Cisco Knowledge Suite Cisco SystemsCisco Press

Cutting Edge
Core Reference
Guided Learning
Networking Architecture
Internet Protocols (IP)
Network Protocols
Transport and Application Protocols
Desktop Protocols
Security and Troubleshooting
Network Resources and Management
Integrated Services

Designing the Network Topology


Contents Next >

Designing the Network Topology



Network Topology Models



Design Guides






Multiple-Choice Review Questions



Case Studies

Save to MyCKS

Designing Cisco Networks

From: Designing Cisco Networks
Author: Diane Teare
Publisher: Cisco Press (53)
More Information

5. Designing the Network Topology

It will take you approximately four hours to read and complete the exercises in this chapter.

This chapter is the first in Part IV, which aims to enable you to design a network structure that meets the customer's requirements for performance, security, capacity, and scalability, given topology and internetworking design constraints.

Upon completion of this first chapter in Part IV, you will be able to do the following:

  • Describe the advantages, disadvantages, scalability issues, and applicability of standard internetwork topologies.

  • Draw a topology map that meets the customer's needs and includes a high-level view of internetworking devices and interconnecting media.

This chapter includes some job aids you will find useful when completing the case studies at the end of the chapter. References to some WWW sites are also included; relevant information has been extracted from these sites and is provided in the chapter. If you have access to the Internet, you might want to access the sites mentioned to obtain detailed information related to specific topics. All the sites referenced in this chapter are also listed in Appendix C, “Interesting WWW Links and Other Suggested Readings.”

Follow these steps to complete this chapter:

  1. Study the chapter content, including any job aids that appear.

  2. Answer the multiple-choice questions at the end of this chapter.

  3. Review the case studies at the end of this chapter.

  4. Complete the questions in each case study.

  5. Review the answers provided by our internetworking experts in Appendix B, “Answers to Chapter Questions, Case Studies, and Sample CCDA Exam.”

The first part of this chapter includes a discussion of different network topology models available. The second part includes a reference to some network design guides. The design guides are separate documents written by Cisco internetworking experts that detail considerations for different aspects of networking. You can find these design and implementation guides in Appendixes D-G.

Network Topology Models

Three different network topology models are discussed in this section:

  • Hierarchical Models

  • Redundant Models

  • Secure Models

Hierarchical Models

Hierarchical models enable you to design internetworks in layers. To understand the importance of layering, consider the Open System Interconnection (OSI) reference model, which is a layered model for implementing computer communications. Using layers, the OSI model simplifies the tasks required for two computers to communicate. Hierarchical models for internetwork design also use layers to simplify the tasks required for internetworking. Each layer can be focused on specific functions, allowing you to choose the right systems and features for each layer.

Benefits of Hierarchical Models

The many benefits of using hierarchical models for your network design include the following:

  • Cost savings

  • Ease of understanding

  • Easy network growth

  • Improved fault isolation

After adopting hierarchical design models, many organizations report cost savings because they are no longer trying to do it all in one routing/switching platform. The modular nature of the model enables appropriate use of bandwidth within each layer of the hierarchy, reducing wasted capacity.

Keeping each design element simple and small facilitates ease of understanding, which helps control training and staff costs. Management responsibility and network management systems can be distributed to the different layers of modular network architectures, which helps control management costs.

Hierarchical design facilitates changes. In a network design, modularity allows creating design elements that can be replicated as the network grows, facilitating easy network growth. As each element in the network design requires change, the cost and complexity of making the upgrade is contained to a small subset of the overall network. In large, flat, or meshed network architectures, changes tend to impact a large number of systems.

Improved fault isolation is facilitated by structuring the network into small, easy-to-understand elements. Network managers can easily understand the transition points in the network, which helps identify failure points.

Today's fast-converging protocols were designed for hierarchical topologies. To control the impact of routing overhead processing and bandwidth consumption, modular hierarchical topologies must be used with protocols designed with these controls in mind, such as Enhanced IGRP. Chapter 9, “Selecting Routing and Bridging Protocols,” further investigates the question of which protocol to use.

Route summarization, which is discussed in Chapter 8, “Designing a Network Layer Addressing and Naming Model,” is facilitated by hierarchical network design. Route summarization reduces the routing protocol overhead on links in the network and reduces routing protocol processing within the routers.

