Skip to content

1.4 Network Assessment Details

1.4.1 Current IP Addressing Scheme

┌─────────────────────────────────────────────────────────────────────────────┐
│                    CURRENT IP ADDRESSING STRUCTURE                          │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  APAC Region (10.0.0.0/8 subset):                                           │
│  ─────────────────────────────────                                          │
│  Mumbai HQ:        10.10.0.0/16                                             │
│    - Data VLANs:   10.10.0.0/18                                             │
│    - Voice VLANs:  10.10.64.0/18                                            │
│    - Mgmt:         10.10.128.0/20                                           │
│    - Server:       10.10.144.0/20                                           │
│                                                                             │
│  Chennai HQ:       10.11.0.0/16                                             │
│  Bangalore:        10.12.0.0/17                                             │
│  Delhi:            10.13.0.0/17                                             │
│  Noida:            10.14.0.0/18                                             │
│                                                                             │
│  EMEA Region:                                                               │
│  ─────────────────                                                          │
│  London HQ:        10.20.0.0/16                                             │
│  Frankfurt HQ:     10.21.0.0/16                                             │
│  EMEA Branches:    10.22.0.0/16 - 10.29.0.0/16                              │
│                                                                             │
│  Americas Region:                                                           │
│  ─────────────────                                                          │
│  New Jersey HQ:    10.30.0.0/16                                             │
│  Dallas HQ:        10.31.0.0/16                                             │
│  US Branches:      10.32.0.0/16 - 10.45.0.0/16                              │
│                                                                             │
│  Infrastructure:                                                            │
│  ────────────────                                                           │
│  Loopbacks:        10.250.0.0/16                                            │
│  P2P Links:        10.251.0.0/16                                            │
│  Management OOB:   10.252.0.0/16                                            │
│                                                                             │
│  CURRENT VLAN COUNT: 847 VLANs across all sites                             │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

1.4.2 Current Routing Design

Region IGP WAN Routing MPLS Integration
APAC OSPF Area 0 + Stubs BGP with MPLS PE VRF-Lite per tenant
EMEA OSPF Area 0 + Stubs BGP with MPLS PE VRF-Lite per tenant
Americas EIGRP + OSPF redistribution BGP with MPLS PE VRF-Lite per tenant
Inter-Region eBGP over MPLS backbone AS 65001 (Enterprise) L3VPN

1.4.3 Current Security Posture

┌─────────────────────────────────────────────────────────────────────────────┐
│                    CURRENT SECURITY ARCHITECTURE                            │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Authentication:                                                            │
│  ───────────────                                                            │
│  - MAB (MAC Authentication Bypass) on 60% of ports                          │
│  - 802.1X on 25% of ports (corporate PCs only)                              │
│  - Open ports: 15% (legacy devices, printers)                               │
│                                                                             │
│  Authorization:                                                             │
│  ──────────────                                                             │
│  - VLAN assignment based on port/MAC                                        │
│  - No dynamic authorization                                                 │
│  - Static ACLs on distribution layer                                        │
│                                                                             │
│  Segmentation:                                                              │
│  ─────────────                                                              │
│  - VLAN-based segmentation                                                  │
│  - Inter-VLAN routing at distribution                                       │
│  - ACLs for east-west traffic (limited)                                     │
│  - Firewall for north-south traffic only                                    │
│                                                                             │
│  Identified Security Gaps:                                                  │
│  ─────────────────────────                                                  │
│  1. No endpoint profiling (unknown devices)                                 │
│  2. Limited east-west segmentation                                          │
│  3. No posture assessment                                                   │
│  4. Static VLAN = lateral movement risk                                     │
│  5. No IoT/OT visibility                                                    │
│  6. Guest network shares infrastructure                                     │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