Been pursuing some openings to begin a serious search in a few months.  I see a lot of postings asking for someone with "large LAN experience".  



What would you consider a large LAN?  

Honestly it depends on one's interpretation.   For me it would be over 100 switches and multiple zones.

See, I was thinking 100-250 is medium, 250+ large, 500+ large, 1000+ huge.
 

I was thinking 10k desktops or something along those lines. 10+ offices.

But even then, 20 offices  with 10 users, don't wake me up for that.



 

255.255.0.0

I have 5 of those. it was bad planning by my predecessor. Things are being moved to a nice /22

 

anything bigger than 4 port router or more than one smart hub.


medium starts at 1000 nodes?  5000?

 

i would probably go with something like this.  In the past I've worked at two different hospitals that had over 100 switches.  1400 employees at one, 2000 at the other.  Multiple sites with WAN links.  I'd consider them medium enterprise environments.

I think, 250+ switches and 5000+ employees would be considered large.

Drops in the thousands.  Tens of thousands wouldn't be bad, but only a few hundred drops would not be large by any stretch of the imagination.

I could give a fuck about drops unless its north of 4K at a single given location.....  I am more focused on number of switches, BDM's, sniffers ETC....  Contract I am working now is one of the big 3 US banks and let me tell you their in house team can really be good or suck balls if they have a crew on that doesn't know their ass from their elbow.......

Honestly I would lean away from this as it is largely a (business) cultural thing.  I have seen places that would home run EVERYTHING and move it as needed and I have seen places where someone will walk into a room and say "That corner doesn't have a drop, I shall place my desk, printer, fax and laptop there!".



I think the biggest one in those terms I have worked on had over 15,000 drops in one single building and about 30,000 overall.  Yet I would really consider it more of a medium-large network, not ginormous.



 

Is it only about the drops? I have 20 racks split between two colos; is that big or medium or small?

Just network gear?

no, I wish it was all network gear! I only get two racks in each DC plus a pair of ToR FEX for each rack. My area are the Nexus 5ks with FEX, Cisco 5585 ASA firewalls, and f5 viprions; another group takes care of a bunch of vmware hosts with a ton of cpus and ram, and a FCoE SAN in each, plus misc bits and pieces.

Let's say 2 switches per rack plus other network gear and you still aren't over 100 network devices. I'd consider that a medium size network at best.

30 wavelengths of 100GbE between 2 data centers.  


ar-jedi

It varies depending on the industry, but generally to me:



Small = 10-500 nodes, usually just one or two generalists doing everything.

Medium = 500-10,000, run by a small team of generalists, maybe with one or two guys that have advanced knowledge.

Large = 10,000+, and really starts to kick about 50,000+, nodes when you have highly specialized teams performing different tasks.



Of course, it all depends on what the author/HR person really means.  I have seen "Large" refer to anything over 10 users.  When I think large enterprise, I see 50,000+ nodes with a medium to complex environment being maintained by a large team with specialized infrastructure roles.  Of course, if you have a smaller growing company, they always want
someone with "large" network experience - but those are not easy to
find, and the definition of large can be flexible.  



For example, when looking for a large enterprise WAN network person, you would be looking for someone with a specialized skill set that understands the different team structure in a large enterprise and knows how to work with them.  You also want them to know how to deal with a Firewall team, or security/proxy team, etc and know how to isolate an issue and have the correct team resolve/complete their tasks.  In smaller environments, that would be the same person, or the people in his immediate team.  When the environment gets to a certain size, those teams be be in another office or even country, supporting multiple lines of business.  It takes a somewhat different understanding to get tasks completed and issues resolved in a structured enterprise environment than a smaller, more flexible entity.  



Truly, In the end I think sensible people would prefer someone with a track record for learning new things, a good attitude, can find answers on their own and gets along well with others, over someone with the "large" enterprise experience that is not a good fit for a given team.



David  

When a core network router sees updates of 600,000 routes, talk to me.  Ha!

I'm hearing a lot "enterprise" this and that.  Get an entry level job in the Data NOC at any major service provider.  You will have an understanding of what "large" is all about.  I think David is on point though.

