cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
1
Helpful
4
Replies

Looking for advice on network diagram

VM0815
Level 1
Level 1

hi all,

i am working on an university project where I need design a logical and physical target network for a fictitious company. I chose a manufacturer in the automotive industry. Its more about the fundamentals, than designing every last bit.

Later I will also need to create a components list with all the different functions, networks and IPs as well as a security concept. Before I start with that, I would like to ask if there is anything obvious that I am missing or I should change.

I am an absolute beginner in networking and after reading some literature and documentations I came up with the following design. I am also thinking about how to add some redundancy especially for the OT-network to increase availability.

I would be thankful for any advice.

*Customer Services stands for e.g. diagnosis tools for customer cars

Challenges_and_Solution-Zielnetzwerk - logisch.drawio.png

1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @VM0815 

Redundancy has to be a key concern, especially for firewalls and switches in the LAN and OT network. Right now, each firewall (CFW01-03, FW02) and switch (SW02, CSW01-03, IDMZSW01) is a single point of failure.

For OT, add redundant firewalls and switches per cell and ensure dual uplinks to the industrial DMZ. For IT, consider dual L3 switches (SW02) with HSRP/VRRP to prevent failures from cutting off connectivity.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

4 Replies 4

M02@rt37
VIP
VIP

Hello @VM0815 

Redundancy has to be a key concern, especially for firewalls and switches in the LAN and OT network. Right now, each firewall (CFW01-03, FW02) and switch (SW02, CSW01-03, IDMZSW01) is a single point of failure.

For OT, add redundant firewalls and switches per cell and ensure dual uplinks to the industrial DMZ. For IT, consider dual L3 switches (SW02) with HSRP/VRRP to prevent failures from cutting off connectivity.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

thanks for your input

Hi M02@rt37 ,

thanks again for your hints.

I added active and passive firewalls in the cells and also additional switches which could be extended to a ring topology if needed.

In the IDMZ i added stacked switches, which as I understood are easily extendable and can also act as backup in case of failure. these are now behind a dual firewall. 

In the internal network I also added a switch stack.

My understanding is, that now at least the communication between internal network and the cells is highly available. The external communication and DMZ is still affected by single point of failures but as availability is not the main concern here, one could accept the risk.

does this sound right?

 

Challenges_and_Solution-Zielnetzwerk - logisch.drawio.png

Sounds perfect @VM0815 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.