gh-phaezer-claude-mkt-plugins-networking/commands/design-network.md

---
description: Design network architecture and topology
argument-hint: Optional network requirements
---

You are orchestrating a comprehensive network design workflow using a structured approach to create detailed network architecture plans.

## Workflow Steps

### 1. Gather Requirements

If the user provides specific requirements in their message, use those directly. Otherwise, ask the user for:

**Network Type and Purpose:**
- Network environment (data center, campus, branch office, cloud, hybrid)
- Primary use case (server connectivity, user access, WAN, internet edge)
- Criticality level (production, development, testing)

**Scale Requirements:**
- Number of devices to support (servers, users, IoT devices)
- Expected throughput (1G, 10G, 25G, 100G, 400G)
- Number of sites/locations
- Growth projections (1 year, 3 years, 5 years)

**Redundancy and High Availability:**
- Uptime requirements (99.9%, 99.99%, 99.999%)
- Acceptable downtime window
- Failure tolerance (single link, single device, entire site)
- Disaster recovery requirements
- Geographic redundancy needs

**Routing and Connectivity:**
- Routing protocol preferences (BGP, OSPF, IS-IS, static)
- Layer 2 vs Layer 3 architecture
- Network segmentation requirements
- Internet connectivity (single/dual provider, bandwidth)
- WAN connectivity requirements

**Security Requirements:**
- Compliance requirements (PCI-DSS, HIPAA, SOC 2, NIST)
- Network segmentation needs (DMZ, internal zones, guest)
- Firewall requirements
- IDS/IPS requirements
- Access control requirements

**Technical Constraints:**
- Existing infrastructure to integrate with
- Vendor preferences or restrictions
- Budget constraints
- Physical space constraints
- Power and cooling constraints

**Performance Requirements:**
- Latency requirements
- Packet loss tolerance
- QoS requirements
- Bandwidth guarantees

### 2. Launch network-orchestrator Agent

Use the Task tool to launch the network-orchestrator agent with a comprehensive design prompt:

```
Design a network architecture for the following requirements:

[Insert all gathered requirements here]

Please provide a comprehensive network design including:

1. Network Architecture Overview
   - Architecture type (spine-leaf, three-tier, collapsed core, etc.)
   - Design rationale and trade-offs
   - Scalability analysis

2. Topology Design
   - Physical topology diagram description
   - Logical topology diagram description
   - Device placement and roles
   - Link design and redundancy

3. IP Addressing Scheme
   - Subnet allocation plan
   - IP address management strategy
   - VLAN design and numbering
   - Loopback addressing scheme

4. Routing Design
   - Routing protocol selection and justification
   - IGP design (areas, levels, metrics)
   - BGP design (AS numbering, peering strategy)
   - Route summarization strategy
   - Failure scenario analysis

5. High Availability Design
   - Redundancy architecture
   - Failover mechanisms
   - Link aggregation design
   - Gateway redundancy (VRRP, HSRP, anycast)
   - Fast convergence mechanisms (BFD, tuned timers)

6. Security Architecture
   - Network segmentation design
   - Trust zones and boundaries
   - Firewall placement
   - ACL strategy
   - Management network design

7. Device Requirements
   - Switch/router specifications
   - Port count and speed requirements
   - Buffer and table size requirements
   - Feature requirements

8. Implementation Phases
   - Phase 1: Core infrastructure
   - Phase 2: Distribution/access layers
   - Phase 3: Services and optimization
   - Migration strategy (if applicable)

9. Validation and Testing Plan
   - Design validation steps
   - Testing scenarios
   - Acceptance criteria

10. Documentation Deliverables
    - Network diagrams
    - IP address inventory
    - Configuration templates
    - Runbooks
```

### 3. Review Design Output

When the agent returns the design, review it for:
- Completeness of all required sections
- Alignment with requirements
- Realistic scalability projections
- Appropriate technology selections
- Clear migration/implementation path
- Comprehensive failure scenario analysis

### 4. Create Design Documentation

Ensure the design includes comprehensive documentation:

**Network Diagrams:**
- Physical topology (rack elevations, cable paths)
- Logical topology (L2 and L3)
- IP addressing diagram
- Security zones diagram
- Failure scenario diagrams

**Design Specifications:**
- Bill of Materials (BOM)
- Cable schedule
- IP address allocation table
- VLAN table
- Routing protocol configuration summary

**Implementation Guide:**
- Pre-implementation checklist
- Step-by-step implementation procedure
- Configuration snippets
- Testing procedures
- Rollback procedures

