नेटवर्क मॉड्यूलरिटी मोनोलिथिक संरचनाओं के बजाय इंटरकनेक्टेड, उद्देश्य-निर्मित सेगमेंट के रूप में नेटवर्क डिजाइन करने का अभ्यास है। प्रत्येक मॉड्यूल एक विशिष्ट कार्य करता है, ने सीमाओं को परिभाषित किया है, और अच्छी तरह से अंडरस्टोड इंटरफेस के माध्यम से आसन्न मॉड्यूल को जोड़ता है। यह दृष्टिकोण एक कला से एक दोहराने योग्य इंजीनियरिंग अनुशासन में नेटवर्क डिजाइन को बदल देता है।.
मॉड्यूलरिटी की शक्ति बनाने की क्षमता में निहित हैपूर्वानुमान पैटर्नयह एक संगठन के पूरे इन्फ्रास्ट्रक्चर पदचिह्न में लगातार लागू किया जा सकता है - हालांकि यह हजारों छोटी साइटों, हजारों मध्यम साइटों या सैकड़ों बड़े उद्यम परिसरों में फैले हुए हैं।.
Small Sites (Musal Sites) ------------------------------------------------------------------- (c)सरलीकृत समस्या निवारणसिंगल-टर्म इंजीनियर पूरे टोपोलॉजी को समझ सकता है, टीम मॉड्यूल के मालिक के बीच स्पष्ट वृद्धि पथ के विशेषज्ञ हो सकती है। (c)भविष्यवाणी स्केलिंगआवश्यकतानुसार मॉड्यूल जोड़ें (c)संगत सुरक्षाहर जगह सम पॉलिसियां यूनिफ़ॉर्म अनुपालन पोस्ट (c)परिचालन क्षमताThe product of the product of the product of the product (c)लागत नियंत्रणप्रत्येक मॉड्यूल को राइट-आकार दें, मॉड्यूल प्रकार के द्वारा थोक खरीद
संगठन शायद ही कभी स्थिर रहते हैं। एक मॉड्यूलर डिजाइन को समायोजित करना चाहिए:
मॉड्यूलरता के बिना, प्रत्येक साइट एक अद्वितीय स्नोफ्लेक बन जाती है जिसमें कस्टम प्रलेखन, विशेष प्रशिक्षण और एक-बंद समस्या निवारण की आवश्यकता होती है। मॉड्यूलरिटी के साथ, एक इंजीनियर जो पैटर्न को समझता है वह किसी भी साइट पर प्रभावी ढंग से काम कर सकता है।.
इंटरनेट एज वह जगह है जहां आपका संगठन बाहरी दुनिया से मिलता है। इस मॉड्यूल में शामिल हैं:
@startuml Internet Edge Module
!define ICONURL https://raw.githubusercontent.com/Roemer/plantuml-office/master/office2014
skinparam backgroundColor #FEFEFE
skinparam handwritten false
nwdiag {
internet [shape = cloud, description = "Internet"];
network ISP_Transit {
address = "VLAN 10-12"
color = "#FFE4E1"
description = "ISP/MPLS Transit"
internet;
ISP_A [description = "ISP-A\nCircuit"];
ISP_B [description = "ISP-B\nCircuit"];
MPLS [description = "MPLS\nCircuit"];
}
network Edge_Router_Segment {
address = "VLAN 10,11,12"
color = "#E6E6FA"
description = "Edge Router Aggregation"
ISP_A;
ISP_B;
MPLS;
Edge_Router [description = "Edge Router\n(BGP Peering)"];
}
network FW_Outside {
address = "VLAN 100"
color = "#FFFACD"
description = "Firewall Outside"
Edge_Router;
FW_Primary [description = "Firewall\nPrimary"];
FW_Secondary [description = "Firewall\nSecondary"];
}
network FW_HA_Sync {
address = "VLAN 101"
color = "#F0FFF0"
description = "HA Sync Link"
FW_Primary;
FW_Secondary;
}
network FW_Inside {
address = "VLAN 102"
color = "#E0FFFF"
description = "To Internal Edge"
FW_Primary;
FW_Secondary;
}
}
@enduml
मुख्य डिजाइन सिद्धांत:
मध्यम और बड़ी साइटों के लिए, आंतरिक एज उन सेवाओं के लिए एक एकत्रीकरण परत प्रदान करता है जिन्हें नियंत्रित एक्सपोजर की आवश्यकता होती है या सुरक्षा क्षेत्र के बीच संक्रमण बिंदुओं के रूप में सेवा की आवश्यकता होती है।.
