| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 278.1 | | HELIX::MIANO | My parents think I'm in college | Tue Apr 29 1997 17:28 | 21 |
| > 1. Does VxWorks support multiple IP addresses per IP interface? If yes,
> how many?
No. Each interface can only have one address. I'm not sure what would
happen if you set one address and then tried to set another. The new
address might work. However, even if it did, you'd still can only use
one at a time.
In some cases, we do support multiple interfaces. For example, you can
put up to 4 Tulip adapters (DE435 DE450, DE500, DE520 in any
combination) on one Alpha system. Each adapter gets a unique address
but each can only have one.
> 2. Are there any features in standard VxWorks IP stack which should be
> switched off to ensure that security cannot be compromised?
Certainly. Any of the applications can be removed -- NFS, rlogin,
telnet, etc. However, all the low level protocols come in a single
chunk. For example, you can't remove UDP and keep TCP.
Mike
|
| 278.2 | ifFlagChange() | ZYDECO::BODA | Realtime Expertise Center | Wed Apr 30 1997 14:09 | 5 |
| FWIW, there is also ifFlagChange() which can modify the network interface flags.
One has the ability to turn off the network services' recognition of
ARP broadcasts, for example. That might be beneficial in the case of
a multi-homed VxWorks node which has multiple network interfaces or where
the VxWorks node uses Proxy ARP with the SM network.
|
| 278.3 | would PROXY ARP do the job? | NBOSWS::BLUNDELL | | Mon May 05 1997 04:26 | 22 |
| Thanks for .2, it made me look at the manual and realise that perhaps
Proxy ARP could do my job.
Proxy ARP support suggests to me that the IP code for one interface is
capable of responding to more than one address on that interface,
correct?
If so, that is what I want except that I need some plumbing to get
PROXY ARP to get the addresses from Area A to be fitted into the PROXY
ARP table on the machine connected to Area B, and vice-versa,
or is my thinking faulty?
If my thinking is correct, then do we, DIGITAL, have access to the
IP source to see whether this "plumbing" is possible? Or perhaps
support from Wind Rivers?
I feel unwilling to give-up currently, hope some one can help further!?
Rgds
Bill.
|
| 278.4 | | HELIX::MIANO | My parents think I'm in college | Mon May 05 1997 17:45 | 27 |
| > Proxy ARP support suggests to me that the IP code for one interface is
> capable of responding to more than one address on that interface,
> correct?
Not really. The Proxy Server only has one address. All it does is route
requests for other addresses between interfaces. It allows nodes
attached to separate interfaces to communicate in the same subnet, thus
conserving subnets.
I guess I don't understand enough about the issue. How does multiple IP
addresses per interface solve the problem? Do they want Area A and Area
B on separate networks? If so, Proxy ARP will allow nodes in Area B to
communicate transparently with nodes in Area A. It seems like what they
really want is Area A isolated from Area B except through a node which
is on both networks and which validates the data received by Area B.
You wouldn't want Proxy ARP. A node on both networks knows how to talk
to each. You don't want the nodes in Area B ever to access the nodes in
area A directly.
> If my thinking is correct, then do we, DIGITAL, have access to the
> IP source to see whether this "plumbing" is possible? Or perhaps
> support from Wind Rivers?
Whatever happens, don't count on modifying anything in the operating
system. TCP/IP and Proxy ARP would need to be used "as is."
M
|