Top Down Network Design Chapter 5 Notes.
Designing a Network Topology
• Develop techniques for developing a network topology.
• A topology is a map of an internetwork that indicates network segments,
interconnection points, and user communities.
• Purpose of the map is to show the geometry of the network, not the
physical geography or technical implementation.
• Produce a high-level blueprint of the network, analogous to an
architectural drawing that shows the location and size of rooms for a
building, but not the construction materials for fabricating the rooms.
• Designing a network topology is the first step in the logical design phase
of the top-down network design methodology.
• To meet a customer's goals for scalability and adaptability, it is important
to architect a logical topology before selecting physical products or
Hierarchical Network Design
• Each layer can be focused on specific functions, allowing you to choose
the right systems and features for the layer.
• A typical hierarchical topology is:
o A core layer of high-end routers and switches that are optimized for
availability and performance.
o A distribution layer of routers and switches that implement policies.
o An access layer that connects users via lower-end switches and
wireless access points.
Why Use a Hierarchical Network Design Model?
• Networks that grow unheeded without any plan in place tend to develop in
an unstructured format.
• Dr. Peter Welcher, the author of network design and technology articles for
Cisco World and other publications, refers to unplanned networks as fur-
• Disadvantages of a fur-ball topology: too many CPU adjacencies cause.
• When network devices communicate with many other devices, the
workload required of the CPUs on the devices can be burdensome.
• Example: a large flat (switched) network, broadcast packets are
burdensome (includes routers, workstations, and servers).
• Hierarchical model can help minimize costs.
• Can purchase the appropriate internetworking devices for each layer of
the hierarchy, thus avoiding spending money on unnecessary features for
a layer. • Modular nature of the hierarchical design model enables accurate capacity
planning within each layer of the hierarchy, thus reducing wasted
• Network management responsibility and network management systems
can be distributed to the different layers of a modular network architecture
to control management costs.
• Modularity lets you keep each design element simple and easy to
• Minimizes the need for extensive training for network operations personnel
and expedites the implementation of a design.
• Testing a network design is made easy because there is clear functionality
at each layer.
• Fault isolation is improved because network technicians can easily
recognize the transition points in the network to help them isolate possible
• Hierarchical design facilitates changes. As elements in a network require
change, the cost of making an upgrade is contained to a small subset of
the overall network.
• In large flat or meshed network architectures, changes tend to impact a
large number of systems. Replacing one device can affect numerous
networks because of the complex interconnections.
How Can You Tell When You Have a Good Design?
Here are some wise answers from Peter Welcher that are based on the tenets of
hierarchical, modular network design:
• When you already know how to add a new building, floor, WAN link,
remote site, e-commerce service, and so on
• When new additions cause only local change, to the directly connected
• When your network can double or triple in size without major design
• When troubleshooting is easy because there are no complex protocol
interactions to wrap your brain around.
Scalability and Expandability issues:
• When scalability is a major goal, a hierarchical topology is recommended
because modularity in a design enables creating design elements that can
be replicated as the network grows.
• Because each instance of a module is consistent, expansion is easy to
plan and implement.
• To control routing CPU overhead and bandwidth consumption, modular
hierarchical topologies should be used with:
o Open Shortest Path First (OSPF),
o Intermediate System-to-Intermediate System (IS-IS), o Border Gateway Protocol (BGP) and,
o Enhanced Interior Gateway Routing Protocol (Enhanced IGRP).
Flat Versus Hierarchical Topologies
• A flat network topology is adequate (actually suitable) for very small
• With a flat network design, there is no hierarchy. Each internetworking
device has essentially the same job, and the network is not divided into
layers or modules.
• A flat network topology is easy to design and implement, and it is easy to
maintain, as long as the network stays small.
• When the network grows, however, a flat network becomes undesirable.
• The lack of hierarchy makes troubleshooting difficult. Rather than being
able to concentrate troubleshooting efforts in just one area of the network,
you may need to inspect the entire network.