@startuml Internal Edge Module
skinparam backgroundColor #FEFEFE
nwdiag {
network From_Internet_Edge {
address = "VLAN 102"
color = "#E0FFFF"
description = "From Firewall Inside"
IntEdge_A [description = "Internal Edge\nSwitch A"];
IntEdge_B [description = "Internal Edge\nSwitch B"];
}
network MCLAG_Peer {
address = "Peer-Link"
color = "#DDA0DD"
description = "MCLAG/vPC Peer"
IntEdge_A;
IntEdge_B;
}
network WLC_Mgmt {
address = "VLAN 200 - 10.x.200.0/24"
color = "#FFE4B5"
description = "WLC Management"
IntEdge_A;
IntEdge_B;
WLC [description = "Wireless LAN\nController"];
}
network Proxy_Farm {
address = "VLAN 201 - 10.x.201.0/24"
color = "#FFDAB9"
description = "Proxy Services"
IntEdge_A;
IntEdge_B;
Proxy [description = "Web Proxy\nServers"];
}
network VPN_Services {
address = "VLAN 202 - 10.x.202.0/24"
color = "#E6E6FA"
description = "VPN Termination"
IntEdge_A;
IntEdge_B;
VPN [description = "VPN\nConcentrator"];
}
network Infrastructure {
address = "VLAN 204 - 10.x.204.0/24"
color = "#F0FFF0"
description = "Infrastructure Services"
IntEdge_A;
IntEdge_B;
DNS_DHCP [description = "DNS/DHCP\nServers"];
}
network To_Core {
address = "VLAN 205"
color = "#B0E0E6"
description = "Core Transit"
IntEdge_A;
IntEdge_B;
}
}
@enduml
आमतौर पर आंतरिक एज में सेवाएं:
कोर उच्च गति वाली रीढ़ है जो अन्य सभी मॉड्यूलों को जोड़ती है। इसे अनुकूलित किया जाना चाहिए:
@startuml Core Module
skinparam backgroundColor #FEFEFE
nwdiag {
network From_Internal_Edge {
address = "L3 Routed"
color = "#B0E0E6"
description = "From Internal Edge"
Core_A [description = "Core Switch A\n100G Backbone"];
Core_B [description = "Core Switch B\n100G Backbone"];
}
network Core_Interconnect {
address = "100G+ ISL"
color = "#FFB6C1"
description = "High-Speed Interconnect\nOSPF/IS-IS/BGP"
Core_A;
Core_B;
}
network To_Distribution_1 {
address = "L3 P2P"
color = "#98FB98"
description = "Building A"
Core_A;
Core_B;
Dist_1 [description = "Distribution 1\n(L3 Adjacent)"];
}
network To_Distribution_2 {
address = "L3 P2P"
color = "#DDA0DD"
description = "Building B"
Core_A;
Core_B;
Dist_2 [description = "Distribution 2\n(MCLAG)"];
}
network To_Distribution_3 {
address = "L3 P2P"
color = "#FFDAB9"
description = "Building C"
Core_A;
Core_B;
Dist_3 [description = "Distribution 3\n(MCLAG)"];
}
network To_DC_Border {
address = "L3 Routed"
color = "#87CEEB"
description = "Datacenter"
Core_A;
Core_B;
Border_Leaf [description = "Border Leaf\n(DC Fabric)"];
}
}
@enduml
कोर डिजाइन सिद्धांत:
वितरण परत एक्सेस स्विच को कुल मिलाकर नीति को लागू करता है। यह वह जगह है जहां नेटवर्क डिजाइन विकल्प साइट आवश्यकताओं के आधार पर सबसे भिन्नता है।.
