The Cisco Three-Layered Hierarchical Model

By SemSim.com

http://www.mcmcse.com/cisco/guides/hierarchical_model.shtml

Cisco has defined a hierarchical model known as the hierarchical internetworking model. This
model simplifies the task of building a reliable, scalable, and less expensive hierarchical
internetwork because rather than focusing on packet construction, it focuses on the three
functional areas, or layers, of your network:

Core layer: This layer is considered the backbone of the network and includes the high-end
switches and high-speed cables such as fiber cables. This layer of the network does not route
traffic at the LAN. In addition, no packet manipulation is done by devices in this layer. Rather,
this layer is concerned with speed and ensures reliable delivery of packets.

Distribution layer: This layer includes LAN-based routers and layer 3 switches. This layer
ensures that packets are properly routed between subnets and VLANs in your enterprise. This
layer is also called the Workgroup layer.

Access layer: This layer includes hubs and switches. This layer is also called the desktop layer
because it focuses on connecting client nodes, such as workstations to the network. This layer
ensures that packets are delivered to end user computers.

Figure INT.2.1 displays the three layers of the Cisco hierarchical model.
When you implement these layers, each layer might comprise more than two devices or a single
device might function across multiple layers.The benefits of the Cisco hierarchical model
include:

 High Performance: You can design high performance networks, where only certain layers
are susceptible to congestion.
 Efficient management & troubleshooting: Allows you to efficiently organize network
management and isolate causes of network trouble.
 Policy creation: You can easily create policies and specify filters and rules.
 Scalability: You can grow the network easily by dividing your network into functional
areas.

 Behavior prediction: When planning or managing a network, the model allows you
determine what will happen to the network when new stresses are placed on it.

Core Layer
The core layer is responsible for fast and reliable transportation of data across a network. The
core layer is often known as the backbone or foundation network because all other layers rely
upon it. Its purpose is to reduce the latency time in the delivery of packets. The factors to be
considered while designing devices to be used in the core layer are:
  High data transfer rate: Speed is important at the core layer. One way that core networks
enable high data transfer rates is through load sharing, where traffic can travel through
multiple network connections.

Low latency period: The core layer typically uses high-speed low latency circuits which
only forward packets and do not enforcing policy.

 High reliability: Multiple data paths ensure high network fault tolerance; if one path
experiences a problem, then the device can quickly discover a new route.

At the core layer, efficiency is the key term. Fewer and faster systems create a more efficient
backbone. There are various equipments available for the core layer. Examples of core layer
Cisco equipment include:

 Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
 Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
 T-1 and E-1 lines, Frame relay connections, ATM networks, Switched Multimegabit Data
Service (SMDS)

Distribution Layer
The distribution layer is responsible for routing. It also provides policy-based network
connectivity, including:

 Packet filtering (firewalling): Processes packets and regulates the transmission of packets
based on its source and destination information to create network borders.
 QoS: The router or layer 3 switches can read packets and prioritize delivery, based on
policies you set.
 Access Layer Aggregation Point: The layer serves the aggregation point for the desktop
layer switches.
 Control Broadcast and Multicast: The layer serves as the boundary for broadcast and
multicast domains.
 Application Gateways: The layer allows you to create protocol gateways to and from
different network architectures.
 The distribution layer also performs queuing and provides packet manipulation of the
network traffic.

It is at this layer where you begin to exert control over network transmissions, including what
comes in and what goes out of the network. You will also limit and create broadcast domains,
create virtual LANs, if necessary, and conduct various management tasks, including obtaining
route summaries. In a route summary, you consolidate traffic from many subnets into a core
network connection. In Cisco routers, the command to obtain a routing summary is:

show ip route summary

You can practice viewing routing information using a free CCNA exam router simulator
available from SemSim.com. You can also determine how routers update each other’s routing
tables by choosing specific routing protocols.

Examples of Cisco-specific distribution layer equipment include 2600,4000, 4500 series routers

Access Layer
The access layer contains devices that allow workgroups and users to use the services provided
by the distribution and core layers. In the access layer, you have the ability to expand or contract
collision domains using a repeater, hub, or standard switch. In regards to the access layer, a
switch is not a high-powered device, such as those found at the core layer.

Rather, a switch is an advanced version of a hub.

A collision domain describes a portion of an Ethernet network at layer 1 of the OSI model where
any communication sent by a node can be sensed by any other node on the network. This is
different from a broadcast domain which describes any part of a network at layer 2 or 3 of the
OSI model where a node can broadcast to any node on the network.

