We help IT Professionals succeed at work.

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

If I wanted to just add a PAN firewall to a DMVPN spoke site with an ISR, would it be fine for the ISR to sit NATted behind the firewall?

{INTERNET}-----[public IP]{PAN}[private IP}------[private IP]{ISR DMVPN}{private site IPs}-----{switch}

Currently the ISR has the public IP at its outside interface. The idea would be to give the public IP to the PAN and NAT to a new private IP on the outside of the DMVPN router. Would DMVPN work in that scenario?

Or would I be better off to configure the PAN as a virtual wire and retain the public IP address at the router?
0
hi
i need to implement a server test environment.
4 servers involved need to mantain the same ip address and windows name they have in production environment.
i'm using a zywall usg20 to manage this scenario
zywall has
WAN 192.168.120.1
LAN 192.168.1.1
on lan zone i have connected virtual switch of my 4 servers, this step is ok.

now i have to implement some kindle of nat, maybe DNAT, in order to:

if zywall receive a PING or Rdp request on
192.168.120.100
it has to route translating ti 192.168.1.100 server on lan zone.

i don't know if my explanation is clear..
ask me for details! thabks
0
I have a client that currently has a local server with approx 150GB of data.  It is running Server 2016 and has VPN access.  They wish to make access to the data easier, but need to maintain user right control.  They are ideally wanting:

1. Different users to have create / modify / read only access to various folders.
2. Be able to access the data with above permissions from Laptop / Tablet / Phone with as they put it, similar to onedrive as possible.
3. Total users are about 60
4. Accessible anywhere they have internet.

Essentially they have had issued with VPN's from the laptop and are happy to either move the data to a cloud host or keep the data local and add something to the setup to enable this type of access.  Everything I can see so far seems to be more about syncing data, so the data will sync on the devices rather than them just getting access to it.  I wondered if anyone had advice on the best solution to this.  they do have a 1Gbs connection at their current server so its not a bandwidth issue, their aim is ease of access to data while maintaining the security.
0
I have an ASA adjacent to a router with the following redistribution into the EIGRP AS shared with the Cisco ASA:

redistribute eigrp 100 metric 100000 0    255    1      1500 route-map EIGRP100-TO-EIGRP10

When I look on the ASA route table it's showing an AD of 170 and a metric of 25856 for the routes in EIGRP 10 that were redistributed from EIGRP 100.

EIGRP Metric = 256 * ( (K1*Bw) + ( (K2*Bw) / (256-Load) ) + (K3*Delay) ) * (K5 / (Reliability + K4) ) )    {I'm assuming default K values 1 0 1 0 0 }

256*((1*100,000)+((0*bw/256-load))+(1*0)   *    (0/255+0) => 25,600,000
           K`1*BW            K2*Bw                    K3*dely    K5/Rel+K4

Anyhow the ASA is seeing traffic taking this route as 25856. I can not figure out where that number is coming from. The actual bandwidth between the ASA and router is 1Gbps.

Any insight appreciated!
0
Hello Experts,

I am looking for feedback on this.

I have client that is expanding and the clients signed a contract for unmanaged wavelength from their data center on premise to the new site office ,  do you know what to expect exactly from the ISP.

The internet access will be from the data center.

Thanks,
0
I'm running UCS 4.04 and I am not seeing in the GUI where port channels connecting upstream to the LAN are associated with which VLANs.
If I SSH to UCS I can see that the new VLANs I added on the server NICs appear to be (automagically?) appearing on the port channel to
the network. But if I go into LAN Uplinks Manager/VLANs/VLAN Manager I expecting to see the port channels underneath the VLANs with
which they are associated. But that is not the case. From nxos CLI note the VLANs and their association with the uplinks.Perhaps it's the case that if you don't specifically assign a VLAN to an uplink that all VLANs automatially are permitted on those uplinks?

Partial config from connect nxos:

vlan configuration 1,9-11,20,30,32
vlan 1,9-11,20,30,32


interface port-channel2
  description U: Uplink
  switchport mode trunk
  pinning border
  switchport trunk allowed vlan 1,9-11,20,30,32
  speed 10000
 
interface Ethernet1/1
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  channel-group 2 mode active
  no shutdown

interface Ethernet1/2
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  channel-group 2 mode active
  no shutdown

interface Ethernet1/3
  description U: Uplink
  pinning border
  switchport mode trunk
  switchport trunk allowed vlan 1,9-11,20,30,32
  udld disable
  …
0
I'm in a new gig and I want to understand what happens if a site's Internet link goes down what takes over for their default route.
The routing protocol is EIGRP.

