Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can you configure a routed interface to use both the global and VRF routing table?
0
Moving data to the cloud? Find out if you’re ready
LVL 2
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Hello all,

I wanted to see if I could get some advice and/or recommendations for a project that I am working on.

Our internet: 2x Comcast cable 250/25 package
Switches: 2x Cisco SG200-50

Router: Peplink balance series (not bought yet)

Situation: This is for an events center. Every now and then I will need to make changes to meet the clients needs. I want to have both Comcast circuits load balance the traffic in the building. When we have events in the building that stream I want to have that traffic go through one of the Comcast circuits and nothing else. The rest of the traffic can use the other circuit. I know with the peplink router I can set it to have certain IP addresses travel out of whatever circuit I want. I think the peplink and managed switches would do what we need.
Are there better ways to go about this without going too crazy with cost. I would like everything to be able to be controlled remotely as much as possible.

 I also need a few VLANs that I can't see to get to work. I want to separate our office and servers from the rest of the building. How can I setup a VLAN so that they can all access the internet but can't pass traffic between the VLANs. On the peplink I created a new LAN with different IP addresses and it is VLAN 2. In order to get it to the switches do I set port 4 for example as trunk and tag it to VLAN 2? If I connect peplink port 4 to switch #2 port 8 - what do I do with that port? Do I also set it to trunk?  If our office ports…
0
Before designing new network for the remote offices.
What information is critical (must know) before making a decision on design, connectivity, device models, etc, etc.  Just need to be prepared before throwing a design.  Want to make is a standard base across all remote offices.  
Appreciate all the recommendations and ideas!
0
I need to run ONE CAT6 cable to 40 offices.

Each office is to have three Ethernet points but  only ONE Ethernet point will be in use at a time.

Three Ethernet points are there for desk orientation only.

Don;t want to have to re-patch on demand etc.. Any ideas?
0
Hi,

Let's say I'm an ISP and I lease a 10G transport pipe to an IX (Frankfurt or Amsterdam), with the purpose of buying transit from 2 different tier 1 providers (2 resellers, probably) and peering with content providers.

What happens inside the IX?

Do I get one switch port and I have to rent rack space for my own equipment there? The peerings are physical, with cables between my switches and the peer switches?

Or I only get a VLAN and the peerings are inside the IX main router/switch? And I route the traffic from my VLAN to my peer's VLAN?

Or?

I've googled for the past days, but I'm still confused. Anyone has real world experience with this?

Thank you.
0
Hello,
I wanted to get an idea of what others are doing in the area of HA for Exchange 2016.
Right now we have two Exchange enterprise servers in a DAG at our HQ and one more at a satellite office.  We are using our old 2013 Exchange server as a load balancer.   However, this 2013 is a single point of failure and we want to remove it all together from our environment.

Network redundancy is in place, but we are looking for a solution that provides HA between the network and Exchange.  I'm trying to avoid DNS round Robin or Network load balancing.  Different DNS servers would hand out ordered IP address lists in a different rotation and just like Windows Network Load balancing, we wouldn't have any checks against the Client Access server itself. So if OWA , EWS or any other web application has a fault, clients will still attempt to access that server and see an error message until an administrator resolves the issue.

We have a little shy of 400 active mailboxes and not a tremendous amount of traffic.   I know a Network Load balancer will do the trick.  But given our size and traffic I do not think load balancing is necessary.  However, the functionality to monitor multiple services and if one service is down, such as EWS, only route traffic to ones with working EWS is a bonus.

Bottom line... I just wanted to see what other people are doing out there and get some ideas.

Thank you in advance.
0
Is the below capture in any way indication why the host 10.255.0.50 is so dreadfully slow? It's a backup from a host pushing data over to outside cloud.


 1: 11:39:11.779866       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: P 3248280326:3248280838(512) ack 4046900626 win 39 <nop,nop,timestamp 21801362 1515457710>
   2: 11:39:11.788151       802.1Q vlan#900 P1 209.222.83.40.5128 > 10.255.0.50.60658: . ack 3248280838 win 0 <nop,nop,timestamp 1515457779 21801362>
   3: 11:39:11.791813       802.1Q vlan#900 P1 209.222.83.40.5128 > 10.255.0.50.60658: . ack 3248280838 win 31 <nop,nop,timestamp 1515457780 21801362>
   4: 11:39:11.791966       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248280838:3248282206(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   5: 11:39:11.791981       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248282206:3248283574(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   6: 11:39:11.791997       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248283574:3248284942(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   7: 11:39:11.792012       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248284942:3248286310(1368) ack 4046900626 win 39 <nop,nop,timestamp 21801365 1515457780>
   8: 11:39:11.792027       802.1Q vlan#900 P0 10.255.0.50.60658 > 209.222.83.40.5128: . 3248286310:3248287678(1368) ack 4046900626 win 39 

