Chapter 2
The Characteristics of Network Topology Architectures
This chapter ensures that you are ready for questions related to these topics in the Network Fundamentals section of the CCNA 200-301 exam blueprint from Cisco Systems. Remember that this is just a portion of the Network Fundamentals section. The other chapters in Part I, “Network Fundamentals,” also provide information pertinent to the Network Fundamentals section.
This chapter covers the following essential terms and components:
▸ Three-tier network designs
▸ Collapsed core network designs
▸ 2-tier spine-leaf topologies
▸ Network topologies
▸ WANs
▸ SOHOs
▸ Point-to-point topologies
▸ Full-mesh topologies
▸ Hub-and-spoke topologies
▸ Single-homed topologies
▸ Dual-homed topologies
▸ Cloud resources
▸ On-premises resources
Topic: 2-tier architectures and 2-tier spine-leaf
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What are the three tiers of the classic hierarchical Cisco network design?
_________
_________
_________
2. What layer of the classic hierarchical Cisco network design is typically eliminated in a collapsed 2-tier design?
_________
3. What new network architecture is often found in a data center with Cisco’s celebrated SDN solution?
_________
For years, Cisco has suggested that we break up our networks into easy-to-understand and easy-to-manage layers or tiers (not to be confused with OSI or TCP/IP model layers). The classic three-layer model consists of the following:
▸ Access layer: This layer provides workgroup/user access to the network; as a result, this layer is sometimes called the workstation layer.
▸ Distribution layer: The layer provides policy-based connectivity and controls the boundary between the access and core layers; it is also sometimes referred to as the aggregation layer.
▸ Core layer: This layer provides fast transport between distribution switches within the enterprise campus; it is sometimes called the backbone layer.
ExamAlert
You should be aware of particular functions that most often occur at different layers. Here are some examples:
The access layer:
▸ Layer 2 switching
▸ Spanning tree
▸ Power over Ethernet (PoE) and auxiliary VLANs for VoIP
▸ QoS classification and marking and trust boundaries
▸ Port security
▸ Address Resolution Protocol (ARP) inspection
▸ Virtual LAN access control lists (VACLs)
The distribution layer:
▸ Aggregation of LAN or WAN links
▸ Policy-based security in the form of access control lists (ACLs) and filtering
▸ Routing services between LANs and VLANs and between routing domains
▸ Redundancy and load balancing
▸ A boundary for route aggregation and summarization configured on interfaces toward the core layer
▸ Broadcast domain boundary
The core layer:
▸ High-speed transport
▸ Reliability and fault tolerance
If you are in charge of a small, simple network right now, you might be thinking, “Really??? You expect me to buy all of this equipment to make all of that happen inlayers?” This is where the 2-tier collapsed core design might come in.
ExamAlert
The collapsed core (2-tier) design takes the functions of the distribution layer and moves them (or collapses them) into the core layer. So you can dramatically simplify a network by using a core layer and an access layer only. Keep in mind that this also might be done in larger networks, especially when the core/distribution equipment is so sophisticated, it provides the required throughput while at the same time performing all the distribution layer functions.
The 2-Tier Spine-Leaf
Yes, there is a new network topology architecture in town, and it means business! The 2-tier spine-leaf is now a widely recommended data center design that is not necessarily applicable in the enterprise campus. In fact, it is the shining star in the Cisco software-defined networking (SDN) solution called Cisco ACI (Application Centric Infrastructure). Figure 2.1 shows this new spine-leaf topology as it looks with Cisco ACI.
Figure 2.1 The 2-Tier Spine-Leaf Topology
Notice that with this topology, each leaf device is connected to every spine device in a full mesh. The spine is considered the backbone (how appropriate), or the core of the network. Notice how critical the spine is in a 2-tier spine-leaf topology. It is the glue that enables communications between leaf devices. If one leaf needs to send traffic to another leaf (and they almost always do), it must send the traffic through the spine—unless, of course, the leaf device is sending traffic to a device that is connected to that very leaf device.
