In a large organization it is common to see large and complicated networks consisting of many locations, devices, services, and protocols. It can be cumbersome to manage and troubleshoot such networks. In addition to that as technologies evolve, the network has to evolve also. Making changes to a complex network is often difficult. Cisco with its years of experience in network equipment as well as managing its own network has defined a Three-layer hierarchical model. This model provides a hierarchical and modular method of building networks that makes it easy to implement, manage, scale and troubleshoot networks.

The model breaks an internetwork down to the following three layers:

  •  The Core layer
  • The Distribution layer
  • The Access layer

These layers are logical and not physical. They have specific functions in an internetwork which are discussed below:

The Core Layer – This layer is the backbone of an internetwork. It is the simplest yet the most critical layer whose sole function is to transport large amount of data fast. It gets data from the distribution layer and sends it back to the distribution layer after transportation. Speed and fault tolerance are the two major requirements of this layer because it has to transport large amount of data and any fault at this layer will impact every user. Considering the functions of this layer, the following should be avoided at this layer:

  •  Any thing that can slow down the traffic. For example, packet filtering, inter-VLAN routing etc.
  • Direct user connections
  • Direct server connections
  • Complex service policies

While designing the core, the following should be kept in mind:

  •  Routing protocol should have low convergence time.
  • Network Access layer technologies should be fast with low latency
  • Redundancy should be built into this layer.

The Distribution Layer – This layer acts as an interface between the Core and the Access layers. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed. Path determination is the most important function at the layer. It has to select the fastest way an access request can be completed. This layer also acts as the convergence point for all access layer switches. Hence it is generally the best place to apply most of the policies. The following are generally done at this layer:

  •  Routing between subnets and VLANs and route distribution between routing protocols
  • Implementation of security policies, including firewalls, address translations, packet filtering, etc.
  • Breaking broadcast domains

The Access Layer – This layer is the edge of the network where wide variety of devices such as PCs, printers, iPads etc. connects to the network. Common resources needed by users are available at this layer while access request to remote resources are sent to the distribution layer. This layer is also known as the desktop layer. The following are generally done at this layer:

  •  Access control and policies in addition to what exists in the distribution layer.
  • Dynamic configuration mechanisms
  • Breaking collision domains
  • Ethernet switching and static routing