Flat WAN Topologies
• A wide-area network (WAN) for a small company can consist of a few sites
connected in a loop.
• Each site has a WAN router that connects to two other adjacent sites via
• As long as the WAN is small (a few sites), routing protocols can converge
quickly, and communication with any other site can recover when a link
• (As long as only one link fails, communication recovers. When more than
one link fails, some sites are isolated from others.)
• A flat loop topology is generally not recommended for networks with many
• A loop topology can mean that there are many hops between routers on
opposite sides of the loop, resulting in significant delay and a higher
probability of failure.
• If your analysis of traffic flow indicates that routers on opposite sides of a
loop topology exchange a lot of traffic, you should recommend a
hierarchical topology instead of a loop.
Flat LAN Topologies
• From 1990 to 1995, a typical design for a LAN was PCs and servers
attached to one or more hubs in a flat topology.
• The PCs and servers implemented a media-access control process, such
as token passing or carrier sense multiple access with collision detection
(CSMA/CD) to control access to the shared bandwidth. • The devices were all part of the same bandwidth domain and had the
ability to negatively affect delay and throughput for other devices.
• Today PCs and servers are attached to data link layer (Layer 2) switches
instead of hubs.
• Using switches the network is segmented into small bandwidth domains
so that a limited number of devices compete for bandwidth at any one
• (However, the devices do compete for service by the switching hardware
and software, so it is important to understand the performance
characteristics of candidate switches)
• Switches forward broadcast frames out all ports.
• Routers, segment networks into separate broadcast domains.
• From: Table 4-8, a single broadcast domain should be limited to a few
hundred devices so that devices are not overwhelmed by the task of
processing broadcast traffic.
Mesh Versus Hierarchical-Mesh Topologies
• Mesh topologies are deployed to meet availability requirements.
• In a full-mesh topology, every router or switch is connected to every other
router or switch.
• A full-mesh network provides complete redundancy, and offers good
performance because there is just a single-link delay between any two
• A partial-mesh network has fewer connections.
• In a full-mesh topology, every router or switch is connected to every other
router or switch. The number of links in a full-mesh topology is as follows:
(N * (N – 1)) / 2
• N is the number of routers or switches. (Divide the result by two to avoid
counting Router X to Router Y and Router Y to Router X as two different
Some disadvantages of mesh topologies:
• Networks can be expensive to deploy and maintain. (A full-mesh network
is especially expensive.)
• Can also be hard to optimize, troubleshoot, and upgrade, unless they are
designed using a simple, hierarchical model.
• In a nonhierarchical mesh topology, internetworking devices are not
optimized for specific functions.
• Mesh networks have scalability limits for groups of routers that broadcast
routing updates or service advertisements. As the number of router CPU
adjacencies increases, the amount of bandwidth and CPU resources
devoted to processing updates increases. • A good rule of thumb is that you should keep broadcast traffic at less than
20 percent of the traffic on each link. (McCabe says less than 5%)
The Classic Three-Layer Hierarchical Model
The Core Layer
• The core layer of a three-layer hierarchical topology is the high-speed
backbone of the internetwork.
• core layer is critical for interconnectivity so design the core layer with
• The core layer should be highly reliable and should adapt to changes
• When configuring routers in the core layer, you should use routing
features that optimize packet throughput
• The core should have a limited and consistent diameter.
• For organizations that need to connect to other enterprises via an extranet
or the Internet, the core topology should include one or more links to
external networks. Corporate network administrators should discourage
regional and branch-office administrators from planning their own
extranets or connections to the Internet.
The Distribution Layer
• The distribution layer of the network is the demarcation point between the
access and core layers of the network.
• functions include controlling access to resources for security reasons, and
controlling network traffic that traverses the core for performance reasons.
• The distribution layer is often the layer that delineates broadcast domains,
(although this can be done at the access layer as well).
