Designing the Network Topology
Designing Cisco Networks
Author: Diane Teare
Publisher: Cisco Press (53)
It will take you approximately four hours to read and complete the exercises
in this chapter.
This chapter is the first in Part IV, which
aims to enable you to design a network structure that meets the customer's
requirements for performance, security, capacity, and scalability, given topology
and internetworking design constraints.
Upon completion of this first chapter in Part IV,
you will be able to do the following:
Describe the advantages, disadvantages, scalability issues,
and applicability of standard internetwork topologies.
Draw a topology map that meets the customer's needs and includes
a high-level view of internetworking devices and interconnecting media.
This chapter includes some job aids you will find useful when completing
the case studies at the end of the chapter. References to some WWW sites are
also included; relevant information has been extracted from these sites and
is provided in the chapter. If you have access to the Internet, you might
want to access the sites mentioned to obtain detailed information related
to specific topics. All the sites referenced in this chapter are also listed
in Appendix C, “Interesting WWW Links and Other
Follow these steps to complete this chapter:
Study the chapter content, including any job aids that appear.
Answer the multiple-choice questions at the end of this chapter.
Review the case studies at the end of this chapter.
Complete the questions in each case study.
Review the answers provided by our internetworking experts
in Appendix B, “Answers to Chapter Questions, Case
Studies, and Sample CCDA Exam.”
The first part of this chapter includes a discussion of different network
topology models available. The second part includes a reference to some network
design guides. The design guides are separate documents written by Cisco internetworking
experts that detail considerations for different aspects of networking. You
can find these design and implementation guides in Appendixes D-G.
Three different network topology models are discussed in this section:
Hierarchical models enable you to
design internetworks in layers. To understand the importance of layering,
consider the Open System Interconnection (OSI)
reference model, which is a layered model for implementing computer communications.
Using layers, the OSI
model simplifies the tasks required for two computers to communicate. Hierarchical
models for internetwork design also use layers to simplify the tasks required
for internetworking. Each layer can be focused on specific functions, allowing
you to choose the right systems and features for each
The many benefits of using hierarchical models for your network design
include the following:
Ease of understanding
Easy network growth
Improved fault isolation
After adopting hierarchical design models, many organizations report
cost savings because they are no longer trying to do it all in one routing/switching
platform. The modular nature of the model enables appropriate use of bandwidth
within each layer of the hierarchy, reducing wasted capacity.
Keeping each design element simple and small facilitates ease of understanding,
which helps control training and staff costs. Management responsibility and
network management systems can be distributed to the different layers of modular
network architectures, which helps control management
Hierarchical design facilitates changes. In a network design, modularity allows creating design elements that can be replicated
as the network grows, facilitating easy network growth. As each element in
the network design requires change, the cost and complexity of making the
upgrade is contained to a small subset of the overall network. In large, flat,
or meshed network architectures, changes tend to impact a large number of
Improved fault isolation is facilitated
by structuring the network into small, easy-to-understand elements. Network
managers can easily understand the transition points in the network, which
helps identify failure points.
Today's fast-converging protocols were designed for hierarchical topologies.
To control the impact of routing overhead processing and bandwidth consumption,
modular hierarchical topologies must be used with protocols designed with
these controls in mind, such as Enhanced IGRP. Chapter
9, “Selecting Routing and Bridging Protocols,” further
investigates the question of which protocol to use.
Route summarization, which is discussed in Chapter
8, “Designing a Network Layer Addressing and Naming Model,”
is facilitated by hierarchical network design. Route summarization reduces
the routing protocol overhead on links in the network and reduces routing
protocol processing within the routers.
Figure 5-1 illustrates, a hierarchical
network design has three layers:
The core layer
provides optimal transport between sites.
The distribution layer
provides policy-based connectivity.
The access layer
provides workgroup/user access to the network.
5-1. A Hierarchical Network Design Has Three Layers: Core, Distribution,
provides necessary functionality to the network. The layers do not need to
be implemented as distinct physical entities. Each layer can be implemented
in routers or switches, represented by a physical media, or combined in a
single box. A particular layer can be omitted altogether, but for optimum
performance, hierarchy should be maintained.
The core layer is the high-speed switching backbone of
the network, which is crucial to enable corporate communications. The core
layer should have the following characteristics:
Offer high reliability
Provide fault tolerance
Adapt to changes quickly
Offer low latency and good manageability
Avoid slow packet manipulation caused by filters or other
Have a limited and consistent diameter
When routers are used in a network, the number of router hops from edge
to edge is called the diameter.
As noted, it is considered good practice to design for a consistent diameter
within a hierarchical network. This means that from any end station to another
end station across the backbone, there should be the same number of hops.
