Anyone involved in networking and/or telecommunications should be somewhat

familiar with the use of layers. Many communications systems, computer operating
systems, and software packages are designed in layers or modules. When a
network or operating system is designed and built with layers or modules,
troubleshooting, building, repairing, and, more importantly, understanding that
network all become easier. Additionally, adding a hierarchical structure to the
layered approach allows for a scalable design. Here, I will explain how the three-
layer hierarchical design can be used to create a modular network.

Layers, layers, and more layers

The common approach to designing enterprise networks involves three layers: the
Access layer, the Distribution layer, and the Core layer. The Access layer is the
level where host computers are connected to the network. The Distribution layer
acts as an aggregation point for all the Access layer devices. The Core layer
connects all Distribution layer devices and reliably and quickly switches and routes
large amounts of traffic.

Access layer
Whether you have an Ethernet connection to each end station or a remote access
server, if the device allows users to connect to the network, it's considered an
Access layer device. Typically, these devices are hubs, multistation access units
(MAUs), or switches deployed in wiring closets on each floor of a building. Users'
network cables are then terminated into such an Access layer device, where they
are connected to each user on the local network. Typically, virtual LANs (VLANs)
are implemented to separate broadcast domains on the Access layer.

Access layer considerations

When choosing Access layer devices, there are many points to consider. For
example, when pricing equipment to connect a large number of users, you should
consider the cost per port. A 24-port switch that costs approximately $1,200 has a
port cost of $50 per port. But a 24-port hub that costs approximately $500 will
have a port cost of only $10 per port.

While the per-port cost of a hub is much less than that of a switch, you must
consider the performance gains of using a switch. Since this device will be used to
connect many users, you should consider the number of ports a device has. You
may want to consider using modular switches, which allow more ports to be added
as needed. This, of course, will increase your per-port cost primarily because you
will be adding the extra cost of paying for the modular functionality of the switch.
Since each access device can serve hundreds of users, you must consider the
reputation and past performance of the equipment that you choose. For more
information, visit the Cisco Web site.

With a layered network, the failure of an Access layer device will only affect users
connected to that device. If no (or very little) downtime is a requirement for your
enterprise, you should also look into redundant power supplies and switching
engines for these devices.

The majority of administration is done on Access layer devices, because all

additions and deletions from the network take place in this layer. VLAN
assignment, duplex, and port speed are all configured on each port of the switch.

Potential Access layer devices

The Access layer is typically composed of many switches or hubs that service a
particular floor of a building or a department within the building; however, OSI
model Layer 3 devices (such as routers) can also be used at this layer. If VLANs
are used to separate departmental and broadcast traffic, there must be some Layer 3
device(s) to route between the different VLANs. What determines the need for
hubs, switches, and routers at the Access layer is not the number of users, but the
amount and type of traffic.

Here are some examples of Cisco Access layer devices. The ranges—low-end,
midlevel, and high-end—refer to the cost and scalability of the devices.

 Low-end: The Cisco 1900 and 2800 series of switches provide 10-MB
10Base-T connections to workstations and hubs.
 Midlevel: The Cisco 2900 switches can provide both 10-MB and 100-MB
connections to workstations and hubs. The 2900 switches can also be
configured for gigabit ports typically used for uplink connections to the
Distribution layer.
 High-end: The Cisco 4000 modular series of switches are capable of
connecting up to 96 end stations or hubs utilizing 10-, 100-, or 1000-MB
connections. The 4000 series switches can also be used for advanced
telecommunications, including IP telephony, unified messaging, and
Internet-based partner and supplier VPNs.
 High-end: The Cisco 5000/5500 series switches are modular and provide
very high port densities. The 5000 series can be configured with up to 250
10/100 ports. Gigabit ports can be added for uplinks or server connections.
Route switch modules (RSMs) can also be added to these switches, allowing
 them to act as both a Layer 2 switch and a Layer 3 router. (This refers to
Layer 2 and Layer 3 of the networking OSI model.)

Distribution layer
From the OSI model Physical layer perspective, the main function of the
Distribution level is to provide the Access layer with connectivity to the Core
layer. The Distribution layer connects each Access layer device so that the Access
devices can route between themselves and to the Core layer. If VLANs are used to
separate traffic in the Access layer, the Distribution layer can route between the
VLANs.

Additionally, the Distribution layer is responsible for routing packets, filtering

packets, and WAN connectivity. Typically, this layer is implemented with routers
or multilayer switches, such as the 5000 or 6500 series switches that can both route
and switch. Routing is important at the Distribution layer, because this is where
broadcast traffic and other traffic filtering are implemented. The Distribution layer
“decides”—via routing protocols and filters—if, how, and where traffic will be
forwarded.

In the Distribution layer:

 Firewalls, security, network policies, and network address translation (NAT)

are configured.
 Routing between workgroups and VLANs is accomplished.
 Access lists, packet filtering, and queuing are implemented.

Distribution layer considerations

Since the most basic function of the Distribution layer is to connect the Access
layer devices, you must ensure that the Distribution layer devices (such as routers)
can carry extremely high volumes of traffic. Many of the functions of the
Distribution layer require the use of routers, so there must be some very careful
planning at this layer to ensure that these devices can handle Layer 3 OSI model
functions (such as aggregation of access points, translation of security, etc.) at very
high speeds. In a large campus network, you should consider a multilayer switch
for the distribution layer.

