Designing a Network Topology
Top-Down Network Design
Author: Priscilla Oppenheimer
Publisher: Cisco Press (53)
In this chapter, you will learn techniques for developing a network topology. A topology
is a map of an internetwork that indicates network segments, interconnection
points, and user communities. Although geographical sites can appear on the
map, the purpose of the map is to show the geometry of the network, not the
physical geography or technical implementation. The map is a high-level blueprint
of the network, analogous to an architectural drawing that shows the location
and size of rooms for a building, but not the construction materials for fabricating
Designing a network topology is the first step in the logical design phase of the top-down
network design methodology. To meet a customer's goals for scalability and
adaptability, it is important to architect a logical topology before selecting
physical products or technologies. During the topology design phase, you identify
networks and interconnection points, the size and scope of networks, and the
types of internetworking devices that will be required, but not the actual
This chapter provides tips for both campus and enterprise network design,
and focuses on hierarchical network design, which is a technique for designing
scalable campus and enterprise networks using a layered, modular model. In
addition to covering hierarchical network design, the chapter also covers
redundant network design topologies and topologies that meet security goals.
(Security is covered in more detail in Chapter 8, “Developing
Network Security and Network Management Strategies.”)
Upon completion of this chapter, you will be prepared to design a secure,
redundant, and hierarchical topology for a network design customer that will
meet the customer's business and technical goals. The topology will be a useful
tool to help you and your customer begin the process of moving from a logical
design to a physical implementation of the customer's
To meet a customer's business and technical goals for a corporate network
design, you might need to recommend a network topology consisting of many
interrelated components. This task is made easier if you can “divide
and conquer” the job and develop the design in layers.
Network design experts have developed the hierarchical network design model to help
you develop a topology in discrete layers. Each layer can be focused on specific
functions, allowing you to choose the right systems and features for the layer.
For example, in Figure 5-1, high-speed
WAN routers can carry traffic across the enterprise backbone, medium-speed
routers can connect buildings at each campus, and switches and hubs can connect
user devices and servers within buildings.
A typical hierarchical topology is:
A core layer of high-end routers and switches that are optimized
for availability and performance
A distribution layer of routers and switches that implement
An access layer that connects users via hubs, switches, and other devices
Networks that grow unheeded without any plan in place tend to develop
in an unstructured format. Dr. Peter Welcher, the author of network design
and technology articles for Cisco World and other publications,
refers to unplanned networks as fur-ball networks.
Welcher explains the disadvantages of a fur-ball topology by pointing out
the problems that too many CPU adjacencies cause. When network devices
communicate with many other devices, the workload required of the CPUs on
the devices can be burdensome. For example, in a large flat (switched) network,
broadcast packets are burdensome. A broadcast packet interrupts the CPU on
each device within the broadcast domain, and demands processing time on every
device for which a protocol understanding for that broadcast is installed.
This includes routers, workstations, and servers.
Another potential problem with non-hierarchical networks, besides broadcast
packets, is the CPU workload required for routers to communicate with many
other routers and process numerous route advertisements. A hierarchical network
design methodology lets you design a modular topology that limits the number of communicating routers.
Using a hierarchical model can help you minimize costs. You can purchase
the appropriate internetworking devices for each layer of the hierarchy, thus
avoiding spending money on unnecessary features for a layer. Also, the modular
nature of the hierarchical design model enables accurate capacity planning
within each layer of the hierarchy, thus reducing wasted bandwidth. Network
management responsibility and network management systems can be distributed
to the different layers of a modular network architecture to control management
Modularity lets you keep each design element simple and easy to understand.
Simplicity minimizes the need for extensive training for network operations
personnel and expedites the implementation of a design. Testing a network
design is made easy because there is clear functionality at each layer. Fault
isolation is improved because network technicians can easily recognize the
transition points in the network to help them isolate possible failure points.
Hierarchical design facilitates changes. As elements in a network require
change, the cost of making an upgrade is contained to a small subset of the
overall network. In large flat or meshed network architectures, changes tend
to impact a large number of systems. Replacing one device can affect numerous
networks because of the complex interconnections.