Hierarchical Network Design

As Figure 5-1 illustrates, a hierarchical network design has three layers:

  • The core layer provides optimal transport between sites.

  • The distribution layer provides policy-based connectivity.

  • The access layer provides workgroup/user access to the network.

Figure 5-1. A Hierarchical Network Design Has Three Layers: Core, Distribution, and Access

Each layer provides necessary functionality to the network. The layers do not need to be implemented as distinct physical entities. Each layer can be implemented in routers or switches, represented by a physical media, or combined in a single box. A particular layer can be omitted altogether, but for optimum performance, hierarchy should be maintained.

Core Layer

The core layer is the high-speed switching backbone of the network, which is crucial to enable corporate communications. The core layer should have the following characteristics:

  • Offer high reliability

  • Provide redundancy

  • Provide fault tolerance

  • Adapt to changes quickly

  • Offer low latency and good manageability

  • Avoid slow packet manipulation caused by filters or other processes

  • Have a limited and consistent diameter


When routers are used in a network, the number of router hops from edge to edge is called the diameter. As noted, it is considered good practice to design for a consistent diameter within a hierarchical network. This means that from any end station to another end station across the backbone, there should be the same number of hops. The distance from any end station to a server on the backbone should also be consistent.

Limiting the diameter of the internetwork provides predictable performance and ease of troubleshooting. Distribution layer routers and client LANs can be added to the hierarchical model without increasing the diameter because neither will affect how existing end stations communicate.

Distribution Layer

The distribution layer of the network is the demarcation point between the access and core layers of the network. The distribution layer can have many roles, including implementing the following functions:

  • Policy (for example, to ensure that traffic sent from a particular network should be forwarded out one interface, while all other traffic should be forwarded out another interface)

  • Security

  • Address or area aggregation or summarization

  • Departmental or workgroup access

  • Broadcast/multicast domain definition

  • Routing between virtual LANs (VLANs)

  • Media translations (for example, between Ethernet and Token Ring)

  • Redistribution between routing domains (for example, between two different routing protocols)

  • Demarcation between static and dynamic routing protocols

Several Cisco IOS™ software features can be used to implement policy at the distribution layer, including the following:

  • Filtering by source or destination address

  • Filtering on input or output ports

  • Hiding internal network numbers by route filtering

  • Static routing

  • Quality of service mechanisms (for example, to ensure that all devices along a path can accommodate the requested parameters)

Access Layer

The access layer provides user access to local segments on the network. The access layer is characterized by switched and shared bandwidth LANs in a campus environment. Microsegmentation, using LAN switches, provides high bandwidth to workgroups by dividing collision domains on Ethernet segments and reducing the number of stations capturing the token on Token Ring LANs.

For small office/home office (SOHO) environments, the access layer provides access for remote sites into the corporate network using WAN technologies such as ISDN, Frame Relay, and leased lines. Features such as dial-on-demand routing (DDR) and static routing can be implemented to control costs.

Hierarchical Model Examples

For small- to medium-sized companies, the hierarchical model is often implemented as a hub-and-spoke topology, as shown in Figure 5-2. Corporate headquarters form the hub, and links to the remote offices form the spokes.

Figure 5-2. The Hierarchical Model Is Often Implemented as a Hub-and-Spoke Topology

The hierarchical model can be implemented using either routers or switches. Figure 5-3 is an example of a switched hierarchical design, while Figure 5-4 shows examples of routed hierarchical designs.

Figure 5-3. An Example of a Switched Hierarchical Design

Figure 5-4. Examples of Routed Hierarchical Designs

Redundant Models

When designing a network topology for a customer who has critical systems, services, or network paths, you should determine the likelihood that these components will fail and design redundancy where necessary.

Consider incorporating one of the following types of redundancy into your design:

  • Workstation-to-router redundancy

  • Server redundancy

  • Route redundancy

  • Media redundancy

Each of these types of redundancy is elaborated in the sections that follow.

