Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Our company is using a VPN Gateway (F5 BIG-IP APM) to allow remote mobile clients to access the corporate network resource/applications. We are undergoing an investigation if we could use other new technology (e.g. Web Base Application) or Authentication Server to decommission the current VPN Gateway. However, we would like to maintain the operation/features for allowing remote mobile users to use our internal resources/applications. We are new to this kind of network/security design and your recommendation is very much appreciated.  Let me know if further information is needed.

Thanks & Regards
Patrick.
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Hi,

I need  add Cisco 2960 and 3560 switch in GNS3 for practice, kindly suggest how it can be possible
0
Hello,

A client has a single location network spread across several floors. The tech they had earlier configured their network with a class A 10.0.0.0/8. They've run this for a decade and are now looking to make it more efficient. They only have 300 users, a couple of hundred other devices like printers, scanners, UPSes etc on a single VLAN. They do have a DMZ VLAN with its own class C 192.168.0.0/16. They are planning on bringing in VOIP on its own VLAN (IP scheme undecided yet). It's a Cisco shop with ASAs and catalysts running the network.

What would be your suggestion/plan please?

Thank you.
0
If your data center is in the same data center as an AWS Availability Zone data center - would it be
possible to create a Direct Connect just by patching from your gear to theirs? That is - is there a
way you could avoid some of expense of a carrier getting packets to/from AWS by virtue of being
physically located in one of their data centers?
0
I have a Seagate Central NAS drive at home and it has been working fine until just recently.

I can no longer connect to the NAS contents through Windows Explorer; I see it listed on network items but am unable to view the contents. I am able to connect to the Seagate Manager which shows me the IP address connection, users etc etc; I can change its name and it is reflected in Windows Explorer which shows that it is connected to the network.

I have read that it is something to do with Server Message Block v1 (SMB v1) settings which have been updated in Windows 10. I have tried updating the firmware on the NAS but it says it is already running latest firmware.

Any suggestions for overcoming this?? NAS holds all of our files; documents, music, photos etc.
0
Hi, there's an Edgemark router connected to a Cisco small business switch.  I'm curious what's the benefit of connecting the to the G1 interface over the standard 1 - 24 switch ports.  Also, is there any down (network degrade?) side to hanging additional network devices off the typical 3 or 4 LAN ports on the router when it's a flat network?

Cisco small business switch
0
We have a Technicolor Modem/wireless router combo device given by Spectrum.  When Spectrum tech first set it up I could connect to is wirelessly and I could see the public wan IP as ie. 1.2.3.4.  We plugged it into our Sonicwall device and everything is working fine.  Bridge mode is enabled and we have a dynamic public ip so I set it to DHCP.   I just want to know why  I'm getting a address of 192.168.0.5 showing on my WAN.  I was expecting to see the public ip instead like 1.2.3.4.

Wan interface
Capture2.PNG
0
If you use a VIF - I understand you can attract all your S3 traffic over the Direct Connect circuit instead of going to the public internet. Is the full set of addresses to be used for S3 published anywhere so that we could create the right set of BGP filters to make sure that only the desired S3 traffic gets attracted to the Direct Connected instead of just going to the Internet?

Currently the path from our internal hosts to S3 storage is via the Internet to Amazon public IP. The goal is to get that traffic to go over our Direct connect circuits. I believe the method is using VIF and then those addresses get advertised via BGP over the DX. I want to filter those routes so unintended traffic doesn't go over the direct connects.
0
Hi,

We have a main Cisco 3750 Switch. From that switch fiber connections run from the trunk ports to different stacks, essentially all other stacks connect back to this switch. We want to add a backup to this switch in case of hardware failure. Question how do we add it.
1. Do we add it as a second switch in Slave role or is there another way adding it.
2. Also if the first switch does go down, how do we prepare the second switch so that the trunk port are ready to accept the fiber cables
0
From a best practice standpoint which is better, ASA on the edge or a router on the edge of your network?


off of the top of my head ASA on the seem like a better design, however, I have seen some networks in the passed with Router(Edge) then ASA.
0
Cloud Class® Course: CompTIA Healthcare IT Tech
LVL 12
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Hello Experts-
We have subscribed to MPLS IPVPN via Service Provide to connect our branch offices with HQ.
We have been given /30 subnet at HQ and each offices and running BGP between CE Router and ISP. We suppose to send the routes to ISP and then take will foreward via MPLS Cloud.

We want to install firewall at the HQ between MPLS Router and L3 Switch.

I am just concerned what routing protocol I should between MPLS Router and L3 Switch at HQ so that all HQ hosts can reach to branch offices.. Shall I used IGP or Static Routes ?
How to inject the routes from MPLS routes to firewall ? Is it advisable to run a routing protocol between them
How I can achieve redudancy if a router or firewall fails in HQ Office.

I am attaching a basic design.
Any suggestions and comments are welcome.
0
Hardware:
- (1) Cisco SG250 26P PoE switch
- (2) Ruckus WiFi ZoneFlex R610 access points (using their Unleashed setup)

I'm about to create/implement my first VLAN's, I'm pretty stoked I finally get to play with VLAN's. I've been doing IT/networking since 1991 but never did VLAN's. I've configured Sonicwall firewalls from scratch but this is my first Cisco device I get to admin; thankfully it has a GUI. I've already researched the heck out of VLAN's, trunk ports, tagging, & more, & I feel I'm ready to do it. I have the freedom to create this new network as if it were the original network built for this office. Almost all the employees are out of town for next week so it's an ideal time to build a new network. There are no Windows servers or any network services on this WiFi network; all that stuff is on the "corporate" network. This WiFi network I'm replacing/upgrading is what could be referred to as a "rogue" network that this department installed themselves just so they'd have faster Internet.

