Chapter Three

Designing a Network
Topology
Part I

JU, JiT, Faculty of computing and Informatics By: Temesgen D

Network Topology Design Themes
Phase 2 – Logical Network Design
 Design a network topology

 Design models for addressing and naming

 Select switching and routing protocols

 Develop network security strategies

 Develop network management strategies

 Topology : A term used in the computer networking field to

describe the structure of a network.

 What Is Network Topology?
 Network topology refers to how various nodes, devices, and

connections on your network are physically or logically arranged

in relation to each other.

 There are several ways to arrange a network. Each has advantages

and disadvantages and depending on the needs of your company,

certain arrangements can give you a greater degree of
connectivity and security.
 What Is Network Topology?
There are two approaches to network topology: physical and logical.
 Physical network topology, as the name suggests, refers to the

physical connections and interconnections between nodes and the

network, the wires, cables, and so forth.

 Logical network topology is a little more abstract and strategic,

referring to the conceptual understanding of how and why the
network is arranged the way it is, and how data moves through it.
 Why Is Network Topology Important?
 Choosing the right topology for your company’s operational

model can increase performance while making it easier to locate

faults, troubleshoot errors, and more effectively allocate
resources across the network to ensure optimal network health.

 A properly managed network topology can increase energy and

data efficiency, which can in turn help to reduce operational and

maintenance costs.
 Why Is Network Topology Important?
 A star topology, the most common network topology, is laid out

so every node in the network is directly connected to one central

hub via coaxial, twisted-pair, or fiber-optic cable.

 Star topologies are common since they allow you to conveniently

manage your entire network from a single location.

 If one go down, the rest of the network will continue functioning

unaffected 7
 Why Is Network Topology Important?
Disadvantages
 If the central hub goes down, the rest of the network can’t
function.
 The overall bandwidth and performance of the network are also

limited by the central node’s configurations.

8
 Why Is Network Topology Important?
 A bus topology orients all the devices on a network along a single

cable running in a single direction from one end of the network to

the other.

 Bus topologies are a good, cost-effective choice for smaller networks

because the layout is simple.

 If needed, more nodes can be easily added to the network by joining

additional cables. 9
 Why Is Network Topology Important?
Disadvantages of Bus Topology
 If the cable experiences a failure, the whole network goes down,
which can be time-consuming and expensive to restore, which can
be less of an issue with smaller networks.
 Every additional node will slow transmission speeds.

10
 Hierarchical Network Design
Hierarchical Network Design
 In networking, a hierarchical design is used to group devices into multiple
networks. The networks are organized in a layered approach.

 The hierarchical design model has three basic layers


Core layer: Connects distribution layer devices

Distribution layer: Interconnects the smaller local networks

Access layer: Provides connectivity for network hosts and end devices

11
Flat vs Hierarchal

12
 Hierarchical Network Design

Enterprise WAN
Backbone Core Layer
Campus A Campus B

Campus C

Distribution
Campus C Backbone
Layer

Access Layer

Building C-1 Building C-2

Hierarchical Design Model
 Each layer can be focused on specific functions, allowing you to
choose the right systems and features for the layer.

 A core layer of high-end routers and switches that are

optimized for availability and speed

 A distribution layer of routers and switches that implement

policies and segment traffic

 An access layer that connects users via hubs, switches, and

other devices
Why Use a Hierarchical Network Design
Model?
 When network devices communicate with many other
devices, the workload required of the CPUs on the devices
can be burdensome.
 Another potential problem with nonhierarchical networks,
besides broadcast packets, is the CPU workload required for
routers to communicate with many other routers and process
numerous route advertisements
 A hierarchical network design methodology enables you to
design a modular topology that limits the number of
communicating routers.
15
Cont.
 Using a hierarchical model can help you minimize costs.
 You can purchase the appropriate internetworking devices for
each layer of the hierarchy.
 Also, enables accurate capacity planning within each layer of the
hierarchy, thus reducing wasted bandwidth.

 Network management responsibility and network management

Modularity enables you to keep each design element simple and
easy to understand.

 Simplicity minimizes the need for extensive training for network

16
operations personnel
Cont.
 Testing a network design is made easy because there is clear
functionality at each layer.
 Fault isolation is improved because network technicians can
easily recognize the transition points in the network to help
them isolate possible failure points.
 Hierarchical design facilitates changes. As elements in a
network require change, the cost of making an upgrade is
contained to a small subset of the overall network.
 Systems can be distributed to the different layers of modular
network architecture to control management costs.

