Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post


   I wanted to get some opinion on what device would be better suited to be deployed at the edge of a site between an ASR or Nexus 7700? Specifically this device will be connecting to about 650 remote sites primarily doing routing. From a performance, and port capacity perspective what would be the best device to deploy?  Thank you
Become a Microsoft Certified Solutions Expert
LVL 12
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

My contractor ran fiber cables between floors.  Today I noticed there's an interesting transition connection from thicker cable to the thinner one.  Taped over with while electrical tape.
I didn't have that fiber patch panel.  They install it all.  Taped like that on both end of terminations.

  Does anyone know if this is how its done normally and should I worry about it?  Thanks.
HI Experts.

I have this policy map on most of the switches at my organization.  

      set dscp ef
      police 128000 8000 exceed-action policed-dscp-transmit
      set dscp cs3
      police 32000 8000 exceed-action policed-dscp-transmit
      set dscp default
      police 10000000 8000 exceed-action policed-dscp-transmit

We are now replacing the existing phones with a new cloud base phone system and they sent me these requirement for QOS and the vendor gave me this policy to use on the switches

policy-map PM-ASW-IB-User
class CM-ASW-IB-RC-Voice-RTP
set ip dscp ef
police 512000 16000 exceed-action drop
class CM-ASW-IB-RC-Video-RTP
set ip dscp af41
police 768000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-GeneralSIP
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Meetings-Control
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Other
set ip dscp af21
class CM-ASW-IB-Cust-AF13
set ip dscp af13
class CM-ASW-IB-Cust-AF12
set ip dscp af12
class CM-ASW-IB-Cust-AF11
set ip dscp af11
class class-default
set ip dscp default

Apply on the ports :

interface range Gi1/0/9-20
! no mls qos trust device cisco-phone
! no auto qos voip cisco-phone
! no mls qos trust cos
! mls qos trust dscp
! priority-queue out
! …
The folder is shared properly and why can't I refer to it like

We currently have two sites that are connected with an E-Lan that is provided by Spectrum. All switches are2960s so there are no L3 switches. We need to stream live video between the 2 sites; each site has an encoder and decoder for sending video. The encoders/decoders are in their own vlan (50) but there are other vlans for data. I have no experience with QoS and I'm very confused about how to implement it. I know I will use CoS but not sure how to go  about it. I'm including a diagram to help visualize it. Thanks for the help.


I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.

We have ordered an internet connection on premise.

We want to keep our Layer 2 connection and make use of it somehow.

We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
Hi Experts,

I am able to access the call manager in our organization, I have a phone device and I can see it under Device --> Phone but I want to know how an anolog phone with DID phone number  will connect to call manager using internal extension usually using the last 4 digits as internal ext,

If the product Type Tye says : Analog Phone , does that mean it is a analog phone.
Riverbed SteelHead configuration Issues - as Luns are degraded due space made full by multiple snapshots

I am new to Riverbed support
Here is Config i have
Appliance Details
Model:      EX1260 (EX1260VH_4)-Revision-A
SteelHead EX:      4.1.0 #8 x86_64
RiOS:      9.1.0-ex #8 x86_64
Storage Edge:      4.1.0 #8 x86_64

Would need experts help to fix below given errors..
ACTION REQUIRED: Free space on the cache disk is low. Please make sure your WAN link is up and the commit rate is more than the write rate. If free space falls further, Edge will begin deactivating LUNs. ;
IMMEDIATE ACTION REQUIRED: Deactivating LUNs: Free space on the cache disk is very low. High-traffic LUNs have been deactivated to prevent service disruption. Please make sure your WAN link is up and the commit rate is more than the write rate.

Link state -disabled
Optimization Service - Internal Error      Critical
Error committing a snap to SteelFusion Core due to: Resource temporarily unavailable-Degraded
SteelFusion Core
Connection between SteelFusion Edge and SteelFusion Core for one or more LUNs is down
Please see the SteelFusion Edge Storage page.
Uncommitted Edge Data      Degraded

Storage team increased space @LUN end which is not increased actually as not reaching to riverbed steelhead because they can see
ISCSI Server port for both riverbed appliances is down

Please help to make it up  so that space can be increased @datastore end too

Hello gents,

I am at a customer site and they have a server in the internal zone, the network has Cisco ASA firewall.

They have a developer and on the server he wants to open ports 7000-7200, Do I use the Cisco ASA to open these ports ? or is this done on the server only.

I am not sure how to address this I need clarity on such type of requests from clients,

Recently we receive one project, we found that that is unusual network setup because the given the router TP-Link AC1200. Usually we are using MSR930 or Cisco Router as WAN router so that we can use the Public LAN IP given by ISP in our network (Scenario 1).
To overcome this issue, we are connecting the ONT to our Firewall WAN port directly and now we are thinking how to use the public LAN IP for our devices. Someone is said we can create VLAN or secondary IP, but I don’t have any experience for this setup
I hope that some expert can advise which is correct option and how-to setup in our SonicWALL TZ600.Thanks
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I am having issues in a MPLS VPNv4 BGP setup where the CE is not receiving any BGP routes from the PE.

