Go Premium for a chance to win a PS4. Enter to Win


Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All

I have a couple of clients with SonicWALL TZ 300 routers, and am considering having them purchase SonicWALL’s Capture Advanced Threat Protection because it seems like a damn good idea! As I understand it, it's cloud based sandbox system.

Would appreciate hearing everyone's thoughts, concerns or experiences with the product or similar products.

Thank you!

Free Tool: Subnet Calculator
LVL 11
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I've been watchin a video from Amazon on AWS Direct Connect. I see that a direct connection is made from Amazon Direct Connect PoP to a router in a co-location facility. The from there there is a circuit (say 1Gbps or 10Gbps) to the enterprise itself. The presentation at turns talked about the carrier owning the (a?) router and the customer owning the router. In the diagram attached below - the device labeled "Customer Gateway" is generally owned and configured by the end customer/user of Amazon Web Services? Or is that more typically owned by the carrier that is providing the data circuit? And finally if the carrier owns that device do they configure it or leave that to the customer? Thank you for clarifying this point for me.
Hi Guys,

I had to switch our two WAN Interfaces on SonicWALL, (Thus X1 & X2)

1.  I switched the public IP configuration under Interface Settings
2.  and changed all the NAT policies, switching X1 & X2 for all rules

My questions,

a.  Is there any other rule(s) that need to be changed to switch primary internet access for LAN users between X1 & X2?

b.  I've noticed that some NAT rules refer to an "address object" rather than the interface (X1/X2) directly.  
These I did not change as the object's public address was still correct.  Is there a difference in referring to the interface (X1/X2) directly, or using an object instead?  
In my case, where I had to switch X1 & X2 ... the rules with objects made things a bit easier as it stayed the same.  Is this the only difference using an object or referencing to the interface directly?
We have an HP 2920-48 port POE switch. We also have 2x HP 2920-48 port NON-POE switches. I was surprised to find today that our new VOIP phones are actually get power when plugged into the NON-POE switch?! Is this possible?? If so, are there possible issues I should consider when configured in this manner. I know we are having issues with the phones losing calls before they can be answered...wondering if related.
EIGRP Lab example for Query Scoping.

I have read about EIGRP Scoping , and in most of articles they recommend Summarization at the Edge router. I have tried that, and enabled Debug EIGRP Packets Query on other routers, and shut down interface on one of the routers behind the Edge router, but I still saw a Query sent by the Edge Router to other routers.

I am not sure if that's normal behaviour or the lab is not the right set up to test EIGRP Query Scoping.

Any Lab Example from EIGRP Expert that demonstartes EIGRP Query Scoping might  help understand this topic..

Thank you
Imagine a remote site - call it Dallas - with two WAN routers. Router WAN1 connects to the data center in Denver over a 1Gbps circuit and router WAN2 connects to the data center over another 1Gbps circuit. All the routers are participating in OSPF.


The Dallas site has network and currently that gets advertised such that traffic to Dallas goes equally over WAN2 and WAN1. I would like a specific subnet say to prefer ckt2 unless ckt2 goes down then it would use ckt1. What would I do in OSPF to color the route for so that the data center prefers sending via ckt2?

Thank you.
I have a situation.  Moving users to the new office.  Cisco gear however 4 to 6 weeks delayed.  Looking for a temp solution.  
I have a Juniper EX4300 switch.   Can I configure it as layer 3 as a router to serve the purpose.  Would that be any difference than having a router?  It should have GBIC ports for ISP.   And enough mbit ports for the users.   There should be only 10-15 users initially.

Any other temp ideas guys?  Thanks.
We are using a Sonicwall TZ 205 firewall behind a Barracuda Link Balancer 330. I have two ISP connections coming into the Barracuda (Sprint and Comcast). I have 5 public IPs from each ISP. We currently have the following servers behind the firewall (Exchange 2013, Microsoft Remote Access for VPN and an ISeries database server) that are accessed using the Sprint public IPs.

Internet ---Sprint Router (65.xxx.xxx.17)

Internet ---Comcast Router (173.xxx.xxx.142)

Barracuda Link Balancer 330 (65.xxx.xxx.18 and 173.xxx.xxx.139)
Sonicwall TZ205 (65.xxx.xxx.20)

Internal Servers

In the Sonicwall, the Sprint public IPs are all NAT's to the internal private IPs.

 I would like to setup some inbound redundancy for these servers by mapping them to some of the Comcast public IPs. The Barracuda has only one connection to the Sonicwall so I don't know if I need to add another physical interface to the Sonicwall on interface X2 and configure it with the Comcast information and then put a switch between the Barracuda and Sonicwall. I know how to setup the DNS records to check if one line goes down, but I am unsure as to the physical connections.