17
Core Layer Design Considerations
 Because the core layer is critical for interconnectivity, you should
design the core layer with redundant components.
 is responsible for transporting large amounts of data quickly.
 The core layer should be highly reliable and should adapt to
changes quickly.
 When configuring routers in the core layer, you should use routing
features that optimize packet throughput.

 The designer must ensure that the core layer is designed with fault
tolerance, especially because all users in the network can be affected
by a failure.

25
Core layer
 You should avoid using packet filters or other features that slow
down the manipulation of packets.
 You should optimize the core for low latency and good
manageability.
 The core should have a limited and consistent diameter
 Distribution layer routers (or switches) and client LANs can be
added to the model without increasing the diameter of the core.
 Limiting the diameter of the core provides predictable performance
and ease of troubleshooting.
 Preventing Failure and Human errors

26
Core layer
 For customers who need to connect to other enterprises via an extranet
or the Internet, the core topology should include one or more links to
external networks.

 Corporate network administrators should discourage regional and

branch-office administrators from planning their own extranets or
connections to the Internet.

 Centralizing these functions in the core layer reduces complexity and

the potential for routing problems, and is essential to minimizing
security concerns.

27
Goals of the Core layer

Provide 100% uptime.

Maximize throughput.

Facilitate network growth.

Core Layer Technologies

 Routers or multilayer switches that combine routing and switching in the same
device
 Redundancy and load balancing
 High-speed and aggregate links
 Routing protocols that scale well and converge quickly, such as EIGRP and
OSPF Protocol

Common Topology : Full Mesh and Partial Mesh

28
 Distribution layer
 The distribution layer of the network is the demarcation
point between the access and core layers of the network.
 The distribution layer has many roles, including routing,
filtering and communication point between the core and
access layer.
 The distribution layer represents a routing boundary between the
access layer and the core layer.
 The distribution layer is often the layer that delineates
broadcast domains.
29
 Distribution Layer Routing

Filtering (ACL) and managing traffic flows

Enforcing access control policies

Summarizing routes before advertising the routes to the Core

Isolating the core from access layer failures or disruptions

Routing between access layer VLANs

 One route in routing table that represents many other routes, creating smaller
routing tables

 Lessrouting update traffic on the network
 Lower overhead on the router
 For some networks, the distribution layer offers a default route to
access layer routers and runs only dynamic routing protocols when
communicating with core routers.
30
 Distribution layer
 The distribution layer should hide detailed topology
information about the access layer from core routers.

 Likewise, the distribution layer should hide detailed topology

information about the core layer from the access layer by
summarizing to a small set of advertisements or just one default
route, if possible.

 Distribution layer networks are usually wired in partial-mesh topology. When

distribution layer devices are located in the same wiring closet or data center,
they are interconnected using gigabit links. When devices are separated by longer
distances, fiber cable is used.
31
 Access Layer Management
 Access layer management is crucial because of the following:

The increase in the number and types of devices connecting at the access
layer

The introduction of wireless access points into the LAN

 In addition to providing basic connectivity at access layer, the designer needs to

consider the following:
  Naming structures
  VLAN architecture
  Traffic patterns
  Prioritization strategies

32
 Access Layer Management
 Following good design principles improves the manageability and ongoing
support of the network by:

 Ensuring that the network does not become too complex

 Allowing easy troubleshooting when a problem occurs

 Making it easier to add new features and services in the future

 Network Topologies at the Access Layer:

 Most recent Ethernet networks use a star topology, in which each end device has
a direct connection to a single central networking device. This single networking
device is usually a Layer 2 or multilayer switch.
 For many businesses, the cost of additional wiring to create redundancy is
usually too high.

33
 Access Layer
 The access layer of the campus infrastructure uses Layer 2 switching technology
to provide access into the network. The access can be either through a permanent
wired infrastructure or through wireless APs.
 Ethernet over copper wiring poses distance limitations. Therefore, one of the
 primary concerns when designing access layer of campus infrastructure is the
physical location of the equipment.

