Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Jul 1999 12:44:29 -0700
From:      "Kenton A. Hoover" <shibumi@lehub.com>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: poor ethernet performance? 
Message-ID:  <199907211944.MAA00781@miranda.lehub.com>
In-Reply-To: Your message of "Wed, 21 Jul 1999 00:33:31 PDT." <199907210733.AAA25177@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
You can hijack the MAC address after the CAM table (not ARP cache) times 
out for the switches.  However, you can't just listen to their traffic 
unless you're on a span port (and span ports don't always work correctly).

VLANing has a number of goals, of which you are listing only one.  Another 
is to permit any net to appear on any switch within the switch fabric.  
VLANs are usually used in a form that spans multiple switches, not just 
using VLANs on a single switch.  At an installation I put together in 
India, we used VLANs to allow us to better use IP addresses in a strange 
physical layout.  When we were building out our New Site Architecture at 
Cisco in San Jose, we used VLANs to cut down the number of routing 
components necessary and further to take advantage of Layer 3 
short-cutting in a number of spots around the buildings.

On Wed, 21 Jul 1999 00:33:31 PDT, Sendmail channeled Matthew Dillon saying:
>     The switch routes traffic based on its ARP cache.  While you cannot 
>     easily monitor another port's traffic, you can take over its MAC address
>     and steal its traffic.
> 
>     Cisco VLANs perform a different function.  Remember that a logical ethern
et
>     segment is typically routed by a single network route.  For example,
>     a class C or a subnetted class C.  The catalyst allows you to throw
>     machines into different VLAN buckets which, in addition to the better
>     security, allows you to assign separate subnets to each bucket.  The
>     switch itself doesn't care, but this can reduce global ARP traffic
>     significantly.   Catalysts can have hundreds of ports stuffed into them.

(ex-of Cisco Systems)


| Kenton A. Hoover                                  | shibumi@marchordie.org |
|  Private Citizen                                  |                        |
| San Francisco, California                         |                        |
|===================== http://www.shockwave.org/~shibumi ====================|
|       A non-vegetarian anti-abortionist is a contradiction in terms.       |
|                                 -- Phyllis Schlafly                        |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907211944.MAA00781>