The distance from any end station to a server on the backbone should also
Limiting the diameter of the internetwork provides predictable
performance and ease of troubleshooting. Distribution layer routers and client
LANs can be added to the hierarchical model without increasing the diameter
because neither will affect how existing end stations communicate.
layer of the network is the demarcation point between the access and core
layers of the network. The distribution layer can have many roles, including
implementing the following functions:
Policy (for example, to ensure that traffic sent from a particular
network should be forwarded out one interface, while all other traffic should
be forwarded out another interface)
Address or area aggregation or summarization
Departmental or workgroup access
Broadcast/multicast domain definition
Routing between virtual LANs (VLANs)
Media translations (for example, between Ethernet and Token
Redistribution between routing domains (for example, between
two different routing protocols)
Demarcation between static and dynamic routing protocols
Several Cisco IOS™ software features can be used
to implement policy at the distribution layer, including the following:
Filtering by source or destination address
Filtering on input or output ports
Hiding internal network numbers by route filtering
Quality of service mechanisms (for example, to ensure that
all devices along a path can accommodate the requested parameters)
The access layer provides user access to local segments on the network.
The access layer is characterized by switched and shared bandwidth
LANs in a campus environment. Microsegmentation,
using LAN switches, provides high bandwidth to workgroups by dividing collision
domains on Ethernet segments and reducing the number of stations capturing
the token on Token Ring LANs.
For small office/home office (SOHO) environments, the access layer
provides access for remote sites into the corporate network using WAN technologies
such as ISDN, Frame Relay, and leased lines. Features such as dial-on-demand
routing (DDR) and static routing can be implemented to control costs.
For small- to medium-sized companies, the hierarchical model is often
implemented as a hub-and-spoke
topology, as shown in Figure 5-2.
Corporate headquarters form the hub, and links to the remote offices
form the spokes.
5-2. The Hierarchical Model Is Often Implemented as a Hub-and-Spoke
hierarchical model can be implemented using either routers or switches.
Figure 5-3 is an example of
a switched hierarchical design, while Figure
5-4 shows examples of routed hierarchical designs.
When designing a network topology for a customer who has critical
systems, services, or network paths, you should determine the likelihood that
these components will fail and design redundancy where necessary.
Consider incorporating one of the following types of redundancy into
Each of these types of redundancy is elaborated in the sections that
When a workstation has traffic to send to
a station that is not local, the workstation has many possible ways to discover
the address of a router on its network segment, including the following:
Address Resolution Protocol (ARP)
Router Discovery Protocol (RDP)
Internetwork Packet Exchange (IPX)
Hot Standby Router Protocol (HSRP)
The sections that follow cover each of these methods.
IP workstations send an ARP frame to find a remote station. A router running
proxy ARP can respond with its data link layer address. Cisco routers run
proxy ARP by default.
Most IP workstations must be configured with the IP address of
a default router. This is sometimes called the default gateway.
In an IP environment, the most common method for a workstation to find
a server is via explicit configuration (default router). If the workstation's
default router becomes unavailable, the workstation must be reconfigured with
the address of a different router. Some IP stacks enable you to configure multiple
default routers, but many other IP stacks do not support redundant default
RFC 1256 specifies
an extension to the Internet Control Message Protocol (ICMP) that allows an
IP workstation and router to run the Router Discovery Protocol (RDP) to facilitate
the workstation learning the address of a router.
IP workstation can run the Routing Information Protocol (RIP) to learn about
routers. RIP should be used in passive mode rather than active mode. (Active
mode means that the station sends RIP frames every 30 seconds.) The Open Shortest
Path First (OSPF) protocol also supports a workstation running that routing
An IPX workstation broadcasts a find network number
message to find a route to a server. A router then responds. If the client
loses its connection to the server, it automatically sends the message again.
An AppleTalk workstation remembers
the address of the router that sent the last Routing Table Maintenance Protocol
(RTMP) packet. As long as there are one or more routers on an AppleTalk workstation's
network, it has a route to remote devices.
Cisco's Hot Standby Router Protocol (HSRP) provides a way for IP workstations to
keep communicating on the internetwork even if their default router becomes
unavailable. The HSRP works by creating a phantom router that
has its own IP and MAC addresses. The workstations use this phantom router
as their default router.
HSRP routers on a LAN communicate among themselves to designate two
routers as active and standby. The active router sends periodic hello messages.