Open in new window

0
Hi

I have two 48 port switch. ones POE and the other isn't. is it possible to move configs from one to the other. they are both new switches. They are only web ui managed
0
Currently have interfaces set up with (2) vlans

mgmt 86
cpe 87

When controller is set to tunnel traffic and use controller as gw - clients are able to get an ip off ruckus ap.
When controller is set for nomadix to be gw - clients are NOT able to get an ip off of ruckus ap.

As it stands, I'm trying to understand what is preventing clients from using nomadix as gw.
Cisco box is currently set to switch mode with the following for int:

 interface gigabitethernet1
 switchport mode general
 switchport general allowed vlan add 87 tagged
 switchport default-vlan tagged
!
interface gigabitethernet2
 switchport mode general
 switchport general allowed vlan add 87 tagged

Please keep in mind that I am testing a ruckus ap on int2 and can access internet if traffic is tunneled to ruckus controller. What's odd to me is that the cpe vlan for the ruckus controller is not even on this cisco switch but I'm able to pull a cpe ip.
 
To reiterate, I am having trouble getting an ip when controller is set to using the nomadix as a gw for client ips.

Looking for any enlightenment as I've been working on this for a few days already and am stumped.

Thank you!
0
Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's   Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?  

It's a perimeter NIDS (not internal network NIDS)

Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console?  Lack's integration with
     firewall (to block bad/malicious source IP ??) ?
c)  any other ...  ??

I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?
0
NEW Veeam Agent for Microsoft Windows
LVL 1
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Hi,



Can anyone help in identifying why once my vpn client enabled. I can  ping all other internal IPs except 192.168.4.1(interface DatabaseZone)  and 192.168.3.1. My vpn client assigned 192.168.5.100 which is in  the range ov VpHi,



Can anyone help in identifying why once my vpn client enabled. Cant ping any of internal IPs configuration like 192.168.4.1(interface DatabaseZone) . My vpn client assigned 192.168.5.100 which is in  the range of Vpnclients object-group configuration.nclients object-group configuration.

here attached output from "show vpn-sessiondb detail remote"
vpn-sesssiondb-detail.txt
0
A few years back I had to fly to a remote data center and was sent several cisco switches that were to be "stacked" I recall unboxing everything and plugging it all in via instructions from my home office. I booted with a console cable and configured the initial IP address. Then home office pretty much took over and although I was able to observe a lot if it did not sink in. I do recall the stacks only had 1 IP address each and since it was a remote data center we had set up switch redundancy. I remember plugging in cables that had to be crossed to the switch below and when it was all done everything was set with dual power supply and I could have sworn it was configured so if a switch failed another one would take over. I had another job after that where a cisco stack was already installed. I recall 5 switches and when we had to shut down power the Master had to do go down last and come up first. At least I think that was the order, it was written on the wall next to the devices. I am asking all this because I have a job interview that will including installing and initializing a lot if Cisco devices including stacks. It sounds like it will be very similar to what I did years ago, installing the hardware and getting it set so the engineers in the home office could take over. I just do not remember the purposes for a stack as apposed to multiple switches. I know you will save IPs by configuring a switch as a stack, but what the other main reasons? I know the remote install …
0
Cisco ASR loopback interface is Gigethernet 0/0/0.2, if I want to check bandwidth utilization on this interface,how can I check, because show interface Gigethernet 0/0/0.2 | i rate command doesn't work here
0
Hi there,

I know its kinda a ridiculous question since the Cisco Nexus Series is high end data center hardware and the Cisco SG500X is SMB. But for my home lab I am planning for the future and a good friend who runs a big data center wanted to sell me some nice Cisco Nexus Stuff. So I could get them very very cheap few hundred bucks vs. the around 1k for the SG500X-24. To be specific it would be a Nexus 5596UP with a 2248TP expension.

Would you go for the Nexus or for the SG500X? What are the gotcha's with the Nexus?