I'm creating VLAN's so our business can separate the Guest WiFi traffic to its own VLAN but also allow some inter-VLAN routing to allow our screen-sharing solution (Airtame) that guests will be using to talk to our big screens in the conf rooms, which will remain on our internal/business VLAN.

We currently have a Netgear Orbi Pro WiFi network setup but that's not quite robust/sophisticated enough for what we need to do. I'm keeping this existing Orbi WiFi network hardware …
0
I have 2 5Ks running with VPC. They have been running fine for quite some time until today. One of the the 5Ks is not responding. I could not console in and the other 5K does not see it as a peer. I am planning to power it off and on. Will it get all the config and join the VPC when it gets back online? Thanks
0
Would it be a lot of data loss from SM to MM?
We have fiber from ISP [10Gb] is 9/125 SM going from SC to LC then into our LC 50/125 MM then into SM switch network module with SFP.

Would I have a lot of issues with that setup?

 I also read some people are using mode conditioning cables.  Will that help a lot?
https://community.fs.com/blog/mode-conditioning-patch-cord-utilized-in-gigabit-ethernet-applications.html
0
What would a good "Gap Analysis" look like? I had a recruiter call and they needed someone with a bunch of networking experience.
But the 10 month long gig was to travel to their various offices and data centers around the world and do a "gap analysis". It sounds
intriguing enough. I just wondered if anyone had an example document or general thoughts as to what the output of such a
project/assignment would look like in the end. ??
0
Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Trying to connect Netgear WNDA3400 to act as a wireless access point behind a SonicWALL SOHO. I read post from other users about same issue. I tried but no success. Can anyone help me figure this out?
0
Got called in to look at a very strange network the other day...  They were running a business off a (A) Linksys E2500 home wireless router.  Now off of this router is one cable going to a (B) Mako dual wan appliance, which then goes to a (C) Cybera appliance which hosts a VPN connection as well as a (D) Cisco RV042 router.  Now the other cable off the original router goes to another (E) E2500 Linksys router which only has a laptop and provides wireless to a printer and cell phones for employees.  

Now router (A) is controlling PPPoE from a bridged DSL modem.  Router (A) IP is 192.168.1.1 and servicing everything via DHCP (This will change in near future).  Router (E) acting as an access point is also LAN IP of 192.168.1.1 and handing out DHCP.  The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network.  The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return.  I believe either the laptop router (E) is creating the problem.  Router (A) is experiencing over 2,000ms latency and over 5% packet loss.  So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation.  This router is set to 192.168.0.1 and has around 25ms latency with less than 2% packets loss and everything works great!  We are keeping an eye on this for a week or so, before any more changes are made.

Eventually the Mako should be the router and…
0
I need help in configuring HA/load balance from Site A to Site B. Site A is the PRODUCTION and Site B is the BACKUP SITE. We have lease two Private line with two different providers running different speed. I need to configure Load Balance from Site A to Site B and vice-versa if possible, but i am more concert Site A to Site B.
We have Cisco 3850 on Site A, and two interfaces  connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.  
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below.  I greatly appreciate with the right directions.
Thanks a lot.
WAN
0
Introducing Cloud Class® training courses
LVL 12
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Qnap NAS TS-1635 connection to server

i just bought a QNAP, i would like to connect it to my server is it better to

1 - add the NAS as a network store and add that way
2 - buy SFP connector and use fiber to connect it to my server with a Fiber card
0
Any reference on configuring Fortigate Analysis into my existing Fortigate 100D environment ?

Thx
0
I have SonicWALL Firewall/Router and 5 public IP address. I am going to have 1G Fios connection soon; however, the my soniwall won't give the 1G connection speed due to the DPI.
I would like to create second network that outside of firewall and wondering if I can split by public IP address with separate router.  Do you have any solution for this?
0
Q1:
Is there a product to centrally manange hundreds of Cisco routers/switches ACLs ?
Can TACACS+ do this.

By management, need to be able to see how many hits on a specific rule in ACL,
add/remove/amend ACLs without logging into each router/switch.

Q2:
It's been ages: an ACL needs to be completely removed, amended & then reapplied
back on the interface : is there something easier like the way Firewall rules can
be changed on-the-fly?
0
We have 30+ small office branches that connects to our Data Centre via WAN routers
& these WAN routers connect to a core switch in DC.  

Each branch has 2 flat Class C subnets : one for wired LAN & one to our corporate
Wifi LAN.   We don't expect more than 100 PCs/devices in each branch.  All devices
& PCs at each branch are connected to L2 switches (including the branch WAN router).

There are PCs & devices (Cashiers, cameras, small robots/automation, scanners and mini
databases) in the branches that run applications that do not need to communicate to
servers in the DC other than to AV EPO, SCCM patching, central encryption management
servers, HIPS (endpoint IPS) console & the likes  but backups are taken by NAS located at
branches.

However, there are some semi critical mini servers & databases which we deem ought to
be segregated from the rest of the organization to prevent DoS  though PCs for emails
& Internet access will need to go back to the DC.

Q1:
What are among the best practices for such branches network traffic?
Hub & spoke design?   Layered security?  Micro-segmentation within each branch?

Q2:
Do we treat each branch's network to be of lower, equal or higher trust levels than
DMZ, applications servers zone or backend servers zones (typical network trust
zones)?

Q3:
For traffic filtering / microsegmentation, is it best practice to configure
a) ACLs at each branches' WAN routers (as switches at branches are Layer 2 &
    at most …
0
i need to secure Exchange 2016 OWA via a reverse proxy. Is there anyone doing this and what appliance are you using/recommend
0

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.