Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a couple of servers that requires "outgoing" access to PlayStore & Appstore
from our Development as well as Production environmt.

As Appstore is a Class A subnet while Playstore is rather large as well (I don't know yet
what are its subnet ranges), what are the best ways to secure this?  Are the following
reasonable ways ?

I heard permitting too wide a range is risky.  Why?  Can appstore/playstore's IP addrs
range get spoofed or those 2 stores can get compromised or what's the reason?


1. Production has to go thru our proxy as our proxy resolves the URLs of appstore &
   playstore?

2. As our Development does not have its own proxy & has no connectivity to our
   Production proxy, permit only about ten Class C ranges for Development/testing
   purpose.  Ten Class C means 2540 IP addrs

3. Any other best practices to secure this?

4. Would placing these app servers behind WAF help?
0
What does it mean to be "Always On"?
LVL 4
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Hi

2x 2920 Core switches with 2x HP Edge switches connecting

If you have a stacked pair of switches (so 2x HP Procurve 2920 connected in a ring configuration with stacking cables) - then how should trunks be configured (etherchannels for the non HP switch aware) to access switches?

If I go to the Menu CLI and it lists the ports of both switches, I assume that if I setup a trunk on ports 23 and 24 on switch 1 then I need to setup the same on switch 2.  

- Do I set these up as two trunks with 2 ports from each switch contributing?  (ie - Trunk 1 with ports from Switch 1 ports 21,22 and Switch 2 ports 21,22, Trunk 2 with ports from Switch 1 ports 23,24 and Trunk 2 with ports from Switch 2 ports 23,24
- Or do I set them up as four trunks? (Ie Trunk 1 with ports from Switch 1 ports 21,22, Trunk 2 with ports from Switch 1 ports 23,24, Trunk 3 with ports from Switch 2 ports 21,22, Trunk 4 with ports from Switch 2 ports 23,24)

Hopefully makes sense  - I have tested it with option 1 above and fails over without issue but just wanted to confirm the best practice

Thanks
0
So, here is my scenario

Currently with 192.168.60.0/24 network set as VLAN200 on a switch, my router is 192.168.60.2.

Got a cisco 2960 switch as 192.168.60.1, and set with default GW 192.168.60.2

However, I need to set a new vlan for a vpn (mikrotik)

Mikrotik ip is 8.20.15.251/24

Ive created a VLAN400, as 8.20.15.0/24 and indicated the ip helper as the mikrotik. After assigning ports to that VLAN, it doesnt acquire IP, neither reach the GW (if I assign static IP to the computer). From the switch, if I try to ping the mikrotik ip, it does not respond (if I connect a computer directly on the mikrotik, I do get an IP, I can access it and even access the VPN services without problems)

Am I missing something?

thank you
0
does anyone have a configuration template for Nexus 7K multicast over MPLS?
0
I am subcontracting some fiber work to a friend that does this for a living.

Specifications
~1000ft
Underground through Conduit
6 Strand

What type of high-quality fiber should I buy and from where? Plenum or non?
0
We have a Meraki MX400 firewall, and 11 SG500-52P Switches we are using for Access.  I'd like to get something for Core or Aggregation, what kind of product do you recommend?  Would we benefit from having a 3850 or something along the those lines to serve as the distribution or L3 switch?  Should we create stacks for the 11 SG500-52Ps?

Thank you in advance.

Nico
0
All experts, I have remote site with multiple vlans connected by site to site VPN.  there ip address range start 10.0.8.0 / 255.255.252.0 and some of department has 10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0.   How do i combine these networks and route them by simple route statement use on vpn?  I currently set to all vlan networks mapped and working but I would like to have simple statement such as following

10.0.0.0 255.255.0.0 to  10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0 and 10.0.8.0 / 255.255.252.0

I hope it makes sense. I believe supernet was how it configured it. I open to your advise Thank you!
0
Devices:
Google Home,
Aruba IAP-305 (RW)
NordVPN


I am trying to set up a VPN for my Google Home so it will register as being in the US. I am currently in Ireland and have purchased a subscription to NordVPN.  From what I understand, a VPN cannot be put on the actual Google Home device.

I currently make a lot of calls to the US. Google Home offers free calls in the US but is not available here in Ireland. This is one of the main things I want to get from my Google Home.

If the net result of the VPN makes Google Home look like its in the US, I do not want the rest of my tech devices to think they are in that location, i.e all of my other tech devices have locations in Ireland.

