I'm not a network engineer. I studied CS and write software and I'm not looking to transition -- but following things have given me a better understanding of networks to a point where the "mastery" you seek seems attainable:<p>* iterating in a homelab
* consuming industry conference talks, mailing lists
* connecting with professionals in forums and IRL<p>Homelab V1: My first homelab was a PC router with 4-5 $10 nics running pfsense, a 48 port 1u Cisco switch and a linksys AP. I had my laptop and a couple PCs and a networked printer, and I got comfortable with ipv4 playing with it. I renumbered hosts all around rfc1918 space with varying masks til subnetting was intuitive. I used Wireshark on my laptop and tcpdump on my router to debug network issues and to see layer 2 traffic (ARP, DHCP, various vendor layer2 discovery protocols.) I used the switch's CAM table to indicate which physical port had originated frames with a particular source MAC address. I configured the same mac address into a couple devices and learned how ARP table poisoning works (accidentally!) I put multiple NICs in a PC on the same subnet, and when I had issues, I learned how the routing table works. I setup pfsense as an L2 deny-by-default firewall briging the wifi and the wired lan; this was a fantastic exercise as I had to whitelist DHCP before clients could get addresses, whitelist their addresses before they could talk to the router, whitelist ICMP, DNS, NTP, HTTP/S, SSH, IRC, etc before my laptop would function as well as it had on the unfirewalled wifi. As I picked up more hardware, I started playing with vlans, STP, DHCP snooping. I played with VPN into L2TP, OpenVPN, IPSEC, SSH tunnels, and QoS schemes. I had to move my VPN port to 80 because IHOP wifi didn't allow any other ports out. I searched "ARP security", "DHCP attacks", etc and read up on attacks and security strategies for every protocol I used, learning about 802.1X port security and Radius Severs to prevent DHCP exhaustion, for instance. I pointed security and configuration scanners at my network services, and watched tons of security conference videos on youtube in my spare time to see how things get pwn'd. I played with multimode fiber, jumbo frames. I setup multiple routers such that packets from my living room to upstairs would take one route, while the response packets would take another route. I applied my designs across multiple brands of hardware (like setting up vlans to interoperate between different brands of switches.) I got HTTPS working everywhere, first with self signed certs, then with an experimental CA. I bought a 42U rack, patch panels, a UPS. I got comfortable documenting my setups.<p>Homelab v2: I wanted to learn ipv6 and nothing about it made sense, so I started by watching youtube videos on it, then moved to conference talks with war stories of people deploying it. Once I was confident I could make sound technical decisions (have to let go of the ipv4 poverty mindset and be okay with just letting hosts SLAAC a /64!) then I built a wifi network that was ipv6-only. I loaded OpenBSD on another dual-nic PC, connected one nic to my homelab lan and the other to a new wifi AP. I applied for a Hurricane Electric Tunnel, and setup OpenBSD to send an RA for the HE /48 on the wifi nic, and forward all ipv6 traffic from the wifi NIC to the tunnel broker via the homelab lan. I tweaked my RAs, I learned about NDP, DHCPv6, DHCP-PD, and setup DNS64/NAT64, (so ipv6 hosts can access the ipv4 web.) Then I started connecting windows, apple, android, ubuntu clients and using wireshark to diagnose issues when they wouldn't work. I added an 8-port router to drop ipv4 traffic by default and put wifi, printers, wired hosts, etc on their own segments. Turns out I could run my whole house this way!<p>Homelab v3: Lately I've been interested in getting my own ASN. I've read news articles and NANOG discussions for years about BGP security failures, blogs from small ISPs and network engineers setting up their own networks and recommending what used gear to buy on eBay. After looking into ARIN fee schedules, I formed an LLC an I'm seriously considering applying for my own ASN and some ipv6 space, augmenting cheap fiber in my neighborhood with a connection from a local WISP who agreed to let me peer with them. For more money monthly than I can probably justify, my ISP will give me an L2 path to a nearby IX so I could peer over fiber instead of tunnelling to my nearest HE tunnel broker POP.<p>All along the way, I've shared my work in forums and chat rooms (IRC) and got helpful feedback. Mentioning my homelab in conversation helped me make friends with folks who share my interest, including senior technical staff in local ISPs, major hardware vendors, pen testing firms, and multi-campus IT departments. This professional network could help me transition to network engineering if I ever left software development for something more network related.<p>A homelab won't prepare you fully for a job. Depending on the position (multi-campus corporate IT? CTO of a CDN? Datacenter Architect? ISP?) you might be working with microwave links, 400Gbps routers (can't really firewall at that speed!), MPLS, SDN, SD-WAN, or even application stuff like k8s. However, a firm grasp of the fundamentals and a few friends in the industry will make most of those things accessible for you.