- Due the volume of phone calls and current client commitments I cannot respond to voice calls quickly and do not want to inconvenience anyone.
- Provide Networking Technology and Management Consulting services plus offer strategic and tactical direction to IT executives and directors for a diverse set of Fortune 50 - 1000 clients with regard to achieving economic and productivity improvement to the enterprise through the use of technology and sound methodologies.
- Applied experience in the technical disciplines of enterprise and data center network infrastructure architecture, upgrade, implementation and problem solving with a special emphasis on network architecture, design and troubleshooting, protocol analysis, application performance impact and modeling plus data center energy consumption analysis and remediation.
- Knowledge of current business trends with relation to gaining a competitive advantage utilizing technology to provide business solutions to clients with an emphasis on quality, efficiency, flexibility, scalability and cost reduction. Experienced working as a team member or leader with all levels of management, technical staff and clients.
- Functional experience includes in-depth enterprise level architecture, planning, engineering, implementation, upgrading, training and troubleshooting of enterprise Data Center, LAN/MAN/WAN and wireless based networks.
- Provide network architecture and design recommendations plus strategic or tactical planning of complex LAN, Data Center, MAN and Boarder/Edge WAN infrastructures to a diverse clientele. Experienced working with applications, servers and workstation systems with emphasis on performance, scalability and flexibility over networks.
- Experienced in analyzing the impact on enterprise networks from integrating custom internally built distributed Client/Server, ERP/CRM, Internet, Intranet, Web 2.0, SaaS, Security, Voice, E-commerce, Collaborative, Video/general media technologies, Energy/SCADA, Virtualization, Cloud, Big Data, and Social Networking type applications. Provide strategic and tactical direction to CEOs, CIOs, IT executives and directors with regards to applying technology to business requirements. Work closely with application developers, business analysts, operations and end user customers to ensure sound design and implementation of new or expanding systems.
- Extensive project management experience that entails an in-depth understanding of qualifying business and project requirements to ensure technical solutions meet business goals within the range of technical feasibility and cost. Over two hundred projects as a hands-on functional project manager and technical engineer completed. Provide clients with a unique skill base to utilize by possessing the ability to communicate from a management to an engineering level plus manage projects, document, train staff and implement technical solutions concurrently.
- Experience in managing project related issues for budgets, staffing, Statements of Work, legal documents, and mentoring of team members. Proficient in building and managing teams of engineers to complete various integration projects. Applies best practices such as ITIL and PMBOK.
- Possesses outstanding written and verbal communications skills, plus authored numerous documents pertaining to design requirements, architectural framework, Finite State Machine, process mechanics, analysis results, problem post mortems, and operational or business process based policies and procedures.
- Provide technology consulting services to over four hundred different small, medium sized and Fortune 50-1000 commercial and non-profit organizations during my career as an independent consultant or through Systems Integration firms, plus experienced in managing a Systems Integration business and private consulting practice.
- Completed several vendor neutral and vendor specific certification programs to provide clients quality services with demonstrated knowledge of technical concepts supported by practical experience.
- Understands the ramifications and impact of social networking (Facebook, Twitter et al.), mobile, pervasive, and cloud platforms to the enterprise.
- Adept at succeeding with projects and engineering tasks which at times, may be outside the scope of my immediate technical experience. If selected to “get it done”, I always “get my man” and complete the project to use a cliché. It is from my diverse background in many areas of technology and business that helps me to succeed within a team or individually thus ensuring the team and business is successful.
- Network and application performance modeling, protocol and traffic analysis using protocol analyzers from vendors from Agilent through Wireshark. Tools utilized: LAN/WAN and wireless protocol analyzers, spectrum analyzer, Iperf, multimeters, thermal and cable meters, oscilloscope, BERT and Telco. tools. Packet crafting tools: XCAP, Ostinato, Cat Karat and Scapy.
- Experience in installing and supporting various server hardware and software platforms from major manufactures such as IBM, HP, ORACLE, Confidential, Microsoft, Mcafee and Infoblox - Basic Cloud VM testing experience on Amazon Web Service(AWS) and Microsoft Azure.
- Understanding of all network physical transport constructs in the electrical, optical and radio domains.
- Comprehension of the role and uses of data center energy efficiency standards and metrics such as PUE and DCiE.
- Possess knowledge of Virtualization, SDN, NFV and Cloud Computing with respect to its architectural components and their relative impact to enterprise and Data Center network infrastructure, business applications and security. Vast, detailed and applied experience with many legacy and current networking, server, workstation, applications, and protocols. Possess applied understanding of basic electrical and thermal engineering concepts plus basic electrical circuit analysis and design.
- Comprehensive network architecture, system, business process or Finite State Machine(FSM) documentation experience. I am experienced in depicting highly technical details in diverse abstracts to audiences ranging from CEOs to engineers utilizing tools such as Visio, Netviz and many IT productivity applications, utilities or suites such as MS Project and Office. Authored numerous white papers, technology analysis reports and troubleshooting post mortems for a vast clientele.