Regards,
Robbie
0
i have developed small application in oracle 10g forms 6i .it's working rightly but i want to acess that application from another client pc which reside on different network how it can be done .
plz help me.
0
for example check the nodes about flapping,down , restarting reasons etc
thanks
Nader Al-Kahtani
0
Prepare for your VMware VCP6-DCV exam.
LVL 1
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Hi There,

I have a requirement to forward all inbound and outbound for SMTP 25 (TLS)  email to Symantec message lab. This question is mixture of architecture and applying the right solution on F5.The requirement is to setup a VIP on F5.  My understanding is that the Traffic will be forwarded to our location, through our edge firewall (and NAT'd - public IP to private) to a private F5 VIP IP (with backend Exchange mail edge servers in a pool).  Additionally, we need to have our egress mail traffic (that is sourced from the edge pool members) reverse-proxy back through the same VIP IP address (currently used for ingress traffic).

We have internal and external F5s. Would the above scenario be best done on the LTM that's facing external? Also, do I need any iRules on F5?  Do you need specific natting on the F5s or just leave it as default.

Regards
Sam
0
Hi

I have a watchguard T30. Need to configure one of the Eth ports as a vlan port. The  need to connect the Eth port to a Huawei Layer 2 switch.

How do I configure the switch to allow for vlans?

Thank
0
Hi

I'm setting up a Huawei layer 2 switch Monday morning. Haven't done one of these before. I'm familiar with HP and Cisco. Could some one assist with some cli commands.

I need a few vlans configured and a trunk port from the firewall.

Thanks
0
Looking for better ideas than I already am working with:

What are the industry's best methods practiced to integrate 2 or more companies into a single cohesive infrastructure?
0
Hi All,

We got Linksys LGS552p switch, and TZ400 Firewall.
behind a "AT&T Modem"  , but we have external IP for the TZ 400.

I need to setup VLANS, 90 for workstations, 20 or servers and 50 for voice.

am I missing any hardware to route between the VLANS?
where should I start with first?


thanks
Jason
0
I'm looking for some input regarding some recent spine/leaf design proposals I've come across. While a "traditional" S/L design would be to connect the enterprise campus core via L3 connections to the DC leaf nodes, what's been proposed are designs where all LAN distribution would also connect to the leaves, the S/L becoming a unified/collapsed DC and campus core.

Traditional
Traditional spine/leaf
Proposed
Proposed spine/leaf (collapsed LAN/DC core)
I'm looking to vet potential concerns around this design (if any). If a customer is also looking to handle Layer 2 extension/overlay across the S/L fabric to support VM mobility (a la VXLAN), does this present a problem? Or, would we simply define the ports that connect to compute resources as VTEPs and NOT the links leading to the LAN switching?

Again, looking to see if others are running across (or even deploying) these collapsed designs, where the before/after net effect is the removal of the existing campus core switching layer (and thus, savings in hardware expense).

Thanks again
1
Hi,

Let's say I'm an ISP and I lease a 10G transport pipe to an IX (Frankfurt or Amsterdam), with the purpose of buying transit from 2 different tier 1 providers (2 resellers, probably) and peering with content providers.

What happens inside the IX?

Do I get one switch port and I have to rent rack space for my own equipment there? The peerings are physical, with cables between my switches and the peer switches?

Or I only get a VLAN and the peerings are inside the IX main router/switch? And I route the traffic from my VLAN to my peer's VLAN?

Or?

I've googled for the past days, but I'm still confused. Anyone has real world experience with this?

Thank you.
0
Hello,
I wanted to get an idea of what others are doing in the area of HA for Exchange 2016.
Right now we have two Exchange enterprise servers in a DAG at our HQ and one more at a satellite office.  We are using our old 2013 Exchange server as a load balancer.   However, this 2013 is a single point of failure and we want to remove it all together from our environment.

Network redundancy is in place, but we are looking for a solution that provides HA between the network and Exchange.  I'm trying to avoid DNS round Robin or Network load balancing.  Different DNS servers would hand out ordered IP address lists in a different rotation and just like Windows Network Load balancing, we wouldn't have any checks against the Client Access server itself. So if OWA , EWS or any other web application has a fault, clients will still attempt to access that server and see an error message until an administrator resolves the issue.

We have a little shy of 400 active mailboxes and not a tremendous amount of traffic.   I know a Network Load balancer will do the trick.  But given our size and traffic I do not think load balancing is necessary.  However, the functionality to monitor multiple services and if one service is down, such as EWS, only route traffic to ones with working EWS is a bonus.

Bottom line... I just wanted to see what other people are doing out there and get some ideas.

Thank you in advance.
0
Currently have interfaces set up with (2) vlans

mgmt 86
cpe 87

When controller is set to tunnel traffic and use controller as gw - clients are able to get an ip off ruckus ap.
When controller is set for nomadix to be gw - clients are NOT able to get an ip off of ruckus ap.

