In article , Alisha's
Addict wrote:

..

Yep - the spec allows for x-redundancy. Although you'd want to keep a
lid on the amount of redundancy :

More redundancy = more resilience
More redundancy = more bits = more cost.

After a while, the law of diminishing returns comes in, making it daft
to have too many redundant legs. Dual would make a big improvement in
resilience, Triple would be a partial improvement over dual but after
triple, you're probably getting into gold-plating levels. It also
depends on how much space there is. If you do your dual redundance
with the cables in the same runs, you're only effectively getting
single redundancy cos a cut in one place will cut both cables.

Increasing redundancy to high levels can have subtle benefits and subtle
problems. Lots of telephone switches and utterly mission-critical
computers have triple-redundant elements, so you can take one element
out of service for maintenance while still having a hot standby failover
element.

As redundancy increases, you may start imposing significant overhead
keeping all the elements synchronized. Even worse is what is called the
Byzantine Corruption Problem, where some of your elements are giving you
incorrect information.

Voting logic is one of the ways to approach Byzantine Corruption.
Depending on your system policy, you can let the minority or majority
control. For example, in a medical radiation treatment system, if any of
the three processors indicates an unsafe condition, it immediately
closes the shutter on the radioactive element. Better to stop the
treatment and have a human check, than nuke the patient.

In other systems, the majority rules, on the assumption that corruption
is the exception case. Even more complex systems may have redundant
monitoring devices that independently agree that the working elements
are operating correctly, using modeling and the like.