- Stay abreast of current industry and scientific topics that may apply to a client's technology investment.
- Enhancements in general networking and protocol development - including IPv6 and other TCP/IP draft enhancements such as DCTCP
- Data storage, SAN, NAS, iSCSI, NFS, FCoE, SSD, RDMA and archiving enhancements.
- Data Center Fabrics/Overlays such as - VXLAN, STT, Geneve, OTV, LISP, Cisco FabricPath/ACI, Juniper QFabric, Broadcade VCS, Plexii, and Arista. Network ASIC silicon trends, LSO, LRO, CSO & Merchant -Trident advances.
- Software Defined Networking/SDN and Network Function Virtualization/NFV, OpenFlow, OpenStack, plus VSphere and NSX
- Application development trends - JIT, SDLC, Agile
- Media voice and video, IPTV, social media
- Internet/Intranet access design and implementation
- Unified/Converged Computing/Communications solutions
- Client/Server and ERP technology -- Oracle and SAP
- Server Virtualization and Cloud, SaaS, PaaS, IaaS trends.
- Web Services, Web 2.0, ASP, CRM, SOA, HTML5/HTTP v2,SPDY applications
- Network Security and Cryptography
- Custom Workgroup/Workflow, social content and collaborative type applications - ADC/Load balancers - F5 LTM/GTM and Citrix Netscaler
- Layer 3 through 7 switching, MPLS, Metro Ethernet and VPLS, VPWS, E-Line, EVPS
- Ethernet (all variants) including 1-400G Ethernet solutions, Data Center Ethernet, VEPA, Trill, Lossless Ethernet, Edge Virtual Bridging. Network Architectural frameworks- Crossbar/Clos/Spine/Leaf, PODs, HPC, ULL, HFT and Cisco’s MSDC
- Network security exploit/hacking analysis - tools, news and developments in encryption and cryptography, PKI, IDS/IPS and Single Sign on systems
- Broadband technologies - Broadband over Power and Fiber to the Premise
- WDM technologies and products - DWDM - CWDM
- Wi-Fi Wireless communications (802.11a/b/g/n) and 802.11ac
- Energy and Data center efficiency technologies
- Latest advances in microprocessor and memory technology
- Operating system and file system enhancements
- Wireless Broadband MAN 802.16a/e(WIMAX) and LTE
- Smart Grid, SCADA systems and DNP protocol
- Advances in WAN, Routing and Switching technologies
- Project Management and PM Body of Knowledge (PMBOK)
- Advances in compression and optimization technologies
- Business and technology best practices such as ITIL
TECHNOLOGY ACUMEN SUMMARY:
Protocols: Frame-Relay, DPT/SRP, SONET, C/DWDM, DS/OC technologies, RS232, HDLC, SDLC, PPP, LAPD, LAPF and Q921/931, ISDN BRI/PRI, SS7 signaling protocols, AMI, B8ZS, CAS, Manchester, 8B/10B, 4D-PAM5, DSSS, OFDM, QPSK, QAM, ANSI/TIA/EIA T568A/B, Ethernet 802.3(all variants) plus many other IEEE 802 MACs, VLANs, Spanning Tree protocols(RST/MST and legacy), VTP, DTP, UDLD, ISL, 802.1q, LCAP, MLAG, PAGP, Multichassis Cisco EtherChannel, VPC and VPC+, MLS, VPNs, 802.1X, 802.1xxx, 802.11(all variants) 802.11a/b/g/n/ac Wireline/Wireless Broadband, 2.4 and 5ghz RF, antenna design and spectrum analysis. LWAPP, CAPWAPP, RLDP. Entire TCP/IP suite, IPv6, Multicast, PIM(all modes), IPSec, MPLS, LDP, Cisco’s CEF, Routing protocols(EIGRP, RIP, OSPF, ODR, BGP, MBGP) NSF, BPF, Cisco related utility protocols(CDP, IP SLA, EEM, ECA, et al.). NHRP, FHRPs(GLBP, HSRP, VRRP). Kerberos, Radius/Tacacs+, Data Encryption, SNMP, NAT, Cisco ASA. SDN OpenFlow 1.0 and 1.3, VoIP, VoWiFi, QoS, H323, SIP, various SIP Soft phones, SIP servers, codec(ITU G.711-29), MPEG-4, H264/5, WMV, FXO/FXS, Ground, Loop and E&M signaling., SMTP, HTTP, NTP, DNS, FTP, RTP, RTSP, LDAP, RDP, NFS, SMB, Telnet/SSH, TFTP, DHCP, DNP v.3, SQLNet TNS, TDS, RPC and many other application layer protocols.
Desktop/Server operating systems: Legacy DOS, Linux Red Hat RHEL 5-6, Knoppix, Ubuntu, BackTrack. Windows 7 and 8, Vista, XP, Microsoft Server 2003/8 and 2012 Windows PowerShell & netsh - Basic Linux host based iptables setup and troubleshooting.
