> the center of the information security vortex. Because IOS
controls the
> routers that underpin most business networks as well as the
Internet,I think in general this is an argument against
converged networks,
the added complexity and outages may not be worth the gains..
Convergence isn't going away because Networld Week thinks routers
are insecure (no, really?).
It's an argument for vendor diversity.
-M<
No it is an argument for code base diversity (or better software engineering).
Vendor diversity doesn't necessarily give you this, and you can get this with
one vendor.
Vendor diversity might be a good idea, but for other reasons.
Seems everyone considering the options would be well advised to consider how availability/reliability is actually calculated and based on that exercise make a more educated decision as to whether this does yield improvements at a cost that can be absorbed.
Just because you have n different flavors doesn't mean availability goes up. And you might find some surprises in how costs develop. This isn't just about equipment, it's the operational impact as well.
Unfortunately, short of a verifiable economic cost being associated with such a doomsday scenario, what a business case can carry is what will be deployed. And regulation doesn't necessarily solve anything here either (as it isn't cost neutral).
You can always build more availability. But can you afford to pay for it. (IMHO, the DoD JSF effort is real world testament to what happens when the cost of an ideal becomes so high that a compromise must be reached to sustain the effort -- this very much has its analogy in networking as well).
Or those are my $.02 anyway,
Christian
Convergence isn't going away because Networld Week thinks routers
are insecure (no, really?).It's an argument for vendor diversity.
There are two ways to interpret that last statement.
1. Network operators should build their converged networks using
equipment from multiple vendors, i.e. both Cisco and Juniper.
2. Companies should buy IP network services from more than one
network operator and should make sure that one vendor runs
a Cisco network and one vendor runs a Juniper network.
Which did you have in mind?
Personal, I think that convergence and diversity is one
of those eternal questions that is never solved. There
is an endless cycle as the flock moves first one way,
then the other. Somewhere in between is a nice point
of balance, but that too, is a moving target. There are
always a few who see the world in black and white who
move to extremes, but they are rarely rewarded for this
since an extremely converged network is a single point
of failure, and an extremely diverse network is unwieldy,
unmanageable, expensive, and ultimately, fragile.
It's good to see more focus on the security of embedded
systems but somehow I thing that major vendors like Cisco
and Juniper are going to address these problems INTERNALLY
and we will all be able to continue converging our networks
to run over an infrastructure provided by a two or three
key vendors.
--Michael Dillon
--Michael Dillon