When scalability is a major goal, a hierarchical topology is recommended
because modularity in a design enables creating design elements that can be
replicated as the network grows. Because each instance of a module is consistent,
expansion is easy to plan and implement. For example, planning a campus network
for a new site might simply be a matter of replicating an existing campus
Today's fast-converging routing protocols were designed for hierarchical
topologies. Route summarization, which Chapter 6, “Designing
Models for Addressing and Naming,” covers in more detail, is
facilitated by hierarchical network design. To control routing CPU overhead
and bandwidth consumption, modular hierarchical topologies should be used
with such protocols as Open Shortest Path First (OSPF), Intermediate System-to-Intermediate
System (IS-IS), Border Gateway Protocol (BGP), and Enhanced Interior Gateway
Routing Protocol (Enhanced IGRP).
A flat network topology is adequate for very small networks. With a flat network design,
there is no hierarchy. Each internetworking device has essentially the same
job, and the network is not divided into layers or modules. A flat network
topology is easy to design and implement, and it is easy to maintain, as long
as the network stays small.
A wide area network (WAN) for a small company can consist of a few sites
connected in a loop. Each site has a WAN router that connects to two other
adjacent sites via point-to-point links, as shown in Figure
5-2. As long as the WAN is small (a few sites), routing protocols
can converge quickly, and communication with any other site can recover when
a link fails. (As long as only one link fails, communication recovers. When
more than one link fails, some sites are isolated from others.)
A flat loop topology is generally not recommended for networks with
many sites, however. A loop topology
can mean that there are many hops between routers on opposite sides of the
loop, resulting in significant delay and a higher probability of failure.
If your analysis of traffic flow indicates that routers on opposite sides
of a loop topology exchange a lot of traffic, you should recommend a hierarchical
topology instead of a loop. To avoid any single point of failure, redundant
routers or switches can be placed at upper layers of the hierarchy, as shown
in Figure 5-2.
The flat loop topology shown at the top of Figure 5-2
meets goals for low cost and reasonably good availability. The hierarchical
redundant topology shown on the bottom of Figure
5-2 meets goals for scalability, high availability, and low delay.
Figure 5-2. A flat loop topology (top) and a hierarchical redundant topology (bottom).
A typical design for a small LAN is PCs and servers attached to one
or more hubs in a flat topology. The PCs and servers implement a media-access
control process, such as token passing or carrier-sense multiple access with
collision detection (CSMA/CD) to control access to the shared bandwidth. The
devices are all part of the same bandwidth domain and have the ability to
negatively affect delay and throughput of other devices.
For networks with high bandwidth requirements, caused by numerous users
and many traffic-intensive applications, network designers usually recommend
attaching the PCs and servers to data-link-layer (Layer 2) switches instead
of hubs. In this case, the network is segmented into small bandwidth domains
so that a limited number of devices compete for bandwidth at any one time.
(However, the devices do compete for service by the switching hardware and
software, so it is important to understand the performance characteristics
of candidate switches, as discussed in Chapter 9, “Selecting
Technologies and Devices for Campus LANs.”)
The number of nodes sharing one medium and the number of such media
that are distinctly switched are design parameters to be determined carefully.
Switching is more expensive than medium-sharing, so for some customers, hubs,
or a combination of hubs and switches, are the best solution. For customers
with high bandwidth and scalability requirements, switches can be used in
place of hubs, dedicating each switch port to a single device. This provides
dedicated bandwidth to each workstation, server, or other device.
As discussed in Chapter 4, devices connected
in a switched or bridged network are part of the same broadcast domain. Switches
forward broadcast frames out all ports. Routers, on the other hand, segment
networks into separate broadcast domains. As documented in Table
4-8, a single broadcast domain should be limited to a few hundred
devices so that devices are not overwhelmed by the task of processing broadcast
traffic. By introducing hierarchy into a network design by adding routers,
broadcast radiation is curtailed.
With a hierarchical design, internetworking devices can be
deployed to do the job they do best. Routers can be added to a campus network
design to isolate broadcast traffic. Switches can be deployed to maximize
bandwidth for high-traffic applications, and hubs can be used when simple,
inexpensive access is required. Maximizing overall performance by modularizing
the tasks required of internetworking devices is one of the many benefits
of using a hierarchical design model.