Cisco hardware platforms: All legacy routers and switches from the late 80s to present, Nexus 7k(Supervisor 1, 2 & 2e) 5k 2k, 6500 platform(Supervisor 2T), 6500 VSS 1440, 4500R+E, 3560/V2, 3750, 3750X(stacks), 2800, 2900, 3800 series routers, ASR1002/6, ASA 5505/20. Cisco Unified Wireless 5508 WLC, 3500(for mesh and clean air) and 1142N APs, 1231 and 1241 APs. 7925 IP phone. Z-Wave 900Mhz for automation systems. Tandberg/Cisco Telepresence Codian 8500 with 8510 blades, EX90 units, Movi software for laptops. Cisco IOS from version 9.x to 15.x, IOS-XE for ASR and 4500R+E platforms, VSS 12.2(33), ASA 8/9x.x, Cisco Wireless LAN Controller 7.x and Wireless Control System 7.x, Nexus NX-OS 4.x 5.x 6.x 7.x and Advanced NX OS and FabricPath features
Network management: CiscoWorks, Cisco ACS, HP OpenView, Solarwinds, PacketTrap, Netflow, NetBrain, Fluke Netflow analyzer/tracker, Tivoli Netview web, VitalQI, Groundworks enterprise monitor and assorted shareware and open source tools utilized when applicable and depending on client’s necessity. DevOps type basic scripting in Aspect, IOS TCL, Python and Embedded Event Manager(EEM) applets plus basic REXX macros in ZOC.
Application Integration Consultant for Cloud Services
- Provided management and technical consultation to CUIT and Accenture project team leads related to migrating legacy applications from their existing infrastructure to a FlexPod based converged infrastructure platform.
- Provided guidance in project approach, process flow, migration best practices and application protocol dependency identification.
- Validate technical migration approach with application and infrastructure stakeholders. Identify application dependencies and review current approach for migrating applications from current to target state environments.
- Provide recommendations on project quality control, resource recruiting and roles.
- Developed custom application and protocol mapping FSM template diagrams to depict current to target state application transition and risk points for migration leads to use throughout migration process.
- The diagrams provide a before and after state of the application’s flows and network plus provide completed post migration documentation.
- Provided technical recommendations such as use of VMware NSX and Logical Firewalls, F5 firewalls, and various ACL consolidated security points over current host based ACLs plus application protocol discovery techniques using NBAR, iptables, netstat, tcpdump and COTS tools. Reviewed FlexPod network infrastructure and university routing core for best practices use cases.
- Contributed to technical standards for ACL management, application discovery questionnaires, and dependency inventory. Outline project schedule, order of operation, technical risks and review risk management processes. Propose methods to manage, mitigate, or remove risks and outline any inefficiencies in migration process.
Sr. Network Architect
- Conducted a network assessment of the Bank’s LI multi building campus Data Centers/DR Data Center and provide a set of tactical and strategic recommendations for the Bank to upgrade and positon their current core campus network to support a converged infrastructure for 10-100Gigabit Ethernet, Brocade FCoE SAN extension, eVault storage, VMware Vmotion and DRS between DCs, a new VOIP system, Video and a new branch WAN carrier vendor due to additional branches coming online.
- Provided guidance on the following: moving from vendor owned public IP address space to Bank’s private IP schema, general traffic levels, volumetric application distribution, security camera traffic segmentation, MTU, Jumbo frames, VLAN tagging, IP subnet schema, suboptimal routing, firewall ruleset, FHRP/gateway routing, infrared link usage between campus buildings, STP, LACP issues, HP core switch management and Cisco WLC redundancy.
- Identified and outlined critical security issues present.
- Reviewed all Data Center HP core HP 8200 zl switches for code levels and SDN/OpenFlow capabilities.
- Surveyed IDF/MDFs for best practice violations and for RTO/RPO compliance.
- Provided recommendations on updated network management tools and IPAM solutions for management to consider.
- Outlined current immediate illnesses with remedies to position for upgrades.
- Reviewed proposed third party branch wan solutions and provide deployment approaches.
- An executive summary roadmap document for the CIO/CTO outlining all issues and recommendations plus current and future state network architecture diagrams for further planning reference was delivered. Core network upgrade planning is ongoing through my office.
Sr. Network Architect
- Successfully completed ASU’s Data Center(DC) migration and redesign upgrade project.
- The new design is a collapsed version from a classical three tier to a two tier hybrid Fat Spine and Leaf architecture for enhanced flexibility, scalability and positions ASU for further converged infrastructure capabilities and SDN without the rigid constraints of the original architecture.
- The resulting design consisted of utilizing existing production assets as a tactical solution for CAPEX/OPEX compliance, improved performance and redundancy between the campus based DC and a new Co-located DC facility at IO. The enhancements applied from previous Proof of Concept (POC) design and testing projects now positions ASU for next generation DC converged POD network capabilities, resiliency and performance at current operational baselines without a major forklift CAPEX incursion.