Redundancy is another important consideration for this layer. While the failure of
an Access layer device could potentially affect hundreds of users, the failure of a
Distribution layer device could affect thousands. Because of this, Distribution layer
devices are usually deployed in pairs with redundant links back to the Access layer
devices. Redundant power supplies and supervisor engines are of critical
importance in highly available networks. Hot Standby Routing Protocol (HSRP)
should be used to provide fault tolerance when utilizing standard routers at the
Distribution layer. For a better understanding of HSRP, see Robert McIntire's
article "Add network redundancy with Cisco HSRP."

Since the Distribution layer typically utilizes routers or multilayer switches, you
should consider the processor demands on them. The demands placed on a router
or switch running interior and exterior routing protocols, redistribution, or access
lists can be overwhelming to the device's CPU and memory. When deciding which
products to use, don't forget the memory and processor needs required at this layer
of your network. For example, a single 64-MB DRAM kit for a Cisco 7500 series
switch will cost $425, and a 128-MB DRAM kit for the same series will run $839.
Because of these costs, you can see why it would be cheaper to purchase a switch
best suited to your needs than to try to shortchange yourself and correct the
shortcoming with upgrades. If you have a need for a high-end switch with a single
gigabit interface, you will want to use the 8510 switch. If you need two gigabit
interfaces, you will want to purchase the 8540.

Potential Distribution layer devices

Distribution layer devices are deployed in pairs to provide redundancy and
reliability. The pair of Distribution layer devices are trunked together to allow
traffic between the two switches and routers. Each Access layer device is
connected to both Distribution layer devices. The spanning tree, when configured
properly, will use only one of the connections between the Access layer and the
Distribution layer. If a connection between the two layers fails, the spanning tree
will reconverge and use the redundant connection.

Here are some examples of Distribution layer devices:

 Midlevel: Cisco 5000/5500 with RSM series switches are modular and
provide very high port densities. The 5000 series can be configured with up
to 250 10/100 ports. Gigabit ports can be added for uplinks or server
connections. RSMs can also be added to the 5000/5500 that allows the 5000
series to act as both an OSI model Layer 2 switch and a Layer 3 router.
 High-end: Cisco 6500 with multiswitch feature cards are modular switches
that provide very high port densities. The 6513 can support up to 576 10/100
ports and 192-Gb connections. The 6500 series boasts a 256-Gb back plane.
 A multiswitch feature card (MSFC) can be added to allow the 6500 to act as
both a switch and a router. The 6500 also supports a 10-Gb Ethernet module
with a maximum distance of 10 KM.

Switch blocks
The term switch block describes a set of Distribution layer devices and their
associated or connected Access layer switches. For example, in a campus network
consisting of many multifloor buildings, there may be one or more Access layer
switches on each floor of each building. All Access layer switches connect to a pair
of Distribution layer switches. In this scenario, each building is a switch block.
Switch blocks are interconnected to one another via the Core layer.

Core layer
Campus networks that contain two or more switch blocks require a Core layer to
connect each switch block to other switch blocks. The most important
consideration at the Core layer is speed, because devices at the Core layer must
perform switching between the switch blocks at very high speeds. Since speed is
important, the Core layer is not where network policies, firewalls, or any type of
filtering should be performed.

There is no single approved design for the Core layer. Some prefer strictly Layer 2
designs for switching speed, while others prefer Layer 2 and Layer 3 designs to
take advantage of routing protocols, fast convergence, and failover abilities. It is
true that Layer 3 routing protocols converge much faster and provide better
failover protection than the Layer 2 spanning tree protocol, but this comes at some
cost. Switching (at Layer 2) is faster that routing (at Layer 3). So the trade-off is
packet speed vs. convergence and failover speed. This is not a decision that can be
taken lightly, but your network requirements should dictate your design.

Potential Core layer devices

At this point, we are now entering a much lower cost solution for switching needs.
The 5000 and 6000 series routers still offer Gb interfaces, modular design, and
high-density switching.

 Low-End: Cisco 5000/5500. The Cisco 5000 and 5500 series switches are
modular and provide very high port densities. The 5000 series can be
configured with up to 250 10/100 ports. Gb ports can be added for uplinks or
server connections. RSMs can also be added to the 5000/5500 that allows
the 5000 series to act as both a Layer 2 switch and a Layer 3 router.
  Low-End: Cisco 6500 with multiswitch feature cards are modular switches
that provide very high port densities. The 6513 can support up to 576 10/100
ports and 192-Gb connections. The 6500 series boasts a 256-Gb back plane.
An MSFC can be added to allow the 6500 to act as both a switch and a
router. The 6500 also supports a 10-Gb Ethernet module with a maximum
distance of 10 KM.
 Low-End: Cisco 8500 series switches can perform both Layer 3 switching
at wire speed and ATM switching. The Catalyst 8500 switch provides an
integrated ATM and Gigabit Ethernet solution in a single chassis.

Putting it all together

Breaking the network into a layered hierarchical structure makes designing,
understanding, upgrading, and troubleshooting easier. Each layer of the
hierarchical structure is responsible for an important yet different general function.
For a final glimpse at this hierarchy, take a look at Figure A for a graphical
representation of the Access layer, Figure B for a representation of the
Distribution layer, and Figure C for a look at the Core layer. All are from the
Cisco OSI model.

Figure A

The Access layer will be where you will spend the least amount of dollars but
much of your time.

Figure B
Pay close attention to the Distribution layer, because that is where your security
lies.

Figure C

The Core layer is your backbone.