3.2.Three-layer hierarchical network design

The Cisco hierarchical (three-layer) internetworking model is an industry wide adopted model for designing a reliable, scalable, and cost-efficient internetwork.
When discussing network design, it is useful to categorize networks based on the number of devices serviced:
1. Small network: Provides services for up to 200 devices.
2. Medium-size network: Provides services for 200 to 1,000 devices.
3. Large network: Provides services for 1,000+ devices.

The Access Layer

In a LAN environment, the access layer highlighted grants end devices access to the network.
In the WAN environment, it may provide teleworkers or remote sites access to the corporate network across WAN connections.
As shown in Figure below, the access layer for a small business network generally incorporates Layer 2 switches and access points providing connectivity between workstations and servers.

The access layer serves a number of functions, including :
Layer 2 switching
High availability
Port security
QoS classification and marking and trust boundaries
Address Resolution Protocol (ARP) inspection
Virtual access control lists (VACLs)
Spanning tree
Power over Ethernet (PoE) and auxiliary VLANs for VoIP

The Distribution Layer

The distribution layer aggregates the data received from the access layer switches before it is transmitted to the core layer for routing to its final destination.
In Figure below, the distribution layer is the boundary between the Layer 2 domains and the Layer 3 routed network.
A distribution layer switch may provide upstream services for many access layer switches.

The distribution layer can provide :
Aggregation of LAN or WAN links.
Policy-based security in the form of access control lists (ACLs) and filtering.
Routing services between LANs and VLANs and between routing domains (e.g., EIGRP to OSPF).
Redundancy and load balancing.
A boundary for route aggregation and summarization configured on interfaces toward the core layer.
Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.

The Core Layer

The core layer is also referred to as the network backbone.
The core layer consists of high-speed network devices such as the Cisco Catalyst 6500 or 6800. These are designed to switch packets as fast as possible and interconnect multiple campus components, such as distribution modules, service modules, the data center, and the WAN edge.
As shown in Figure below, the core layer is critical for interconnectivity between distribution layer devices (for example, interconnecting the distribution block to the WAN and Internet edge).

Considerations at the core layer include :
Providing high-speed switching (i.e., fast transport)
Providing reliability and fault tolerance
Scaling by using faster, and not more, equipment
Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes

Previous3.1.Network Hierarchy Next3.3.Two-Tier Collapsed Core Design

Last updated 5 years ago

Was this helpful?

The Access Layer

In a LAN environment, the access layer highlighted grants end devices access to the network.

In the WAN environment, it may provide teleworkers or remote sites access to the corporate network across WAN connections.

As shown in Figure below, the access layer for a small business network generally incorporates Layer 2 switches and access points providing connectivity between workstations and servers.

The access layer serves a number of functions, including :

Layer 2 switching
High availability
Port security
QoS classification and marking and trust boundaries
Address Resolution Protocol (ARP) inspection
Virtual access control lists (VACLs)
Spanning tree
Power over Ethernet (PoE) and auxiliary VLANs for VoIP

The Distribution Layer

The distribution layer aggregates the data received from the access layer switches before it is transmitted to the core layer for routing to its final destination.

In Figure below, the distribution layer is the boundary between the Layer 2 domains and the Layer 3 routed network.

A distribution layer switch may provide upstream services for many access layer switches.

The distribution layer can provide :

Aggregation of LAN or WAN links.
Policy-based security in the form of access control lists (ACLs) and filtering.
Routing services between LANs and VLANs and between routing domains (e.g., EIGRP to OSPF).
Redundancy and load balancing.
A boundary for route aggregation and summarization configured on interfaces toward the core layer.
Broadcast domain control, because routers or multilayer switches do not forward broadcasts. The device acts as the demarcation point between broadcast domains.

The Core Layer

The core layer is also referred to as the network backbone.

The core layer consists of high-speed network devices such as the Cisco Catalyst 6500 or 6800. These are designed to switch packets as fast as possible and interconnect multiple campus components, such as distribution modules, service modules, the data center, and the WAN edge.

As shown in Figure below, the core layer is critical for interconnectivity between distribution layer devices (for example, interconnecting the distribution block to the WAN and Internet edge).

Considerations at the core layer include :

Providing high-speed switching (i.e., fast transport)
Providing reliability and fault tolerance
Scaling by using faster, and not more, equipment
Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or other processes