1.5 The Cisco Hierarchical Model

The use of a hierarchical design for networks facilitates the operation and management of the internetwork. With a hierarchical design, the network is easier to understand, the network can scale up as size requirements grow, it is easier to implement service policies, and troubleshooting network problems are simplified. The IP addressing assignment is accomplished by following a hierarchy that maximizes route summarization. Routing protocols can aggregate addresses into summary routes, which provide increased stability and less overhead on the network. The Cisco hierarchical model defines three layers in the hierarchy:

  • The core layer;

  • The distribution layer; and

  • The access layer.

These three layers are logical and not necessarily physical and are, thus, not necessarily represented by three separate devices. However, there is a division of functionality between the layers, and you can use filtering operations to allow only certain traffic to be forwarded through to the upper levels. This restricts unnecessary traffic from traversing the network, making the network is more adaptable, scalable, and more reliable.

1.5.1 Core Layer

At the top of the hierarchy is the core layer. It is literally the core of the network and provides high-speed switching of traffic between sites. The traffic transported across the core is common to a majority of users. However, user data is processed at the distribution layer, and the distribution layer forwards the requests to the core, if needed. If there is a failure in the core, every all user can be affected; therefore, fault tolerance at the core layer is critical.

As the core transports large amounts of traffic, you should design the core for optimal transport, low latency, high availability, and redundancy. You should thus consider using data-link technologies that facilitate both speed and redundancy, such as Ethernet, (with redundant links), and ATM. You should use routing protocols with low convergence times. No compression, packet filtering through access lists, or encryption should be performed at this layer

You should also not use the core layer to support workgroup access and upgrade rather than expand the core layer if performance becomes an issue in the core.

1.5.2 Distribution Layer

The distribution layer is the communication point between the access layer and the core. The primary function of the distribution layer is to provide routing and route policies, packet filtering, and WAN access and to determine how packets can access the core, if needed. The distribution layer must determine the fastest way that user requests are serviced. After the distribution layer determines the best path, it forwards the request to the core layer. The core layer is then responsible for quickly transporting the request to the correct service. You can implement policies for the network at the distribution layer. You can exercise considerable flexibility in defining network operation at this level.

At this level you would:

  • Perform functions such as encryption, and compression;

  • Implement tools such as access lists, distribution lists, packet filtering, and queuing;

  • Implement security and network policies, including address translation and firewalls;

  • Implement route summarization, and address aggregation;

  • Redistribute between routing protocols, including static routing;

  • Route between VLANs and other workgroup support functions; and

  • Define broadcast and multicast domains.

1.5.3 Access Layer

The access layer provides local or remote access to the network and controls user and workgroup access to internetwork resources. The network resources that most users need should be available locally. Any traffic for remote services is handled by the distribution layer. At this layer access control and policies from distribution layer should be continued and network segmentation should be implemented. Technologies such as dial-on-demand routing (DDR) via remote access servers and Virtual Private Network (VPN) aggregators, and Ethernet switching are frequently used at the access layer. Functions in this layer include shared and switched bandwidth, MAC filtering, and segmentation.