Greenfield Access Network

• Previous message (by thread): Greenfield Access Network
• Next message (by thread): Greenfield Access Network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 31, 2014, at 8:23 PM, Colton Conor <colton.conor at gmail.com> wrote:

> Is a firewall needed in the core?

No, quite the opposite:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

> How would you build a access network from the ground up if you had the resources and time to do so?

I'd hire folks who have experience from both and architectural and operational perspectives, and who have the necessary local knowledge.  Most of the question you're asking (except the one about iatrogenic stateful firewalls) are situationally-specific, and aren't really going to be answerable in detail via a mailing-list, no matter the depth and breadth of expertise of many of those participating in said email list.

For example, you've asked nothing specifically about recursive or authoritative DNS infrastructure, although they're both key (you did mention DNS generically, which is good, but that's overly broad).  Nothing about availability and resiliency and telemetry visibility and network hardening.  Nothing about access policies, mitigation systems, quarantine systems, etc.  Nothing about upstream transit requirements, nothing about peering goals and imperatives.  Nothing about redundancy at any level/in any area/for any function.  And so forth.

I'm not criticizing you; I'm just trying to make the point that instead of concentrating on vendors and technologies and hardware and software, it's better to concentrate on *people* who have the requisite experience and expertise, and go from there.  There are lots of specializations and subspecializations, and it's important to have folks who have broad experience spanning multiple areas, as well as others who know *everything* in a given area.

While you can get some categorical advice, you can't really crowdsource the architecture, design, deployment, and operations of your network.

;>

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

• Previous message (by thread): Greenfield Access Network
• Next message (by thread): Greenfield Access Network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]