring two design firms to each build a single bridge, right next to each other, and make sure both bridges are capable of working together aren't at all realistic. You'd just use the same firm and tell them to build a bridge that looks different, but is meant for the same purpose.

    That actually costs as much as a second firm. I think using two firms is actually the norm when doing this.

    Sure, you would use two firms if you really required 2 bridges. That at all isn't unusual. Bridges isn't really the best example to compare the 2 builders, same purpose.



  • @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    @DustinB3403 said in Redundancy is building a bridge and an identical one immediately next to it:

    Redundancy is just about improving the odds.

    No, redundancy is not about improving the odds. Redundancy is about having a redundant item.

    Let me rephrase it. The purpose of redundancy is to improve the odds.

    But in your very example of evolution. If redundancy is such a great thing, certainly we would have 2 of literally organ.

    Better odds if one dies, right? Not quite true as @scottalanmiller has mentioned.

    I don't think redundancy is a great thing. I think you should do a risk assessment and then come up with a plan how to mitigate the risk. IT isn't different than anything else in this regard.

    Regarding evolution we are probably more geared towards surviving external threats than we are towards surviving internal organ failures by old age and a sedentary lifestyle.



  • @Pete-S said in Redundancy is building a bridge and an identical one immediately next to it:

    Regarding evolution we are probably more geared towards surviving external threats than we are towards surviving internal organ failures by old age and a sedentary lifestyle.

    Right, almost certainly. Partially because in the big picture, that's the bigger threat. Not in this particular moment in time, although in parts of the world that remains true. But to get to where we are, we have to be geared towards overall survival and can't change the design quickly when the situation suddenly changes.