Basic topology setup:
- ADAM1 = ADAM workstations
- HSW# = AWIPS High-Speed Switches (Cisco 2960g6)
- ADAM SW = ADAM shared media hub (5-port 10/100/1000 "pocket" switch)
- DVB# = Novra S300 Digital Video Broadcast receivers
There are two network connections on ADAM, one to the AWIPS LAN, one to the DVB as follows:
- [ADAM1-CCC] --- [HSW2, g0/43]
- [ADAM1-CCC] --- [ADAM SW] --- [DVB2]
The way the switch interconnects with the ADAM and the firewall is a little more complicated.
The ADAM1 connects to HSW2,g0/43 (GigabitEthernet switchport 43 on module 1).
HSW2 and HSW1 are combined into a sort of for Rapid-Spanning Tree Protocol.
- Spanning-Tree Protocol allows for multiple paths from a single device to be connected to a switch without any adverse side-effects like bridge loops or multiple paths detected to a single device.
[ADAM1, eth0] --- [[ HSW2, g0/43] --- [HSW2, g0/47 ]] --- [HSW1, g0/21] --- [[ FW/SW1, port1] --- [FW/SW1, port 2 ]] --- [FW1, eth0/1]
That's a lot of hops, but it basically says that the ADAM network interface eth0 connects to the switches which sends the traffic out to the firewall. Between the HSW and the firewall (FW) there is another shared-media hub (5-port "pocket" switch) for high-availability of the firewall cluster, that is what FW/SW1 is. Port 1 connects from AWIPS, port 2 connects to the firewall. There are two FW/SW switches in the LDAD rack, each firewall has a single connection from the FW/eth0,1 port to each FW/SW --- should the firewall highly available service move between FW1 or FW2. Note that the high-available package for the firewalls is named GW1, the actual machine is named FW1 or FW2. There is no GW2.
Once a connection is made the the GW1 (assumed running in the above topology diagram on FW1) should the request destination address from the ADAM be an external IPADDR like the NWS Collaborative Web Server (e.g. 140.90.75.234) the routing on the firewall will direct the request, coming in on eth0,1 to eth0,2 or the "Untrust" network connection. The other end of FW1, eth0,2 goes to the LLSW, or the Local LAN SWitch. There are usually four connections in the LLSW, one to the site LAN which goes out to the regional routers and then cyberspace; one to the LS2 and one to the LS3; and one to the LTS (LDAD Terminal Server). There may also be a VIR connection.
So the topology from the Firewall to cyberspace would be:
[[GW1, eth0,1] --- [GW1, eth0,2]] --- [LLSW] --- PATCH PANEL, or SITE LAN connection
All we care about here is the connection to the LLSW, which is a Tiger 24port Switch for WFO/RFCs and a Edge-corE ES4528V 28port switch for NCEP. You can only connect to the LLSW via the LTS, which is only accessible via the LS2 or LS3 through the LLSW LAN connections.
Putting it all together:
A request generated from the ADAM workstation to 140.90.75.234 will follow this path, assuming all software and firewall configurations are setup properly (discussed in part 2):
[ADAM1, eth0] --- [[HSW2,g0/43] --- [HSW2,g0/47]] --- [HSW1,g0/47] -- [HSW1, g0/21] --- [[FW/SW1, port 1] --- [FW/SW1, port2]] --- [[FW1, eth0,1] --- [FW1, eth0,2]] --- [LLSW] --- Patch Panel or Site LAN connection --- cyberspace
While it seems a bit complex it is rather simple, and I made it as detailed as possible, the simple path would be:
- ADAM workstation
- AWIPS High-Speed Switch
- Firewall Switch to the Firewall
- Out the Firewall to the Local LAN switch (LLSW)
- Out to the internet
No comments:
Post a Comment