- Authored a set of tactical and strategic network roadmap executive summaries as well as a best practice applicability matrix for post migration reference.
- Provided guidance and mentoring to ASU staff engineers and outsource third party network engineers regarding implementation and troubleshooting approaches.
- Provided management consulting to ASU in the areas of carrier SLA contract review and negotiation approach.
- Applied advanced NX-OS features and best practices for consistency, enhanced performance and stability such as SoC port alignment, Fabricpath ISIS Overload, VLAN Pruning, VPC+, PKL, LACP, Storm Control, Authentication and FabricPath ISIS related tuning options (FTAG roots, SWID hierarchy, routing and various metrics/timers) for optimal local and DCi site convergence use. Created a DEVOPS NX-OS based custom Operations menu and command set based on EEM, Aliases and command scripting.
- Implemented Sampled Netflow V9 and Embedded Etheranalyzer for enhanced visibility. Migrated from default VDC to Admin plus Data Center VDCs and assigned necessary interface resources. I worked on troubleshooting 5k/2k FEX microburst/queuing and MAC flooding related bugs and scaling issues with iSCSI based NetApp clients and Citrix XEN STP/Linux bridge related issues. Conduct review of Cisco Prime DCNM, NetflowLogic’s Splunk application for Netflow v9 and NetBrain for DC management and documentation use.
- Conduct POC testing for failover and DR behavior, Intra and Inter DC traffic pattern observation, pre migration staging and order of operation execution script creation plus to glean baseline RTO and RPO metrics of updated architecture. Provide hands on guidance and assistance with production migration post POC. The reference and detailed design planning included FSM operational state diagrams and configuration “snippets” for each engineered section plus provides a documented workbook post migration. Conducted custom FabricPath and IPERF based traffic generation on switches to simulate MAC table flood for DRAP and Jumbo MTU related performance testing. Provide detailed latency and network behavioral POC results documentation for migration use reference. This documentation also provides details about discovered product behavior and protocol bugs with detailed reference matrixes for tactical and strategic use across all areas of the DC including Network, Firewall, Load balancers, Access/Storage, Applications, Trombone/traffic flow.
- Provided reference and detail network design POC planning and execution for ASU’s new DC. This activity included Nexus 7k OS ISSU upgrades, cable/port inventory, VDC planning/provisioning across F2 modules, testing of various design options including FabricPath and VPC+ domains, ANYCAST FHRP, Citrix Netscaler Route Health Injection(RHI), Check Point VSX-VSLX Cluster plus storage protocols across DCi. Also, testing of OSPF/EIGRP for North to South and East to West prefix signaling, 65k VSS failover, ARP, CEF and TCAM table allocation/timing considerations plus the integration to the core campus network cloud.
- Additionally, optional solution items vetted were OTV/LISP/VXLAN overlay, FabricPath Multitopology use, Overload/Vlan pruning, TTL and ECMP, collapsed L3 based VDCs for routing protocols and GSLB/FHRP, iSCSI protocol tuning, as well as any changes to various VMware, Citrix, NetApp and Check Point components.
- Provided technical and management consultation to ASU for their current DC migration and network architecture upgrade project. This entails reviewing FabricPath, Overlay Transport Virtualization (OTV) and Locator Identity and Separation Protocol (LISP), VXLAN, VMware NSX and Cisco’s Dynamic Fabric Automation as various DCI and VM mobility options with ASU and their network/storage/security and load balancing product vendors to ensure ASU’s design considerations are defined, captured and met. Spearheaded the design meetings/session with vendors and ASU staff, Cisco, Check Point and Citrix vendor engineering representatives to validate design mechanics and functionality. Provide engineering and testing guidance to ASU for DCi link provisioning and testing. Provide troubleshooting guidance with Cisco TAC, ASU and CenturyLink regarding Nexus related bugs affecting FabricPath, Spanning-Tree, VPC+, ARP tables and DCI interconnect. Assist with Confidential and ASU on VM migration proof of concept testing project for the university. Authored overall DC design consideration document to capture and outline all options from vendors and track design changes to document the final solution selected.
- Reviewed managed provider’s SLA agreement and provide ASU guidance on SLA objectives for Data Centers and DCi links.
- Reviewed their current Cisco Nexus 7k and 5k FabricPath based DC core for performance, intra and inter DC traffic flows, inconsistencies in configurations and behavior and for DCI use between the current and migrated sites for VM mobility, SAN and application/database synchronization needs. Identify options to progress their current single location DC from an Active/Passive model into an Active/Active version between DC locations with current technology assets and vendor recommend solutions. Reviewed their migration IP addressing(reuse or new), use of Nexus VDC and unified fabric for FCoE use, ISP and BGP peering to DC failover plans, EIGRP use for load balancing, DNS, Netscaler and NetApp performance and expected application traffic flows. A detailed report was delivered to ASU as part of a larger Confidential initiative to assist ASU in progressing towards a fully converged infrastructure between DC sites to support the entire ASU campus, WAN, affiliates and their vendors.
