Network edge design checklist: Part 2 — Network edge design

In this series 'Network edge design', Brandon Hitzel shares practical lessons learned from designing edge networks, building on his first series on the topic.

In the first two posts of this series, we explored the fundamentals of building a resilient network edge. Part 1 focused on circuit design and active/active considerations - from physical path diversity to Border Gateway Protocol (BGP) strategies that keep traffic flowing even when things go wrong.

In this post, we're taking a step back to look at the big picture. Designing the network edge isn't just about cables and configurations - it's about planning, documentation, and making sure every critical element is accounted for before you start. To help with that, here's a comprehensive checklist of considerations you can use as a starting point.

Ask yourself: Have you thought about all these things in your design? Which ones aren't relevant or necessary for your environment?

This approach helps ensure nothing important is forgotten while giving you flexibility to tailor the design to your specific goals.

Administration considerations

Administrative planning establishes the framework for a successful network edge design. This includes defining business objectives, continuity requirements, and cost structures, as well as selecting hardware and ensuring compliance with regulatory and contractual obligations. Proper planning at this stage reduces risk and provides clarity for subsequent technical decisions.

Business

• Goals
• Justification
• Continuity objectives
• Monthly recurring cost budget (or profit margin)
• Non-recurring costs
• Architecture diagram
• Internet Routing Registry (IRR), Resource Public Key Infrastructure (RPKI), and Regional Internet Registry (RIR) administration
• Contracts, Letters of Authorization (LOAs), and customer, peer, or provider SLAs (Service Level Agreements)

Hardware

• Budget
• Vendor make/model
• Feature support
• Licenses/support
• Future service needs

Configuration

• Existing standards
• Anything unique to take into account
• Preparatory work
• End-to-end design diagram
• Project timeline planning
• Construction planning (many items related to this line)
• Maintenance/lifecycle planning

Circuit design considerations

Circuit design determines the physical and logical connectivity of the network edge. Key considerations include transport mediums, provider diversity, and path redundancy across Layer 1, Layer 2, and Layer 3. Evaluating latency, jitter, bandwidth, and service-level agreements ensures performance and reliability. Interoperability of optics and hand-offs must also be verified to prevent compatibility issues.

• Transport mediums available
• Location and provider options
  • Serving Wiring Center (SWC)
  • Point of Presence (PoP)
  • Central Office (CO)
  • Network-to-Network Interface (NNI) for off-net
  • Diversity
• Physical cable and path from inside premises to last-mile wiring centre
• Intermediate physical cable and path, if applicable to middle-mile PoP
• Physical cable and path from wiring centre (or middle-mile facility) to CO
• Redundant paths or protection (Layer 1/optical, Layer 2 and/or Layer 3)
• Optics/hand-offs interoperability
• Customer Premises Equipment (CPE) and Provider Edge (PE) equipment at each location
• Latency, jitter, bandwidth,
• SLAs
• Scheduling

Network layer design considerations

Layer 2 and Layer 3 configurations define how traffic flows through the edge. At Layer 2, redundancy mechanisms such as port-channels, Virtual Port Channel (VPC), or Multi-Chassis Link Aggregation (MLAG) must be considered alongside Virtual Local Area Network (VLAN) design and cross-connects. At Layer 3, IP addressing, BGP policies, Virtual Routing and Forwarding (VRF), Quality of Service (QoS), and firewall High Availability (HA) are critical for routing stability and security. These decisions directly impact scalability, fault tolerance, and operational efficiency.

Layer 2

• Router-to-router connections
• Switch-to-switch connections
• Paths between Layer 3 points/interconnects
• VLANs (S/C)
• Port-channel
• Stacking/VPC/MLAG
• Cross-connects

Layer 3

• IP addressing
• BGP
  • Autonomous System Number (ASN)
  • Ingress prefix/route acceptance
  • Egress prefix advertisements
  • Route filtering
  • Local preference
  • Communities (assigning, stripping, and/or matching)
• Upstream peering beyond neighbor
• Active/active or active/passive routing considerations
• Ingress traffic filtering (Access Control List)
• QoS
  • Total bandwidth Committed Information Rate (CIR)
  • Shaping/policing (match CIR)
  • Queues (by Differentiated Services Code Point if applicable)
• Firewall (certain cases)
  • Zones
  • Network Address Translation (NAT) pools
  • Configuration feature support
  • HA failover
• Inbound/outbound routing from edge to backbone or internal network
  • Interior Gateway Protocol (IGP)
  • Communities/local preference again
  • P/PE routers
  • Hot/cold potato

Documentation considerations

Comprehensive documentation supports ongoing operations, troubleshooting, and future expansion. This includes circuit identifiers, diagrams, rack elevations, and configuration templates. Maintaining accurate records of physical paths, logical designs, and configuration standards ensures consistency and enables automation. Documentation from providers and peers should also be integrated into the source of truth.

• Circuit IDs
• Support & contact information
• Billing/account numbers (got to pay or collect those bills)
• Physical pictures of the setup
• High-level/low-level diagrams
  • Layer 2
  • Layer 3
  • 'As-builts'
  • Cable path (map of splice points, aerial, above ground, pedestals, vaults, and so on)
  • Rack elevations
• Documentation from peer/provider
• Configuration documentation
  • Templates (for example, automation)
  • Route-maps
  • IP addressing
  • ACLs
• Spreadsheet or software tool updating
• Source of truth data inputs

Putting it all together

This checklist is designed as a comprehensive reference for network edge design projects. The intent is not to implement every item but to ensure that all relevant considerations have been evaluated. Use it as a validation tool:

Have you accounted for each category? Which elements are essential for your environment, and which can be excluded?

This approach helps reduce risk, improve resiliency, and maintain alignment with business and technical objectives.

With this post, we conclude the Network Edge Design series. Together, these resources offer a practical framework for building a robust, scalable, and secure network edge. Adapt the guidance to your specific requirements, and revisit these principles as your network evolves.

Brandon Hitzel (Twitter) is a network engineer who has worked in multiple industries for a number of years. He holds multiple networking and security certifications and enjoys writing about networking, cyberdefence, and other related topics on his blog.

Originally published on Network Defense Blog.

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.