Network Documentation

Hi TE,

Is there some sort of de facto standard for docuemntation of your network? I know Visio (or some sort of CAD software) is essential, but what types of things do you draw out? I have a diagram of my WAN connection and internal LAN. But do some of you go as far as to draw out your VLANs between bldgs, or Spanning Tree setup or anything of the sort? Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

rsutton

For my own personal use I like to have a diagram of everything, every device, it's IP address/make/model/support phone number etc. I have all my VLAN's documented. When it comes time to implement a new system I usually end up needed something off my documentation.

I also have made network diagrams in Visio for management that are less detailed but usually have all the devices and their make/model and general purpose. I have found when presenting diagrams to management they are more concerned about the big picture and less about the technical details.

AlanJames

I normally break network diagrams up into layer 3, layer 2, physical

It's too easy to put far too much information on a network diagram, which make them over complicated and difficult to comprehend.

networker050184

AlanJames wrote: »

I normally break network diagrams up into layer 3, layer 2, physical

It's too easy to put far too much information on a network diagram, which make them over complicated and difficult to comprehend.

I agree with this. Usually a high level L3 diagram is good for most basic troubleshooting. Something deeper down with L2 connectivity, Vlans and all that good stuff for when you need an in depth view. No point in having one super complicated diagram IMO. The more documentation the better, it just all doesn't have to be on one Visio drawing.

Paul Boz

Two diagrams:

Logical and physical

Physical is the actual inter-connects of your devices. This will be what you typically see as a topology diagram.

Logical is how you break down your network into VLANS, etc. You can have multiple logical diagrams as well. Larger networks will map VLANS as well as routing protocol topology. If you can visualize your routing protocols on a map it makes much more sense from a summarization standpoint.

malcybood

I work in a design role and when doing detailed designs and for handover of the project into support it is compulsary to have Layer 1, 2 and 3 diagrams.

So L1 you'd show what physical port numbers connect to what, L2 usually represent different VLANs with different colours of lines and have a VLAN colour key, L3 would represent subnets for server subnets but for network devices i.e. firewall or router interfaces I'd mark the interface number, physical port IP address and also indicate if there was a VRRP or HSRP address if it was a HA pair.

Also document traffic flows of firewall rules i.e. source / destination / port / action (permit/deny) which in an ideal world should tie up with the firewall rule base, but in reality it's almost impossible to keep that up to date if you need to tweak things to get it to work in a project environment after the design is signed off!

Hope this helps.

ciscog33k

malcybood wrote: »

I work in a design role and when doing detailed designs and for handover of the project into support it is compulsary to have Layer 1, 2 and 3 diagrams.

So L1 you'd show what physical port numbers connect to what, L2 usually represent different VLANs with different colours of lines and have a VLAN colour key, L3 would represent subnets for server subnets but for network devices i.e. firewall or router interfaces I'd mark the interface number, physical port IP address and also indicate if there was a VRRP or HSRP address if it was a HA pair.

Also document traffic flows of firewall rules i.e. source / destination / port / action (permit/deny) which in an ideal world should tie up with the firewall rule base, but in reality it's almost impossible to keep that up to date if you need to tweak things to get it to work in a project environment after the design is signed off!

Hope this helps.

Do you use visio or something else? Are you using any add-ins with it?

malcybood

ciscog33k wrote: »

Do you use visio or something else? Are you using any add-ins with it?

Hi,

Yes I just use Visio and download the visio stencils for the product I'm working on if they're non standard.

So for example all Cisco switches, routers, 6500's with FWSM, content switches I use the standard Cisco icons which our support department don't accept the diagrams unless they have the standard icons. You can download these from here Network Topology Icons - Cisco Systems

For anything else I just google for the product name then visio stencils and you usually get a link on their website to the visio icons.

For example a customer I am working on at the moment has a Global WAN running on Juniper SSL / IPSec VPN and use Riverbed for WAN optimization, so I had to do a design doc to illustrate how the Riverbed device integrates into the Cisco data centre infrastructure and integrates with the Juniper VPN devices. Just got Riverbed Steelhead icon from their website and same for Juniper SSG VPN / Firewalls.

I'm a bit of a Visio geek, you can get carried away with it but I like my diagrams to be perfect! They're going to customers at the end of the day!

Cheers
malcybood

CChN

Don't forget your service flow diagrams!

Also, screw Cisco and their marketing icons. Just draw boxes within Visio and label them with model/product numbers.

People often use the wrong icon to symbolize a device, leading you to believe it supports features that it doesn't actually support: L2 switch != Multilayer switch

chrisone

malcybood wrote: »

I work in a design role and when doing detailed designs and for handover of the project into support it is compulsary to have Layer 1, 2 and 3 diagrams.

So L1 you'd show what physical port numbers connect to what, L2 usually represent different VLANs with different colours of lines and have a VLAN colour key, L3 would represent subnets for server subnets but for network devices i.e. firewall or router interfaces I'd mark the interface number, physical port IP address and also indicate if there was a VRRP or HSRP address if it was a HA pair.

Also document traffic flows of firewall rules i.e. source / destination / port / action (permit/deny) which in an ideal world should tie up with the firewall rule base, but in reality it's almost impossible to keep that up to date if you need to tweak things to get it to work in a project environment after the design is signed off!

