Switches are not security devices. While it is harder to sniff packets on
switches, you can't count on them to prevent hostile machines on the
switch from playing games with the arp protocol. Also I believe that if
a switch doesn't remember where a particular mac address is it will send
the packet to all of the attached ports.
If you have 6 app servers it's just daft to stick 6 NICs in your DB
server. If absolute privacy is a concern (not mentioned by the OP),
then use a dedicated switch (or switches) for the 'private' subnet.
Even better, use SSH. But all this is over the top for 99.9% of uses
anyway. A VLAN is as private as anything else, so you can just create a
VLAN on your current switch fabric and use that. No kind of traffic on
a VLAN will hit any other VLAN. Unless of course someone has hacked
your switch, set up a mirror port, attached a sniffer or other hacked
machine to it, and is assiduously reading your traffic, in which case
you have bigger problems....
M
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