 Providing Quality of sevice (QoS), traffic segmentation, and filtering

 For internetworks that include small branch offices and home offices, the
access layer can provide access into the corporate internetwork using
wide-area technologies such as, Frame Relay, leased digital lines, and
analog modem lines.

34
 Guidelines for Hierarchical Network
Design
 The first guideline is that you should control the diameter of a
hierarchical enterprise network topology. It helps you predict routing
paths, traffic flows, and capacity requirements.

 Strict control of the network topology at the access layer should be

maintained. This layer is most susceptible to violations of hierarchical
network design guidelines.

 Users at the access layer have a tendency to add networks to the

internetwork inappropriately

35
 Guidelines for Hierarchical Network
Design
 For example, a network administrator at a branch office might connect
the branch network to another branch, adding a fourth layer. This is a
common network design mistake known as adding a chain.

 In addition to avoiding chains, you should avoid backdoors. A backdoor

is a connection between devices in the same layer. A backdoor can be an
extra router, bridge, or switch added to connect two networks.

 Backdoors should be avoided because they cause unexpected routing and

switching problems and make network documentation and
troubleshooting more difficult.
36
Avoid Chains and Backdoors

Core Layer

Distribution Layer

Access Layer

Backdoor
Chain
 Guidelines for Hierarchical Network
Design
 Finally, one other guideline for hierarchical network design is that
you should design the access layer first, followed by the
distribution layer, and then finally the core layer.

 By starting with the access layer, you can more accurately perform
capacity planning for the distribution and core layers.

 You should design each layer using modular and hierarchical

techniques and then plan the interconnections between layers
based on your analysis of traffic load, flow, and behavior.
38
 How Do You Know When You Have a
Good Design?
 When you already know how to add a new building, floor, WAN link,
remote site, e- commerce service, and so on

 When new additions cause only local change, to the directly-connected

devices

 When your network can double or triple in size without major design
changes

 When troubleshooting is easy because there are no complex protocol

interactions to wrap your brain around
 Virtual LANs (VLANs)
 What is LAN?
 What is VLAN? A network designers use
VLANs to constrain
 Why do we need VLAN?
broadcast traffic
 How to configure VLAN?

o A LAN includes all devices in the same broadcast domain.

o A broadcast domain includes the set of all LAN-connected devices

that when any of the devices sends a broadcast frame, all the other

devices get a copy of the frame.

o Without VLANs, a switch considers all its interfaces to be in the same

broadcast domain.
Broadcast and Collision Domains
Hub
Switch Router
Virtual LANs (VLANs) Definitions
 VLAN (virtual LAN) is a logical partition of a layer 2 network
 Multiple partition can be created, allowing for multiple VLANs to
co-exist
 Each VLAN is a broadcast domain, usually with its own IP
network
 VLANS are mutually isolated and packets can only pass between
them through a router
 The partitioning of the layer 2 network takes inside a layer 2
device, usually a switch.
 The hosts grouped within a VLAN are unaware of the VLAN’s
existence
Benefits of VLANs: These are just a few reasons for
separating hosts into different VLANs
1. To create more flexible designs that group users by department,

or by groups that work together instead of by physical location.

2. To segment devices into smaller LANs (to shrink broadcast

domains) to reduce overhead caused to each host in the VLAN

 VLANs can be used to limit the reach of broadcast frames

 A VLAN is a broadcast domain of its own

 Therefore, a broadcast frame sent by a device in a specific

VLAN is forwarded within that VLAN only.

 Unicast and multicast frames are forwarded within the

originating VLAN as well

Benefits of VLANs
3. To separate traffic sent by an IP phone from traffic sent by PCs
connected to the phones(Better performance)
4. Cost reduction
5. Improved IT staff efficiency
6. To enforce better security by keeping hosts that work with
sensitive data on a separate VLAN
 VLANs versus Real LANs

Switch A Switch B

Station A1 Station A2 Station A3 Station B1 Station B2 Station B3

Network A Network B

45
A Switch with VLANs
VLAN A
Station A1 Station A2 Station A3

Station B1 Station B2 Station B3

VLAN B 46
 VLANs Span Switches
VLAN A VLAN
A
Station A1 Station A2 Station A3 Station A4 Station A5 Station A6

Switch A Switch B

Station B1 Station B2 Station B3 Station B4 Station B5 Station B6

VLAN B VLAN B

47
Types of VLANs
 Data VLAN
 Default VLAN
 Native VLAN
 Management VLAN
VLAN Trunks: Trunking with 802.1Q and ISL
 When using VLANs in networks that have multiple interconnected
switches, the switches need to use VLAN trunking on the segments
between the switches.