How could such a simple topology be featured with some of Cisco’s most advanced technologies? This simple topology presents many advantages, including the following:
▸ Network design that is as simple as possible while meeting business requirements
▸ Simpler, deterministic load balancing between core devices
▸ Low latency
▸ Simple scalability through the addition of spine devices
▸ Support for overlay networks to add a virtualization layer(s)
CramQuiz
1. At what layer of the Cisco network model might you expect to find port security?
A. Distribution
B. Internet
C. Access
D. Core
2. At what layer of the Cisco network model is speed most important?
A. Distribution
B. Internet
C. Access
D. Core
3. Which statement about leaf devices in the 2-tier spine-leaf architecture is true?
A. Each leaf device connects to every spine device.
B. Each leaf device connects to exactly one spine device.
C. Each leaf device connects to exactly two spine devices.
D. Each leaf device must connect to every other leaf device directly.
CramQuiz Answers
1. C is correct. The access layer is where we find mechanisms such as port security, QoS classification and marking, and Power over Ethernet, to name just a few.
2. D is correct. The core layer is where speed is of critical importance. In fact, speed is so important at this layer that it is why we often move functions such as QoS and security out of the core layer.
3. A is correct. Each leaf in the spine-leaf topology connects to each of the spine devices, forming a full mesh between the spines and leafs.
Topic: WANs and SOHOs
CramSaver
1. What WAN topology involves two devices on the link?
_________
2. What topology is often used in connecting a headquarters and many branch offices?
_________
3. What technology forms a MAN using Ethernet?
_________
4. What Cisco technology permits the dynamic creation of hub-to-spoke and even spoke-to-spoke tunnels?
_________
WANs
It is great if you have an awesome network built in your small office/home office (SOHO). But unfortunately today, more than ever, many (if not most) of the resources you are going to want to access are in the cloud (Internet). This makes the wide-area network (WAN) more important than ever before. A WAN provides connectivity outside your local LAN when you need to reach resources on the Internet or another office location that is not local to you.
There are many possible WAN topologies. Let’s quickly review the most popular of them:
▸ Point-to-point: This simple WAN topology connects two devices over a single connection.
▸ Hub-and-spoke: This WAN topology features a central hub device (typically at a network HQ, for example) that makes WAN connections out to branch offices (the spokes).
▸ Full mesh: This WAN topology is the most expensive and complex to maintain because it has all devices making connections to all other devices. Although a full mesh can be complex and expensive, it provides excellent redundancy of WAN paths through the network.
▸ Single homed and dual homed: A single-homed WAN topology makes a connection to a single ISP, and a multi-homed WAN makes connections to multiple ISPs. A dual-homed configuration is very powerful because if one ISP completely fails to be able to route traffic for the customer, the customer can dynamically fail over to the surviving ISP.
Today, customers have more technological options than ever before for client connectivity to the WAN. Here is a review of the options you should know for the CCNA 200-301 exam:
▸ MPLS: Multiprotocol Label Switching is a data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses. This provides many advantages, including the elimination of complex lookups in a routing table. The labels identify virtual links (paths) between remote nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence the “Multiprotocol” part of its name. MPLS supports a range of access technologies, including Ethernet, T1/E1, ATM, and DSL. Most (if not all) ISPs run MPLS internally.
▸ Metro Ethernet: A Metro Ethernet network is a metropolitan-area network (MAN) that is based on Ethernet standards. Such a network is commonly used to connect subscribers to a larger service network or the Internet. Businesses can also use Metro Ethernet to connect their own offices to each other. An Ethernet interface is much cheaper than a synchronous digital hierarchy (SONET/SDH) or plesiochronous digital hierarchy (PDH) interface of the same bandwidth. Another distinct advantage of an Ethernet-based access network is that it can be easily connected to the customer network due to the prevalent use of Ethernet in corporate and residential networks. Metro Ethernet service is typically implemented by ISPs using MPLS.
▸ Broadband PPPoE: Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL, as a solution for tunneling packets over a DSL connection to an ISP’s IP network and from there to the rest of the Internet. Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via PAP and less often via CHAP.
▸ Internet VPN (DMVPN, site-to-site VPN, client VPN): Dynamic Multipoint VPN (DMVPN) is a Cisco invention for creating hub-and-spoke topologies with ease, including the dynamic creation of spoke-to-spoke tunnels in order to reduce the burdens on busy HQ (hub) devices. In the context of DMVPN, dynamic refers to VPN tunnels being established whenever required and torn down when they are not required. Site-to-site VPNs permit the creation of VPN links between locations that client devices can use to send protected data over an untrusted network (such as the Internet). Finally, client VPN software can be used to permit remote access to corporate resources. The client VPN software can be a standalone complex client app, or it can be as simple as a web browser.
