SUMMARY

• Lead Network Architect wif 18+ years of hands - on experience in multiple networking technologies.
• Strong hands-on experience in Routers, Switches, Data Center, Security, Wireless, Computing, SDN, and Virtualization. Have designed and implemented complex Multi-platform and Multi-protocol networks.
• Strong experience in working and leading core networking team dat analyzes, designs, troubleshoots, and implement network architectures and solutions.
• Led design, development, and execution on a long-range technology architectural roadmap for teh Cloud domain based on established business needs and teh enterprise technology strategy
• Skilled in design and architect Cloud solutions - AWS, Azure
• Created functional strategies and specific objectives for teh sub-function and developed budgets / policies / procedures to support teh functional infrastructure
• Have improved efficiency of network by planning and project managing teh implementation of a new WAN using MPLS wif DMVPN, and SD-WAN.
• Ensured on going production by implementing teh network structure to allow data centers to back each other up. Have built multiple data centers from ground up using VxLAN, Cisco ACI, NSX solutions
• Reduced installation time by 75% by automating network deployment using Python, Ansible and Pearl
• Consistently reduced costs by improving network performance and eliminating unused and under-needed circuits.
• Directed a team of 5 to 9 engineers and senior staff members during teh preparation and presentation of new strategic network planning, and strategies.
• Conducted training for network engineers on various network technologies

TECHNICAL SKILLS:

Hardware Routers: Cisco ASR 5000, 1002, Cisco 7206vxr, Cisco ISR 39xx, 29xx, 19xx, 89x Juniper MX

Switches: Cisco IOS - Cisco 6509E, 4510, 3850,Cisco CatOS - Cisco 5500, 6000, 6500

Data Center: Cisco NX-OS - Nexus 9000, 7000, 5000, 3000, FEX 2000 Cisco UCS B, Cisco UCS C

Wireless: Cisco Wireless Controller 5508, MSE, Cisco Prime, AP 35xx, 36xx Aruba 70xx Mobility Controller

Security: Cisco ISE, ACS, ASA 55xx, ASA 5500-X wif FirePOWER, Firepower 9000 HPE Aruba ClearPass 25K, 5K Check Point 5900/5100

Firewall: Juniper SSG, SRX Palo Alto Networks (PAN) Firewall - PA-5200, PA-800, Panorama

Virtualization: Nexus 1000v, VMWare ESXi/VSphere 6.5, Hyper-V, ASA-v

Storage: MDS 9100/9200

Load Balancer: F5 BIG-IP i4000 series

Software / Technology: Routing

EIGRP, OSPF, BGP, MP-BGP, HSRP/VRRP, GLBP, NAT, Multicast, PIM, MSDP, IGMP/CGMP, Anycast, PBR, IP SLA: LAN

VLAN, Trunking, EtherChannel, RSTP, MST, 802.1Q, Port-Channel, PVLAN: WAN

MPLS, LDP, VRF, L3VPN, L2VPN, VPLS, LISP, QoS, NBAR, RSVP: SDN

Cisco ACI, VMWare NSX: SD-WAN

Viptela vEdge-100, vEdge-1000, Silver-Peak NX-6000, NX-9000: Data Center

VDC, vPC, vPC+, FabricPath, VxLAN, OTV, EVPN, Nexus 1000v: Storage

FC, FCoE, iSCSI, DCB, NFS, CIFS: Security

RADIUS, TACACS+, IPSec VPN, DMVPN, SSLVPN, GRE, L2TP, PPTP, GETVPN, ZBF, IKEv1, IKEv2, SSL, TLS/DTLS: NAC - MAB, 802.1X, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP- MD5

Virtualization: Cisco ASAv, PAN VM-100, VM-200, VMWare ESXi 5.5, VSphere 6/6.5, vCenter

Cloud: AWS EC2, S3, ELB, VPC, RDS, DynamoDB

Operating System: Windows, Mac, Linux - CentOS, Ubuntu

Programming: Perl, Python, JavaScript, Ansible

Other: Cisco IOS, NX-OS, IOS XR, JunOS

PROFESSIONAL EXPERIENCE:

Lead Technical Architect

Confidential, Milpitas, CA

Responsibilities:

