Network Planning

A stable and secure network is the foundation of any infrastructure. I plan, implement, and operate network solutions that take access, performance, and security into equal consideration—from physical cabling to software-defined segmentation. I use open-source technologies such as OPNsense, WireGuard, and Ceph as well as classic protocols and high-availability mechanisms.

In my projects, the network serves not only as a transport layer, but also as an integrated security, storage, and availability platform. The goal is always to create a traceable, auditable, and automatable network architecture that is fully integrated with other systems (KVM, Kubernetes, storage, monitoring).

Firewall & VPN

Security, segmentation, and site networking based on open platforms. I use OPNsense (FreeBSD-based) as a central firewall and VPN solution and combine it with WireGuard for high-performance, encrypted connections between sites and data centers.

  • Firewall design and rules (DMZ, management, internal network)
  • IDS/IPS, geo-blocking, and soft blocks
  • Site connections via WireGuard/IPsec
  • Integration into monitoring and log systems
Learn more

Block storage

Storing and providing data via the network requires stability, redundancy, and performance.

I rely on Ceph, ZFS, and multipath connections to implement powerful and highly available storage clusters—independent of proprietary SAN solutions.

  • Ceph clusters for distributed block and object storage
  • ZFS storage with snapshots, replication, and deduplication
  • iSCSI and Fibre Channel connectivity, multipath configuration
  • Integration into KVM, Kubernetes, and backup workflows
Learn more

Availability

High availability is not an add-on, but an integral part of any network planning.

I implement failover, load balancing, and redundancy mechanisms that ensure continuous operation even in the event of failures.

  • LACP bonding, redundant switch connections, VLAN separation
  • Keepalived/HAProxy for VIP and failover scenarios
  • Storage redundancy (Ceph replication, ZFS mirror)
  • Cluster and recovery mechanisms with Ansible automation
Learn more