[exelius]

No; no ISP would ever run externally managed equipment inside their network. They would run it in a separate cage with a direct fiber connection to the gateway routers. Rule #1 of network security is that you never run someone else's equipment inside your network; you ALWAYS make them go through a gateway.

Also it's largely semantics where a device like OpenConnect is hosted. Netflix could host it at a datacenter across town with a direct fiber interconnect to the ISP and it would be effectively the same thing. This is how all the big CDNs do it; that way they host equipment once and connect to multiple local ISPs.

[dsl]

> This is how all the big CDNs do it

You have no idea how big CDNs do it. I've personally installed CDN gear into ISP racks. Sometimes you get an uplink into a router, other times you sit on a switch with other gear.

That "direct fiber interconnect" is called private peering and mostly used to fill cache boxes on the providers network.

[exelius]

Large ISPs sure as hell don't do this (maybe they used to; but not in the last 3 years). They have dedicated cages in their datacenters for external gear that sit at the edge of their network.

Regardless, the word on the Netflix-Comcast situation is that Netflix is indeed hosting the hardware at 3rd party datacenters with a dedicated connection to Comcast. Whether you call it an interconnect or private peering is just semantics; it's a pretty common practice in the industry and technologically, it's no different than having a 10gig fiber link within a datacenter.

[nknighthb]

I spent a year in 2007-2008 managing equipment inside Comcast's network while working for a very much not-Comcast company. Even had a Comcast VPN assigned specifically to me complete with RSA fob shipped to me by Comcast. You haven't got the first clue what ISPs do, nor how networks work.

[philp]

> No; no ISP would ever run externally managed equipment inside their network.

You haven't been paying attention to that Edward Snowden fella, have you?

[waps]

Just stating the obvious here, but "Rule #1" obviously doesn't apply to service provider networks, who are specifically built so other people's equipment can be connected on almost every point. Customers on the access layer. Datacenters, colocation and these sorts of boxes on the distribution layer, and peers on the "gateway"/peering layers.

The second paragraph is wrong too, there are much closer relationships possible. They're much deeper than that today, and I would expect in the future to see CDNs much deeper in provider networks.