TORNOGThe Rise of Modern, Open and Intelligent Fibre Networking Architectures
Speaker: Jean-Francois Richard
TORNOG 1 Full Agenda: https://tornog.ca/events/tornog-1/agenda/
#NetworkAutomation #Toronto #NetworkArchitecture #technology
Bob YoungThere was a massive Verizon outage on January 14. Reuters reported that it lasted 10 hours. Downdetector said it received 2.2 million reports of problems with Verizon’s service, but other estimates are as low as 180,000. As of this writing, Verizon hasn’t announced a reason for the outage. Cybersecurity concerns are possible, but have been mostly ruled out. It appears to have been an internal “technical issue.”
I can’t tell you what the specific technical issue was, but I can tell you what the general issue was: massive centralization.
Companies design systems with massive geographic centralization for cost and convenience, not for resilience – or, for that matter – cybersecurity.
Information and communications industries as a whole have been moving steadily towards massive centralization for several years now. Decentralize command and control. Centralization is a military-grade problem. There will be bigger and more impactful outages across all industries while we re-learn this lesson.
Winter weather – power failures – what’s a good design?
In theory – in a perfect world – the backup batteries only need to last long enough for the generator(s) to start up and stabilize with the load of your choice. But, in the real world, the backup batteries should hold the system up in the following scenario:
1. Power goes out.
2. Batteries/UPS take the load.
3. Power failure alarm is issued to the technician on call.
4. Generator fails to start.
5. Generator failure alarm is issued to the technician on call.
6. The tech on call requests service from the generator maintenance contract company.
7. The generator company rolls a truck.
8. The generator service person identifies the problem, repairs it, and starts the generator.
If continuous operation through a power failure is the goal, I design battery/UPS systems for a minimum six hours of run time, and if the generator company has to roll a truck that’s really not enough. Six hours is only enough if you have in-house technicians on call who live close to the monitored system.
If it’s impractical to support a system with the appropriate amount of battery capacity for a generator repair, then the solution is a second generator. If, and only if, the system is protected with a second generator, is it feasible to reduce the battery capacity. Keep in mind that battery capacity decreases over the life of the battery, or with temperature variations, etc. Also, equipment gets added over time, so if the system is built with marginal capacity (generator startup and RPM stabilization), then when you have an outage six months or a year after initial installation, the batteries may no longer be adequate.
Design with lots of margin, not just to load transfer time.
A few months ago I discovered a law firm’s financial information (specifically billing and payment information), online. It’s a nationally known law firm, and the records in question were for the Seattle office.
Broken down by customer.
Itemized hourly billing.
Hourly billing rate.
Other expenses.
Customer account number.
Customer payment information, including bank account number.
Law firm’s bank account number.
Amounts paid.
Payment dates.
Balance due.
The information did NOT include details of the services provided.
I found it entirely by accident, with a Google search that wasn’t targeted in nature.
No, I didn’t report it to the law firm. In Washington, “Good faith acquisition of personal information . . . is not a breach of the security of the system when the personal information is not used or subject to further unauthorized disclosure.” (RCW 19.255.005(1))
I believe that protects me, but I don’t want to test it in court, and if the law firm knew about it, they might feel compelled to take some sort of action other than securing their information better.
THE LESSON
Do not store your company records, and host your website, on the same server. I can’t believe I have to write that sentence.
Concerned about AI-generated malware bringing down your company? Then get your critical data off the Internet.
This isn't rocket science. This is Occam’s Razor.
The Internet is for social media and retail sales.
PII, PHI, employee records, customer information - nothing important should ever be Internet accessible.
Ever heard of private data circuits? Private data circuits are a real thing. People quit using them because the Internet was cheaper.
"It'll be secure," they said.
No. The Internet has never been secure. The Internet cannot ever be secure, because authenticated users will always be tricked into doing stuff for cybercriminals.
If there was ever a time to rethink your business strategy as it relates to information storage and processing, that time is now.
It's going to get worse quickly. Your best defense is to get sensitive data out of the public cloud.
Greg Lloyd“Basically it's a 1995 AOL chat room and you have, like, a wheel-speed sensor that's shouting AGE/SEX/LOCATION over and over in group chat.