The other HSRP routers listen for the hello messages. If the active router
fails and the other HSRP routers stop receiving hello messages, the standby
router takes over and becomes the active router. Because the new active router
assumes both the IP and MAC addresses of the phantom, end nodes see no change
at all. They continue to send packets to the phantom router's MAC address,
and the new active router delivers
HSRP also works for proxy ARP. When an active
HSRP router receives an ARP request for a node that is not on the local LAN,
the router replies with the phantom router's MAC address instead of its own.
If the router that originally sent the ARP reply later loses its connection,
the new active router can still deliver the traffic.
Figure 5-5 shows an example
implementation of HSRP.
5-5. An Example of HSRP: The Phantom Router Represents the Real
In Figure 5-5, the following
The Anderson workstation is configured
to use the Phantom router as its default router.
Upon booting, the routers elect Broadway as the HSRP active
router. The active router does the work for the HSRP phantom.
Central Park is the HSRP standby router.
When Anderson sends an ARP frame to find its default router,
Broadwayresponds with the Phantom router'sMAC address.
If Broadway goes off line, Central Park takes over
as the active router, continuing the delivery of Anderson's
packets. The change is transparent to Anderson. If there
was a third HSRP router on the LAN, that router would begin to
act as the new standby router.
In some environments,
fully redundant (mirrored) file servers should be recommended. For example,
in a brokerage firm where traders must access data in order to buy and sell
stocks, the data can be replicated on two or more redundant servers. The servers
should be on different networks and power supplies.
If complete server redundancy is not feasible due to cost considerations,
mirroring or duplexing of the file server
hard drives is a good idea. Mirroring
means synchronizing two disks, while duplexing is the
same as mirroring with the additional feature that the two mirrored hard drives
are controlled by different disk controllers.
Designing redundant routes has two purposes: load balancing and minimizing
AppleTalk and IPX routers can remember only one route to
a remote network by default, so they do not support load balancing. You can
change this for IPX by using the ipx maximum-paths command and for AppleTalk by using the appletalk maximum-paths command on a Cisco router.
Most IP routing protocols can load balance across up to six parallel
links that have equal cost. Use the maximum-paths command
to change the number of links that the router will load balance over for IP;
the default is four, the maximum is six. To support load balancing, keep the
bandwidth consistent within a layer of the hierarchical model so that all
paths have the same cost. (Cisco's IGRP and Enhanced IGRP are exceptions because
they can load balance traffic across multiple routes that have different metrics,
using a feature called variance.)
A hop-based routing protocol does load balancing over unequal bandwidth
paths as long as the hop count is equal. Once the slower link becomes saturated,
the higher-capacity link cannot be filled; this is called pinhole congestion.
Pinhole congestion can be avoided by designing equal bandwidth links within
one layer of the hierarchy or by using a routing protocol that takes bandwidth
IP load balancing depends on which switching mode is used on a router.
Switching modes are discussed in more detail in Chapter
7, “Provisioning Hardware and Media for the WAN.” Process
switching load balances on a packet-by-packet basis. Fast, autonomous, silicon,
optimum, distributed, and NetFlow switching load balance on a destination-by-destination
basis because the processor caches the encapsulation to a specific destination
for these types of switching modes.
In addition to facilitating load balancing, redundant routes minimize
As already discussed, you should keep bandwidth consistent within a
given layer of a hierarchy to facilitate load balancing. Another reason to
keep bandwidth consistent within a layer of a hierarchy is that routing protocols
converge much faster if multiple equal-cost paths to a destination network
By using redundant, meshed network designs, you can minimize the effect
of link failures. Depending on the convergence time of the routing protocols
being used, a single link failure will not have a catastrophic effect. Chapter 9, “Selecting Routing and Bridging Protocols,”
discusses more about routing convergence.
be designed as a full mesh or a partial mesh. A
full mesh network is when every router has a link to every other router,
as shown in Figure 5-6. A
full mesh network provides complete redundancy and also provides good
performance because there is just a single-hop delay between any two
sites. The number of links in a full mesh is n(n-1)/2, where
n is the number of routers. Each router is connected to every
other router. (The result is divided by 2 to avoid counting Router
X to Router Y and Router Y to Router X as two different links.)
5-6. Full Mesh Network: Every Router Has a Link to Every Other
Router in the Network
A full mesh network can be expensive to implement due to the required
number of links. In addition, there are practical limits to scaling for groups
of routers that broadcast routing updates or service advertisements. As the
number of router peers increases, the amount of bandwidth and CPU resources
devoted to processing broadcasts increases.
A suggested guideline is to keep broadcast traffic at less than 20
percent of the bandwidth of each link; this will limit the number
of peer routers that can exchange routing tables or service advertisements.
When planning redundancy, follow guidelines for simple, hierarchical
design. Figure 5-7 illustrates
a classic hierarchical and redundant enterprise design that uses a
partial mesh rather than full mesh architecture.