- The report covered identified illnesses, risks and shared fate points, topological disaster recovery and traffic flow planning matrixes, an assessment of their migration approach with tactical and strategic recommendations.
- Conducted a high level assessment of its DC network to provide tactical and strategic recommendations for the migration of a section of its current DC from the Tempe Az. campus to a new Co-located DC vendor IO. The assessment also provides ASU ideas to progress towards a converged infrastructure by leveraging its current DC assets. This assessment entails a review of network infrastructure diagrams and documentation present, interviews with staff and management, migration design and cut-over plans plus a review of their support and operations provisioning process and tools used. In addition a review of their DC technology assets, configurations and a cursory traffic analysis was conducted against the major DC connection arteries for a performance and capacity baseline. Outline observations relative to the general health of the network and capture any issues related to the migration. In addition a review of network management and operations process for improvement and suggestions was conducted.
- I was also requested outside of my DC project responsibilities to provided design and protocol level architecture guidance regarding an Internet2 SDN solution for a Cancer Research based High Performance Computing Cluster(HPCC) Big Data/Hadoop/Cloudera based system. This design entailed NEC ProgrammableFlow SDN controllers, OESS, ASR9k and Confidential /Force10 OpenFlow based switches for end to end provisioning of L2 circuit between research universities over the SunCorridor Internet2(I2) POPs. I reviewed the solution’s protocol FSM and OpenFlow capabilities against the 1.3 specification to determine protocol functional parity for pipelines and action set behavior. Reviewed I2 ALS2 and 3 services and ASR 9000 100Gb interface requirements. Created detailed diagrams to illustrate OpenFlow mechanics and outline configuration and deployment considerations. Reviewed Confidential /Force10 10/40Gb Ethernet based HPCC network infrastructure for Fabric, OSPF routing and general post deployment compliance.
Sr. IPv6 Consultant
- I was engaged to conduct a strategic IPv6 readiness analysis for Confidential ’s public facing internet infrastructure.
- This encompassed two data centers in the US and one in London with multiple DMZs comprised of routers, switches, load balancers, firewalls, application plus specialty security and application appliances. An IPv6 compliance analysis was conducted against production IPv4 inventory and vendor/ISP capabilities.
- The analysis produced an asset readiness and business risk impact report entailing an enterprise IPv6 addressing schema, architecture recommendations that included tactical translation NAT64/DNS64 and strategic Dual Stack approaches, personnel skills development with lab requirements, high level implementation steps, five year migration strategy roadmap and timeline.
- The object of the readiness assessment report was to help measure the complexity of deploying IPv6 while deriving budgetary and scheduling data for planning purposes plus analyzing cost impacts CAPEX/OPEX for enabling on IPv6 on non-compliant devices.
- Additional recommendations include: Identification of unknown and high risk areas if IPv6 is not deployed and remediation steps.
- A criterion for addressing new and existing hardware, software, and outsourced service providers to ensure forward compatibility.
- Vendor discovery, ISP capabilities and analysis as vendor roadmaps solidify and mature. Identification on cost impacts and labor estimates for utilizing staff vs. integration provider estimates.
- A testing approach/methodology and recommended remediation strategy and timeline.
- A detailed deliverable report was produced for upper management and staff with supporting costing and readiness spreadsheets for additional planning use.
Sr. IPv6 Consultant/Engineer
- Designed and deployed a dual stack IPv6 solution on public facing Internet and DMZ infrastructure to meet the Confidential ’s Office of Management and Budget IPv6 mandate four months ahead of schedule and budget plus to position this federal agency to reach global Internet customers ahead of its competitors. The IPv6 project involved protocol research of vendor operating system stack capabilities, operation bugs and security advisory scrubs across all platform operating systems, USGv6 NIST SP 500-273/267 and RFC compliance. In addition, security testing which included crafting custom IPv6 packets to test WEB, FTP, SMTP, McAfee 8.x firewall, DNS, Solaris, Apache, Redhat, Cisco ASR IOS-XE for general use and exploits. Utilized project to sweep public Internet and DMZ network sections for operating system and product upgrades. We needed to ensure that the IPv6 mandate was achieved and as securely as possible.
- Tested and enabled IPv6 on servers and appliances used for DNS, Web, FTP and Sendmail application services. Resolved protocol stack bugs with Infoblox, McAfee, Solaris/Redhat, Bluecoat, and Cisco relating to IPv6 and dual stack architecture. Engaged vendors to correct key IPv6 shortcomings that could affect production implementation and security posture.
- Discovered IPv6 Cisco ASR IOS-XE RP to ESP TCAM bug related to the size type of ACL entry and McAfee firewall resource depletion attack vector using IPv6 Fragmentation EH as two of many different issues uncovered during research.
- Discover and document McAfee Firewall IPv6 related rule shortcomings to prevent security breaches. Created Global Unicast and custom Link Local address schema and use policy for DMZ and public facing devices.