PE2 Cisco BGP config:
router bgp 1
 bgp log-neighbor-changes
 neighbor remote-as 1
 neighbor update-source Loopback0
 address-family vpnv4
  neighbor activate
  neighbor send-community both
 address-family ipv4 vrf CUST-1
  neighbor remote-as 200
  neighbor activate

CE2 Cisco BGP config:
router bgp 200
 bgp log-neighbor-changes
 redistribute connected
 neighbor remote-as 1
 neighbor soft-reconfiguration inbound

If you need more info please let me know (I can attach the full config if you want).
I'm currently using a /22 address space, 192.168.100.x with a flat network, everything in one vlan. I know that's not good, so I want to change it.   We will be moving to a new facility in about 6 months, a bigger building with 3 floors, currently we have 1 floor.  There will be different buildings, so I'm debating about having two separate internet circuits for each building, or if I should just have both buildings under one internet circuit. The 2nd building is a church, so I'm thinking it might be wiser to have two different physical networks, for security.

I've done some research online, but wanted to see what is best practice when creating vlans?  Do I create vlans by department, or by security boundaries, etc...  I'm still trying to figure that out.  Plus, I think it might be best to configure my existing network with all the vlans that I want to create for the new facility, so I don't want to try to completely reconfigure my network during the move, as it would be a nightmare, right?

I have about 90 computers (PCs and Macs), 80 VoIP phones, 28 servers, 13 APs,  15 network printers,  at least 75 or so smartphones/laptops/tablets on the network in any given day.
I currently

Any input would be greatly appreciated
Please confirm  the correct way to connect stack cables on 3    Cisco switches  WS-C2960X-48FPD-L
currently have it like this please check file:

xxxxxx #show swit detail
                                          H/W   Current
Switch#  Role   Mac Address     Priority Version  State
 1       Member 544a.0075.6000     1      4       Ready
 2       Member 0087.31fd.f200     1      4       Ready
*3       Master 5070.9cf4.e280     1      4       Ready

         Stack Port Status             Neighbors
Switch#  Port 1     Port 2           Port 1   Port 2
  1        Ok         Ok                3        2
  2        Ok         Ok                1        3
  3        Ok         Ok                2        1

this are  the stack module: C2960X-STACK

xxxxxxxx #show SWitch STack-Ring SPeed

Stack Ring Speed        : 20G
Stack Ring Configuration: Full
Stack Ring Protocol     : FlexStack

Any idea how to improve the network design to ensure the network performance , link redundancy (RSTP) and compatibility on layer 2 to layer 3 are working fine on  video management system?


Hi, need help on network devices. See attached drawn diagram for yr kind advice.

Having Cisco Core Layer 3 switch 5000 Series onward

Having Dahua Access PFS4228-24P-370 24-Port PoE Switch =>

Not sure whether is compatible to configure RSTP / STP with Trunk Port on Cisco Core Layer 3 to talk to Dahua POE managed switch


MAN Network setup.

I am tasked with setting up a MAN network.  We currently have 5 offices; 3 on East Coast and 2 on the WC.  

We are getting Comcast ENS 500mg circuits at these locations.  The plan is to have the 3 East coast offices come back to the HQ office in NY and the 2 West Coast offices to go to the office in Seattle with Seattle being the failover option if HQ goes down somehow.

We currently have a range of ASA5506/5525/5545 at the office locations that handoff to the switches.  It is a pretty flat network with the users on a /24 subnet and any VLANs at HQ are done on the 5545 handed down.  Would ASAs be best for a MAN network, will they do the job or is a router needed.

Currently I have these office's on a IPSEC VPN tunnel back to HQ.  Passing just their /24 subnet to HQ and we send out the required subnet(s) back to them for needed access.

Remote office - ASA5506/ASA5525 (depending on office) ISP connected to them then inside interface to L2 switch.

HQ - Layer 3 switch handoff to ASA -- multiple stack switches behind it.HQ DiagramProposed_Topology.vsdx
I have a wireless guest network and I'd like to test to make sure that it cannot get into my internal network. Excluding ping sweep utility, what other tools can I use to do some sort of penetration testing? Thanks
We’re building out a design for a new building, which will consist of approximately 400 endpoints across two data closets. All storage and compute resources will be local in one of these closets, and will consist of VMware (likely on Cisco UCS), some form of storage, and also a backup appliance (likely Veeam). What’s relevant is that we’ll need to support (10) 10-Gbps connections for these three components.
We’re positioning Cisco Catalyst 9K chassis for the network connectivity. My question is whether we’d patch all of the above compute/storage/backup resources directly into the local Cat 9K (line rate 10-G modules or via the built-in 10-G ports on the supervisors), or if it’d be recommended to place another layer of dedicated 10-G switches below the Cat 9K just to handle these resources.

So, option A) below (separate layer) vs. option B) (unified to a common core/chassis)

Option A Option B
The question stems from another recent situation where we found unexpected (and crippling) issues, possibly based on oversubscription, buffering or both, when compute/storage resources were patched directly into Catalyst switching. Option B) above would be to position a couple dedicated Nexus 3K’s (or something similar), which would provide larger buffer memory. This would be a significant cost increase, so I’m obviously hoping I’m overthinking this and the single Catalyst 9K chassis can serve the unified campus (users) and compute (servers/storage) …
Dear Experts ,

We  are  beside upgrading  our Data Center infrastructure ,,

Presently   we  have  the  Network Topology  shown in  the PIC  below ..


