Issue of network design

Similar Questions

• What layer are FI in the Cisco hierarchical network design model?

  What layer are FI in the Cisco hierarchical network design model?

  Is this a straigh question? We have a Nexus 7 k for our heart and Port-channel of the FI for them. So for me it layer distribution.

  But when we attach to the NAS. Isilon devices we use between the FI and N7K N3K. This would make the N3K and FI both part of the Distribution layer? Would not be considered layer. However, it does not ACL etc. which usually belong to the Distribution layer.

  I was wondering thoughts people on it. Is the UCS FI and 'One Off' in the model of 3 layer?

  Thank you!

  Craig

  FI can sit to your dist layer. or access.  I've seen deployments where they are deployed at the same time, depending on the size of the cluster of the UCS and band network bandwidth. The distribution layer is usually to be where all the magic of layer 3 arrives (routing, ACL, QoS, FW, application of strategies etc.) and UCS being strictly Layer 2, it could be classified as a device to access-layer.

  Designs are flexible and as long that you consider oversubscription adjusted, you should be fine with the deployment option.

  I hope that others will share their ideas

  Kind regards

  Robert

• LAN/WAN design issues: redundant network core design and equipment

  Dear all,

  I have a growing network that has inherited the reliability and scalability issues:

  (Example from my existing network)

  

  We pop connected with us through lines of CF, that LSPS are connected to our CF traverse on persistent organic pollutants.

  Now, it is necessary to make the core of switching (switch with "?" mark) redundant

  because this is the point of concentration of all connections outside.

  I got an appointment in order to study new equipment (now it's just Catalyst 3560) for this network block.

  Unfortunately, the budget is pretty low.

  I have the following considerations:

  I think that the main problem is that most of the connections is L2 trunk links and it is difficult to prevent this.

  It seems that I need to duplicate all the links to LSP FC, pop and branches (this seems doable) and rely on STP! (this seems bad)

  with all of these links.

  Currently, I have two options for the basic block:

  1. two Catalyst 3750 have duplicated links. (CSW1 LSP1, CSW2-LSP1) and rely on STP

  2. a switch Catalyst 4500 series with two redundant supervisors (probably, they allow to buy if there are strong arguments) have reproduced links and rely on STP.

  These two options do not look good because I have to rely on STP with LSP.

  I would use redundancy features and L3 protocols, but do not know how to avoid trunks

  I have no experience with the material of fantasy as a Catalyst 4500/6500 series.

  Could someone please advice me alternatives for options of design and of the hardware and confirmation or withdrawal of my options.

  Also, I would be grateful if someone could help me find strong arguments for the acquisition of Catalyst 4500 series light up the core.

  Thank you much in advance.

  Best regards

  Max

  Hi Max,.

  in the diagram and description that you provided the switch, you need to replace is a dashboard device that works only for the moment, in L2

  If you plan to go L3 communications in this device, you should review your design to the whole of the network and also review/discuss with MS how that can be converted into L3 communications

  If you want to keep the same as L2 and introduce it into the device or devices for redundancy, I'd rather have two redundant devices of a redundant chassis that I mean pair of 3750 is more reliable chassis 4500 with equipment redundant as soup, UPE however its a reliable option as well and again for sure

  If you rely on STP for redundancy, what is the problem here? It is time of convergence or what is your concern?

  hope this helps

• Load pull to the output corresponding to network design

  Hello

  I tried to design the entrance and exit of the matching networks for a power amplifier using the traction load script and the elements of HBTUNER2. According to the contours of traction load, the optimal point impedance is 15.37 - j21.99 (I chose a compromise between EAP, DCRF and PGain). Now my question is when I use the wizard iMatch to convert this to a 50 ohm termination impedance, use 15.37 - j21.99 or the conjugate 15.37 + j21.99? Otherwise, what is the reason? I always thought that load a script pull gave the impedance looking into the port of the active peripheral side. How did the point impedance suggested by loading a script pull to interpret?

  Thank you much in advance.

  
  

• New AD Network Design

  Asked me to design a new network of Active Directory for my business. Where should I start?
  I am looking for a kind of map of Q and A questions about the types of users and of their functions, etc that I can use to make you to configuration etc group.
  Y at - it guides for this kind of thing?

