The Cisco Three-Layer Model
Cisco has created its own three-layer hierarchical model. The Cisco
hierarchical model is used to help you design, implement, and maintain a
scalable, reliable, cost-effective hierarchical internetwork. Cisco defines
three layers of hierarchy, as shown in Figure 1.3, each with specific functionality.
The Core layer
The Distribution layer
The Access layer
Each layer has specific responsibilities. Remember, however, that the
three layers are logical and not necessarily physical. Three layers do not nec-
essarily mean three separate devices. Consider the OSI model, another logi cal
hierarchy. Its seven layers describe functions but not necessarily protocols,
right? Sometimes a protocol maps to more than one layer of the OSI model,
and sometimes multiple protocols communicate within a single layer. In the
same way, when we build physical implementations of hierarchical net-
works, we may have many devices in a single layer, or we might have a single
device performing functions at two layers. The definition of the layers is log-
ical, not physical.
Before you learn about these layers and their functions, consider a com-
mon hierarchical design, as shown in Figure 1.4. The phrase “keep local traf-
fic local” has almost become a cliché in the networking world. However, the
underlying concept has merit. Hierarchical design lends itself perfectly to ful-
filling this concept.
The Core Layer
The Core layer is literally the core of the network. At the top of the hierar-
chy, the Core layer is responsible for transporting large amounts of traffic
both reliably and quickly. The only purpose of the Core layer of the network
is to switch traffic as fast as possible. The traffic transported across the core is
common to a majority of users. However, remember that user data is pro-
cessed at the Distribution layer, and the Distribution layer forwards the
requests to the core if needed.
If there is a failure in the core, every single user can be affected. Therefore,
fault tolerance at this layer is an issue. The core is likely to see large volumes
of traffic, so speed and latency are driving concerns here. Given the function of
the core, we can now consider some design specifics. Let’s start with some
things that we know we don’t want to do:
Don’t do anything to slow down traffic. This includes using access
lists, routing between virtual local area networks (VLANs), and
Don’t support workgroup access here.
Avoid expanding the core when the internetwork grows (i.e., adding
routers). If performance becomes an issue in the core, give preference
to upgrades over expansion.
Now, there are a few things that we want to make sure to do as we design
the core. They include:
Design the core for high reliability. Consider data-link technologies
that facilitate both speed and redundancy, such as FDDI, Fast Ether-
net (with redundant links), or even ATM.
Design with speed in mind. The core should have very little latency.
Select routing protocols with lower convergence times. Fast and
redundant data-link connectivity is no help if your routing tables
The Distribution Layer
The Distribution layer is sometimes referred to as the workgroup layer and
is the communication point between the Access layer and the Core layer. The
primary function of the Distribution layer is to provide routing, filtering, and
WAN access and to determine how packets can access the core, if needed.
The Distribution layer must determine the fastest way that user requests are
serviced, for example, how a file request is forwarded to a server. After the
Distribution layer determines the best path, it forwards the request to the
Core layer. The Core layer is then responsible for quickly transporting the
request to the correct service.
The Distribution layer is the place to implement policies for the network.
Here, you can exercise considerable flexibility in defining network opera-
tion. There are several items that generally should be done at the Distribution
layer. They include
Implementing tools such as access lists, packet filtering, and queuing
Implementing security and network policies, including address trans-
lation and firewalls
Redistribution between routing protocols, including static routing
Routing between VLANs and other workgroup support functions
Broadcast and multicast domain definition
Things to avoid at the Distribution layer are limited to those functions
that exclusively belong to one of the other layers.
The Access Layer
The Access layer controls user and workgroup access to internetwork
resources. The Access layer is sometimes referred to as the desktop layer . The
network resources that most users need will be available locally. The Distri-
bution layer handles any traffic for remote services. The functions to be
included at this layer include
Continued (from the Distribution layer) access control and policies
Creation of separate collision domains (segmentation)
Workgroup connectivity into the Distribution layer
Technologies such as DDR and Ethernet switching are frequently seen in
the Access layer as well as the Distribution layer. If you are using DDR to
connect to a remote office, then it has to be a Distribution layer device. Static
routing (instead of dynamic routing protocols) is seen here as well.
As already noted, three separate levels does not have to imply three sep-
arate routers. It could be fewer, or it could be more. Remember, this is a lay-