Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

I have an ASA adjacent to a router with the following redistribution into the EIGRP AS shared with the Cisco ASA:

redistribute eigrp 100 metric 100000 0    255    1      1500 route-map EIGRP100-TO-EIGRP10

When I look on the ASA route table it's showing an AD of 170 and a metric of 25856 for the routes in EIGRP 10 that were redistributed from EIGRP 100.

EIGRP Metric = 256 * ( (K1*Bw) + ( (K2*Bw) / (256-Load) ) + (K3*Delay) ) * (K5 / (Reliability + K4) ) )    {I'm assuming default K values 1 0 1 0 0 }

256*((1*100,000)+((0*bw/256-load))+(1*0)   *    (0/255+0) => 25,600,000
           K`1*BW            K2*Bw                    K3*dely    K5/Rel+K4

Anyhow the ASA is seeing traffic taking this route as 25856. I can not figure out where that number is coming from. The actual bandwidth between the ASA and router is 1Gbps.

Any insight appreciated!
0
I'm running UCS 4.04 and I am not seeing in the GUI where port channels connecting upstream to the LAN are associated with which VLANs.
If I SSH to UCS I can see that the new VLANs I added on the server NICs appear to be (automagically?) appearing on the port channel to
the network. But if I go into LAN Uplinks Manager/VLANs/VLAN Manager I expecting to see the port channels underneath the VLANs with
which they are associated. But that is not the case. From nxos CLI note the VLANs and their association with the uplinks.Perhaps it's the case that if you don't specifically assign a VLAN to an uplink that all VLANs automatially are permitted on those uplinks?

Partial config from connect nxos:

vlan configuration 1,9-11,20,30,32
vlan 1,9-11,20,30,32


interface port-channel2
  description U: Uplink
  switchport mode trunk
  pinning border
  switchport trunk allowed vlan 1,9-11,20,30,32
  speed 10000
 
interface Ethernet1/1
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  channel-group 2 mode active
  no shutdown

interface Ethernet1/2
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  channel-group 2 mode active
  no shutdown

interface Ethernet1/3
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  …
0
I'm in a new gig and I want to understand what happens if a site's Internet link goes down what takes over for their default route.
The routing protocol is EIGRP.

{DATA CENTER}-----WAN EIGRP-----{OFFICE}-----LAN EIGRP----[Cisco ASA]-----{INTERWEBS}

So the switches in the OFFICE are learning their path to the Internet from the Cisco ASA which advertises
a default route inward via EIGRP. The ASA learned it has the default via OSPF from an edge router
outside of it. My guess is that the DATA CENER's default route would propagate over the WAN to
the OFFICE in the event the Cisco ASA stopped advertising the default route inward.

How could I find out the behavior of the lost default route without causing an outage?

Thank you.
0
I'm looking for generic low-level design (LLD) templates. This current project will include campus (LAN), WAN and DC builds.
0
Dear Experts
We recently decided to implement MPLS connectivity between two locations, the location 1 head office which has ILL (leased line) Cisco FTD on Fire pro 1010 with cisco FMC appliance.
Since it is managed MPLS connectivity service provider has placed their router equipment in both the locations in that port 0 they have connected it to their modem and port 1 we are thinking to connect with ethernet cable to our switchs at  
At branch office
Please suggest at branch location port 1 of the service provider router equipment will be connected to the local switch and same router we have asked to the configure as DHCP server.
At head office
We have connected service provider router to local switch making use of port 1 but here we have windows AD functioning as DNS and DHCP hence service provider router is not configured to function as DHCP server.
1.      Please suggest should the MPLS router to be connected to firewall (CISCO FTD) or is it okay to connect directly to our local switch
2.      Since we are in MPLS network can we think to configure DHCP slave at branch location OR dhcp primary server
3.  please suggest is it recommend to have RODC in branch office, we prefer to join the systems of branch office to domain (windows AD) which is in head office

Branch location IP pool is 192.168.105.0/24 and head office IP pool is 192.168.109.0/24
please help on above 1 , 2 and 3 suggest the best practice design, thanks in advance.
0
Customer looking for WAN optimization. I’m struggling to find appropriate options, as it appears Cisco is ending their WAAS options. The customer mentioned Riverbed, but indicated it was likely too expensive…

The customer isn’t technical, so wasn’t too helpful on the discovery call, but I gathered the following:

•      They have three Ethernet (L2) circuits into their primary location in CA.
•      They sounded like E-Line/ELAN, but…
•      150M, 100M, 20M (being replaced with a 600M down/35M up) – so, the latter is obviously broadband/DIA
•      They couldn’t identify how the Internet connection is being firewalled
•      They have a Mushroom Networks (never heard of it) consolidating these links, somehow providing an SD-WAN policy for them.
•      Nothing (according to them) is being encrypted.

