Home | Models | OSI Model | TCP/IP Suite | TCP/IP Model
The Cisco Network Design Model
This Study Guide focuses on another important network model, the Cisco hierarchical network design model. Very different than the OSI model, this model is used as the basis for designing Cisco networks for security and performance. The article provides an overview of the roles and responsibilities of each of the model's three layers.While the OSI model is concerned with how different systems communicate over networks, the Cisco hierarchical model is a blueprint of types that defines how networks should be designed in layers. Each layer is meant to have its own roles and responsibilities, but the goal is to create a network that delivers high performance, is manageable, and keeps required roles in their place. While this model was designed by Cisco, its use can by all means be adapted to account for the switching and routing equipment of any vendor.
The model is made up of three layers, including Core, Distribution, and Access. The diagram below shows each of these layers relative to one another.
Getting a little deeper into things, each layer of the model is actually home to multiple roles and responsibilities. Remember that this is a model, and as such not all networks will necessarily look like this - many, especially smaller ones, may not even be close. Instead, think of this model as one that outlines best practices to ensure that the network is reliable, scalable, and meets performance requirements.
The Layers
Each layer in the model has a general level of responsibility, in terms of what capabilities should be implemented there, and with a particular emphasis on how that layer should perform. Each of the layers is outlined in more detail below.
Core Layer
The responsibility of the core layer is to act as a high-speed switched backbone. Notice that the backbone is expected to switch traffic, and not route it. Routing can severely impact performance, mainly because each frame needs to be recreated as it passes through each router. Switching provides much higher performance, mainly because a frame can travel across the backbone without needing to be recreated at each switch. That not to say that the frame isn't inspected at every switch (it will be to varying degrees), but everything stays at OSI layers 1 and 2 instead of having to be considered at Layer 3. The Core layer is usually comprised of a relatively small number of high-end switches. Growth should not add devices, but rather replace devices with higher-speed equipment as necessary.
The Core Layer is also responsible for providing a degree of redundancy by providing multiple paths. That is, you want to be sure that even if a backbone link goes down, another path exists over which frames can travel. We'll consider this in a diagram shortly.
In general, you want to be sure that the only traffic that moves across the backbone is that which is moving between different Distribution-layer devices. A design that moves traffic over the Core layer when it isn't necessary will not provide the best performance. To that end, the core should also never be used to implement traffic filters such as access lists - these should be implement at other layers instead.
To summarize, the Core Layer should:
-
Be used to provide high-speed switching.
-
Provide reliability and fault tolerance.
-
Grow by using faster, and not more, equipment.
- Never implement performance-decreasing elements such as access lists.
The distribution layer acts as an intermediary between the Core and Access layers, and is usually where the routing functions (and more) on a well-designed network are found. An example of the type of interconnection here includes those between different types of media such as Ethernet and Token Ring. The distribution layer is also where policies are usually implemented using Access Lists.
To get a feel for the function of the distribution layer, remember that a great deal of routing will usually happen on a network. Clients on one subnet may need to talk to servers on another. In some cases this traffic is localized, such as with departmental file or database servers. However, there are often servers that need to be accessed by many subnets even within a given location, such as mail servers. The distribution layer would be responsible for this routing function. In all, this layer serves a number of purposes including the implementation of :
-
Security, in the form of Access Lists and filtering.
-
A boundary for route aggregation and summarization
(for example, many subnets can be hidden behind a single routing table entry,
making these entries smaller, and routing more efficient).
-
Broadcast domains. A broadcast domain is a layer 2
concept that defines how far a broadcast will travel on a given network. By
default, routers usually do not pass broadcasts, acting as the demarcation point
between broadcast domains.
- Routing. Almost all routing is done at this layer, which keeps it away from the backbone. This also acts as the intermediate point between where static and dynamic routing are used on the network.
The Access Layer acts as the point as which end stations connect to the network, usually by plugging into Layer 2 switches or hubs. As such, this layer is usually used to define network collision domains. The Access layer is also sometimes used to define additional network security policies and filtering if necessary.
The diagram below shows how a typical network might be configured to account for the Cisco hierarchical network design model. Remember that the Core layer switches might be geographically dispersed, and that the distribution layer routers might be connected to the core via a WAN link of similar.