Good network diagrams aren’t hard to make, but I find them distressingly rare. Even network engineers with years of experience often make diagrams that are jumbled and hard to understand.
The important thing is to be clear in your own mind about what information you’re trying to convey. It’s better to draw several diagrams that show different aspects of the same network than to try to put everything on one sheet of paper.
It’s also a good idea to make a separate diagram for each network protocol layer. I usually start with a Layer 3 network diagram to show the routing and IP subnets. Then I make a Layer 2 diagram showing the switch connections, trunks, and LACP channels. After that comes a Layer 1 diagram showing physical layouts of the devices.
In more complicated networks, I also do diagrams showing traffic flows, routing protocol distribution mechanisms, VPNs, and other important aspects of the network design.
It’s important to draw each of these as separate pictures because they show different things. Combining them only confuses the information and makes the drawing harder to understand.
Drawing Layer 3 diagrams
I always start with Layer 3 diagrams, which show the IP subnets and all Layer 3 network devices like routers, firewalls, and load balancers. The Layer 3 diagram must show all of the important network segments and subnets and how they’re interconnected.
Layout is important. I like to show the layout so that it represents the flow of traffic in a broad sense. For example, if I have a bunch of servers being accessed by a group of users, I’ll try to put the user network segments on one side of the picture and the servers on the other side.
Similarly, if I want to show how a LAN connects to external networks like the Internet, I group the external networks all on one side or at the top of the picture.
Or, if the point of the picture is to show a WAN with a large number of remote offices connecting to the same network, I’d probably show the connecting WAN in the middle of the picture and the various remote sites around the edge of the page.
Another layout consideration is to always draw your network segments either horizontally or vertically. About the only time I use a combination of vertical and horizontal is when I want to show a fundamental difference between the functions of the segments.
For example, I might draw all of my workstation and server segments horizontally, but then draw a special common network management segment vertically down one side of the page. This makes it immediately obvious that the management segment is special.
The Layer 3 diagram should show any high availability mechanisms and redundant network components or redundant paths. It’s customary to show router redundancy protocols as an elongated ellipse that covers the router links included in the high availability group.
The other important thing about Layer 3 diagrams is that they should only include Layer 3 objects. I don’t want to see switches in a Layer 3 diagram, for example. I don’t want to see any kind of indication of trunk links on a Layer 3 diagram either.
You can show a switch on a Layer 3 diagram only if it’s a Layer 3 switch, and then only because it functions as a router. Including Layer 2 objects like a switch in a Layer 3 diagram is confusing, particularly in more complicated pictures.
Another useful thing to put into a Layer 3 diagram is organizational boxes. If there are security zones or interesting groupings of users by function or servers by application, put them together on the picture, put a box around them, and label the box clearly. It’s then easy to see the exact network path those users take to reach their servers.
In more complicated network designs, I often use a base Layer 3 diagram showing the VLANs, routers, and firewalls. Then I create several other diagrams to lay over the base diagram. I might have an overlay diagram showing the routing protocol design, another one showing VPNs, and still another showing key application data flows, if that’s an important consideration.
Drawing Layer 2 diagrams
Layer 2 diagrams show Layer 2 objects like switches and trunks. They include critical information like which VLANs are included in which trunks, and they show spanning tree parameters like bridge priorities and port costs. In many cases, this is too much information to show easily, so I generally use callout boxes to hold some of the information.
Unlike Layer 3 pictures, Layer 2 diagrams don’t need to be laid out in any special way. The most important thing is to keep the picture clear.
If two devices are intended to provide redundancy for one another, then their positions on the page should be related. They should either be located beside one another or in parallel locations on opposite sides of the picture.
If there are different link speeds, they should be indicated in the diagram. I usually show link speed with the thickness of my diagram’s connecting lines. The faster the link, the thicker the line.
Sometimes I also use color to indicate special properties of different physical links. For example, I might make fiber optic cables red and copper cables blue. (Technically the cable type is Layer 1 information, but because it doesn’t tend to cause confusion in the picture, it’s alright to include it in your Layer 2 diagram.)
Drawing Layer 1 diagrams
I usually use Layer 1 diagrams to show physical connections between devices, but they’re also useful for showing cabinet layouts.
Layer 1 diagrams should show port numbers and indicate cable types. In a network that includes many different types of cables, such as fiber optic cables, Category 5 / 6 / 7 copper cabling, and so forth, it’s useful to give each cable type a different color.
If there are patch panels, particularly if you want to document how patch panel ports map to device locations and switch port numbers, this information belongs on the Layer 1 diagram.
And if there are different link speeds, you might want to give them different line weights, as described previously for Layer 2 diagrams.
Another type of diagram that’s often useful in data center designs is a cabinet layout. It’s a diagram that shows exactly what you would see when looking at the front (and sometimes also the back) of the cabinet. A cabinet layout is helpful when you need to tell a remote technician how to find a certain piece of equipment.
Excerpted from The No Sweat Guide to Network Topology. For more tips on building and documenting your network topology, download the free ebook.