I used to think my enterprise networks of the past were large.  I was then humbled, very quickly.  In fact, I've gone from thinking of node counts, to thinking more about service availability and revenue impact.

 

Between office workstations, wireless devices, corporate servers, internal application servers, customer application servers, security related servers, and virtual cloud servers, my company has around 200,000 machines on the network at any given time. Considering how many servers have multiple IPs (up nic, down nic, mgmt nic, backup nic), windows and unix database clusters, and a shit ton of virtual IPs, the number of IPs being used is probably closer to 400,000.

You don't want to know how much it costs to operate per year in staff alone, let me tell you that. And it's every possible combo of static routing, OSPF, EIGRP and even some RIP. I heard there was a small legacy application environment using token ring as well.

No offense, but that doesn't sound like a network.  That sounds like a mess.  



I once worked on a network that was a few hundred devices, built completely out of walmart switches.  Linksys, netgear, dlink, etc.  Spanning tree had given up long, long ago.
 

There are different teams that manage each portion of the network.

Corporate network team manages the headquarters and corporate sanctioned offices. Business groups that opt not to have corporate manage the offices must hire their own staff. Usually recent acquisitions chose to do this for the first couple years before turning over to corp.

Datacenter teams manage the datacenter networks and firewalls. Some datacenters are corporate, others are business. Business that opt not to use corporate have to support their own stuff.

Then there's the virtualization and cloud teams that manage their own stuff as well.

WAN is atrocious. Most corporate sites are on an MPLS ring, but some datacenters and offices are just site to site vpn's over the internet.

We only have around twenty or so /16's left in the 10.0.0.0/8 network (intranet workstations, servers, wifi, etc).

We have one /16 left in the 172.16.0.0/12 network (dmz tiers 1, 2, 3 and mgmt).

And 192.168.0.0/16 is deemed non-routable so any team can use it for non-routable needs like Windows and Unix database cluster heartbeat networks and such.

Oh yeah, and we have 3 public /16s that are used to supplement the 10.0.0.0/8 networks (before anyone knew better). We do own them publicly though. Last time I checked, we owned over fifty public /16 networks.

And that's just network side. Now imagine 20PB of storage and 20 separate AD forests thrown in the mix. And every possible combination of WinBind, NIS, Quest for AD on the Unix side. Tons of Solaris, too. Last time I checked, there were still some legacy NT domains on the network (behind a firewall at this point. damn legacy apps).

Whatever. Keeps me employed.

Well, I guess the good news is the Chinese hackers would just give up before they found anything important.  Security thought complexity, I like it!  



 

Network security is actually pretty good. It's the server side that's pretty bad. I'm in the process of cleaning up my business's stuff, but it gets pretty painful. I have seen some crazy shit though.

Most IT people are clueless when it comes to security best practices and the rest are too lazy to implement. "If it's not broke, don't fix it" = "If it hasn't been hacked yet, don't bother" (until you actually get hacked and then management will be up everyone's asses).

If I had the opportunity, I would jump on application security, which in my experience is the absolute worst. In particular, anything that comes out of India dev-wise should be confined to running on internal networks only IMO.

The problem is security done right is generally a pain in the ass.  Even getting NAC to work down to the port level requires quite a bit of work and maintenance.  DAPEing firewalls means exceptions have to be updated every time something changes.  If you do those right you will have a change control board...in other words adding a lot of work to people who are generally already overworked.  



 

These days, if you don't pen test after every dev sprint, you're a fool.





 

Dev sprint? LOL

My company Scrumfalls. No time for sprints!

Network size…I kinda measure it by distance. The reason being I was in the middle of a nice little network upgrade where we had 5 offices in a 9 mile radius (roughly) that someone got the bright idea to  put on the same LAN with a single T1 ISP connection versus the 5 individual accounts that all had to have server access.. So we were working out multiple rf links in the upper 5 GHz range for what maybe came out to 50 towers, 30 laptops, 40 thin clients and 3 servers.

Interesting little tid bit on the Chinese hackers…found out someone tired 160+ times to hack into a local D*Star repeater from a Chinese IP…