At the access layer, you can:

 Enable MAC address filtering: It is possible to program a switch to allow only certain
systems to access the connected LANs.
 Create separate collision domains: A switch can create separate collision domains for
each connected node to improve performance.
 Share bandwidth: You can allow the same network connection to handle all data.
 Handle switch bandwidth: You can move data from one network to another to perform
load balancing.
https://supportforums.cisco.com/thread/2061029

I have few questions:

1)What switches are commonly deployed as access layer switches?

2) what switches are commonly deployed as distribution layer switches?

3) what switches are commonly deployed as core layer switches?

Let's start with the easy ones ...

2975, 2960/2960S is definitely an access switch. It doesn't have the functionality or capability
to be a distro or even a core switch.

2350/2360 is also an access switch for servers.

3560/3560E/3560X, 3750/3750E/3750X can be used as all three.

Sup32 of the 6500 would be used for an access switch.

Sup720 and the Sup2T can be used as either distribution or core switch.

For the legacy systems ...

2900/3500XL is access.

2940/2950/2955 is access.

2970 access switch.

3550 can be used as access and the 3508XL, 3550-12T or 12G can be used as a distribution
switch.

Sup1 and Sup2 distribution or core.

My rule of thumb is simple: If the model has a PoE then it's an access switch. If it has more
than 6 SFP ports, then it's a distribution.

Did I miss anyone?

Over years of building network equipment, Cisco Systems has developed a three-layered
model. Starting with the basics, the Cisco network is traditionally defined as a three-tier
hierarchical model comprising the core, distribution, and access layers. Cisco both developed
their system according to this model and recommend their end-users to follow the same
philosophy. Cisco's three-layered model is a widely used network model, besides the OSI
Layered Model and TCP/IP Layered Model[5]. Cisco also highlighted the importance of the
Cisco three-layered model in its famous CCNA certifications.

Contents
[hide]

 1 History
 2 Description of Cisco layers
o 2.1 Core layer
o 2.2 Distribution layer
o 2.3 Access layer
 3 References

[edit] History

The Cisco three-layered model originates from the enterprise campus network [1] which has
evolved over the last 20 years.

Early LAN-based computer networks were made of a small number of simply connected servers,
PCs and printers. The first generation of campus networks came into form by interconnecting
these LANs. Problems in one area of the network frequently impacted the entire network and a
failure in one part of the campus often affected the entire campus network.

To address the above problems, Cisco borrowed the structured programming design principle
from software engineering. Based on two complementary principles: hierarchy and modularity,
large complex Cisco systems must be built using a set of modularized components that can be
assembled in a hierarchical and structured manner. The hierarchy is Cisco's three-layered Model.

[edit] Description of Cisco layers

[edit] Core layer

The core layer is literally the internet backbone, the simplest yet most critical layer. The primary
purpose of the core is to provide fault isolation and backbone connectivity; in other words, the
core must be highly reliable and switch traffic as fast as possible. Therefore, on one hand, the
core must provide the appropriate level of redundancy to allow fault tolerance in case of
hardware or software failure or upgrade; on the other hand, the high-end switches and high-speed
cables are implemented to achieve High data transfer rate and Low latency period.

The core means to be simple and provides a very limited set of services. Architects and engineers
shouldn't implement complex policy services or attach user/server connections directly at this
layer.

Examples of core layer Cisco equipment include [2]:

 Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use)
 Catalyst switches such as 6000, 5000, and 4000 (for LAN use)
 T-1 and E-1 lines, Frame relay connections, ATM networks, Switched Multimegabit Data Service
(SMDS)

[edit] Distribution layer

The distribution layer acts as an interface between the access layer and the core layer. The
primary function of the distribution layer is to provide routing, filtering, and WAN access and to
determine how packets can access the core, if needed [3].

While core layer and access layer are special purpose layers[4], the distribution layer on the other
hand serves multiple purposes. It is an aggregation point for all of the access layer switches and
also participates in the core routing design. This layer includes LAN-based routers and OSI layer
3 switches. It ensures that packets are properly routed between subnets and VLANs.

[edit] Access layer

The access layer is sometimes referred to as the desktop layer. The network resources the
workgroup and users needed will be available locally.

The access layer is the edge of the entire network, where a wide variety of types of consumer
devices such as PCs, printers, cameras attach to the wired portion of the network, various
services are provided, and dynamic configuration mechanisms implemented. As a result, the
access layer is most feature-rich layer of the Cisco three-layered model.

The following table lists examples of the types of services and capabilities that need to be
defined and supported in the access layer of the network.

