The Three Layer Design Model and Characteristics of Scaleable Internetworks
Introduction
Why not a flat network?
The Three Layer Design Model
Core Layer
Distribution Layer
Access Layer
Reliability and Availability
Responsivity
Efficiency
Adaptability
Accessibility and Security
Summary
Introduction
When designing a computer network, the THREE Layer hierarchical design model should be employed. This helps to break the design task into smaller, more manageable tasks. During the design, special attention should be paid to the overall function of the network to give it the necessary attributes that it needs to operate successfully.

There are FIVE main characteristics of a Scaleable Internetwork
  1. Reliability and Availability
  2. Responsivity
  3. Efficiency
  4. Adaptability
  5. Accessibility and Security
These characteristics are discussed later.
Why not a flat network?

*A flat network topology is adequate for very small networks. With a flat network design, there is no hierarchy. Each internetworking device has essentially the same job, and the network is not divided into layers or modules. A flat network topology is easy to design and implement, and it is easy to maintain, as long as the network stays small. When the network grows, however, a flat network is undesirable. The lack of hierarchy makes troubleshooting difficult. Rather than being able to concentrate troubleshooting efforts in just one area of the network, you may need to inspect the entire network.

Flat WAN Topologies

A wide-area network (WAN) for a small company can consist of a few sites connected in a loop. Each site has a WAN router that connects to two other adjacent sites via point-to-point links. As long as the WAN is small (a few sites), routing protocols can converge quickly, and communication with any other site can recover when a link fails. (As long as only one link fails, communication recovers. When more than one link fails, some sites are isolated from others.)

A flat loop topology is generally not recommended for networks with many sites, however. A loop topology can mean that there are many hops between routers on opposite sides of the loop, resulting in significant delay and a higher probability of failure. If your analysis of traffic flow indicates that routers on opposite sides of a loop topology exchange a lot of traffic, you should recommend a hierarchical topology instead of a loop. To avoid any single point of failure, redundant routers or switches can be placed at upper layers of the hierarchy.

Flat LAN Topologies

In the early and mid-1990s, a typical design for a LAN was PCs and servers attached to one or more hubs in a flat topology. The PCs and servers implemented a media-access control process, such as token passing or carrier sense multiple access with collision detection (CSMA/CD) to control access to the shared bandwidth. The devices were all part of the same bandwidth domain and had the ability to negatively affect delay and throughput for other devices.

These days, network designers usually recommend attaching the PCs and servers to data link layer (Layer 2) switches instead of hubs. In this case, the network is segmented into small bandwidth domains so that a limited number of devices compete for bandwidth at any one time. (However, the devices do compete for service by the switching hardware and software, so it is important to understand the performance characteristics of candidate switches.)

*http://www.edrawsoft.com/Hierarchical-Network-Design.php

The Three Layer Design Model
This helps break the design problem into a set of smaller sub-tasks to make the design task less daunting. The model is shown below.

Core Layer
High speed switching - must be the most reliable layer
Distribution Layer
Policy-based connectivity
Access Layer
Local and Remote Group Access - workgroups & dial-in

Core Layer
This layer performs high speed switching of traffic. In the Core Layer there are no ACLs, no NAT, no RIP, no IPX - this will be tunnelled. No packet manipulation will be performed. Small routing tables must be used with protocols such as OSPF, ISIS and EIGRP. This will lead to increased fault tolerance and rapid convergence. For reliability we should use scaleable routing protocols and employ alternate paths, load balancing and dial backup.

The technologies often found in the core layer are T1, T3, E1, E3, OC3 and higher. Redundant links should be used here. Symmetrical redundancy is costly whereas asymmetrical redundancy will be cheaper and uses technologies such as POTS, ISDN and Frame Relay. The routers seen at the core of the network will be models such as 12000 series as used by ISPs, 7500 modular, 7200, 700x. Switches used are typically Catalyst 4000, 5000 and 6000 series.

Distribution Layer
This layer helps differentiate the network core from the rest of the network. The boundary is defined by the use of access lists and other filtering techniques to prevent unwanted traffic from entering the network core. At this layer, a policy for the operation of the network is defined to cover such areas as:
Here will be found ACLs, route summarisation, distribution lists, route maps, and other rules such as inter-VLAN routing. The use of ACLs helps to define boundaries. Route maps force traffic to follow a specific path to the destination. Route redistribution occurs here where the routes known by 2 different routing protocols are incorporated within each other.

The technologies used here are often 4500, 4000 and 36xx modular routers running links at 100Mbps or 1Gbps.

Access Layer
This layer will contain ACLs and supplies the traffic from end users to the network. This is the entry point to the network and the ACLs stop unauthorised network users from gaining access. Remote users can use the access layer to gain entry to the network using technologies such as POTS, Frame Relay or ISDN.

Technologies used here may be 1800, 2500, 26xx, 17xx and 16xx modular routers.


Access Layer Example
Routers at the Access layer provide less interface options than those at the core or distribution layers. Remote users at sites Y, Z and A are able to gain access using 26xx series routers although 1600, 1700, 1800 or 2500 series routers may be used here.  More remote sites may be added easily  at the access layer, connecting directly into the distribution layer.

The distribution layer filters traffic to and from the core. 36xx routers are used here although 4000 and 4500 routers may be used. 100 Mbps links to the core may be copper or more preferably fibre. Both Dist-1A and Dist-2A routers use access lists to keep unwanted traffic from reaching the network core. These routers summarise their routing tables in updates to Core A. This helps keep Core A's routing table small and efficient.

