Modular Enterprise Network Architecture & City Architecture Analogy

One of the most common enterprise network architectures is the Cisco modular enterprise architecture depicted in the figure below


With this architecture the enterprise network is divided in to multiple functional domains. Furthermore, each domain is constructed of different components.

The typical question someone may ask is, on what basis should we build this architecture? The most common technical answer is: look at the areas where you can place a logical domain boundary to optimize control plan, which offers more scalable and simplified design!

Although this is a valid answer, it did not provide enough explanation of the basis to build a modular enterprise architecture. In fact, the answer should focus more on the functional modularity aspect rather than only focusing on the control plane modularity aspect.

So, how should you explain this modular “functional” architecture in a more holistic approach?

To simplify the answer to this question, let’s look at the context of a city architecture and correlates it to the enterprise network architecture. (This is driven from the common enterprise architecture and city planning analogy)

In a very simplified way, a city can consist of at least three primary organizing contexts:

  • City Architecture
  • District Architecture
  • Building Architecture

Let’s define each of these contexts/architectures and see how it can correlate to the enterprise network architecture

  • City Architecture (big picture): this consists of the structures and the various integrations required across the entire City to server its purpose and should take into account the overall anticipated capacity. Examples, roads, pipes, electricity grids, overall City layout etc.


Mapping this to the enterprise architecture, you can think of it as the end to end network architecture, capacity, layout (single site, multiple sites), type and number of modules, and how to interconnect and integrate all these different domains.


  • District Architecture: this consists of the structures and the integrations required within a district to manage its buildings and how to connect/integrate back to the city wide architecture to server its purpose. Also, it should take into account the overall anticipated capacity. For instance, a districts can be designed based on type of function/service such as residential district, leisure district, business district etc.


Mapping this to the enterprise architecture, you can think of it as the specific functions/services you are expecting from a certain module within the enterprise architecture such as WAN connectivity, Data Center or users access module. Each of these modules serves different functions in which requires different specifications, however, each of these modules need to integrate back to the overall enterprise network architecture to provide a cohesive design and not “design in isolation”.


  • Building Architecture: refers to the certain buildings’ structures required to deliver the specific properties/services within a district as well as to integrate back with the distract architecture.

Mapping this to the enterprise architecture, you can think of it as the specific/specialized functions/capabilities  you are expecting from network nodes (platforms) within a module such as WAN acceleration within the WAN block/module, Firewalls and IPS within the internet edge, POE access switches within the users’ access module. Again, each of these components need to integrate back within its module.


In summary the context of a city architecture sets the basis for the district architecture, in turns the district architecture set the basis of the buildings architecture within a district. Similarly, the enterprise architecture set the basis for the modules architecture/functions (for example you may decide to combine both WAN and Internet edge functions/services in a single module based on the network capacity and available budget). Also the overall enterprise architecture set the basis to glue these different modules to provide a cohesive architecture (avoiding “isolated communication islands”). Likewise, each module set the basis/requirements of the used platforms and architecture within each enterprise module and provide the interconnection with the enterprise network (e.g. core network). on the other hand, the platforms’ architecture/capabilities need to comply with each module specifications/needs to deliver the intended functions/services.

Marwan Al-shawi – CCDE No. 20130066, Google Cloud Certified Architect, AWS Certified Solutions Architect, Cisco Press author (author of the Top Cisco Certifications’ Design Books “CCDE Study Guide and the upcoming CCDP Arch 4th Edition”). He is Experienced Technical Architect. Marwan has been in the networking industry for more than 12 years and has been involved in architecting, designing, and implementing various large-scale networks, some of which are global service provider-grade networks. Marwan holds a Master of Science degree in internetworking from the University of Technology, Sydney. Marwan enjoys helping and assessing others, Therefore, he was selected as a Cisco Designated VIP by the Cisco Support Community (CSC) (official Cisco Systems forums) in 2012, and by the Solutions and Architectures subcommunity in 2014. In addition, Marwan was selected as a member of the Cisco Champions program in 2015 and 2016.


Leave a Reply

Your email address will not be published. Required fields are marked *

Order Now