network segmentation without using vlans

Wed Feb 20 00:13:42 UTC 2008

On Feb 19, 2008 4:03 PM, James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote:
> "However protocols normally used over network connections, such as
> TCP/IP <http://en.wikipedia.org/wiki/TCP/IP>, that require
> acknowledgments <http://en.wikipedia.org/wiki/Acknowledgments> to be
> sent back, cannot be used over a unidirectional network. This prevents a
> large number of programs from being able to function normally over such
> a network. Importantly the Unidirectional Network does not prevent
> viruses or other malicious programs from being transferred on to the
> high network and compromising the integrity and availability of the
> data. Furthermore since the low side cannot receive data from the high
> side, it can never reliably establish that data has been successfully
> transferred^[1]
> <http://en.wikipedia.org/wiki/Unidirectional_network#_note-Slay_1> ."

Of course this is true for TCP, but I got the sense we were talking
about layer2.  At that level, you send out data, and it hits the port,
causing the switch to cache the source ARP address.  You don't need
info to return.  Let's pretend it was a stock ticking server, and all
it did was pump out the data form this host.  There is no need to have
return communication...

> As I mentioned, there is hand shaking that goes on, when a device is
> plugged into a switch.  This is called the link integrity test.  Also,
> most equipment now performs auto-negotiation, to determine speed &
> duplex etc.  How will either of these work, if one device can't hear the
> other?

You don't need to enable auto-negotiation.  You can very easily set
the link speed using a variety of tools used in your Linux distro :-)
Additionally, there are many wires in a standard CAT6 cable.  Quiz:
Which wires could you eliminate and still send data out, even linking
properly to a switch using manual negotiation?  :-)  Are you sure it
is not possible, or are you merely stating a claim which you have not
verified...
-- 
Kristian Erik Hermansen
--
"It has been just so in all my inventions. The first step is an
intuition--and comes with a burst, then difficulties arise. This thing
gives out and then that--'Bugs'--as such little faults and
difficulties are called--show themselves and months of anxious
watching, study and labor are requisite before commercial success--or
failure--is certainly reached" -- Thomas Edison in a letter to
Theodore Puskas on November 18, 1878
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists