SUMMARY:

With over 17 years of professional networking experience, I am a highly skilled Network & security architect plus triple certified expert in separate network technology tracks. I am always excited about high importance projects. I will be interested in a role of Sr. network engineer/architect and/or Sr. network security engineer on a project with fantastic technical challenges. I excel when I work on a scope of work basis or high pressure projects with expected deliverables within extremely tight to reasonable timelines.

TECHNICAL SKILLS:

Routing protocols: BGP, OSPF/v3, EIGRP, IGRP, RIP/ng, IS - IS, Routed protocols IP, IPv6.

Implementation of SP technologies: Confidential, Confidential /VPN, VPLS, Confidential -TE, Confidential -TE-path protection, MVPN, CSC, 6PE, 6VPE, mLDP, Multicast-TE, Inter-as Confidential /VPN-options-10A,10B,10C,10AB.

Implementation of LAN/VxLAN/WAN technologies: Etherchannel, VxLANs, anycast gateways, MBGP-evpn for VXLANs, ACI, VTP, STP, Frame Relay, Load balancing, QinQ, IGP redistribution, IP multicast Sparse/Dense, SSMulticast, MSDP, BSR, Auto-rp, Anycast-RP, OSPFv3, IPv6 BGP, IS-IS multi-family with IPv4 and IPv6. Implemented QoS using FIFO, Weighted Fair Queuing, Priority Queuing, LLQ, RSVP, WRED, Confidential pipe/uniform mode and short-pipe mode.

Security: Palo Alto firewalls, Panorama, Confidential ASAs 5585-X, 5555-X, 5545-X, 5525-X, IPS/IDS FirePower, Wildfire, IPsec VPN, Site-to-Site VPN, Client VPNs, Any-connect VPN, Zcaler.

Tools: Confidential ISE, Confidential Prime, Infoblox, WLCs, Splunk, Tufin, ASDM, Confidential Anyconnect.

Network hardware: Confidential routers (7600,7200,3000,2600,2500), Confidential switches (6500, 4900, 4500, 3850, 3750), Confidential ASA 55xx, 6500-FWSM, 6500-VPN-spa, VPN concentrator 3000 series, Confidential IP phones (7940, 7960), Arista 7124,7050, ASR 1K,9K, Nexus 2K,3K,5K, ISR 4331, ISR 4K, Palo 890, 7050, Nexus 7700,7000,2000,2200, Nexus 9300,9500, XR12000, Confidential ISR 4300/4400s . Confidential IOS, NxOS, IOS-XR, JUNOS.

Implemented Nexus technologies: OTV over unicast and multicast cores, VPC, VDC,VXLAN, evpn, l2vpn, Anycast gateway, Confidential NFM, overlay & underlay routing protocols, FCOE, Confidential ACI. Implemented traffic security using Standard/Extended access-list, distribute lists and route maps. Implementation of SNMP, RMON, HSRP, DHCP, DNS, NTP, IPsec VPN site-to-site and client.Cloud network migration to Microsoft Azure. SD-WAN / ACI / F5 load balancers.

Video: Capacity network design and QoS architecture for IP surveillance, IP camera, Streaming/Interactive video, Jabber video and Tandberg video.

Wireless: Confidential Wireless controllers, Access points and Confidential Flexconnect technology.

Modeling method: UML, ITIL, Programming languages C#/C++, Java, HTML/PHP, DB SQL server.

Carrier: Ethernet (fiber/copper), OCx, DSx, PPPoE, PPPoMPLS

Global multicast architectures: Over 1200 sites Multicast sparse-mode design and implementation with redundant Anycast RP between DC and DR locations over Nexus, IOS XR and regular IOS with running BGP/OSPF/EIGRP over Confidential service providers’ networks.

PROFESSIONAL EXPERIENCE:

Sr. Network engineer/architect

Confidential

Responsibilities:

• I was leading the team in charge of the internet edge and datacenter design & implementation comprising Palo Alto firewalls, F5 load balancers, Confidential 9K switches, Arista routers and switches. I designed and led the team that implemented a multi-spine leaf MPBGP-evpn datacenter architecture with VxLANs across 60 leafs, 10 spines and 2 super-spines.
• I designed and implemented our Confidential connectivity to AVPN, internet edge infrastructure and DMZ environment.
• I also implemented Palo Alto firewalls for security across 2 active-active datacenters. During the second phase of the project, I on-boarded up to 200 applications owners to the datacenter environment by reviewing business requirements, delivering connectivity drawings, implementing network script Confidential the access, core and edge layers.

Sr Network architect

Confidentia

Responsibilities:

• My daily tasks consisted of working on a backbone of up to 6000 devices, 200 PEs and implementing latest SP networking technologies like OSPF/ Confidential -VPN/ Confidential -TE/MVPN/VPLS/BGP/Multicast sparse/Auto-RP/vrf-lite/AToM/Q-in-Q.
• In addition to the native Confidential, I migrated the datacenter from a Nexus 7K / 5K /FEX-2K to a Nexus 9K architecture.
• I designed and implemented 1 pair of F5 load balancers (LTM) in an active/standby fashion for internal applications and DMZ services.
• I worked with application owners to implement VIPs and pools that met application requirements. I sized, bought and deployed 4 ASA 5585-X datacenter firewalls & X remote site firewalls in Active/Passive.
• With ASA firewalls, In addition to standard security policies, I built site-to-site VPNs, Any-connect VPN for remote access, OSPF and BGP routing for multi-site redundancy and failover.
• I also designed and implemented Confidential ISE integrated with Active directory for wired and wireless users using Radius authentication Confidential the edge and writing ISE policies that would put users in the appropriate Vlan or Wireless profile based on user characteristics.

