Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

Let's say I'm an ISP and I lease a 10G transport pipe to an IX (Frankfurt or Amsterdam), with the purpose of buying transit from 2 different tier 1 providers (2 resellers, probably) and peering with content providers.

What happens inside the IX?

Do I get one switch port and I have to rent rack space for my own equipment there? The peerings are physical, with cables between my switches and the peer switches?

Or I only get a VLAN and the peerings are inside the IX main router/switch? And I route the traffic from my VLAN to my peer's VLAN?

Or?

I've googled for the past days, but I'm still confused. Anyone has real world experience with this?

Thank you.
0
Will your db performance match your db growth?
LVL 2
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Hello,
I wanted to get an idea of what others are doing in the area of HA for Exchange 2016.
Right now we have two Exchange enterprise servers in a DAG at our HQ and one more at a satellite office.  We are using our old 2013 Exchange server as a load balancer.   However, this 2013 is a single point of failure and we want to remove it all together from our environment.

Network redundancy is in place, but we are looking for a solution that provides HA between the network and Exchange.  I'm trying to avoid DNS round Robin or Network load balancing.  Different DNS servers would hand out ordered IP address lists in a different rotation and just like Windows Network Load balancing, we wouldn't have any checks against the Client Access server itself. So if OWA , EWS or any other web application has a fault, clients will still attempt to access that server and see an error message until an administrator resolves the issue.

We have a little shy of 400 active mailboxes and not a tremendous amount of traffic.   I know a Network Load balancer will do the trick.  But given our size and traffic I do not think load balancing is necessary.  However, the functionality to monitor multiple services and if one service is down, such as EWS, only route traffic to ones with working EWS is a bonus.

Bottom line... I just wanted to see what other people are doing out there and get some ideas.

Thank you in advance.
0
Is the below capture in any way indication why the host 10.255.0.50 is so dreadfully slow? It's a backup from a host pushing data over to outside cloud.


 1: 11:39:11.779866       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: P 3248280326:3248280838(512) ack 4046900626 win 39 <nop,nop,timestamp 21801362 1515457710>
   2: 11:39:11.788151       802.1Q vlan#900 P1 209.222.83.40.5128 > 10.255.0.50.60658: . ack 3248280838 win 0 <nop,nop,timestamp 1515457779 21801362>
   3: 11:39:11.791813       802.1Q vlan#900 P1 209.222.83.40.5128 > 10.255.0.50.60658: . ack 3248280838 win 31 <nop,nop,timestamp 1515457780 21801362>
   4: 11:39:11.791966       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248280838:3248282206(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   5: 11:39:11.791981       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248282206:3248283574(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   6: 11:39:11.791997       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248283574:3248284942(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   7: 11:39:11.792012       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248284942:3248286310(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   8: 11:39:11.792027       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248286310:3248287678(1368) ack 4046900626 win 39 

Open in new window

0
Hi

I have two 48 port switch. ones POE and the other isn't. is it possible to move configs from one to the other. they are both new switches. They are only web ui managed
0
Currently have interfaces set up with (2) vlans

mgmt 86
cpe 87

When controller is set to tunnel traffic and use controller as gw - clients are able to get an ip off ruckus ap.
When controller is set for nomadix to be gw - clients are NOT able to get an ip off of ruckus ap.

As it stands, I'm trying to understand what is preventing clients from using nomadix as gw.
Cisco box is currently set to switch mode with the following for int:

 interface gigabitethernet1
 switchport mode general
 switchport general allowed vlan add 87 tagged
 switchport default-vlan tagged
!
interface gigabitethernet2
 switchport mode general
 switchport general allowed vlan add 87 tagged

Please keep in mind that I am testing a ruckus ap on int2 and can access internet if traffic is tunneled to ruckus controller. What's odd to me is that the cpe vlan for the ruckus controller is not even on this cisco switch but I'm able to pull a cpe ip.
 
To reiterate, I am having trouble getting an ip when controller is set to using the nomadix as a gw for client ips.

Looking for any enlightenment as I've been working on this for a few days already and am stumped.

Thank you!
0
Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's   Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?  

It's a perimeter NIDS (not internal network NIDS)

Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console?  Lack's integration with
     firewall (to block bad/malicious source IP ??) ?
c)  any other ...  ??

I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
0
Hi,



Can anyone help in identifying why once my vpn client enabled. I can  ping all other internal IPs except 192.168.4.1(interface DatabaseZone)  and 192.168.3.1. My vpn client assigned 192.168.5.100 which is in  the range ov VpHi,



Can anyone help in identifying why once my vpn client enabled. Cant ping any of internal IPs configuration like 192.168.4.1(interface DatabaseZone) . My vpn client assigned 192.168.5.100 which is in  the range of Vpnclients object-group configuration.nclients object-group configuration.

here attached output from "show vpn-sessiondb detail remote"
vpn-sesssiondb-detail.txt
0
People,

I'm trying to implement email resiliency solution internally and also externally with no Load Balancer access, so I came up with the below Idea:

http://www.tutorius.com/setting-up-a-dns-round-robin-in-windows
http://exchange929.blogspot.com.au/2013/10/high-availability-for-exchange-2013-cas.html

which I will be applying for all of my Exchange Server 2013 Std. Edition running CAS role:

Internally
AutoDiscover.domain.com points to CAS server 1 internal IP address on AD Site 1
OWA.domain.com points to CAS server 1 internal IP address on AD Site 1

AutoDiscover.domain.com points to CAS server 2 internal IP address on AD Site 2
OWA.domain.com points to CAS server 2 internal IP address on AD Site 2

...