We are planning to replace the Nexus 5000 k with   Cisco Nexus 93180YC-EX

and  we  want  to transfer and migrate  all  Firewalls and  routers   to The new pair of

the Nexus 93180  ,,  we  want to  dedicate The Nexus 7010  for only  Routing at the Highest possible  speed

the new Nexus 93180YC-EX  pair  will  be  connected  to  all   Cisco catalyst remote branches switches ..

we have two  questions :-

First :-  is it  possible  to  use the 93180YC-EX  in the aggregation Layer , Not in collapsed Aggregation  Access layer   ,,  we want to separate aggregation and access layer and we  want  to  implement cisco 3 layers design model –
Where a pair of Nexus 7010 reside in the core and  pair of  Nexus 93180yc-EX reside in aggregation then Cisco catalyst switched  reside on access layer .

 If   the  mentioned case is  applicable  then please provide us with  sample cases and designs

Second :-

Regarding the upgrade plan
Is it  possible  to  transfer all firewall  -  security  policies and inter-vlan routing  to  the pair of  93180YC-EX   instead of the N7K ?
C++ 11 Fundamentals
LVL 12
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Enclosing a diagram of the network I am configuring.

Workstations can communicate between VLANs when the gateway on the workstation is set to or respectively. However, workstations cannot see the internet. If I configure workstations with gateway of or, then they can see the internet but there is no inter-VLAN communication. I want to achieve both scenarios - inter-VLAN and internet. However, VLAN must go out through its respective firewall and not just seek any path to the internet.

Does anyone have any idea on how I can get this working as mentioned above? I need to get this done urgently and this is my first Juniper configuration (used to Cisco)

We have two Cisco ASA 5505 units in an active/standby configuration. Our network is primarily made up of servers that are serving web sites and other products and services, as well as remote access, rather than desktops and other end user PC's.

We have a couple of blocks of routable public IP addresses from our Internet provider that we use for assignment to various servers within the network. The ASA has a relatively complex set of ACL and NAT/PAT rules to support all of this and get traffic to its proper destination.

Our ASA is logging the following messages thousands and thousands of times per day:

<162>Sep 29 2018 16:58:02: %ASA-2-106016: Deny IP spoof from (x.x.x.x) to y.y.y.y on interface outside

The first IP address listed (x.x.x.x) is the public IP address of the outside interface of the ASA unit itself. The second IP address (y.y.y.y) is another public IP address that is in the block of addresses assigned to us by our ISP and that we are using for one server or another. The second IP address varies among our different public IP addresses each time the message is logged; the first address is always the public address of our ASA unit.

Why would we be logging thousands of messages such as this showing our own ASA's IP address as the source? Does this indicate actual traffic that is attempting to spoof IP addresses and cause problems, or is this more indicative of a misconfiguration somewhere on our network?

Any assistance would be most …
I need to do an Enterprise Architecture maturity assessment using TOGAF framework. Can anyone who has done something similar give me guidance on best way to approach this.
Over all approach
Red flag points
Action points

Thank you for your help.

I have 1 aruba 2930F 48G 4SFP+, 2 24G POE+ 4SFP+ switches. How should I stack them?
I'm attempting to connect some switches in my IDF locations to my MDF switch via SFP.

The fiber connecting each IDF to the MDF is multimode, OM3. It connects to a LANscape housing in each location. From the housing, I'm trying to connect a fiber patch cable to the SPF module on the switch.

I managed to get ONE switch working in ONE IDF by using an aqua OM3 patch cable connected to a Ubiquiti module. The only way I could get that connection to work was with a multimode fiber converter in the MDF connected to a port on the switch. SPF would not work. I've tried various SFP modules, including an SPF+ 10G multimode, a Trendnet 1.25G multimode, a generic 1.25G multimode module, and even a couple single mode SFPs, just in case. I've tried aqua OM3 patch cables, orange OM1 patch cables, various LC to SC adapters, and some yellow single mode patch cables, again, just in case. I've tried just about every single combination of the above in some fashion.

On a second switch in a second IDF, even with a fiber converter in the MDF, I can't get a link. If I remove the converter from the first connection in the first IDF, I can't get a link with any combination of the above.

I am about to go insane with this problem. This should be straightforward and easy, but it's driving me nuts.

The contractor installing the actual fiber backbone has told me it's multimode fiber, OM3, 50 microns. I suppose that might be incorrect information, but I have had no issues or inconsistencies …
A ubiquiti Fiber switch connected to a Meraki MS 42 is showing VLAN mismatch errors.  

from the Ubuquit, two fiber ports are aggregated to two 10G fiber ports on the meraki.  Meraki says there is a VLAN mismatch.  I cant see the discrepency.  Any thoughts?  Have rebooted Unifi Controller, fiber switch, meraki etc.


Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.