Portfolio Hub: Professional network topology diagrams and documentation from real-world deployments. This repository showcases ISP infrastructure, DoD contractor networks, and enterprise projects with complete anonymization for privacy protection.
This portfolio showcases sanitized network documentation from professional deployments (2021-2025). All sensitive information has been removed or anonymized:
- โ No Production Credentials - All passwords, API keys, and secrets removed
- โ No Customer Data - Subscriber information, names, and personal data excluded
- โ Sanitized IP Addressing - Uses RFC1918 private ranges and CGNAT blocks
- โ No Security Vulnerabilities - Specific exploits and weaknesses redacted
- โ Generic Equipment IDs - Serial numbers and proprietary identifiers removed
Purpose: This repository demonstrates network design methodology, architecture patterns, and the author's technical expertise gained from real-world deployments. The configurations and topologies shown represent industry-standard practices and are shared for educational and portfolio purposes only.
Permission: Work is showcased with the acknowledgment of respective organizations. Work certificates received confirm professional relationship and contributions.
Open Interactive Viewer (Enable GitHub Pages: Settings โ Pages โ Source: master branch)
Professional Ubiquiti-style UI for exploring network topologies with modern glassmorphism design.
Dedicated Repository - View Project โ
Multi-site Telecommunications Infrastructure (2021-2022)
Key Specs:
- Scale: 700+ concurrent subscribers
- Bandwidth: 10Gbps backbone capacity
- Equipment: MikroTik CCR core router with load balancing
- Features: BGP routing, traffic shaping, CGNAT, subscriber management
- Performance: 99.8% uptime, managed from ISP server room
๐จ View Draw.io Diagram | ๐ Full Repository | ๐ MikroTik Config
Separate Repository - View Project โ
DoD Contractor Infrastructure (March 2025)
Key Specs:
- Scale: Secure office network, government compliance
- Equipment: Ubiquiti EdgeRouter, managed switches
- Features: Network segmentation (3 VLANs), strict firewall rules
- Security: WPA3 Enterprise, isolated guest network, 0 audit findings
๐จ View Draw.io Diagram | ๐ Full Repository
These diagrams follow Ubiquiti's visual language:
- Color Coding: Blue for routing, gray for switching, orange for security
- Logical Flow: WAN โ Firewall โ Core โ Distribution โ Access
- Device Icons: Clean, recognizable symbols
- Clear Labels: Port numbers, VLANs, IP ranges
- Redundancy Paths: Dotted lines for backup links
- Diagrams: Draw.io (editable XML format)
- Export: SVG for web, PNG for documentation
- Viewer: Custom HTML/CSS/JS (no framework needed)
- Configs: Real MikroTik RouterOS and pfSense configs (sanitized)
network-infrastructure-diagrams/
โโโ viewer/ # Interactive web viewer
โ โโโ index.html # Main UI (Ubiquiti-style)
โ โโโ style.css # Clean, professional styling
โ โโโ viewer.js # Zoom, pan, detail views
โ
โโโ topologies/ # Network diagrams
โ โโโ enterprise-office/
โ โ โโโ topology.drawio # Editable source
โ โ โโโ topology.svg # Web display
โ โ โโโ topology.png # Documentation
โ โ โโโ README.md # Design notes
โ โ
โ โโโ dod-contractor/
โ โโโ isp-deployment/
โ
โโโ configs/ # Real configurations
โ โโโ mikrotik/
โ โ โโโ core-router.rsc
โ โ โโโ vlans.rsc
โ โ โโโ firewall.rsc
โ โ
โ โโโ pfsense/
โ โโโ firewall-rules.xml
โ โโโ nat-rules.xml
โ
โโโ docs/ # Technical documentation
โโโ ip-addressing.md
โโโ vlan-design.md
โโโ security-policies.md
# Clone repo
git clone https://github.com/AIKUSAN/network-infrastructure-diagrams.git
cd network-infrastructure-diagrams
# Open viewer
python -m http.server 8000
# Navigate to http://localhost:8000/viewer/- Open
.drawiofiles in diagrams.net - Make changes
- Export as SVG and PNG
- Update README with design notes
MikroTik configs are ready to import:
# Via SSH
scp configs/mikrotik/core-router.rsc admin@192.168.1.1:/
ssh admin@192.168.1.1
/import file-name=core-router.rscpfSense configs restore via web interface: Diagnostics โ Backup & Restore
- Uptime: 99.8% over 12-month operational period
- Average Load: 6.5Gbps sustained traffic
- Peak Load: 9.2Gbps (92% backbone utilization)
- Latency: <5ms to subscribers, <15ms to upstream peers
- BGP Convergence: <30 seconds on route changes
- Subscriber Growth: Scaled from 500 to 700+ during deployment
- Security Audit: 0 findings during government inspection
- Guest Network Isolation: 100% effective, no cross-VLAN leaks
- Bandwidth Allocation: QoS rules preventing saturation
- WPA3 Performance: No authentication delays, seamless roaming
- Failover Time: <5 seconds on WAN link failure
- Redundancy at core, not edge - Dual switches at core, single at access
- VLAN per department - Easier firewall rules, better security
- Separate management VLAN - Saved me during incident response
- Document IP addressing - Future you will thank past you
- Over-complicated routing - Keep it simple, OSPF only where needed
- No guest network - You'll regret it when visitors ask for WiFi
- Skipping QoS - VoIP calls will suffer, users will complain
- Single WAN - When it goes down, you're the one on call
Data Protection Measures:
- All production credentials and secrets removed from configurations
- IP addressing schemes use private/reserved ranges (RFC1918, CGNAT)
- No proprietary vendor information or licensing details
- Network security policies and firewall rules generalized
- Customer/subscriber data completely excluded
Intellectual Property:
- Network design methodologies and architecture are author's professional expertise
- Equipment configurations based on vendor documentation and industry best practices
- Topology patterns represent standard ISP/enterprise network design principles
- Technical implementations are educational demonstrations, not proprietary systems
Usage Guidelines:
โ ๏ธ Do not deploy these configs directly to production - they are educational templates- โ Use as reference material for learning network architecture
- โ Adapt designs to your specific environment and security requirements
- โ Always validate with security audits before production deployment
MIT License - This documentation is provided for educational purposes. Use these diagrams and configurations as learning material. Always test thoroughly and adapt to your specific security requirements before production deployment.
Lorenz Tazan - Network Infrastructure Engineer
Specializing in ISP core networks, enterprise infrastructure, and security-compliant deployments.
Work certificates and references available upon request.
Built with real-world experience serving 700+ users. Good network design is invisible - users only notice when it breaks.