Examples of Types of Service and Capabilities[1]

Service Requirements Service Features

Discovery and
802.1AF, CDP, LLDP, LLDP-MED
Configuration Services
Security Services IBNS (802.1X), (CISF): port security, DHCP snooping, DAI, IPSG

Network Identity and

802.1X, MAB, Web-Auth
Access

802.1X, MAB, Web-Auth QoS marking, policing, queuing, deep packet inspection NBAR, etc.

Intelligent Network PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast,
Control Services UplinkFast, BackboneFast, LoopGuard, BPDUGuard, Port Security, RootGuard

Physical Infrastructure
Power over Ethernet
Services

[edit] References
[1] [2] [3] [4] [5]

1. ^ Cisco : Enterprise Campus 3.0 Architecture: Overview and Framework

2. ^ The Cisco Three-Layered Hierarchical Model
3. ^ Cisco Three Layer Hierarchical Model vs OSI
4. ^ OSI & TCP-IP Tutorial
5. ^ OSI Model v.s. TCP/IP Model v.s. Cisco 3 Layer Model
http://archive.networknewz.com/2004/0206.html

By Dan DiNicolo

This article focuses on another important network model, the Cisco hierarchical network design
model. Very different that the OSI model, this model is used as the basis for designing Cisco
networks for security and performance. The article provides an overview of the roles and
responsibilities of each of the model’s 3 layers.

While the OSI model is concerned with how different systems communicate over networks, the
Cisco hierarchical model is a blueprint of types that defines how networks should be designed in
layers. Each layer is meant to have its own roles and responsibilities, but the goal is to create a
network that delivers high performance, is manageable, and keeps required roles in their place.
While this model was designed by Cisco, its use can by all means be adapted to account for the
switching and routing equipment of any vendor. The model is made up of three layers, including
Core, Distribution, and Access. The diagram below shows each of these layers relative to one
another.

The Core layer of the network would be considered along the same lines as the backbone – high
speed and redundant. The Distribution layer would contain intermediate switches and routers,
such as those used to route between subnets or
 VLANs. The Access layer is literally where user’s PCs plug into
their local switch, somewhere like an area wiring closet. While
this is a simplified view of the network, it provides a general
high-level overview.

Getting a little deeper into things, each layer of the model is actually home to multiple roles and
responsibilities. Remember that this is a model, and as such not all networks will necessarily
look like this – many, especially smaller ones, may not even be close. Instead, think of this
model as one that outlines best practices to ensure that the network is reliable, scalable, and
meets performance requirements.

The Layers

Each layer in the model has a general level of responsibility, in terms of what capabilities should
be implemented there, and with a particular emphasis on how that layer should perform. Each of
the layers is outlined in more detail below.

Core Layer

The responsibility of the core layer is to act as a high-speed switched backbone. Notice that the
backbone is expected to switch traffic, and not route it. Routing can severely impact
performance, mainly because each frame needs to be recreated as it passes through each router,
as we’ll look at a little later in the series. Switching provides much higher performance, mainly
because a frame can travel across the backbone without needing to be recreated at each switch.
That’s not to say that the frame isn’t inspected at every switch (it will be to varying degrees), but
everything stays at OSI layers 1 and 2 instead of having to be considered at Layer 3. The Core
layer is usually comprised of a relatively small number of high-end switches. Growth should not
add devices, but rather replace devices with higher-speed equipment as necessary.
The Core Layer is also responsible for providing a degree of redundancy by providing multiple
paths. That is, you want to be sure that even if a backbone link goes down, another path exists
over which frames can travel. We’ll consider this in a diagram shortly.

In general, you want to be sure that the only traffic that moves across the backbone is that which
is moving between different Distribution-layer devices. A design that moves traffic over the Core
layer when it isn’t necessary will not provide the best performance. To that end, the core should
also never be used to implement traffic filters such as access lists – these should be implement at
other layers instead.

To summarize, the Core Layer should:

 Be used to provide high-speed switching.

  Provide reliability and fault tolerance.

 Grow by using faster, and not more, equipment.

 Never implement performance-decreasing elements such as access lists.

Distribution Layer

The distribution layer acts as an intermediary between the Core and Access layers, and is usually
where the routing functions (and more) on a well-designed network are found. An example of the
type of interconnection here includes those between different types of media such as Ethernet
and Token Ring. The distribution layer is also where policies are usually implemented using
Access Lists.

To get a feel for the function of the distribution layer, remember that a great deal of routing will
usually happen on a network. Clients on one subnet may need to talk to servers on another. In
some cases this traffic is localized, such as with departmental file or database servers. However,
there are often servers that need to be accessed by many subnets even within a given location,
such as mail servers. The distribution layer would be responsible for this routing function. In all,
this layer serves a number of purposes including the implementation of

 Security, in the form of Access Lists and filtering.

