'silent VLAN's' & Security

["Aaron D. Turner" <aturner () vicinity com>]

My company is evaluating some co-lo providers.  One provider (who will
remain nameless) rather than giving each customer his own IP
subnet/VLAN off their Cisco Catalyst and using an RSM, puts them in a
*shared* VLAN on the same Class C.  Each customer system connects
directly to the shared Cat.  So if I have 10 servers, I use 10 ports
on the co-lo's Cat.

It doesn't take a rocket scientist to see that any site can be DOS'ed
to death if someone changes their IP on their system to be someone
elses system.  Implimenting a firewall between myself and other
customers is plain impossible.  I mentioned this to the company and
they told me they were going to be implimenting Cisco's new (and yet
released) 'silent VLAN' technology to prevent one customer from
being able to see another customer.  Everyone would still share the
same Class C however.

Now I know traditional VLAN's on Cisco Catalyst hardware can be forced
to pass traffic between VLAN's, especially during high load (which
being a co-lo company one would expect).  I would expect that this
flaw would also be in this silent VLAN technology.  Also, what about
someone changing their MAC address to be mine?  And will 'silent
VLAN's' really do what they say or is this some ploy to give me warm
fuzzies because they don't want to have to re-architect their entire
network?

Does anyone have any info on silent VLAN's?  Nothing on CCO, and
apparently it's still in alpha which has made getting any info
difficult at best.

Thanks.

-- 
Aaron Turner, CNE   aturner () vicinity com  650.237.0311 x252
Network Engineer    Vicinity Corp.        http://www.vicinity.com
Email-to-page: 6505721411.1146752 () pagenet net [Subject & Body sent]