Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi guys

I'm currently trying to put a plan together to senior management for a strategy for their infrastructure and security. I have only just been hired for the project. My role is to provide leadership for the infrastructure and security teams.  I know exactly what I need to do, but my issue is that I'm trying to put this into a structured plan to follow in steps, but articulating this properly has been a bit of a challenge. The purpose of the plan is to liaise with important stakeholders to understand the vision/mission of the business goals in order for I.T to better support them.

At the moment, I've gone and met people in the teams and asked them about how things work, the infrastructure and the security in place. But, that's not part of a structured method/plan.

For example, I am setting the plan together in phases. In the first phase, I want it to be the understanding phase. So something like 'meet with direct reports'. Then 'understand from direct reports, their roles and responsibilities by spending two hours in the first week with them'.

Then something like 'exploring vulnerabilities across all verticals to identify shortfalls affecting productivity....' (or anything similar'.



The purpose is to expand this into phases, so that I can come up with a conclusion and show senior people as to what I will do in the next X number of months.



Do you guys have any plans you created or know of any good structure that is out there which can be …
0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Hello Experts,

I want to add a WIFI access point to a clients network.

These are the four results I am after:

1. Limit bandwidth  to WIfi AP- Can do this with my firewall.

2. Time access control - can do this with a LYNKSYS WIFI access point device

3. Limit or strip off Webmail attachments.

4. Monitor Data Usage on the access point and limit it.

1. And 2. Above are no problem but I don’t know how to a achieve 3. Or 4.

Does anyone know how to make 3. And 4. Work?

Thanks!
0
I'd like to understand how to configure the FW to connect to a virtual DMZ.
I have a Palo Alto FW and I understand how to connect it to a physical device (like the F5) in the DMZ. I just assign an IP address to my FW interface and have a static route and allow policy pointing to the F5. But now if I have a virtual DMZ, meaning it will be stored in the VMWare environment in the datacenter (internal of my network), how will I logically configure my FW interface?
If we are talking about creating VLAN for the virtual DMZ, then  does it defeat the purpose of the separation of the DMZ and the internal network as the DMZ traffic  will traverse my internal network. Any thoughts?

I looked around and I could not find any sample of scenario with a virtual DMZ.
0
hello , need  a second pair of eyes on a site to site vpn from onsite to the cloud
more specificall as my CIDR in cloud is 10.0.0.0/16
and in-house is 10.10.150.0/24

i would imagine this will not work as they overlap

here is my setup:
VPN Gateway name:      
!   > Public IP addresses:  
!     + Public IP 1:         X.X.X.X
!   > Virtual network address space:
!     + CIDR: 10.0.0.0/16
!       - Prefix:   10.0.0.0
!       - Netmask:  255.255.0.0
!       - Wildcard: 0.0.255.255
!   > Local network gateway:
!   > On-premises VPN IP:    X.X.X.X
!   > On-premises address prefixes:
!     + CIDR: 10.10.20.0/24
!       - Prefix:   10.10.20.0
!       - Netmask:  255.255.255.0
!       - Wildcard: 0.0.0.255
0
How to decide to set dmarc to quarantine or reject? I am reviewing the dmarc reports but don't know what to set. Right now is set to none for collecting dmarc reports. What to do?
0
Is there a way on an A10 (AX) load balancer to create a single LTM VIP that has 4 servers behind it. 2 of the servers in a California datacenter, 2 of the servers in an Illinois datacenter.  Incoming requests would only load balance round-robin between the California servers and in the event that datacenter goes dark, the A10 will then round-robin between the Illinois servers?

Thank you!
0
We have 2 offices that are about 250meters apart. We are yet to install the camera feed in one, but have done for the other years ago. We bought this, https://www.amazon.com/dp/B01N0B6KSA/ref=cm_sw_r_wa_api_ysh-BbDAEKWAS

But now have an issue. We want the security post to be in simply one location.

Q: How to transmit live video from camera  to another location 250m away, and where is the best place to put the 16 Channel NVR for each, so we can have a security personnel stationed to review
0
Hi,
I'm about to start a project for a serviced office with 10 offices looking to offer broadband and voip solution to these tenants and maybe a WiFi solution too.

1. What is the best way to do this?
2. What firewall do you recommend?
3. What type of cabling do you recommend for future proof.
4. Is it possible to offer public ip address to each tenant?

Thanks.
0
I have OpnSense (Another version of Pf Sense) Firewall installed. I can not get out to the Internet on my second, 3th, 4th LAN ports.
I have an OpnSense Firewall PC box I made which has the following inside…
OpnSense 18 (latest version) https://opnsense.org/about/about-opnsense/ 
-G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 2400 (PC4 19200) Desktop Memory Model F4-2400C15D-16GVB
-King Spec SATA III 3.0 2.5" 60GB MLC Digital SSD Solid State Drive for PC B5Y1
-AMD Athlon 200GE 2-Core, 4-Thread, 3.2 GHz Base, Socket AM4 35W YD200GC6FBBOX Desktop Processor
-ASRock A320M-HDV AM4 AMD A320 SATA 6Gb/s USB 3.0 HDMI Micro ATX AMD Motherboard
-80 plus bronze certified power supply 380Watt
-Dell Intel PRO/1000 VT Quad-Port Gigabit Ethernet Card Standard Profile YT674
-IOCrest 4 Port Gigabit Ethernet PCI-e x1 Network Interface Card SI-PEX24042
This is inside a 4U server Case, inside an APC 48U Server Rack


 
My goals are the following...

