Firewalls and the Need for Speed
I was looking for resources on campus network design and found these slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention: This bothered me, so I Tweeted about it. This started some discussion, and prompted me to see what NSRC suggests for architecture these days. You can find the latest, from April 2018, here . Here is the bottom line for their suggested architecture: What do you think of this architecture? My Tweet has attracted some attention from the high speed network researcher community, some of whom assume I must be a junior security apprentice who equates "firewall" with "security." Long-time blog readers will laugh at that, like I did. So what was my problem with the original recommendation, and what problems do I have (if any) with the 2018 version? First, let's be clear that I have always differentiated between visibility and control . A firewall is a poor visibility too...