Thank you.
    Please see the diagram attached for a better idea of the setup. I am planning on deploying a pair of ACS servers in a cluster. Is it best to deploy the ACS servers in datacenter 2 behind a load balancer such as a F5? Also, is there a document/books which can be recommended which explains the different cluster deployment scenarios and how to pretty much configure an ACS from scratch?

Thank you
Hi All,
We currently have Business Voice Edge VIOP from Comcast which is their proprietary voice platform. They have provisioned and require a 50Mb circuit over their fiber backbone to our office to services SLA for their voice platform. Thus far, as far as reliability, I have to say that we have had no real issues with call quality over the past year of usage.
Management has decided to move offices earlier than expected, and we overlooked Comcasts terms and conditions regarding portability of service to locations that do not currently have a Comcast fiber  backbone in their building – which the location we are moving to does not have Comcast fiber. They are also not willing to work with hhus to temporarily provision over another circuit. At this point, we have three options – ranked in order of preference, and I wanted to know if anyone has experience and any recommendations to help in making the right decision. Here are the scenarios:
Upgrade with Comcast to the new location and wait 6 months for them to build out their own fiber (includes city permits) to the new office.
One of two options in this cast to get service to our new office:
                                                               i.      Implement RingCentral month-to-month as a temporary VOIP platform while we wait. Forwarding temporary numbers to main numbers.
                                                             ii.      Implement a Ethernet Dedicated E-Line (point to point) between our …
Free learning courses: Active Directory Deep Dive
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


I am looking for a VB script that would allow to type full name or users name in a search box that would run against certain LDAP groups (43 groups) to confirm if the user exists. If the user exists the output should be display on the screen and save in CSV file.

These 43 groups exists in AD (LDAP).

Thank you, M
I have   setup  2 separate Labs ,  VPNV4 and AToM.
I found out that VPNV4 configuration is very complex compared to the configuration of AToM(Any Transport over MPLS) which is very simple.
Now, I am not sure if there is a catch behind this simplicity. I mean is VPNV4 capable of offering more services than AToM.
Thank you


AToM LabAToM Lab:
Hi Experts,

I want to share a folder on my computer to other computers on the same local area network.
I did these:
1. set all the computers in the LAN (including mine) to the same windows WorkGroup name;
2. configure a folder on my computer to share with Everyone for full control.

When I tried from another computer in LAN, my computer with the shared folder can be found in the network, However, I was asked for username/password when I tried to open that folder.

I want to ask, is there a simple way to share a folder on my computer to everyone in the network without needing other people to enter username/password?

More details: I want to do it as simple as possible, trying to avoid using ActiveDirectory or buying other equipment. The LAN I am using has a wired router. My computer has Windows 7 home premium, other computers on the network have either Window 7 or Windows 8.

Thank you!
hi how can someone track the virus which is in LAN network how can i get rid of it
Around the time some of our traffic dipped to our site - I saw a number of changes of BGP path with lots of prepended AS's indicating less preferred routes. If those changes were beyond our directly connected ISP, what is the best way to find out why the path changed at that time? Is there a way to find out? There were perhaps 10 path changes in 10 minutes before things got back to normal.
We have a Class C network and are running out of IP addresses.  We have multiple switches throughout our company and don't want to incur the expense of upgrading all of them to be VLAN capable.  In order to expand our addresses, is it possible to only upgrade one of our switches to a VLAN capable switch and configure it as follows:
1.) The DHCP server is plugged into one of its ports which is configured to be on the default VLAN.  
2.) Any other switch plugged into it will be plugged into a port configured to be on the default VLAN.  
3.) Any other device (printer, computer, etc.) plugged directly into it will be plugged into a port that is configured to be on a secondary VLAN.
4.)  The DHCP server is configured to hand out a different scope of addresses for devices on the secondary VLAN.
5.) The switch is configured so the VLAN's can communicate with each other.

Again, if all we need to do is expand out addresses, is it necessary that any of the other switches are VLAN capable?  Does anyone have a alternate, perhaps simpler way of expanding the addresses?  We could convert to a Class A or B network.  Please advise, and thanks in advance.

We need to connect to a router which we do not have direct connection via BGP  , it is in an other datacenter

Our Datacenter .   ----------------  INTERNET ---------------- Other Datacenter ------------- Our server
Juniper MX                                                                               Their Router  <--- BGP <--------  |
         |_______________________________________GRE TUNNEL _____________________________|

we need to put a server on their side and need to complete bgp over it.
How should we do this  what should be the best operation for this ? gre tunnel or anything else ?

I live in the state of New Mexico and have a business license, it is an LLC. I was curious to know if I need a low voltage license to run Cat5, Cat6, or event coax cable for clients?
using asa 5516 9.5

I want to block one host (for ex. so that is unable to get outside at all including the obvious 80 and 441. Will I still have access to it internally? I just want to make sure I'll have all access for inside to it. the below does not have the "eq www" which only blocks internet.

