Halil Ibrahim Baysal

Expertise

I focus on backbone and datacenter network design, security architecture and migrations in environments where downtime is not an option. Most of my work sits around ISP, data center and enterprise networks with multiple vendors, legacy choices and a lot of stakeholders.

Typical engagements include cleaning up or re-designing MPLS/EVPN backbones, DC fabrics and edge/peering; hardening internet edges and DDoS setups; and introducing structure in how changes are made and documented.

I’m comfortable from high-level architecture and design reviews down to protocol-level troubleshooting and configuration. The end goal is always the same: make the network simpler to reason about, safer to operate and easier to automate.

Profile

I’m a freelance Network & Security Architect based in Amsterdam with over 15 years of hands-on experience in ISP, data center and enterprise environments. I’m usually brought in when things are complex, business-critical and slightly messy: multiple vendors, historical designs and conflicting requirements.

My work typically starts with understanding how the network actually behaves today: routing, security, dependencies and failure modes. From there I help teams move towards clearer designs, safer change patterns and better observability, without losing sight of day-to-day operations.

I’m comfortable working directly with engineers, architects, management and external providers. I prefer clear communication, realistic planning and documentation that people actually use instead of shelfware.

Skills

Routing & switching: MPLS, EVPN, VXLAN, (MP-)BGP, OSPF, IS-IS, TCP/IP, QoS, multicast, DCI and internet edge/peering design across ISP and DC environments.

Security & DDoS: internet edge hardening, DDoS mitigation (on-prem and scrubbing), NGFW/IDS/IPS, segmentation, NAC patterns and integrating security controls into the network design instead of bolting them on afterwards.

Automation & observability: Python, Ansible, REST APIs, configuration templating, flow/telemetry platforms (pmacct, sFlow, ElasticSearch, time-series DBs) and using NetBox / source-of-truth approaches to reduce manual, ticket-driven work.

Vendors & platforms: Juniper (EX/SRX/MX/QFX/PTX), Cisco (ASR/6500/ASA/Nexus/ACI), Arista (70xx/72xx/73xx/75xx/78xx) and various DDoS/security platforms (e.g. Radware, A10, Fortinet), in Linux-heavy and cloud-adjacent environments.

Experience

I’ve spent more than 15 years working on networks for ISPs, data centers and organisations where availability and security really matter. Most of my work sits between architecture and operations: cleaning up existing designs, preparing migrations and making day-to-day running less painful.

Typical roles include Network & Security Architect, Senior Network Engineer and subject-matter expert for backbone, DC and internet edge environments.

On request I can provide a detailed CV with specific projects and references, tailored to the role or assignment you have in mind.

Lab & Experiments

Outside of client work I maintain a homelab where I test designs, tooling and ideas before they ever hit a production network. This ranges from EVPN/VXLAN fabrics and DDoS scenarios to GPU-backed lab environments and KVM setups.