[mlangdon]

The big difference here is that states can simply buy access to, e.g., a Cisco Nexus and attack it from inside and out until they find a vulnerability in NX-OS, let's say, a malformed CLI-via-HTTP call.

Whereas, what software does a Google switch even run? What's the architecture, the APIs? You basically need someone inside Google, or for one of these things to fall off a truck. Way more involved and expensive than the 10k you might spend on a Nexus to throw it your lab and set your hackers on it.

[stargrazer]

Actually, Google has published papers and have presented talks (many of which are available on Youtube) on the type of gear they have developed. I don't know what their latest versions are, but recently they were using OpenFlow style infrastructure to provided fine-grained control (security, balancing, analysis) over flows through out their network. OpenFlow style constructs also provide a micro-segmentation style control (ie distributed firewall) over ingress/egress of traffic at the individual container/vm port level.

[closeparen]

An organization whose job it is to infiltrate hostile governments and intelligence agencies should have no problem infiltrating Google.