On Tuesday, 01/08/2008 at 04:11 EST, David Boyes <[EMAIL PROTECTED]> wrote: > > We are aware of the requirement to prevent two users on the same > VSWITCH > > from talking to each other. > > *grump* That's what VLANs are for. Don't want two hosts to talk? Don't > put them on the same VLAN. Frame-based ACLs are very rare in the real > world; do we need packet inspection on that level here? I think not.
Cisco's "Private VLAN" (a misnomer, if there ever was one) support is more popular than I would have guessed, giving you the ability to leave hosts on the same subnet and allow them to communicate with only, say, the gateway router, not with each other. Since VM already has to inspect each packet to find out where it's going (local or outboard), it's not a terribly big deal. > On the other hand, there's no reason to hand someone a list of > "interesting" MAC addresses for free, either. You couldn't get that > information from a real switch without logging into the management > interface, and there's *some* kind of authentication for that > configuration information, regardless of how strong that authentication > might be. > > I think I'd agree with Marcy: it seems odd to tell a class G guest > anything about the other guests attached to a switch. Class B, sure, but > not class G. We'll look at it. If there's a change, it will most likely be on a release boundary. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
