Cisco produced a few different network architecture guidelines for enterprise networks. For those of you who are preparing the CCDA, you will encounter sooner or later these designs and best practices. As, I never found a document compiling every models for my CCDA preparation, I decided to create this one.
Below, a sum up of main Cisco’s network models: Hierarchical Model, Entreprise Campus Network, Entreprise Composite Network Model (ECNM), Datacenter Network Model, Service Oriented Network Architecture (SONA), Security Architecture For Entreprise (SAFE) and Cisco Borderless Network.
We find different types of hierarchical model depending on the size of the company:
1 tier: one layer, typically small/branch offices (<50 employees)
2 tier: core/distribution (collapsed core) and access layers OR core and distribution/access layers (50-100)
3 tier: core, distribution and access layers (100-200+)
1 tiered architectures are designed for small offices that do not need enhanced services (e.g.: branch offices) or so small that they can keep up with all-in-one boxes.
2 tiered architectures are appropriate for mid-sized company that do not want to invest and maintain lot of devices. Collapsed core and collapsed distribution layer fit well in these environments as they typically use multilayer switches and converged networks.
3 tiered architectures are generally used in medium to large environments. It allows an easy and neat network segmentation. On the operational side different technicians could operate at each layer according to their competency area.
However if this model remains easy to understand, easy to design, and easy to manage it shows its limits in large environments.
Enterprise Campus Network
Entreprise campus describe large / multi-building entreprise networks, typically large companies headquarters. This design is an extension of the traditional 3-tier hierarchical model. It is more modular to support advanced service delivery (datacenter module, wan module, wireless, DMZ…). This design is enhanced in the Entreprise Composite Network Model.
In the campus network we list the following zones :
– Building access
– Building Distribution
– Campus Core
– Server Farm (/Datacenter)
Here is an example of a 4 buildings enterprise campus network:
Enterprise Composite Network Model (ECNM)
The entreprise composite model use the previous architecture and integrate specific modules delivering specific services.
The entreprise edge interconnects the entreprise campus to the other modules :
– E-commerce / DMZ / Internet (web servers, corporate servers, CPE)
– Entreprise WAN (FR, MPLS L3VPN, L2VPN)
– Remote Access / VPN (IPsec and SSL VPNs, dial-up connections)
The SP Edge layer describes the related technologies used on the service provider side, and the remote modules define connection ends.
Datacenter Network Model
Datacenter network model is designed for the enterprise datacenter. Networks in such places undergoes different constraints and uses different technologies which explain the need for specific design guidelines.
Datacenter network model has 3 layers : DC access layer, DC distribution layer and DC core layer.
DC access layer
– Provides a high density of access port for servers
– Layer 2 technologies (VLANs, STP, LAG)
– High performance, low latency switching (servers and uplinks)
– Provides routed ports
DC distribution layer
– Links LAG uplinks from DC access to DC core
– Support flexible and integrated high performance L3-7 services (security, applications specific…)
– Provides L2 and L3 connection to access and core (depending on the design)
– Provides redundancy (VSS, vPC, HSRP, GLBP, VRRP…)
– Supports intensive processing and scales well
DC core layer
– Connects DC to Campus Core with high speed L3 links (10GbE is standard)
– Must support all routing and advanced interconnection features
– Provides low latency forwarding
Service Oriented Network Architecture (SONA)
SONA is a set of high level network design guidelines that aim to improve business agility. The objective is to do a better use of the underlying network infrastructure to better serve mission-critical applications and key areas of the entreprise.
Security Architecture For Enterprise (SAFE)
SAFE provides design and implementation guidelines to help create secure and reliable networks.
Goals of SAFE (from Cisco):
– Mitigation of threats and security based on policy
– Secure Management tools and development reports
– Authentication, authorization and accounting for network equipment
– Use of security mechanisms for all network devices
– Intrusion detection for network devices and IP subnets
Which technologies does SAFE use ?
– Cisco’s security platforms: ASA, IOS security, Catalyst switches, FWSM
– Trust and identity technologies: ACL, NAC, 802.1X, IBNS…
– Threat detection and mitigation: Cisco Secure Agent, NIDS, IronPort, ACL, firewall rules, IPS, DDoS detectors, Syslog, Netflow…
– Security Management and secure administration: Cisco MARS, CSM, ACS, NTP, TACACS, RADIUS, VPN
– Integrated security: IOS security, ASA, AAA, SSH, SSL, VPN, IPS
Cisco SAFE have guidelines to implement security in every areas of the enterprise network:
– Campus Network
– Datacenter Network
– Enterprise Edge and WAN
The idea behind the Borderless Network is : anyone, anytime, anywhere, anything. The connection must be fast, reliable, secure and seamless.
This is actually more a conceptual design with corresponding technologies than a real implementation document. This architecture enables next generation use such as mobility and BYOD.
All information on the Cisco Borderless Network Architecture webpage.</p>
To have a detailed view of these models, I advise you to read this book: http://www.ciscopress.com/store/ccda-640-864-official-cert-guide-9781587142574
Cisco Datacenter Aggregation layer with Nexus 7000: www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html