On 03/26/2014 11:14 PM, Owen DeLong wrote:
Why not just use private VLAN layer 2 controls for the privacy you describe?
The technology I know of is what cisco calls 'protected ports' - My understanding is that those simply mean you can't pass traffic to or from other 'protected ports' - I use that capability when, say, putting a bunch of IPMIs on a private network, it works great, as if one of the IPMI ports is trying to talk to another, something is very wrong and it gets blocked. They are commonly used in the dedicated server hosting world to do what you are describing, but they have a big downside when being used on the public side; customer 1 can't talk to customer 2. Now, this isn't usually a big deal, except in one very common case; what if one entity buys two hosts? now those two hosts can't talk to oneanother. This is a very common problem for dedicated hosting providers (and why I give my dedicated hosts a vlan and a routed subnet, wasting IPv4.) For my virtuals, though, I have a much more clever "switch" as it's just some software running in the Dom0, so at least in the IPv4 world, filtering just their /32 in and out is a much better solution.
Yes, you risk customer A spoofing customer B, but is that really a problem in your environment? Really? If so, one could argue you might want to consider getting a better class of customers.
You wouldn't feel uncomfortable if some other company could come in and not only spoof your IP, but receive the return traffic? Keep in mind that they could do this in a way that is quite difficult to detect or trace, if they were clever about it. I may trust my provider, to a certain extent, but I certainly don't trust everyone who gives my provider money.