RE: Networking Pearl Harbor in the Making
On Mon, Nov 07, 2005 at 06:43:35AM -0500, J. Oquendo wrote:
the center of the information security vortex. Because IOS controls the routers that underpin most business networks as well as the Internet,
I think in general this is an argument against converged networks, the added complexity and outages may not be worth the gains..
Convergence isn't going away because Networld Week thinks routers are insecure (no, really?). It's an argument for vendor diversity. -M<
On Monday 07 Nov 2005 3:42 pm, Hannigan, Martin wrote:
It's an argument for vendor diversity.
No it is an argument for code base diversity (or better software engineering). Vendor diversity doesn't necessarily give you this, and you can get this with one vendor. Vendor diversity might be a good idea, but for other reasons.
Seems everyone considering the options would be well advised to consider how availability/reliability is actually calculated and based on that exercise make a more educated decision as to whether this does yield improvements at a cost that can be absorbed. Just because you have n different flavors doesn't mean availability goes up. And you might find some surprises in how costs develop. This isn't just about equipment, it's the operational impact as well. Unfortunately, short of a verifiable economic cost being associated with such a doomsday scenario, what a business case can carry is what will be deployed. And regulation doesn't necessarily solve anything here either (as it isn't cost neutral). You can always build more availability. But can you afford to pay for it. (IMHO, the DoD JSF effort is real world testament to what happens when the cost of an ideal becomes so high that a compromise must be reached to sustain the effort -- this very much has its analogy in networking as well). Or those are my $.02 anyway, Christian On Nov 7, 2005, at 10:50 AM, Simon Waters wrote:
On Monday 07 Nov 2005 3:42 pm, Hannigan, Martin wrote:
It's an argument for vendor diversity.
No it is an argument for code base diversity (or better software engineering).
Vendor diversity doesn't necessarily give you this, and you can get this with one vendor.
Vendor diversity might be a good idea, but for other reasons.
Convergence isn't going away because Networld Week thinks routers are insecure (no, really?).
It's an argument for vendor diversity.
There are two ways to interpret that last statement. 1. Network operators should build their converged networks using equipment from multiple vendors, i.e. both Cisco and Juniper. 2. Companies should buy IP network services from more than one network operator and should make sure that one vendor runs a Cisco network and one vendor runs a Juniper network. Which did you have in mind? Personal, I think that convergence and diversity is one of those eternal questions that is never solved. There is an endless cycle as the flock moves first one way, then the other. Somewhere in between is a nice point of balance, but that too, is a moving target. There are always a few who see the world in black and white who move to extremes, but they are rarely rewarded for this since an extremely converged network is a single point of failure, and an extremely diverse network is unwieldy, unmanageable, expensive, and ultimately, fragile. It's good to see more focus on the security of embedded systems but somehow I thing that major vendors like Cisco and Juniper are going to address these problems INTERNALLY and we will all be able to continue converging our networks to run over an infrastructure provided by a two or three key vendors. --Michael Dillon --Michael Dillon
participants (4)
-
Christian Kuhtz -
Hannigan, Martin -
Michael.Dillonļ¼ btradianz.com -
Simon Waters