Architecture #
The Deevnet platform is a collection of physical and virtual infrastructure β routing, switching, wireless, DNS, DHCP, NAT, WAN uplink, compute, and virtualization β provisioned entirely through Infrastructure as Code and Configuration as Code. Every device, service, and network segment is defined in source control and applied via automation, making the platform fully reproducible and rebuildable from scratch.
Design Philosophy #
Deevnet’s infrastructure architecture is inspired by patterns used in large-scale cloud platforms. Concepts such as infrastructure boundaries, automation-first provisioning, and tenant isolation are intentionally applied.
However, Deevnet operates at a much smaller scale than hyperscale cloud providers. Instead of modeling multiple global regions and availability zones, the architecture focuses on independent infrastructure sites that can be built, operated, and reprovisioned entirely from code.
This approach preserves the architectural principles of cloud infrastructure while remaining practical for a home and portable lab environment.
System Overview #
The platform is organized around three architectural boundaries β sites, substrates, and tenants β that separate infrastructure from workloads. Because infrastructure is fully defined in code, a substrate can be reprovisioned from scratch and workloads redeployed to it β or to a different site entirely β without being coupled to any specific hardware.
Sites #
A site is an independent infrastructure deployment with its own IP address space, DNS zone, and complete hardware stack. Each site can be built, operated, and torn down without affecting any other.
| Site | Purpose | Address Block | DNS Zone |
|---|---|---|---|
| dvnt | Production home infrastructure (always-on, stable) | 10.10.0.0/16 | dvnt.deevnet.net |
| dvntm | Mobile/portable lab for development, testing, and demos | 10.20.0.0/16 | dvntm.deevnet.net |
Builder #
The builder is the out-of-band provisioning function that creates substrates from scratch. Self-contained, portable, and air-gapped capable, it provisions whichever site it’s connected to β then hands off authority to production infrastructure. See Builder for the provisioning model, authority transitions, and design principles.
Substrate #
The substrate is the shared infrastructure foundation within a site β networking, compute, storage, and management plane. It provides the base that workloads run on and is fully reprovisioned through automation. See Substrate for infrastructure layers and authority modes.
Network Segmentation #
The network segmentation model that divides each substrate into isolated broadcast domains, enforcing trust boundaries and traffic separation at the network layer. See Network Segmentation for segment types, trust hierarchy, default routing policy, and authority mode transitions.
Addressing #
The IP addressing convention for Deevnet sites. See Addressing for VLAN-based subnets, host ranges, gateway conventions, and WAN operation modes.
Tenant #
A tenant is an isolated workload boundary for applications and services running on a site’s substrate. Tenants are decoupled from the underlying infrastructure β they can be provisioned, migrated, or rebuilt without changes to the substrate, and are not bound to any one site. See Tenant for tenant networking, lifecycle management, and provisioning.