AutoDiscover.domain.com points to CAS server N internal IP address on AD Site N
OWA.domain.com points to CAS server N internal IP address on AD Site N

and also Externally
AutoDiscover.domain.com points to CAS server 1 public IP address on the internet.
OWA.domain.com points to CAS server 1 public IP address on the internet.

AutoDiscover.domain.com points to CAS server 2 public  IP address on the internet.
OWA.domain.com points to CAS server 2 public  IP address on the internet.

...

AutoDiscover.domain.com points to CAS server N public IP address on the internet.
OWA.domain.com points to CAS server N public  IP
0
A few years back I had to fly to a remote data center and was sent several cisco switches that were to be "stacked" I recall unboxing everything and plugging it all in via instructions from my home office. I booted with a console cable and configured the initial IP address. Then home office pretty much took over and although I was able to observe a lot if it did not sink in. I do recall the stacks only had 1 IP address each and since it was a remote data center we had set up switch redundancy. I remember plugging in cables that had to be crossed to the switch below and when it was all done everything was set with dual power supply and I could have sworn it was configured so if a switch failed another one would take over. I had another job after that where a cisco stack was already installed. I recall 5 switches and when we had to shut down power the Master had to do go down last and come up first. At least I think that was the order, it was written on the wall next to the devices. I am asking all this because I have a job interview that will including installing and initializing a lot if Cisco devices including stacks. It sounds like it will be very similar to what I did years ago, installing the hardware and getting it set so the engineers in the home office could take over. I just do not remember the purposes for a stack as apposed to multiple switches. I know you will save IPs by configuring a switch as a stack, but what the other main reasons? I know the remote install …
0
How do I go about setting the QoS recommendation, ie EF/AF4/Af3 etc for MPLS network?  What parameters should I be looking? The SP wants us to tell them what we want?
0
Percona Live Europe 2017 | Sep 25 - 27, 2017
LVL 2
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Cisco ASR loopback interface is Gigethernet 0/0/0.2, if I want to check bandwidth utilization on this interface,how can I check, because show interface Gigethernet 0/0/0.2 | i rate command doesn't work here
0
Greetings,

My goal is to allow a 3rd party vendor access to our internet but not to our internal LAN Subnet by using the DMZ port on our Sonicwall TZ300  connected to  their hardware  router (Linksys EA6400).

1. Is this possible?
2. Is this the easiest method since we already have both hardware routers?
3. Will this truly separate our access to each others LAN networks?

Thank you in advance.

COM1
0
We purchased a new company, they have firewall, sonicwLl and t1 fiber. How to connect new company to our existing company so that we can share the resources?
1
Hi there,

I know its kinda a ridiculous question since the Cisco Nexus Series is high end data center hardware and the Cisco SG500X is SMB. But for my home lab I am planning for the future and a good friend who runs a big data center wanted to sell me some nice Cisco Nexus Stuff. So I could get them very very cheap few hundred bucks vs. the around 1k for the SG500X-24. To be specific it would be a Nexus 5596UP with a 2248TP expension.

Would you go for the Nexus or for the SG500X? What are the gotcha's with the Nexus?

I know that the SG500X does L3 stuff out of the box. The Nexus 5596UP needs the L3 Module and the right License file for it. Also the Nexus 5596UP can't do 100MBit but I guess that's solved with the 2248TP Expension.

Thanks,
Yves
0
Hi Experts

We had one of our 3750's hardware fail, will not power on. Were currently purchased a new 3750 to replace. Would like some general guidelines on the steps to do so. the most important we want the vlan information to come across.
Do we backup the config on an existing switch and apply it on the new one? - We tried and received a lot of errors
Do we apply the vlan and other port information (below is our existing) to match what we already have.
How do we place the switch back in the stack, unpowered and connect all the stacking cables and then power it on?
What Impact will that have on the stack, will it power down?
What will and will not come across after we add the switch to the stack, do we need to set a password on the new switch, I know after you add the switch the master takes over and it applies some information - firmware.

The switches in the stack has a lower SW Version than the new switch being added will it be downgraded automatically or something we have to do manually.  (sw version of the switches in stack 12.2(25) SEB4 \ New Switch 12.2(55)SB


interface FastEthernet1/0/12
 switchport access vlan 10
 switchport voice vlan 20
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast



Thanks Much
0
Any thoughts on the  ARUBA IAP-205 WIRELESS ACCESS POINT s?

I have about 4 or 5 outhouses and I want an goof Wi-Fi solution.