 A boundary for route aggregation and summarization (for example, many subnets can be
hidden behind a single routing table entry, making these entries smaller, and routing more
efficient).

 Broadcast domains. A broadcast domain is a layer 2 concept that defines how far a
broadcast will travel on a given network. By default, routers usually do not pass
broadcasts, acting as the demarcation point between broadcast domains.

 Routing. Almost all routing is done at this layer, which keeps it away from the backbone.
This also acts as the intermediate point between where static and dynamic routing are
used on the network.
Access Layer

The Access Layer acts as the point as which end stations connect to the network, usually by
plugging into Layer 2 switches or hubs. As such, this layer is usually used to define network
collision domains. The Access layer is also sometimes used to define additional network security
policies and filtering if necessary.

How it fits together

The diagram below shows how a typical network might be configured to account for the Cisco
hierarchical network design model. Remember that the Core layer switches might be
geographically dispersed, and that the distribution layer routers might be connected to the core
via a WAN link of similar.

About the Author:

Dan DiNicolo is a technical trainer, consultant, and author as well as the owner and managing
editor of 2000Trainers.com. When he's not busy travelling the world as an IT volunteer with
organizations like Geekcorps Dan makes his home in hockey-crazed Toronto, Canada. Dan is the
author of a number of technical books including the soon-to-be-released CCNA/CCDA Study
Guide. He can be reached by email at dan@2000trainers.com.
Hierarchical Network Design
http://www.edrawsoft.com/Hierarchical-Network-Design.php

To meet a customer's business and technical goals for a corporate network

design, you might need to recommend a network topology consisting of
many interrelated components. This task is made easier if you can "divide
and conquer" the job and develop the design in layers.

Network design experts have developed the hierarchical network design

model to help you develop a topology in discrete layers. Each layer can be
focused on specific functions, allowing you to choose the right systems and
features for the layer. For example, high-speed WAN routers can carry traffic
across the enterprise WAN backbone, medium-speed routers can connect
buildings at each campus, and switches can connect user devices and
servers within buildings.

Free Download Hierarchical Network Software and View All Examples

A typical hierarchical topology is

 A core layer of high-end routers and switches that are optimized for
availability and performance.
 A distribution layer of routers and switches that implement policies.
 An access layer that connects users via lower-end switches and wireless
access points.

Why Use a Hierarchical Network Design Model

Networks that grow unheeded without any plan in place tend to develop in
an unstructured format. Dr. Peter Welcher, the author of network design and
technology articles for Cisco World and other publications, refers to
unplanned networks as fur-ball network.

Welcher explains the disadvantages of a fur-ball topology by pointing out the

problems that too many CPU adjacencies cause. When network devices
communicate with many other devices, the workload required of the CPUs on
the devices can be burdensome. For example, in a large flat (switched)
network, broadcast packets are burdensome. A broadcast packet interrupts
the CPU on each device within the broadcast domain, and demands
processing time on every device for which a protocol understanding for that
broadcast is installed. This includes routers, workstations, and servers.
Another potential problem with nonhierarchical networks, besides broadcast
packets, is the CPU workload required for routers to communicate with many
other routers and process numerous route advertisements. A hierarchical
network design methodology lets you design a modular topology that limits
the number of communicating routers.

Using a hierarchical model can help you minimize costs. You can purchase
the appropriate internetworking devices for each layer of the hierarchy, thus
avoiding spending money on unnecessary features for a layer. Also, the
modular nature of the hierarchical design model enables accurate capacity
planning within each layer of the hierarchy, thus reducing wasted bandwidth.
Network management responsibility and network management systems can
be distributed to the different layers of a modular network architecture to
control management costs.

Modularity lets you keep each design element simple and easy to
understand. Simplicity minimizes the need for extensive training for network
operations personnel and expedites the implementation of a design. Testing
a network design is made easy because there is clear functionality at each
layer. Fault isolation is improved because network technicians can easily
recognize the transition points in the network to help them isolate possible
failure points.

Hierarchical design facilitates changes. As elements in a network require

change, the cost of making an upgrade is contained to a small subset of the
overall network. In large flat or meshed network architectures, changes tend
to impact a large number of systems. Replacing one device can affect
numerous networks because of the complex interconnections.