In mission-critical applications, it is often necessary
to provision redundant media.
In switched networks, switches can have redundant links to each other.
This is good because it minimizes downtime, but it may result in broadcasts
continuously circling the network, called a broadcast storm.
Because Cisco switches implement the IEEE 802.1d Spanning-Tree algorithm,
this looping can be avoided in the Spanning-Tree Protocol. The Spanning-Tree
algorithm guarantees that there is one and only one active path between two
network stations. The algorithm permits redundant paths that are automatically
activated when the active path experiences problems.
WAN links are often critical pieces of the internetwork, redundant media
is often deployed in WAN environments. As shown in Figure
5-8, backup links can be provisioned so they become active when
a primary link goes down or becomes congested.
5-8. Backup Links Can Be Used to Provide Redundancy
Often, backup links
use a different technology. For example, a leased line can be in parallel
with a backup dialup line or ISDN circuit. By using what are called floating static
routes, you can specify that the backup route has a higher administrative
distance (used by Cisco routers to select which routing information to use),
so it is not normally used unless the primary route goes down. (Administrative
distance is discussed further in Chapter 9.)
When provisioning backup links, learn as much as possible about the
actual physical circuit routing. Different carriers sometimes use the same
facilities, meaning that your backup path is susceptible to the same failures
as your primary path. You should do some investigative work to ensure that
your backup really is a backup.
Backup links can be combined with load balancing and channel aggregation. Channel aggregation means that a router can bring up multiple channels (for example,
Integrated Services Digital Network [ISDN] B channels) as bandwidth requirements
Cisco supports the Multilink Point-to-Point Protocol (MPPP), which is an Internet Engineering
Task Force (IETF) standard for ISDN B channel (or asynchronous serial interface)
aggregation. MPPP does not specify how a router should accomplish the decision-making
process to bring up extra channels. Instead, it s
seeks to ensure that packets
arrive in sequence at the receiving router.
Then, the data is encapsulated within PPP and the datagram is given a sequence
number. At the receiving router, PPP uses this sequence number to re-create
the original data stream. Multiple channels appear as one logical link to
This section introduces secure topology models. Other aspects of security,
such as encryption and access lists, are discussed in Chapter
10, “Provisioning Software Features.” The information
in this book is not sufficient to learn all the nuances of internetwork security.
To learn more about internetwork security, you might want to read the book Firewalls
and Internet Security, by Bill Cheswick and
Steve Bellovin, published by Addison Wesley. Also, by searching on the word “security”
Web site , you can keep up to date on security issues.
topologies are often designed using a firewall. A firewall protects one network
from another untrusted network. This protection
can be accomplished in many ways, but in principle, a firewall is a pair of
mechanisms: One blocks traffic and the other permits traffic.
Some firewalls place a greater emphasis on blocking traffic, and others
emphasize permitting traffic. Figure
5-9 shows a simple firewall topology using routers.
You can design a firewall system using packet-filtering routers and
bastion hosts. A bastion host is a secure host that
supports a limited number of applications for use by outsiders. It holds
data that outsiders access (for example, web pages) but is strongly protected
from outsiders using it for anything other than its limited purposes.
The classic firewall system, called the three-part
firewall system, has the following three specialized
layers, as shown in Figure 5-10:
An isolation LAN that is a buffer between the
corporate internetwork and the outside world. (The isolation LAN is called
the demilitarized zone, or DMZ, in some literature.)
A router that acts as an inside packet filter
between the corporate internetwork and the isolation LAN.
Another router that acts as an outside packet filter
between the isolation LAN and the outside internetwork.
5-10. Structure and Components of a Three-Part Firewall System
Services available to the outside world are located on bastion hosts
in the isolation LAN. Example services in these hosts
The isolation LAN has a unique network
number that is different than the corporate network number. Only the
isolation LAN network is visible to the outside world. On the outside filter
you should advertise only the route to the isolation LAN.
If internal users need to get access to Internet services, allow TCP
outbound traffic from the internal corporate internetwork. Allow TCP packets
back in to the internal network only if they are in response to a previously
sent request. All other TCP traffic should be blocked because new inbound TCP sessions could be from hackers
trying to establish sessions with internal hosts.
In order to determine whether TCP traffic is a response to a previously
sent request or a request for a new session, the router examines some bits
in the code field of the
TCP header. If the ACK (acknowledgement field is valid) or RST (reset the
connection) bits are set in a TCP segment header, the segment is a response
to a previously sent request. The established
keyword in Cisco IOS™ access lists (filters) is used to indicate packets
with ACK or RST bits set.
