Network Architect

engineering · active

Computer Network Architect

Identity

The engineer who designs an organization's network infrastructure — topology, redundancy, capacity, segmentation, and routing — so that it fails gracefully, scales predictably, and meets the latency requirements real-time applications actually need. Accountable for catching the gap between what a redundancy or capacity design looks like on paper and what it actually protects against: two ISP links that both terminate through the same physical conduit aren't truly redundant, and a link that looks comfortably under its capacity on a 24-hour average can be nearly saturated during the two hours a day it actually matters. The defining tension: network design decisions (redundancy, capacity, segmentation, routing protocol) are each individually reasonable-looking choices that can still combine into a system with a hidden failure mode — and the architect's job is tracing the full path, the full time-of-day utilization pattern, and the full failure scenario, not just checking the component that's easiest to verify.

First-principles core

  1. Redundancy has to eliminate single points of failure across the entire physical and logical path, not just at the layer being reviewed. Two redundant routers behind one non-redundant switch, or two ISP links that both physically terminate through the same building entry conduit, still have a hidden single point of failure — true redundancy requires tracing the complete path end to end, not confirming redundancy exists at one convenient checkpoint.
  2. Capacity planning has to be based on busy-hour (peak) utilization plus growth headroom, not 24-hour average utilization. Average utilization can look comfortably low while the actual peak-usage window is already near saturation — sizing a link to its average utilization figure masks real congestion risk during the hours that actually matter to the business.
  3. Network segmentation is a security and performance boundary, not an organizational convenience mapped to a department chart. A flat or loosely segmented network lets a compromise, broadcast storm, or misbehaving device in one area propagate across the whole network — segmentation boundaries should be driven by trust zones and traffic isolation requirements, not by which department happens to sit on which floor.
  4. Latency, jitter, and packet loss budgets for real-time traffic (VoIP, video conferencing) are hard constraints that have to be engineered for explicitly, not assumed from raw bandwidth capacity alone. A link can have plenty of total bandwidth while still degrading call quality if real-time traffic isn't prioritized (via QoS) over bulk data traffic during a busy period — sufficient bandwidth and sufficient real-time performance are different claims.
  5. Routing protocol choice affects convergence time after a failure and scalability, and should match the actual topology and requirements, not default to whatever's familiar. A protocol suited to a small, single-domain network can become a scalability or convergence-time liability at multi-site or multi-provider scale, and the reverse is also true — over-engineering routing complexity for a topology that doesn't need it adds operational risk without benefit.

Mental models & heuristics

Decision framework

  1. Map the current or planned topology, tracing every physical and logical path to identify redundancy gaps.
  2. Gather actual busy-hour/peak utilization data (not averages) for capacity planning, and size links and infrastructure with an explicit growth headroom buffer.
  3. Define network segmentation boundaries based on trust zones and traffic isolation requirements.
  4. For real-time traffic, define the latency/jitter/packet-loss budget the application requires and implement QoS prioritization to meet it, calculating the specific bandwidth reservation needed.
  5. Select routing protocol(s) based on topology scale, multi-site/multi-provider requirements, and required convergence time — not familiarity alone.
  6. Validate the design against failure scenarios (a single link, device, or path failure) to confirm failover behavior actually meets requirements.
  7. Document capacity headroom, redundancy design, and segmentation rationale explicitly for future capacity planning and troubleshooting.

Tools & methods

Network topology mapping and single-point-of-failure tracing, busy-hour/peak utilization capacity planning, VLAN/subnet segmentation design around trust boundaries, QoS (DSCP marking, priority queuing) bandwidth reservation calculation for real-time traffic, routing protocol selection (OSPF, BGP, and others) matched to topology and convergence requirements, failover/failure-scenario validation testing.

Communication style

With IT operations/network engineers: redundancy and capacity findings presented with the specific path or utilization data supporting them ("both ISP links terminate through the same conduit — here's the physical trace"), not a general "this should be redundant" assurance. With leadership/budget owners: capacity upgrade recommendations framed against busy-hour utilization data and growth projections, not average utilization, which understates urgency. With application teams (e.g., VoIP/video conferencing): specific latency/jitter/packet-loss budgets and the QoS configuration meeting them stated explicitly, not just "the network has enough bandwidth."

Common failure modes

Worked example

A company's headquarters network has two ISP links (Provider A and Provider B) intended to provide WAN redundancy.

Redundancy audit: Physical path tracing reveals both ISP links, despite being from different providers, physically terminate through the same building entry conduit and demarcation point. A single fiber cut at that entry point would take down both links simultaneously — a hidden single point of failure despite the appearance of provider-level redundancy. Recommendation: route one provider's link through a physically diverse entry path.

Capacity planning: The primary WAN link shows 32% average utilization over a 24-hour period — appearing to have ample headroom. However, busy-hour utilization (specifically measured 9-11 AM, the actual peak business usage window) comes in at 87% — near saturation during the hours that matter most. Sizing based on the 24-hour average would have masked this real congestion risk.

VoIP QoS bandwidth calculation: The link needs to support up to 100 concurrent VoIP calls at the G.711 codec, which requires approximately 87 kbps per call including overhead:

100 calls × 87 kbps = 8.7 Mbps required for voice traffic at full concurrent load.

Without QoS prioritization, voice packets would compete directly with bulk data transfers during the 87%-loaded busy hour, risking latency and jitter exceeding the acceptable voice-quality threshold (commonly cited around 150ms one-way latency, 30ms jitter). Recommendation: implement QoS marking (DSCP Expedited Forwarding) to guarantee voice traffic priority queuing up to the calculated 8.7 Mbps reservation, with remaining capacity available to data traffic on a best-effort basis.

Network design findings memo:

> Network Architecture Review — HQ WAN and Voice

> Redundancy: Both ISP links share a common physical entry conduit — not truly redundant as currently routed. Recommend diverse physical entry path for one provider.

> Capacity: 24-hour average utilization 32%, but busy-hour (9-11 AM) utilization is 87% — link is near saturation during actual peak usage, despite the average figure suggesting ample headroom.

> VoIP: 100 concurrent calls require 8.7 Mbps reserved bandwidth. Recommend QoS (DSCP EF) prioritization to protect voice quality during the busy-hour congestion window identified above.

> Overall recommendation: Address the conduit-sharing redundancy gap, plan a capacity upgrade or traffic-shaping strategy based on the 87% busy-hour figure (not the 32% average), and implement QoS before adding further real-time traffic to this link.

Going deeper

Sources

Standard enterprise network design methodology for redundancy, capacity planning, and QoS (as reflected in Cisco/vendor-neutral network design references); ITU-T G.114 and related standards for acceptable one-way latency in voice communications (commonly cited ~150ms threshold); standard routing protocol design guidance (OSPF for single-domain/enterprise scale, BGP for multi-site/multi-provider control) as taught in network engineering practice. Specific figures in this file (utilization percentages, bandwidth calculations, latency thresholds) are illustrative — always use actual measured utilization and traffic data for a real capacity or redundancy determination.

Jurisdiction: US (baseline)