AutoCon4 • Network Automation Lab
Live GNS3 topologies running multi-tier architectures with reusable automation for enterprise, ISP, cloud, IoT, and industrial networks. WireGuard VPN provides secure remote access to the lab, and all traffic routes through a Caddy reverse proxy with automatic TLS termination.
Built by Graham Paasch – network automation engineer. This AutoCon4 out-of-band lab uses Infrahub as source-of-truth to drive GNS3, Ansible, Nornir, and Terraform end-to-end. It exists to prove he can take a messy real-world network, model it cleanly, and automate it with production-grade tooling.
This is my end-to-end automation lab: I designed the topology, built the GNS3 fabric, modeled the network in Infrahub, and wired Ansible, Nornir, and Terraform around that data. It exists to prove I can take a messy real-world environment, define a source-of-truth, and ship production-ready automation and documentation.
Access the lab through WireGuard VPN on UDP port 51820. Once connected, you'll be on the 10.66.6.0/24 network with direct access to Infrahub VM at 10.66.6.10. All public services route through Caddy reverse proxy with automatic Let's Encrypt certificates.
For AutoCon4, the lab runs an Enterprise Campus/DC profile; the same automation patterns extend to ISP, cloud, IoT, and industrial topologies.
MAESTRO is the out-of-band automation host for this lab. It runs Ansible, Nornir, and Terraform against the Infrahub source-of-truth and the GNS3 fabric, giving you a single place to drive configuration, validation, and live demos.
Browse device metadata, IPAM pools, and routing intent before you ever log into the lab.
View Design Doc
See the dual-spine VXLAN core, campus pods, and WAN edges exactly as they render in the live project.
Open Build Guide
Jump into SD-WAN routers, firewalls, or Nexus leaves straight from the browser—no VPN client required.
Launch OOB ConsoleSelect a device to load the exact config served from Infrahub/Ansible. Perfect for walkthroughs or self-study.
Loading CAMPUS-CORE-01…
Every toggle on this page can be reproduced as code from MAESTRO, using the same Ansible, Nornir, and Terraform you see in the Git repository. The lab is designed so that any topology profile can be driven by the same automation patterns.
Deploy
Validate
Model
Breadcrumb Trail
Just want the story? Start with the GNS3 build guide and demo storylines — they walk through what this lab does and why it matters.
Think Hansel and Gretel, but instead of breadcrumbs we drop deeply documented artifacts you can study in order. Each stop links directly to the files powering this lab so newcomers can build CCNA, JNCIA, NSE4, and DevNet Associate-level intuition just by reading and replicating.
Every design doc, Infrahub schema, config library, build guide, and validation script in this section was authored and implemented by Graham as part of this lab.
Step 01
Read the CCIE-level architecture, protocol choices, and redundancy logic that drive the live demo.
Open TOPOLOGY_DESIGN.mdStep 02
Follow the addressing math, DHCP scopes, and NAT pools used across campus, DC, WAN, SD-WAN, and DMZ zones.
Open IP_ADDRESSING_PLAN.csvStep 03
Map every hostname, vendor, ASN, and tag to see how Infrahub keeps the source-of-truth tidy.
Open devices.csvStep 04
Jump into the templated configs and rendered examples for Arista, Cisco, Fortinet, Juniper, and SD-WAN nodes.
Browse DEVICE_CONFIGSStep 05
Study the object model (devices, interfaces, VLANs, policies) that renders configs and detects drift.
Open INFRAHUB_SCHEMA.yamlStep 06
Recreate the visual topology, node placement, and resource sizing in your own lab instance.
Open GNS3_BUILD_GUIDE.mdStep 07
Execute the command cookbook for OSPF, BGP, VXLAN, SD-WAN, QoS, and firewall verification.
Open VALIDATION_TESTS.mdStep 08
Share the live stories—SD-WAN brownouts, VXLAN automation, PBR security drills—during customer briefings.
Open DEMO_SCENARIOS.mdFor lab maintainers and operators; safe to skip if you’re just evaluating the project.
This section is for lab maintainers and operators. It captures file paths, ports, and low-level details needed to keep the environment running.
lab.grahampaasch.com → static site + Guacamole on 127.0.0.1:8080gns3.lab... → reverse proxy into 127.0.0.1:3080 with legacy path cleanupinfrahub.lab... → rides virbr-autocon4 to 10.66.6.10:8000/srv/autocon4 for every hostnameOperational notes for running and maintaining the lab day to day.
These notes are written for lab maintainers and operators, not first-time visitors. They document operational quirks, troubleshooting tips, and things I learned while building MAESTRO.
/home/gpaasch/autocon4