How to create clear logical (L3) network diagrams

The biggest problem that I encounter when working with enterprise networks is the lack of clear and understandable network logic. In most cases, I encounter situations where the customer cannot provide any logic circuits or diagrams. Network diagrams (hereinafter L3-diagrams) are extremely important when solving problems or planning changes in the enterprise network. Logic schemes are in many cases more valuable than physical connections. Sometimes I come across "logical-physical-hybrid" schemes that are almost useless. If you do not know the logical topology of your network, you are blind. As a rule, the ability to portray a logical network diagram is not a common skill. It is for this reason that I am writing this article about creating clear and understandable logic diagrams of a network.

What information should be presented on L3 diagrams?

In order to create a network diagram, you must have an accurate idea of what information should be present and on which particular diagrams. Otherwise, you will begin to mix information and as a result we will get another useless “hybrid” scheme. Good L3 circuits contain the following information:

• subnets
  
  • VLAN ID (all)
  • VLAN names
  • network addresses and masks (prefixes)
  
  
• L3 devices
  
  • routers, firewalls (hereinafter ITU) and VPN gateways (at least)
  • the most significant servers (for example, DNS, etc.)
  • ip addresses of these servers
  • logical interfaces
  
  
• routing protocol information

What information should NOT be on L3 circuits?

The information listed below should not be on network diagrams, as it refers to other levels [ OSI models , approx. trans. ] and, accordingly, should be reflected in other schemes :

• all information L2 and L1 (in general)
• L2 switches (only the management interface can be represented)
• physical connections between devices

Notation Used

Logic circuits typically use logical symbols. Most of them do not require explanation, but because I already saw the errors of their application, then let me stop and give a few examples:

• Subnet represented as a tube or line:
  
  
• VRF or another zone not known exactly is represented as a cloud:
  
  
  

What information is needed to create an L3 circuit?

In order to create a logical network diagram, you will need the following information:

• L2 (or L1) Diagram — A representation of the physical connections between L3 devices and switches
• L3 device configurations - text files or access to the GUI, etc.
• L2 device configurations - text files or access to the GUI, etc.

Example

In this example, we will use a simple network. It will have Cisco and ITU Juniper Netscreen switches. We are provided with the L2 scheme, as well as the configuration files of most of the devices presented. ISP Edge Router Configuration Files Not Provided in real life, ISP does not transmit such information. Below is the L2 network topology:



And here are the device configuration files. Only the necessary information is left:

Information collection and visualization

Good. Now that we have all the necessary information, we can begin to visualize.

Display process step by step

1. Collection of information:
   
   1. First, open the configuration file (in this case, ASW1).
   2. Take from there each ip-address from the sections of the interfaces. In this case, there is only one address ( 192.168.10.11 ) with a mask of 255.255.255.128 . The interface name is vlan250 and vlan 250 is In-mgmt .
   3. Let's take all the static routes from the configuration. In this case, there is only one (ip default-gateway), and it points to 192.168.10.1 .
   
   
2. Display:
   
   1. Now let's display the information we have collected. First, draw an ASW1 device . ASW1 is a switch, so we use the switch symbol.
   2. Draw a subnet (tube). Assign it the name In-mgmt , VLAN-ID 250 and the address 192.168.10.0/25 .
   3. Connect ASW1 and the subnet.
   4. Insert a text box between the characters ASW1 and the subnet. We display in it the name of the logical interface and ip-address. In this case, the interface name will be vlan250 , and the last octet of the IP address is .11 (it is common practice to display only the last octet of the IP address, because the network IP address is already on the diagram).
   5. There is also another device on the In-mgmt network. Or at least it should be. We still do not know the name of this device, but its IP address is 192.168.10.1 . We learned this because ASW1 points to this address as the default gateway. Therefore, let's display this device in the diagram and give it a temporary name "??". Also, add its address to the scheme - .1 (by the way, I always highlight inaccurate / unknown information in red, so that looking at the scheme you can immediately understand what needs to be clarified on it).
   
   

At this point, we get a circuit similar to this:



Repeat this process step by step for each network device . Collect all information related to IP and display in the same diagram: each ip-address, each interface and each static route. In the process, your circuit will become very accurate. Make sure that devices that are mentioned but not yet known are displayed in the diagram. In the same way as we did earlier with the address 192.168.10.1 . Once you have completed all of the above for all known network devices, you can begin to find out unknown information. You can use the MAC and ARP tables for this (I wonder if it is worth writing the next post telling in detail about this stage?).

Ultimately, we will have a circuit like this:

Conclusion

Draw a logical diagram of the network is very simple, if you have the appropriate knowledge. This is a lengthy manual process, but it is by no means magic. Once you have an L3 network diagram, it’s easy enough to keep it up to date. The benefits are worth the effort:

• You can plan changes quickly and accurately;
  
• solving problems takes much less time than before. Imagine that someone needs to solve the problem of unavailability of the service for 192.168.0.200 to 192.168.1.200. After viewing the L3 diagram, we can say with confidence that ITU is not the cause of this problem.
  
• You can easily observe the correctness of ITU rules. I have seen situations where ITUs contained rules for traffic that would never have passed through this ITU. This example perfectly shows that the logical topology of the network is unknown.
  
• Usually, once the L3 network diagram is created, you will immediately notice which sections of the network do not have redundancy, etc. In other words, the L3 topology (as well as redundancy) is as important as redundancy at the physical level.