Hope this helps.

+1 , this is how i do mine as well, logical physical, layer 1 , 2, 3. Also add in the service provider, mpls, frame relay, p2p WAN connections. Well the enterprise WAN is on a diagram all on its own. If you run routing protocols like eigrp , bgp, osfp, those protocols deserve a diagram for the entire enterprise as well.

qplayed

peanutnoggin wrote: »

Hi TE,

Is there some sort of de facto standard for docuemntation of your network? I know Visio (or some sort of CAD software) is essential, but what types of things do you draw out? I have a diagram of my WAN connection and internal LAN. But do some of you go as far as to draw out your VLANs between bldgs, or Spanning Tree setup or anything of the sort? Thanks.

There used to be a tool from Fluke Networks called Network Inspector. I can draw you spanning tree topology using Visio 2000! Come to think of it I wonder if there is something similar out there...

Forsaken_GA

I graph a few additional things besides the physical and logical layouts of the network. For example, I have my spanning tree costs diagrammed out, as well as my OSPF costs, so I have a reference to how traffic is supposed to flow. Theoretically, that will help me if I ever run into a problem with it all, and it's something pretty to show management.

DevilWAH

I think you start at the bottom and work up,

So first get you layer 1 digrams worked out, physical connections, (you can often put basic layer 2 stuff on this as well)

then sort out the layer 3 topology, and depending on time carry on adding.

It is a good idea to separate them all out in to separate digrams , or if you are a real wizz kid with something like VISO you can build up layers.

Because we also deal with each switch block on site the same. I also have generic dumbed down diagrams of how they are set up, This makes it easy to show to management who don't have as much network experience, just show them the concepts of the network set up.

I have diagrams that are printed out and laminated with management addresses, trunked ports and layer 2 links, that are organised in to segments of site, that I can carry around site. And I have other copies that I keep on line that are commented and carry tons of info.

It really comes down to how your site works. And how complex the network is. If for example you have a small network with 50 users, 2 switches and 1 wan link of site. Then you can fit every thing (layer 1 2 and 3) all on one digram.

on the other hand if your network spans the globe you need to think about an over all digram showing outline of how sites connect togather, then detailed digrams of the site to site connections, overviews of sites (if they are large) and detailed digrams of sites.

The aim is to have diagrams that are easy to read and give you the info you need, with out over loading with irrelevant info for the task.

The logical / physical split is a good suggestion, but it is not a hard set rule. My suggestion is to start with either a general over view of the entire logical network if it is a large network, or the physical lay out if it is smaller, and then keep adding detail, once you think its getting messy and difficult to follow, take a step back and see where you can make the split, and try to make the diagrams flow in to each other. You want to have it where it feels like you are zooming in and out through layers.

APA

Can't go wrong with Visio.......

My usual plan of attack is...

One visio file per network I am documenting... with multiple sheets within this one file identifying the following...

1) L1 Connectivity (include physical circuit types & available bandwidth)

2) L2 connectivity (showing spanning-tree costs if necessary)

3) L3 connectivity including routing topology & any redundancy protocols used...

Sometimes you have to expand on this due to special requirements for a project... but the above is usually quite a detailed document and will keep every manager\team member happy.

Pet hate of mine when people don't document things!!!!

Forsaken_GA

APA wrote: »

Can't go wrong with Visio.......

You can if you're not running Windows......

For a very long time I had a windows VM on my mac for one reason, and one reason only - Visio.

Then I discovered OmniGraffle Pro and it's ability to export to Visio XML format.

Now, if there was only something decent that run on Unix. Dia is good, but the file format incompatibilities make sharing your diagrams a stillborn concept.

APA

Forsaken_GA wrote: »

You can if you're not running Windows......

I stand by my statement....if you aren't running windows.... its highly likely you aren't going to be running Visio therefore you can't go wrong with visio as you can't run it....unless as you say you've got a virtual environment.

peanutnoggin

So it seems that the consensus is to document at each layer (1,2, & 3). I've never been a "document" type of person but I can definitely see the need for documentation. It's a good thing that the network that I currently run is extremely small (Router & 5 switches). So it shouldn't be too difficult. The network is about to experience a complete makeover and this is the reason I'm wanting to document the current status so the overhaul of the network will be easier. Thanks for the inputs!!!

DevilWAH

peanutnoggin wrote: »

So it seems that the consensus is to document at each layer (1,2, & 3). I've never been a "document" type of person but I can definitely see the need for documentation. It's a good thing that the network that I currently run is extremely small (Router & 5 switches). So it shouldn't be too difficult. The network is about to experience a complete makeover and this is the reason I'm wanting to document the current status so the overhaul of the network will be easier. Thanks for the inputs!!!

I know what you mean i was never a document person, but once you get in to it you wonder why you never have before. It will take hard work to get it up and running, but then just keep it up dated as you go, thoses extra 5 minutes you spend after making a change to the network, that you spend documenting it will be a god send.

I find that I will take time to configure the network to keep the documentation tidy, so it has so many benefits, and as your network gets more complex and you want to add new things, having good documentation is a must. With out it you will hit a wall that you can't get past because you just don't know what it going on.

And remember documentation is not just diagrams, backed up configs, and instructions + plans are just as important. But yes keep it up to date as you go, documentation goes out of date so quick on networks.