Physical vs.

Logical Topologies
Jim Murray

Physical vs. Logical Topologies

Introduction
While studying for the CISSP exam, you need to be familiar with the different network topologies that exist. If you do not know how a network is laid out or how the devices communicate on that network, it is extremely difficult for you to protect that network. This paper discusses the difference between the two. We define physical and logical topology and discuss the various types that exist in each category.

Physical Topologies
Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the network. There are five main types of physical topologies that can be used and each has its own strengths and weaknesses. These five types include: Bus Ring Star Hybrid or tree Mesh

Bus
The bus topology exists when each of the systems is connected in a line, as seen in Figure 1. In this topology, all the systems are chained to each other and terminated in some form on each end. This topology was used in the early days of networking because it was inexpensive to use and relatively easy to set up.

Figure 1Bus Network

When a packet is sent in a bus topology, there is no intermediary to determine who the packet should go to. Because of this, every packet that is sent in a bus topology is received by all systems on the network. Normally, if the packet is not for a particular system, the computer would simply disregard the packet; however, you can see the security implications of this type of network. If a malicious user were on this network and utilized a packet capture program, he could see every conversation that occurred between machines. The following table identifies additional advantages and disadvantages of the bus topology:

Advantages

Disadvantages

Easy to install Costs are usually low Easy to add systems to network Great for small networks

Out-of-date technology If cable breaks, whole network is down Can be difficult to troubleshoot Unmanageable in a large network

Ring
The ring topology exists when each of the systems is connected to its respective neighbor forming a ring, as seen in Figure 2. This physical topology has many of the same strengths and weaknesses of the bus topology. The main difference between the bus and ring is that the ring topology does not require termination. Because the systems are connected all together in a loop, there is no beginning and end point as there is with the bus topology. For additional fault tolerance or performance enhancements, you can add a second ring. This configuration is seen in Fiber Distributed Data Interface (FDDI) networks.

Figure 2Ring Network

The following table identifies additional advantages and disadvantages of the bus topology: Advantages Easy to install Costs are usually low Easy to add systems to network Great for small networks Disadvantages Out-of-date technology If cable breaks, whole network is down Can be difficult to troubleshoot Unmanageable in a large network

Star
In the previous two topologies, the systems in the network were connected to each other. In the star topology, instead of being connected to each other, the systems are now connected to some central device, as seen in Figure 3. In the star topology, one of the biggest advantages is that when one system goes down, it does not bring the rest of the network down with it as it does in the bus or ring topologies. The star topology is the most prevalent topology in use today. The strengths and weaknesses of the star topology can be seen in Table 3.

Figure 3Star Network

The following table identifies some additional advantages and disadvantages of the bus topology:
Advantages Disadvantages

Easy to install Easy to add devices to network One break does not bring whole network down Easier to troubleshoot Widely used Centralized management

Costs are usually higher than with bus or ring networks If you have only one central device and it fails, it brings the network down

Hybrid or Tree
The hybrid or tree topology is simply a combination of the other topologies. Figure 4 shows an example of a hybrid network. In this layout, we have three star networks that are connected to each other through a bus topology shown by the red line.

Figure 4Hybrid Network

Mesh
The mesh topology is the last topology we discuss. In this layout, every system is connected to every other system. The main advantage of this topology is high availability. The main disadvantage of this topology is cost, both administrative and physical. Because each system is connected to each other, the amount of cabling and maintenance necessary can be prohibitive, especially in larger networks. The formula for determining the amount of cable needed in a mesh network is: (N x (N 1))/2, where N is the number of systems to be interconnected In our example in Figure 5, we have six systems that require 15 cables to create a mesh network. This topology is mainly used in Wide Area Network environments or in environments where high availability outweighs the costs associated with this amount of interconnection.

Figure 5Mesh Network

The following table identifies additional advantages and disadvantages of the mesh topology:
Advantages Disadvantages

Extremely fault tolerant

Expensive Difficult to implement

Difficult to administer Difficult to troubleshoot

Logical Topologies
The Logical topology defines how the systems communicate across the physical topologies. In CISSP terms, you may hear logical topology referred to as the LAN media access method or network access method. There are two main types of logical topologies: shared media topology token-based topology

Shared Media
In a shared media topology, all the systems have the ability to access the physical layout whenever they need it. The main advantage in a shared media topology is that the systems have unrestricted access to the physical media. Of course, the main disadvantage to this topology is collisions. If two systems send information out on the wire at the same time, the packets collide and kill both packets. Ethernet is an example of a shared media topology. To help avoid the collision problem, Ethernet uses a protocol called Carrier Sense Multiple Access/Collision Detection (CSMA/CD). In this protocol, each system monitors the wire, listening for traffic. If traffic is detected, the system waits until it hears no traffic before it sends packets out. If a situation occurs where two systems send out packets at the same time and a collision occurs, each system waits for a period of time before it retries. This time period is different for each system, so that the collision does not occur again. For small networks, the shared media topology works fine; however, as you begin to add more systems to the network, there is a greater opportunity for collisions. To help reduce the number of collisions, many networks are broken up into several smaller networks with the use of switches or hubs, and each network is then referred to as its own collision domain. Shared media networks are typically deployed in a bus, star, or hybrid physical topology.

Token Based
The token-based topology works by using a token to provide access to the physical media. In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels around the network, each system examines the token. When the packets arrive at the destination systems, those systems copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.

Token-based networks do not have the same collision problems that Ethernet-based networks do because of the need to have possession of the token to communicate. However, one problem that does occur with token-based networks is latency. Because each machine has to wait until it can use the token, there is often a delay in when communications actually occur. Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the originating machine for it to release. The ring topology best facilitates this requirement.

Summary
Understanding the different physical and logical topologies is an important skill set for the information security professional. Knowing how a network is laid out and how the devices communicate on that network can help you make better security decisions to protect your environment and prevent incidents from occurring.