On Tue, 10 Sep 1996, Srinivasarao Mulugu wrote:
I know we do, Michael. And I have "their" answer. But they may not have the same experiences you did.
Have you had much experience, having the servers connect directly on to a level-2 device like a FDDI-to Ethernet (e.g. catalyst) connector ? and it security implications ?
It's not a matter of experience. It's a matter of what a level-2 device is and how it normally works. There is no security at level 2. Therefore, you should only connect trusted pieces of equipment to a level-2 media unless it is being used as a point-to-point media. Lets use Ethernet as an example. If you connect a customer web server to an Ethernet then they can sniff any traffic that goes by and possibly do nasty things like spoofing. Even if they would never do such a thing they may be hacked by somebody who would do such a thing. So it is not a good idea to share a level 2 media in this way. However you can use level 2 media to create point-to-point links. One way is to use a reversed patch cable between two 10baseT interfaces. Another more common way is to use a switch (also works with FDDI and ATM). Of course, the normal reason for using such switches is to get greater bandwidth capabilities. I wouldn't rely on them as the sole means of isolating a customer's web server. I still don't understand why you are asking me specifically about this stuff. I certainly don't have any direct experience building exchange points. Normally on a mailing list you would direct your question to all the list members in the hopes that you will get several replies from people who have good information to share. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com