Network Architecture

11K

Solutions

17

Articles & Videos

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

IS-IS router summarization can only be done on L1/L2 router is this correct.
There is now other place to do route summarization.
0
[Webinar] Learn How Hackers Steal Your Credentials
LVL 9
[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Why would I be getting these errors on my logs. I am running DMVPN.
 dest_addr 4.5.6.7, SPI 0x8e584d60
000058: May 15 09:18:21: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000309438262163039 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000059: May 15 09:19:53: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000309529825315373 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000060: May 15 09:39:13: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000310690125718495 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000061: May 15 09:50:40: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311376506767405 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000062: May 15 09:52:37: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311493607193615 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000063: May 15 09:53:38: %IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:000 TS:00000311554565979494 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 3, src_addr 1.2.3.4 dest_addr 4.5.6.7, SPI 0x8d670b5e
000064: May 15 09:58:38: 

Open in new window

0
Hello,

I have inherited responsibility for this issue.

There is a Cisco router which is presently connected to a Riverbed device which is to be retired, while I have access to the Riverbed Management Console I can't see how the Riverbed interface to the Cisco is configured and the support agreement for the Riverbed has expired (which is why it is being retired) so I can't ask them about this.

So the plan is to move the Cisco connection from the Riverbed to the HP Aruba switch.

I can see the config of the Cisco port
interface FastEthernet0
switchport trunk native vlan50
switchport trunk allowed vlan 1,49-51,61,90,1002-1005
switchport mode trunk
no ip address
duplex full
speed 100

Open in new window


I have tried configuring a port on the Aruba switch with all the vlans tagged, this didn't work, I'm unable to ping the Cisco.

I have also tried configuring the port on the Aruba switch in Trunk mode with all the vlans tagged, same result.

I haven't had much to do with Cisco and FWIW I don't understand the setting above
no ip address

Open in new window

as naturally the Cisco does have an IP address. Not sure whether this is significant or not.

Would appreciate advice on how to resolve

Thank you
0
I have 887-SEC(IAD887B-K9). itried to configure from cisco configuration manager but i didn't see in wizard ppoe selection.
Also i found from an old 887 i had the configuration file and i tried to configure the new one.i saved configuration and from reload the (CD) does not have any blinking searching to negotiate.
Can anyone help me configure the cisco for ppoe???

Regards!!!!
0
I am setting up a linux server on a small network for people to access their files, each windows computer will have local login.
I will create logins on the linux server that will be for each individual on the network.
I will map each computer with the appropriate folders that belong to those users.
How can I handle it if someone else needs to use someone else's computer and would like to access their personal files?
Should I have 2 logins, one belonging to the user of that system and a guest of some sort but how can they get to their files easily without needing me to map the drive for them? I need simple because these are not very technical people.

thanks
0
We have a current network all hard wired with its own internet connection and a second wireless network with a separate internet connection. I have one SSID for Guests on the wireless side and I want to create a second SSID so if you need to access the wired side of the network with a laptop it is possible. How would I keep the setup as is and network the two to be able to access the wired side via the wireless?
0
Can I upgrade my Nexus switch from version 6.0(2)N1(2a) directly new version 7.3(2)N1(1)
0
Is there a how-to guide to deploying wireless access points in a small business?  Something that will help in deciding the number and placement of APs based on configurations of the space , the building materials, (gypsum wallboard on metal studs),  the number of PCs to be served. and the optimal wireless standard e,g, N, AC etc.
0
We are being told by an outside technical consulting firm that we cannot upgrade servers until our entire network infrastructure has been replaced.  I need an experts opinion on the scenario and comments made by them (below).

For reasons too lengthily to go into here we are still running our internal domain on W2K3 servers. All of the desktops and laptops are "newer" machines running Windows 7 or 10.  We vertualized the BDC's and member servers 2 years ago but are still running the PDC on old (ancient) hardware.  The new server we verualized the other servers on is intended and capable of running a new domain (built from scratch) on Windows Server 2016.

Our current network infrastructure is built on Cat5 cabling installed circa 2001 and our switches are 10/100 with gigabit dual mode (62.5) fiber up-links. These are old and due for replacement also. Our facilities are spread out through several buildings nearly a city block long.  We have obtained quotes to rewire with a combination of single mode fiber and Cat6 cabling to the desktops, WAPS, etc. Those quotes came in around $100K which is some pretty bitter medicine to swallow at this time.

I suggested to the consulting firm that we move forward with the switch replacement using single mode capable units that we can configure to 100Megabit on all ports and proceed with the domain server upgrade.  Their response was as follows:

"we need to have a solid infrastructure in place in order to put the best
0
I need some help (or maybe a better angle of attack) connecting a few external users to our Azure tenancy.