  Hello Mark,

  Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the following forum:

  http://social.technet.Microsoft.com/forums/en-us/categories/

• LaserJet M1536 printing and scanning Issues (cable network)

  Good,

  So I have a LaserJet M1536 I installed the drivers on my computer to WIndows 7 (64-bit). It worked fine for printing until last night and I can't for the life of me it works again.

  I have the computer plugged into the network, and it worked until I tried to scan a document. It would not work, and then after that nothing would print. The e-print on a mobile device will work but not from my windows machine. I tried to run the doctore scan and it says everything is working.

  I then uninstalled the drivers and I downloaded the latest version of the HP technical support.  Still doesn't solve it.

  After that, I have disabled the firewall on the computer (the windows firewall and the firewall that comes with my suite Norton anti-virus. Still no luck.

  I restarted the printer, my PC, my network (modem and router) several times.

  Is someone can you please help me solve my problem, because it is really holds my productivity and I spend a lot of time on this issue.

  What I am doing wrong? The only thing I have not tried is assign a static IP address to the printer.

  

  Thanks for letting me know TFroehlichIII.

  What type of router you use, or you use a server like the one mentioned post?

  When you add the printer port, must be a TCP/IP port.

  I have a few other things you can try.

  Power cycle the router, restart the computer, then on the printer.

  Check the IP address, to ensure that it is the same thing.

  Then run the Add Printer Wizard.

  You can always restore your computer to an earlier era where everything was working properly. It could be a Windows Update or a router that has caused this problem.

  For Windows 7 system restore.

  How to refresh, reset or restore your PC on Windows 8.

  If the problem persists, I recommend to call the HP Technical Support for assistance. They can remotely to your computer and see more of what's going on. Call the 800-474-6836. If you do not live in the United States / Canada region please click the link below to get help from your region number. Contact HP worldwide.

  Let me know the results.

  Thank you.

• DMZ virtualization and network design. UCS + VMWARE

  Until now, we had a network physically segmented with internal and external vtp different areas/zones. Keys "inner area" hear a VLAN and keys "outer zone" along a VLAN different. VLANs are not propagated between different areas for security reasons, are isolated.

  Currently, we started to work with UCS + VMWARE, and we are facing difficulties. According to the previous model, if virtualize us servers within the internal battery of the UCS area, we cannot not virtualize servers within the outer external in the same UCS, since I wish to propagate VLAN switches area internal as well as for the farm of the UCS, mix. As a result, the isolation would be lost.

  I'm reviewing my network base, in order to adapt current infrastructure to the new with UCS + VMWARE, without missing any point security.

  My main point, is whether it is possible to virtualize external virtual machines and internal area in the same UCS, without compromising the security of my network.

  Could you give me some advice or design guide?

  Kind regards

  Hello-

  You are right that upward through UCS 1.4 all them VLAN should be available on the switches upstream.  However, UCS 2.x introduced a feature named "Disjoint L2."  By using this feature, you will be able to connect interconnect fabric to your internal network and the DMZ, then configure the VLANs to blades.

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/SW/GUI/config/Guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_010101.html

  Matthew

• Network design verification question

  Attention VMware networking gurus:

  Asked me recently only a network at a customer problem.   Here's what I discovered:

  -The customer has a unique vSwitch that is configured for the IP Hash load balancing, and were therefore all port groups in the vSwitch except for the production network of virtual machine that has been configured with the "port ID" parameter by default.

  From my understanding the hash IP is used when aggregated links------etherchannel configurations are in place on the switch.  and if the links are grouped and then Port ID would be used.

  This configuration is in place for some time and he's working until very recently.  But the recent issue that I believe was the result of vmnic2 defined as unused in the vSwitch parent but in the Group of active game ports.  A lost virtual machine connectivity, and I think it's because of the changeover to vmnic2 in the port group.

  There is a KB on the unused vmnic and I am prepared to recommend a remedy for this, but I need some advice regarding the offset of the config IP HASH on the vSwitch while the resident of port group is defined on Port ID.

  Please advise, thanks in advance.

  
  

  With the IP of the hash (or LACP), you must have all of the links active. This is because the physical switch across the channel has no information on these configurations and will always try to transmit traffic on the respective physical link it deems appropriate for the applied hash. If this link is "used" to a group of ports on the ESXi host, the vNIC connected will not receive traffic arriving on the uplink.