Network designers often recommend
a mesh topology to meet availability requirements. In a full-mesh
topology, every router or switch is connected to every other router
or switch. A full-mesh network provides complete redundancy, and offers good
performance because there is just a single-link delay between any two sites.
network has fewer connections. To reach another router or switch
in a partial-mesh network might require traversing intermediate links, as
shown in Figure 5-3.
Figure 5-3. A partial-mesh (left) and full-mesh (right) network topology.
In a full-mesh topology, every router or switch is connected to every
other router or switch. The number of links in a full-mesh topology is
where N is the number of routers or switches. (Divide the result by
2 to avoid counting Router X-to-Router Y and Router Y-to-Router X as two different
Although mesh networks feature good reliability, they have many disadvantages
if they are not designed carefully. Mesh networks can be expensive to deploy
and maintain. (A full-mesh network is especially expensive.) Mesh networks
can also be hard to optimize, troubleshoot, and upgrade, unless they are designed
using a simple, hierarchical model. In a non-hierarchical mesh topology, internetworking
devices are not optimized for specific functions. Containing network problems
is difficult because of the lack of modularity. Network upgrades are problematic
because it is difficult to upgrade just one part of a network.
Mesh networks have scalability limits for groups of
routers that broadcast routing updates or service advertisements. As the number
of router CPU adjacencies increases, the amount of bandwidth and CPU resources
devoted to processing updates increases.
A good rule of thumb is that you should keep broadcast traffic at less
than 20 percent of the traffic on each link. This rule limits the number of
adjacent routers that can exchange routing tables and service advertisements.
This limitation is not a problem, however, if you follow guidelines for simple,
hierarchical design. A hierarchical design, by its very nature, limits the
number of router adjacencies.
Figure 5-4 shows a classic hierarchical
and redundant enterprise design. The design uses a partial-mesh hierarchy
rather than a full mesh. The figure shows an enterprise routed network, but
the topology could be used for a switched campus network also.
For small and medium-sized companies, the hierarchical model is often
implemented as a hub-and-spoke topology
with little or no meshing. Corporate headquarters or a data center form the
hub. Links to remote offices and telecommuter homes form the spokes as shown
in Figure 5-5.
Literature published by Cisco Systems, Inc., and other networking vendors talks about
a classic three-layer hierarchical model for network design topologies. The
three-layer model permits traffic aggregation and filtering at three successive
routing or switching levels. This makes the three-layer hierarchical model
scalable to large international internetworks. Although the model was developed
at a time when routers delineated layers, the model can be used for switched
or bridged networks as well as routed networks. Three-layer hierarchical topologies
were shown in Figure 5-1 and Figure
Figure 5-5. A hub-and-spoke hierarchical topology for a medium-sized business.
Each layer of the hierarchical model has a specific role. The core layer
provides optimal transport between sites. The distribution layer connects
network services to the access layer, and implements policies regarding security,
traffic loading, and routing. In a WAN design, the access layer consists of
the routers at the edge of the campus networks. In a campus network, the access
layer provides switches or hubs for end-user access.
The core layer of a three-layer hierarchical
topology is the high-speed backbone of the internetwork. Because the core
layer is critical for interconnectivity, you should design the core layer
with redundant components. The core layer should be highly reliable and should
adapt to changes quickly.
When configuring routers in the core layer, you should use routing features
that optimize packet throughput. You should avoid using packet filters or
other features that slow down the manipulation of packets. You should optimize
the core for low latency and good manageability.
The core should have a limited and consistent diameter. Distribution-layer
routers (or switches) and client LANs can be added to the model without increasing
the diameter of the core. Limiting the diameter of the core provides predictable
performance and ease of troubleshooting.
For customers who need to connect to other enterprises via an extranet
or the Internet, the core topology should include one or more links to external
networks. Corporate network administrators should discourage regional and
branch-office administrators from planning their own extranets or connections
to the Internet. Centralizing these functions in the core layer reduces complexity
and the potential for routing problems, and is essential to minimizing security
The distribution layer of the
network is the demarcation point between the access and core layers of the
network. The distribution layer has many roles, including controlling access
to resources for security reasons, and controlling network traffic that traverses
the core for performance reasons. The distribution layer is often the layer
that delineates broadcast domains, (although this can be done at the access
layer as well). If you plan to implement virtual LANs (VLANs), the distribution
layer can be configured to route between VLANs.