- Tested other DMZ devices slated in future for IPv6 compliance such as Cisco VCS 7.0.3, McAfee ESA 3400, Bluecoat Proxy SG and Cisco ASA 5520. Project included replacing single point of failure IPv4 Solaris BIND based DNS with a high availability Infoblox for IPv4/IPv6 DNS solution thus upgrading the organization’s public DNS system a year early as a positive extra byproduct of project results.
- Work with application developers and server administrators to ensure IPv6 related APIs and Sockets stacks were compliant across all services.
- Built an IPv6 lab to mimic production environment for extensive research, testing and validation of all IPv6 dual stack related Internet servers, applications, security, DMZ related protocol operation and testing. The lab was also utilized as a deployment staging, practice and training tool and built for future use by staff for testing features such as DNSSEC, IPv6 related patches or testing of new IPv6 related features before production use. Created and conducted custom hands on IPv6 training classes for agency staff which covered the protocol’s use and mechanics through specific product use for ongoing operation and maintenance. Conducted “lessons learned” sessions and provided agency with IPv6 industry related information resources and educational material.
- Conducted an analysis of possible IPv6 extension header exploits and used open source tools to construct crafted packets to test security features of firewalls, router ACLs and all other vendor IPv6 stack related functions. Validation of protocol exploits was conducted with packet capture and analysis and results were reviewed with agency cyber security personnel. Executed IPv6 traffic level and packet exploit stress testing against dual stack components in lab and documented behavioral results.
- Created detailed matrix based documentation that include NIST/USGv6, product and RFC pass/fail compliance, addressing schema, bug scrub and OS version upgrades, security packet attack testing and per device/product dual stack feature testing results for all devices involved in production environment. The matrices were required to track the compliance, testing and bug discovery progress at a granular level. Detailed diagrams for the lab and production environment plus a multi operating system IPv6 command line user guide for function testing and validation was also created.
- Developed a deployment approach and detailed testing criteria based on results gleaned from research which ensured the smooth and outage free integration of IPv6 over production running equipment. The approach ensured that some common IPv6 issues such as RFC 6555 “Happy Eyeballs” from affecting current IPv4 customers or Sendmail unable to handle IPv6 spam were addressed. Developed a custom Cisco IOS-XE IPv6 router management and operations menu and a command line toolset for staff to quickly identify and troubleshoot IPv6 related issues. Utilized IOS based tools for the deployment and post deployment use such as a “kill switch” for zero day deployment, Denial of Service policer, NBAR, Netflow, and packet tagging for DMZ IDS filtering to provide full IPv6 visibility from the perimeter router for operations and security staff. The tools also included the use of Embedded Event Manager applets to automate IPv6 support related functions and toggle Embedded Packet Capture functions. Applied IPv6 reverse path verification, ACLs and Bogon lists to interfaces. Tested IPv6 BGP and recommended auto Bogon BGP peering service from Team Cymru.
- I worked in liaison with the Confidential Project Manager, created project plan, conduct project meetings with all stakeholders and agency representatives, escalated issues within agency and to vendors. Attend federal IPv6 task force meetings when applicable. Managed schedule to prevent scope creep resulting from outside initiatives impacting project resources and kept project on and eventually ahead of schedule to a successful completion. We were one of the few agencies in the federal government to meet the federal Office of Management and Budget IPv6 mandate early and were prepared for World IPv6 Day with a secure and easily managed solution. Provided additional guidance and recommendations regarding IPv6 industry best practices for future agency IPv6 related projects.
- Requested to participate in another, larger scale project, after the IPv6 project was completed. This project entailed upgrading a Confidential site wide data center core from a L2 core to a MPLS Core for VPN services utilizing various Catalyst 6500 and Nexus 7/5K, MPLS, M-BGP, OSPF and Nexus 2k FEX for top of rack server farm access. The 300 square mile government site consisted of many research areas (some classified) and each are to become CE/PEs and communicate via MPLS core for common services. Basically building a carrier network within the enterprise. This is a very complex, highly secure, government network with their own private telecom switching stations, fiber infrastructure and power plants on site plus firewalls and various monitoring systems present between all layers to protect classified and unclassified data thus making evolutionary upgrades extremely difficult and imposes many design constraints. Client had issues with onsite vendor and project fell six months behind schedule. After first site cutover had difficulties I was asked to provide protocol and approach guidance. I outlined technical architecture issues related to the new core deployment of MPLS/BGP and the risks during future transition steps.
- Resolved issues relating to initial deployment result affecting major server farm switch Port Channels, CE to PE VRF VPNv4 prefix mutual redistribution leaks resulting in VPNv4 routes present in Core routing tables and routing loops. Also reviewed were, vPC, FEX pinning, MTU and MPLS fragmentation, iBGP/Route Reflectors, VLAN distribution and sprawl, VTP, STP, OSPF Superbackbone down bit/domain tag prefix list, IP subnet size issues and wireless controller platform approach. Provided consultation on approach for migration based on protocol mechanics behavior, application impact of sites involved and the security overlay restricting a graceful deployment.