  -The customer has a unique vSwitch that is configured for the IP Hash load balancing, and were therefore all port groups in the vSwitch except for the production network of virtual machine that has been configured with the "port ID" parameter by default.

  This is a misconfiguration as well and should actually cause problems too. Either your uplinks and so ALL connected port groups are part of a chain or not. Once, the physical spend a single channel of forms by physical link and no group VLAN / logical port and assume the other end is configured like that as well.

  Long story short: with the policy/etherchannel load balancing of IP-hash all physical uplink vmnic must be set active for all vSwitch and all groups of ports on it. All groups of ports must be defined with property policy intellectual-hash.

• vSwitch Network Design - sharing adapters

  I looked at the design of Kendrick and many other models, but I've not seen anyone share network cards between exchanges.

  Download

  I often use the approach of active / standby for a vSwitch with for example the Group of ports management and VMotion. This allows to have the traffic on the network interface cards dedicated (if both network adapters work) and adds also the redundancy for groups of ports.

  On question 4, you are right.

  André

• iSCSI Network Design

  Hello

  I read the guides to good practice and familiarize themselves with VAAI vStorage API allowing integration of table, but remained little clear on the two designs I am currently working on. Can someone provide suggestions for the following configurations? Thanks,-Jeff

  CONFIG HAS

  ESX 3.5

  Two network ports available for iSCIS traffic on physical servers

  two controllers Server - NetApp 2040 - iSCSI - each controller can only see the LUNS on this controller

  The controller has two network cards configured in a high HEAT

  Ports switch Cisco 24 in the interval configured for frames and the VLAN native

  Question - should separate vSwitches two be created on networks separated for failover, or network cards must be involved?

  If the network adapters are associated are active, reserve active?

  B CONFIG

  ESX 4.1

  Up to six network ports available for iSCIS traffic on physical servers

  iSCSI - 480 EMC server, two controllers, level of talent to support VAAI

  Each controller can see all LUNS

  Each contreller will have four network adapters configured in two ALIVE

  Cisco 48 ports between the two switch configured for frames and VLAN native

  No idea what this config shoud be to support high availability and multi-pathing (is multi-pathing support in this config?)

  CONFIG HAS

  Question - should separate vSwitches two be created on networks separated for failover, or network cards must be involved?

  If the network adapters are associated are active, reserve active?

  Grouping of NETWORK cards would probably be a better bet, here, with assets.  In fact, you won't see a lot of load balancing between the two network cards, but a little does not hurt.  If you configure your political grouping based on the destination IP address and you have your storage ports are numbered sequentially, you'll have the best of the use cases of these two ports.

  B CONFIG

  ESX 4.1

  Using iSCSI multipathing.  Here is a good blog on how better to use with a Clariion system.  FLARE 30 should be out soon and take care of this limitation, so you can use iSCSI multipathing as described in the Guide of Config of iSCSI SAN.

  http://virtualgeek.typepad.com/virtual_geek/2009/08/important-note-for-all-EMC-CLARiiON-customers-using-iSCSI-and-vSphere.html

  Andy

• Introduction the issue of networking

  I'll put up small data center. have 2 ESX servers. each has 8 network cards. 6 connected for now...

  I setup networking in 2 different ways and try to understand completely having 1 vSwitch with everything attached to it and have 3 switches to separate different traffic. What am I winning or losing in both cases? See attachment

  Thanks in advance

  the fact of having everything on a vSwitch work? Yes. It is recommended? lol best practice design uses multiple vSwitches for different functions. Also do not forget that a good HA configuration will also be an additional service on your SAN vSwitch console port in the vlan San.

  you won't see a big boost to the speed of movement. traffic travels only a those ports at a time for a request. It's not as if you have 1 link of 8 GB of bandwidth, you only 8 links 1 GB of bandwidth. balancing techniques will tell what hose will be sent the request.

  I also noticed that you have your console for service on the same vlan as the traffic of your VM. best practice suggests that you must have from the VLANS separated.

  the suggestion above that I gave about 3 vSwitches overcomes single NIC, expansion slot of NIC, on the NETWORK adapter and the physical switch failure. EDIT* if you have stacked physical switches, or you have a link or 4507. 2 separate physical switches aren't best practices. but stacked switches will not work.