 A VLAN trunk carries more than one VLAN

 VLAN trunking causes the switches to use a process called VLAN
tagging, by which the sending switch adds another header to the
frame before sending it over the trunk.

 This extra VLAN header includes a VLAN identifier (VLAN ID)

field so that the sending switch can list the VLAN ID and the
49
receiving switch can then know in what VLAN each frame belongs.
VLAN Trunks: Trunking with 802.1Q and ISL
 Usually established between switches so same-VLAN devices can

communicate even if physically connected to different switches

 A VLAN trunk is not associated to any VLANs. Neither is the

trunk ports used to establish the trunk link

 The use of trunking allows switches to pass frames from multiple

VLANs over a single physical connection.

 IEEE802.1q, a popular VLAN trunk protocol

50
VLAN Trunks

51
Tagging Ethernet Frames for VLAN Identification
 Frame tagging is used to properly transmit multiple VLAN frames
through a trunk link
 Switches will tag frames to identify the VLAN they belong.
 Different tagging protocols exist, with IEEE 802.1q being a very
popular one. The protocol defines the structure of the tagging
header added to the frame
 Switches will add VLAN tags to the frames before placing them
into trunk links and remove the tags before forwarding frames
through non-trunk ports
 Once properly tagged, the frames can transverse any number of
switches via trunk links and still be forward within the correct
VLAN at the destination 52
Tagging Ethernet Frames for VLAN Identification

53
Native VLANs and 802.1q Tagging
 A frame that belongs to the native VLAN will not be tagged
 A frame that is received untagged will remain untagged and placed
in the native VLAN when forwarded

 If there are not ports associated to the native VLAN and no other
trunk links, an untagged frame will be dropped
 In Cisco switches, the native VLAN is VLAN 1 by default

 Cisco created ISL(inter switch link) many years before the IEEE
created the 802.1Q standard VLAN trunking protocol.

 Because ISL is Cisco proprietary, it can be used only between two Cisco
54
 ISL fully encapsulates each original Ethernet frame in an ISL header and
trailer.
 The original Ethernet frame inside the ISL header and trailer remains
unchanged.

ISL and 802.1Q Compared

 The similarity is that both ISL and 802.1Q define a VLAN header that
has a VLAN ID field.
 Both protocols use 12 bits of the VLAN header .
 However, each trunking protocol uses a different overall header, plus one
is standardized (802.1Q) and one is proprietary (ISL).
 802.1Q defines one VLAN on each trunk as the native VLAN, whereas
ISL does not use the concept.
55
VLAN Ranges On Catalyst Switches
The Catalyst 2960 and 3560 Series switches support over 4,000
VLANs

These VLANs are split into 2 categories:

Normal Range VLANs
• VLAN numbers from 1 through 1005
• Configurations stored in the vlan.dat (in the flash)
• VTP can only learn and store normal range VLANs

Extended Range VLANs

• VLAN numbers from 1006 through 4096
56
 WLANs and VLANs

 A wireless LAN (WLAN) is often implemented as a VLAN

 Facilitates roaming

 Users remain in the same VLAN and IP subnet as they roam, so ther

need to change addressing information

 Also makes it easier to set up filters (access control lists) to prote

wired network from wireless users

57
VLAN Design Guideline
 Move all ports from VLAN1 and assign them to a not-in-use
VLAN
 Shut down all unused switch ports
 Separate management and user data traffic
 Change the management VLAN to a VLAN other than VLAN 1.

 Make sure that only devices in the management VLAN can

connect to the switches
 The switch should only accept SSH connections
 Disable auto negotiation on trunk ports
 Do not use the auto or desirable switch port modes

58
 Security Topologies

DMZ
Enterprise Internet
Network

Web, File, DNS, Mail Servers

 Security Topologies

Internet

Firewall

DMZ
Enterprise Network

Web, File, DNS, Mail Servers

 Reading Assignment

1. Cisco’s Enterprise Composite Network Model

2. Datacenter Design Considerations

3. Wireless LAN Design Requirements

62