For want of a single ethernet card, an airport was lost ...
Steve Gibbard
scg at gibbard.org
Tue Aug 21 18:43:41 UTC 2007
On Tue, 21 Aug 2007, Zach White wrote:
> At some point our networks have to remain useful. If they can be shut
> down for hours or days at a time are they really secure?
The first question to ask in designing something is what you're trying to
accomplish.
This is a mailing list of network operators, meaning that most of us are
in the business of forwarding packets, or otherwise seeing that packets
get forwarded. It matters very little what those packets are, as long as
they get where they're supposed to go. If our networks stop forwarding
packets, we've got a problem.
Compare that to somebody designing a bank vault. They've still got to be
able to get things in and out, but their most important priority is that
stuff that's supposed to stay in the vault stays in the vault. If
somebody legitimate can't get the vault open that's annoying, but it's
nowhere near the level of problem they'd have if the vault turned out to
be openable by somebody who wasn't supposed to open it.
The question for the designers of immigration systems, then, is whether
they're designing something like the Internet, intended to forward people
through efficiently, or something like a bank vault, intended to keep
people out. If the former, they'd presumably want to default to being
open in the event of a failure. If the latter, they'd want to default to
being closed in the event of a failure. If their goals are somewhere in
the middle, it becomes a matter of weighing the costs of the two failure
modes and deciding which one will do less damage. But at that point, it
becomes a political question, not an engineering question and certainly
not a network operations question, so it's beyond the scope of the NANOG
list.
-Steve
More information about the NANOG
mailing list