Sr. Network engineer and Architect

Confidential

Responsibilities:

• I was engaged with a SOW to lead a team of engineers, design and implement each of the new datacenters around the Confidential Nexus 9K platform with 4 spines and 16 leafs architecture. In 6 months, we designed, bought the hardware and implemented the solution using ACI spine-leafs architectures with APIC controllers and Confidential NFM for automated deployment. This required a deep understanding of technologies/protocols such as VXLAN, VTEP, EVPN, L2VPN, Anycast gateway, MPBGP Confidential the fabric level.
• On the WAN side, this involved running BGP over AVPN with pre-defined QoS profiles. In addition, I put together and upgraded the design for remote branches to new Confidential hardware 4300 and SDWAN to datacenters ASR1004s Hubs.
• For security, Confidential ASA 5585s were implemented in cluster mode Confidential the datacenters’ edge with IPS/IDS and Cloud web security. In the second phase of the project, we worked on migrating customer sensitive applications to the Microsoft Azure cloud.

Sr. Network consultant

Confidential

Responsibilities:

• I worked as an inside Sr. consultant on multiple projects.
• The major one was a growing cloud solutions provider with 2 main datacenters;
• I worked with Confidential to design the cloud infrastructure and I was the lead network implementer onsite in a team of 3 network engineers.
• Over the last 06 months of the venture we added over 130 customers to the cloud infrastructure.
• I have put together configuration templates for operations teams to follow. Daily routine technologies involve Confidential Nexus 9K,7K,5K,2K, vPC, OTV, OSPF, WLAN, BGP, IPsec VPN, ASA 5585 Firewalls, Firepower, HSRP, RSTP, IPsec VPNs and ISP links configurations.

Sr. Network engineer

Confidential

Responsibilities:

• My main challenge was to redesign the 1200 sites backbone core to support multicast in order for business units to join multicast streams pushed from the datacenter - this involved using my Service provider carrier knowledge to design and IPv4 anycast-RP multicast network when running L3 BGP, EIGRP and OSPF protocols with ISPs.
• My main duties and realizations were the design of the new datacenter using Confidential Nexus datacenter switches (Nexus N7710, N5672, N2248) and Confidential UCS, the design of the internet edge with ASR1006s, ASA5585s and 5525s, the design of the new campus environment using Confidential 4500s switches, the design of a DMZ, an OOB environment and a DR site.
• I then prepped the configuration script for the entire environment and put together and executed an efficient migration strategy to avoid downtime during the move of over 150 servers and 3,000 employees to the new datacenter and campus.
• I also designed and implemented Confidential ISE for AAA Tacacs devices authentication and Confidential Anyconnect client VPN profiling.

Confidential

Network Architect

Responsibilities:

• When done with the design and implementation, I configured the backbone core for Multicast, to support remote sites video cameras pushing continuous multicast traffic to DVRs living Confidential key sites and the datacenter, then configured Nexus OTV to provide a layer 2 path between all 3 DCs allowing application teams to VMOTION across the network.
• I then worked on migrating their ASA 5520 and 5540 edge firewalls from the 8.2 to 9.1 code, and then replaced main datacentre firewalls by brand new 5525-X and 5585-X Confidential ASA firewalls.
• Daily tasks consisted of designing, implementing and training the staff of 7 network engineers on ways of troubleshooting the new Confidential hardware, ASAs and NXOS technologies such as VPC, VDC and OTV.

Multisite QoS design Architect

Confidential

Responsibilities:

• With the growing amount of data coming from remote sites; I stepped in to redesign and implement QOS by working with their multisite AVPN carrier and developing a 6COS model giving priority to their voice traffic then video and classifying remaining applications under 4 predefined classes. After working with application owners to understand what were the most business important applications,
• I used Netscout to analyse every single traffic flow on the network and determine what applications were the most bursty and how much bandwidth to allocate to each new class.

Datacenter migration architect

Confidential

Responsibilities:

• I brought in a team of 4 network and system architects including myself to design, plan and execute the office move.
• We put together the wireless design after we made the heat map identifying where exactly Access points should be mounted in the 4-story building.
• We then consolidated 4 datacenters into 2 newly refreshed ones based on new Confidential network hardware: N7K, N5K, N2K, WLC5508, ASRs.

Sr. Consultant Network architect

Confidential

Responsibilities:

• I was honoured to be part of those who design the internet and make it faster, broader and more reliable.
• Daily, I work with Confidential & Confidential biggest customers and help them connect their multiple branches and datacenters to our backbone.
• On the customer side we are able to understand every client topology and re-design their whole infrastructure in working heavily with Confidential ASA, Nexus 7K, 5K, 3K and 2Ks implementing latest datacenters technologies like VPC and OTV.
• On the provider side we work on Confidential 7600, CSR, 1200, XR1200, and customize to their roots protocols like Confidential, ISIS, OSPF, EIGRP, Confidential -TE, MVPN, and CSC.