It's always easier to
solve a problem if it is broken into smaller pieces, and large-scale
internetworks are no exception. The best-built and -managed scalable
internetworks are typically designed in layers following a
hierarchical model. By using hierarchical layers, you
can break a large network into smaller pieces that can be dealt with
separately. To understand the importance of layering, consider the
Open System Interconnection (OSI) reference model, which is a
layered model for understanding and implementing computer
communications. By using layers, the OSI model simplifies the task
required for two computers to communicate. Hierarchical models for
internetwork design also use layers to simplify the task required
for internetworking. Each layer can be focused on specific
functions, thereby allowing you to choose the right systems and
features for the layer. As a result, a hierarchical model simplifies
the management of your internetwork and allows you to control the
growth without overlooking the network requirements.
Modularity is another benefit of using a hierarchical design
because changes in the internetwork can be easily facilitated. In
addition, modularity in network design allows you to create design
elements that can be replicated as the network grows. As each
element in the network design requires change, the cost and
complexity of making the upgrade is constrained to a small subset of
the overall network. In large flat or meshed network architectures,
changes tend to impact a large number of systems. Improved fault
isolation is also facilitated by modular structuring of the network
into small, easy-to-understand elements; therefore, you can easily
understand the transition points in the network, and thus identify
failure points.
A typical three-layer hierarchical internetworking model is
illustrated in the Figure
. It is sometimes mistakenly thought that
the three layers (core, distribution, and access) must exist in
clear and distinct physical entities, but this does not have to be
the case. The layers are defined to aid successful network design
and to represent functionality that must exist in a network. The
instantiation of each layer can be in distinct routers or switches,
can be represented by a physical media, can be combined in a single
device, or can be omitted altogether. The way the layers are
implemented depends on the needs of the network being designed.
Note, however, that for a network to function optimally, hierarchy
must be maintained. Generally three layers are defined within a
hierarchical network. As indicated in the Figure
, each layer has a
specific design goal.
Core layer
The core of the network has one goal: switching packets. The
following two basic strategies will accomplish this goal:
- No network policy implementation should take place in the
core of the network.
- Every device in the core should have full reachability to
every destination in the network.
Since the core layer is the central internetwork for the entire
enterprise and may include LAN and WAN backbones, the primary
function of this layer is to provide an optimized and reliable
transport structure and to forward traffic at very high speeds. In
addition, the core layer is a high-speed switching backbone and
because the primary job of a device in the core of the network is to
switch packets, you should design the core layer to switch packets
as fast as possible. Therefore, the core of the network should not
perform any packet manipulation, such as access lists and filtering,
that would slow down the switching of packets.
Distribution layer
The distribution layer represents the campus backbone. The
primary function of this layer is to provide access to various parts
of the internetwork, as well as access to services. The distribution
layer of the network is the demarcation point between the access and
core layers and helps you define and differentiate the core. The
purpose of this layer is to provide boundary definition and is the
place at which packet manipulation can take place. In the campus
environment, the distribution layer can include several functions,
such as the following:
- Summarizes routes
- Provides for area, address, or traffic aggregation
- Offers departmental or workgroup access
- Defines the broadcast/multicast domain
- Provides for virtual LAN (VLAN) routing
- Provides for any media transitions that need to occur
- Offers security
In the noncampus environment, the distribution layer can be a
redistribution point between routing domains or the demarcation
between static and dynamic routing protocols. It can also be the
point at which remote sites access the corporate network. The
distribution layer can be summarized as the layer that provides
policy-based connectivity.
Access Layer
The access layer feeds traffic into the network, performs network
entry control, and provides other edge services. In doing so, the
access layer provides access to corporate resources for a workgroup
on a local segment. In addition, because the access layer is the
point at which local end users are allowed into the network, you can
use access lists or filters at the access layer to further optimize
the needs of a particular set of users. In a campus environment,
access-layer functions include the following:
- Shared bandwidth
- Switched bandwidth
- Media Access Control (MAC) layer filtering
- Microsegmentation
In a noncampus environment, the access layer can give remote
sites access to the corporate network via some wide-area technology,
such as Frame Relay, ISDN, or leased lines.
Now that you have a basic understanding of the layers in a
hierarchical design model, you should account for the following
fundamental design principles when designing a scalable internetwork:
- The area affected by a topology change in the network should
be bound so that it is as small as possible.
- Routers and other network devices should carry the minimum
amount of information possible.
You can achieve both of these goals through summarization, which
is generally done at the distribution layer. Generally, you want to
bind the convergence area at the distribution layer. For example, a
failing access link shouldn't affect the routing table in the core,
and a failing link in the core should produce minimal impact on the
routing tables of an access-layer router. In a hierarchical network,
traffic is aggregated onto higher-speed links moving from the access
layer to the core, and it is split onto smaller links moving from
the core toward the access layer. Not only does this scenario imply
that access-layer routers can be smaller devices, it also implies
that they are required to spend less time switching packets. As a
result, they have more processing power, which can be used to
implement network policies.