• In network designs that include virtual LANs (VLANs), the distribution layer
can be configured to route between VLANs.
• The distribution layer allows the core layer to connect sites that run
different protocols while maintaining high performance.
• For improved routing protocol performance, the distribution layer can
summarize routes from the access layer.
• To maximize hierarchy, modularity, and performance, the distribution layer
should hide detailed topology information about the access layer from core
• Distribution layer should summarize numerous access layer destinations
into a few advertisements into the core.
• Distribution layer should hide detailed topology information about the core
layer from the access layer by summarizing to a small set of
advertisements or just one default route, if possible. • The distribution layer can provide the access layer with a route to the
closest distribution layer router that has access to the core.
The Access Layer
• The access layer provides users on local segments access to the
• Access layer can include routers, switches, bridges, shared-media hubs,
and wireless access points.
• Switches are often implemented at the access layer in campus networks
to divide up bandwidth domains to meet the demands of applications that
need a lot of bandwidth or cannot withstand the variable delay
characterized by shared bandwidth.
• For internetworks that include small branch offices and telecommuter
home offices, the access layer can provide access into the corporate
internetwork using wide-area technologies such as ISDN, Frame Relay,
leased digital lines, and analog modem lines.
Guidelines for Hierarchical Network Design
• First: control the diameter of a hierarchical enterprise network topology. In
most cases, three major layers are sufficient:
o The core layer
o The distribution layer
o The access layer
• Controlling the network diameter provides low and predictable latency.
• Also helps you predict routing paths, traffic flows, and capacity
• A controlled network diameter also makes troubleshooting and network
• Strict control of the network topology at the access layer should be
• The access layer is most susceptible to violations of hierarchical network
• Users at the access layer have a tendency to add networks to the
• Avoid chains and backdoors.
• A backdoor is a connection between devices in the same layer.
• Backdoors should be avoided because they cause unexpected routing
and switching problems and make network documentation and
troubleshooting more difficult.
• design the access layer first, followed by the distribution layer, and then
finally the core layer. • By starting with the access layer, you can more accurately perform
capacity planning for the distribution and core layers.
Note: Some valid reasons for adding a chain or a backdoor.
• Example, international network topologies sometimes get skewed by the
availability of fiber-optic links, the ease and cost of provisioning new
networks, and the availability of competent carriers.
• An international network might require a chain to add another country.
• A backdoor is sometimes added to increase performance and redundancy
between two parallel devices in a layer.
Redundant Network Design Topologies
• Redundancy attempts to eliminate any single point of failure on the
• The goal is to duplicate any required component whose failure could
disable critical applications.
• The component could be a core router, a switch, a link between two
switches, a channel service unit (CSU), a power supply, a WAN trunk,
Internet connectivity, and so on.
• To enable business survivability after a disaster and offer performance
benefits from load sharing, some organizations have completely
redundant data centers.
• Other organizations try to constrain network operational expenses by
using a less-comprehensive level of redundancy.
• Because redundancy is expensive to deploy and maintain, you should
implement redundant topologies with care.
• Make sure you can identify critical applications, systems, internetworking
devices, and links. Analyze your customer's tolerance for risk and the
consequences of not implementing redundancy.
• Make sure to discuss with your customer the tradeoffs of redundancy
versus low cost, and simplicity versus complexity.
• Redundancy adds complexity to the network topology and to network
addressing and routing.
• To maintain interconnectivity even when one or more links are down,
redundant network designs include a backup path for packets to travel
when there are problems on the primary path.
• A backup path consists of routers and switches and individual backup links
between routers and switches, which duplicate devices and links on the
primary path. • When estimating network performance for a redundant network design,
you should take into consideration two aspects of the backup path:
o How much capacity does the backup path support?
o How quickly will the network begin to use the backup path?
• Sometimes the performance is worse than the primary path, but still
• It is quite common for a backup path to have less capacity than a primary
• Individual backup links within the backup path often use different
• Designing a backup path that has the same capacity as the primary path
can be expensive and is only appropriate if the customer's business
requirements dictate a backup path with the same performance
characteristics as the primary path.
