What is network topology?
Network topology is usually represented by a line and object drawing that reflects the overall physical and logical topology.
There are two different types of network topologies:
- Physical network topology is the placement of various components of a network. The different connectors represent the physical network cables, and the nodes represent the physical network devices (like switches).
- Logical network topology illustrates, at a higher level, how data flows within a network.
Network discovery tools
Different tools can automatically build a network topology map of a layer 2 and/or layer 3 network. Also, most monitoring tools that use SNMP or other remote monitoring protocols can provide a network map.
Discover a layer 2 network topology
For layer 2 networks, you can use different protocols to discover the network topology. Some vendors have more esoteric proprietary protocols or network discovery mechanisms (such as network broadcasts, etc.), but the most popular protocols are:
- Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on a local area network based on IEEE 802 technology. This enables you to automatically discover and advertise the node neighbors.
- Cisco Discovery Protocols (CDP) is a proprietary data link layer protocol developed by Cisco, and it is used and supported by other network vendors.
These protocols can be used to identify who, or what, is connected to a specific network port by listening to the LLDP or CDP messages, or also to announce that a device is connected to a specific port. Most switches support one or both protocols.
Another more complex way is to analyze the MAC address table of each switch, and/or the spanning tree protocol packets, to find where the MAC addresses are connected. Because of the effort involved, this method is usually the last resort.
Discover a layer 3 network topology
In an IP-based network, Internet Control Message Protocol (ICMP) is the standard discovery protocol.
One common tool used to identify the different network hops is traceroute (tracert on windows), although some implementations might use UDP packets instead of ICMP packets. With this protocol, you can find the paths of a packet and discover the logical networks and routers.
On a single logical network, you can use a broadcast ping, specific IP scanning tools, or ARP cache discovery (among other similar tools) to identify the different nodes in the same network. Because of how these tools interact with broadcast boundaries, they are only effective inside a single network.
With static routing, it’s quite easy to display the configuration. Each router can show the route entries and the closest routers in those entries. However, most modern networks use a routing protocol to exchange information.
With dynamic routing protocols (like OSPF or BGP), you can query the IP neighbors to identify routers that are announcing or receiving the routing rules.
Discover a virtual network topology
You can use a hypervisor to help figure out the complex network topology. Each hypervisor adds at least one virtual switch used to bridge the VM networks to the physical networks.
Depending on the hypervisor, different solutions are used to show the network topology. For example, with VMWare vSphere, the virtual switches can support CDP and LLDP.
With VMWare standard and ESXi, the virtual switch supports only CDP, in listen and/or advertise mode. VMware distributed virtual switch supports both CDP and LLDP, but unfortunately, is included only in Enterprise Plus licenses (or VSAN or NSX licenses) that are generally out of the scope of SMB.
Discover a wireless network topology
In most cases, tools are used in the Wi-Fi networks to simplify deployment and configuration. For example, with AirWave 8.2.4, Aruba introduced a network topology feature, which is a layer 2 map of the wired network. Some tools can also provide access point localization and signal coverage maps to maximize Wi-Fi network efficiency.
Several smartphone apps can provide the Wi-Fi device names and SSIDs, signal level, and channels used, but using these tools does not provide the same capabilities or professional tools used for wireless network deployment.
Network topology vs. network flows
It’s useful to check that your network topology complies to what it was designed for, and to document any unknown networks or unknown network changes, when they were made, by whom, etc.
To better understand your network topology and network flow, make sure you:
- Discover how the network is used and which kinds of traffic and communication protocols happen inside.
Analyze data to understand traffic. Switches (and virtual switches) can be queried with different protocols to grab the data on raw packets, or in some cases, to grab the data on each network flow.
In modern data centers, most of the traffic could be east-west instead of north-south, and your network topology could be suboptimal for those cases.