{DATA CENTER}-----WAN EIGRP-----{OFFICE}-----LAN EIGRP----[Cisco ASA]-----{INTERWEBS}

So the switches in the OFFICE are learning their path to the Internet from the Cisco ASA which advertises
a default route inward via EIGRP. The ASA learned it has the default via OSPF from an edge router
outside of it. My guess is that the DATA CENER's default route would propagate over the WAN to
the OFFICE in the event the Cisco ASA stopped advertising the default route inward.

How could I find out the behavior of the lost default route without causing an outage?

Thank you.
0
We have multiple smaller type ISP providers in the city using microwave technologies.  Basically installing antennas on buildings and pointing to their HQ location.  Trying to figure which one to pick based on their building location, etc.

What's the max distance they can go without the hop/repeater?
0
I'm looking for generic low-level design (LLD) templates. This current project will include campus (LAN), WAN and DC builds.
0
Dear Experts
We recently decided to implement MPLS connectivity between two locations, the location 1 head office which has ILL (leased line) Cisco FTD on Fire pro 1010 with cisco FMC appliance.
Since it is managed MPLS connectivity service provider has placed their router equipment in both the locations in that port 0 they have connected it to their modem and port 1 we are thinking to connect with ethernet cable to our switchs at  
At branch office
Please suggest at branch location port 1 of the service provider router equipment will be connected to the local switch and same router we have asked to the configure as DHCP server.
At head office
We have connected service provider router to local switch making use of port 1 but here we have windows AD functioning as DNS and DHCP hence service provider router is not configured to function as DHCP server.
1.      Please suggest should the MPLS router to be connected to firewall (CISCO FTD) or is it okay to connect directly to our local switch
2.      Since we are in MPLS network can we think to configure DHCP slave at branch location OR dhcp primary server
3.  please suggest is it recommend to have RODC in branch office, we prefer to join the systems of branch office to domain (windows AD) which is in head office

Branch location IP pool is 192.168.105.0/24 and head office IP pool is 192.168.109.0/24
please help on above 1 , 2 and 3 suggest the best practice design, thanks in advance.
0
Customer looking for WAN optimization. I’m struggling to find appropriate options, as it appears Cisco is ending their WAAS options. The customer mentioned Riverbed, but indicated it was likely too expensive…

The customer isn’t technical, so wasn’t too helpful on the discovery call, but I gathered the following:

•      They have three Ethernet (L2) circuits into their primary location in CA.
•      They sounded like E-Line/ELAN, but…
•      150M, 100M, 20M (being replaced with a 600M down/35M up) – so, the latter is obviously broadband/DIA
•      They couldn’t identify how the Internet connection is being firewalled
•      They have a Mushroom Networks (never heard of it) consolidating these links, somehow providing an SD-WAN policy for them.
•      Nothing (according to them) is being encrypted.

So, all of that wildness aside, they’re looking for something to front these appliances to accelerate their throughput. I’m open to a solution to optimize over each of three links or something larger, such as an SD-WAN option to bring all of them into a policy, etc.
1
SDN and SD WAN and SD Access and DNA Center

I have read about SDN and SD WAN.  if I understand They both are based on Centralized Control Plane.

So if I have  the Traditional Local Area Network  made up of Access/Distribution/Core   Layers,  and when I want to Implement SDN Technology , at what layer should I integrate SDN.
in other words if there is a hardware on which SDN is installed on, where should that hardware be located ?

SD WAN is WAN Technology , if I want to implement that technology  where should  I put the hardware that holds the SD WAN software.

if you can briefly give the    difference between SDN , SD-Access, SD WAN, DNA Center that might also help clear up the Terminology confusion.

THank you
0
I am unsure of the functions of the Ubiquiti Unifi Security Gateway.

The installation I am working on has 8 Ubiquiti Unifi wireless access points.  At the present time I have the Ubiquiti Unifi controller running on a Windows machine.

Is the Security Gateway also a router?  The cable company - Optimum Online - provided a cable modem and a wireless router. Can I replace the cable company's equipment and connect the Security Gateway between the cable modem and the network switch?  

The website says "Integration with UniFi Controller.  This is unclear as to whether the UniFi Controller is built into the Security Gateway, or whether I need to continue using the controller computer.
(I assume that I program the Security Gateway using a computer.)

Ubiquiti also mentioned that the device allows remote management.
Does this require purchasing two units, and then setting up the VPN server?

