Network topology

introductiontonetworking

Network topology is the physical or logical layout of a network. It impacts performance, reliability, scalability, and security.

There are a few different kind of networks:

Local Area Network (LAN) ðŸĄ: a network established within a limited area, such as your home, or a building. Devices are usually connected using Ethernet or WI-FI.

Wide Area Network (WAN) 🌍: a network made of multiple LAN networks. What we refer to the Internet is the largest WAN network.

Virtual Local Area Network (VLAN) ðŸŽŪ: a network of devices within a LAN, that are isolated from others devices. This segmentation is usually done to improve security and performances.

➡ïļ See also: MAN, SAN, CAN, GAN, and PAN.

Networking devices

Networking devices are interconnected by cables.

Layer 7: Application Layer (data) 🧑

Layer 6: Presentation Layer (data) 🔒

  • N/A

Layer 5: Session Layer (data) ðŸ“ķ

  • N/A

Layer 4: Transport Layer (segment/datagram) ðŸ“Ŧ

Layer 3: Network Layer (packets) 🌍

Layer 2: Data Link Layer (frames) ðŸ”Ē

Layer 1: Physical Layer (stream) 💚


➡ïļ Note that some devices may operate at multiple layers.

Physical network topology

introtolan introductiontonetworking

Star Topology âœĻ

All devices are only connected to a central networking device (hub or switch), forming a star. It's simple to set up, but require many cables. A problem in the central device will impact the whole network.

Bus Topology 🚌

All devices are connected to a single "backbone" cable also called "bus". If a lot of packets are sent at the same time, the cable most likely be saturated. It's simple and rather cheap to set in place.

Point to Point Topology ðŸĪ

Two devices are directly connected to each other. It's limited to two devices, and may be expensive, but is used when there is a need for high-speed and secure communication between two devices.

Ring Topology 💍

Each device is connected to another one, forming a loop. Packets are only moving in one direction, meaning that sometimes packets will do a whole loop before reaching their target, which is not efficient, but it also means that there is no collision. If a computer/cable is faulty, then the loop is broken.

➡ïļ See the "Token ring" protocol.

Mesh Topology ðŸĶī

Each device is connected to every other. It's efficient, and resilient, but costly and hard to maintain.

➡ïļ See also the partially-meshed topology.

Hybrid Topology ðŸĪ–

Combine two or more network topologies according to the need. It can be harder to maintain, but more appropriate for the company.

Logical network topology

Peer-to-Peer Topology (P2P)

All network devices communicate with each other, without a centralized server (decentralized). It's easy to set up, but not much scalable, as it may become hard to maintain.

➡ïļ It's sometimes called "Point to Point", by mistake.

Client-Server Topology

Some network devices act as servers, and others as clients. It's the common approach, as client will request file servers/... for resources. It's harder to set up, but easier to maintain.

Network segmentation

Network segmentation is the process of dividing a large network into smaller networks, isolated from each other.

It can be done for multiple reasons, such as increasing performances, security, or to make it easier to manage a group of machines.

Subnetting

introtolan introductiontonetworking

This is a technique to segment a network. We divide a large network into smaller subnetworks. Each subnet has its own address and can be managed separately.

  • each subnet will have its own netmask, and broadcast mask (the -2)
  • each subnet will have $2^{32-n} - 2$ addresses ($n$ fixed bits)
Example ðŸ”Ĩ: divide $172.16.254.0/23$ in 2 subnets
  • Fix $n$ bits: $2^{1} \ge 2$ giving us $n=1$
  • Ensure we have enough bits: $23 + 1 \lt 32$ ✅
  • Each network will have $2^{(32−(23+1))}−2 = 254$ IP addresses
  • $172.16.254.0/23$ will be split in
    • $172.16.254.0/24$ (the 24th bit is 0)
    • $172.16.255.0/24$ (the 24th bit is 1)

The method is something like that:

  • Given $k$ the number of subnets
  • Given $N$ fixed bits
  • Find the lowest $n$ solving $2^n \ge k$
  • If $N + n \lt 32$, then you can't have $k$ subnets
  • Each network will have $2^{(32−(N+n)}−2$ IP addresses

Each network is made by permutations of the newly added $n$ bits.

Topology design 🗚ïļ

Plan the scalability

  • bandwidth requirements
  • network capacity
  • number of devices

And select an appropriate topology.

To keep in mind

  • performance
  • fault tolerance/availability
  • monitoring and logging
  • backups and updates

Security

  • Network Segmentation
  • Access control (the least privilege...)
  • Firewalls
  • Zoning and DMZ, VLANs and VPNs
  • Password policy and MFA
  • IDS/IPS/SIEM
  • Data Loss Prevention system (DLP)
  • Antispam server
  • Physical measures

Network devices features

High Availability (HA)

It's a feature available in many network devices. We design the network to avoid single point of failure, for instance, using hardware redundancy, so that if a device fails, another one can take over without causing disruption to network traffic.

Traffic mirroring/spanning

This feature is available on many network switches. It allows us to duplicate the incoming and ongoing traffic to a monitored device such as a network analyzer or an IDS.

ðŸ‘ŧ To-do ðŸ‘ŧ

Stuff that I found, but never read/used yet.

Topologies

  • Tree network topology
  • Daisy Chain topology
  • Software-Defined Networking (SDN)
  • Virtual Network Functions (VNFs)
  • Request-response
  • HSM device
  • Network taps
    • copy network traffic and dispatch it to multiple devices

Devices

Random

  • Port-forwarding
  • VLAN on HTB/IntroNetworking/1878