I've been looking at a lot of different technical security architectures
for network providers. Obviously many providers keep their security
secret, so they may or may not have a decent security architecture.
Nevertheless there is still a lot of good information available from
government agency networks, academics and vendors.
The best network service provider security architecture document
First Place: Information Assurance Technical Framework
Second Place: The ESNET unclassified Security Plan
Third Place: University of Washington Network Security Credo
From the IATF document http://www.iatf.net/
5.1 Availability of Backbone Network
I would disagree about item #3, IP is a datagram service, and does not
protect against delay or packet drops (see item #1). Otherwise this is a
decent list of functional security requirements for most Internet
backbone providers. Its short, but covers the big items.
1. BNs must provide an agreed level of responsiveness, continuity of
service and resistance to accidental or intentional corruption of the
communications service. (The agreement is between the owners of the
network and the users of the network.)
2. BNs are not required to provide security services of user data
(such as confidentiality and integrity)that is the user's
3. BNs must protect against the delay, misdelivery, or nondelivery of
otherwise adequately protected information.
4. BNs, as a part of the end-to-end information transfer system, must
provide the service transparently to the user.
5. As part of the transparency requirement, the BN must operate
seamlessly with other backbones and local networks.