Greenfield Access Network

Colton Conor colton.conor at
Thu Jul 31 17:01:26 UTC 2014


I agree with everything you mentioned in your email. No matter how much
money and resources you have, if you don't have the talent and people
required to get the job done the project will fail. There a many outfits,
like Scotts for example, that will handle most all of these issues for an
operator that doesn't have the skills, talent, or personnel to deploy such
a network on their own.

I tried to keep the topics as broad as possible. No, I didn't go into
detail about recursive or authoritative as I figured the general term DNS
would cover both for the readers of this forum. The same with availability
and resiliency and telemetry visibility and network hardening and the other
detailed terms you have mentioned as I am making the assumption that this
networking gear being talk about (carrier grade routers) would have most of
these capabilities and people that would implement them (certified network
engineers) would handle these issues.

With that being said, we are not trying to crowdsource the architecture,
design, deployment, and operations of our network. We are just seeking
advice as mentioned. If you ask this question to many of the network
vendors that make these products they will try to oversell you on items you
don't need. Just trying to cut through some of the marketing BS that the
vendors produce, and see what people in the real world are actually

On Thu, Jul 31, 2014 at 11:24 AM, Roland Dobbins <rdobbins at> wrote:

> On Jul 31, 2014, at 8:23 PM, Colton Conor <colton.conor at> wrote:
> > Is a firewall needed in the core?
> No, quite the opposite:
> <>
> > How would you build a access network from the ground up if you had the
> resources and time to do so?
> I'd hire folks who have experience from both and architectural and
> operational perspectives, and who have the necessary local knowledge.  Most
> of the question you're asking (except the one about iatrogenic stateful
> firewalls) are situationally-specific, and aren't really going to be
> answerable in detail via a mailing-list, no matter the depth and breadth of
> expertise of many of those participating in said email list.
> For example, you've asked nothing specifically about recursive or
> authoritative DNS infrastructure, although they're both key (you did
> mention DNS generically, which is good, but that's overly broad).  Nothing
> about availability and resiliency and telemetry visibility and network
> hardening.  Nothing about access policies, mitigation systems, quarantine
> systems, etc.  Nothing about upstream transit requirements, nothing about
> peering goals and imperatives.  Nothing about redundancy at any level/in
> any area/for any function.  And so forth.
> I'm not criticizing you; I'm just trying to make the point that instead of
> concentrating on vendors and technologies and hardware and software, it's
> better to concentrate on *people* who have the requisite experience and
> expertise, and go from there.  There are lots of specializations and
> subspecializations, and it's important to have folks who have broad
> experience spanning multiple areas, as well as others who know *everything*
> in a given area.
> While you can get some categorical advice, you can't really crowdsource
> the architecture, design, deployment, and operations of your network.
> ;>
> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at> // <>
>                    Equo ne credite, Teucri.
>                           -- Laocoön

More information about the NANOG mailing list