As it stands, I'm trying to understand what is preventing clients from using nomadix as gw.
Cisco box is currently set to switch mode with the following for int:

 interface gigabitethernet1
 switchport mode general
 switchport general allowed vlan add 87 tagged
 switchport default-vlan tagged
!
interface gigabitethernet2
 switchport mode general
 switchport general allowed vlan add 87 tagged

Please keep in mind that I am testing a ruckus ap on int2 and can access internet if traffic is tunneled to ruckus controller. What's odd to me is that the cpe vlan for the ruckus controller is not even on this cisco switch but I'm able to pull a cpe ip.
 
To reiterate, I am having trouble getting an ip when controller is set to using the nomadix as a gw for client ips.

Looking for any enlightenment as I've been working on this for a few days already and am stumped.

Thank you!
0
Learn Veeam advantages over legacy backup
LVL 1
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

A few years back I had to fly to a remote data center and was sent several cisco switches that were to be "stacked" I recall unboxing everything and plugging it all in via instructions from my home office. I booted with a console cable and configured the initial IP address. Then home office pretty much took over and although I was able to observe a lot if it did not sink in. I do recall the stacks only had 1 IP address each and since it was a remote data center we had set up switch redundancy. I remember plugging in cables that had to be crossed to the switch below and when it was all done everything was set with dual power supply and I could have sworn it was configured so if a switch failed another one would take over. I had another job after that where a cisco stack was already installed. I recall 5 switches and when we had to shut down power the Master had to do go down last and come up first. At least I think that was the order, it was written on the wall next to the devices. I am asking all this because I have a job interview that will including installing and initializing a lot if Cisco devices including stacks. It sounds like it will be very similar to what I did years ago, installing the hardware and getting it set so the engineers in the home office could take over. I just do not remember the purposes for a stack as apposed to multiple switches. I know you will save IPs by configuring a switch as a stack, but what the other main reasons? I know the remote install …
0
Cisco ASR loopback interface is Gigethernet 0/0/0.2, if I want to check bandwidth utilization on this interface,how can I check, because show interface Gigethernet 0/0/0.2 | i rate command doesn't work here
0
I have two locations with almost duplicate setups.  
Location 1:  On a network run by a PDC.  The ISP is a cable company.   The one office in this location has 3 computers all connected to the network via a Netgear 5 port switch.  But also connected to this switch is a DSL connection via a dsl modem line to a preset location..  When the users need to connect to this dsl line they just click on the shortcut created on their desktop that directs them to the preset IP address.   All other communication for everything else goes through the regular PDC/cable network.  Using DHCP and automatically sees PDC as DNS provider.  Works great.

Location 2;  On a network but run just by a router, not a PDC,  through the local Cable company.  Two computers connected via an identical 5 port Netgear switch as in the location 1.  They have the the exact same dsl line via the same dsl modem connecting to the same IP address as in location 1.  The problem is that you can only connect to one or the other in location 2.  If you want to connect to the dsl location via the dsl modem, you have to disconnect the cable from the router from cable company at the Netgear switch.   Or if you want to  use cable you need to disconnect dsl modem from switch.  Also running DHCP and DNS being provided by either the DSL or cable depending on which you are using.  

What would cause one to work and the almost identical one won't?
0
Hello Everybody ,
 
 need you support RnS Expert Engineer

my scenario , the requirement are the router automatically move the the traffic flow based  link delay by using PFR with active/ active  by using Active/ Active ISP link utilization .

 here  are requirement and configuration    

LAN subnet :-
 188.117.100.172/29
 188.117.124.36 /29
my goals  to measure the traffic over all the available ISP
the  primary path of the first subent  is  ISP 0A, primary path of the 2nd subnet is ISP02
if the any ISP link experiencing any delay the  inbound and outbound shift the traffic automatically .

MY BGP configuration  
ip bgp-community new-format

outer bgp 7770
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor 172.21.8.169 remote-as 41176
 neighbor 172.21.8.177 remote-as 41176
 !
 address-family ipv4
 
  network 188.117.100.172 mask 255.255.255.252
  network 188.117.124.36 mask 255.255.255.252
 
  neighbor 172.21.8.169 activate
  neighbor 172.21.8.169 send-community both
  neighbor 172.21.8.177 activate
  neighbor 172.21.8.177 send-community both

ISP's BGP Configuration

neighbor 172.21.8.170 send-community both
  neighbor 172.21.8.170 default-originate
  neighbor 172.21.8.170 soft-reconfiguration inbound
  neighbor 172.21.8.170 prefix-list  PFR out
  neighbor 172.21.8.170 route-map BGP_COMM in
  neighbor 172.21.8.178 activate
  neighbor 172.21.8.178 send-community both
  neighbor 172.21.8.178 default-originate
  …
0
Hi All,

I'm currently looking at this proposal & thinking of implementing OSPF & MLPS I'd like some support with the config & any ideas of best practices?

Thank you all.
ospf.PNG
0
I have 20 hard drives from pc. Different size from 80 to 2 tb

What's the most affordable way to use them together n raid
So i can use in my home network?
0

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.