The Eaglet subnet partitioner is used in situations where further isolation is required within the local area network. The same type of computing hardware is recommended for the Eaglet as for the Eagle; however, no additional authorization box is required. The Eaglet, as the name suggests, acts as an offspring of the Eagle, receiving guidance rules (the authorization file) from the parent Eagle. This is done either upon startup of the Eaglet or following changes that have been made to the authorization file; the Eagle force feeds changes to Eaglets. The latter is an automatic process: any time a configuration change is made, gwcontrol communicates this change to each Eaglet (specified in the file /usr/adm/sg/eaglets). The authorization rules are sent over the network in an encrypted form to prevent reading them with network sniffers or other similar mechanisms.
While each Eaglet holds in memory (not on disk) a copy of the authorization file, only those entries in the file which specifically refer to that Eaglet apply to the subnet being guarded. Thus, multiple Eaglets can run in your network, with each one's security enforced. Therefore, someone outside a protected subnet is unable to sniff or snoop confidential information that is being restricted to that subnet. For example, there is no need for someone outside of the accounting department to ever be given the opportunity to indiscriminately listen to accounting data packets for which they do not have a legitimate need. Ethernet sniffing is extremely hard to manage on an enterprise wide basis because of the broadcast nature of the transmissions. Some vendors have accomplished this through smart (and expensive) bridges, but there is nothing that they can do if the communication is via X.25 or Token Ring network media.
As described earlier, the authorization file may contain rules applying to Eaglet(s) in the network. Here is the syntax:
eaglethostname: source allow destination
Note that the Eaglet's hostname precedes the source host in this rule, with the colon as a separator.
The gwcontrol program on the Eaglet will report and log activity with respect to the subnets to which it is connected. The same full set of rules and notify features which apply to the Eagle may be rules for the Eaglet.