### 5. Validate Design Against Requirements

Conduct a requirements validation check:

```
Requirements Validation Checklist:

□ Meets capacity requirements (current and future)
□ Meets redundancy/HA requirements
□ Meets performance requirements (latency, throughput)
□ Meets security requirements
□ Scalable to projected growth
□ Within budget constraints
□ Compatible with existing infrastructure
□ Follows industry best practices
□ Has documented failure scenarios
□ Includes clear implementation plan
```

### 6. Conduct Design Review Sessions

Organize design review with stakeholders:

**Pre-Review Preparation:**
- Distribute design documentation 1 week before review
- Prepare presentation slides
- Identify key decision points
- Prepare answers to anticipated questions

**Review Agenda:**
1. **Executive Summary** (15 min)
   - Business requirements recap
   - Proposed architecture overview
   - Key benefits and trade-offs

2. **Technical Deep Dive** (45 min)
   - Topology and architecture
   - IP addressing and routing
   - High availability design
   - Security architecture

3. **Implementation Plan** (30 min)
   - Phased approach
   - Timeline and milestones
   - Resource requirements
   - Risk mitigation

4. **Q&A and Feedback** (30 min)
   - Stakeholder questions
   - Feedback collection
   - Action items

### 7. Iterate Based on Feedback

After design review:
- Document all feedback and concerns
- Update design based on valid concerns
- Re-evaluate technology choices if needed
- Update cost estimates
- Revise implementation timeline
- Schedule follow-up review if major changes

### 8. Create Final Design Package

Assemble comprehensive design deliverables:

**Design Documents:**
1. **Executive Summary** (2-3 pages)
   - Business requirements
   - Proposed solution overview
   - Cost and timeline summary
   - Key benefits

2. **Architecture Design Document** (20-50 pages)
   - Detailed architecture description
   - Technology selection rationale
   - All network diagrams
   - IP addressing tables
   - Device specifications
   - Security design

3. **Implementation Plan** (10-20 pages)
   - Phased implementation approach
   - Detailed task list with owners
   - Timeline/Gantt chart
   - Testing plan
   - Risk assessment and mitigation

4. **Configuration Templates**
   - Base configuration templates
   - Security hardening templates
   - Monitoring configuration

5. **Operations Runbook**
   - Day 1 operations procedures
   - Troubleshooting guides
   - Escalation procedures
   - Maintenance procedures

## Best Practices for Network Design

### Architecture Selection

**Spine-Leaf (Clos) Architecture:**
- **Use for**: Data centers, high-performance computing
- **Benefits**: Predictable latency, easy scaling, high bandwidth
- **Considerations**: Requires L3 everywhere, more complex routing

**Three-Tier (Core-Distribution-Access):**
- **Use for**: Campus networks, traditional enterprise
- **Benefits**: Well understood, hierarchical, scalable
- **Considerations**: Can have bottlenecks at aggregation layer

**Collapsed Core (Two-Tier):**
- **Use for**: Small to medium enterprises, branch offices
- **Benefits**: Simplified, lower cost, easier management
- **Considerations**: Less scalable, potential bottlenecks

### IP Addressing Best Practices

1. **Use RFC1918 Private Address Space Efficiently**
   - 10.0.0.0/8 for large enterprises
   - 172.16.0.0/12 for medium enterprises
   - 192.168.0.0/16 for small offices

2. **Allocate Contiguous Blocks**
   - Allow for route summarization
   - Simplify routing tables
   - Enable easier growth

3. **Reserve Ranges**
   - Management network: /24 per location
   - Loopbacks: /32 from dedicated range
   - Point-to-point links: /30 or /31
   - Future growth: 30-50% headroom

4. **Document Everything**
   - IPAM (IP Address Management) system
   - Spreadsheet with allocations
   - DNS and DHCP integration

### Routing Protocol Selection

**BGP:**
- **Use for**: Data center fabrics, internet edge, multi-tenant
- **Pros**: Scalable, flexible policy control, industry standard
- **Cons**: More complex, requires careful design

**OSPF:**
- **Use for**: Campus networks, enterprise core
- **Pros**: Fast convergence, well understood, feature-rich
- **Cons**: Flat area design doesn't scale, CPU intensive

**IS-IS:**
- **Use for**: Service provider networks, very large enterprises
- **Pros**: Scales well, stable, low overhead
- **Cons**: Less common, fewer engineers familiar with it

**Static Routes:**
- **Use for**: Small networks, specific use cases, backup paths
- **Pros**: Simple, predictable, no protocol overhead
- **Cons**: Not scalable, manual updates, no automatic failover

### High Availability Design Principles

1. **Eliminate Single Points of Failure**
   - Redundant power supplies
   - Dual network paths
   - Multiple uplinks
   - Redundant services (DNS, DHCP, etc.)

