zhongwei/gh-phaezer-claude-mkt-plugins-networking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-phaezer-claude-mkt-plugi…/commands/design-network.md
Zhongwei Li 57a131c6fd Initial commit
2025-11-30 08:47:18 +08:00

14 KiB
Raw Permalink Blame History

description, argument-hint
description argument-hint
Design network architecture and topology Optional network requirements

You are orchestrating a comprehensive network design workflow using a structured approach to create detailed network architecture plans.

Workflow Steps

1. Gather Requirements

If the user provides specific requirements in their message, use those directly. Otherwise, ask the user for:

Network Type and Purpose:

  • Network environment (data center, campus, branch office, cloud, hybrid)
  • Primary use case (server connectivity, user access, WAN, internet edge)
  • Criticality level (production, development, testing)

Scale Requirements:

  • Number of devices to support (servers, users, IoT devices)
  • Expected throughput (1G, 10G, 25G, 100G, 400G)
  • Number of sites/locations
  • Growth projections (1 year, 3 years, 5 years)

Redundancy and High Availability:

  • Uptime requirements (99.9%, 99.99%, 99.999%)
  • Acceptable downtime window
  • Failure tolerance (single link, single device, entire site)
  • Disaster recovery requirements
  • Geographic redundancy needs

Routing and Connectivity:

  • Routing protocol preferences (BGP, OSPF, IS-IS, static)
  • Layer 2 vs Layer 3 architecture
  • Network segmentation requirements
  • Internet connectivity (single/dual provider, bandwidth)
  • WAN connectivity requirements

Security Requirements:

  • Compliance requirements (PCI-DSS, HIPAA, SOC 2, NIST)
  • Network segmentation needs (DMZ, internal zones, guest)
  • Firewall requirements
  • IDS/IPS requirements
  • Access control requirements

Technical Constraints:

  • Existing infrastructure to integrate with
  • Vendor preferences or restrictions
  • Budget constraints
  • Physical space constraints
  • Power and cooling constraints

Performance Requirements:

  • Latency requirements
  • Packet loss tolerance
  • QoS requirements
  • Bandwidth guarantees

2. Launch network-orchestrator Agent

Use the Task tool to launch the network-orchestrator agent with a comprehensive design prompt:

Design a network architecture for the following requirements:

[Insert all gathered requirements here]

Please provide a comprehensive network design including:

1. Network Architecture Overview
   - Architecture type (spine-leaf, three-tier, collapsed core, etc.)
   - Design rationale and trade-offs
   - Scalability analysis

2. Topology Design
   - Physical topology diagram description
   - Logical topology diagram description
   - Device placement and roles
   - Link design and redundancy

3. IP Addressing Scheme
   - Subnet allocation plan
   - IP address management strategy
   - VLAN design and numbering
   - Loopback addressing scheme

4. Routing Design
   - Routing protocol selection and justification
   - IGP design (areas, levels, metrics)
   - BGP design (AS numbering, peering strategy)
   - Route summarization strategy
   - Failure scenario analysis

5. High Availability Design
   - Redundancy architecture
   - Failover mechanisms
   - Link aggregation design
   - Gateway redundancy (VRRP, HSRP, anycast)
   - Fast convergence mechanisms (BFD, tuned timers)

6. Security Architecture
   - Network segmentation design
   - Trust zones and boundaries
   - Firewall placement
   - ACL strategy
   - Management network design

7. Device Requirements
   - Switch/router specifications
   - Port count and speed requirements
   - Buffer and table size requirements
   - Feature requirements

8. Implementation Phases
   - Phase 1: Core infrastructure
   - Phase 2: Distribution/access layers
   - Phase 3: Services and optimization
   - Migration strategy (if applicable)

9. Validation and Testing Plan
   - Design validation steps
   - Testing scenarios
   - Acceptance criteria

10. Documentation Deliverables
    - Network diagrams
    - IP address inventory
    - Configuration templates
    - Runbooks

3. Review Design Output

When the agent returns the design, review it for:

  • Completeness of all required sections
  • Alignment with requirements
  • Realistic scalability projections
  • Appropriate technology selections
  • Clear migration/implementation path
  • Comprehensive failure scenario analysis

4. Create Design Documentation

Ensure the design includes comprehensive documentation:

Network Diagrams:

  • Physical topology (rack elevations, cable paths)
  • Logical topology (L2 and L3)
  • IP addressing diagram
  • Security zones diagram
  • Failure scenario diagrams

Design Specifications:

  • Bill of Materials (BOM)
  • Cable schedule
  • IP address allocation table
  • VLAN table
  • Routing protocol configuration summary

Implementation Guide:

  • Pre-implementation checklist
  • Step-by-step implementation procedure
  • Configuration snippets
  • Testing procedures
  • Rollback procedures

5. Validate Design Against Requirements

Conduct a requirements validation check:

Requirements Validation Checklist:

□ Meets capacity requirements (current and future)
□ Meets redundancy/HA requirements
□ Meets performance requirements (latency, throughput)
□ Meets security requirements
□ Scalable to projected growth
□ Within budget constraints
□ Compatible with existing infrastructure
□ Follows industry best practices
□ Has documented failure scenarios
□ Includes clear implementation plan

6. Conduct Design Review Sessions

Organize design review with stakeholders:

Pre-Review Preparation:

  • Distribute design documentation 1 week before review
  • Prepare presentation slides
  • Identify key decision points
  • Prepare answers to anticipated questions

Review Agenda:

  1. Executive Summary (15 min)

    • Business requirements recap
    • Proposed architecture overview
    • Key benefits and trade-offs

  2. Technical Deep Dive (45 min)

    • Topology and architecture
    • IP addressing and routing
    • High availability design
    • Security architecture

  3. Implementation Plan (30 min)

    • Phased approach
    • Timeline and milestones
    • Resource requirements
    • Risk mitigation

  4. Q&A and Feedback (30 min)

    • Stakeholder questions
    • Feedback collection
    • Action items

7. Iterate Based on Feedback

After design review:

  • Document all feedback and concerns
  • Update design based on valid concerns
  • Re-evaluate technology choices if needed
  • Update cost estimates
  • Revise implementation timeline
  • Schedule follow-up review if major changes

8. Create Final Design Package

Assemble comprehensive design deliverables:

Design Documents:

  1. Executive Summary (2-3 pages)

    • Business requirements
    • Proposed solution overview
    • Cost and timeline summary
    • Key benefits

  2. Architecture Design Document (20-50 pages)

    • Detailed architecture description
    • Technology selection rationale
    • All network diagrams
    • IP addressing tables
    • Device specifications
    • Security design

  3. Implementation Plan (10-20 pages)

    • Phased implementation approach
    • Detailed task list with owners
    • Timeline/Gantt chart
    • Testing plan
    • Risk assessment and mitigation

  4. Configuration Templates

    • Base configuration templates
    • Security hardening templates
    • Monitoring configuration

  5. Operations Runbook

    • Day 1 operations procedures
    • Troubleshooting guides
    • Escalation procedures
    • Maintenance procedures

Best Practices for Network Design

Architecture Selection

Spine-Leaf (Clos) Architecture:

  • Use for: Data centers, high-performance computing
  • Benefits: Predictable latency, easy scaling, high bandwidth
  • Considerations: Requires L3 everywhere, more complex routing

Three-Tier (Core-Distribution-Access):

  • Use for: Campus networks, traditional enterprise
  • Benefits: Well understood, hierarchical, scalable
  • Considerations: Can have bottlenecks at aggregation layer

Collapsed Core (Two-Tier):

  • Use for: Small to medium enterprises, branch offices
  • Benefits: Simplified, lower cost, easier management
  • Considerations: Less scalable, potential bottlenecks

IP Addressing Best Practices

  1. Use RFC1918 Private Address Space Efficiently

    • 10.0.0.0/8 for large enterprises
    • 172.16.0.0/12 for medium enterprises
    • 192.168.0.0/16 for small offices

  2. Allocate Contiguous Blocks

    • Allow for route summarization
    • Simplify routing tables
    • Enable easier growth

  3. Reserve Ranges

    • Management network: /24 per location
    • Loopbacks: /32 from dedicated range
    • Point-to-point links: /30 or /31
    • Future growth: 30-50% headroom

  4. Document Everything

    • IPAM (IP Address Management) system
    • Spreadsheet with allocations
    • DNS and DHCP integration

Routing Protocol Selection

BGP:

  • Use for: Data center fabrics, internet edge, multi-tenant
  • Pros: Scalable, flexible policy control, industry standard
  • Cons: More complex, requires careful design

OSPF:

  • Use for: Campus networks, enterprise core
  • Pros: Fast convergence, well understood, feature-rich
  • Cons: Flat area design doesn't scale, CPU intensive

IS-IS:

  • Use for: Service provider networks, very large enterprises
  • Pros: Scales well, stable, low overhead
  • Cons: Less common, fewer engineers familiar with it

Static Routes:

  • Use for: Small networks, specific use cases, backup paths
  • Pros: Simple, predictable, no protocol overhead
  • Cons: Not scalable, manual updates, no automatic failover

High Availability Design Principles

  1. Eliminate Single Points of Failure

    • Redundant power supplies
    • Dual network paths
    • Multiple uplinks
    • Redundant services (DNS, DHCP, etc.)