SOHOs
Many of us today (I certainly do), work in SOHO environments. In fact, these networks are often filled with technology that used to be so sophisticated that it was used only in data centers. For example, my SOHO features a fiber-optic connection into my home for high-speed WAN connectivity, and it features a 10 Gbps LAN network for ultra-high speed locally. Typical SOHOs contain routers, switches, access points, firewalls, and wired and wireless endpoints.
As mentioned earlier, however, as great as a SOHO is, we are all the time needing access to more and more resources that are not within the confines of the SOHO.
CramQuiz
1. What topology requires the highest costs and administrative overhead?
A. Full-mesh topology
B. Hub-and-spoke topology
C. Point-to-point topology
D. Single-homed topology
2. If your WAN client actually makes connections to two separate ISPs, what kind of topology is this?
A. Single-homed topology
B. Dual-homed topology
C. Point-to-point topology
D. Full-mesh topology
3. What technology uses simple labels instead of complex routing tables for the forwarding of traffic?
A. Broadband PPPoE
B. Client VPN
C. Metro Ethernet
D. MPLS
4. What technology might use a web browser to form a secure VPN connection?
A. Broadband PPPoE
B. Client or SSL VPN
C. Metro Ethernet
D. MPLS
CramQuiz Answers
1. A is correct. The full-mesh topology involves the highest cost due to the very large number of links and node interfaces required.
2. B is correct. Making a WAN connection to different providers requires a dual-homed topology.
3. D is correct. MPLS uses labels to forward traffic.
4. B is correct. A client SSL VPN might come in the form of a web browser.
Topic: On-premises and cloud
CramSaver
1. Name at least three characteristics of cloud computing IT services.
_________
_________
_________
2. What cloud model is often used to help enterprises to develop and deploy software applications?
_________
3. What kind of cloud computing organization connects to multiple cloud providers and multiple customers and creates a private network as a service?
On-Premises
All the IT resources (computing, storage, network) at your SOHO or enterprise network are referred to as on-premises (or on-prem) resources.
Many organizations are eager to take advantage of the many benefits of cloud technology, and more and more tools are being developed to help migrate and/or sync on-premises IT solutions with the cloud. Amazon Web Services (AWS) DataSync and the AWS Database Migration Service are just two that come to mind.
Cloud
Cloud services are incredibly popular today. From companies relying on Dropbox Business and Gmail to enterprises building their own cloud services, it seems that everyone wants to adopt some aspect of IT as a cloud service. What does it mean for IT services to really be considered cloud technology? Here is an important list of criteria:
▸ These services can be requested on demand from clients by using an API.
▸ The services offer dynamic scaling (often referred to as elasticity).
▸ These services rely on resource pooling in the data center.
▸ These services provide a wide variety of network access options.
▸ The use of these services can be easily measured; customers can be billed for usage according to agreements with the cloud provider. (Google Cloud Platform’s Compute Engine, for example, has a per-second billing model.)
Some larger enterprises develop their own cloud services in their own privately controlled data centers. Such a setup is known as a private cloud. In contrast, a public cloud service is one that is external to the organization. Public cloud providers (such as Google with Gmail) offer cloud services to many private enterprises and persons all over the globe.
Today, an increasing number of enterprises are using a hybrid cloud approach, in which an organization relies on private clouds for some resources and public clouds for other IT services.
Cloud technologies have given rise to the virtual service model. Here are some important examples of cloud technology as a service terms you should commit to memory:
▸ Infrastructure as a Service (IaaS): With IaaS, the cloud provider makes available to the customer the hardware, software, servers, storage, and other infrastructure components; IaaS providers can also host clients’ applications and handle tasks such as system maintenance, backup, and resiliency planning. Amazon Web Services (AWS) is one of the pioneers in the IaaS cloud space.
▸ Software as a Service (SaaS): With SaaS, the cloud provider makes powerful software available to clients. A prime example of SaaS is Gmail, through which Google provides rich email services to worldwide clients.
▸ Platform as a Service (PaaS): With PaaS, the cloud provider makes virtual machines (VMs) available to clients so that they can develop software applications in a test environment; it is typical for a PaaS provider to also make available software development tools as part of the platform. An example of PaaS is an AWS Drupal instance.
▸ X as a Service (XaaS): These days, it seems like anything and everything is being offered “as a service,” and that is exactly what XaaS (or EaaS) refers to: any aspect of IT that is delivered through the cloud model.
