Build a Complete Routed Network Architecture

# CHAPTER 20

Build a Complete Routed Network Architecture #

1. Introduction #

You have completed the comprehensive guide to Network Routing. You have traversed from the basic concept of a Default Gateway to the planetary complexity of BGP. You understand how VLANs segment traffic, how OSPF calculates bandwidth, and how NAT hides private infrastructure. Now, it is time to synthesize this knowledge into a singular, cohesive design. In this final capstone chapter, we will architect a complete, real-world network infrastructure for a modern corporate headquarters. We will design the IP scheme, segment the VLANs, deploy dynamic interior routing, and secure the perimeter for internet access. This is what network engineering looks like in production.

2. The Architecture Scenario #

The Goal: You are the Lead Network Architect for GlobalTech HQ. You must design a network for a 3-story office building that includes:

1. 1. Segregated VLANs for Staff, Management, and Guest Wi-Fi.

1. 2. A highly available Core/Distribution routing backbone.

1. 3. Dynamic routing using OSPF.

1. 4. Internet connectivity with NAT and strict security.

1. 5. A Hybrid Cloud VPN tunnel to AWS.

3. Step 1: IP Planning and VLAN Architecture #

Before touching any hardware, a professional engineer builds a spreadsheet. We will use the Private 10.0.0.0/16 block.

The VLAN Design:

• VLAN 10 (Management): 10.0.10.0/24 | Gateway: 10.0.10.1

• VLAN 20 (Staff): 10.0.20.0/24 | Gateway: 10.0.20.1

• VLAN 30 (Guest Wi-Fi): 10.0.30.0/24 | Gateway: 10.0.30.1

*Architectural Choice:* By making the 3rd octet match the VLAN ID, we make troubleshooting infinitely easier. We are also perfectly positioned to use Route Summarization later.

4. Step 2: The Core and Distribution Setup #

We deploy the Cisco 3-Tier Model (Chapter 17).

1. 1. We install Layer 2 Access Switches on all 3 floors. We assign the physical ports to VLANs 10, 20, and 30.

1. 2. We run redundant Fiber cables from the Access Switches up to two Layer 3 Multilayer Switches (Distribution Layer).

1. 3. We configure 802.1Q Trunking on the fiber cables to allow all VLAN traffic to flow up to the Distribution layer.

1. 4. We configure Inter-VLAN Routing on the Distribution switches, giving them the Default Gateway IPs (10.0.10.1, etc.).

1. 5. We configure HSRP between the two Distribution switches to guarantee High Availability. If Switch A dies, Switch B instantly takes over the Gateway IPs.

5. Step 3: Interior Dynamic Routing (OSPF) #

The Distribution switches must talk to the massive Core Router in the basement. We do not want to use Static Routes.

1. 1. We enable OSPF (Area 0) on the Distribution switches and the Core Router.

1. 2. The Distribution switches send an LSA to the Core Router.

1. 3. *Optimization:* Instead of sending three separate routes, the Distribution switches use Route Summarization. They tell the Core: *"Send all traffic for 10.0.0.0/16 to me."* The Core routing table remains incredibly small and fast.

6. Step 4: Securing the Perimeter (NAT & ACLs) #

The Core Router connects to the ISP Edge Firewall.

1. 1. NAT Configuration: The Edge Firewall is assigned a Public IP (203.0.113.5). We configure Port Address Translation (PAT). When Staff (VLAN 20) requests a website, the firewall hides their private IP behind 203.0.113.5.

1. 2. Access Control List (ACL): The Guest Wi-Fi (VLAN 30) must be secured. We write a strict ACL and apply it to the Distribution switch:

• Deny IP Source 10.0.30.0/24 Destination 10.0.10.0/24 (Block guests from Management).

• Deny IP Source 10.0.30.0/24 Destination 10.0.20.0/24 (Block guests from Staff).

• Permit IP Source 10.0.30.0/24 Destination ANY (Allow internet access).

7. Step 5: The Hybrid Cloud VPN #

GlobalTech hosts its main database in an AWS VPC (172.16.0.0/16).

1. 1. We configure an IPsec VPN Tunnel on the Edge Firewall, connecting over the internet to the AWS Virtual Private Gateway.

1. 2. We configure BGP over the tunnel. The AWS cloud announces 172.16.0.0/16 to the Core Router. The Core Router announces 10.0.0.0/16 to AWS.

1. 3. *Result:* A manager on VLAN 10 can securely ping the AWS database as if it were sitting in the basement.

8. Course Conclusion #

You have reached the end of Network Routing – Complete Beginner to Advanced Guide. Routing is the fundamental heartbeat of modern civilization. It is the mathematical logic that allows an email to traverse the globe in milliseconds, navigating around broken cables, avoiding congested highways, and perfectly targeting its destination.

You now possess the architectural foresight to segment networks with VLANs, the mathematical capability to manipulate OSPF Link-State metrics, and the security intelligence to deploy NAT and Access Control Lists. You have evolved from someone who simply plugs in a Wi-Fi box, into an engineer who understands the precise, hop-by-hop journey of a packet across the physical and virtual internet.

Whether you are progressing toward a Cisco CCNA certification, a Cloud DevOps career, or Cybersecurity engineering, you now hold the foundational blueprint required to build, route, and scale the networks of the future.

Congratulations on completing the course! #