2. **Use Redundancy Protocols**
   - VRRP/HSRP for gateway redundancy
   - LACP for link aggregation
   - BFD for fast failure detection
   - Route redundancy with equal-cost multipath

3. **Design for Fast Convergence**
   - Tune protocol timers appropriately
   - Use BFD (sub-second detection)
   - Pre-provision backup paths
   - Minimize spanning-tree domains

4. **Consider Failure Scenarios**
   - Single link failure
   - Single device failure
   - Power failure
   - Site failure (for multi-site)
   - Human error

### Security Design Principles

1. **Defense in Depth**
   - Multiple layers of security controls
   - Network segmentation
   - Least privilege access
   - Monitoring and logging

2. **Network Segmentation**
   - Separate trust zones (internet, DMZ, internal, management)
   - VLANs for logical separation
   - Firewalls between zones
   - Micro-segmentation for critical assets

3. **Access Control**
   - Management network isolation
   - SSH key authentication
   - TACACS+ or RADIUS
   - Role-based access control

4. **Monitoring and Logging**
   - Centralized syslog
   - SNMP monitoring
   - NetFlow/sFlow for traffic analysis
   - Security event correlation

## Common Design Patterns

### Data Center Leaf-Spine

**Architecture:**
- Spine layer: High-capacity switches (100G/400G)
- Leaf layer: ToR switches connecting servers
- Every leaf connects to every spine
- L3 routing to the leaf switches

**Routing:**
- BGP for underlay (eBGP with unique ASN per leaf)
- EVPN for overlay
- BFD for fast convergence

**Benefits:**
- Linear scaling
- Predictable latency
- High bandwidth
- Easy to automate

### Campus Three-Tier

**Architecture:**
- Core: High-speed backbone (collapsed to 2+ switches)
- Distribution: Aggregates access switches, L3 boundary
- Access: User/device connectivity, L2 usually

**Routing:**
- OSPF for campus routing
- Default gateway at distribution
- Static routes to core (optional)

**Benefits:**
- Well understood design
- Clear hierarchy
- Scalable for medium to large campuses

### Branch Office Hub-and-Spoke

**Architecture:**
- Central hub (data center or headquarters)
- Branch sites connect to hub
- Optional branch-to-branch (full mesh) for critical sites

**Connectivity:**
- MPLS WAN or SD-WAN
- Internet VPN backup
- Dual-homed branches for critical sites

**Routing:**
- BGP for WAN (with MPLS provider)
- OSPF or EIGRP internally
- Default route to hub

## Design Validation Checklist

Before finalizing design:

**Capacity Planning:**
- [ ] Port density meets current needs + 30% growth
- [ ] Link bandwidth supports peak traffic + 50% headroom
- [ ] Routing table size within device limits
- [ ] MAC table size sufficient for L2 domains

**Redundancy:**
- [ ] No single points of failure in critical paths
- [ ] All uplinks are redundant
- [ ] Power is redundant
- [ ] Management access is redundant

**Performance:**
- [ ] Latency meets requirements
- [ ] Bandwidth meets requirements
- [ ] QoS design supports critical applications
- [ ] Convergence time is acceptable

**Security:**
- [ ] Network segmentation implemented
- [ ] Firewalls properly placed
- [ ] ACLs defined for critical segments
- [ ] Management network isolated
- [ ] Monitoring and logging configured

**Scalability:**
- [ ] Design supports 3-5 year growth
- [ ] IP addressing allows for expansion
- [ ] Routing design scales appropriately
- [ ] Physical space for additional devices

**Operational:**
- [ ] Monitoring and management tools identified
- [ ] Automation approach defined
- [ ] Documentation complete
- [ ] Training plan for operations team
- [ ] Runbooks created

## Notes

- Network design is iterative - expect multiple revision cycles
- Involve all stakeholders early (network, security, operations, business)
- Consider operational complexity vs. technical perfection
- Document design decisions and trade-offs
- Plan for day 2 operations from the start
- Always have a rollback plan
- Test designs in lab before production deployment

## Example Task Invocation

```
design-network I need to design a data center network for 500 servers across 10 racks, requiring 25G server connectivity and 100G spine uplinks, with full redundancy and BGP routing for a multi-tenant cloud environment
```