network-infrastructure-diagrams

Network Infrastructure Portfolio

Portfolio Hub: Professional network topology diagrams and documentation from real-world deployments. This repository showcases ISP infrastructure, DoD contractor networks, and enterprise projects with complete anonymization for privacy protection.

📋 Legal & Privacy Notice

This portfolio showcases sanitized network documentation from professional deployments (2021-2025). All sensitive information has been removed or anonymized:

• ✅ No Production Credentials - All passwords, API keys, and secrets removed
• ✅ No Customer Data - Subscriber information, names, and personal data excluded
• ✅ Sanitized IP Addressing - Uses RFC1918 private ranges and CGNAT blocks
• ✅ No Security Vulnerabilities - Specific exploits and weaknesses redacted
• ✅ Generic Equipment IDs - Serial numbers and proprietary identifiers removed

Purpose: This repository demonstrates network design methodology, architecture patterns, and the author’s technical expertise gained from real-world deployments. The configurations and topologies shown represent industry-standard practices and are shared for educational and portfolio purposes only.

Permission: Work is showcased with the acknowledgment of respective organizations. Work certificates received confirm professional relationship and contributions.

---

🎯 Interactive Viewer

Open Interactive Viewer (Enable GitHub Pages: Settings → Pages → Source: master branch)

Professional Ubiquiti-style UI for exploring network topologies with modern glassmorphism design.

---

📐 Featured Projects

🌐 Regional Fiber ISP - Core Network Deployment

Dedicated Repository - View Project →

Multi-site Telecommunications Infrastructure (2021-2022)

Key Specs:

• Scale: 700+ concurrent subscribers
• Bandwidth: 10Gbps backbone capacity
• Equipment: MikroTik CCR core router with load balancing
• Features: BGP routing, traffic shaping, CGNAT, subscriber management
• Performance: 99.8% uptime, managed from ISP server room

🎨 View Draw.io Diagram

📁 Full Repository

📝 MikroTik Config

---

🔒 Government Contractor - Secure Office Network

Separate Repository - View Project →

DoD Contractor Infrastructure (March 2025)

Key Specs:

• Scale: Secure office network, government compliance
• Equipment: Ubiquiti EdgeRouter, managed switches
• Features: Network segmentation (3 VLANs), strict firewall rules
• Security: WPA3 Enterprise, isolated guest network, 0 audit findings

🎨 View Draw.io Diagram

📁 Full Repository

---

🎨 Design Philosophy

These diagrams follow Ubiquiti’s visual language:

• Color Coding: Blue for routing, gray for switching, orange for security
• Logical Flow: WAN → Firewall → Core → Distribution → Access
• Device Icons: Clean, recognizable symbols
• Clear Labels: Port numbers, VLANs, IP ranges
• Redundancy Paths: Dotted lines for backup links

🛠 Tools Used

• Diagrams: Draw.io (editable XML format)
• Export: SVG for web, PNG for documentation
• Viewer: Custom HTML/CSS/JS (no framework needed)
• Configs: Real MikroTik RouterOS and pfSense configs (sanitized)

📂 Repository Structure

network-infrastructure-diagrams/
├── viewer/                    # Interactive web viewer
│   ├── index.html            # Main UI (Ubiquiti-style)
│   ├── style.css             # Clean, professional styling
│   └── viewer.js             # Zoom, pan, detail views
│
├── topologies/               # Network diagrams
│   ├── enterprise-office/
│   │   ├── topology.drawio   # Editable source
│   │   ├── topology.svg      # Web display
│   │   ├── topology.png      # Documentation
│   │   └── README.md         # Design notes
│   │
│   ├── dod-contractor/
│   └── isp-deployment/
│
├── configs/                  # Real configurations
│   ├── mikrotik/
│   │   ├── core-router.rsc
│   │   ├── vlans.rsc
│   │   └── firewall.rsc
│   │
│   └── pfsense/
│       ├── firewall-rules.xml
│       └── nat-rules.xml
│
└── docs/                     # Technical documentation
    ├── ip-addressing.md
    ├── vlan-design.md
    └── security-policies.md

🚀 Quick Start

View Diagrams Locally

# Clone repo
git clone https://github.com/AIKUSAN/network-infrastructure-diagrams.git
cd network-infrastructure-diagrams

# Open viewer
python -m http.server 8000
# Navigate to http://localhost:8000/viewer/

Edit Diagrams

1. Open .drawio files in diagrams.net
2. Make changes
3. Export as SVG and PNG
4. Update README with design notes

Use Configs

MikroTik configs are ready to import:

# Via SSH
scp configs/mikrotik/core-router.rsc admin@192.168.1.1:/
ssh admin@192.168.1.1
/import file-name=core-router.rsc

pfSense configs restore via web interface: Diagnostics → Backup & Restore

📊 Real-World Performance Metrics

Regional Fiber ISP - Core Network

• Uptime: 99.8% over 12-month operational period
• Average Load: 6.5Gbps sustained traffic
• Peak Load: 9.2Gbps (92% backbone utilization)
• Latency: <5ms to subscribers, <15ms to upstream peers
• BGP Convergence: <30 seconds on route changes
• Subscriber Growth: Scaled from 500 to 700+ during deployment

Government Contractor - Secure Office Network

• Security Audit: 0 findings during government inspection
• Guest Network Isolation: 100% effective, no cross-VLAN leaks
• Bandwidth Allocation: QoS rules preventing saturation
• WPA3 Performance: No authentication delays, seamless roaming
• Failover Time: <5 seconds on WAN link failure

💡 Design Lessons Learned

What Works

1. Redundancy at core, not edge - Dual switches at core, single at access
2. VLAN per department - Easier firewall rules, better security
3. Separate management VLAN - Saved me during incident response
4. Document IP addressing - Future you will thank past you

What Doesn’t Work

1. Over-complicated routing - Keep it simple, OSPF only where needed
2. No guest network - You’ll regret it when visitors ask for WiFi
3. Skipping QoS - VoIP calls will suffer, users will complain
4. Single WAN - When it goes down, you’re the one on call

🔒 Security & Compliance

Data Protection Measures:

• All production credentials and secrets removed from configurations
• IP addressing schemes use private/reserved ranges (RFC1918, CGNAT)
• No proprietary vendor information or licensing details
• Network security policies and firewall rules generalized
• Customer/subscriber data completely excluded

Intellectual Property:

• Network design methodologies and architecture are author’s professional expertise
• Equipment configurations based on vendor documentation and industry best practices
• Topology patterns represent standard ISP/enterprise network design principles
• Technical implementations are educational demonstrations, not proprietary systems

Usage Guidelines:

• ⚠️ Do not deploy these configs directly to production - they are educational templates
• ✅ Use as reference material for learning network architecture
• ✅ Adapt designs to your specific environment and security requirements
• ✅ Always validate with security audits before production deployment

📝 License

MIT License - This documentation is provided for educational purposes. Use these diagrams and configurations as learning material. Always test thoroughly and adapt to your specific security requirements before production deployment.

👤 About

Lorenz Tazan - Network Infrastructure Engineer
Specializing in ISP core networks, enterprise infrastructure, and security-compliant deployments.

Work certificates and references available upon request.

---

Built with real-world experience serving 700+ users. Good network design is invisible - users only notice when it breaks.

This site is open source. Improve this page.