What is a Network Topology?
Network topology is the arrangement of the different network elements of a communication network, usually represented with a graph.
It is an application of graph theory where the different network devices are modeled as nodes and the connections between the devices are modeled as links or lines between the nodes.
There are two different types of network topologies:
- Physical network topology is the placement of the various components of a network. The different connectors represent the physical network cables, and the nodes represent the physical network devices (like switches).
- Logical network topology illustrates, at a higher level, how data flows within a network.
Usually, in LAN campus topologies, focusing at layer 2 (at the switching part), some kind of structured, multi-tier models are used to simplify the design and the network implementation.
But there are also layer 3 networks, generally used in WAN networks, but also in large local networks (for example using the leaf-spine model).
Discovering a Layer 3 Network Topology
In an IP-based network, there is a standard protocol that can be very useful for this purpose: Internet Control Message Protocol (ICMP). It can provide interesting information about your layer 3 networks.
Of course, that information is at a logical level considering also the level of abstraction provided by the network layer, but some data can be directly related to physical information, like the links connecting different nodes.
One common tool used to identify the different network hops is traceroute(tracerton Windows), although some implementations may use UDP packets instead of ICMP packets. With this tool, you can find the paths of a packet and discover the logical networks and routers.
On a single logical network, you can use a broadcast ping or specific IP scan tools, or ARP cache discovery (or other ways) to identify the different nodes in the same network. Because of the ways these tools interact with broadcast boundaries, they are only effective inside a single network.
But by querying the intermediate systems (the routers) you can grab more useful information, using different commands depending on how you manage the routing tables.
With static routing, it’s quite easy to display the configuration. Each router can show the route entries and the closest routers in those entries. However, most modern networks will use a routing protocol to exchange information.
With dynamic routing protocols (like OSPF or BGP) you can query the IP neighbors to identify the routers that are announcing or receiving the routing rules.
Discovering a Layer 2 Network Topology
For a layer 2 network, different protocols that can be used to discover the network topology:
- Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on a local area network based on IEEE 802 technology. This enables you to automatically discover and advertise the node neighbors.
- Cisco Discovery Protocols (CDP) is a proprietary data link layer protocol developed by Cisco, and it is used and supported by other network vendors.
These protocols can be used to identify who is connected to a specific network port by listen CDP or LLDP data, or also to announce that a device is connected to a specific port.
Most switches support one or both protocols, in some cases, one could be only in listen mode.
Also, Windows and Linux systems support LLDP, but on Windows there isn't a built-in tool that provides this information. Some tools can be used for this scope (like LLDP Agent). On Linux, lldptoolcan be used to query the neighbors.
Another more complex way is analyzing the MAC address table or each switch and or the spanning tree protocol (STP) packets to find where the MAC addresses are connected. Consider this a last resort, as the effort is often much more involved.
For physical link tests, some switches have also a specific command to test the cable and/or the transceiver status. In this case, a network card may provide this feature on client (or server) systems, but usually those data are quite poor and cannot replace professional network tester.
Discover a Virtual Network Topology
One common SMB use case is using some kind of hypervisor that can help figure out the complex network topology.
Each hypervisor adds at least a virtual switch used to bridge the VM networks to the physical networks.
Depending on the hypervisor there can be different solutions used to show the network topology.
For example, on VMware vSphere the virtual switches may support CDP and LLDP.
VMware standard virtual switch supports only CDP, both in listen and/or advertise mode. VMware distributed virtual switch supports both CDP and LLDP, but unfortunately, is included only in Enterprise Plus licenses (or VSAN or NSX licenses) that are generally out of the scope of SMB.
Discover a Wireless Network Topology
There are certain tools and protocols useful to build your network topology.
In most cases, those tools are used in the Wi-Fi networks to simplify the deployment and configuration.
For example, with AirWave 8.2.4, Aruba introduced a network topology feature, which is a layer 2 map of the wired network (https://blogs.arubanetworks.com/industries/airwave-8-2-4-new-topology-available/).
Some tools can also provide access point localization and signal coverage to maximize your Wi-Fi network efficiency.
Note that several smartphone apps can provide WiFi device/signal/channel discovery, but using those tools does not provide the same capabilities of specific vendor tools or professional tools used for wireless network deployment.
Network Topology vs. Network Flows
Finding network topology is only one aspect. It's useful to check that it is compliant with what was designed (think about an STP that may change the network topology to a non-optimal graph) or also to document an unknown network.
It's also important to discover how the network is used and which kind of traffic and communication happens inside.
Switches (and virtual switches) can be queried with different protocols to grab data on the raw packets or (better) to grab data on each network flow. This data can be analyzed to understand traffic.
In modern datacenters, most of the traffic could be east-west instead of north-south and your network topology could be suboptimal for those cases.
This a more complex topic that could be discussed in another post, because it's more relevant for large enterprises rather than SMB.
Network Discovery Tools
Different tools can automatically build a network topology map of a layer 2 and/or layer 3 network using some of the protocols discussed before.
Also, most monitoring tools using SNMP or other remote monitoring protocols can provide a network map.
Most are commercial tools, some featuring a free trial, and each network vendor can have its own set of tools.
For SMBs, you could also consider using any SaaS-based solution to keep your costs low.
Some cloud solutions are lightweight products stripped down to simplify usage. While simplicity is an important component of a cloud management service, business-grade solutions require more.
Aruba’s Cloud-managed networking portfolio is designed to deliver the confidence needed to support common operational tasks. Operations and assurance solutions include:
- Aruba Central: A unified cloud-based network operations and assurance platform
- Aruba SD-Branch: A simplified, secure SD-WAN and branch operations solution
- Aruba Device Insight: An intelligent, machine learning-based solution for device discovery, profiling, and visibility
For example, in Aruba Central, the topology map provides a graphical representation of the network layout, details of the devices deployed in a branch site, and the health of the links.
Each solution works individually and collectively to support Aruba’s full portfolio of indoor and outdoor APs, switches and branch gateways.
Read My Other Blogs