• If switching to the backup path requires manual reconfiguration of any
components, then users will notice disruption.
• For mission-critical applications, disruption is probably not acceptable. An
automatic failover is necessary for mission-critical applications.
• By using redundant, partial-mesh network designs, you can speed
automatic recovery time when a link fails.
• The primary purpose of redundancy is to meet availability requirements.
• A secondary goal is to improve performance by supporting load sharing
across parallel links.
• Load sharing, sometimes called load balancing, allows two or more
interfaces or paths to share traffic load.
• Purists have taken to using the term load sharing instead of load
balancing because the load is usually not precisely balanced across
• Because routers can cache the interface that they use for a destination
host or even an entire destination network, all traffic to that destination
tends to take the same path.
• This results in the load not being balanced across multiple links, although
the load should be shared across the links if there are many different
• Some protocols do not support load sharing by default. For example,
when running Novell's Routing Information Protocol (RIP), an Internetwork
Packet Exchange (IPX) router can remember only one route to a remote
network. • Most vendors' implementations of IP routing protocols support load
sharing across parallel links that have equal cost.
• (Cost values are used by routing protocols to determine the most
favorable path to a destination. Depending on the routing protocol, cost
can be based on hop count, bandwidth, delay, or other factors.)
• Some routing protocols base cost on the number of hops to a particular
• These routing protocols load balance over unequal bandwidth paths as
long as the hop count is equal.
• Once a slow link becomes saturated, however, higher-capacity links
cannot be filled. This is called pinhole congestion.
• Pinhole congestion can be avoided by designing equal bandwidth links
within one layer of the hierarchy, or by using a routing protocol that bases
cost on bandwidth and has the variance feature.
Modular Network Design
• Top-down network design lets you drill down to the components of the
network design, and apply fundamental design principles to the
components as well as the overall design.
• Hierarchy and redundancy, as mentioned in the previous sections, are
fundamental network design concepts.
• Another fundamental concept related to hierarchy is modularity.
• Large network design projects and large networks in general consist of
different areas and modules.
The Enterprise Composite Network Model
• Enterprise Composite Network Model is a blueprint that network designers
can use to simplify the complexity of a large internetwork.
• Blueprint lets you apply a modular, hierarchical approach to network
• Analyze the functional, logical, and physical components of a network, and
thus simplify the process of designing an overall enterprise network.
Enterprise Composite Network Model comprises three major areas:
• Enterprise campus. The enterprise campus includes the modules required
to build a robust campus network that provides high availability, scalability,
and flexibility. This area contains all the network elements for independent
operation within one campus location. An enterprise can have more than
• Enterprise edge. The enterprise edge aggregates the connectivity from the
various elements at the edge of an enterprise network. The enterprise
edge functional area filters traffic from the edge modules and routes it into
the enterprise campus. The enterprise edge contains all the network elements for efficient and secure communication between the enterprise
campus and remote locations, business partners, mobile users, and the
• Service provider edge. The modules in this functional area are not
implemented by the enterprise. The service provider edge modules are
included to enable communication with other networks using different
WAN technologies and Internet service providers (ISPs).
Designing a Campus Network Design Topology
• Campus network design topologies should meet a customer's goals for
availability and performance by featuring small bandwidth domains, small
broadcast domains, redundancy, mirrored servers, and multiple ways for a
workstation to reach a router for off-net communications.
• Campus networks should be designed using a hierarchical, modular
approach so that the network offers good performance, maintainability,
• Most campus networks feature a high-performance, switched backbone,
called the campus backbone, that connects buildings and different parts of
• A high-capacity, centralized server farm connects to the backbone and
provides internal server resources to users, for example, application, file,
print, e-mail, and Domain Name System (DNS) services.