इस डिजाइन में, वितरण और अभिगम परतें हैंL3 आसन्न- प्रत्येक एक्सेस स्विच में अपने आईपी सबनेट और सीधे वितरण के लिए मार्ग हैं।.
@startuml Distribution Variation 1 - L3 Adjacent
skinparam backgroundColor #FEFEFE
nwdiag {
network From_Core {
address = "L3 ECMP"
color = "#B0E0E6"
description = "From Core Layer"
Dist_A [description = "Distribution A\n(L3 Router)"];
Dist_B [description = "Distribution B\n(L3 Router)"];
}
network Dist_iBGP {
address = "iBGP Peering"
color = "#DDA0DD"
description = "ECMP/iBGP"
Dist_A;
Dist_B;
}
network P2P_Access_1 {
address = "10.x.2.0/30"
color = "#98FB98"
description = "L3 Point-to-Point"
Dist_A;
Dist_B;
Access_1 [description = "Access SW-1\n(L3 Gateway)"];
}
network P2P_Access_2 {
address = "10.x.2.8/30"
color = "#FFE4B5"
description = "L3 Point-to-Point"
Dist_A;
Dist_B;
Access_2 [description = "Access SW-2\n(L3 Gateway)"];
}
network P2P_Access_3 {
address = "10.x.2.16/30"
color = "#FFDAB9"
description = "L3 Point-to-Point"
Dist_A;
Dist_B;
Access_3 [description = "Access SW-3\n(L3 Gateway)"];
}
network User_VLAN_1 {
address = "10.x.32.0/24"
color = "#F0FFF0"
description = "Users - SW1"
Access_1;
Laptop_1 [description = "Laptops"];
Phone_1 [description = "Phones"];
}
network User_VLAN_2 {
address = "10.x.33.0/24"
color = "#FFF0F5"
description = "Users - SW2"
Access_2;
Laptop_2 [description = "Laptops"];
Camera_2 [description = "Cameras"];
}
network User_VLAN_3 {
address = "10.x.34.0/24"
color = "#F5FFFA"
description = "Users - SW3"
Access_3;
Laptop_3 [description = "Workstations"];
Camera_3 [description = "Cameras"];
}
}
@enduml
सबनेट आवंटन उदाहरण:
To make a subnet -------- The très of a très Dist-A to Access-1 Dist-B to Access-1 VLAN, VLAN, VLAN VLAN, VLAN, VLAN
लाभ:
विचार:
इस डिजाइन का उपयोग करता हैमल्टी चेसिस लिंक एकत्रीकरण (MCLAG)वितरणLACP बांडट्रंक VLAN ले जाने वाले स्विचेस तक पहुंचना।.
वेंडर टर्मिनोलॉजीसिस्को इस vPC (Virtual पोर्ट चैनल) को कॉल करता है, Arista MLAG का उपयोग करता है, जूनियर MC-LAG का उपयोग करता है, और HPE/Aruba VSX का उपयोग करता है। कार्यात्मक व्यवहार विक्रेताओं के समान है।.