- Reviewed existing migration plans and provided recommendations on scheduling, approach and resources required to complete with minimal impact to the site. Recommended options such as pushing vendor for proper resources to aid client, Fabric Path as possible tool to alleviate design constraints. Improve planning for staging time and cut over practice, the possible use of VDC to create overlay based solution or the use of RT extended community for hub and spoke option.
- Also recommended reviewing architecture use of layer 2 through 4 protocol notification from carrier/debounce/damping through OSPF/LDP/BPG/NSF timer synchronization options and route inventory snapshot before and after any site cutovers. Conducted ad hoc VRF/MPLS/BGP training classes to help staff understand how routes in VRFs from sites will propagate. Provided list of possible “gotcha” issues that could appear during transition. Drafted post mortems on problems discovered and resolved and conducted lesson learned sessions with team.
- Provided general network engineering, troubleshooting support and guidance in many other areas of this agency’s network including providing Cisco ASR 10Gbs and BGP peering support for National Lambda Rail connectivity to other national labs.
- Assisted in staging Cisco network infrastructure to support DAS and SCADA applications for the Clemson University wind turbine testing center project, server virtualization connectivity, 802.11 wireless controller and guest access security related issues.
Sr. IPv6 Consultant
- Research all aspects of IPv6 protocol operation, mechanics and deployment/management options for enterprise and data center to support a cloud company’s remote access clients and the cloud company's data center core. Determine the feasibility of migration, outline deployment caveats and provide staff an understanding of IPv6 in general and its benefits for migration.
- Deployed IPv6 in labs from client and AMI’s utilizing various Cisco platforms and routing protocol environments - IPv6 - BGP/EIGRP/OSPFv3 and ISIS to better understand native use. The project encompasses working with IPv6 code relating to Cisco IOS 12.x and 15.x on various router and switch platforms Windows 7 and Server 2008 R2, Ubuntu Server 11.xDocumentation of all research and testing results.
- The project included the following features and options of the protocols to be tested
- Protocol exploits in various main and extension header fields and FSM issue for security, IPv6 Transition technologiesOSPFv3, EIGRPv6, IS-ISv6, Dual stack/protocol environment analysis, DHCP and DNS in IPV6, Single IPv6 routing protocol end to end for server connectivity, Multiple routing protocols for IPv6 SIN routing, Flow label use, QOS dual and single mode, IPv6 tunnels via MPLS core, IPv6 based IBGP core, IPv6 DMPVPN, GREs VPLS, BGP multihome ARIN prefix allocation process, IPv6 tunnel/transition technologies, IPv6 routing protocol redistributions, IPv6 BGP internal and external, V6PE, IPSEC, Path MTU testing, Jumbogram testing, addressing changes /120 /126/127 prefixes for router to router links, addressing of 6 to 4 and general prefixes for core, NAT, Netflow use with IPv6, IOS DHCP server on router, Multicast services, IPv4 through IPv6 core and IPv6 through IPv4 MPLS core, IPV6 on ASA, IPV6 IOS firewall, IPV6 Wireless, Multiple OSPFv3 and EIGRPv6 instances/contexts and AFs on routers vs. VRF, VRF for IPv6, NTP, ISATAP, 6to4, Teredo, Firewall and content appliance review for IPv6, IPv6 SLA, IPV6 ACLs and CEF.
Sr. Wireless Network Engineer
- Designed and implemented a large scale Cisco Unified Wireless Network(CUWN) for the enterprise campus and manufacturing plants.
- The new CUWN replaced a large scale Cisco autonomous based system. The CUWN positions Hershey for enhanced wireless services to support enhanced data, voice, video, guest users, mobility services and support of iPad and iPhones for executive staff. The CUWN also positions Hershey to leverage current and future mobile technologies - merging 4g and WIFI to enhance productivity and cut costs at its campus and manufacturing plants.
- The CUWN design and configuration entailed over six Cisco 5508 Wireless LAN Controllers and various models of LWAPs(Lightweight Access Points), including Mesh and Clean Air models. Conducted physical and RF site surveys for AP deployment, utilized existing coverage patterns of legacy APs for LWAP swap related locations. Utilized RRM to triangulate coverage holes once initial deployment at a site was completed. Used Clean Air statistics from LWAPs at manufacturing plants to support LXE based warehouse bar code scanners. Configured all 5508 controllers in redundant pairs and tested failover and LWAP join process. Create all WLAN SSIDs and AP Groups. Tested Cisco 1231 Autonomous AP to LWAP “on the pole” conversion process of converting 1231 and 1142 APs from Autonomous mode to Lightweight and back to Autonomous mode for deployment and rollback consideration for plant deployment.
- These APs are for use in various plant environments to support a critical LXE based barcode scanning application that currently supports original Barker and CCK codes lower 802.11b rates. Manufacturing operations cease if barcode function is paused. Use WLC Configuration Analyzer for WLC configuration comparison. Resolve client and LWAP join related “stickiness” issues. Submit any issues and bugs discovered during deployment to Cisco for review. Implement AP and rogue security policies.