Workstation-to-Router Redundancy

When a workstation has traffic to send to a station that is not local, the workstation has many possible ways to discover the address of a router on its network segment, including the following:

  • Address Resolution Protocol (ARP)

  • Explicit configuration

  • Router Discovery Protocol (RDP)

  • Routing protocol

  • Internetwork Packet Exchange (IPX)

  • AppleTalk

  • Hot Standby Router Protocol (HSRP)

The sections that follow cover each of these methods.


Some IP workstations send an ARP frame to find a remote station. A router running proxy ARP can respond with its data link layer address. Cisco routers run proxy ARP by default.

Explicit Configuration

Most IP workstations must be configured with the IP address of a default router. This is sometimes called the default gateway.

In an IP environment, the most common method for a workstation to find a server is via explicit configuration (default router). If the workstation's default router becomes unavailable, the workstation must be reconfigured with the address of a different router. Some IP stacks enable you to configure multiple default routers, but many other IP stacks do not support redundant default routers.


RFC 1256 specifies an extension to the Internet Control Message Protocol (ICMP) that allows an IP workstation and router to run the Router Discovery Protocol (RDP) to facilitate the workstation learning the address of a router.

Routing Protocol

An IP workstation can run the Routing Information Protocol (RIP) to learn about routers. RIP should be used in passive mode rather than active mode. (Active mode means that the station sends RIP frames every 30 seconds.) The Open Shortest Path First (OSPF) protocol also supports a workstation running that routing protocol.


An IPX workstation broadcasts a find network number message to find a route to a server. A router then responds. If the client loses its connection to the server, it automatically sends the message again.


An AppleTalk workstation remembers the address of the router that sent the last Routing Table Maintenance Protocol (RTMP) packet. As long as there are one or more routers on an AppleTalk workstation's network, it has a route to remote devices.


Cisco's Hot Standby Router Protocol (HSRP) provides a way for IP workstations to keep communicating on the internetwork even if their default router becomes unavailable. The HSRP works by creating a phantom router that has its own IP and MAC addresses. The workstations use this phantom router as their default router.

HSRP routers on a LAN communicate among themselves to designate two routers as active and standby. The active router sends periodic hello messages. The other HSRP routers listen for the hello messages. If the active router fails and the other HSRP routers stop receiving hello messages, the standby router takes over and becomes the active router. Because the new active router assumes both the IP and MAC addresses of the phantom, end nodes see no change at all. They continue to send packets to the phantom router's MAC address, and the new active router delivers those packets.

HSRP also works for proxy ARP. When an active HSRP router receives an ARP request for a node that is not on the local LAN, the router replies with the phantom router's MAC address instead of its own. If the router that originally sent the ARP reply later loses its connection, the new active router can still deliver the traffic.

Figure 5-5 shows an example implementation of HSRP.

Figure 5-5. An Example of HSRP: The Phantom Router Represents the Real Routers

In Figure 5-5, the following sequence occurs:

  1. The Anderson workstation is configured to use the Phantom router as its default router.

  2. Upon booting, the routers elect Broadway as the HSRP active router. The active router does the work for the HSRP phantom. Central Park is the HSRP standby router.

  3. When Anderson sends an ARP frame to find its default router, Broadwayresponds with the Phantom router'sMAC address.

  4. If Broadway goes off line, Central Park takes over as the active router, continuing the delivery of Anderson's packets. The change is transparent to Anderson. If there was a third HSRP router on the LAN, that router would begin to act as the new standby router.

Server Redundancy

In some environments, fully redundant (mirrored) file servers should be recommended. For example, in a brokerage firm where traders must access data in order to buy and sell stocks, the data can be replicated on two or more redundant servers. The servers should be on different networks and power supplies.

If complete server redundancy is not feasible due to cost considerations, mirroring or duplexing of the file server hard drives is a good idea. Mirroring means synchronizing two disks, while duplexing is the same as mirroring with the additional feature that the two mirrored hard drives are controlled by different disk controllers.

Route Redundancy

Designing redundant routes has two purposes: load balancing and minimizing downtime.

Load Balancing

AppleTalk and IPX routers can remember only one route to a remote network by default, so they do not support load balancing. You can change this for IPX by using the ipx maximum-paths command and for AppleTalk by using the appletalk maximum-paths command on a Cisco router.