@startuml Distribution Variation 2 - MCLAG
skinparam backgroundColor #FEFEFE
nwdiag {
network From_Core {
address = "L3 Routed Uplinks"
color = "#B0E0E6"
description = "From Core Layer"
Dist_A [description = "Distribution A\n(MCLAG Member)"];
Dist_B [description = "Distribution B\n(MCLAG Member)"];
}
network MCLAG_Peer_Link {
address = "Peer-Link"
color = "#FFB6C1"
description = "MCLAG/vPC Peer-Link"
Dist_A;
Dist_B;
}
network LACP_To_Access {
address = "Po1 - LACP Trunk"
color = "#DDA0DD"
description = "VLANs 100,110,120 Trunked"
Dist_A;
Dist_B;
Access_1 [description = "Access SW-1\n(L2 Switch)"];
}
network Data_VLAN {
address = "VLAN 100 - 10.x.32.0/24"
color = "#98FB98"
description = "Data VLAN"
Access_1;
Laptops [description = "Laptops\nWorkstations"];
}
network Voice_VLAN {
address = "VLAN 110 - 10.x.64.0/24"
color = "#FFE4B5"
description = "Voice VLAN"
Access_1;
Phones [description = "IP Phones"];
}
network Security_VLAN {
address = "VLAN 120 - 10.x.96.0/24"
color = "#FFDAB9"
description = "Security VLAN"
Access_1;
Cameras [description = "Cameras\nBadge Readers"];
}
}
@enduml
एसवीआई प्लेसमेंट (वितरण जोड़ी पर वीआरआरपी वीआईपी):
VLAN ट्रंक विन्यास:
The Port-Channel of VLANs; Destination -------------------------------------------------- Po (MCLAG) Po (MCLAG) Po (MCLAG) Native VLAN
MCLAG लाभ:
विचार:
डाटासेंटर वातावरण में वितरण परत बन जाती हैसीमा पत्तारीढ़/लीफ कपड़े को बाकी उद्यम नेटवर्क से जोड़ते हैं।.
@startuml Distribution Variation 3 - Border Leaf Datacenter
skinparam backgroundColor #FEFEFE
nwdiag {
network Enterprise_Core {
address = "L3 Routed (eBGP/OSPF)"
color = "#B0E0E6"
description = "From Enterprise Core"
Border_A [description = "Border Leaf A\nVXLAN Gateway"];
Border_B [description = "Border Leaf B\nVXLAN Gateway"];
}
network Border_EVPN {
address = "VXLAN EVPN"
color = "#DDA0DD"
description = "EVPN Type-5 Routes"
Border_A;
Border_B;
Spine_1 [description = "Spine 1"];
Spine_2 [description = "Spine 2"];
}
network Spine_Fabric {
address = "eBGP Underlay"
color = "#FFB6C1"
description = "Spine Layer"
Spine_1;
Spine_2;
}
network Leaf_Tier_1 {
address = "VTEP"
color = "#98FB98"
description = "Compute Rack 1"
Spine_1;
Spine_2;
Leaf_1 [description = "Leaf 1"];
Leaf_2 [description = "Leaf 2"];
}
network Leaf_Tier_2 {
address = "VTEP"
color = "#FFE4B5"
description = "Storage/Services"
Spine_1;
Spine_2;
Leaf_3 [description = "Leaf 3"];
Leaf_4 [description = "Leaf 4"];
}
network Server_Rack_1 {
address = "VNI 10001"
color = "#F0FFF0"
description = "Compute Servers"
Leaf_1;
Leaf_2;
Servers_1 [description = "Rack Servers\nVMs/Containers"];
}
network Storage_Network {
address = "VNI 10002"
color = "#FFDAB9"
description = "Storage Arrays"
Leaf_3;
Storage [description = "SAN/NAS\nStorage"];
}
network Voice_Services {
address = "VNI 10003"
color = "#E6E6FA"
description = "UC Systems"
Leaf_4;
PBX [description = "PBX/UC\nSystems"];
}
}
@enduml
Datacenter कपड़े विवरण:
The body of the body of the body -------- (c)अंडरलेEBGP (ASN प्रति स्विच) (c)ओवरलेEVPN नियंत्रण विमान के साथ VXLAN (c)सीमा पत्ताVXLAN-to-VLAN गेटवे, बाहरी मार्ग, इंटर-VRF रूटिंग (c)पत्ता वर्कलोडCompute, Storage, Voice/UC, Infrastructure
लाभ:
विचार:
एक्सेस लेयर वह जगह है जहां एंड डिवाइस कनेक्ट होते हैं। वितरण टोपोलॉजी के बावजूद, एक्सेस स्विच प्रदान करते हैं:
@startuml Access Layer Module
skinparam backgroundColor #FEFEFE