-      I want to one 4 Port NIC using different IP Addresses such as
10.10.10.1 --- Web server Network
2.2.2.1---- Entertainment Network
90.90.90.1---- Work Network
30.30.30.1 --- Web server Network
I already setup these networks inside my box but I am willing to START from the beginning if you need me too.

-      I want the networks not to be able to talk to each other.
-      I have 5 block of Public static IPs which I want to use.
-      104.XX.xx.1--- This is assigned to the OpnSense itself
-      
-      104.xx.xx.1 talks to …
0
Hello,
I have server A that is have a public ip 1.1.1.1 on internet   also I have a MikroTik 1100 with ip 2.2.2.2
i want to make the client when request ip 2.2.2.2 point to 1.1.1.1 but i don't want to do it by dsnat on MikroTik so i have to redirect the client to the new ip only so make the traffic not to passed at all with MikroTik 1100 connection … it's same when i do it with redirect page on web servers.
can i do it ?
thanks.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

What is the best practice for restarting (After Hours or Before Hours) Juniper switches ? - Should those switches be restarted once per month - twice for the year - once a year etc ?

Juniper EX Series Ethernet Switches
0
Hello,

As the title states we need to implement dt-lacp for our vsphere servers, iscsi will be in use to our msa2040 san as well so jumbo frames all around.

So far this is all straight forward.

The kicker here is we also want to implement a switch pair to function as the routing for our core. we run a dual homed network with ipv4 and ipv6 routing. dt-lacp does not work with v6 so how would the links to the route pair support high availability? STP seems to be the only way? is there a more novel approach i'm missing?
0
Hello,

   I wanted to get some opinion on what device would be better suited to be deployed at the edge of a site between an ASR or Nexus 7700? Specifically this device will be connecting to about 650 remote sites primarily doing routing. From a performance, and port capacity perspective what would be the best device to deploy?  Thank you
0
Hi,
The folder is shared properly and why can't I refer to it like

\\182.173.77.208\shr2
0
We currently have two sites that are connected with an E-Lan that is provided by Spectrum. All switches are2960s so there are no L3 switches. We need to stream live video between the 2 sites; each site has an encoder and decoder for sending video. The encoders/decoders are in their own vlan (50) but there are other vlans for data. I have no experience with QoS and I'm very confused about how to implement it. I know I will use CoS but not sure how to go  about it. I'm including a diagram to help visualize it. Thanks for the help.

diagram
0
Hi

I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.

We have ordered an internet connection on premise.

We want to keep our Layer 2 connection and make use of it somehow.

We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
0
Riverbed SteelHead configuration Issues - as Luns are degraded due space made full by multiple snapshots

I am new to Riverbed support
Here is Config i have
Appliance Details
Model:      EX1260 (EX1260VH_4)-Revision-A
SteelHead EX:      4.1.0 #8 x86_64
RiOS:      9.1.0-ex #8 x86_64
Storage Edge:      4.1.0 #8 x86_64

Would need experts help to fix below given errors..
Blockstore
ACTION REQUIRED: Free space on the cache disk is low. Please make sure your WAN link is up and the commit rate is more than the write rate. If free space falls further, Edge will begin deactivating LUNs. ;
IMMEDIATE ACTION REQUIRED: Deactivating LUNs: Free space on the cache disk is very low. High-traffic LUNs have been deactivated to prevent service disruption. Please make sure your WAN link is up and the commit rate is more than the write rate.
Degraded


Link state -disabled
Optimization Service - Internal Error      Critical
Snapshot
Error committing a snap to SteelFusion Core due to: Resource temporarily unavailable-Degraded
SteelFusion Core
Connection between SteelFusion Edge and SteelFusion Core for one or more LUNs is down
Please see the SteelFusion Edge Storage page.
-Degraded
Uncommitted Edge Data      Degraded

Storage team increased space @LUN end which is not increased actually as not reaching to riverbed steelhead because they can see
ISCSI Server port for both riverbed appliances is down

Please help to make it up  so that space can be increased @datastore end too

Thanks
0
Recently we receive one project, we found that that is unusual network setup because the given the router TP-Link AC1200. Usually we are using MSR930 or Cisco Router as WAN router so that we can use the Public LAN IP given by ISP in our network (Scenario 1).
To overcome this issue, we are connecting the ONT to our Firewall WAN port directly and now we are thinking how to use the public LAN IP for our devices. Someone is said we can create VLAN or secondary IP, but I don’t have any experience for this setup
I hope that some expert can advise which is correct option and how-to setup in our SonicWALL TZ600.Thanks
Case-Study.pdf
0
I am having issues in a MPLS VPNv4 BGP setup where the CE is not receiving any BGP routes from the PE.

