Professional Documents
Culture Documents
The Cisco Three Layer Hierarchical Model PDF
The Cisco Three Layer Hierarchical Model PDF
The Cisco Three Layer Hierarchical Model PDF
By SemSim.com
http://www.mcmcse.com/cisco/guides/hierarchical_model.shtml
Cisco has defined a hierarchical model known as the hierarchical internetworking model. This
model simplifies the task of building a reliable, scalable, and less expensive hierarchical
internetwork because rather than focusing on packet construction, it focuses on the three
functional areas, or layers, of your network:
Core layer: This layer is considered the backbone of the network and includes the high-end
switches and high-speed cables such as fiber cables. This layer of the network does not route
traffic at the LAN. In addition, no packet manipulation is done by devices in this layer. Rather,
this layer is concerned with speed and ensures reliable delivery of packets.
Distribution layer: This layer includes LAN-based routers and layer 3 switches. This layer
ensures that packets are properly routed between subnets and VLANs in your enterprise. This
layer is also called the Workgroup layer.
Access layer: This layer includes hubs and switches. This layer is also called the desktop layer
because it focuses on connecting client nodes, such as workstations to the network. This layer
ensures that packets are delivered to end user computers.
Figure INT.2.1 displays the three layers of the Cisco hierarchical model.
When you implement these layers, each layer might comprise more than two devices or a single
device might function across multiple layers.The benefits of the Cisco hierarchical model
include:
High Performance: You can design high performance networks, where only certain layers
are susceptible to congestion.
Efficient management & troubleshooting: Allows you to efficiently organize network
management and isolate causes of network trouble.
Policy creation: You can easily create policies and specify filters and rules.
Scalability: You can grow the network easily by dividing your network into functional
areas.
Behavior prediction: When planning or managing a network, the model allows you
determine what will happen to the network when new stresses are placed on it.
Core Layer
The core layer is responsible for fast and reliable transportation of data across a network. The
core layer is often known as the backbone or foundation network because all other layers rely
upon it. Its purpose is to reduce the latency time in the delivery of packets. The factors to be
considered while designing devices to be used in the core layer are:
High data transfer rate: Speed is important at the core layer. One way that core networks
enable high data transfer rates is through load sharing, where traffic can travel through
multiple network connections.
Low latency period: The core layer typically uses high-speed low latency circuits which
only forward packets and do not enforcing policy.
High reliability: Multiple data paths ensure high network fault tolerance; if one path
experiences a problem, then the device can quickly discover a new route.
At the core layer, efficiency is the key term. Fewer and faster systems create a more efficient
backbone. There are various equipments available for the core layer. Examples of core layer
Cisco equipment include:
Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
T-1 and E-1 lines, Frame relay connections, ATM networks, Switched Multimegabit Data
Service (SMDS)
Distribution Layer
The distribution layer is responsible for routing. It also provides policy-based network
connectivity, including:
Packet filtering (firewalling): Processes packets and regulates the transmission of packets
based on its source and destination information to create network borders.
QoS: The router or layer 3 switches can read packets and prioritize delivery, based on
policies you set.
Access Layer Aggregation Point: The layer serves the aggregation point for the desktop
layer switches.
Control Broadcast and Multicast: The layer serves as the boundary for broadcast and
multicast domains.
Application Gateways: The layer allows you to create protocol gateways to and from
different network architectures.
The distribution layer also performs queuing and provides packet manipulation of the
network traffic.
It is at this layer where you begin to exert control over network transmissions, including what
comes in and what goes out of the network. You will also limit and create broadcast domains,
create virtual LANs, if necessary, and conduct various management tasks, including obtaining
route summaries. In a route summary, you consolidate traffic from many subnets into a core
network connection. In Cisco routers, the command to obtain a routing summary is:
Examples of Cisco-specific distribution layer equipment include 2600,4000, 4500 series routers
Access Layer
The access layer contains devices that allow workgroups and users to use the services provided
by the distribution and core layers. In the access layer, you have the ability to expand or contract
collision domains using a repeater, hub, or standard switch. In regards to the access layer, a
switch is not a high-powered device, such as those found at the core layer.