nwdiag {
network Distribution_Uplink {
address = "L3 or LACP Trunk"
color = "#B0E0E6"
description = "Uplinks to Distribution"
Access_SW [description = "48-Port Access Switch\nPoE+ Capable"];
}
network Data_VLAN {
address = "VLAN 100 - Ports 1-8, 25-32"
color = "#98FB98"
description = "Data VLAN"
Access_SW;
Laptops [description = "Laptops\nWorkstations"];
}
network Voice_VLAN {
address = "VLAN 110 - Ports 9-16"
color = "#FFE4B5"
description = "Voice VLAN"
Access_SW;
Phones [description = "IP Phones"];
}
network Camera_VLAN {
address = "VLAN 120 - Ports 17-24"
color = "#FFDAB9"
description = "Security VLAN"
Access_SW;
Cameras [description = "IP Cameras"];
}
network Wireless_VLAN {
address = "VLAN 130 - Ports 33-40"
color = "#DDA0DD"
description = "Wireless AP VLAN"
Access_SW;
APs [description = "Wireless APs"];
}
network Mgmt_VLAN {
address = "VLAN 999 - Ports 41-44"
color = "#F0FFF0"
description = "Management VLAN"
Access_SW;
}
}
@enduml
एक्सेस लेयर सुरक्षा विशेषताएं:
यहाँ कैसे सभी मॉड्यूल एक पूर्ण उद्यम नेटवर्क बनाने के लिए कनेक्ट होते हैं:
@startuml Complete Modular Network Topology
skinparam backgroundColor #FEFEFE
title Complete Enterprise Modular Network
nwdiag {
internet [shape = cloud, description = "Internet/WAN"];
network Internet_Edge {
address = "Module 1"
color = "#FFE4E1"
description = "INTERNET EDGE MODULE"
internet;
ISP_A [description = "ISP-A"];
ISP_B [description = "ISP-B"];
MPLS [description = "MPLS"];
Edge_RTR [description = "Edge Router"];
FW_A [description = "FW-A"];
FW_B [description = "FW-B"];
}
network Internal_Edge {
address = "Module 2"
color = "#E6E6FA"
description = "INTERNAL EDGE / DMZ MODULE"
FW_A;
FW_B;
IntEdge_A [description = "IntEdge-A"];
IntEdge_B [description = "IntEdge-B"];
WLC [description = "WLC"];
Proxy [description = "Proxy"];
VPN [description = "VPN"];
DNS [description = "DNS/DHCP"];
}
network Core {
address = "Module 3"
color = "#B0E0E6"
description = "CORE MODULE"
IntEdge_A;
IntEdge_B;
Core_A [description = "Core-A"];
Core_B [description = "Core-B"];
}
network Distribution_L3 {
address = "Variation 1"
color = "#98FB98"
description = "DIST - L3 Adjacent\n(Building A)"
Core_A;
Core_B;
Dist_1A [description = "Dist-1A"];
Dist_1B [description = "Dist-1B"];
Access_L3 [description = "Access\n(L3)"];
}
network Distribution_MCLAG {
address = "Variation 2"
color = "#DDA0DD"
description = "DIST - MCLAG\n(Building B)"
Core_A;
Core_B;
Dist_2A [description = "Dist-2A"];
Dist_2B [description = "Dist-2B"];
Access_L2 [description = "Access\n(L2)"];
}
network Datacenter {
address = "Variation 3"
color = "#FFE4B5"
description = "DATACENTER\n(Spine/Leaf)"
Core_A;
Core_B;
Border_Leaf [description = "Border\nLeaf"];
Spine [description = "Spine"];
Leaf [description = "Leaf"];
Servers [description = "Servers\nStorage\nPBX"];
}
network Campus_Users {
address = "End Devices"
color = "#F0FFF0"
description = "Campus Users"
Access_L3;
Access_L2;
Users [description = "Laptops\nPhones\nCameras"];
}
}
@enduml
जब नेटवर्क कई सुरक्षा क्षेत्रों, व्यापार इकाइयों, या अनुपालन सीमाओं को शामिल करने के लिए बढ़ते हैं,VRF (Virtual Routing and Forwarding)रूट टेबल अलगाव प्रदान करता है। हालांकि, कई स्तरों के माध्यम से VRF का विस्तार जटिलता को जोड़ता है:
एक अच्छी तरह से डिजाइन किए गए सबनेट स्कीमा पैटर्न को पहचानने योग्य बनाता है, संज्ञानात्मक भार और विन्यास त्रुटियों को कम करता है।.
