Accepting a Virtualized Functions (VNFs) into Corporate IT

Jared Mauch jared at
Mon Nov 28 18:10:29 UTC 2016

> On Nov 28, 2016, at 12:53 PM, Kasper Adel <karim.adel at> wrote:
> Hi,
> Vendor X wants you to run their VNF (Router, Firewall or Whatever) and they
> refuse to give you root access, or any means necessary to do 'maintenance'
> kind of work, whether its applying security updates, or any other similar
> type of task that is needed for you to integrate the Linux VM into your IT
> eco-system.
> Would this be an acceptable offering in today's IT from different type of
> Enterprises (Minux the Googles, Facebooks...etc) ?

my experiences say that most people would accept this.  things like IT are a cost
and any way to externalize that cost makes sense.  If you look at something like
a SMB service, where you have mandatory NID or provider managed CPE/handoff,
having a solution pre-built seems like a no-brainer.

Of course, if you’re on [email protected] chances are you could build your own pfSense based
solution or iptables setup.  The question is does it scale, or how do you scale
or automate it?  There are only so many Mark/Jared/Kasper’s out there.

I look at what happened with Hotel networking, with consolidation by a few players
like wayport, er AT&T and you have a mostly stable workable product that has
all the warts you’d expect from a consistent product delivery.

What I’ve observed from our customers, they appreciate consistent service delivery
globally, and the same would likely apply to those wanting to purchase a managed
firewall service.

- jared

More information about the NANOG mailing list