A collision domain describes a portion of an Ethernet network at layer 1 of the OSI model where
any communication sent by a node can be sensed by any other node on the network. This is
different from a broadcast domain which describes any part of a network at layer 2 or 3 of the
OSI model where a node can broadcast to any node on the network.
Enable MAC address filtering: It is possible to program a switch to allow only certain
systems to access the connected LANs.
Create separate collision domains: A switch can create separate collision domains for
each connected node to improve performance.
Share bandwidth: You can allow the same network connection to handle all data.
Handle switch bandwidth: You can move data from one network to another to perform
load balancing.
https://supportforums.cisco.com/thread/2061029
2975, 2960/2960S is definitely an access switch. It doesn't have the functionality or capability
to be a distro or even a core switch.
Sup720 and the Sup2T can be used as either distribution or core switch.
2900/3500XL is access.
2940/2950/2955 is access.
3550 can be used as access and the 3508XL, 3550-12T or 12G can be used as a distribution
switch.
My rule of thumb is simple: If the model has a PoE then it's an access switch. If it has more
than 6 SFP ports, then it's a distribution.
Contents
[hide]
1 History
2 Description of Cisco layers
o 2.1 Core layer
o 2.2 Distribution layer
o 2.3 Access layer
3 References
[edit] History
The Cisco three-layered model originates from the enterprise campus network [1] which has
evolved over the last 20 years.
Early LAN-based computer networks were made of a small number of simply connected servers,
PCs and printers. The first generation of campus networks came into form by interconnecting
these LANs. Problems in one area of the network frequently impacted the entire network and a
failure in one part of the campus often affected the entire campus network.
To address the above problems, Cisco borrowed the structured programming design principle
from software engineering. Based on two complementary principles: hierarchy and modularity,
large complex Cisco systems must be built using a set of modularized components that can be
assembled in a hierarchical and structured manner. The hierarchy is Cisco's three-layered Model.
The core layer is literally the internet backbone, the simplest yet most critical layer. The primary
purpose of the core is to provide fault isolation and backbone connectivity; in other words, the
core must be highly reliable and switch traffic as fast as possible. Therefore, on one hand, the
core must provide the appropriate level of redundancy to allow fault tolerance in case of
hardware or software failure or upgrade; on the other hand, the high-end switches and high-speed
cables are implemented to achieve High data transfer rate and Low latency period.
The core means to be simple and provides a very limited set of services. Architects and engineers
shouldn't implement complex policy services or attach user/server connections directly at this
layer.
Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
T-1 and E-1 lines, Frame relay connections, ATM networks, Switched Multimegabit Data Service
(SMDS)
The distribution layer acts as an interface between the access layer and the core layer. The
primary function of the distribution layer is to provide routing, filtering, and WAN access and to
determine how packets can access the core, if needed [3].
While core layer and access layer are special purpose layers[4], the distribution layer on the other
hand serves multiple purposes. It is an aggregation point for all of the access layer switches and
also participates in the core routing design. This layer includes LAN-based routers and OSI layer
3 switches. It ensures that packets are properly routed between subnets and VLANs.
The access layer is sometimes referred to as the desktop layer. The network resources the
workgroup and users needed will be available locally.
The access layer is the edge of the entire network, where a wide variety of types of consumer
devices such as PCs, printers, cameras attach to the wired portion of the network, various
services are provided, and dynamic configuration mechanisms implemented. As a result, the
access layer is most feature-rich layer of the Cisco three-layered model.
The following table lists examples of the types of services and capabilities that need to be
defined and supported in the access layer of the network.
Discovery and
802.1AF, CDP, LLDP, LLDP-MED
Configuration Services
Security Services IBNS (802.1X), (CISF): port security, DHCP snooping, DAI, IPSG
802.1X, MAB, Web-Auth QoS marking, policing, queuing, deep packet inspection NBAR, etc.
Intelligent Network PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast,
Control Services UplinkFast, BackboneFast, LoopGuard, BPDUGuard, Port Security, RootGuard
Physical Infrastructure
Power over Ethernet
Services
[edit] References
[1] [2] [3] [4] [5]
By Dan DiNicolo
This article focuses on another important network model, the Cisco hierarchical network design
model. Very different that the OSI model, this model is used as the basis for designing Cisco
networks for security and performance. The article provides an overview of the roles and
responsibilities of each of the model’s 3 layers.