Most IP routing protocols can load balance across up to six parallel links that have equal cost. Use the maximum-paths command to change the number of links that the router will load balance over for IP; the default is four, the maximum is six. To support load balancing, keep the bandwidth consistent within a layer of the hierarchical model so that all paths have the same cost. (Cisco's IGRP and Enhanced IGRP are exceptions because they can load balance traffic across multiple routes that have different metrics, using a feature called variance.)

A hop-based routing protocol does load balancing over unequal bandwidth paths as long as the hop count is equal. Once the slower link becomes saturated, the higher-capacity link cannot be filled; this is called pinhole congestion. Pinhole congestion can be avoided by designing equal bandwidth links within one layer of the hierarchy or by using a routing protocol that takes bandwidth into account.

IP load balancing depends on which switching mode is used on a router. Switching modes are discussed in more detail in Chapter 7, “Provisioning Hardware and Media for the WAN.” Process switching load balances on a packet-by-packet basis. Fast, autonomous, silicon, optimum, distributed, and NetFlow switching load balance on a destination-by-destination basis because the processor caches the encapsulation to a specific destination for these types of switching modes.

Minimizing Downtime

In addition to facilitating load balancing, redundant routes minimize network downtime.

As already discussed, you should keep bandwidth consistent within a given layer of a hierarchy to facilitate load balancing. Another reason to keep bandwidth consistent within a layer of a hierarchy is that routing protocols converge much faster if multiple equal-cost paths to a destination network exist.

By using redundant, meshed network designs, you can minimize the effect of link failures. Depending on the convergence time of the routing protocols being used, a single link failure will not have a catastrophic effect. Chapter 9, “Selecting Routing and Bridging Protocols,” discusses more about routing convergence.

A network can be designed as a full mesh or a partial mesh. A full mesh network is when every router has a link to every other router, as shown in Figure 5-6. A full mesh network provides complete redundancy and also provides good performance because there is just a single-hop delay between any two sites. The number of links in a full mesh is n(n-1)/2, where n is the number of routers. Each router is connected to every other router. (The result is divided by 2 to avoid counting Router X to Router Y and Router Y to Router X as two different links.)

Figure 5-6. Full Mesh Network: Every Router Has a Link to Every Other Router in the Network

A full mesh network can be expensive to implement due to the required number of links. In addition, there are practical limits to scaling for groups of routers that broadcast routing updates or service advertisements. As the number of router peers increases, the amount of bandwidth and CPU resources devoted to processing broadcasts increases.

A suggested guideline is to keep broadcast traffic at less than 20 percent of the bandwidth of each link; this will limit the number of peer routers that can exchange routing tables or service advertisements. When planning redundancy, follow guidelines for simple, hierarchical design. Figure 5-7 illustrates a classic hierarchical and redundant enterprise design that uses a partial mesh rather than full mesh architecture.

Figure 5-7. Partial Mesh Design with Redundancy

Media Redundancy

In mission-critical applications, it is often necessary to provision redundant media.

In switched networks, switches can have redundant links to each other. This is good because it minimizes downtime, but it may result in broadcasts continuously circling the network, called a broadcast storm. Because Cisco switches implement the IEEE 802.1d Spanning-Tree algorithm, this looping can be avoided in the Spanning-Tree Protocol. The Spanning-Tree algorithm guarantees that there is one and only one active path between two network stations. The algorithm permits redundant paths that are automatically activated when the active path experiences problems.

Because WAN links are often critical pieces of the internetwork, redundant media is often deployed in WAN environments. As shown in Figure 5-8, backup links can be provisioned so they become active when a primary link goes down or becomes congested.

Figure 5-8. Backup Links Can Be Used to Provide Redundancy

Often, backup links use a different technology. For example, a leased line can be in parallel with a backup dialup line or ISDN circuit. By using what are called floating static routes, you can specify that the backup route has a higher administrative distance (used by Cisco routers to select which routing information to use), so it is not normally used unless the primary route goes down. (Administrative distance is discussed further in Chapter 9.)


When provisioning backup links, learn as much as possible about the actual physical circuit routing. Different carriers sometimes use the same facilities, meaning that your backup path is susceptible to the same failures as your primary path. You should do some investigative work to ensure that your backup really is a backup.

