Anyone involved in networking and/or telecommunications should be somewhat familiar with the use of layers. Many communications systems, computer operating systems, and software packages are designed in layers or modules. When a network or operating system is designed and built with layers or modules, troubleshooting, building, repairing, and, more importantly, understanding that network all become easier. Additionally, adding a hierarchical structure to the layered approach allows for a scalable design. Here, I will explain how the three-layer hierarchical design can be used to create a modular network.
Layers, layers, and more layers
The common approach to designing enterprise networks involves three layers: the Access layer, the Distribution layer, and the Core layer. The Access layer is the level where host computers are connected to the network. The Distribution layer acts as an aggregation point for all the Access layer devices. The Core layer connects all Distribution layer devices and reliably and quickly switches and routes large amounts of traffic.
Whether you have an Ethernet connection to each end station or a remote access server, if the device allows users to connect to the network, it's considered an Access layer device. Typically, these devices are hubs, multistation access units (MAUs), or switches deployed in wiring closets on each floor of a building. Users' network cables are then terminated into such an Access layer device, where they are connected to each user on the local network. Typically, virtual LANs (VLANs) are implemented to separate broadcast domains on the Access layer.
Access layer considerations
When choosing Access layer devices, there are many points to consider. For example, when pricing equipment to connect a large number of users, you should consider the cost per port. A 24-port switch that costs approximately $1,200 has a port cost of $50 per port. But a 24-port hub that costs approximately $500 will have a port cost of only $10 per port.
While the per-port cost of a hub is much less than that of a switch, you must consider the performance gains of using a switch. Since this device will be used to connect many users, you should consider the number of ports a device has. You may want to consider using modular switches, which allow more ports to be added as needed. This, of course, will increase your per-port cost primarily because you will be adding the extra cost of paying for the modular functionality of the switch.
Since each access device can serve hundreds of users, you must consider the reputation and past performance of the equipment that you choose. For more information, visit the Cisco Web site.
With a layered network, the failure of an Access layer device will only affect users connected to that device. If no (or very little) downtime is a requirement for your enterprise, you should also look into redundant power supplies and switching engines for these devices.
The majority of administration is done on Access layer devices, because all additions and deletions from the network take place in this layer. VLAN assignment, duplex, and port speed are all configured on each port of the switch.
Potential Access layer devices
The Access layer is typically composed of many switches or hubs that service a particular floor of a building or a department within the building; however, OSI model Layer 3 devices (such as routers) can also be used at this layer. If VLANs are used to separate departmental and broadcast traffic, there must be some Layer 3 device(s) to route between the different VLANs. What determines the need for hubs, switches, and routers at the Access layer is not the number of users, but the amount and type of traffic.
Here are some examples of Cisco Access layer devices. The ranges—low-end, midlevel, and high-end—refer to the cost and scalability of the devices.
- Low-end: The Cisco 1900 and 2800 series of switches provide 10-MB 10Base-T connections to workstations and hubs.
- Midlevel: The Cisco 2900 switches can provide both 10-MB and 100-MB connections to workstations and hubs. The 2900 switches can also be configured for gigabit ports typically used for uplink connections to the Distribution layer.
- High-end: The Cisco 4000 modular series of switches are capable of connecting up to 96 end stations or hubs utilizing 10-, 100-, or 1000-MB connections. The 4000 series switches can also be used for advanced telecommunications, including IP telephony, unified messaging, and Internet-based partner and supplier VPNs.
- High-end: The Cisco 5000/5500 series switches are modular and provide very high port densities. The 5000 series can be configured with up to 250 10/100 ports. Gigabit ports can be added for uplinks or server connections. Route switch modules (RSMs) can also be added to these switches, allowing them to act as both a Layer 2 switch and a Layer 3 router. (This refers to Layer 2 and Layer 3 of the networking OSI model.)
From the OSI model Physical layer perspective, the main function of the Distribution level is to provide the Access layer with connectivity to the Core layer. The Distribution layer connects each Access layer device so that the Access devices can route between themselves and to the Core layer. If VLANs are used to separate traffic in the Access layer, the Distribution layer can route between the VLANs.
Additionally, the Distribution layer is responsible for routing packets, filtering packets, and WAN connectivity. Typically, this layer is implemented with routers or multilayer switches, such as the 5000 or 6500 series switches that can both route and switch. Routing is important at the Distribution layer, because this is where broadcast traffic and other traffic filtering are implemented. The Distribution layer “decides”—via routing protocols and filters—if, how, and where traffic will be forwarded.
In the Distribution layer:
- Firewalls, security, network policies, and network address translation (NAT) are configured.
- Routing between workgroups and VLANs is accomplished.
- Access lists, packet filtering, and queuing are implemented.
Distribution layer considerations
Since the most basic function of the Distribution layer is to connect the Access layer devices, you must ensure that the Distribution layer devices (such as routers) can carry extremely high volumes of traffic. Many of the functions of the Distribution layer require the use of routers, so there must be some very careful planning at this layer to ensure that these devices can handle Layer 3 OSI model functions (such as aggregation of access points, translation of security, etc.) at very high speeds. In a large campus network, you should consider a multilayer switch for the distribution layer.