While the OSI model is concerned with how different systems communicate over networks, the
Cisco hierarchical model is a blueprint of types that defines how networks should be designed in
layers. Each layer is meant to have its own roles and responsibilities, but the goal is to create a
network that delivers high performance, is manageable, and keeps required roles in their place.
While this model was designed by Cisco, its use can by all means be adapted to account for the
switching and routing equipment of any vendor. The model is made up of three layers, including
Core, Distribution, and Access. The diagram below shows each of these layers relative to one
another.
The Core layer of the network would be considered along the same lines as the backbone – high
speed and redundant. The Distribution layer would contain intermediate switches and routers,
such as those used to route between subnets or
VLANs. The Access layer is literally where user’s PCs plug into
their local switch, somewhere like an area wiring closet. While
this is a simplified view of the network, it provides a general
high-level overview.
Getting a little deeper into things, each layer of the model is actually home to multiple roles and
responsibilities. Remember that this is a model, and as such not all networks will necessarily
look like this – many, especially smaller ones, may not even be close. Instead, think of this
model as one that outlines best practices to ensure that the network is reliable, scalable, and
meets performance requirements.
The Layers
Each layer in the model has a general level of responsibility, in terms of what capabilities should
be implemented there, and with a particular emphasis on how that layer should perform. Each of
the layers is outlined in more detail below.
Core Layer
The responsibility of the core layer is to act as a high-speed switched backbone. Notice that the
backbone is expected to switch traffic, and not route it. Routing can severely impact
performance, mainly because each frame needs to be recreated as it passes through each router,
as we’ll look at a little later in the series. Switching provides much higher performance, mainly
because a frame can travel across the backbone without needing to be recreated at each switch.
That’s not to say that the frame isn’t inspected at every switch (it will be to varying degrees), but
everything stays at OSI layers 1 and 2 instead of having to be considered at Layer 3. The Core
layer is usually comprised of a relatively small number of high-end switches. Growth should not
add devices, but rather replace devices with higher-speed equipment as necessary.
The Core Layer is also responsible for providing a degree of redundancy by providing multiple
paths. That is, you want to be sure that even if a backbone link goes down, another path exists
over which frames can travel. We’ll consider this in a diagram shortly.
In general, you want to be sure that the only traffic that moves across the backbone is that which
is moving between different Distribution-layer devices. A design that moves traffic over the Core
layer when it isn’t necessary will not provide the best performance. To that end, the core should
also never be used to implement traffic filters such as access lists – these should be implement at
other layers instead.
Distribution Layer
The distribution layer acts as an intermediary between the Core and Access layers, and is usually
where the routing functions (and more) on a well-designed network are found. An example of the
type of interconnection here includes those between different types of media such as Ethernet
and Token Ring. The distribution layer is also where policies are usually implemented using
Access Lists.
To get a feel for the function of the distribution layer, remember that a great deal of routing will
usually happen on a network. Clients on one subnet may need to talk to servers on another. In
some cases this traffic is localized, such as with departmental file or database servers. However,
there are often servers that need to be accessed by many subnets even within a given location,
such as mail servers. The distribution layer would be responsible for this routing function. In all,
this layer serves a number of purposes including the implementation of
A boundary for route aggregation and summarization (for example, many subnets can be
hidden behind a single routing table entry, making these entries smaller, and routing more
efficient).
Broadcast domains. A broadcast domain is a layer 2 concept that defines how far a
broadcast will travel on a given network. By default, routers usually do not pass
broadcasts, acting as the demarcation point between broadcast domains.
Routing. Almost all routing is done at this layer, which keeps it away from the backbone.
This also acts as the intermediate point between where static and dynamic routing are
used on the network.
Access Layer
The Access Layer acts as the point as which end stations connect to the network, usually by
plugging into Layer 2 switches or hubs. As such, this layer is usually used to define network
collision domains. The Access layer is also sometimes used to define additional network security
policies and filtering if necessary.
The diagram below shows how a typical network might be configured to account for the Cisco
hierarchical network design model. Remember that the Core layer switches might be
geographically dispersed, and that the distribution layer routers might be connected to the core
via a WAN link of similar.