Now you can understand how your corroded backup camera will strand you.” #car #networkarchitecture https://zeroes.ca/@subjacentish/115432294616786461
Subjacent Banana (@[email protected])
Attached: 1 image I think the simplest way to explain one of the big things wrong with cars to IT/tech people is this: Cars run on an internal network (called a CAN Bus). But this isn't at all like a sane computer network. This network is structured around the 1992 OBDII standard when cars had *counting* basically one computer and its sensors. As cars got more complex, rather than rethink it, they just went ahead and stitched 50 computers together. So picture your network but it's completely flat. No priority to any communication, no hierarchy, no firewalls, everybody sending all messages at once. Basically it's a 1995 AOL chat room and you have, like, a wheel-speed sensor that's shouting AGE/SEX/LOCATION over and over in group chat. Now you can understand how your corroded backup camera will strand you.
A lot of the work I do is in high security systems where sensitive data isn’t connected to the Internet, and isn’t hosted on commercial public cloud platforms, because such an architecture can’t meet the design criteria.
A recurring issue I face is educating new decision makers who get ill-informed notions that they can reduce costs (thereby becoming heroes, or so they think), by centralizing information storage or processing on rented commercial platforms. So I go through it all again, patiently, politely, with the new person.
The other recurring threat I deal with is C-level people who want what I refer to as Data Ubiquity: “I want access to all of the data, at any time, from any location, on any of my devices.”
Data Ubiquity = Maximum Vulnerability.
Even “perfect” authentication won’t prevent this vulnerability. Why? Phishing. The authenticated user will be tricked into opening the door for the cybercriminal.
When the data is in no way Internet connected, how does the victim deliver the data to the cybercriminal? Do they print it out and ship reams of paper in boxes to the criminal via FedEx?
Offline Data = More Secure Data.
The cloud is for retail sales and social media, NOT for PHI, PII, corporate secrets, intellectual property, employee records, industrial controls...
N-gated Hacker News🚀 Wow, a riveting introduction to *yet another* #protocol no one asked for! 🤯 Bluesky's #AT Protocol explained for developers who want to understand network architecture instead of, you know, actually getting work done. 🎉 Because what we all need is more jargon to spice up our lives! 😂
https://mackuba.eu/2025/08/20/introduction-to-atproto/ #Bluesky #networkarchitecture #developerjargon #technews #HackerNews #ngated
https://mackuba.eu/2025/08/20/introduction-to-atproto/ #Bluesky #networkarchitecture #developerjargon #technews #HackerNews #ngated
AsterfusionLevel up your campus network! 🎓 Did you know MPLS is now a game-changer for SONiC-based switches?
Asterfusion is bringing the power of MPLS to campus networks, enabling:
Simplified L3 backbone architecture
Large-scale VPN isolation
Efficient campus-to-site interconnections
Our latest blog breaks down why MPLS is crucial and how it works with SONiC to deliver a more efficient and secure network.
Don't get left behind! Learn how to transform your campus network with this powerful combination. 👇
🔗 https://cloudswit.ch/blogs/sonic-based-campus-networks-with-mpls/
#MPLS #SONiC #CampusNetwork #NetworkArchitecture #Asterfusion #VPN #NetworkSwitch #ITInfrastructure
The routing world is about to change! 🌐 Asterfusion is taking SONiC beyond switches and into the router era with the powerful Marvell OCTEON 10 DPU!
For too long, the router market has been dominated by closed, legacy systems. But Asterfusion is changing the game with a true commercial-ready, open-source solution.
Our new ET Series Routers/Gateways are powered by SONiC-VPP, offering a high-performance, energy-efficient solution for:
Enterprise network egress
Service provider edge deployments
Ready to embrace the future of open networking? Click to see how Asterfusion is building the next generation of SONiC-based white-box routers! 👇
🔗 https://cloudswit.ch/blogs/sonic-router-era-with-marvell-octeon-10-dpu/
#SONiC #Router #NetworkArchitecture #Marvell #DPU #OpenNetworking #EdgeComputing #Asterfusion #WhiteBoxRouter #CloudComputing
