The Enterprise Composite Network Model

We have just finished discussing hierarchical network design using the core, distribution, and access layers. The principles are sound, and they work. Now let’s discuss how to apply them and how they can work in the real world. We’ll do this through a discussion of modularity. How do you eat an elephant? One bite at a time, right? Well, how do you build large, scalable networks? You got it—one module at a time.

One challenge you face when using the core, distribution, and access model is that it is not always clear which layer is where in an end-to-end network view. Suppose, for example, that an enterprise has several large campus sites, many small WAN-connected branches, and several external connections to Internet service providers, telecommunications carriers, etc. How and where is the distribution layer?

You’d probably answer by saying that there are several distribution layers, and you’d be correct. In the campus LAN, you may have access devices (Catalyst 3524s, for example), and a distribution layer switch (Catalyst 6500s) that aggregates the access devices. In the WAN, you may have distribution routers (7200s) that aggregate remote branch WAN connections for connectivity back to a central site. How about the Internet connection and DMZ; is there a distribution layer there?

The answer to the preceding question involves analyzing the enterprise in separate modules and applying the three-layer hierarchical design to each module. The campus LAN as a module has access, distribution, and core layers. As a module, the campus LAN can be replicated from campus to campus while still maintaining hierarchy. The WAN module has a similar hierarchy and can also be replicated as the number of WAN-connected sites increases. You don’t discard the three-layer design; you realize that modern networks can be extremely complex so you break the network down into modules and apply the hierarchy to the modules. Cisco calls this model the Enterprise Composite Network Model.

The Enterprise Composite Network Model defines three functional areas or high-level modules. These modules have clearly defined boundaries, and hierarchy (core-distribution-access) is still applied within the modules. We will be discussing the internals of each module shortly. These three functional areas are as follows:

• Enterprise Campus

• Enterprise Edge

• Service Provider Edge

These three functional areas are not necessarily equal in size. They are intended to define the functional areas of the enterprise network within which hierarchical principles can be applied. Remember, these modules are simply pieces of the overall enterprise network. Let’s take a look at each of these functional areas in more detail.

Enterprise Campus Modules

The Enterprise Campus functional area contains four major modules. It applies to a single campus and can easily be replicated campus to campus. The four modules of the Enterprise Campus functional area are as follows:

Campus Infrastructure module The Campus Infrastructure module describes the infrastructure within a building. It is divided into three sub-modules, which correspond to the three-layer hierarchy. The Building Access sub-module represents the access layer, the Building Distribution sub-module represents the distribution layer, and the Campus Backbone sub- module represents the core. Each building has a separate access layer and distribution layer sub-module, all interconnected by the Campus Backbone sub-module. The Campus Infrastructure module handles communications between the other modules of the Enterprise Campus functional area.

Network Management module The Network Management module represents the network management function in the campus environment. It includes functions such as IDS management, syslogging, SNMP management, network monitoring, and out-of-band management (OBM).

Server Farm module The Server Farm module contains critical servers and connects them to the Campus Infrastructure Campus Backbone in a highly available way. These servers include all vital functions such as DNS, DHCP, file and print, e-mail, application, etc.

Edge Distribution module The Edge Distribution module provides distribution layer functions between the Enterprise Campus functional area and the Enterprise Edge functional area (discussed next). The need for a distribution layer between the Campus Backbone and Enterprise Edge modules allows for campus control mechanisms such as access control and security, as well as high-availability and high-capacity communications.

Enterprise Edge Modules

The Enterprise Edge functional area also includes four modules. Each of these modules is connected to the Edge Distribution module of the Enterprise Campus functional area. This bridges the gap between the campus site and WAN connectivity. Realize that not every enterprise includes every module. The four modules are as follows:

E-Commerce module The E-Commerce module contains servers and applications largely intended for external consumption in for-profit activities. Web servers, application and database servers, firewalls, IDS, Layer 4 switches, and content engines all live here.

Internet Connectivity module The Internet Connectivity module differs from the E-Commerce module in that devices here are supportive of the enterprise not necessarily directly as commerce services. Items such as SMTP mail servers, DNS and public FTP servers, web servers, and firewalls are included in this module.

Remote Access and VPN module As the name implies, the Remote Access and VPN module includes remote access services, as well as VPN access devices.

WAN module The WAN module includes the traditional enterprise WAN. Connections from remote offices, external vendors, and SOHO connections are aggregated on a distribution layer device, then handed off through the Edge Distribution module of the Enterprise Campus functional area to the campus backbone.

Service Provider Edge Modules

The Service Provider Edge functional area includes three modules. These functions are not generally implemented by the enterprise itself; instead, they are purchased services. Nevertheless, they do involve network connectivity. The three modules are as follows:

Internet Service Provider module As the name implies, each ISP is a separate module. They are attached to the Enterprise Edge Internet Connectivity, Remote Access and VPN, and E-Commerce modules. Multiple ISPs can provide higher availability.

PSTN module The PSTN module represents the dial-up components of the enterprise network. ISDN, POTS, and cellular technologies are all included in this module. DDR WAN backup links may also be included.

Frame Relay/ATM module The Frame Relay/ATM module includes all WAN technologies used within the enterprise. Contrary to its name, this module includes more than just Frame Relay and ATM; it also includes SONET, DSL, wireless, leased lines, and any other permanent WAN connections.