  2. Use Redundancy Protocols

    • VRRP/HSRP for gateway redundancy
    • LACP for link aggregation
    • BFD for fast failure detection
    • Route redundancy with equal-cost multipath

  3. Design for Fast Convergence

    • Tune protocol timers appropriately
    • Use BFD (sub-second detection)
    • Pre-provision backup paths
    • Minimize spanning-tree domains

  4. Consider Failure Scenarios

    • Single link failure
    • Single device failure
    • Power failure
    • Site failure (for multi-site)
    • Human error

Security Design Principles

  1. Defense in Depth

    • Multiple layers of security controls
    • Network segmentation
    • Least privilege access
    • Monitoring and logging

  2. Network Segmentation

    • Separate trust zones (internet, DMZ, internal, management)
    • VLANs for logical separation
    • Firewalls between zones
    • Micro-segmentation for critical assets

  3. Access Control

    • Management network isolation
    • SSH key authentication
    • TACACS+ or RADIUS
    • Role-based access control

  4. Monitoring and Logging

    • Centralized syslog
    • SNMP monitoring
    • NetFlow/sFlow for traffic analysis
    • Security event correlation

Common Design Patterns

Data Center Leaf-Spine

Architecture:

  • Spine layer: High-capacity switches (100G/400G)
  • Leaf layer: ToR switches connecting servers
  • Every leaf connects to every spine
  • L3 routing to the leaf switches

Routing:

  • BGP for underlay (eBGP with unique ASN per leaf)
  • EVPN for overlay
  • BFD for fast convergence

Benefits:

  • Linear scaling
  • Predictable latency
  • High bandwidth
  • Easy to automate

Campus Three-Tier

Architecture:

  • Core: High-speed backbone (collapsed to 2+ switches)
  • Distribution: Aggregates access switches, L3 boundary
  • Access: User/device connectivity, L2 usually

Routing:

  • OSPF for campus routing
  • Default gateway at distribution
  • Static routes to core (optional)

Benefits:

  • Well understood design
  • Clear hierarchy
  • Scalable for medium to large campuses

Branch Office Hub-and-Spoke

Architecture:

  • Central hub (data center or headquarters)
  • Branch sites connect to hub
  • Optional branch-to-branch (full mesh) for critical sites

Connectivity:

  • MPLS WAN or SD-WAN
  • Internet VPN backup
  • Dual-homed branches for critical sites

Routing:

  • BGP for WAN (with MPLS provider)
  • OSPF or EIGRP internally
  • Default route to hub

Design Validation Checklist

Before finalizing design:

Capacity Planning:

  • Port density meets current needs + 30% growth
  • Link bandwidth supports peak traffic + 50% headroom
  • Routing table size within device limits
  • MAC table size sufficient for L2 domains

Redundancy:

  • No single points of failure in critical paths
  • All uplinks are redundant
  • Power is redundant
  • Management access is redundant

Performance:

  • Latency meets requirements
  • Bandwidth meets requirements
  • QoS design supports critical applications
  • Convergence time is acceptable

Security:

  • Network segmentation implemented
  • Firewalls properly placed
  • ACLs defined for critical segments
  • Management network isolated
  • Monitoring and logging configured

Scalability:

  • Design supports 3-5 year growth
  • IP addressing allows for expansion
  • Routing design scales appropriately
  • Physical space for additional devices

Operational:

  • Monitoring and management tools identified
  • Automation approach defined
  • Documentation complete
  • Training plan for operations team
  • Runbooks created

Notes

  • Network design is iterative - expect multiple revision cycles
  • Involve all stakeholders early (network, security, operations, business)
  • Consider operational complexity vs. technical perfection
  • Document design decisions and trade-offs
  • Plan for day 2 operations from the start
  • Always have a rollback plan
  • Test designs in lab before production deployment

Example Task Invocation

design-network I need to design a data center network for 500 servers across 10 racks, requiring 25G server connectivity and 100G spine uplinks, with full redundancy and BGP routing for a multi-tenant cloud environment
Reference in New Issue View Git Blame Copy Permalink