If I do :
access-list inside_in extended deny tcp object-group SERVER_BLOCK any4 

Open in new window


Will I be OK?
Concerto Cloud for Software Providers & ISVs
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

This question might be very simple for some network engineers,  I am not that professional, but happen to have the need to setup a security camera system.

Please refer to the attached simple chart. I am trying to setup a small security camera system with 16 POE cameras. I decide to use Cisco 2960x-24PSQ due to its fanless, low heat feature. however, each switch only has 8 POE port though they have total 24 ports each, so I have to use two exact same switches for 16 POE cameras. I assume both switches need to be plugged into the router such that each camera can get their individual ip address?

My question is: where would the Storage server will be plugged into? the router? or either of the two switches?  as far as I know, the router normally don't have many Ethernet LAN port, maybe I should insert the third small switch between  the router and those two Cisco switches such that two 2960x, storage server can all be plugged into this third switch, this third switch then  turn around to plug into the router? is this third switch necessary ? or any router model can do the job without adding the third switch?

thanks for any comment.
Hi all,
I have created a new forest, Forest A is in 10.10.x.x range and new Forest B is in range 10.1.x.x, we have 5 sites.
What DNS changes are required between two forest? how can I synch them so both forest can communicate with each other and across other DCs which are on new subnet.
In DNS forwarder should I put IP and FQDN details of new forest and vice versa?
Earlier I asked about the PAN Palo Alto FWs and how are they compare to Ciscos.  We basically narrowed down to PAN firewalls.  Just want to check pricing on Junipers and opinions.
What about the Junipers?  
Any good opinions?  
Thank you!
We access an external vendor's site who provided us some sort of service.

However, about 300 of our staff, mostly contract staff needs to access this
service but they currently are not granted Internet access on their PCs, so
we permit by firewall rules for entire organization to access that vendor's
site as going by proxy, we'll need to grant 300 proxy entries (ie by their
AD Id) to 3 URLs as that site will call/redirect to 2 other URLs.

By permitting at firewall rules & letting these contract staff bypass the
proxy, the contract staff can only access these 3 URLs & not any other
links/sites on Internet so this is still "secure" in my view as these 3
URLs are "trusted" sites.   This method of bypassing proxy is also to
facilitate that should new contract staff joins, the staff could access
as the 3 URLs while if we go by proxy, each time a new staff joins,
have to request for it & each time a staff leaves, have to remove that
staff's AD Id from proxy: quite an enormous admin task (for the
proxy admin as well as supervisors of these staff).

Now, we just found that this vendor has coded another module to call
Google's "Captcha" service (which is  www.google.com/..... ) : what's
the entire subnet range of google.com ?  Is it a Class A, B or C or a
mix of many Class C  ranges ?

Our firewalls can't resolve via public DNS currently so if permit to
access a large range of public IP, what's the security/risk implications?
Any other safe way …
We have a couple of servers that requires "outgoing" access to PlayStore & Appstore
from our Development as well as Production environmt.

As Appstore is a Class A subnet while Playstore is rather large as well (I don't know yet
what are its subnet ranges), what are the best ways to secure this?  Are the following
reasonable ways ?

I heard permitting too wide a range is risky.  Why?  Can appstore/playstore's IP addrs
range get spoofed or those 2 stores can get compromised or what's the reason?

1. Production has to go thru our proxy as our proxy resolves the URLs of appstore &

2. As our Development does not have its own proxy & has no connectivity to our
   Production proxy, permit only about ten Class C ranges for Development/testing
   purpose.  Ten Class C means 2540 IP addrs

3. Any other best practices to secure this?

4. Would placing these app servers behind WAF help?

2x 2920 Core switches with 2x HP Edge switches connecting

If you have a stacked pair of switches (so 2x HP Procurve 2920 connected in a ring configuration with stacking cables) - then how should trunks be configured (etherchannels for the non HP switch aware) to access switches?

If I go to the Menu CLI and it lists the ports of both switches, I assume that if I setup a trunk on ports 23 and 24 on switch 1 then I need to setup the same on switch 2.  

- Do I set these up as two trunks with 2 ports from each switch contributing?  (ie - Trunk 1 with ports from Switch 1 ports 21,22 and Switch 2 ports 21,22, Trunk 2 with ports from Switch 1 ports 23,24 and Trunk 2 with ports from Switch 2 ports 23,24
- Or do I set them up as four trunks? (Ie Trunk 1 with ports from Switch 1 ports 21,22, Trunk 2 with ports from Switch 1 ports 23,24, Trunk 3 with ports from Switch 2 ports 21,22, Trunk 4 with ports from Switch 2 ports 23,24)

Hopefully makes sense  - I have tested it with option 1 above and fails over without issue but just wanted to confirm the best practice


Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.