Network design

From Wikitech
Jump to: navigation, search
Wikimedia infrastructure

Data centres and PoPs


HTTP Caching




AS 14907

The US network.


Current topology. Featuring the new eqdfw and eqord.


AS14907 in 2014


File:Eqiad logical.png
AS14907 Eqiad in 2011



subnet vlan ID IPv4 IPv6
public1-a-eqiad 1001 2620:0:861:1::/64
public1-b-eqiad 1002 2620:0:861:2::/64
public1-c-eqiad 1003 2620:0:861:3::/64
public1-d-eqiad 1004 2620:0:861:4::/64
private1-a-eqiad 1017 2620:0:861:101::/64
private1-b-eqiad 1018 2620:0:861:102::/64
private1-c-eqiad 1019 2620:0:861:103::/64
private1-d-eqiad 1020 2620:0:861:104::/64
  • cr1-eqiad
  • cr2-eqiad
  • cr1-ulsfo

AS 43821

The European network.


File:AS43821 Q3 2010.png
AS43821 late 2010

The purchase of several Juniper EX4200s in a stack, for extra access ports for servers, also brings some opportunities w.r.t. the network topology. Since the EX4200s have excellent L3 support they can help create redundancy.

The 2nd dark fiber is linked between br1-knams and csw2-esams to create a ring. csw1-esams and csw2-esams can then share responsibility as core switches, for inter-vlan routing and switching, using VRRP. Since an EX4200 can not install a full BGP routing table in FIB, it defaults to either of the two Foundry routers using OSPF.

Toolserver can be connected redundantly as well, using (R)STP to both core switches and VRRP, or alternatively a LAG to the EX4200 stack.


File:AS43821 2009.png
AS43821 in 2009

Temporary situation after the move from knams to esams. The network is split, with a new Foundry BigIron RX-4 as a pure router at knams for external connectivity, with Telia, DataHop, Init7 (partial) transit, and 2x 1 Gbps AMS-IX for peering. Connectivity between the two sites is supplied by a 10GBase-ER link over dark fiber, and a 3 Gbps MPLS backup link. A second dark fiber is being installed to form a ring.


BGP default transit from AS1145 (Kennisnet), with some partial transit and peering over a 1 Gbps AMS-IX link. Everything on one core router/switch, csw1-knams (Foundry BigIron RX-8).

Configuration guidelines

  • Firewall filters, policies, prefix lists etc that are specific to a certain protocol family (e.g. only IPv4, or only IPv6) should have a '4' or '6' appended to their name. Filters, policies and prefix lists that are protocol family agnostic, should lack this suffix.

See also