Backup links can be combined with load balancing and channel aggregation. Channel aggregation means that a router can bring up multiple channels (for example, Integrated Services Digital Network [ISDN] B channels) as bandwidth requirements increase.

Cisco supports the Multilink Point-to-Point Protocol (MPPP), which is an Internet Engineering Task Force (IETF) standard for ISDN B channel (or asynchronous serial interface) aggregation. MPPP does not specify how a router should accomplish the decision-making process to bring up extra channels. Instead, it s seeks to ensure that packets arrive in sequence at the receiving router. Then, the data is encapsulated within PPP and the datagram is given a sequence number. At the receiving router, PPP uses this sequence number to re-create the original data stream. Multiple channels appear as one logical link to upper-layer protocols.

Secure Models

This section introduces secure topology models. Other aspects of security, such as encryption and access lists, are discussed in Chapter 10, “Provisioning Software Features.” The information in this book is not sufficient to learn all the nuances of internetwork security. To learn more about internetwork security, you might want to read the book Firewalls and Internet Security, by Bill Cheswick and Steve Bellovin, published by Addison Wesley. Also, by searching on the word “security” on Cisco's Web site , you can keep up to date on security issues.

Secure topologies are often designed using a firewall. A firewall protects one network from another untrusted network. This protection can be accomplished in many ways, but in principle, a firewall is a pair of mechanisms: One blocks traffic and the other permits traffic.

Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic. Figure 5-9 shows a simple firewall topology using routers.

Figure 5-9. A Simple Firewall Network, Using Routers

You can design a firewall system using packet-filtering routers and bastion hosts. A bastion host is a secure host that supports a limited number of applications for use by outsiders. It holds data that outsiders access (for example, web pages) but is strongly protected from outsiders using it for anything other than its limited purposes.

Three-Part Firewall System

The classic firewall system, called the three-part firewall system, has the following three specialized layers, as shown in Figure 5-10:

  • An isolation LAN that is a buffer between the corporate internetwork and the outside world. (The isolation LAN is called the demilitarized zone, or DMZ, in some literature.)

  • A router that acts as an inside packet filter between the corporate internetwork and the isolation LAN.

  • Another router that acts as an outside packet filter between the isolation LAN and the outside internetwork.

Figure 5-10. Structure and Components of a Three-Part Firewall System

Services available to the outside world are located on bastion hosts in the isolation LAN. Example services in these hosts include:

  • Anonymous FTP server

  • Web server

  • Domain Name Service (DNS)

  • Telnet

  • Specialized security software such as Terminal Access Controller Access Control System (TACACS)

The isolation LAN has a unique network number that is different than the corporate network number. Only the isolation LAN network is visible to the outside world. On the outside filter you should advertise only the route to the isolation LAN.

If internal users need to get access to Internet services, allow TCP outbound traffic from the internal corporate internetwork. Allow TCP packets back in to the internal network only if they are in response to a previously sent request. All other TCP traffic should be blocked because new inbound TCP sessions could be from hackers trying to establish sessions with internal hosts.


In order to determine whether TCP traffic is a response to a previously sent request or a request for a new session, the router examines some bits in the code field of the TCP header. If the ACK (acknowledgement field is valid) or RST (reset the connection) bits are set in a TCP segment header, the segment is a response to a previously sent request. The established keyword in Cisco IOS™ access lists (filters) is used to indicate packets with ACK or RST bits set.

The following list summarizes some rules for the three-part firewall system.

  • The inside packet filter router should allow inbound TCP packets from established sessions.

  • The outside packet filter router should allow inbound TCP packets from established TCP sessions.

  • The outside packet filter router should also allow packets to specific TCP or UDP ports going to specific bastion hosts (including TCP SYN packets that are used to establish a session).

Block traffic from firewall routers and hosts to the internal network. The firewall routers and hosts themselves are likely to be a jumping-off point for hackers, as shown in Figure 5-11.

Figure 5-11. Firewall Routers and Hosts May Make Your Network Vulnerable to Hacker Attacks

Keep bastion hosts and firewall routers simple. They should run as few programs as possible. The programs should be simple because simple programs have fewer bugs than complex programs. Bugs introduce possible security holes.

