[Outages-discussion] FB Outage AAR I - Engineering Posts Pabulum

[Dr. Ogg]

One glaring issue I see is that the facility infrastructure seems to be the same or related to the service infrastructure. The tooling required for access control to the facility should not reside on the same network as the service. Perhaps I'm missing something, but it seems to be implied that this one change to the routers impacted more than the service. 

I would like to know more details on how Facebook has set up its facility access. Also related is Out of Band management. 


> On Oct 5, 2021, at 3:56 PM, Ross Tajvar <ross at tajvar.io> wrote:
> 
> There are ways to be secure without "running it yourself".
> For example, if the US government can trust AWS, surely so can Facebook? Especially for something like "a backup copy of documentation".
> 
> On Tue, Oct 5, 2021 at 6:45 PM Tim Dobson <lists at tdobson.net <mailto:lists at tdobson.net>> wrote:
> On 05/10/2021 21:07, Mike Bolitho wrote:
> > That's definitely possible but what team doesn't have their management 
> > IPs somewhere other than DNS? That seems crazy to me.
> 
> Like stored in an internal information management system in your own IP 
> space? Whoops.
> 
> I'd imagine that storing that sort of information outside of facebook 
> could have contravened their own policies on data security.
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org <mailto:Outages-discussion at outages.org>
> https://puck.nether.net/mailman/listinfo/outages-discussion <https://puck.nether.net/mailman/listinfo/outages-discussion>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211005/dcb2b034/attachment.htm>