Re: Design failure
Because that costs more money and "there's no need to do that".
Well as a minion at Dundee University (hence AC) that is the plan for the new network - no longer IP address by department subnet with ACLs between them, but now IP address by building and all in a big pool as far as access is concerned. Maybe a few pools depending on "type", but its not clear from down here how the glorious leaders are actually going to act.
I hope somebody in charge reads El Reg and sees the SF incident as the almost inevitable consequences of not segmenting the network by-design.