Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Get proactive database performance tuning online
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

In this article, we’ll look at how to deploy ProxySQL.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new to the offering and I really didn’t know what it was, how it worked or what to do once I had access.  This article will cover some of the main points to be aware of that may help you when you first start out using the Services they provide.
The 1st thing you will want to do is to create an account, AWS offer you the ability to use some of their services for free for a year as long as it falls within their specific ‘free tier’ limits.  I used my own personal account for self study and learning and I found these service limits to be perfectly fine for what I wanted to do and test.  By default you will have access to ALL services that they provide, and you will only be charged for any services that you use that fall outside of the initial free tier.
The complete service limitations on what the free tier offers can be found here.  The main services that feature within this and the most common that you will initially use are:
Compute (EC2)
  • 750 hours worth of EC2 Compute Capacity for RHEL, Linux or SLES t2.micro instances
  • 750 hours worth of EC2 Compute Capacity for Windows t2.micro instances
As an example, you could run a single Windows instance constantly for 1 month, or 2 Windows instances for half a month, etc.
Mikrotik OSPF Network
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are important, and AWS knows and addresses this. 
Due to AWS being a global company deploying exactly the same services in all corners of the globe it has had to set the highest level of security conforming to all regulations in each country.  As a result, someone who is simply using S3 to store their personal photos gets the same level of security as a multi million dollar company who require the most vigorous of security regulations.
AWS complies with a number of different security standards that can be found here.
When it comes to Security, AWS operates within a shared responsibility model.  This means that the security ‘of’ the Cloud lies with AWS, and the security ‘in’ the cloud lays with you the user.  To break this down a bit further, the physical access to the Data Centres, Availability Zones, Regions, Edge Locations, Compute, Networking and Storage is the responsibility of AWS.  Your data and its encryption, configuration of your VPC security covering ACLs, Security Groups, IAM, patching of EC2 instances etc, is your responsibility. 
More information on the Shared model can be found here.
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Excellent article.  Voted Yes

Expert Comment

by:Maidine Fouad
Comment Utility
Good ,Perhaps as a  security suggestion you should include "Amazon Billing Alerts" .

The account credentials might be one day compromised ,the CC Credentials are hidden , but not the ability to purchase Extra instances witch hackers might abuse if they get access to it ?
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components
  • Regions
  • Availability Zones
  • Edge Locations
When architecting and designing your infrastructure it’s important to know where your data is being stored and where your instances and services are located.  This is fundamental when designing and implementing a highly available and scalable network with low latency that abides by any data laws that may be in operation.
If you are studying for the AWS certifications it’s important to know the differences between Regions/Availability Zones and Edge Locations.

What is an AWS Region?

A Region is essentially just that, a geographic location that Amazon has selected to run and operate its Cloud services from.  There are currently 12 different regions exist spanning across the globe at key locations:
North American Regions
  • US East (Northern Virginia)
  • US West (Northern California)
  • US West (Oregon)
  • AWS GovCloud (US) – Reserved for Government agencies only
South American Regions
  • São Paulo
EMEA Regions
  • EU (Ireland)
  • EU (Frankfurt)
Asia Pacific Regions
  • Asia Pacific (Singapore)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Sydney)
  • Asia Pacific (Seoul)
  • China (Beijing) – Limited Public release

Expert Comment

by:prathap C
Comment Utility
Hi Scott,

You have mentioned here as " many of the Edge Locations are located some distance away from some of the Regions " i cant get this point.have doubt like whether locations will come under region?

Justnow i have started to learn about cloud.

Thanks by,

Author Comment

by:Stuart Scott
Comment Utility
Hi Prathap,

Thank you for your comment.  

Edge location are different from Regions, and as a result do not fall under 'Regions' as a location.  To put the global infrastructure in it's most simple form the different elements can be described as follows:

- Availability Zones (AZs): These are essentially the physical data centers of AWS. This is where the actual compute, storage, network, and database resources are hosted

- Regions: A Region is a collection of availability zones that are geographically located close to one other. This is generally indicated by AZs within the same city.  Regions do not include Edge Locations, only AZs

- Edge Locations: These are AWS sites deployed in major cities and highly populated areas across the globe and they far outnumber the number of availability zones available.  These are used to reduce latency to end users by using the AWS CDN service known as CloudFront.  You are unable to deploy your typical compute, storage, and database services in Edge Locations, the Edge Locations are reserved for simply reducing latency using CloudFront and Lambda@Edge services.

I hope this helps.


Hello to you all,

I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure Shell) and RDP (Remote Desktop Protocol) and their feelings quickly turn to frustration. 

Depending on your deployment method of your EC2 instances you may need to connect to them to perform additional configuration, install applications or to troubleshoot and incidents that may occur.  Without having a working method of connecting locally to your EC2 instances would prevent you from having full manageability of that host.

This Article has been written to cover the most common configuration problems that prevent connectivity between you and your EC2 instance.

Default or Non Default VPC (Virtual Private Cloud)?

Default VPC: Every AWS account comes with a Default VPC already created, this allows users to immediately deploy EC2 instances within this VPC and connect to it.  Simple you may think, and you would be right, many of the AWS networking components have already been set up on your behalf allowing you to connect to your instances with relative ease. However, these same components that are pre-configured take away some of the detailed design that your corporate infrastructure may require.  It comes with a predefined IP CIDR (Classless Inter-Domain Routing) block assigned which might not suit …
Get MySQL database support online, now!
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review all the AirMAX device here.. I will be focusing on the selected part of the diagram below for this guide using two Ubiquiti Nanostation M2's. You can use this setup to create a link between office buildings up to 50miles (depending on the device) 


The factory default IP address for the device is and the subnet mask is (/24) open internet explorer and connect to if you are using one of the latest firmware versions you will be redirected to https and you will see privacy error page
Note: You either need to be in the same IP address range or you would need to change your IP configuration on your PC to static Please follow the quickstart guide from ubiquiti to get the device connected to your PC..