I know that the SG500X does L3 stuff out of the box. The Nexus 5596UP needs the L3 Module and the right License file for it. Also the Nexus 5596UP can't do 100MBit but I guess that's solved with the 2248TP Expension.

Thanks,
Yves
0
I have two locations with almost duplicate setups.  
Location 1:  On a network run by a PDC.  The ISP is a cable company.   The one office in this location has 3 computers all connected to the network via a Netgear 5 port switch.  But also connected to this switch is a DSL connection via a dsl modem line to a preset location..  When the users need to connect to this dsl line they just click on the shortcut created on their desktop that directs them to the preset IP address.   All other communication for everything else goes through the regular PDC/cable network.  Using DHCP and automatically sees PDC as DNS provider.  Works great.

Location 2;  On a network but run just by a router, not a PDC,  through the local Cable company.  Two computers connected via an identical 5 port Netgear switch as in the location 1.  They have the the exact same dsl line via the same dsl modem connecting to the same IP address as in location 1.  The problem is that you can only connect to one or the other in location 2.  If you want to connect to the dsl location via the dsl modem, you have to disconnect the cable from the router from cable company at the Netgear switch.   Or if you want to  use cable you need to disconnect dsl modem from switch.  Also running DHCP and DNS being provided by either the DSL or cable depending on which you are using.  

What would cause one to work and the almost identical one won't?
0
Hello Everybody ,
 
 need you support RnS Expert Engineer

my scenario , the requirement are the router automatically move the the traffic flow based  link delay by using PFR with active/ active  by using Active/ Active ISP link utilization .

 here  are requirement and configuration    

LAN subnet :-
 188.117.100.172/29
 188.117.124.36 /29
my goals  to measure the traffic over all the available ISP
the  primary path of the first subent  is  ISP 0A, primary path of the 2nd subnet is ISP02
if the any ISP link experiencing any delay the  inbound and outbound shift the traffic automatically .

MY BGP configuration  
ip bgp-community new-format

outer bgp 7770
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor 172.21.8.169 remote-as 41176
 neighbor 172.21.8.177 remote-as 41176
 !
 address-family ipv4
 
  network 188.117.100.172 mask 255.255.255.252
  network 188.117.124.36 mask 255.255.255.252
 
  neighbor 172.21.8.169 activate
  neighbor 172.21.8.169 send-community both
  neighbor 172.21.8.177 activate
  neighbor 172.21.8.177 send-community both

ISP's BGP Configuration

neighbor 172.21.8.170 send-community both
  neighbor 172.21.8.170 default-originate
  neighbor 172.21.8.170 soft-reconfiguration inbound
  neighbor 172.21.8.170 prefix-list  PFR out
  neighbor 172.21.8.170 route-map BGP_COMM in
  neighbor 172.21.8.178 activate
  neighbor 172.21.8.178 send-community both
  neighbor 172.21.8.178 default-originate
  …
0
Hi All,

I'm currently looking at this proposal & thinking of implementing OSPF & MLPS I'd like some support with the config & any ideas of best practices?

Thank you all.
ospf.PNG
0
I have 20 hard drives from pc. Different size from 80 to 2 tb

What's the most affordable way to use them together n raid
So i can use in my home network?
0
Greetings,
I've fumbled around doing research on this issue, but am no closer to figuring it out.  In short, I am trying to access www.bcid.org from inside their office network and cannot. They are on a domain by the name of bcid.org and connected to a single Windows 2008 R2 server (that I did not set up).  The site can be accessed from outside the network and is hosted externally.

When I browse to the website in a browser, I get the error:
Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

When I ping www.bcid.org, I get the IP address (64.224.215.186) but the requests time out.  As a test, I've tried changing a workstation's DNS to 8.8.8.8 / 8.8.4.4 but still get the same issue.  I also flushed the DNS with no change.  I tried changing  the local hosts file on this workstation but also didn't see a change after adding a line for 64.224.215.186 www.bcid.org.  I just did an NSlookup from this workstation and got the server as the Google DNS server  and the Non-authoritative answer as:
www.bcid.org.bcid.org
64.224.215.186

I'm at a loss as to where to go from here or what the issue even is.  Thanks!
0
Turn your laptop into a mobile console!
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Dear colleagues, I'm trying to find
Network diagram examples and official requirements for all 7 layers.
And also I would like these requirements with citing sources.
0
Hi All,
I have been at this all day to no avail.
I am using Yealink IP Phones. The customer now wants to run his laptops with the phones. So the PC's run through the phones.
The phones use their own gateway on port 1 and the PC's use their own on port 24.
In addition to VID 1 created VID 20 for the Data on all ports and Voice on VID 50 Voice as per this example I found.
Phones and PC's are on all the ports except 1 and 24.
AlI really want to do is give priority to the IP Phones.

