L3 Environments:
- Juniper: Deployment of robust enterprise hardware.
- Isolation: BGP dynamic routing and complex inter-VLAN segmentation.
Enterprise Network & Infrastructure Services
Network & Infrastructure
Advanced Network & Infrastructure Engineering. In addition to electrical contracting, we design and deploy enterprise-grade network architectures. We specialize in high-availability, zero-trust environments for commercial facilities and smart homes.
Redundant Firewalls:
- OPNsense: High-availability clusters utilizing CARP/pfsync.
- Protection: Deep packet inspection, IDS/IPS, and WireGuard VPNs.
Zero-Trust Topologies:
- Security: Mitigating risks inherent in smart home devices.
- Segmentation: Isolating IoT systems from critical data networks.
High-Bandwidth Systems:
- VLANs: Dedicated isolation and multicast traffic optimization.
- NVR Integration: Advanced deployments supporting systems like Frigate.
Technical Capabilities Summary
Routing & Switching
Expert in Junos OS administration. Architected and maintained multi-AS BGP environments for route advertisement between core switches, edge firewalls, and Kubernetes clusters. Configured Integrated Routing and Bridging (IRB), RSTP, and LLDP/Med.
Firewall & Edge Security
Administered OPNsense in High-Availability (HA) clusters utilizing CARP and pfsync. Deployed Next-Generation Firewall (NGFW) features including Zenarmor, Suricata IDS/IPS, and strict ingress/egress filtering. Configured hybrid NAT, IPv4/IPv6 dual-stack environments, and IPv6 tunneling (Hurricane Electric).
Container Networking (CNI)
Deployed and managed Cilium CNI in bare-metal Kubernetes (Talos OS) environments. Leveraged eBPF for high-performance datapath routing, configured BGP Control Plane for Pod CIDR and VIP advertisement, and utilized Hubble for network observability.
Traffic Engineering (QoS)
Implemented comprehensive traffic shaping and queuing disciplines across edge and core devices. Configured CoS/DSCP rewrite rules and scheduler maps for granular bandwidth allocation (Critical, Media, Gaming, Scavenger). Optimized Linux kernel network stacks utilizing TCP BBR and fq_codel.
Core Infrastructure Services
Deployed and synchronized Kea DHCPv4/v6 in HA configurations. Managed Unbound DNS and AdGuard Home for secure, filtered DNS resolution. Configured WireGuard VPNs for secure site-to-site and remote client connectivity.
Discuss Your Network Project
Need robust network infrastructure for your commercial facility or smart home? Let's design a powerful setup.
Latest Updates & Projects
Browse our recent articles and case studies related to network and infrastructure engineering below.