Specifically: the goal would be to model a small "internet" that would fit in as many isolated small VMs as could fit on a single 64GB ubuntu box (say, 30-ish hosts maybe at <2GB/host). The model would start with a single machine running a browser + mail-client on a small home network, the border router, the link to the ISP, the backbone, and all the way to a cloud operator running a web server. If space permits, model another home network, to see what one would ordinarily observe when VPN-ing home from another site. Include all the major server types (dhcp at home, firewalls, dns, ntp, vpn, mail, web/socks proxies, load balancers, etc). The idea would be to have a "god view" of this little internet and be able to observe packet flow and understand where traffic originates, where it goes, what paths it follows, where it's blocked, how it's routed, etc. The learning objective would be to understand all the basic tools like tcpdump, wireshark, nmap, traceroute, kernel networking settings, kernel networking-related modules, etc without the accidental complexities and access limitations of a real network.
I would build this up incrementally, starting from one host talking to its local dhcp, and adding hosts little by little. I imagine this can be done in a reasonably straightforward way with a bunch of qemu command-lines, apt installs and configuration of the various servers in the path.
PS: I can see that there are systems like mininet and gns3 out there, but it seems like they introduce a layer above all the actual systems beneath. Maybe that's worthwhile, it's hard for me to tell.
I would recommend to stay as open source as you can. (using pfsense, nginx... not commercial firewalls), play around with wireguard,... also use a IaC configuration tool like ansible or pyinfra do configure your stuff from.the beginning (so you can easily reconfigure stuff and make changes in scale)
Have fun!
https://containerlab.dev/