The 3-tier hierarchical design maximizes performance, network availability, and has the ability to scale the network design, usually having large modular chassis with very high throughput and advanced routing capabilities. However, this might be a kill for many small enterprise networks as most do not grow significantly larger over time. Therefore, a two-tiered hierarchical design where the core and distribution layers are collapsed into one layer is often more practical. See 2-tier details here.. 

Traditional data center networks utilized a Three-Tier design that consists of a core, distribution and access layer of switches.

  • Core switches are usually large modular chassis with very high throughput and advanced routing capabilities.
  • Distribution layer switches are mid-tier speed switches with emphasis on uplink speeds. Services, such as load balancing or firewalls, could often be found at this layer.
  • Access Switches are the traditional switches that connects end user machines and they usually consists of 24 to 48 ports.


 

 

The core can provide high-speed connectivity for large enterprises with multiple campus networks distributed worldwide, and it can also provide interconnectivity between the end-user/endpoint campus access layer and other network blocks, such as:

  • the data center,
  • the private cloud,
  • the public cloud,
  • the WAN, the
  • Internet edge, and
  • network services.


 

 

 

 

 

 

 

 

 

 

Core layer 

Core tier connects distribution switches together when there is a requirement to have a 3rd level of the hierarchy. The main responsibility of this layer is to route traffic as fast as possible over multiple redundant paths.

  • The core network provides high-speed, highly redundant forwarding services to move packets between distribution-layer devices in different regions of the network. 
  • Core switches and routers are usually the most powerful, in terms of raw forwarding power, in the enterprise; core network devices manage the highest-speed connections, such as 10 Gigabit Ethernet.

Distribution Layer 

The primary function of the distribution layer is to aggregate access layer switches in each building or campus and provides a boundary between the Layer 2 domain of the access layer and the core’s Layer 3 domain. Distribution switches usually have high-speed fiber (and less often copper) ports. Traditionally, VLAN’s or subnet’s default gateway functions were provided by distribution layer switches. For this reason, different types of security enforcement, such as inter-VLAN ACLs were implemented on this layer. In modern networks, however, it is also common to see access layer switches configured as default gateways for VLANs. 

This boundary provides two key functions for the LAN:

  • On the Layer 2 side, the distribution layer creates a boundary for Spanning Tree Protocol (STP), limiting propagation of Layer 2 faults,
  • on the Layer 3 side, the distribution layer provides a logical point to summarize IP routing information when it enters the core of the network. The summarization reduces IP routing tables for easier troubleshooting.

Access Layer

Access tier provides connectivity for the end-users. The access layer requires high-port density capable to deliver Power-over-Ethernet (POE). Switches at the access layer connect to the distribution layer switches and should not be connected to each other. As access switches have direct visibility into devices that connect to them, security access checks, such as 802.1x authentication, and QoS traffic classification are usually performed at this tier.

The layer is commonly referred as the network edge and it’s where end-user devices or endpoints connect to the network. It device connectivity using wired and wireless access technologies such as Gigabit Ethernet and 802.11n and 802.11ac wireless.

The different types of endpoints that connect to the access layer includes personal computers (PCs), IP phones, printers, wireless access points, personal telepresence devices, and IP video surveillance cameras. Wireless access points and IP phones are prime examples of devices that can be used to extend the access layer one more layer out from the access switch.

Access layer can be segmented for example by using Vlans so that different devices can be placed into different logical networks for performance, management and security reasons.

Also, note that the access layer switches are NOT interconnected and communication between endpoints on different access layer switches occurs through the distribution layer. The access layer plays a big role in ensuring that the network is protected from malicious attacks being the connection point for endpoints.

At what point does an organization consider incorporating core design?

When the organization’s networks starts to grows beyond three distribution layers in a single location, the organizations should consider using a core layer to optimize the design.

Remember, the distribution layer switches are deployed in pair for redundancy, so, three distribution layer switch actually means 6 switches or 3 pairs;

Design A: has 4 pairs of switches which is a total of  8 switches altogether. Each switch must connect to each of the remaining 7 switches and the same goes for each of the seven too, that’s why we see the mesh connection design. You can also see how clumsy that could be crisscrossing the cables. So, now you will have 8 switches connected to another 8 switches (pairs) and that will be a total of 56 connections. 

Design B: is the Core layer where instead of all the switches connecting to themselves, they each connect to the powerful core switch, thereby reducing the number of connections from 56 to just 8 which is easier to troubleshoot and manage.