[url="http://www.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/es_dgs-1210_como-configurar-voice-vlan"]

The phones don't work and neither do the PC's when activated.
I have also setup the phones WAN port with VID 50 and the PC port with VID20.

Any help is welcome
I have not tried tagging P1 and P24 on all 3 the VLANS.  

Thanks
Ken
0
hello
is there any way to make this network work without having network loops (see attached diagram)
--all switches are layer 2 only
--2 floors in the same building
-- each floor has 9 layer 2 switches
-- the 2 floors are connected to each other via the 2 switches on each floor
network-drawing.pdf
0
Hello,

The forums seem very helpful, but I am just not able to wrap my head around either traffic shaping or Qos. Essentially, calls drop and are patchy at times that we are at high utilization of the pipe. We have a border switch that is connected to our primary and failover routers.  On that switch is a Voip system with a public IP address, so no voip traffic ever hits the firewall (Also behind border switches) . All calls are routed through the lan side internally and out the wan side to the border switch then to the router out to the ISP. I am confused on which interface to apply traffic shaping / Qos, or which is needed. The bandwidth percentage seems like the route I should take. Below is what I think I should follow from this link: https://www.experts-exchange.com/questions/23685026/How-do-i-prioritise-traffic-on-cisco-router.html#answer22371328-20 . Our overall goal is so always have voip high priority and to never had call issues.  I essentially want about 5 percent always allocated to voice, and any other traffic can have the rest, but never to exceed say 95%. Below is the config for the interface on the router as well as what I think I need to add:
interface GigabitEthernet0/0
 description ComCast Internet
 ip address x.x.x.x
 ip access-group ComCast-In in
 ip access-group ComCast-Out out
 no ip redirects
 no ip unreachables
 ip bgp fast-external-fallover permit
 duplex full

interface GigabitEthernet0/2
 description LAN
 ip address 172.16.50.10 …
0
Hi
 
I'd like to set up a network within VMware® Workstation 12 Pro that is comprised of the following to help with my IDS investigation
 
1 x Kali (attack)  - This my attack VM and has full internet access via my PC Hosting VMWare
1 x Ubuntu (IDS) - This VM has an IDS on it to inspect traffic between the  'attack' VM  and the target VM's
2 x Target (Windows + Ubuntu) - These are the Target VM's, I'd like the traffic from these to always go *through* IDS

Essentially I want to be able to see all traffic from / to the Targets through the Ubuntu (IDS) machine and ensure the Target machines' traffic is routed through the Ubuntu (IDS)
 
I've got the VM's running individually within Workstation, but I cannot work out how set the network connectivity correctly, I've tried NAT, Host etc. - but I can't seem to get the right combination.
 
Any help would be really appreciated.
 
Thanks
0
good day,

I have a relatively simple requirement to have an access point broadcast 3 wifi networks that are each on a separate VLAN. however i ran into some issues with the switch as it works fine when the WAP bypasses the switch and plugs direct into the Security Appliance.  The end result is to achieve a configuration where a client will be on a different VLAN and IP subnet when it connects to each wifi network that the WAP is broadcasting.  Again, when the WAP is linked directly to the security appliance, it works as planned.  so it may be safe to assume that the security appliance is not the issue.  i should note that the security appliance is providing DHCP services for each of the 3 VLANs without issue when the WAP is plugged directly to it.

Our issues begin when the switch is inserted in the middle and we begin trunking.  When port 21 on the switch is patched to the Security Appliance, all IP connectivity to the switch itself goes down and IP connectivity between clients connected to the switch also goes down.
And port 21 shows as down/down at that point so it wont establish physical link.

is the switch doing some sort of blocking?  my setup is below:


Here are the details:

3 Devices Involved:

1 x Wireless Access Point with a native (default) VLAN ID of 1
1 x Catalyst 2960x switch with a native (default) VLAN ID of 1
1 x Meraki MX 84 Security Appliance as the internet gateway with native (default) VLAN ID of 1

Connectivity looks like this:
0

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.