Lets get started.
  • Click on Advanced and then on Proceed to..


Next you will need to enter in the default Username and Password “ubnt” for both.. In this guide I will be using Complaince Test for Country please select your appropaite region..


The next screen that appears is the Main Screen. On this screen you will see all your active connections to your device, firmware version, MAC address
LVL 16

Author Comment

by:Dirk Mare
Comment Utility
Thank You

Expert Comment

Comment Utility
you are welcome
I am interesting in Ubiquiti and mikrotik Devices do you ?
This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the case for informational sites) and for this reason, the site should be able to recognize repeated identical requests and return an immediate cached response, rather than going back to the database queries for the reformulation of the original response. 

The rationale for this strategy comes from recognition of the difference in speed between in-memory processes and disk-based processes.  While memory access is typically measured in nanoseconds, even a very fast disk spinning at 7200RPM requires 8.3 milliseconds for a single rotation, and the nature of file lookup or database operations is such that a great many disk rotations may be required for some queries.  Since the ratio of nanoseconds to milliseconds is several orders of magnitude, it follows that cache may produce substantial quantitative improvements in server performance.

Characteristics of a Cache
Popular cache systems include Memcached and Redis, and it is also possible to use the file system for cache storage, but in-memory systems will give the best performance.  All cache systems work in similar ways.  They are key:value data storage systems.  Access to a value in the cache is made …
There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a network bridge that can connect the two networks together.

If all you want to do is connect to you desktop remotely, then this is not for you. You would be better off using one of the commercial options like TeamViewer or SplashTop.

However, if you need to give access to many individuals, or you need systems to be able to access other systems in a different network like printers or fileservers, then this might be what you need.

This article will not cover routing which is required to take full advantage of this network bridge.

The things that you will need for each site;
  • A spare computer system.
  • A copy of PFsense (I used version 2.1.5)
PFSense can be downloaded from

A word of warning, PFSense is designed to take full control of the computer it is installed on. It will not be useable for any other purpose.

PFSense Installation

This article will not cover Installation instructions of PFSense. However I will say that I chose the default installation options and only configured one network card. I also made sure that the option "Disable all packet Filtering" was checked. This is found under System->Advanced->Firewall/NAT tab.

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially when looking at route statements, or access-list statements.

Slash Notations indicate the number of network bits (or number of bits turned on) in a network. This is what defines your network range.

We will use the following most common Class C address range
IP Address =
Subnet Mask =
Gateway =

In the above example, our slash notation is /24 /24

Let me answer this by using the /27 notation to kill 2 birds with 1 stone. /27 in bits would be represented as
This is also a /32 notation.

Count the number of 1s from left to right, you will have 32 of them.

The common subnet people use (Class C) has a subnet mask shown below
This broken down into bits would be represented as
Count the number of 1s from the left, you will have 24 of them
This gives you a slash notation of /24

Get the picture?
So /27 would look something like this
Now, our subnet has changed in bit value and we need to convert that to decimal
One Octet is a set of 8 bits
When all turned on, they have this value
When all …
I wrote this article to help simplify the process of combining multiple subnets.
This can be used for route summarization also but there are other better ways to summarize routes,

This article is a result of questions I participate in here at Experts Exchange. This particular question is a practice test question posted at the following link 

I copied it here in case the link breaks years down the line

Question 2

Refer to the exhibit. The Lakeside Company has the internetwork in the exhibit. The Administrator would like to reduce the size of the routing table to the Central Router. Which partial routing table entry in the Central router represents a route summary that represents the LANs in Phoenix but no additional subnets?

A). /22 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1

B.) /28 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1

C.) /30 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1

D.) /22 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1

E.) /28 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1

F.) /30 is subnetted, 1 subnet
        D [90/20514560] via 6w0d, serial 0/1


Answer: D


Expert Comment

by:Sandeep Udgirkar
Comment Utility
Good Article for a novice.
Auditors face some challenges when reviewing router and firewall configurations.  I'm going to discuss a few of them in this article.  My assumption is that there is a device hardening standard in place, which points out the key elements of configuration. I am also assuming configuration review is only small, and not the most important part of audit program (design assessment, change control, access control, etc... have to be done as well).
The first challenge is that auditors don’t have access to devices so they cannot pull the configuration file by themselves. They have to ask network administrators to deliver configuration files to them. So, how auditors know that configuration was collected from the devices in scope of the audit and not from Cisco simulator (GNS3/Dynamips) or from some vanilla firewall or router? Unfortunately, the only solution is to watch over our administrator’s shoulder. The other bad news could be change control. If there is no good change control mechanism in place (i.e. starting form change logging to Cisco ACS) , the configuration file could be changing too often, and auditing it doesn’t make any sense. So, I assume the change control was audited before configuration audit was started. The good news here is that auditors can ask for configuration more than once during audit period or they do audit more than once a year. I would recommend to grep 'Cryptochecksum' (unfortunately works only on ASA/PIX, not  IOS) and retain results.  …

Expert Comment

Comment Utility
Thank you for sharing this information!

Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.