• Network management is an important component in a campus network
• A campus backbone must provide access to management devices that
support monitoring, logging, troubleshooting, security, and other common
• According to the Enterprise Composite Network Model, a campus consists
of the campus infrastructure module, a server farm, a network
management module, and an edge distribution module that provides
connectivity between the campus and the rest of the internetwork.
Example of a campus infrastructure module that has three submodules:
• Building access submodule. Located within a campus building, this
submodule contains end-user workstations and IP phones connected to
switches or wireless access points. Higher-end switches provide uplinks to
the building distribution module. Services offered by this module include
network access, broadcast control, protocol filtering, and the marking of
packets for QoS features.
• Building distribution submodule. The job of this submodule is to aggregate
wiring closets within a building and provide connectivity to the campus
backbone via routers (or switches with routing modules). This submodule
provides routing, QoS, and access control methods for meeting security
and performance requirements. Redundancy and load sharing are recommended for this submodule. For example, each building distribution
submodule should have two equal-cost paths to the campus backbone.
• Campus backbone. The campus backbone is the core layer of the campus
infrastructure. The backbone interconnects the building access and
distribution submodules with the server farm, network management, and
edge distribution modules. The campus backbone provides redundant and
fast-converging connectivity. It routes and switches traffic as quickly as
possible from one module to another. This module usually uses high-
speed routers (or switches with routing capability) and provides QoS and
The Spanning Tree Protocol
• The topology of each module and submodule of a campus network design
is partially determined by the Spanning Tree Protocol (STP).
• STP is a protocol and algorithm, documented in IEEE 802.1D, for
dynamically "pruning" an arbitrary topology of connected Layer 2 switches
into a spanning tree.
• The topology that results spans the entire switched domain and is shaped
like a mathematical tree, with branches that spread out from a stem
without forming loops or polygons.
• The network designer physically connects switches in a meshed,
redundancy topology, but STP creates a logical tree with no redundancy.
• The spanning tree has one root bridge and a set of ports on other
switches that forward traffic toward the root bridge.
• The protocol dynamically selects switch ports to include in the spanning-
tree topology by determining the lowest-cost paths to the root bridge.
Switches follow four steps to converge the topology into a spanning tree:
1. The switches elect a single switch as the root bridge.
2. The switches elect a port on each switch (known as the root port) that
provides the lowest-cost path to the root bridge.
1. For each LAN segment, the switches elect a designated bridge and a
designated port on that switch. The designated port is a port on the LAN
segment that has the lowest-cost path to the root bridge. The designated
port forwards frames from the LAN segment toward the root bridge. (All
ports on the root bridge are designated ports.)
1. Finally, the switches determine which switch ports are to be included in the
spanning-tree topology. The ports selected are the root ports and
designated ports. These ports forward traffic. Other ports block traffic. Virtual LANs
• A campus network should be designed using small bandwidth and small
• A bandwidth domain is a set of devices that share bandwidth and compete
for access to the bandwidth.
• A traditional bus topology or hub-based Ethernet, for example, is a single
• A switch divides up bandwidth domains and is often used to connect each
device so that the network consists of many, extremely small bandwidth
• With switches, as opposed to hubs, the bandwidth domain consists of the
switch port and the device that connects it. If full-duplex transmission
mode is used, a bandwidth domain becomes even smaller and consists of
just the port or the device.
• A broadcast domain is a set of devices that can all hear each other's
broadcast frames. A broadcast frame is a frame that is sent to the MAC
• By default, switches do not divide broadcast domains. According to Cisco,
the building access module of the Enterprise Composite Network Model
should use switches and provide broadcast control, however to
accomplish this, virtual LANs are necessary.
• A virtual LAN (VLAN) is an emulation of a standard LAN that allows data
transfer to take place without the traditional physical restraints placed on a
• A VLAN is a set of LAN devices that belong to an administrative group.
Group membership is based on configuration parameters and
administrative policies rather than physical location.
• Members of a VLAN communicate with each other as