Thank you.
0
How can I tag traffic on physical interface of a Cisco router?
I know I can create sub interface but I want to know if it is possible on a physical interface.
There is a command vlan-id dot1q available for physical interface but does not work.
0
Dear guys, I have this scenario:
- The original IP network which ISP provide: 13.14.24.160/28 (no worry, it's fake)
- I don't know why the IT guy who worked here before request ISP to split that network to 2 subnets: 13.14.24.160/29 and 13.14.24.168/29
- However, I was handover the instructions to get Internet for LAN network as the attached picture without any other explanation

Can anyone help me to answer these?
- Please explain the way end-users in LAN network to go the Internet. Which IP network should we configure in users' PCs?
- Please give me some ideas that clarify the purpose of the splitting?
- Can I place the pfSense firewall in the Router position? If so, is there any device/configuration we need to focus?

Many thanks as always!
Diagram.png
0
Dear guys, can you please explain the advantages and disadvantages of Wireless Transmit power? Why do they always recommend -65 dBm for users? If I increase the AP's power to the maximum, is it always good?

These attached pictures display the coverage when changing AP's power. I use VisualRF to test HP AP Aruba 205H, can you suggest some ideas about the results?

- Red color: -45 dBm
- Orange: -55 dBm
- Green: -65 dBm
- Blue: -75 dBm
Auditorium_18dBm.PNG
Auditorium_12dBm.PNG
Auditorium_10dBm.PNG
0
Free Tool: Path Explorer
LVL 9
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I have two locations with almost duplicate setups.  
Location 1:  On a network run by a PDC.  The ISP is a cable company.   The one office in this location has 3 computers all connected to the network via a Netgear 5 port switch.  But also connected to this switch is a DSL connection via a dsl modem line to a preset location..  When the users need to connect to this dsl line they just click on the shortcut created on their desktop that directs them to the preset IP address.   All other communication for everything else goes through the regular PDC/cable network.  Using DHCP and automatically sees PDC as DNS provider.  Works great.

Location 2;  On a network but run just by a router, not a PDC,  through the local Cable company.  Two computers connected via an identical 5 port Netgear switch as in the location 1.  They have the the exact same dsl line via the same dsl modem connecting to the same IP address as in location 1.  The problem is that you can only connect to one or the other in location 2.  If you want to connect to the dsl location via the dsl modem, you have to disconnect the cable from the router from cable company at the Netgear switch.   Or if you want to  use cable you need to disconnect dsl modem from switch.  Also running DHCP and DNS being provided by either the DSL or cable depending on which you are using.  

What would cause one to work and the almost identical one won't?
0
Hello Everybody ,
 
 need you support RnS Expert Engineer

my scenario , the requirement are the router automatically move the the traffic flow based  link delay by using PFR with active/ active  by using Active/ Active ISP link utilization .

 here  are requirement and configuration    

LAN subnet :-
 188.117.100.172/29
 188.117.124.36 /29
my goals  to measure the traffic over all the available ISP
the  primary path of the first subent  is  ISP 0A, primary path of the 2nd subnet is ISP02
if the any ISP link experiencing any delay the  inbound and outbound shift the traffic automatically .

MY BGP configuration  
ip bgp-community new-format

outer bgp 7770
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor 172.21.8.169 remote-as 41176
 neighbor 172.21.8.177 remote-as 41176
 !
 address-family ipv4
 
  network 188.117.100.172 mask 255.255.255.252
  network 188.117.124.36 mask 255.255.255.252
 
  neighbor 172.21.8.169 activate
  neighbor 172.21.8.169 send-community both
  neighbor 172.21.8.177 activate
  neighbor 172.21.8.177 send-community both

ISP's BGP Configuration

neighbor 172.21.8.170 send-community both
  neighbor 172.21.8.170 default-originate
  neighbor 172.21.8.170 soft-reconfiguration inbound
  neighbor 172.21.8.170 prefix-list  PFR out
  neighbor 172.21.8.170 route-map BGP_COMM in
  neighbor 172.21.8.178 activate
  neighbor 172.21.8.178 send-community both
  neighbor 172.21.8.178 default-originate
  …
0
IS-IS router summarization can only be done on L1/L2 router is this correct.
There is now other place to do route summarization.
0
Hi All,

I'm currently looking at this proposal & thinking of implementing OSPF & MLPS I'd like some support with the config & any ideas of best practices?

Thank you all.
ospf.PNG
0
I have a security camera project that requires a run of about 1000FT for a few cameras.

I know Cat5/6 are not options due to the 300ft limitation.  I guess I could use POE switches at 300/600/900 ft as repeaters but that doesn't sound like a viable solution.

any ideas?
0
Why would I be getting these errors on my logs. I am running DMVPN.
 dest_addr 4.5.6.7, SPI 0x8e584d60
000058: May 15 09:18:21: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000309438262163039 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000059: May 15 09:19:53: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000309529825315373 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000060: May 15 09:39:13: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000310690125718495 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000061: May 15 09:50:40: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311376506767405 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000062: May 15 09:52:37: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311493607193615 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000063: May 15 09:53:38: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311554565979494 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000064: May 15 09:58:38: 

Open in new window

0

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.