So, all of that wildness aside, they’re looking for something to front these appliances to accelerate their throughput. I’m open to a solution to optimize over each of three links or something larger, such as an SD-WAN option to bring all of them into a policy, etc.
1
I am unsure of the functions of the Ubiquiti Unifi Security Gateway.

The installation I am working on has 8 Ubiquiti Unifi wireless access points.  At the present time I have the Ubiquiti Unifi controller running on a Windows machine.

Is the Security Gateway also a router?  The cable company - Optimum Online - provided a cable modem and a wireless router. Can I replace the cable company's equipment and connect the Security Gateway between the cable modem and the network switch?  

The website says "Integration with UniFi Controller.  This is unclear as to whether the UniFi Controller is built into the Security Gateway, or whether I need to continue using the controller computer.
(I assume that I program the Security Gateway using a computer.)

Ubiquiti also mentioned that the device allows remote management.
Does this require purchasing two units, and then setting up the VPN server?

Thanks and Merry Christmas to all!
0
Hi,

Our company internet provider set us up with a new modem which would deliver faster speeds and has the IBGP failover ability. In order to use the IBGP failover we would need to designate 1 (or 2?) IP's from our small block of IP's, or get rid of the current ones and use a larger block of IP's.

Does it make sense to just consolidate our current IP's instead of purchasing a larger block of IP's? We currently have 5 public (outside of the broadcast)

Is it best practice/ industry standard to purchase larger amount of public IP's?

Thank you.
0
Dear Experts
We have implemented CRM application( web based ).  our customer will login to this and this application for reports and analytics. our customer is in a different country hence they want the news/update on certain products that is in our country, they have asked to provide the solution for them. Our CRM developer says he can integrate certain news channels so that customer can login to CRM and see the news updates, As an IT security point of view I have asked which all websites but he is not sure at the moment which all websites will have to integrate ,
1.      I have informed them we may have to look for different solution instead of CRM application for this until technical approach or detailed tech specs are shared with me. However would like understand is it a right way, is the CRM application using for this is it as right tool
2.       instead should we have to develop a portal and store all the details and share the portal to them.
3.      As CRM has sensitive data integration with new sites will it be recommended , when it comes to integration please suggest the measures to be taken
4.      What solution we need to go for news capturing and store it and share it with customer please suggest .
please help with above , thanks in adance.
0
Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …
0
I am doing some discovery on a spoke of a DMVPN. I don't have access to the hub/hubs.
In the configuration seen below I have several ip nhrp map multicast statements and ip nhrp.
Is this indicating that this spoke has six different hubs to which it *could* register if the first one goes down? Thank you.

 ip nhrp map multicast 66.66.8.129
 ip nhrp map 10.77.126.1 66.66.8.129
 ip nhrp map multicast 66.66.8.130
 ip nhrp map 10.77.126.2 66.66.8.130
 ip nhrp map multicast 66.66.8.136
 ip nhrp map 10.77.126.3 66.66.8.136
 ip nhrp map multicast 66.66.8.138
 ip nhrp map 10.77.126.5 66.66.8.138
 ip nhrp map multicast 66.66.8.134
 ip nhrp map 10.77.126.7 66.66.8.134
 ip nhrp map multicast 66.66.8.131
 ip nhrp map 10.77.126.9 66.66.8.131
0
I need to clone/copy a Cisco 2960 layer 3 switch config to an identical Cisco 2960.  I need to also copy the layer 3 configuration (routes, vlans, etc).  Anything I have seen only lets you copy the layer 2 config.  Yes I tried to Google the problem first, but there is not much I can find on how to do it.
Any help would be appreciated, thank you.

Steve
0
Client has a /16 and wants to advertise a /24 within the /16 via a new carrier at one of their smaller sites. Are there any things I need to discuss with the current carrier or the new carrier to make sure the new peering doesn't interfere with the existing route advertisements? Any other gotchas to consider in this operation? Thanks!
0
I am trying to install SSL certificate on F5, I keep getting Import error (Screenshot attached) I have tried entering password, and changing the option for Key security, it doesnt work.