- Utilize Spectrum analyzer and wireless sniffer for coverage and protocol violation detection. Tuning and troubleshooting of various 802.11 B/A/G/N issues relating to RRM, DCA, TPC, AP Load Balancing, MIMO, Beam forming(Client Link), coverage hole detection, RADIUS/EAP timers and rogue detection/RLDP. Provided 802.11n bonded 40Mhz channels on 5Ghz and utilized legacy 2.4Ghz channels for 802.11n MCS rates for full coverage potential and barcode rate support. Troubleshoot and tune client related driver roaming issues. Change production LWAPs into Monitor or Protocol Analysis Mode, when needed, to conduct remote troubleshooting operations. Troubleshoot any CAPWAP and LAG related issues. Configured and tested Voice Wlan usage with Cisco 7925 IP phones.
- Trained Hershey personnel on the basics of LWAP provisioning, 5508 wireless controller fundamentals and CAPWAP protocol functionality for support and troubleshooting during the deployment plus created/held a custom two day training class that covered basics of LWAPs, CAPWAP process, Split MAC and WLC architecture with labs and reference material for support personnel to utilize post training. Supported legacy WDS based Autonomous system during upgrade and globally for sites not updated to CUWN.
- Lead a team of network support personnel through the deployment of campus site cutover from the legacy Autonomous system to the new WLC LWAP system. I developed project plans, cutover and rollback scripts conducted project meetings and spearheaded the execution of all tasks with the team. We achieved successful deployments of over six campus sites and plants with no impact to the business through sound project approach and planning.
- Setup Wireless Control System(WCS)for controller management, WLC configuration archiving, future provisioning template usage plus imported controllers, maps, and campus building information. Created custom reports on usage statistics, alarms and events for support personnel to utilize.
- Develop initial (pre Mobility and Guest Server product purchase) campus wide “Guest access” services utilizing WLC based DHCP and Web Authentication services. The Guest access service utilized a common cable internet access connection to a Cisco 2921 router running IOS 15.x, VRF Light and Zone based firewall feature set. I developed the Zone based firewall policies(class/parameter maps), denial of service policer, implemented NBAR for protocol/traffic profiling, LAG switch and WLC ACLs and created a custom IOS menu for support personnel’s use to review firewall policy, NBAR and traffic statistics. This custom router used for Guest wireless access also included the use of IOS Embedded Packet Capture tools for support personnel to execute captures of guest traffic for compliance needs quickly from the custom IOS menu. Guest services can be provided by assigning any enterprise LWAP throughout the campus into the defined Guest AP group on the WLC to provide dual internal and guest access services.
- Cisco/Tandberg Telepresence pilot network support, I provided engineering and general support for the pilot project of demonstrating Telepresence technology for the Hershey senior executive staff. This entailed ensuring the network infrastructure, where the pilots are deployed, supported “end to end” QoS so the Telepresence traffic was placed into the proper queues and received the correct PHB. Configure Cisco/Tandberg Profile 65s and EX90s for DSCP markings, codec settings, conference protocols (H323 suite and SIP) plus bandwidth rates for voice and video. Configure and tuned Codian MSE 8510 blades for bandwidth, codec, conference handling and resolution control of connected laptops for sharing presentations. Monitor pilot conferences via Codian and switches plus troubleshoot any issues. The pilots were successful convincing senior management the need to deploy Telepresence globally.
- Complete global switch QOS deployment project to support upcoming Cisco/Tandberg Telepresence deployment. This project entailed review of QOS policy and queuing configurations plus pushing the configurations out to over 11k ports throughout the world and validating.
- Conduct global Cisco switch IOS and port macro upgrade. The macros were developed and tested for various types of switch ports, LWAPP, Telepresenece device, and general workstations. They were deployed to all global switches utilizing REXX and CiscoWorks. All switches were staged for IOS upgrades and executed outside of business hours.
- Develop IPv6 lab to test basic IPv6 protocol configuration and comparison of deployment between IOS 12.4T and 15.1.3 routers. Also tested IPv6 based routing protocols (BGP, OSPF, EIGRP), prefix lists and filtering for functionality and SIN routing. The lab is for Hershey personnel to use to learn about the protocol and test possible deployment scenarios in a scratch pad environment.
- Provide daily level three support for the Hershey global network and MPLS based WAN cloud as well, some of the items I supported are: Cisco ASR based core WAN routers, 28/2900 based global site routers, DMVPN, AT&T/Sprint MPLS, EIGRP, eBGP, iBGP, Catalyst 6500 standard and VSS platforms, 10Gigabit Ethernet, Zone based firewall configurations, 4500R+E platform, legacy plus MST Spanning Tree, Multiple VTP domains, Dragon/Gigawave PtP wireless links between campus buildings, 2900-3750X series switches in L2 and L3 modes and stacks, CiscoWorks, Cisco ACS, complex general campus and WAN domestic/international remote site network infrastructure. Mentor staff members and provide guidance to new interns.