In a recent blog post Tom Hollingsworth made a great point: we should refocus from fighting one fire at a time to preventing fires.
I completely agree with him. However…
We have no building codes. While many old-time networking engineers (particularly those with a few decades of operation experience, see also RFC 1925 section 2.4) agree on basic design principles, many of the younger practitioners never studied them, and rely more on vendor presentations, whitepapers and occasional design guideline.
We have no authority. Apart from a few senior network architects that have enough clout to say NO, most engineers implement whatever needs to be implemented to get the job done. Braided duct tape of NAT, GRE and PBR? No problem. Stretched VLANs? Sure, why not.
Vendors are doing more damage than good. With vendors launching ever-more-complex products trying to defy the laws of physics (or fallacies of distributed computing), and telling everyone else how wonderful it would be to bypass those pesky fire-marshal-wannabes and deploy the new oh-so-sure-to-be-fire-resistant gadget, it’s getting harder and harder to say NO.
Lack of education. When was the last time you attended a good vendor-neutral network design fundamentals course, particularly one focused on entry-level engineers? Is any university/college offering something along these lines in an undergraduate program? I hope I’m missing something, in which case please write a comment.
Ignorance and arrogance. Here’s a cynical comment from one of the recent email exchanges I participated in:
It’s not up to me to convince the business that hard-coding a NetBIOS name (or, even better) an RFC-1918 IP address into an application is a bad idea. I can shout about the virtues of FQDN and stateless apps, layer 7 load balancing, app fabrics and what have you, but at the end of the day, most businesses will choose to swipe their Technical Debt credit card once more. Even better, they’ll feel good that they did so. Look ma, I extended a /24 from the US to the UK!!
What can we do?
Apart from trying to enforce some common sense and good design practice (good luck with that), the only thing that might eventually save us is education – and don’t count on vendors providing it. They’re too busy “educating” engineers about their latest gimmicks. Go out and teach!
I did it for three years (plus ~20 years I spent teaching the networking community), maybe you should start doing the same, if only within your company – every single application developer or server administrator that sees the light is a small win.