A robust network providing performance, fault-tolerance, scalability, and security is paramount to the success of the NSLS-II (National Synchrotron Light Source II). More than a mere collection of switches strung together behind a firewall, the network is an integrated system that needs to be adaptive, agile and transparent. This work will describe the ongoing work shaping the architecture of the control system network. Logical and physical design are discussed within the scope of hardware selection, bandwidth requirements, remote access, and traffic simulation of the channel access protocol, all with an emphasis on achieving high-performance and redundancy while providing protection from rogue devices, security scans, and other intrusive elements. Packet capture and analysis for troubleshooting and design aid using sFlow, tcpdump, and snort are examined as well as a survey of both candidate and complimentary monitoring systems.