• Assumed role of primary Technical Advisor to Sr. Management regarding emerging technologies dat could impact new developments
• Recommended future directions and participated in strategic and financial planning.
• Developed technology roadmaps. Performed network modeling, analysis, and planning.
• Researched and developed innovative network solutions and supported chronic complex problem resolution.
• Managed assigned regional projects, which include responsibility for planning; time and cost control; resource utilization and implementation.
• Supported Vendor engagements, set expectation, and ensure security due diligence
• Coach and developed direct reports and other employees and ensure department or project is adequately staffed, trained and effectively managed.
• Designed, architected and iplemented Cisco UCS environment wif Red Hat Linux OpenStack platform
• Designed and architected SD-WAN solution for remote offices. Transformed more than 40 sites over SD-WAN using Viptela. Build and configured VMs for centralize controller and orchestrator in Data Center. Pre-configured Viptela SD-WAN routers for remote locations. Configured SLA and App-route policies for critical applications (like voice, video, ERP, etc)
• Designed and configured Cisco ISE solution wif profiles and policies for 802.1X and MAB. Configured network access restrictions using Cisco SGT. Configured Cisco switches and optimized for ISE functionality - dot1x, mab and central authentication. Configured DACL policies for limited access.
• Designed and implemented SDN dat includes VMWare NSX - vCenter, NSX Manager, NSX Controller, NSX Edge Router, etc.
• Designed and implemented Aruba wireless controllers and ClearPass globally for Guest NAC solution wif EAP-TLS/MAB authentication, authorization and enforcement, posture assessment, endpoint profiling - DHCP fingerprinting, SNMP, NMAP, etc.
• Designed and implemented Cisco Wireless environment for corporate and campus offices wif Cisco 5508 WLC, AP 35xx, 38xx.
• Designed and implemented Palo Alto Networks firewall wif PA-5020, PA-3020 and PA-500
• Migrated Cisco ACS from v5.4 to Cisco ISE for TACACS authentication
• Designed and configured enterprise network automation using Ansible and Python
• Conducted technical training sessions on SDN, SD-WAN, Aruba ClearPass, VMWare NSX for teh team

Confidential, Fremont, CA

Sr Network Architect

Responsibilities:

• Designed and implemented MPLS solution wif BGP attributes - AS Path, prepend, community, etc.
• Designed and implemented DMVPN solution for WAN failover (and iWAN) and remote VPN sites
• Designed and configured Viptela SD-WAN solution in more than 10 remote locations in Active/Active mode. Configured App policies in Orchestrator and automated teh SD-WAN deployement
• Designed and implemented OSPF solution in campuses
• Designed and implemented Check Point Firewall (Gaia) for perimeter and DMZ. Configured NAT rules, filters, policies, etc.
• Designed and build new Data Center using Cisco ACI solution (wif Nexus 9K spine & leaf architecture). Implemented Cisco ACI fabric (policy groups, switch profiles, etc.), tenants - VRFs, Endpoint Groups, Contracts, etc.
• Design and implemented AWS cloud wif ELB, VPC, Direct Connect, etc. Implemented AWS Services including EC2, S3/EBS, etc.
• Configured Juniper Routers and switches - EX2200, EX3300, EX4200,etc
• Designed and implemented Data Center Security wif DMZ ASA 55xx in Active/Active mode.
• Designed and configured F5 LTM solution in Data Center and migrated all Servers seamlessly behind firewall
• Developed test plans, implementation plans, and project timelines for various projects including Nexus Data Center, MPLS, DMVPN, ASA migration, SIP trunks, etc.
• Defined and implemented F5 LTM production & DR architecture
• Performed all LTM & related tasks including creating virtual servers, pools/pool members, nodes, monitors, health checks, etc. Performed LTM SSL offloading and ciphers configuration to secure F5 configurations
• Conducted technical training sessions on MPLS, DMVPN, Cisco Wireless Controller, Cisco ACI, F5, etc. for teh team
• Provided vision and strategy for service and solution enhancement, network augments and strategic initiatives
• Analyze business requirements to develop technical network solutions and teh framework
• Designed, tested, and inspected data communications systems. Performed network modeling, analysis, and planning. Developed technology roadmaps. Managed technology vendors

Confidential

Lead Network Architect

Responsibilities:

• Analyzed and documented client technical architecture
• Collaborated wif engineers regarding best practices for infrastructure design and maintenance. Developed a communication plan to share technical noledge and project direction
• Identify opportunities to improve efficiency of business applications through technology, application, and database improvements
• Provided recommendation for improvements and teh development of technical standards
• Lead teh design of teh next-generation targeted architecture based on needs and industry’s best practices including Network, Server, Data performance, Security infrastructure, Disaster recovery processes
• Designed and implemented a new Data Center wif HP 12500, 5900, etc. switches.
• Migrated teh existing Server Farm to new Data Center from legacy Cisco 6500/4900/3750-X complex DC Core/Aggregation/Access layer environment to new Data Center.
• Designed and implemented MPLS backbone architecture - PE, CE, VRF, LDP, MPBGP, EIGRP
• Designed and implemented IP Multicast (PIM) solution
• Designed and Implemented Enterprise Multicast solution – Anycast, MSDP
• Designed and implemented Performance Routing (PfR) solution
• Configured Checkpoint firewall for remote sites. Configured IPSec VPN, rules, policies, NAT, etc.
• Designed and fine-tuned routing protocols - OSPF, BGP wif Pfr
• Designed and Implemented DMVPN solution for backup WAN and remote VPN sites
• Designed, implemented, and fine-tuned BGP over MPLS and DMVPN
• Designed and Implemented Cisco UCS pods in Nexus 7000 and Cisco 6500 Platform
• Configured UCS Fabric Interconnects 6248 / 6120
• Configure UCS Manager by defining Service Profile Template, Policies & Pools for Production Servers and DR Servers
• Designed and configured teh vNIC & vHBA Fabric/Templates based on Application bandwidth requirement
• Designed Virtualization and Cloud computing on UCS platform for a huge cost savings by reducing port costs of MDS and 6500 switches by implementing DCB/FCoE and reducing Cabling, Power & Cooling costs

