Home
| Models
| OSI Model
| TCP/IP Suite
| TCP/IP Model
The Cisco Network Design Model
This Study Guide focuses on another important network
model, the Cisco hierarchical network design model. Very different than the OSI model,
this model is used as the basis for designing Cisco networks for security and
performance. The article provides an overview of the roles and responsibilities of
each of the model's three layers.
While the OSI model is concerned with how
different systems communicate over networks, the Cisco hierarchical model is a
blueprint of types that defines how networks should be designed in layers. Each layer
is meant to have its own roles and responsibilities, but the goal is to create a
network that delivers high performance, is manageable, and keeps required roles in
their place. While this model was designed by Cisco, its use can by all means be
adapted to account for the switching and routing equipment of any vendor.
The
model is made up of three layers, including Core, Distribution, and Access. The
diagram below shows each of these layers relative to one another.
The Core layer of the network would be considered along
the same lines as the backbone - high speed and redundant. The Distribution layer
would contain intermediate switches and routers, such as those used to route between
subnets or VLANs. The Access layer is literally where user's PCs plug into their local
switch, somewhere like an area wiring closet. While this is a simplified view of the
network, it provides a general high-level overview.
Getting a little deeper
into things, each layer of the model is actually home to multiple roles and
responsibilities. Remember that this is a model, and as such not all networks will
necessarily look like this - many, especially smaller ones, may not even be
close. Instead, think of this model as one that outlines best practices to ensure that
the network is reliable, scalable, and meets performance requirements.
The Layers
Each layer in the model has a general level of
responsibility, in terms of what capabilities should be implemented there, and with a
particular emphasis on how that layer should perform. Each of the layers is outlined
in more detail below.
Core Layer
The responsibility of the core layer is to act as a high-speed
switched backbone. Notice that the backbone is expected to switch traffic, and not
route it. Routing can severely impact performance, mainly because each frame needs to
be recreated as it passes through each router. Switching provides much higher
performance, mainly because a frame can travel across the backbone without needing to
be recreated at each switch. That not to say that the frame isn't inspected at every
switch (it will be to varying degrees), but everything stays at OSI layers 1 and 2
instead of having to be considered at Layer 3. The Core layer is usually comprised of
a relatively small number of high-end switches. Growth should not add devices, but
rather replace devices with higher-speed equipment as necessary.
The Core Layer
is also responsible for providing a degree of redundancy by providing multiple paths.
That is, you want to be sure that even if a backbone link goes down, another path
exists over which frames can travel. We'll consider this in a diagram shortly.
In general, you want to be sure that the only traffic that moves across the backbone
is that which is moving between different Distribution-layer devices. A design that
moves traffic over the Core layer when it isn't necessary will not provide the best
performance. To that end, the core should also never be used to implement traffic
filters such as access lists - these should be implement at other layers instead.
To summarize, the Core Layer should:
-
Be used to provide high-speed switching.
-
Provide reliability and fault tolerance.
-
Grow by using faster, and not more, equipment.
-
Never implement performance-decreasing elements such as access lists.
Distribution Layer
The distribution layer acts as an intermediary between the Core
and Access layers, and is usually where the routing functions (and more) on a
well-designed network are found. An example of the type of interconnection here
includes those between different types of media such as Ethernet and Token Ring. The
distribution layer is also where policies are usually implemented using Access Lists.
To get a feel for the function of the distribution layer, remember that a great deal
of routing will usually happen on a network. Clients on one subnet may need to talk to
servers on another. In some cases this traffic is localized, such as with departmental
file or database servers. However, there are often servers that need to be accessed by
many subnets even within a given location, such as mail servers. The distribution
layer would be responsible for this routing function. In all, this layer serves a
number of purposes including the implementation of :
-
Security, in the form of Access Lists and filtering.
-
A boundary for route aggregation and summarization
(for example, many subnets can be hidden behind a single routing table entry,
making these entries smaller, and routing more efficient).
-
Broadcast domains. A broadcast domain is a layer 2
concept that defines how far a broadcast will travel on a given network. By
default, routers usually do not pass broadcasts, acting as the demarcation point
between broadcast domains.
-
Routing. Almost all routing is done at this layer,
which keeps it away from the backbone. This also acts as the intermediate point
between where static and dynamic routing are used on the network.
Access Layer
The Access Layer acts as the point as which end stations connect to the network, usually by
plugging into Layer 2 switches or hubs. As such, this layer is usually used to define
network collision domains. The Access layer is also sometimes used to define
additional network security policies and filtering if necessary.
The diagram below shows how a typical network might be configured to account for
the Cisco hierarchical network design model. Remember that the Core layer switches
might be geographically dispersed, and that the distribution layer routers might be
connected to the core via a WAN link of similar.
Top