H-Network
← Back to main

Case Studies

Selected projects from 15+ years of network architecture

scroll →

Worldstream — Elastic Network EVPN/VXLAN SDN Platform

Challenge Worldstream, a major Dutch IaaS hosting provider, needed to transform their 10+ Tbit/s global backbone into a software-defined platform enabling real-time workload mobility across data centers — optimized for the north-south traffic patterns that dominate hosting environments.

Role Product Owner and Lead Engineer in Worldstream's core R&D team (2018–2019), which grew from 3 to 10 engineers during the project as part of a €3M+ investment in network engineering.

Solution Designed an EVPN/VXLAN fabric architecture on Arista hardware with gateway functionality at the spine layer — placing external routing directly on the spine rather than adding a separate border leaf tier. This reduced hardware cost and latency for vertical traffic flows while maintaining full multi-tenant L2/L3 VPN services across data center locations. The architecture became the foundation of the Worldstream Elastic Network (WEN), a custom SDN platform with a purpose-built controller.

I was already using a spine-based EVPN exit/gateway pattern — I called it "Exit-at-Spine" — for hosting environments before Arista published a broader EVPN-GW architecture (EVPN Gateway for Hierarchical Multi-Domain EVPN and DCI, March 2023).

Result

  • Architecture developed in strategic technology partnership with Arista Networks (press release)
  • Nominated for "Cloud Hosting Provider of the Year" at the Dutch IT Channel Awards (January 2020) (source)
  • Platform enabled real-time workload relocation across Worldstream's global infrastructure
  • Spine-based gateway pattern later published by Arista in their broader EVPN-GW reference architecture (whitepaper)
NEP The Netherlands — Broadcast Network Telemetry MPLS / Multicast / PTP

Challenge NEP, a global leader in live broadcast services, had limited visibility into their MPLS backbone carrying low-latency PTP multicast streams — where microseconds matter and blind spots mean risk. Stale multicast connections failing to trigger backup path switchovers posed a critical threat to live broadcast continuity across sites.

Role Senior Network Engineer (2022), Hilversum.

Solution Implemented comprehensive in-depth network telemetry covering LSP state, sFlow and bandwidth analytics across the broadcast backbone. Built a custom Python-based system for automatic LSP migration based on real-time bandwidth usage — handling multicast traffic and auto-bandwidth constraints that off-the-shelf tools couldn't address. Tackled MPLS multicast backup path triggering for stale connections — ensuring reliable failover for live multicast streams across sites, where a missed switchover means dead air.

* All built by hand, before AI was an option.

Result

  • Full real-time visibility into LSP, sFlow and bandwidth across the broadcast MPLS backbone
  • Automated LSP path decisions based on live telemetry, removing manual intervention
  • Reliable multicast failover across sites — no stale connections, no dead air
EBPI — Cisco ACI + OpenStack Integration ACI / OpenStack / MPLS / DDoS

Challenge EBPI, a hosting and IT services provider in The Hague, needed to integrate Cisco ACI with OpenStack across a new multi-DC MPLS backbone — including getting Linux network namespaces to work correctly with ACI VRFs, a problem that required direct escalation with Cisco engineering.

Role Network Architect (2017–2018), The Hague.

Solution Designed and implemented the Cisco ACI fabric integrated with OpenStack. Worked directly with Cisco TAC and engineering to resolve namespace-to-VRF mapping issues that had no documented solution at the time. Built the underlying MPLS backbone across multiple data centers on Juniper MX series providing L2/L3 services, designed the multi-homed autonomous system with transit and IX peering, and implemented DDoS detection and protection with A10 Thunder TPS.

Result

  • ACI + OpenStack integration operational with correct namespace-to-VRF isolation
  • Resolved undocumented vendor interop issues directly with Cisco engineering
  • Full service provider backbone: MPLS, multi-homed AS, IX peering, DDoS protection — delivered in 11 months
Custom Flow Analytics Platform Deployed for multiple clients

Challenge ISPs and hosting providers need accurate, flexible traffic analytics for transit cost optimization, peering decisions and edge expansion strategy. Off-the-shelf tools lack the granularity and customization needed for real peering and capacity management.

Solution Designed and deployed a custom flow analytics platform built on PMACCT, sFlow, InfluxDB, Grafana and custom Python scripts. Enabled granular traffic analysis per destination, peer, source AS and more — with flexible data processing that commercial tools couldn't match. Built a Telegram bot on top, allowing engineers and peering managers to request traffic and BGP AS information on demand with auto-generated graphs. Search by destination, peer, source AS — instant answers, no dashboard clicking.

* All built by hand, before AI was an option. The early precursor to h-cli.

Result

  • Direct reduction in transit costs through accurate traffic visibility
  • More structured strategy for edge expansion and better customer pricing
  • Invaluable tool for peering managers — instant AS-level traffic insights via Telegram
  • Engineers self-serving traffic queries instead of waiting for reports

More case studies coming soon.

Want to discuss a project? [email protected]