What is a network topology?
A network topology is simply how a network is designed. Different use cases and different organisations will require a topology that provides the best resilience and availability, performance and security. The topology consists of nodes (such as routers, switches, firewalls etc) to facilitate the transmission of traffic across the chosen media. There are two classes of topologies, the physical and the logical. The physical topology is how the nodes are linked together using cabling/radio/optical transmission media. Whereas the logical topology is how the data is forwarded across the network. We will explore some of the most common network topologies found in the real world below.
​
Network Topologies (Basic Overview)
Looking at the below diagrams, these are some of the most common high-level logical topologies that you may come across. Please note however that some designs are now very rarely found unless in old infrastructure. See below quick explanations for each:
3-tier
The three-tier topology consists of three layers. The core layer, distribution layer and access layer. See below:
Now we have an idea of what each layer is responsible for, lets look at an example 3-tiered network design below for two office buildings within the same business. Different departments are on different subnets, so how can we design a network to allow EU devices to reach not only users within different subnets, but also the users at the different site? Note that the core layer will allow for connectivity to the wider internet or any servers that the business may use in a datacentre.
What are some of the benefits of a 3-tiered topology:
​
-
Scalable, allowing for sites to be added and removed as required
-
Top-down management of the network, providing management of access or distribution layer nodes from the core
-
Resilient connectivity
What are some of the downsides of a 3-tiered topology:
​
-
Larger node footprint meaning more devices to manage if not using a centralised management platform
-
Not as cost-efficient due to the number of links required for a fully resilient network
2-tier
A 2-tier network takes a similar approach to the multi-layered design of a 3-tiered network, however it combines the core and distribution layers into a single layer. This is called the collapsed core layer. The key reason behind using a 2-tier network is due to the network design or organisation being less complex, and increasing cost efficiency. If the organisation does not have a large number of sites, or even just the one location, having a separate core layer becomes an unnecessary expense.
Below outlines a typical network design of a 2-tier architecture.
What are some of the benefits of a 2-tiered topology:
-
Much cheaper as less nodes are required
-
Simpler, less complex design
-
Resilient connectivity
What are some of the downsides of a 2-tiered topology:
-
Not as scalable as a 3-tiered design, if another location is to be added there is a larger administrative overhead
​
WAN
A WAN (Wide Area Network) can be used to define the internet, or the network between an organisations sites. A WAN allows for geographically separated LANs to be connected together. There are a number of protocols that allows for transmission across the wide area network, and service providers typically use protocols like PPP (Point-to-Point Protocol) to allow customers to access the provider network.
See below simplified diagram which shows how the edge between a LAN and a WAN is defined:
On the WAN side of the routers, the interfaces will typically have a publicly routed IP address, allowing connectivity into the wider internet. On the LAN side you will usually see a private addressing scheme for devices to connect to the network.
Leased Line
Customers who require dedicated, unshared physical circuits to one or more sites. The service provider will rent out these circuits (usually fibre optic) and can offer customers a guaranteed speed alongside matching download/upload bandwidth. Leased Lines will encapsulate traffic in HLDC (High-Level Data Link Control) or PPP (Point-to-Point) protocols to segregate customer traffic on the provider network when serial/copper media are used.
Serial leased lines are being replaced by fibre optics using Ethernet WAN technologies such as Metro-Ethernet.
Hub and Spoke
A hub and spoke topology is not dissimilar to a star topology, where sites use leased lines to connect back to a central point. In most hub and spoke networks, an ISP is used to connect to the hubs and spokes respectively. Typically hub and spoke networks allow internet facing traffic straight out to the internet from the spoke routers, however any internal traffic will transit over IPSec VPNs between the hub and other spokes.
Example below:
Redundancy
There are a number of ways to ensure high uptimes for an organisation, and we can increase the reliability of the network by using more than one ISP or circuit. Of course the more redundancy in place, the higher the cost and administration required.
Spine-leaf
This topology is found most commonly in datacentres. Due to the requirement of highly scalable and resilient connectivity, ensuring that each server has multiple paths (and easy access) to the network is key. For the purpose of this explanation, we will focus on a datacentre implementation of the spine-leaf design. Let's start with a diagram.
Working our way from top to bottom, in the red bar we have the spine layer. This will comprise of a number of multi-layer switches which facilitate routing of traffic between the ToR (Top of Rack) switches and the wider network. The ToR switches themselves are typically L2 capable only, however in complex environments point to point links can be used to allow routing to take place between the spine and leaf layers. The racks themselves contain a number of physical servers, in this case there are no virtual machines. The servers are normally found to have redundant connections to the ToR switch.
Let's say that SERVER 5 of RACK 4 wants to send traffic to SERVER 3 of RACK 1:
-
Traffic will egress out of one of the two network ports on the physical host from SERVER 5 (RACK 4)
-
Traffic will reach ToR S4 and be forwarded to a spine layer switch
-
The spine layer switch will forward the frame to ToR S1
-
SERVER 3 (RACK 1) will receive and de-encapsulate the traffic
There are protocols that allow servers to sit on the same subnet across different racks. An example is VxLAN (Virtual eXtensible Local Area Network), which stretches layer 2 protocols across the routed ports of the spine layer. VxLAN tunnels are established between ToR switches, with each end of the tunnel being called a VTEP (Virtual Tunnel EndPoint). The VLAN ID of the port is mapped to the VNI (VxLAN Network Identifier). This allows broadcast packets such as ARP to be forwarded across the tunnel to the other VTEPs to reach to allow the source device to learn the MAC of the destination device. A VNI tag is added to allow the required VTEP to receive the frame.
Small office/home office (SOHO)
Small offices or home environments typically need a much simpler network design compared to an enterprise network. Usually, multiple roles of the networking devices seen are bundled into one appliance. The provides DHCP, routing, LAN switching and wireless access for all devices to reach the internet/local resources. Below is a diagram depicting a very simple network, with 5 devices connected to the router using both Ethernet wired and wireless technology. These routers are plug and play, and require little setup from the user. Of course, dependant on the business requirements additional devices may be required such as wireless access points, switches and dual-router solutions etc.
On-premise and cloud
Firstly, lets explain what we mean by On-Premise and Cloud. On-Premise is infrastructure hosted privately by the organisation, such as file stores, or DNS servers. Cloud on the other hand, denotes "as-a-service" hosting. For example, using DNS in the cloud as a service means less management and operational overheard for the organisation. Datacentres typically follow the spine and leaf design, using ToR switches within each rack to provide resilient and scalable connectivity. Please see the Spine and Leaf architecture diagram for a view into how datacentres are connected. EoR (End of Rack) switches may be used in place of ToR switches to allow servers to connect to switchports at the END of a row of racks.
There are different levels of as-a-service cloud products, for example:
​
-
IaaS: Infrastructure as a Service
-
PaaS: Platform as a Service
-
SaaS: Software as a Service
There are some further cloud models you need to be aware of:
-
Hybrid - A mix of On-Premise infrastructure and cloud
-
Private Cloud - An organisation rents space from a hosting provider that no other customer can access (typically at the physical level)
-
Public Cloud - Offerings from Microsoft Azure, AWS and Google Cloud provide access to shared infrastructure.