• Question/security of network design

  I would like to get opinions on the design of a network of our ESX host.  We have a couple of the main areas of ESX, each with 10 physical network interface cards.  We have the following in our environment:

  -iSCSI and NAS storage (so two cards NETWORK is for IP storage)

  -2 separate networks for virtual machines - 1 for admin interfaces (not for users) and the other for servers in production (for users)

  Current configuration is:

  2 NICs (SC and admin VMs)

  2 NICs (IP storage)

  2 NICs (vMotion)

  3 NETWORK interface cards (Production Server virtual machines)

  I would like opinions on how course of a facility that is.  Is it a question of having the SC share a vSwitch with the VMs admin?  They are on the same VLAN physical.   We do not control the switches, is not really an option to configure the VLANS on switches.  Thank you.

  Hello

  Thank you.  I think that I can not have explained myself quite clearly.  I was not suggesting put Admin VMs and the connections on the same vSwitch as the Production Server VMs.  On the contrary, I was concerned by the SC being on the same vSwitch as the VMs Admin, I do not think that it is a good practice to.  In our environment, we have a single subnet for all virtual machines, separated into 2 subnets on the physical switches.  We do not use (or want to use) VLAN tagging on the vSwitches.  There is the firewall between each of our VLAN.  So, the admin VMs are separated from the VLAN Production by a firewall.  My real question is the size of a security problem for the SC and the admin virtual machines to share a vSwitch if they already share a physical network?  We do not have the ability to create a separate network or VLAN just for traffic SC.  Our environment now looks like this:

  Because they already share the same physical network sharing the same vSwitch is not a huge or any concerns. Consider the vSwitch another part of your administrative network. The best practice is to put all the management servers and virtualization workstations within the same firewall network. You have done this.

  -natachasery 2-SC & admin VM network (local network VIRTUAL 0 192.168.15.0/24)

  Works for me. I often use the Administrative VMS and place them on the vSwitch with the SC. After all they are using the same network and the vSwitch is just another part of the Web of network switch.

  -3 natachasery - Prod VM network (VLAN 1 192.168.15.0/24)

  Not sure I would use 3 but I leave that to you.

  -2 natachasery - VMKernel & SC (10.10.1.0/8)

  It passes through security zones. I would use rather your firewall administration to fill ports of CHAP protocol between IP storage network and the administrative network. What you have is a common, but not the safest practice you have now 2 attack points in the service console of administration network and from the network of IP storage. This could include the possibility of virtual computers that use iSCSI initiators. Because everything you need is to have the SC participate for CHAP (whether you use it or not), you can easily use your existing administrative firewall to do this. You may need to fix things up a bit to within your network to make this happen, but it would be how I would address this possible security problem.

  -2 natachasery-vMotion (172.16.32.0/16)

  Sounds good.

  It would be useful to create a fifth vSwitch just to house the VMs admin, so that they do not share a vSwitch and natachasery with SC?

  Not really. Same Security Zone.

  Best regards

  Edward L. Haletky

  VMware communities user moderator

  ====

  Author of the book "VMWare ESX Server in the enterprise: planning and securing virtualization servers, Copyright 2008 Pearson Education.»

  Blue gears and SearchVMware Pro Articles: http://www.astroarch.com/wiki/index.php/Blog_Roll

  Security Virtualization top of page links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

• Pavilion e015tx: hp Pavilion e015tx win 8 back issues wireless network adapter update

  "my laptop runs os win8, recently, when I had kept for update... it restarted the installation of updates but could not download and update driver wireless button ' and 'Media Tek Ralink RT3290 802.11bgn Wi - Fi adapter WLAN'... Since then impossible to connect to wireless networks... Please help me to solve the problem...

  do I need to manually install the drivers?   If Yes please let me know... thanku in advance

  Hello @praveen99,

  Welcome to the HP Forums!

  I understand that the WiFi no longer works on your HP Pavilion e015tx 15. I want to help you solve this problem.

  Please start by a hard reset. After that, follow the steps in this troubleshooting wireless document:

  HP PC - Troubleshooting wireless network and Internet (Windows 8)

  You can also try rolling back the drivers.

  1. Press Win + r keys

  2. Type "devmgmt.msc" and then click on 'OK '.

  3. click on the 'View' tab, then 'show hidden devices '.