The distribution layer allows the core layer to connect diverse sites
while maintaining high performance. To maintain good performance in the core,
the distribution layer can redistribute between bandwidth-intensive access-layer
routing protocols and optimized core routing protocols. For example, the distribution
layer can redistribute between AppleTalk's Routing Table Maintenance Protocol
(RTMP) at the access layer and Enhanced IGRP for AppleTalk in the core layer.
To improve routing protocol performance, the distribution layer can summarize routes from the access layer. For some networks, the distribution layer offers a default
route to access-layer routers and only runs dynamic routing protocols when
communicating with core routers.
Another function that can occur at the distribution layer is address
translation. With address translation, devices
in the access layer can use private addresses. The address-translation function
converts the private addresses to legitimate Internet addresses for packets
that traverse the rest of the organization's internetwork or the Internet Chapter 6, “Designing Models for Addressing and Naming,”
discusses address translation in more detail.
The access layer provides users on local segments
access to the internetwork. The access layer can include routers, switches,
bridges, and shared-media hubs. As mentioned, switches are implemented at
the access layer in campus networks to divide up bandwidth domains to meet
the demands of applications that need a lot of bandwidth or cannot withstand
the variable delay characterized by shared bandwidth.
For internetworks that include small branch offices and telecommuter
home offices, the access layer can provide access into the corporate internetwork
using wide-area technologies such as ISDN, Frame Relay, leased digital lines,
and analog modem lines. You can implement routing features such as dial-on-demand
(DDR) routing and static routing to control bandwidth utilization and minimize
cost on access-layer remote links. (DDR keeps a link inactive except when
specified traffic needs to be sent.)
This section briefly describes some guidelines for hierarchical network
design. Following these simple guidelines will help you design networks that
take advantage of the benefits of hierarchical design.
The first guideline is that you should control the diameter of a hierarchical enterprise network
topology. In most cases, three major layers are sufficient (as shown in Figure 5-4):
The core layer
The distribution layer
The access layer
Controlling the network diameter provides low and predictable latency.
It also helps you predict routing paths, traffic flows, and capacity requirements.
A controlled network diameter also makes troubleshooting and network documentation easier.
Strict control of the network topology at the access layer should be
maintained. The access layer is most susceptible to violations of hierarchical
network design guidelines. Users at the access layer have a tendency to add
networks to the internetwork inappropriately. For example, a network administrator
at a branch office might connect the branch network to another branch, adding
a fourth layer. This is a common network design mistake that is known as adding a chain. Figure
5-6 shows a chain.
In addition to avoiding chains, you should avoid backdoors. A backdoor
is a connection between devices in the same layer, as shown in Figure
5-6. A backdoor can be an extra router, bridge, or switch added
to connect two networks. Backdoors should be avoided because they cause unexpected
routing problems and make network documentation and troubleshooting more difficult.
Sometimes there are valid reasons for adding a chain or a backdoor.
For example, an international network might require a chain to add another
country. A backdoor is sometimes added to increase performance and redundancy
between two parallel devices in a layer. But, in general, other design options
can usually be found that let the design retain its hierarchical structure.
To maximize the benefits of a hierarchical model, chains and backdoor should
usually be avoided.
Finally, one other guideline for hierarchical network design is that you should design the access layer first,
followed by the distribution layer, and then finally the core layer. By starting
with the access layer, you can more accurately perform capacity planning for
the distribution and core layers. You can also recognize the optimization
techniques you will need for the distribution and core layers.
You should design each layer using modular and hierarchical techniques
and then plan the interconnections between layers based on your analysis of
traffic load, flow, and behavior. To better understand network traffic characteristics
you can review the concepts covered in Chapter 4, “Characterizing
Network Traffic.” As you select technologies for each layer,
as discussed in Part III of this book, you might
need to go back and tweak the design for other layers. Remember that network
design is an iterative process.
One of the primary architects of OpenCable, Michael
Adams, explains the key concepts of this initiative in his book
Broadband, Second Edition
by George Abe
Introduces the topics surrounding high-speed networks
to the home. It is written for anyone seeking a broad-based familiarity
with the issues of residential broadband (RBB) including product
developers, engineers, network designers, business people, professionals
in legal and regulatory positions, and industry analysts.