साइट आवंटन:10.0.0.0/13 (निर्माण स्थल अल्फा) - 524,286 प्रयोग योग्य होस्ट
@startuml VRF Subnet Schema
skinparam backgroundColor #FEFEFE
title Large Site VRF Allocation Schema (10.0.0.0/13)
nwdiag {
network Corporate_VRF {
address = "VRF: CORPORATE\n10.0.0.0/17"
color = "#98FB98"
description = "Production Users"
Corp_Transit [description = "Transit\n10.0.0.0/23"];
Corp_Users [description = "Users\n10.0.32.0/19"];
Corp_Voice [description = "Voice\n10.0.64.0/19"];
Corp_Wireless [description = "Wireless\n10.0.96.0/19"];
Corp_Server [description = "Servers\n10.0.112.0/20"];
}
network Guest_VRF {
address = "VRF: GUEST\n10.1.0.0/17"
color = "#FFE4B5"
description = "Visitor Network"
Guest_Transit [description = "Transit\n10.1.0.0/23"];
Guest_Users [description = "Users\n10.1.32.0/19"];
}
network Security_VRF {
address = "VRF: SECURITY\n10.2.0.0/17"
color = "#FFDAB9"
description = "Physical Security"
Sec_Transit [description = "Transit\n10.2.0.0/23"];
Sec_Camera [description = "Cameras\n10.2.32.0/19"];
Sec_Badge [description = "Badge Readers\n10.2.64.0/19"];
Sec_NVR [description = "NVR/VMS\n10.2.96.0/20"];
}
network IOT_VRF {
address = "VRF: IOT\n10.3.0.0/17"
color = "#E6E6FA"
description = "Manufacturing OT"
IOT_Transit [description = "Transit\n10.3.0.0/23"];
IOT_PLC [description = "PLCs\n10.3.32.0/19"];
IOT_HMI [description = "HMIs\n10.3.64.0/19"];
IOT_SCADA [description = "SCADA\n10.3.96.0/20"];
}
}
@enduml
ट्रांजिट सेगमेंट विस्तार (10.0.0.0/23 - 510 उपयोग योग्य आईपी):
The sub ofnet of the Link Description --------- Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt Мова Englishالعربية中文(简体)中文(漢字)NederlandsSuomiFrançaisDeutschहिन्दी; हिंदीMagyarItaliano日本語한국어Bahasa MelayuPortuguêsRomânăРусскийEspañolTürkçeУкраїнськаTiếng Việt 10.0.0.24/30 10.0.0.28/30 10.0.0.32/30 10.0.0.36/30 10.0.0.40/30 10.0.0.44/30 ... | (Pattern जारी)
ध्यान दें:/ 31 सबनेट्स (RFC 3021) का उपयोग पॉइंट-टू-पॉइंट लिंक्स, कंसर्विंग एड्रेस स्पेस के लिए भी किया जा सकता है।.