NOTE: All resources mentioned below are in the same Azure Subscription, the same Azure Location and the same Azure Resource Group.

There's one virtual network with a Windows 2016 VM running. This v-net (call it MAIN-VNET) has a virtual gateway with a site-to-site VPN configured (call this S2S-VPN). This S2S-VPN is configured as a policy-based IPSEC VPN so that the on-premise Billion 7800VDOX can connect - which it does without issue. But, because it's a policy-based configuration, I can't configure a point-to-site VPN in coexistence with this S2S. If it were route-based configuration however, S2S and P2S coexistence would work (and does - I tested it). But the on-premise Billion then won't connect because it doesn't support IKEv2 (which is what route-based IPSEC VPN's use). So for now we're forced to use the policy-based config.

I have had to create a new v-net (P2S-VNET), then a new v-net gateway (P2S-VPN) and then configure the point-to-site VPN and client. I've done this and am able to connect to the VPN using the Azure VPN client successfully, but I can't access the Windows server on MAIN-VNET.

I can't create a "vnet-vnet" connection because one of the VPNs is policy-based and this is not supported by Azure.

I've tried creating a peer for both networks to each other (note that I have not ticked "Allow forwarded …
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Not all that familiar Cisco switches (Background is more HP Procurve).

Here is what I'd like to do.

Currently the VMWare ESXi v6.5 Network Teaming policy is set to "Route based on IP hash" and the HP switch ports are configured as "Trunk"(I believe EtherChannel is the equivalent)

Not sure how to configure the Cisco switch to use 2 10Gb ports as 1 20 Gb port. -Can this be done in the GUI interface (I only see LAG management as an option)?

Advice greatly appreciated.

Thank you.
Bob
0
I am setting up a branch office in a different location to the main but using the same domain. I realise this is a common scenario but am looking for the basic principles to follow in designing the server topography.

Main office is 120 users and hosts the Exchange server. Branch office is just 15 users. Offices have separate subnets but are joined by VPN. Limited file sharing will be required. Branch office users will access the Exchange server.

At this point I believe a read only DC, DNS and DHCP (for this subnet)  are required in branch office. Is this the correct?

We use roaming profiles in the mail office. I can set the location to store the branch office users' profiles individually group policy to configure the location of redirected desktops and documents folders, is this the best method?

Do I use DFS for the file-shares to keep copies at both offices?

Main office is Server 2008R2, branch is server 2012. Are there any compatibility issues?

Any other considerations I should be aware of?

Thanks for input.
0
Hi,
Our school network has the following:
Sonicwall NSA 250 M Router (acts as gateway and also handles a separate VLAN)
Network address  192.168.1.0 / 24 (subnet mask 255.255.255.0)
Single DC running Server 2016 std (ip 192.168.1.50), handling DNS and DHCP
About 150 endpoints

We're in danger of running out of IPs, so I'm hoping there's a way we can change just the subnet mask and retain the 192.168.1.1 - 192.168.1.254 range while gaining an extra range of IPs on the same, new subnet (for example 192.168.2.x, or .0.x) .  I'm also hoping that changing the subnet mask (but not the IP) of the DC will not cause problems. I know I'll have to reconfigure the subnet mask on any non-dhcp devices (such as network printers and the server).

So I've a couple of questions. What's the best way of doing this?  
Which subnet mask would yield what ranges of IPs?  
Is changing the subnet likely to cause any issues for the server (which I envisage keeping on the same IP?

Thanks in advance.
1
I am expanding. So, got a fiber optics internet service. Provides 4Mbps unlimited download. This is a great leap from the limited download we currently have.

Most of my IP phones and computers are connected through the switch, but a good number of connections are still through wireless. I run 4 different rooms in one building 2 on the ground floor. 1 on the first floor and another on the second floor.

I will like to know the sort of switch. router. I should seriously consider to have a seamless operation.

Note. I currently use: for switch Netgear fs726tp ( the poe went out last year due to thunder storm). So, need another POE especially for my ip phones.  from the existing network currently use a  Huawei E5172 4G router. and I have lan run every where.

should add: have about: 18-23 employees now which can grow up to 40 within a short period of 6-8 months. Also, I am not in for fancy tools. Just something effective. In fact. I buy most of my items on ebay!
Thank you.
0
I'm taking over a new network and the IP scheme is set up as 10.10.x.x/8. I want to change it to a/23. Can I do this within my DHCP and on my router without any changes to my printers and dusktop?
0
All my routers in the IS-IS topology are level 2 and in the same area.
What would be a benefit when I would move all routers 1 and 5 to a different area?
Would is cut down on flooding LSP’s
Please advice.
IS-IS-Topology.jpg
0
Hi,
When I connect to my ISP via eBGP, must the BGP router id be public IP?
Please advice.
0
I believe i know the answer here however i just want confirm. i have a host within a subnet that needs access to the GW however i need to block everything else in the subnet from this host. There is a  layer 3 switch between the host and the GW. i believe the best solution is to vlan this host, as i can not apply a ACL in this situation.
all hardware is commerical cisco equipment.
0
We have two sites, SiteA and SiteB....the network latency between them is about 15ms.

