How to prepare LLD/HLD for WAN
Today, let us deep dive into how to do the network
documentation specific to Wide Area networks. When you preparing LLD or HLD design
documents , it is extremely necessary that you cover every aspect of network and in
very professional way of writing, you need to divide your LLD/HLD document
into below base HEADINGS-
1.1 Sites included in this documentation
2 General overview of VPNs
3 WAN Configurations per site
3.1 Headquarters
3.1.1 WAN Network Diagram
3.1.2 WAN connections
3.1.3 WAN Services
3.2 Remote Site configuration
3.2.1 WAN Network Diagram
3.2.2 WAN connections
3.2.3 WAN Services
1 Introduction
The National Home Builders Registration Council (NHBRC) of South Africa has many locations distributed throughout the country. The NHBRC offices are interconnected via a Wide Area Network (WAN), utilizing Fibre, Diginet and ADSL access technologies. This document is an audit of the current state of the WAN. The information gathered in this document comes from diagrams and data that have been provided by the NHBRC as well as the telco providing the services to the Council.
1.1 Sites included in this documentation
The following is a list of the NHBRC sites:
Main Headquarters
Bela-Bela
Bellville
Bloemfontein
East London
Eric Molobi
George
Kimberly
Klerksdorp
Mafikeng
Nelspruit
New Castle
Polokwane
Port Elizabeth
Pretoria
Rustenburg
Tzaneen
Durban
Thulamela
Witbank
The following VPN services are provided for headquarters:
3.2.3 WAN Services
Bela-Bela
Bellville
Bloemfontein
East London
Eric Molobi
George
Kimberly
Klerksdorp
Mafikeng
Nelspruit
New Castle
Polokwane
Port Elizabeth
Pretoria
Rustenburg
Tzaneen
Durban
Thulamela
Witbank
2 General overview of VPNs
The following diagram describes the current state of the organisation’s WAN.
Note the following:
- There are several equipment configurations in the above diagram. These are indicated with the letters A, B C, D, E and F.
- The diagram includes the Telkom NBSC Data Centre which is an off-site datacentre
- The Hartebeeshoek Data Centre, another off-site datacenter.
- The following table is a summary of the types of WAN connections, their bandwidths and the devices to which they are connected:
3 WAN Configurations per site
The following sections describe the various WAN configurations that exist at the headquarters and at each remote site. Each configuration for the remote sites can be found at multiple sites and this is indicated in the documentation.
3.1 Headquarters
3.1.1 WAN Network Diagram
The Sunninghill Head Office along with the connections to the Datacentres, the PSTN and the Internet can be seen in the diagram below.
Figure 2: Close-up of headquarters and datacenter WAN connections
Note the following:
- There is one MetroEthernet connection from headquarters that connects to the NHBRC VPN Cloud for the purpose of interconnectivity with the remote sites.
- There is a redundant Microwave (M/W) link from headquarters that connects to the NHBRC VPN Cloud for the purpose of interconnectivity with the remote sites.
- WAN Audit and Documentation for the NHBRC 8
- There is redundant connectivity from the Telkom NBSC Datacentre to the VPN cloud, for interconnectivity with the remote sites.
- There is an independent redundant direct link between headquarters and the Telkom NBSC Datacentre for direct connectivity.
- There is a local voice gateway with two E1 connections to the PSTN
- The Telkom Datacentre provides the following services
o UC Servers for telephony communication
o Firewall services
o Physical servers and applications
o VoIP gateway and connectivity to the PSTN
o Internet access
o Firewall services
o Physical servers and applications
o VoIP gateway and connectivity to the PSTN
o Internet access
3.1.2 WAN connections
The available WAN connections and their configurations for the headquarters can be seen in the table below:
3.1.3 WAN Services
The following VPN services are provided for headquarters:
- One 60 Mbps MetroEthernet VPN
- Redundant 60 Mbps M/W link VPN
- One 60Mbps direct connection to the Telkom Datacentre
- One 150Mbps VPN connection from the Telkom Datacentre to the NHBRC VPN network
- Platinum Plus SLA
- Redundant Access
- Redundant Routers
3.2 Remote Site configuration A
The following diagram describes configuration A. This configuration exists at the following sites: Bellville, Durban.
3.2.2 WAN connections
The available WAN connections and their configurations for the Bellville and Durban sites can be seen in the table below:
| Location | Bellville | Bellville | New Castle | East London | East London |
| Type | Primary VPN | Redundant VPN | PSTN | Primary VPN | Secondary DSL |
| Description | CE Equipment | CE Equipment | Voice Gateway | ADSL backup | ADSL backup |
| Device | 2911 | 2911 | 2901 | 2901 | 887 |
| Bandwidth | 10 Mbps | 10 Mbps | BRI | 4 Mbps | 4 Mbps |
| Circuit No. | 71-00386-23 | 71-00387-23 | - | 72-00177-23 | 62-11169-66 |
3.2.3 WAN Services
The following VPN services are provided for these sites:
- Dual 10 Mb/s VPNs
- Gold SLA
- Redundant Access
3.3 Remote Site configuration B
The following diagram describes configuration B. This configuration exists at the following sites:
- Port Elizabeth
- Rustenburg
- Pietersburg
- Nelspruit
- Pretoria
- Bloemfontein
| Location | New Castle | New Castle | New Castle | East London | East London | East London |
| Type | Primary VPN | Secondary DSL | PSTN | Primary VPN | Secondary DSL | PSTN |
| Description | CE Equipment that connects to VPN | ADSL backup | Voice Gateway | CE Equipment that connects to VPN | ADSL backup | Voice Gateway |
| Device | 2901 | 887 | 2901 | 2901 | 887 | 2901 |
| Bandwidth | 4 Mbps | 4 Mbps | BRI | 4 Mbps | 4 Mbps | BRI |
| Circuit No. | 77-00254-23 | 67-15883-66 | - | 72-00177-23 | 62-11169-66 | - |
3.3.3 WAN Services
The following VPN services are provided for these sites:
- Dual 5 Mb/s VPNs
- Gold SLA
- Redundant Access
The access points at the remote sites connect to the wireless controller via the available WAN connections at each location. Where redundancy in the WAN network is available, redundancy is inherently available for the wireless network as well.
SSID is configured with the following criteria
All access points employed in the network are capable of functioning at both 2.4 GHz and 5 GHz using the 802.11a/n/ac and 802.11b/g/n IEEE standards. This provides for more flexibility in RF management and deployment and also allows for better coverage with much less interference from both Rogue and Production access points
Corporate SSID
This SSID is configured with the following criteria
This SSID is configured with the following criteria
This SSID is configured with the following criteria
- Layer 2 security consists of WPA+WPA2 using AES and 802.1X authentication
- A RADIUS server is configured at 172.16.1.40 at port 1812 for authentication
This SSID is configured with the following criteria
- Layer 2 security consists of WPA+WPA2 using AES and PSK authentication
- No AAA servers are configured.
*****************************************************************
