On Mon, 13 Apr 2009, chris.ranch@nokia.com wrote:
Peter Beckman [mailto:beckman@angryox.com] wrote:
Sent: Monday, April 13, 2009 11:19 AM To: Dylan Ebner Cc: nanog@nanog.org Subject: RE: Fiber cut in SF area
On Mon, 13 Apr 2009, Dylan Ebner wrote:
It will be easier to get more divergence than secure all the manholes in the country.
I still think skipping the securing of manholes and access points in favor of active monitoring with offsite access is a better solution.
The only thing missing from your plan was a cost analysis. Cost of each, plus operational costs, * however many of each type. How much would that be?
So, let's see. I'm pulling numbers out of my butt here, but basing it on non-quantity-discounted hardware available off the shelf. $500,000 to get it built with off-the-shelf components, tested in hostile tunnel environments and functioning. Then $350 per device, which would cover 1000 feet of tunnel, or about $2000 per mile for the devices. I'm not sure how things are powered in the tunnels, so power may need to be run, or the system could run off sealed-gel batteries (easily replaced and cheap, powers device for a year), system can be extremely low power. Add a communication device ($1000) every mile or two (the devices communicate between themselves back to the nearest communications device). Total cost, assuming 3 year life span of the device, is about $3000 per mile for equipment, or $1000 per year for equipment, plus $500 per year per mile for maintenance (batteries, service contracts, etc). Assumes your existing cost of tunnel maintenance can also either replace devices or batteries or both. Add a speedy roomba like RC device in the tunnel with an HD cam and a 10 or 20 mile range between charging stations that can move to the location where an anomaly was detected, and save some money on the per-device cost. It could run on an overhead monorail, or just wheels, depending on the tunnel configuration and moisture content. Add yet another system -- an alarm of sorts -- that goes off upon any anomaly being detected, and goes off after 5 minutes of no detection, to thwart teenagers and people who don't know how sophisticated the monitoring system really is. Put the alarm half way between access points, so it is difficult to get to and disable. Network it all, so that it can be controlled and updated from a certain set of IPs, make sure all changes are authenticated using PKI or certificates, and now you've made it harder to hack. Bonus points -- get a communication device that posts updates via SSL to multiple pre-programmed or random Confickr-type domains to make sure the system continues to be able to communicate in the event of a large outage.
Then amortize that out to our bills. Extra credit: would you pay for it?
Assuming bills in the hundreds of thousands of dollars per month, maybe to the millions of dollars, and then figure out what an outage costs you according to the SLAs. Then figure out how much a breach and subsequent fiber cut costs you in SLA payouts or credits, multiply by 25%, and that's your budget. If the proposed system is less, why wouldn't you do it? The idea is inspired by the way Google does their datacenters -- use cheap, off-the-shelf hardware, network it together in smart ways, make it energy efficient, ... profit! Anyone want to invest? Maybe I should start the business. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------