Drawing a good network diagram isn't hard to make, but it can be distressingly rare. Even network engineers with years of experience often draw network diagrams that are jumbled and hard to understand.

The importance of a network diagram

As a network administrator responsible for the network, it's vitally important you have a detailed understanding of your network topology. Without this information, even basic troubleshooting can be unnecessarily difficult. You'll find that troubleshooting is much easier if you have detailed and up-to-date network documentation.

Things to keep in mind when drawing a network diagram

The important thing is to be clear in your own mind about what information you're trying to convey. It's better to draw several diagrams that show different aspects of the same network than to try to put everything on one sheet of paper.

Start by separating network diagrams by network protocol layers. In more complicated networks, I recommend adding diagrams showing traffic flows, routing protocol distribution mechanisms, VPNs, and other important aspects of the network design.

It's important to draw each of these as separate pictures because they show different things. Combining them only confuses the information and makes the drawing harder to understand.

Typically you'll be deploying the network to support some sort of application. And that will involve some client and server devices. It might involve an internet connection and perhaps some firewalls. In a large organization, there could be a separate person responsible for each of these areas, which is when a whiteboard might be a useful place to start.

How to make a network diagram

Drawing Layer 3 diagrams

I always start with Layer 3 diagrams, which show the IP subnets and all Layer 3 network devices like routers, firewalls, and load balancers. The Layer 3 diagram must show all of the important network segments and subnets and how they're interconnected.

The layout is important. I like to show the layout so that it represents the flow of traffic in a broad sense. For example, if I have a bunch of servers being accessed by a group of users, I'll try to put the user network segments on one side of the picture and the servers on the other side.

Sample Layer 3 network diagram, as it might look in Visio

Similarly, if I want to show how a LAN connects to external networks like the internet, I group the external networks all on one side or at the top of the picture.

Or, if the point of the picture is to show a WAN with a large number of remote offices connecting to the same network, I'd probably show the connecting WAN in the middle of the picture and the various remote sites around the edge of the page.

Another layout consideration is to always draw your network segments either horizontally or vertically. The only time I use a combination of vertical and horizontal is when I want to show a fundamental difference between the functions of the segments.

For example, I might draw all of my workstation and server segments horizontally but then draw a special common network management segment vertically down one side of the page. This makes it immediately obvious that the management segment is special.

The Layer 3 diagram should show any high availability mechanisms and redundant network components or redundant paths. It's customary to show router redundancy protocols as an elongated ellipse that covers the router links included in the high availability group.

The other important thing about Layer 3 diagrams is that they should only include Layer 3 objects. I don't want to see switches in a Layer 3 diagram, for example. I don't want to see any kind of indication of trunk links on a Layer 3 diagram either.

You can show a switch on a Layer 3 diagram only if it's a Layer 3 switch, and then only because it functions as a router. Including Layer 2 objects like a switch in a Layer 3 diagram is confusing, particularly in more complicated pictures.

Another useful thing to put into a Layer 3 diagram is organizational boxes. If there are security zones or interesting groupings of users by function or servers by application, put them together on the picture, put a box around them, and label the box clearly. It's then easy to see the exact network path those users take to reach their servers.

Drawing Layer 2 diagrams

Layer 2 diagrams show Layer 2 objects like switches and trunks. They include critical information like which VLANs are included in which trunks and they show spanning-tree parameters like bridge priorities and port costs. In many cases, this is too much information to show easily, so I generally use callout boxes to hold some of the information.

Unlike Layer 3 pictures, Layer 2 diagrams don't need to be laid out in any special way. The most important thing is to keep the picture clear.

network-diagrams-layer-2-topology_1

Sample Layer 2 network diagram, as it might look in Visio

If two devices are intended to provide redundancy for one another, then their positions on the page should be related. They should either be located beside one another or in parallel locations on opposite sides of the picture.

If there are different link speeds, they should be indicated in the diagram. I usually show link speed with the thickness of my diagram's connecting lines. The faster the link, the thicker the line.

Sometimes I also use color to indicate special properties of different physical links. For example, I might make fiber optic cables red and copper cables blue. (Technically the cable type is Layer 1 information, but because it doesn't tend to cause confusion in the picture, it's alright to include it in your Layer 2 diagram.)

Drawing Layer 1 diagrams

I usually use Layer 1 diagrams to show physical connections between devices, but they're also useful for showing cabinet layouts.

Layer 1 diagrams should show port numbers and indicate cable types. In a network that includes many different types of cables, such as fiber optic cables, Category 5/6/7 copper cabling, and so forth, it's useful to give each cable type a different color.

If there are patch panels, particularly if you want to document how patch panel ports map to device locations and switch port numbers, this information belongs on the Layer 1 diagram.

And if there are different link speeds, you might want to give them different line weights, as described previously for Layer 2 diagrams.

network-diagrams-layer-1-topology_1

Sample Layer 1 network diagram, as it might look in Visio

Another type of diagram that's often useful in data center designs is a cabinet layout. It's a diagram that shows exactly what you would see when looking at the front (and sometimes also the back) of the cabinet. A cabinet layout is helpful when you need to tell a remote technician how to find a certain piece of equipment.

Drawing combined-layer diagrams

There's one very special type of diagram in which it's possible to combine Layer 2 and 3 in a single picture. Such a combined diagram is sometimes useful if you have combined Layer 2 and 3 switches and you need to show the relationship between these layers.

A combined diagram is sometimes useful if you have combined Layer 2 and 3 switches and you need to show the relationship between these layers.

A combined-layer view is also useful when thinking about things like HSRP configuration. Which switch will be the default gateway for each VLAN? And, related to this, will the packets from A to B take the same path as the packets from B to A? None of these details appear in the pure Layer 2 or the pure Layer 3 picture.

Instead, we show the relationship in a combined-layer diagram by drawing boxes for the Layer 2 switch with the VLANs inside it, connected to the Layer 3 router, also inside the switch. The VLANs are connected to trunk interfaces to another Layer 2/3 switch.

Note that while this diagram can show the interaction between the layers, it doesn't make either the Layer 2 or Layer 3 network design terribly clear. I'd actually draw all three as separate diagrams, each showing a different important aspect of the network design.

Follow these guidelines and you'll be setting yourself up for drawing network diagrams that are easy-to-read, and easy-to-share. To help summarize, we've included a handy infographic below.

[Larger view]

How to draw effective network diagrams