[flow-tools] re: has anyone tried this before / know how possible it is?
Craig A. Finseth
fin@finseth.com
Wed, 29 Jan 2003 09:46:07 -0600 (CST)
...
>This way either one of the collectors can fail, and the
>second will still collect streams, then the merge process can
>happen at any time.
This would be a good thing.
...
While your overall approach is reasonable, consider whether:
1) you are really improving the overall reliability, and
2) does it matter?
For (1), the Cisco can, of course, send to two hosts as easily as one.
However, you have added a new step: merging the two sets of flow files
and eliminating the duplicates. How reliable is that process? How
maintainable is it? After all, you've introduced a whole new set of
ways for it to fail.
For (2), determine the cost if you happen to miss a few flows, or even
a day or two's worth in case a machine breaks. On the one hand, it
could be part of a service guarantee, such that you have to rebate
money (or equivalent) to a customer if it goes down. On the other, it
could just be a "nice to look at, but if we miss a few minutes' data,
it won't really matter."
I've seen lots of complexity added to systems in the name of
"improving reliability." In most cases, the systems were too complex
and kept failing, and reliability was restored by changing the
architecture so that (a small number of) failures could be tolerated
(i.e., we took out the complexity and made things simple).
Craig