We want to run an application in both sites, but the vendor supports only 10ms latency between the two sites.

Is there anything we can do to reduce the latency?
0
Easy, flexible multimedia distribution & control
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Hi all,

I'm currently on a CCNA course (and NO this isn't a lab/test/learning question) and we've recently purchased 2 ISR 4331 routers that we wanted to set up in high availability HSRP and we had a Cisco "specialist" come in and say that we needed to have 3 routable WAN IP's......one for the main traffic and another one on each router for the "failover" side of things.
I've gone to look through some guides on how HSRP is setup as i'm obviously curious but none of them state we need WAN ip's to do this and we can simply give them internal (LAN) ip's for the failover to work ?
Can anyone calrify this as we've only got a single IP on our leased line and it'll then mean we need a new bank of IP's on it ?
Thanks
0
Hi, One Microsoft server is connected to two Nexus7K via its fex port eth100/1/1 in Nexus7K_1 and eth100/1/2 in Nexus7K separately. These two fex ports are all up as showed by command "show interface brief" and "show interface status". My question is in Nexus7K_2, we can see mac address in output of "show mac address-table interface ethernet100/1/2", but we cannot see any in ethernet100/1/1 in Nexus7K_1 by the command. I think the port 100/1/1 might have not been used before. Do you think so? Any other issue can cause the issue? Thank you
0
I want to use GLBP at the aggregation layer to allow both of my physical aggregation routers which are each connected to a different wan link to provide 1 ip default gateway address which will be used by multiple Vlans. I am also curious if I would be able to create a Rep ring in this scenario.
0
Everyone - thanks in advance for any help/suggestions.

I inherited a flat network design and am working on a datacenter evolution that will include an overhaul of bad wiring, no labeling and unorganized system.

With that - the previous admin had some decent parts to work with.

The main switch is an HP Procurve 5406 with 192 gigabit ports.

I am thinking of redoing two servers racks to include 2 (1 in each) - top of rack solutions to begin the "re-design" and improvements.

So - Rack 1 and Rack 2 - I would add one of these to each:

http://www.ebay.com/itm/HP-Procurve-J9050A-2900-48G-48-port-Gig-swith-with-Dual-CX4-10GB-uplink-/281899832599?hash=item41a28a1517:g:Is0AAOSwJkJWir~-

I would then remove one of the 24 port modules from the 5406 switch and replace it with this:

http://www.ebay.com/itm/HP-J8708A-HP-ProCurve-4-Port-10GbE-CX4-5400zl-Expansion-Module-J8434A-/192155509102?hash=item2cbd5c616e:g:zP8AAOSwB-1Y7UEX

The next thought would be to connect to the two top of rack switches to the 5406 with these cables:

http://www.ebay.com/itm/New-HP-JD365A-X230-Local-Connect-Infiniband-Cable-3m-10GBase-CX4-CX4-10Gbps-/361927247586?hash=item54448b86e2:g:yd8AAOSwhQhYxnYM


What do you think?
0
Hi All,

Question is in regards to ASA firewall, trying to understand how can I audit the type of traffic which is coming on this rule, because it needs to be changed to a different IP;

object network UAT-Inside
host 172.10.10.1
object network UAT-Outside
host 200.18.55.20
nat (dmz,outside) source static UAT-Inside UAT-Outside

So 172.10.10.1 needs to be changed to our internal IP address which will be 10.10.1.1.

How can I audit what kind of traffic is coming on 172.10.10.1?

Thanks.
0
Hello

Need some advice on configuring some HP Procurve switches

Client is expanding from only having the 5th floor to having 5th and 4th floor. They currently have 2 x HP procurves on the 5th. I've purchased 4 x 24port and 1 x 48 to add to the 4th floor. I've also purchased 20 SPF ethernet transceivers.

my plan was to make 2 of the new switches core and the rest edge.

I need advice on what topology to use. How to connect the switches together.

Thanks
0

Network Architecture

11K

Solutions

17

Articles & Videos

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.