Confidential, Mountain View, CA

Configure Data Center

Responsibilities:

• Installed and Configured Cisco FWSM firewall on a context based design on backend
• Installed and Configured F5 BIG-IP LTM load balancer for WebLogic farm for SSL & SLB
• Pro-actively investigated and analyze network environment (LAN/WAN) - MPLS backbone, core switches, WAN routers etc., and determine potential network Problems, and provide short/long term solutions to avoid reoccurrences.
• Evaluate current network environment - BGP, OSPF, Cisco ASASM Firewall wif VRF contexts.
• Own responsibility for a 24x7 network support
• Lead a high technical team of data and security engineers
• Coordinated and lead teams of 8-9 engineers. Reviewed technical designs, configuration, and strategies wif networking team.
• Worked wif top technology executives to assure investments in networks are appropriate and compatible wif teh industry dat can scale and adapt as teh business needs dictate
• Worked wif CTO/CIO to develop short- and long-term strategic departmental plans dat support overall corporate and IT strategy
• Managed a staff of domestic and international employees and served as teh team liaison for teh hiring process, work allocation, scheduling, training, professional development and performance evaluation
• Supported projects end-to-end initiated by various clients (internal/external) and business units including new project and client launches, internal technology efforts, and migration activities related to mergers and acquisitions
• Designed and configured data center. Worked on Data Center migration from Cisco CatOS/IOS switches to Cisco Nexus – 7000, 5000, 2000. Analyzed CatOS/IOS switches configuration, documented teh migration plan, network diagram, configured Nexus switches including VLAN, VDC, VPC, etc. Configured L3 routing protocols including BGP, EIGRP. Configured HSRP/GLBP. Installed and configured Cisco ASA for DMZ and Global-website solution. Upgraded EPLD, Fab Modules, etc.
• Designed, planned, installed and configured DR Data Center wif Cisco Nexus 7000, 5000, Cisco ASR WAN Routers. Configured BGP, EIGRP, HSRP/GLBGP, VDC, VPC, etc. Worked wif cross-functional team and tested Disaster Recovery from production Data Center to DR Data Center.
• Designed and configured Cisco Wireless Solution wif Cisco Prime, Cisco 5508 Wireless Controller, MSE, Cisco NAC Guest Server and 3500/3600 Access Points. Initially configured Cisco 5508 on 20 major locations and then configured HREAP for wireless on remote locations
• Designed and configured Cisco SSLVPN and IPSec VPN Remote Access solution. Install and configured RSA SecurID authentication solution wif software token. Migrated users from Cisco ASA IPSec VPN solution to Cisco ASA SSLVPN/WebVPN solution at 18 locations
• Configured and deployed security solutions – ISE and Cisco ACS
• Configured Cisco 6509E core/dist. Migrated users/voice VLANs from old Cisco CatOS switches to Cisco IOS switches wif planning and testing to ensure seamless LAN migration.
• Configured and brought up new locations/sites LAN/WAN network which involved installing Cisco WAN routers, Cisco 6500, 4500 core/distribution switches, access switches, designing and configuring VLAN, VTP, Ether-channel, Port-channels, etc.
• Designed, pre-configured, tested and documented MPLS WAN solution wif BGP. Migrated WAN from ATM/Frame Relay over to MPLS at 60+ locations. Configured GETVPN over MPLS wif redundant Key Servers and Group Members. Configured IPSec VPN/GRE backup for remote offices wif primary MPLS and VPN backup solution. Installed and configured OPNET IT Guru and used it for network validation and troubleshooting
• Migrated remote access VPN from Cisco VPN 3030 Concentrator to Cisco ASA 55xx remote access solution. Configured RSA SecurID solution for two-factor authentication of remote access VPN
• Configured EIGRP on LAN and WAN. Fine-tuned EIGRP routing and network performance.
• Configured IPSec/GRE VPN tunnel from remote offices to corporate office.

Confidential, San Jose, CA

Cisco TAC Engineer

Responsibilities:

• Worked in Cisco TAC tier 3 supports.
• Design and configured various scenarios on RIP, OSPF, BGP, Cable, DSL, DDR, ISDN, Modems, PPP, MMP, T1/T3, NAT and VPDN to reduce TAC cases.
• Implemented setups for various LAN and WAN protocols on different Cisco Router platforms.
• Implemented NAT and proxy server environment for Internet connectivity for teh internal network.
• Setup various bridging techniques like DLSW and transparent bridging.
• Analyzed a number of LAN and WAN protocols to compare their performance and efficiency.