A core layer of high-end routers and switches that are optimized for
availability and performance.
A distribution layer of routers and switches that implement policies.
An access layer that connects users via lower-end switches and wireless
access points.
Networks that grow unheeded without any plan in place tend to develop in
an unstructured format. Dr. Peter Welcher, the author of network design and
technology articles for Cisco World and other publications, refers to
unplanned networks as fur-ball network.
Using a hierarchical model can help you minimize costs. You can purchase
the appropriate internetworking devices for each layer of the hierarchy, thus
avoiding spending money on unnecessary features for a layer. Also, the
modular nature of the hierarchical design model enables accurate capacity
planning within each layer of the hierarchy, thus reducing wasted bandwidth.
Network management responsibility and network management systems can
be distributed to the different layers of a modular network architecture to
control management costs.
Modularity lets you keep each design element simple and easy to
understand. Simplicity minimizes the need for extensive training for network
operations personnel and expedites the implementation of a design. Testing
a network design is made easy because there is clear functionality at each
layer. Fault isolation is improved because network technicians can easily
recognize the transition points in the network to help them isolate possible
failure points.
Here are some wise answers from Peter Welcher that are based on the
tenets of hierarchical, modular network design:
When you already know how to add a new building, floor, WAN link, remote
site, e-commerce service, and so on.
When new additions cause only local change, to the directly connected
devices.
When your network can double or triple in size without major design
changes.
When troubleshooting is easy because there are no complex protocol
interactions to wrap your brain around.
A flat network topology is adequate for very small networks. With a flat
network design, there is no hierarchy. Each internetworking device has
essentially the same job, and the network is not divided into layers or
modules. A flat network topology is easy to design and implement, and it is
easy to maintain, as long as the network stays small. When the network
grows, however, a flat network is undesirable. The lack of hierarchy makes
troubleshooting difficult. Rather than being able to concentrate
troubleshooting efforts in just one area of the network, you may need to
inspect the entire network.
A wide-area network (WAN) for a small company can consist of a few sites
connected in a loop. Each site has a WAN router that connects to two other
adjacent sites via point-to-point links. As long as the WAN is small (a few
sites), routing protocols can converge quickly, and communication with any
other site can recover when a link fails. (As long as only one link fails,
communication recovers. When more than one link fails, some sites are
isolated from others.)
A flat loop topology is generally not recommended for networks with many
sites, however. A loop topology can mean that there are many hops between
routers on opposite sides of the loop, resulting in significant delay and a
higher probability of failure. If your analysis of traffic flow indicates that
routers on opposite sides of a loop topology exchange a lot of traffic, you
should recommend a hierarchical topology instead of a loop. To avoid any
single point of failure, redundant routers or switches can be placed at upper
layers of the hierarchy.
In the early and mid-1990s, a typical design for a LAN was PCs and servers
attached to one or more hubs in a flat topology. The PCs and servers
implemented a media-access control process, such as token passing or
carrier sense multiple access with collision detection (CSMA/CD) to control
access to the shared bandwidth. The devices were all part of the same
bandwidth domain and had the ability to negatively affect delay and
throughput for other devices.
These days, network designers usually recommend attaching the PCs and
servers to data link layer (Layer 2) switches instead of hubs. In this case,
the network is segmented into small bandwidth domains so that a limited
number of devices compete for bandwidth at any one time. (However, the
devices do compete for service by the switching hardware and software, so it
is important to understand the performance characteristics of candidate
switches.
Although the model was developed at a time when routers delineated layers,
the model can be used for switched networks as well as routed networks.
Each layer of the hierarchical model has a specific role. The core layer
provides optimal transport between sites. The distribution layer connects
network services to the access layer, and implements policies regarding
security, traffic loading, and routing. In a WAN design, the access layer
consists of the routers at the edge of the campus networks. In a campus
network, the access layer provides switches or hubs for end-user access.
Guidelines for Hierarchical Network Design
Finally, one other guideline for hierarchical network design is that you should
design the access layer first, followed by the distribution layer, and then
finally the core layer. By starting with the access layer, you can more
accurately perform capacity planning for the distribution and core layers.
You can also recognize the optimization techniques you will need for the
distribution and core layers.