  4. scroll and select the option "network adapters."

  5. right click on the RT3290 Wi - Fi adapter, and then select "Properties".

  6. choose the tab "driver".

  7. click on "Roll Back Driver".

  Thanks, I look forward to the results!

• Domestic issue of networking

  Both of my computers are running Windows XP and are both on my home network through a Linksys router.  The router is connected by cable to my desktop and my other computer which is a portable computer is connected to the wireless network.  Regarding the connection to the internet through the router, both computers work fine. The problem I have is strictly networking that my office is able to connect to my laptop but my laptop cannot connect to the desktop computer.  My office, I am able to access the shared files on my laptop, but not vice versa.  When I try to access my desktop to my laptop I get this error message"\\dell8200 is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have the permission to access.  The network address is not valid.  I tried to change the name of the fo office computer but still nothing works.  I checked and both computers use the same workgroup, which incidentally is obvious by the fact that the laptop is visible on the desktop.   My question is how can I solve this problem?

  Thank you for your attention and I'm waiting for your expertise.  CGW

  If you try to access a Windows XP home computer make sure that the guest account is enabled on the XP Home computer.  If this isn't the problem, try here: http://support.microsoft.com/kb/281248

  John

• Helps the FS7610 PS Series SAN, 10Gb network design

  Hi, we have currently a square of infrastructure EqualLogic SAN and NAS (2 x PS6510E, FS7500), a stack of two PC8024F 10 GB switches, 2 envelopes chassis m1000e blade with the A1 being a set of switches 1 GB m6220 fabric (fabric A2 a battery of the same thing), the tissue being a pile of m8024k B1 10 GB passes, (fabric B2 a battery of the same thing) and a stack of PC6224 two 1 GB (top of the grid GigE) switches.

  We all have this connected to the 10 GB being its own private network 10.1.0.x SAN network and vlan, nice and isolated from all the rest.  The blades can access the iSCSI shares via their network cards of 10 GB which is all on this network 10.1.0.x.  The NIC 1 GB on the blades are on a public network, and the FS7500 of the customer ports are on this network too via the 6224, so NFS connections are established via the public network to 1 GB.

  We intend to invest in an additional PS Series array to the host to a backup site, for replication.  At the same time, we plan to buy a FS7610 to our main site to take advantage of our 10 GB infrastructure and move the FS7500 existing to our backup site, so we can replicate iSCSI and NAS container volumes.

  That's where we could use some help, because now many things have changed.  Now, the SAN must be on the public network for replication to succeed, AND to take advantage of the connectivity of 10 GB and sharing NFS mount of the FS7610 through 10 Gbit, we need to use network cards 10 Gbit and switches in the network of the client NAS, that are already used for iSCSI traffic (and will in the future be used for connections to SAN vmware hypervisor).  In the FS7610 install and set up the guide, it says

  • Use the switches for network client and for the internal network and the SAN.
  • Use separate subnets for network client and for the internal network and the SAN.

  We can move the SAN and it is a dedicated subnet network and VLAN that is on the public network without problem, but my main concern is to be able to satisfy the recommendations/network configurations required for the FS7610 and avoid the local SAN/NAS traffic through a router to ensure connections of 10 GB.  Advice or tips are appreciated!

  It is the same thing that you are dealing with Linux, but TCP/IP standard routing.   You cannot route private subnets directly on the internet.  We need to create a "Wan".   Do not directly routed on the internet.

  Your WAN will create a private network and a tunnel over the Internet.   OpenVPN is a possible solution.

  A very widespread scenario might be:

  Once you have put WAN in place, on the internet of these routers would be a true internet address (e.g., 62.x.x.x.x) so the two WAN devices can communicate with each other.   They create a VPN tunnel with a new subnet, say 10.3.0.x.

  The WAN router primary side would have a leg on the subnet 10.1.0.x, say with 10.1.0.10 IP address as your default route on the side of EQL SAN 10.1.0.10.

  On the side of the DR this router would have a leg on the 10.2.0.x subnet, say 10.2.0.10.  The default GW on the side DR would be 10.2.0.10.   The router knows how to move packets between networks using the standard range.

  Looks like all you're missing is the "WAN" VPN tunnel between sites.  You want something that will encrypt traffic between the sites anyway.

  Who help me?

  Kind regards