1.1 The Hierarchical Network Design Model
1.1.1 The three-layer hierarchical design model
A hierarchical network design model breaks the complex problem of network design into smaller, more manageable problems. Each level, or tier, in the hierarchy addresses a different set of problems so that network hardware and software can be optimized to perform specific roles. Devices at the lowest tier of the hierarchy are designed to accept traffic into a network and then pass traffic up to the higher layers. Cisco offers a three-tiered hierarchy as the preferred approach to network design.

In the three-layer network design model, network devices and links are grouped according to three layers: core, distribution, and access. Like the Open System Interconnection (OSI) reference model, the three-layer design model is a conceptual framework, an abstract picture of a network.

Layered models are useful because they facilitate modularity. Since devices at each layer have similar and well-defined functions, administrators can easily add, replace, and remove individual pieces of the network. This kind of flexibility and adaptability makes a hierarchical network design a scalable network design.

At the same time, layered models can be difficult to comprehend because the exact composition of each layer varies from network to network. Each layer of the three-tiered design model may include a router, a switch, a link, or some combination of these. In fact, some networks may combine the function of two layers into a single device, or may omit a layer entirely.

The following sections look at each of the three layers in detail.

The Core Layer
The core of the network has one purpose: to provide an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer should switch packets as fast as possible. Devices at this layer should not be burdened with access-list checking, data encryption, address translation, or any other process that stands in the way of switching packets at top speed.

The Distribution Layer
The distribution layer sits between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition by using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including routing updates, route summaries, VLAN traffic, and address aggregation. You can use policies to secure networks and to preserve resources by preventing unnecessary traffic.

If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.

The Access Layer
The access layer feeds traffic into the network and performs network entry control. End users access the network via the access layer. As a network's "front door," the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network via a wide-area technology, such as Frame Relay, ISDN, or leased lines.