This list is not definitive, and there is a continuum of XaaS offerings, blurring any delineations between the above definitions, with each cloud vendor defining these terms loosely and differently.
Just as there are many virtual service offerings, there are many ways clients can connect. Remember that an aspect of cloud technologies is to enable many different network access options.
For public cloud services, most people immediately think of the Internet as the connection path. This certainly provides ease of use, convenience, and reduced costs. Unfortunately, it does come with disadvantages such as security concerns as well as quality of service issues. Virtual private network (VPN) technologies can address most security concerns, and this represents another pathing option.
Some organization might so heavily rely on cloud services that they purchase private WAN connections to these services. This permits much greater security and control, but it tends to come with higher costs. Intercloud exchanges have appeared to make these private WAN connections more affordable and flexible. Intercloud exchanges connect to multiple public cloud providers via dedicated high-speed links and make it simple for their end users to pay for only a single private connection to the exchange and then allow users to switch between the various public clouds to which the exchange is connected.
Virtual network services are becoming more and more common in making cloud-based data centers a reality. Just as the virtual machine (VM) revolutionized the computer industry, so has virtual networking changed traditional networking. More and more functions of the network are moving to virtual implementations, including the functions of the following:
▸ Firewalls
▸ Routers
▸ Switches
▸ DNS services
Virtualization of network services leads to more flexibility and more cloud-like scaling possibilities for a data center. Of course, this also leads to more programmability.
CramQuiz
1. Which of the following is not a common characteristic of cloud services?
A. On demand
B. Dynamic scaling
C. Auto-administration
D. Resource pooling
2. Gmail is an example of what type of as a service model?
A. TaaS
B. SaaS
C. IaaS
D. PaaS
3. You have several application solutions and many terabytes of data in your local enterprise. What is the term for this location of technology?
A. On-premises
B. Legacy stored
C. Data laked
D. Cloud bursted
CramQuiz Answers
1. C is correct. Auto-administration is not one of the five common characteristics of cloud services.
2. B is correct. Gmail is a prime example of Software as a Service.
3. A is correct. In the world that is now dominated by cloud technology, our local resources are now referred to as on-premises.
Review Questions
1. What pathing option for public cloud provides the most security and control for an organization?
A. Private WAN
B. Internet access
C. Internet access with VPN
D. Cisco Cloud Connect
2. In what layer of a 2-tier architecture is speed most important?
A. The workstation layer
B. The access layer
C. The backbone layer
D. The distribution layer
3. If you are using Cisco ACI in your data center and notice that you are starting to run out of overall bandwidth and capacity, what is often the solution to provide the required scalability?
A. Upgrade to 1 Gbps links
B. Add access devices
C. Add spine devices
D. Add leaf devices
4. Which WAN topology is often the most expensive and difficult to maintain?
A. Hub-and-spoke topology
B. Full-mesh topology
C. Point-to-point topology
D. Single-homed topology
5. A major reason that many companies are excited about moving to the cloud is that they gain the ability to dynamically resize resources based on demand. What is the term for this ability?
A. Elasticity
B. Cloud-bursting
C. Scalability
D. Immutability
Answers to Review Questions
1. A is correct. The private WAN option provides the most control and security, but it often comes with a much higher cost.
2. C is correct. In the backbone layer (also termed the spine or core) of the network architecture, speed is absolutely critical.
3. C is correct. The 2-tier spine-leaf topology of Cisco ACI is very easily scaled. You simply need to add devices to the spine of the infrastructure.
4. B is correct. While a full-mesh WAN topology is excellent for redundancy, throughput, and high availability, it can be very costly and difficult to operate and maintain.
5. A is correct. Elasticity refers to a cloud-provided ability to use features such as auto-scaling to dynamically reduce and expand resources as needed based on demand. Note that scalability refers to simply growing the architecture as needed. It does not refer to dynamically reducing the size of the architecture.
Additional Resources
Data Center Spine-Leaf Topologies
https://www.ajsnetworking.com/data-center-spine-leaf-topologies
What Does “Cloud” Really Mean?
https://www.ajsnetworking.com/what-does-cloud-really-mean
Cloud XaaS offerings and definitions
https://aws.amazon.com/types-of-cloud-computing/
https://cloud.google.com/docs/overview/cloud-platform-services