[p_l]

Boeing actually attempted that on 787,with some VLAN trickery.

FAA caught it and forced them to redesign the setup.

As for actual AFDX networks - they have hardcoded forwarding tables and no MAC learning, and separation between networks tends to use data diodes

[solotronics]

As a network engineer it is terrifying that they would try this. Also, even if you have no MAC learning its trivial to sniff the MAC on an endpoint and then spoof it. You would really need pubkey based encryption where the key is stored in secure chips on every endpoint to know for sure what each device is connected to.

[kerng]

Companies do these things all the time and in other industries they get away with it. It would be nice if other industries would have similar strict audits and requirements.

[p_l]

the difference is that AFDX is a "closed" network. If you attached anything to it directly, you're already past the security boundary, as timing and reliability is more important than verifying identities in it.

[jakeogh]

tends?