Do not enable any unnecessary services or connections on the outside filter router. A list of suggestions for implementing the outside filter router follows:

  • Turn off Telnet access (no virtual terminals defined).

  • Use static routing only.

  • Do not make it a TFTP server.

  • Use password encryption.

  • Turn off proxy ARP service.

  • Turn off finger service.

  • Turn off IP redirects.

  • Turn off IP route caching.

  • Do not make it a MacIP server (MacIP provides connectivity for IP over AppleTalk by tunneling IP datagrams inside AppleTalk).

Cisco PIX™ Firewall

To provide stalwart security, hardware firewall devices can be used in addition to or instead of packet-filtering routers. For example, in the three-part firewall system illustrated earlier in Figure 5-10, a hardware firewall device could be installed on the isolation LAN. A hardware firewall device offers the following benefits:

  • Less complex and more robust than packet filters

  • No downtime required for installation

  • No upgrading of hosts or routers is required

  • No day-to-day management is necessary

Cisco's PIX Firewall is a hardware device that offers the features in the preceding list, as well as full outbound Internet access from unregistered internal hosts. IP addresses can be assigned from the private ranges, as defined in RFC 1918 (available at The PIX Firewall uses a protection scheme called Network Address Translation (NAT), which allows internal users access to the Internet while protecting internal networks from unauthorized access. Private addresses and NAT are discussed more in Chapter 8.

Further details on the PIX Firewall are available on Cisco's web site at The summary from this web site is reproduced here.

Cisco PIX Firewall is the dedicated firewall appliance in Cisco's firewall family. PIX Firewall delivers strong security without impacting network performance. The product line scales to meet a range of customer requirements, with a choice of two hardware platforms, PIX Firewall 510 and PIX Firewall 520, and three capacity license levels. PIX Firewall is the leading product in its segment of the firewall market. The PIX Firewall provides full firewall protection that completely conceals the architecture of an internal network from the outside world. Virtual Private Network (VPN) connections using the IPSec standards can be made with PIX Firewall. PIX Firewall enforces secure access between an internal network and an intranet, extranet links, and the Internet.

PIX Firewall wins the overall performance award in KeyLab's FireBench firewall performance analysis,, demonstrating nearly 170 megabits per second throughput and over 6,500 connections per second in their network environment.

IDC Research says Cisco PIX Firewall was a strong contender for number one in the overall 1997 firewall marketplace, with a 19% share compared to Check Point Firewall-1 at 23%.

Tests of enterprise-level firewalls by Network Computing reconfirm that the “performance of the PIX was by far the best of all the products” and even NAT activation did not slow down performance.

The PIX Firewall provides firewall security without the administrative overhead and risks associated with UNIX-based or router-based firewall systems. The PIX Firewall operates on a secure real-time kernel, not on UNIX. The network administrator is provided with complete auditing of all transactions, including attempted break-ins.

The PIX Firewall supports data encryption with the Cisco PIX Private Link, a card that provides secure communication between multiple PIX systems over the Internet using the data encryption standard (DES).

The PIX Firewall provides TCP and UDP connectivity from internal networks to the outside world using a scheme called adaptive security. All inbound traffic is verified for correctness against the following connection state information:

  • Source and destination IP addresses

  • Source and destination port numbers

  • Protocols

  • TCP sequence numbers (which are randomized to eliminate the possibility of hackers guessing numbers)


Contents Next >

Save to MyCKS


Breaking News

One of the primary architects of OpenCable, Michael Adams, explains the key concepts of this initiative in his book OpenCable Architecture.

Expert Advice

Ralph Droms, Ph.D., author of The DHCP Handbook and chair of the IETF Dynamic Host Configuration Working Group, guides you to his top picks for reliable DHCP-related information.

Just Published

Residential Broadband, Second Edition
by George Abe

Introduces the topics surrounding high-speed networks to the home. It is written for anyone seeking a broad-based familiarity with the issues of residential broadband (RBB) including product developers, engineers, network designers, business people, professionals in legal and regulatory positions, and industry analysts.


From the Brains at InformIT


Contact Us


Copyright, Terms & Conditions


Privacy Policy


© Copyright 2000 InformIT. All rights reserved.