Skip site navigation (1) Skip section navigation (2)

Re: NIC to NIC connection

From: Matt Clark <matt(at)ymogen(dot)net>
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: 'Kent Anderson' <kenta(at)ezyield(dot)com>,"'Pgsql-Admin(at)Postgresql(dot) Org'" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: NIC to NIC connection
Date: 2004-10-19 22:13:44
Message-ID: 41759198.4070505@ymogen.net (view raw or flat)
Thread:
Lists: pgsql-admin
>Switches are not security devices. While it is harder to sniff packets on
>switches, you can't count on them to prevent hostile machines on the
>switch from playing games with the arp protocol. Also I believe that if
>a switch doesn't remember where a particular mac address is it will send
>the packet to all of the attached ports.
>  
>
If you have 6 app servers it's just daft to stick 6 NICs in your DB 
server.   If absolute privacy is a concern (not mentioned by the OP), 
then use a dedicated switch (or switches) for the 'private' subnet.  
Even better, use SSH.  But all this is over the top for 99.9% of uses 
anyway.  A VLAN is as private as anything else, so you can just create a 
VLAN on your current switch fabric and use that.  No kind of traffic on 
a VLAN will hit any other VLAN.  Unless of course someone has hacked 
your switch, set up a mirror port, attached a sniffer or other hacked 
machine to it, and is assiduously reading your traffic, in which case 
you have bigger problems....


M

In response to

Responses

pgsql-admin by date

Next:From: Bruno Wolff IIIDate: 2004-10-19 22:33:45
Subject: Re: NIC to NIC connection
Previous:From: Bruno Wolff IIIDate: 2004-10-19 22:01:33
Subject: Re: NIC to NIC connection

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group