[173698] in North American Network Operators' Group
Re: Greenfield Access Network
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Jul 31 12:24:38 2014
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <CAMDdSzOEPGLmtAk4Ds2O4wp+EbzfrR9DwnYTYr9nKKzBW35UtA@mail.gmail.com>
Date: Thu, 31 Jul 2014 23:24:22 +0700
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Jul 31, 2014, at 8:23 PM, Colton Conor <colton.conor@gmail.com> =
wrote:
> Is a firewall needed in the core?
No, quite the opposite:
<https://app.box.com/s/a3oqqlgwe15j8svojvzl>
> How would you build a access network from the ground up if you had the =
resources and time to do so?
I'd hire folks who have experience from both and architectural and =
operational perspectives, and who have the necessary local knowledge. =
Most of the question you're asking (except the one about iatrogenic =
stateful firewalls) are situationally-specific, and aren't really going =
to be answerable in detail via a mailing-list, no matter the depth and =
breadth of expertise of many of those participating in said email list.
For example, you've asked nothing specifically about recursive or =
authoritative DNS infrastructure, although they're both key (you did =
mention DNS generically, which is good, but that's overly broad). =
Nothing about availability and resiliency and telemetry visibility and =
network hardening. Nothing about access policies, mitigation systems, =
quarantine systems, etc. Nothing about upstream transit requirements, =
nothing about peering goals and imperatives. Nothing about redundancy =
at any level/in any area/for any function. And so forth.
I'm not criticizing you; I'm just trying to make the point that instead =
of concentrating on vendors and technologies and hardware and software, =
it's better to concentrate on *people* who have the requisite experience =
and expertise, and go from there. There are lots of specializations and =
subspecializations, and it's important to have folks who have broad =
experience spanning multiple areas, as well as others who know =
*everything* in a given area.
While you can get some categorical advice, you can't really crowdsource =
the architecture, design, deployment, and operations of your network.
;>
----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laoco=F6n
