While there are standards and best practices for network design, there are rarely correct answers to any particular problem. The answer to most questions on this topic is ‘it depends’.

Common Terminology


When several devices all connect to one central device we can draw them in a ‘star’ shape. This is often called a star topology Star Topology [^Star Topology, Umapathy, CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0, via Wikimedia Commons]

Full Mesh

Where every device is connected to every other device.

Partial Mesh

When some, but not all, devices are connected to each other. [^Original: Foobaz / SVG: Rehua, Public domain, via Wikimedia Commons]

Two-Tier Campus LAN Design

The Two-Tier LAN design consists of two hierarchical layers:

  1. Access Layer
  2. Distribution Layer

Two-Tier designs are also called ‘Collapsed Core’ designs because they omit the core layer found in Three-Tier LAN Design.

The Access Layer is the layer that end hosts connect to. Access layers usually have lots of ports for end hosts to connect to. Many services and features of a network will operate within the access layer, particularly those sensitive to their proximity to end-hosts. For example, the following are usually done in the access layer:

The Distribution Layer aggregates connections from Access Layer Switches. Depending on how large the network is, there can be multiple access layer switches. A common configuration is all the access layer switches connected to a redundant pair of distribution switches.

The distribution layer serves as the border between Layer 2 and Layer 3 (That’s OSI Layer 2 & 3). It is common for SVIs on distribution layer switches as their default gateways. This layer is used to connect to the Internet, WAN, etc.


Below is an example Two-tier design, where hosts are connected to an access layer, which is connected to the distribution layer, which is connected to two redundant routers, each connected to separate internet connections from separate ISPs. There is also a bank of servers with their own two-tier configuration. Note the hosts are connected to access layer switches in star topologies. They may not be laid out to look exactly like a star here, but nevertheless they are star topologies. The Access and Distribution switches form a partial mesh. The Distribution Switches are a full mesh. It can be hard to see the connections when they aren’t cleanly laid out, but each distribution layer switch is connected to every other distribution layer switch. It is common to see multiple topologies used together in larger networks like this.

It is common, for redundancy’s sake, to connect distribution layers in a full mesh. With large networks, especially those that span multiple buildings, this can make the number of connections in the distribution layer grow rapidly.

To help scale larger networks, we can add a Core Layer, making this a Three-Tier design.

Three-Tier Campus LAN Design

Three-Tier LAN design builds on Two-Tier designs by adding a third layer:

  1. Access Layer
  2. Distribution Layer
  3. Core Layer

The Access & Distribution layers work the same as in Two-Tier Campus LAN Design.

The Core Layer connects distribution Layers together in large LAN networks. The focus is speed, so we want to avoid any CPU-intensive operations (security, QoS marking/classification, etc.) and all connections will be Layer 3 to avoid spanning tree complications.

Because this layer is the backbone on which the entire network relies redundancy is very important. This layer should keep working, even if devices fail.


Spine-Leaf Architecture

Spine-Leaf architecture is a common design in data centers. Traditionally, data centers used three-tier architectures, like we covered in the last section. These architectures work well when most traffic in the data center is ‘North-South’ i.e. traffic mostly flows up and down the layers, likely going to and coming from the Internet. However, with the increased precedence of distributed computing (largely by way of virtual servers) there has been a significant increase in the amount of ‘East-West’ (i.e. host-to-host) traffic in many data centers.

Traditional three-tier networks often had bottlenecks in bandwidth, and significant variability in server-to-server latency, as there may not always be a convenient route between any two servers. Spine-Leaf architecture (sometimes called ‘Clos’ architecture, named after one of its designers )

Spine-Leaf architecture largely consists of spine switches and leaf switches, organized into two distinct layers, and follows some basic rules:

  • Every Leaf switch is connected to every Spine switch.
    • Therefore, every spine switch is connected to every leaf switch.
  • Leaf switches do not connect to other Leaf switches.
  • Spine switches do not connect to other Spine switches.
  • End hosts only connect to Leaf switches.


The path taken by traffic is chosen randomly to balance the traffic load among the Spine switches.

Notably, this design mitigates the issue of variable latency between any two servers. The number of hops between any two servers is three, unless they happen to be connected to the same Leaf switch, in which case there’s only a single hop.

Cisco ACI uses Spine-Leaf architecture.

SOHO Networks

Small Office/Home Office (SOHO) refers to the office of a small company, or a small home office with few devices.


This doesn’t strictly refer to offices per se. Any home internet connection will (almost certainly) fit into this category.

SOHO networks don’t have complex needs, so it’s common for all networking functions to be provided by a single device. This device, often called a home router or wireless routeretc. is commonly provided to home internet customers by their ISPs.

This single box can serve as a

  • Router
  • Switch
  • Firewall
  • Wireless Access Point
  • Modem (sometimes this is separate)
  • Others

These devices can come in all shapes and sizes, may be provided by ISPs, or purchased on their own.

While enterprise networks will have separate devices for all the functions listed above (and they need dedicated devices for them!) Small companies and home networks have no need for such robust solutions.