How Can You Tell When You Have a Good Design

Here are some wise answers from Peter Welcher that are based on the
tenets of hierarchical, modular network design:

 When you already know how to add a new building, floor, WAN link, remote
site, e-commerce service, and so on.
 When new additions cause only local change, to the directly connected
devices.
 When your network can double or triple in size without major design
changes.
 When troubleshooting is easy because there are no complex protocol
interactions to wrap your brain around.

When scalability is a major goal, a hierarchical topology is recommended

because modularity in a design enables creating design elements that can be
replicated as the network grows. Because each instance of a module is
consistent, expansion is easy to plan and implement. For example, planning
a campus network for a new site might simply be a matter of replicating an
existing campus network design.

Flat Versus Hierarchical Topologies

A flat network topology is adequate for very small networks. With a flat
network design, there is no hierarchy. Each internetworking device has
essentially the same job, and the network is not divided into layers or
modules. A flat network topology is easy to design and implement, and it is
easy to maintain, as long as the network stays small. When the network
grows, however, a flat network is undesirable. The lack of hierarchy makes
troubleshooting difficult. Rather than being able to concentrate
troubleshooting efforts in just one area of the network, you may need to
inspect the entire network.

Flat WAN Topologies

A wide-area network (WAN) for a small company can consist of a few sites
connected in a loop. Each site has a WAN router that connects to two other
adjacent sites via point-to-point links. As long as the WAN is small (a few
sites), routing protocols can converge quickly, and communication with any
other site can recover when a link fails. (As long as only one link fails,
communication recovers. When more than one link fails, some sites are
isolated from others.)

A flat loop topology is generally not recommended for networks with many
sites, however. A loop topology can mean that there are many hops between
routers on opposite sides of the loop, resulting in significant delay and a
higher probability of failure. If your analysis of traffic flow indicates that
routers on opposite sides of a loop topology exchange a lot of traffic, you
should recommend a hierarchical topology instead of a loop. To avoid any
single point of failure, redundant routers or switches can be placed at upper
layers of the hierarchy.

Flat LAN Topologies

In the early and mid-1990s, a typical design for a LAN was PCs and servers
attached to one or more hubs in a flat topology. The PCs and servers
implemented a media-access control process, such as token passing or
carrier sense multiple access with collision detection (CSMA/CD) to control
access to the shared bandwidth. The devices were all part of the same
bandwidth domain and had the ability to negatively affect delay and
throughput for other devices.

These days, network designers usually recommend attaching the PCs and
servers to data link layer (Layer 2) switches instead of hubs. In this case,
the network is segmented into small bandwidth domains so that a limited
number of devices compete for bandwidth at any one time. (However, the
devices do compete for service by the switching hardware and software, so it
is important to understand the performance characteristics of candidate
switches.

Mesh Versus Hierarchical-Mesh Topologies

Network designers often recommend a mesh topology to meet availability

requirements. In a full-mesh topology, every router or switch is connected to
every other router or switch. A full-mesh network provides complete
redundancy, and offers good performance because there is just a single-link
delay between any two sites. A partial-mesh network has fewer connections.
To reach another router or switch in a partial-mesh network might require
traversing intermediate links.

The Classic Three-Layer Hierarchical Model

Literature published by Cisco Systems, Inc. and other networking vendors

talks about a classic three-layer hierarchical model for network design
topologies. The three-layer model permits traffic aggregation and filtering at
three successive routing or switching levels. This makes the three-layer
hierarchical model scalable to large international internet works.

Although the model was developed at a time when routers delineated layers,
the model can be used for switched networks as well as routed networks.

Each layer of the hierarchical model has a specific role. The core layer
provides optimal transport between sites. The distribution layer connects
network services to the access layer, and implements policies regarding
security, traffic loading, and routing. In a WAN design, the access layer
consists of the routers at the edge of the campus networks. In a campus
network, the access layer provides switches or hubs for end-user access.
Guidelines for Hierarchical Network Design

This section briefly describes some guidelines for hierarchical network

design. Following these simple guidelines will help you design networks that
take advantage of the benefits of hierarchical design.
The first guideline is that you should control the diameter of a hierarchical
enterprise network topology. In most cases, three major layers are
sufficient:

1. The core layer

2. The distribution layer
3. The access layer

Controlling the network diameter provides low and predictable latency. It

also helps you predict routing paths, traffic flows, and capacity
requirements. A controlled network diameter also makes troubleshooting
and network documentation easier.

Finally, one other guideline for hierarchical network design is that you should
design the access layer first, followed by the distribution layer, and then
finally the core layer. By starting with the access layer, you can more
accurately perform capacity planning for the distribution and core layers.
You can also recognize the optimization techniques you will need for the
distribution and core layers.