Network Devices and Architecture

Networks are built from a variety of physical and virtual devices, each serving a specific purpose. Understanding these devices and how they are arranged in a network architecture is essential for designing reliable, scalable, and secure networks.

---

Core Network Devices

Hub (Legacy)

• Operates at Layer 1 (Physical)
• Receives a signal on one port and broadcasts it to all other ports
• No intelligence — creates a single collision domain
• Largely replaced by switches

Switch

• Operates at Layer 2 (Data Link)
• Forwards frames based on MAC addresses
• Maintains a MAC address table for intelligent forwarding
• Each port is its own collision domain
• Managed switches offer VLANs, port security, monitoring, and QoS

Router

• Operates at Layer 3 (Network)
• Forwards packets between different networks based on IP addresses
• Maintains a routing table with static and dynamic routes
• Provides NAT, ACLs (Access Control Lists), and DHCP services
• Connects your LAN to the Internet (WAN)

Layer 3 Switch (Multilayer Switch)

• Combines switching (Layer 2) and routing (Layer 3) in one device
• Performs inter-VLAN routing at hardware speed
• Common in enterprise networks to reduce the need for separate routers within the LAN

---

Security Devices

Firewall

A firewall filters traffic based on predefined rules to protect a network:

Type	Description
Packet filter	Examines individual packets (source/destination IP, port, protocol)
Stateful firewall	Tracks the state of connections and makes decisions based on context
Next-gen firewall (NGFW)	Deep packet inspection, application awareness, intrusion prevention
Web application firewall (WAF)	Protects web apps from attacks like SQL injection and XSS

IDS / IPS

Device	Name	Function
IDS	Intrusion Detection System	Monitors traffic and alerts on suspicious activity
IPS	Intrusion Prevention System	Monitors traffic and blocks suspicious activity inline

VPN Gateway

• Creates encrypted tunnels over public networks
• Enables secure remote access for employees
• Common protocols: IPsec, OpenVPN, WireGuard

---

Network Services Devices

Load Balancer

Distributes incoming traffic across multiple servers to ensure availability and performance:

Algorithm	Description
Round robin	Distributes requests evenly in sequence
Least connections	Sends traffic to the server with the fewest active connections
IP hash	Routes requests from the same IP to the same server
Weighted	Assigns more traffic to more powerful servers

Proxy Server

Type	Description
Forward proxy	Sits between clients and the internet; filters and caches requests
Reverse proxy	Sits in front of servers; load balances, caches, and provides SSL termination

Access Point (AP)

• Provides wireless connectivity (Wi-Fi) for devices
• Connects wireless clients to the wired network
• Enterprise APs are managed centrally by a wireless controller

---

Network Architecture Models

The Three-Tier Architecture

The traditional enterprise network design:

┌─────────────────────────────────┐
│         Core Layer              │
│  High-speed backbone routing    │
│  (Core routers / L3 switches)   │
├─────────────────────────────────┤
│      Distribution Layer         │
│  Policy, ACLs, VLAN routing     │
│  (L3 switches / routers)        │
├─────────────────────────────────┤
│        Access Layer             │
│  End-user device connections    │
│  (Switches, access points)      │
└─────────────────────────────────┘