Topology update: IP addresses and device changes

I have started to work out the IP addressing scheme, and iron out a couple of issues in the topology.

To have a working MPLS core at the top of the topology, I have added another router and a switch. R1 will be the provider router, R2, R4 and Prov1 will be the PE routers, and the HQ’s ASAs will connect into a provider switch (under the Prov1 router).

CCIE Security v4 topology

I have also added the external IP addresses. I think I will need to add another link between R3 and the NYFW01 firewall – this will be a transparent firewall, acting as a bump in the wire, which is why the IP address spans from R3 to R1. The FW will need managing, though, So another link will most definitely be required.

This time around I will be using proper public IP addresses, this should never be done in a production environment (i.e. randomly selecting IP addresses to play with – but this will be an enclosed system, so I can do what I like).

I purposefully have not looked at how the HQ will be addressed. It will be using the 192.168.0.0/16 subnet, broken down into different subnets with the VLANs. I’ll sort this bit out later.

It’s definitely taking shape. The books are arriving, just one more to be delivered, and maybe two more to purchase. It’s getting exciting as well. Now that I have the IP addresses formulated, I can start building up the MPLS core, which will be a fairly simple design, as there is nothing in the blueprint to suggest that MPLS will come up. Nevertheless, MPLS is an interesting topic, so it should be a good way to kick things off in the right frame of mind.

Hopefully, I can start the MPLS tomorrow!