Redundancy is another important consideration for this layer. While the failure of an Access layer device could potentially affect hundreds of users, the failure of a Distribution layer device could affect thousands. Because of this, Distribution layer devices are usually deployed in pairs with redundant links back to the Access layer devices. Redundant power supplies and supervisor engines are of critical importance in highly available networks. Hot Standby Routing Protocol (HSRP) should be used to provide fault tolerance when utilizing standard routers at the Distribution layer. For a better understanding of HSRP, see Robert McIntire's article "Add network redundancy with Cisco HSRP."
Since the Distribution layer typically utilizes routers or multilayer switches, you should consider the processor demands on them. The demands placed on a router or switch running interior and exterior routing protocols, redistribution, or access lists can be overwhelming to the device's CPU and memory. When deciding which products to use, don't forget the memory and processor needs required at this layer of your network. For example, a single 64-MB DRAM kit for a Cisco 7500 series switch will cost $425, and a 128-MB DRAM kit for the same series will run $839. Because of these costs, you can see why it would be cheaper to purchase a switch best suited to your needs than to try to shortchange yourself and correct the shortcoming with upgrades. If you have a need for a high-end switch with a single gigabit interface, you will want to use the 8510 switch. If you need two gigabit interfaces, you will want to purchase the 8540.
Potential Distribution layer devices
Distribution layer devices are deployed in pairs to provide redundancy and reliability. The pair of Distribution layer devices are trunked together to allow traffic between the two switches and routers. Each Access layer device is connected to both Distribution layer devices. The spanning tree, when configured properly, will use only one of the connections between the Access layer and the Distribution layer. If a connection between the two layers fails, the spanning tree will reconverge and use the redundant connection.
Here are some examples of Distribution layer devices:
- Midlevel: Cisco 5000/5500 with RSM series switches are modular and provide very high port densities. The 5000 series can be configured with up to 250 10/100 ports. Gigabit ports can be added for uplinks or server connections. RSMs can also be added to the 5000/5500 that allows the 5000 series to act as both an OSI model Layer 2 switch and a Layer 3 router.
- High-end: Cisco 6500 with multiswitch feature cards are modular switches that provide very high port densities. The 6513 can support up to 576 10/100 ports and 192-Gb connections. The 6500 series boasts a 256-Gb back plane. A multiswitch feature card (MSFC) can be added to allow the 6500 to act as both a switch and a router. The 6500 also supports a 10-Gb Ethernet module with a maximum distance of 10 KM.
The term switch block describes a set of Distribution layer devices and their associated or connected Access layer switches. For example, in a campus network consisting of many multifloor buildings, there may be one or more Access layer switches on each floor of each building. All Access layer switches connect to a pair of Distribution layer switches. In this scenario, each building is a switch block. Switch blocks are interconnected to one another via the Core layer.
Campus networks that contain two or more switch blocks require a Core layer to connect each switch block to other switch blocks. The most important consideration at the Core layer is speed, because devices at the Core layer must perform switching between the switch blocks at very high speeds. Since speed is important, the Core layer is not where network policies, firewalls, or any type of filtering should be performed.
There is no single approved design for the Core layer. Some prefer strictly Layer 2 designs for switching speed, while others prefer Layer 2 and Layer 3 designs to take advantage of routing protocols, fast convergence, and failover abilities. It is true that Layer 3 routing protocols converge much faster and provide better failover protection than the Layer 2 spanning tree protocol, but this comes at some cost. Switching (at Layer 2) is faster that routing (at Layer 3). So the trade-off is packet speed vs. convergence and failover speed. This is not a decision that can be taken lightly, but your network requirements should dictate your design.
Potential Core layer devices
At this point, we are now entering a much lower cost solution for switching needs. The 5000 and 6000 series routers still offer Gb interfaces, modular design, and high-density switching.
- Low-End: Cisco 5000/5500. The Cisco 5000 and 5500 series switches are modular and provide very high port densities. The 5000 series can be configured with up to 250 10/100 ports. Gb ports can be added for uplinks or server connections. RSMs can also be added to the 5000/5500 that allows the 5000 series to act as both a Layer 2 switch and a Layer 3 router.
- Low-End: Cisco 6500 with multiswitch feature cards are modular switches that provide very high port densities. The 6513 can support up to 576 10/100 ports and 192-Gb connections. The 6500 series boasts a 256-Gb back plane. An MSFC can be added to allow the 6500 to act as both a switch and a router. The 6500 also supports a 10-Gb Ethernet module with a maximum distance of 10 KM.
- Low-End: Cisco 8500 series switches can perform both Layer 3 switching at wire speed and ATM switching. The Catalyst 8500 switch provides an integrated ATM and Gigabit Ethernet solution in a single chassis.
Putting it all together
Breaking the network into a layered hierarchical structure makes designing, understanding, upgrading, and troubleshooting easier. Each layer of the hierarchical structure is responsible for an important yet different general function. For a final glimpse at this hierarchy, take a look at Figure A for a graphical representation of the Access layer, Figure B for a representation of the Distribution layer, and Figure C for a look at the Core layer. All are from the Cisco OSI model.
|The Access layer will be where you will spend the least amount of dollars but much of your time.|
|Pay close attention to the Distribution layer, because that is where your security lies.|
|The Core layer is your backbone.|