The following list summarizes some rules for the three-part firewall
The inside packet filter router should allow inbound TCP packets
from established sessions.
The outside packet filter router should allow inbound TCP
packets from established TCP sessions.
The outside packet filter router should also allow packets
to specific TCP or UDP ports going to specific bastion hosts (including TCP
SYN packets that are used to establish a session).
Block traffic from firewall routers and hosts to the internal network.
The firewall routers and hosts themselves are likely to be a jumping-off
point for hackers, as shown in Figure
5-11. Firewall Routers and Hosts May Make Your Network Vulnerable
to Hacker Attacks
bastion hosts and
firewall routers simple. They should run as few programs as possible. The
programs should be simple because simple programs have fewer bugs than complex
programs. Bugs introduce possible security holes.
Do not enable any unnecessary services or connections on the outside
filter router. A list of suggestions for implementing the outside
filter router follows:
Turn off Telnet access (no virtual terminals defined).
Use static routing only.
Do not make it a TFTP server.
Use password encryption.
Turn off proxy ARP service.
Turn off finger service.
Turn off IP redirects.
Turn off IP route caching.
Do not make it a MacIP server (MacIP provides connectivity
for IP over AppleTalk by tunneling IP datagrams inside AppleTalk).
security, hardware firewall devices
can be used in addition to or instead of packet-filtering routers. For
example, in the three-part firewall system illustrated earlier in Figure
5-10, a hardware firewall device could be installed on the isolation
LAN. A hardware firewall device offers the following benefits:
Less complex and more robust than packet filters
No downtime required for installation
No upgrading of hosts or routers is required
No day-to-day management is necessary
Cisco's PIX Firewall is a hardware device that offers the features in
the preceding list, as well as full outbound Internet access from unregistered
internal hosts. IP addresses can be assigned from the
private ranges, as defined in RFC 1918 (available at http://info.internet.isi.edu/in-notes/rfc/files/rfc1918.txt). The PIX Firewall uses a protection scheme called Network Address Translation (NAT),
which allows internal users access to the Internet while protecting internal
networks from unauthorized access. Private
addresses and NAT are discussed more in Chapter 8.
Further details on the PIX Firewall are available on Cisco's web site
at http://www.cisco.com/warp/public/cc/cisco/mkt/security/pix/. The summary from this web site is reproduced here.
Cisco PIX Firewall is the dedicated firewall appliance in Cisco's firewall
family. PIX Firewall delivers strong security without impacting network performance.
The product line scales to meet a range of customer
requirements, with a choice of two hardware platforms, PIX Firewall 510 and
PIX Firewall 520, and three capacity license levels. PIX Firewall is the leading
product in its segment of the firewall market. The PIX Firewall provides full
firewall protection that completely conceals the architecture of an internal
network from the outside world. Virtual Private Network (VPN) connections
using the IPSec standards can be made with PIX Firewall. PIX Firewall enforces
secure access between an internal network and an intranet, extranet links,
and the Internet.
PIX Firewall wins the overall performance award in KeyLab's FireBench
firewall performance analysis, http://www.keylabs.com/results/firebench/fbenrpt2.pdf, demonstrating nearly 170 megabits per second throughput and over
6,500 connections per second in their network environment.
says Cisco PIX Firewall was a strong contender for number one in the
overall 1997 firewall marketplace, with a 19% share compared to Check
Point Firewall-1 at 23%.
Tests of enterprise-level firewalls by Network Computing http://www.networkcomputing.com/921/921f22.html reconfirm that the “performance of the PIX was by far the
best of all the products” and even NAT activation did not slow down
The PIX Firewall provides firewall security without the administrative
overhead and risks associated with UNIX-based or router-based firewall systems.
The PIX Firewall operates on a secure real-time kernel, not on UNIX. The network
administrator is provided with complete auditing of all transactions, including
The PIX Firewall supports data encryption with the Cisco PIX Private
Link, a card that provides secure communication between multiple PIX systems
over the Internet using the data encryption standard (DES).
The PIX Firewall provides TCP and UDP connectivity from internal networks
to the outside world using a scheme called adaptive security.
All inbound traffic is verified for correctness against the following connection
Source and destination IP addresses
Source and destination port numbers
numbers (which are randomized to eliminate the possibility of hackers
One of the primary architects of OpenCable, Michael
Adams, explains the key concepts of this initiative in his book
Broadband, Second Edition
by George Abe
Introduces the topics surrounding high-speed networks
to the home. It is written for anyone seeking a broad-based familiarity
with the issues of residential broadband (RBB) including product
developers, engineers, network designers, business people, professionals
in legal and regulatory positions, and industry analysts.