जब सबनेट पैटर्न VRF में संगत होते हैं:
क्या आप जानते हैं ------------------------------------------------------------------------------- कॉर्पोरेट में ट्रांजिट लिंक 10.0.0.40/30 का उपयोग करता है Access-SW-5 उपयोगकर्ता 10.0.36.0/24 पर हैं। साइट अल्फा 10.0.0.0/13 है।
यह इंजीनियर्स को अनुमति देता है:
@startuml Small Site Template
skinparam backgroundColor #FEFEFE
title Small Site Template (< 50 users)
nwdiag {
internet [shape = cloud];
network WAN {
color = "#FFE4E1"
description = "ISP/MPLS Circuit"
internet;
UTM [description = "UTM/SD-WAN\nAppliance\n(Router+FW+VPN+WLC)"];
}
network LAN {
address = "10.100.x.0/24"
color = "#98FB98"
description = "Single Subnet"
UTM;
Access [description = "Access Switch\n(or UTM ports)"];
}
network Endpoints {
color = "#F0FFF0"
description = "End Devices"
Access;
AP [description = "WiFi AP"];
Users [description = "Users"];
Phones [description = "Phones"];
}
}
@enduml
लघु साइट डिजाइन नोट्स:
@startuml Medium Site Template
skinparam backgroundColor #FEFEFE
title Medium Site Template (50-500 users)
nwdiag {
internet [shape = cloud];
network WAN_Edge {
color = "#FFE4E1"
description = "Internet Edge"
internet;
ISP_A [description = "ISP-A"];
ISP_B [description = "ISP-B/MPLS"];
Edge_RTR [description = "Edge Router"];
}
network Firewall_Tier {
color = "#FFDAB9"
description = "Firewall HA Pair"
Edge_RTR;
FW_A [description = "FW-A"];
FW_B [description = "FW-B"];
}
network Distribution {
address = "10.50.x.0/21"
color = "#DDA0DD"
description = "MCLAG Distribution\n(Dist/Core Combined)"
FW_A;
FW_B;
Dist_A [description = "Dist-A"];
Dist_B [description = "Dist-B"];
}
network Access_Tier {
color = "#98FB98"
description = "Access Switches (LACP)"
Dist_A;
Dist_B;
Acc1 [description = "Acc1"];
Acc2 [description = "Acc2"];
Acc3 [description = "Acc3"];
Acc4 [description = "Acc4"];
Acc5 [description = "Acc5"];
}
network Users {
color = "#F0FFF0"
description = "End Devices"
Acc1;
Acc2;
Acc3;
Acc4;
Acc5;
Endpoints [description = "Laptops/Phones\nCameras/APs"];
}
}
@enduml
मध्यम साइट डिजाइन नोट्स:
@startuml Large Site Template
skinparam backgroundColor #FEFEFE
title Large Site Template (500+ users)
nwdiag {
internet [shape = cloud];
network Internet_Edge {
color = "#FFE4E1"
description = "INTERNET EDGE MODULE"
internet;
ISP_A [description = "ISP-A"];
ISP_B [description = "ISP-B"];
MPLS [description = "MPLS"];
Edge_RTR [description = "Edge-RTR"];
FW_A [description = "FW-A"];
FW_B [description = "FW-B"];
}
network Internal_Edge {
color = "#E6E6FA"
description = "INTERNAL EDGE MODULE"
FW_A;
FW_B;
IntEdge_A [description = "IntEdge-A"];
IntEdge_B [description = "IntEdge-B"];
WLC [description = "WLC"];
Proxy [description = "Proxy"];
VPN [description = "VPN"];
DNS [description = "DNS"];
}
network Core {