The certificate i am selecting is in .pem format, have selected .crt and .p7b as well, none of them works.

Have anyone experienced the same error?

Thanks for your help.
0
Dear Experts
Servers having two PDU's and each power units connected to separate UPS if one UPS goes down server hardware will continue to work with other UPS, have following doubts
Does server hardware consumes power from both the PDU’s all the time equally OR  is there a concept that one PDU will be primary and if this goes down only then secondary PDU becomes active and this will keep the server running. please help me understand. Thanks in advance.
0
Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
TCP myServerIp:9001 141.86.25.16:60046 ESTABLISHED
TCP myServerIp:9001 141.86.25.16:62084 ESTABLISHED
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Thanks
0
Dear Experts
Please help understand the difference between Network architect and IT infrastructure architect, does both means the same or different and if different please list the scope of each, this will be great help. thanks in advance.
0
We are adding optus phones network at our office, I need to open up two ports on firewall. i.e.

FTP(XMPP) Port (1081) is Closed

How can I add this rule under Meraki MX?

Thanks.
0
Hello Experts,

We are planning for a network infrastructure upgrade. It includes structured cabling and active systems.
The network is currently running Cat5e cables, patch panels and faceplate modules.
Cisco Catalyst 3560 is deployed at edge and 6506 at Core.
We want to upgrade the infrastructure to Cat6a structured cabling, Fiber cabling supporting 10g and Cisco Switches with  SD-Access.
Therefore, we are looking for tips and suggestions to start preparing the plan.
0
I am looking to develop an automation tool that can assist a NOC operation with WAN outage recovery without technician interaction. The automation tool will run in the lan environment (with no external access) and interact directly with the WAN interface. Please note this tool will not interact with any third party devices outside of the WAN environment. The test environment has Cisco Routers/Switches and uses Spectrum Monitoring.  Looking for suggestions on use cases and example event flow to develop on.
0
I'm looking for some help re-configuring my home network. Here is current setup:

Comcast cable comes into data enclosure in garage wall to a 2-way Splitter. One coax goes to Gateway in my office. Patch cable out of Gateway to a switch beside it which connects my desktop and network printer. Patch cable from this switch to the wall jack backfeeds back to the data enclosure in the garage. Patch panels in the data enclosure connect to small switch in the data enclosure to provide network to other jacks in house.

First, I'm planning to ditch the Comcast Gateway and go with my own modem and router. I want to add a Ubiquiti Cloud Key Gen 2 Plus and eventually a couple of security cameras as well. I'd like to centralize things a bit more instead of going to my office and then backfeed to the data enclosure before distributing to the rest of the house. Unfortunately, there isn't room in the data enclosure for the router, modem, etc. and even if there was, I'd be concerned about the temps. It can get pretty hot in the garage (90F+).

The room directly above the data enclosure in the garage is a storage room with heat and A/C. Perfect location for the network equipment. And it has a knee wall I can get behind and access the cables going down into the garage.  But I'm not sure how best to proceed.

There are 17 Cat5e cables coming into that data enclosure in the garage, 7 from top (upstairs jacks) and 10 from bottom (downstairs jacks). There appears to be enough length on the …
0
Hi,

I have three Cisco firepower. Two of them are FPR2120-NGFW-K9 and the third one is FPR4110-NGFW-K9. I want to buy Cisco firepower management center. What type of License do I need? And what is the estimate price for it?

Thanks
0
Dear Experts

We are planning to implement surveillance system in our factory for 24/7 recording footage and approximately 25 to 30 cameras  with feature of Night Motion Detection,  we prefer to have backups scheduled and replicated to head office our  factory and head office are connected with MPLS network. Synology has Surveillance solution would like understand does this serve the above requirement, it is also very much important for us to have every 4 hours backup and the same is secured and copy to the head office hence NAS box replication is required, please suggest.
0
Hi,

We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

Thanks
0
I discussed about Velocloud SDWAN w/ Aaron Tomosky in past and he provided a great deal of insights. This time my question is very brief:

Can VEP 4600 Device for Velocloud SWDAN accept a fiber handoff, our internet provider can only provide optical handoff.

Thanks;
0

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.