Last week I discussed Visio's "Custom Properties". This week, I want to talk about "Layers".
The problem is that most diagrams I see are a confusing mix of the logical and physical. For instance, sometimes a line is drawn to represent a logical IP subnet. This subnet may physically be comprised of several switches and hundreds of individual wires. Other times, a diagram may show a number of switches, but you can't tell by looking at them whether they are configured with one subnet on one VLAN, 3 subnets on 1 VLAN, or 10 subnets on 10 VLANs. Further, meta-info, like routing information, is almost never shown. In a typical enterprise, you may have OSPF or EIGRP inside, with RIP running on the firewalls, and BGP at the edge. Can you look at a diagram and know which routers are running OSPF and which are running BGP? Or where redistribution is taking place?
The reason you don't see this information on diagrams very often is that it's difficult to draw, because some information overlaps other information. For instance, BGP and OSPF are probably running on the same router, and if you were trying to show that by drawing a box to represent an OSPF area or a BGP Autonomous System, then the boxes would overlap and be very confusing.
The solution, as I mentioned above, is to take advantage of Visio's "layer" properties. Each object in a Visio diagram is a member of one or more layers, and if you click the "View" menu and "Layer Properties", you'll get
So next time you draw a diagram, try this: create a "Device" layer, a "Logical" layer and a "Physical" layer. Put all your hosts and network devices in the Device layer. Make the Logical layer visible, and the Physical layer invisible. Draw your subnets between the devices. Now make the Physical layer visible and the Logical layer invisible. Draw your cable infrastructure, using different colored lines to represent copper, fiber, patch cables, etc.
You can right-click on each device or link, select Format, and then "Layer..." to change what layer it is in. Leave your Device layer always visible, and toggle your other layers visible and invisible to see how easy it becomes to visualize what's going on in your network.
Now create a layer for your Interior Gateway Protocol and a layer for your Exterior Gateway Protocol. In these layers, use callouts to show which routers are advertising which routes, and use a symbol to represent redistribution.
Also, consider creating a layer to show your security zones. For instance, which devices are in the "red" Internet or partner zones, which devices are in your "yellow" DMZ zone, and which are internal.
If you're in a campus or geographically dispersed organization, another useful layer is location. You can draw boxes to designate closets, or buildings or cities or countries (or planets if you work for NASA).
You can see how it would be difficult to show all of these things on a single diagram, and using multiple diagrams means you have to remember to go back and update all your diagrams when something changes.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in April 2004