Proper authentication model

Sun Jan 16 19:23:23 UTC 2005

On Wed, 12 Jan 2005 12:58:43 -0500, Hannigan, Martin
<hannigan at verisign.com> wrote:
> 
> 
> > -----Original Message-----
> > From: Joe Abley [mailto:jabley at isc.org]
> > Sent: Wednesday, January 12, 2005 12:05 PM
> > To: Hannigan, Martin
> > Cc: NANOG list
> > Subject: Re: Proper authentication model
> >
> >
> >
> > On 12 Jan 2005, at 11:53, Hannigan, Martin wrote:
> >
> > >> You mean you'd *request* a different path from different providers.
> > >
> > > Provisioning a circuit from two different ^providers^, other than
> > > your OC3 provider.
> >
> > I realise that's what you meant.
> >
> > My point was that competing, differently-named and
> > organisationally-separate suppliers of network services
> > frequently use
> > common suppliers for metro fibre, long-haul transport,
> > building access,
> > etc. Just because you buy different services from different providers
> > doesn't mean there will be no common points of failure.
> 
> There may be common points of failure like a carrier hotel, but I
> haven't been told I couldn't see loop or longhaul maps when planning
> a circuit, except when buying from other than a carrier[1] or tier2.
> Primary and protect should be geographically seperated and if
> your carrier isn't buying access to BOTH conduits in your entrance
> facility, you should ask why. I just don't usually see this problem
> and I've *never* not  been able to get into a facility remotely by
> the diversified frame M/S method.

I've seen two diverse sides of a SONET ring die due to fiber cuts
within minutes of each other on different sides of a city. A local
tech (from our company) drove to each and actually snapped a photo of
each site.

And our facilities and the ring were truly physically diverse, which
was the kicker. And yes it took down our LEC and IXC access to the
site.

JB