color = "#B0E0E6"
description = "CORE MODULE"
IntEdge_A;
IntEdge_B;
Core_A [description = "Core-A"];
Core_B [description = "Core-B"];
}
network Dist_Var1 {
color = "#98FB98"
description = "L3 Adjacent"
Core_A;
Core_B;
Dist_1 [description = "Dist-1"];
Access_1 [description = "Access"];
}
network Dist_Var2 {
color = "#DDA0DD"
description = "MCLAG Trunk"
Core_A;
Core_B;
Dist_2 [description = "Dist-2"];
Access_2 [description = "Access"];
}
network Dist_Var3 {
color = "#FFE4B5"
description = "MCLAG Trunk"
Core_A;
Core_B;
Dist_3 [description = "Dist-3"];
Access_3 [description = "Access"];
}
network Datacenter {
color = "#87CEEB"
description = "SPINE/LEAF DC"
Core_A;
Core_B;
Border [description = "Border-Leaf"];
Spine [description = "Spine"];
Leaf [description = "Leaf"];
Servers [description = "Servers"];
}
}
@enduml
बड़ी साइट डिजाइन नोट्स:
जब खंड एकाधिक स्तरों के माध्यम से विस्तार करना चाहिए, तो प्रत्येक L3 सीमा विन्यास ओवरहेड जोड़ती है:
@startuml Multi-VRF Path Through Tiers
skinparam backgroundColor #FEFEFE
title Multi-VRF Traffic Path: Camera to NVR
nwdiag {
network Camera_Segment {
address = "VLAN 120\n10.2.36.0/24"
color = "#FFDAB9"
description = "VRF: SECURITY"
Camera [description = "Camera"];
Access_SW [description = "Access-SW\nSub-int: 10.2.0.40/30"];
}
network Access_to_Dist {
address = "10.2.0.40/30"
color = "#DDA0DD"
description = "VRF: SECURITY"
Access_SW;
Distribution [description = "Distribution\nSub-int: 10.2.0.24/30"];
}
network Dist_to_Core {
address = "10.2.0.24/30"
color = "#B0E0E6"
description = "VRF: SECURITY"
Distribution;
Core [description = "Core\nSub-int: 10.2.0.8/30"];
}
network Core_to_IntEdge {
address = "10.2.0.8/30"
color = "#E6E6FA"
description = "VRF: SECURITY"
Core;
Internal_Edge [description = "Internal-Edge\nSub-int: 10.2.0.0/30"];
}
network IntEdge_to_FW {
address = "10.2.0.0/30"
color = "#FFE4E1"
description = "VRF: SECURITY"
Internal_Edge;
Firewall [description = "Firewall\nInter-VRF Policy"];
}
network DC_Path {
address = "VXLAN/EVPN"
color = "#87CEEB"
description = "Datacenter Fabric"
Firewall;
Border_Leaf [description = "Border-Leaf"];
Spine [description = "Spine"];
Leaf [description = "Leaf"];
NVR [description = "NVR"];
}
}
@enduml
विन्यास ओवरहेड:
मॉड्यूलर नेटवर्क डिजाइन का लक्ष्य एक बनाना हैदोहराने योग्य पैटर्नयह सक्षम बनाता है:
The line of the rays of the rays --------- लघु+ | 10,000+ roulette of UTM + सिंगल स्विच,/24 प्रति साइट MCLAG वितरण + एक्सेस, / 21 प्रति साइट 100+ पूर्ण (Edge, आंतरिक एज, कोर, वितरण वेरिएंट, DC कपड़े)
इन पैटर्नों को स्थापित करके और उन्हें लगातार लागू करके, संगठन उन नेटवर्क का निर्माण कर सकते हैं जो एक एकल शाखा कार्यालय से वैश्विक उद्यम तक पहुंच सकते हैं-सभी परिचालन सादगी और सुरक्षा मुद्रा को बनाए रखते हुए।.
अनुच्छेद संस्करण 2.0 ♥ प्रकाशित 2026-02-02