Three Layer Hierarchical Network Architecture

The design of a network should reflect sound engineering principles such as,

  • Hierarchy: A hierarchical network model is a useful high-level tool for designing a reliable network infrastructure. It breaks the complex problem of network design into smaller and more manageable areas.
  • Modularity: By separating the various functions that exist on a network into modules, the network is easier to design. Cisco has identified several modules, including the enterprise campus, services block, data center, and Internet edge.
  • Resiliency: The network must remain available for use under both normal and abnormal conditions. Normal conditions include normal or expected traffic flows and traffic patterns, as well as scheduled events such as maintenance windows. Abnormal conditions include hardware or software failures, extreme traffic loads, unusual traffic patterns, denial-of-service (DoS) events, whether intentional or unintentional, and other unplanned events.
  • Flexibility: The ability to modify portions of the network, add new services, or increase capacity without going through a major forklift upgrade (i.e., replacing major hardware devices).

Cisco’s recommendation to network design is to use a three layer hierarchical model that help us to design the most efficient networks. Those three layers are,

  1. Core (backbone)
  2. Distribution (aggregation/spine/routing)
  3. Access (leaf/switching)


Core Layer

Also referred to as network backbone the core layer’s focus is to switch the traffic extremely speedily. Plus provide reliability and redundancy. No other functionalities are implemented on the devices working at this layer leaving them to only forward the traffic.

Core layer embraces efficiency. Fewer and faster devices creates the most efficient backbone and all other layers rely on it. The factors to be considered while choosing the devices at this layer:

  • High data transfer rate: Speed is important at the core layer. One way that core networks enable high data transfer rates is through load sharing, where traffic can travel through multiple network connections.
  • Low latency period: The core layer typically uses high-speed low latency circuits which only forward packets and do not enforcing policy.
  • High reliability: Multiple data paths ensure high network fault tolerance; if one path experiences a problem, then the device can quickly discover a new route.

Core layer devices :
Cisco Switches : Nexus 7000, 9000, 12000 (for WAN use)
Cisco Switches : Cisco Catalyst 6000, 5000, 4000 (for LAN use)
T1/E1 lines, Frame relay connections, ATM cell circuits

Distribution Layer

The distribution layer device is the focal point in the wiring closets. Either a router or a multilayer switch is used to segment workgroups and isolate network problems in a campus environment.

A distribution layer switch may provide upstream services for many access layer switches.

The distribution layer focuses on

  • Packet filtering (firewalling): Processes packets and regulates the transmission of packets based on its source and destination information to create network borders.
  • QoS: The router or layer 3 switches can read packets and prioritize delivery, based on policies you set.
  • Access Layer Aggregation Point: The layer serves the aggregation point for the desktop layer switches.
  • Control Broadcast and Multicast: The layer serves as the boundary for broadcast and multicast domains.
  • Application Gateways: The layer allows you to create protocol gateways to and from different network architectures.
  • The distribution layer also performs queuing and provides packet manipulation of the network traffic.

Distribution Layer Devices:
Cisco Catalyst switches of series 6500, 4000, 3000

Access Layer

In a LAN environment, the access layer  grants end devices access to the network. In the WAN environment, it may provide teleworkers or remote sites access to the corporate network across WAN connections.

Access layer provides several functions,

  • Layer 2 switching
  • High availability
  • Port security
  • QoS classification and marking and trust boundaries
  • Address Resolution Protocol (ARP) inspection
  • Virtual access control lists (VACLs)
  • Spanning tree
  • Power over Ethernet (PoE) and auxiliary VLANs for VoIP

Access Layer Devices:
Cisco 3500 series (Traditionally hubs and repeaters)


Note: The enterprise networks are designed in accordance with the three-layer model. The Campus LANs and medium/small networks need not have to strictly adhere to the hierarchical model.

Mcmcse | three-layer network model

Ciscopress | hierarchical network design

Cisco switches

About Deepak Devanand

Seeker of knowledge
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s