The core layer may use 7000, 7200, and 7500 series routers which feature the fastest switching modes that are possible. These are Cisco's core enterprise routers. A 12000 series router may be used here by an ISP but is unlikely to be found elsewhere.


Reliability and Availability
Reliability and Availability can be improved by using Scaleable Routing Protocols. This is to ensure that routers converge quickly and maintain reachability to all networks and subnets in the Autonomous System (AS). To ensure this, try to use OSPF, ISIS, IGRP as the main routing protocols in your organisation.

Alternate Paths
Redundant links can be costly to install and maintain. Mission-critical remote sites may call for redundant routers and paths. EIGRP keeps a list of redundant paths to be used in case of network failure.

Load Balancing
Symmetrical links have equal-cost and therefore load-balancing can take place. Asymmetrical links will use unequal-cost load-balancing. There are two types of load-balancing
  1. Per-packet
  2. Per destination
Per-packet needs more CPU time but balances better over unequal metrics
Per-destination requires all packets to a certain destination host to take a certain predefined route.

Protocol Tunnels
The Core layer of the entire network should be IP only, therefore protocols such as IPX should be encapsulated and tunnelled. This tunnel creates a point to point (p to p) link between border routers of IPX networks. This keeps the need for IPX enabled IOS and other hardware down.

Dial-Backup
This is used for fault tolerance. Backup links can be created. Common technologies are dialup over ISDN or POTS.

Responsivity
This brings in ideas such as queueing and priorities. The end users of the network notice responsivity at the desktop. Networked applications should appear to the end user and operate as if they were held on the local hard disk. Isochronous and mission-critical applications can be given priority by the IOS using TCP port numbers. These are implemented on a per-interface basis by queueing non-isochronous traffic e.g. FTP.

IOS supports FOUR methods of queueing:

1.  First-in, first-out queueing (FIFO)
2.  Priority queueing
3.  Custom queueing
4.  Weighted fair queueing (WFQ)

Note that only one of these methods can be used per interface.

Efficiency
This is the attempt to conserve bandwidth (BW) over (costly) WAN links. Unnecessary traffic should be prevented from crossing the WAN.
This can be achieved in the following ways:

1.  Implement a local proxy server to cache frequently-used remote resources;
2.  Reduce the size and frequency of routing updates;
3.  Use Access lists to filter traffic. Remember only one access list per protocol, per direction for each router interface. Access lists can:
     i)  Prevent unwanted traffic;
     ii)  Control routing updates;
     iii)  Apply route maps;
     iv)  Implement other network policies to improve efficiency by curtailing traffic.

4.  Snapshot Routing can be used to save on WAN costs. For instance, if using RIP over a backup link such as ISDN, the routers need updates every 30 seconds to maintain the route in the routing table. To achieve this, the backup link would need to re-establish itself every 30 seconds to keep RIP routers aware of the routes available. This would be costly as lines are charged on a per second basis. Snapshot routing solves this problem by taking a copy (snapshot) of the routing table while the link is active. This copy is used during line inactivity and makes all routers 'think' the line is up while it is down. The router updates whenever the line is reconnected.

5.  Compression over WAN allows the IOS to use several techniques to reduce BW usage. The downside of this is increased CPU usage on the router. Should be used with care - preferably over low BW WAN links using a high capability router.

6.  Dial-on-demand routing is used for occasional connectivity to a remote site. 'Interesting traffic' is defined by the router administrator. This technique is often used over ISDN links.

7.  Route summarisation can be used to allow routing table entries to be summarised using one address and a mask to represent several network destinations. OSPF and EIGRP allow manual route summarisation. This reduces the CPU load and also the size of the routing updates.

8.  Incremental routing updates. OSPF, ISIS and EIGRP use incremental routing table updates and these are sent when a change occurs only - c.f. RIP.

Adaptability
This allows addition and coexistence of multiple routing protocols such as IP, IPX and APPLETALK. IOS also allows route redistribution where one routing protocol can share its routing information with another e.g. RIP routes can be redistributed or injected into an OSPF area.

Routable and non-routable protocols must be catered for and carried. For instance, SNA is non-routable and has no network layer address and no mechanism for flow control and is sensitive to delays. Failure to cater for this can lead to sessions being dropped.

Accessibility and Security
Accessibility allows access over a range of technologies, Ethernet, Token Ring, POTS, dedicated link, Frame Relay, ATM etc. POTS and ISDN are circuit switched and allow dial-on-demand for remote sites. Leased lines are dedicated, often high data rate lines found in the WAN core. Packet switched technologies such as Frame Relay, ATM, X.25, Switched Multimegabit Data Service (SMDS) are often used.

These technologies should be deployed on a cost, location and need basis.

Security issues must be addressed on these networks if remote access is allowed otherwise unauthorised users can get in. The use of access lists, Password Authentication Protocol (PAP) or Challenge Authentication Protocol (CHAP) can help here. Both PAP and CHAP need valid usernames and passwords on each router involved in the security.

Summary

This section has covered the Three Layer Hierarchical Design Model that is used to simplify the complex tasks of network design and then examined the basics of internetwork scaleability which has 5 main areas:
  1. Reliability
  2. Responsivity
  3. Efficiency
  4. Adaptability
  5. Accessibility and Security

M Clements 4/10/2007