PE2 Cisco BGP config:
router bgp 1
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 1
 neighbor 1.1.1.1 update-source Loopback0
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST-1
  neighbor 10.10.20.2 remote-as 200
  neighbor 10.10.20.2 activate
 exit-address-family
!

CE2 Cisco BGP config:
router bgp 200
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.10.20.1 remote-as 1
 neighbor 10.10.20.1 soft-reconfiguration inbound
!

If you need more info please let me know (I can attach the full config if you want).
CE2_startup-config.cfg
PE2_startup-config.cfg
0
Why Diversity in Tech Matters
LVL 13
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Please confirm  the correct way to connect stack cables on 3    Cisco switches  WS-C2960X-48FPD-L
currently have it like this please check file:


xxxxxx #show swit detail
                                          H/W   Current
Switch#  Role   Mac Address     Priority Version  State
----------------------------------------------------------
 1       Member 544a.0075.6000     1      4       Ready
 2       Member 0087.31fd.f200     1      4       Ready
*3       Master 5070.9cf4.e280     1      4       Ready

         Stack Port Status             Neighbors
Switch#  Port 1     Port 2           Port 1   Port 2
--------------------------------------------------------
  1        Ok         Ok                3        2
  2        Ok         Ok                1        3
  3        Ok         Ok                2        1



this are  the stack module: C2960X-STACK

xxxxxxxx #show SWitch STack-Ring SPeed

Stack Ring Speed        : 20G
Stack Ring Configuration: Full
Stack Ring Protocol     : FlexStack
SwitchStack.png
0
Hi,

Any idea how to improve the network design to ensure the network performance , link redundancy (RSTP) and compatibility on layer 2 to layer 3 are working fine on  video management system?

Thanks

VMS_Diagram1.jpg
0
Hi, need help on network devices. See attached drawn diagram for yr kind advice.

Having Cisco Core Layer 3 switch 5000 Series onward

Having Dahua Access PFS4228-24P-370 24-Port PoE Switch => https://www.dahuasecurity.com/products/productDetail/7041

Not sure whether is compatible to configure RSTP / STP with Trunk Port on Cisco Core Layer 3 to talk to Dahua POE managed switch

Thanks.

1.jpeg
0
MAN Network setup.

I am tasked with setting up a MAN network.  We currently have 5 offices; 3 on East Coast and 2 on the WC.  

We are getting Comcast ENS 500mg circuits at these locations.  The plan is to have the 3 East coast offices come back to the HQ office in NY and the 2 West Coast offices to go to the office in Seattle with Seattle being the failover option if HQ goes down somehow.

We currently have a range of ASA5506/5525/5545 at the office locations that handoff to the switches.  It is a pretty flat network with the users on a /24 subnet and any VLANs at HQ are done on the 5545 handed down.  Would ASAs be best for a MAN network, will they do the job or is a router needed.

Currently I have these office's on a IPSEC VPN tunnel back to HQ.  Passing just their /24 subnet to HQ and we send out the required subnet(s) back to them for needed access.

Remote office - ASA5506/ASA5525 (depending on office) ISP connected to them then inside interface to L2 switch.

HQ - Layer 3 switch handoff to ASA -- multiple stack switches behind it.HQ DiagramProposed_Topology.vsdx
0
I have a wireless guest network and I'd like to test to make sure that it cannot get into my 10.10.0.0/16 internal network. Excluding ping sweep utility, what other tools can I use to do some sort of penetration testing? Thanks
0
We’re building out a design for a new building, which will consist of approximately 400 endpoints across two data closets. All storage and compute resources will be local in one of these closets, and will consist of VMware (likely on Cisco UCS), some form of storage, and also a backup appliance (likely Veeam). What’s relevant is that we’ll need to support (10) 10-Gbps connections for these three components.
We’re positioning Cisco Catalyst 9K chassis for the network connectivity. My question is whether we’d patch all of the above compute/storage/backup resources directly into the local Cat 9K (line rate 10-G modules or via the built-in 10-G ports on the supervisors), or if it’d be recommended to place another layer of dedicated 10-G switches below the Cat 9K just to handle these resources.

So, option A) below (separate layer) vs. option B) (unified to a common core/chassis)

Option A Option B
The question stems from another recent situation where we found unexpected (and crippling) issues, possibly based on oversubscription, buffering or both, when compute/storage resources were patched directly into Catalyst switching. Option B) above would be to position a couple dedicated Nexus 3K’s (or something similar), which would provide larger buffer memory. This would be a significant cost increase, so I’m obviously hoping I’m overthinking this and the single Catalyst 9K chassis can serve the unified campus (users) and compute (servers/storage) …
0

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.