Network Infrastructure
This section documents the network architecture supporting the lab.
The design prioritizes latency consistency, operational simplicity, and predictable behavior under load over raw throughput or experimental features.
Network documentation focuses on intent, boundaries, and policy rather than exhaustive configuration listings.
Architecture Overview
The network follows a simple, hierarchical model:
- Single edge router providing routing, firewalling, and traffic policy
- Dedicated 10G core switching
- Access switching segmented by location and function
- Centralized VLAN termination (“router-on-a-stick”)
- Wireless provided by controller-based access points
Dynamic behavior is intentionally limited and tightly scoped.
The diagram below reflects **logical topology and policy boundaries**, not
physical rack layout or cabling paths.
┌──────────────────────────┐
│ Internet / WANs │
│ │
│ Spectrum 1G / 40M │
│ AT&T VDSL 100 / 20M │
└─────────────┬────────────┘
│
┌────────────▼────────────┐
│ MikroTik RB5009UG+S+ │
│ Edge Router │
│ │
│ - VLAN routing │
│ - Firewall │
│ - Dual-WAN CAKE (90%) │
│ - Policy steering │
└────────────┬────────────┘
│ 10G trunk (all VLANs)
┌──────────────────▼──────────────────┐
│ CRS317-1G-16S+ │
│ 10G Core Switch │
│ │
│ (pure L2, VLAN trunking) │
└───────┬──────────┬───────────────┬──┘
│ │ │
10G │ 10G │ 10G │
│ │ │
┌───────────────────▼┐ ┌─────▼─────────┐ ┌─▼─────────────┐
│ CRS326-24G-2S+ │ │ CRS309-1G-8S+ │ │ CRS310-8G+2S+ │
│ Rack Access Switch │ │ Office Switch │ │ Living Room │
│ │ │ │ │ Switch │
└────────┬───────────┘ └────────┬──────┘ └────────┬──────┘
│ 1G │ 2.5G │ 2.5G
┌────────▼────────┐ ┌──────▼──────┐ ┌─────▼──────┐
│ CRS112-8P-4S │ │ Ruckus R650 │ │ Ruckus R750│
│ PoE Access │ │ Office AP │ │ LivingRoom │
│ Switch │ │ (2.5G) │ │ AP (2.5G) │
└─────────────────┘ └─────────────┘ └────────────┘
┌──────────────────────────────────────────┐
│ Direct Core-Attached Servers │
│ │
│ • EPYC 7402P Proxmox Host (thor) │
│ - General compute │
│ - AI inference VM (dual RTX 3090) │
│ │
│ • TrueNAS EPYC Storage Server │
│ - Primary ZFS storage │
│ │
│ • Proxmox Backup Server (Xeon D-1518) │
│ - PBS datastore │
└──────────────────────────────────────────┘Figure: Logical network topology. Servers attach directly to the 10G core; access and PoE switches do not provide upstream infrastructure services.
Documented Areas
-
Edge & Traffic Policy – WAN connectivity, firewall philosophy, policy routing, and QoS design.
-
Switching & VLAN Fabric – Physical topology, VLAN propagation, and Layer 2 design boundaries.
-
Wireless – Access point deployment, RF design, roaming behavior, and QoS integration.
-
Monitoring & Observability – Visibility goals, metrics strategy, and future observability design.
-
NetBox as Source of Truth – Network intent modeling, IPAM, and authoritative design reference.
-
wanctl Control Plane – Adaptive WAN steering and shaping within bounded control limits.