IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

New Understood.
Do I understand you to say that physical isolation doesn't buy you much? If I've got edge/dmz vm's running on the same esx host as lan vm's and one of the edge/dmz vm's is compromised through a ddos attack or similar, are you saying that this scenario does not present a significantly worse problem than if the edge/dmz vm's were on a completely different host, wired into a different switch/san etc. than the lan vm's?
New you can flood the edge vm's until the network stack is plugged
depending on how your backplane is configured without causing any lan traffic to be impacted. Depends on whether the backplane can be isolated. On the unisphere gear (now jupiter I think) we could completely isolate the bandwidth on the backplane by allocating max thruput. That was in the late 1990's. Once that value was hit that's all it could use. If your gear can do that, it simplifies matters.

Also note your edge gear on a shared box should be wired to different san and switches than your lan gear.
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
New Thanks.
     This could go in Software and Apps, but I think this is the place for a VCenter Q. - (mmoffitt) - (6)
         separate stacks can be on the same hardware - (boxley) - (5)
             So, you'd say ... - (mmoffitt) - (4)
                 what is a hardware firewall? - (boxley) - (3)
                     Understood. - (mmoffitt) - (2)
                         you can flood the edge vm's until the network stack is plugged - (boxley) - (1)
                             Thanks. -NT - (mmoffitt)

It's hard to be religious when certain people are never incinerated by bolts of lightning.
46 ms