Thanks and Merry Christmas to all!
0
Hi,

Our company internet provider set us up with a new modem which would deliver faster speeds and has the IBGP failover ability. In order to use the IBGP failover we would need to designate 1 (or 2?) IP's from our small block of IP's, or get rid of the current ones and use a larger block of IP's.

Does it make sense to just consolidate our current IP's instead of purchasing a larger block of IP's? We currently have 5 public (outside of the broadcast)

Is it best practice/ industry standard to purchase larger amount of public IP's?

Thank you.
0
Dear Experts
We have implemented CRM application( web based ).  our customer will login to this and this application for reports and analytics. our customer is in a different country hence they want the news/update on certain products that is in our country, they have asked to provide the solution for them. Our CRM developer says he can integrate certain news channels so that customer can login to CRM and see the news updates, As an IT security point of view I have asked which all websites but he is not sure at the moment which all websites will have to integrate ,
1.      I have informed them we may have to look for different solution instead of CRM application for this until technical approach or detailed tech specs are shared with me. However would like understand is it a right way, is the CRM application using for this is it as right tool
2.       instead should we have to develop a portal and store all the details and share the portal to them.
3.      As CRM has sensitive data integration with new sites will it be recommended , when it comes to integration please suggest the measures to be taken
4.      What solution we need to go for news capturing and store it and share it with customer please suggest .
please help with above , thanks in adance.
0
Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …
0
I am doing some discovery on a spoke of a DMVPN. I don't have access to the hub/hubs.
In the configuration seen below I have several ip nhrp map multicast statements and ip nhrp.
Is this indicating that this spoke has six different hubs to which it *could* register if the first one goes down? Thank you.

 ip nhrp map multicast 66.66.8.129
 ip nhrp map 10.77.126.1 66.66.8.129
 ip nhrp map multicast 66.66.8.130
 ip nhrp map 10.77.126.2 66.66.8.130
 ip nhrp map multicast 66.66.8.136
 ip nhrp map 10.77.126.3 66.66.8.136
 ip nhrp map multicast 66.66.8.138
 ip nhrp map 10.77.126.5 66.66.8.138
 ip nhrp map multicast 66.66.8.134
 ip nhrp map 10.77.126.7 66.66.8.134
 ip nhrp map multicast 66.66.8.131
 ip nhrp map 10.77.126.9 66.66.8.131
0
I need to clone/copy a Cisco 2960 layer 3 switch config to an identical Cisco 2960.  I need to also copy the layer 3 configuration (routes, vlans, etc).  Anything I have seen only lets you copy the layer 2 config.  Yes I tried to Google the problem first, but there is not much I can find on how to do it.
Any help would be appreciated, thank you.

Steve
0
Client has a /16 and wants to advertise a /24 within the /16 via a new carrier at one of their smaller sites. Are there any things I need to discuss with the current carrier or the new carrier to make sure the new peering doesn't interfere with the existing route advertisements? Any other gotchas to consider in this operation? Thanks!
0
I am trying to install SSL certificate on F5, I keep getting Import error (Screenshot attached) I have tried entering password, and changing the option for Key security, it doesnt work.

The certificate i am selecting is in .pem format, have selected .crt and .p7b as well, none of them works.

Have anyone experienced the same error?

Thanks for your help.
0
Dear Experts
Servers having two PDU's and each power units connected to separate UPS if one UPS goes down server hardware will continue to work with other UPS, have following doubts
Does server hardware consumes power from both the PDU’s all the time equally OR  is there a concept that one PDU will be primary and if this goes down only then secondary PDU becomes active and this will keep the server running. please help me understand. Thanks in advance.
0
Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
TCP myServerIp:9001 141.86.25.16:60046 ESTABLISHED
TCP myServerIp:9001 141.86.25.16:62084 ESTABLISHED
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Thanks
0
Dear Experts
Please help understand the difference between Network architect and IT infrastructure architect, does both means the same or different and if different please list the scope of each, this will be great help. thanks in advance.
0
We are adding optus phones network at our office, I need to open up two ports on firewall. i.e.

FTP(XMPP) Port (1081) is Closed

How can I add this rule under Meraki MX?

Thanks.
0
Hello Experts,

We are planning for a network infrastructure upgrade. It includes structured cabling and active systems.
The network is currently running Cat5e cables, patch panels and faceplate modules.
Cisco Catalyst 3560 is deployed at edge and 6506 at Core.
We want to upgrade the infrastructure to Cat6a structured cabling, Fiber cabling supporting 10g and Cisco Switches with  SD-Access.
Therefore, we are looking for tips and suggestions to start preparing the plan.
0

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.