nanog mailing list archives

Re: Greenfield Access Network

From: Roland Dobbins <rdobbins () arbor net>
Date: Thu, 31 Jul 2014 23:24:22 +0700


On Jul 31, 2014, at 8:23 PM, Colton Conor <colton.conor () gmail com> wrote:

Is a firewall needed in the core?


No, quite the opposite:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

How would you build a access network from the ground up if you had the resources and time to do so?

I'd hire folks who have experience from both and architectural and operational perspectives, and who have the necessary
local knowledge. Most of the question you're asking (except the one about iatrogenic stateful firewalls) are
situationally-specific, and aren't really going to be answerable in detail via a mailing-list, no matter the depth and
breadth of expertise of many of those participating in said email list.

For example, you've asked nothing specifically about recursive or authoritative DNS infrastructure, although they're
both key (you did mention DNS generically, which is good, but that's overly broad). Nothing about availability and
resiliency and telemetry visibility and network hardening. Nothing about access policies, mitigation systems,
quarantine systems, etc. Nothing about upstream transit requirements, nothing about peering goals and imperatives.
Nothing about redundancy at any level/in any area/for any function. And so forth.

I'm not criticizing you; I'm just trying to make the point that instead of concentrating on vendors and technologies
and hardware and software, it's better to concentrate on *people* who have the requisite experience and expertise, and
go from there. There are lots of specializations and subspecializations, and it's important to have folks who have
broad experience spanning multiple areas, as well as others who know *everything* in a given area.

While you can get some categorical advice, you can't really crowdsource the architecture, design, deployment, and
operations of your network.

----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

Equo ne credite, Teucri.

-- Laocoön

Current thread:

Greenfield Access Network Colton Conor (Jul 31)
- Re: Greenfield Access Network Scott Helms (Jul 31)
  - Re: Greenfield Access Network Colton Conor (Jul 31)
    - Re: Greenfield Access Network Scott Helms (Jul 31)
    - Re: Greenfield Access Network Colton Conor (Jul 31)
    - Re: Greenfield Access Network Scott Helms (Jul 31)
    - Re: Greenfield Access Network Colton Conor (Jul 31)
- Re: Greenfield Access Network Roland Dobbins (Jul 31)
  - Re: Greenfield Access Network Colton Conor (Jul 31)
- Re: Greenfield Access Network William Herrin (Jul 31)