Engineer Software
Resume:
DAVID H. CHEN
Nashua, NH *****
***********@*******.***
SUMMARY
. Unique background with 10+ years communication software engineering using
C/C++ in RTOS (VxWorks, Pharlap) and drivers for MS Windows in VPN,
IPQoS, and networking products.
. Result oriented, excellent team player and a quick learner.
. Accomplished software from media-access, network, session to application
layer: including Interrupt Service Routine, comm. stack driver, network
socket programming, and networking applications using various comm.
protocols - IKEv2, MOBIKE, SSL, PPPoE, L2TP, IPSec, PPP, RSVP, VLAN, ATM,
RIP, ISDN, MPLS, HDLC, CHAP, XMODEM, SIP.
PROFESSIONAL EXPERIENCE
Principal Software Engineer, Reefpoint Networks (Merged with GenBand
Networks), MA (2007-)
- Lead IPSec release: Fix IKEv2 /IPSec and adding dynamic port/address
change features for specific customer requirement.
- Design and develop MOIKE to solve address/port changes of an access point
or wireless hotspot device that having connected to GB's IPSec device. A
connection state machine is created from RFC to add the IKE's process.
- Add feature for SNMP Management system: Add b-tree for
add/delete/search SNMP configuration with compromise speed and RAM need to
store the table.
- Add in-house tool to debug/maintain IPSec VPN Security Gateway including
IKEv2.
Security Software Engineer, Cisco Systems, MA (2004-2007)
- Participating next Generation SSL VPN development including Windows
Mobile platform. Design and developed service for VPN connection in
GINA/Winlogon before user logon.
- Maintain Windows SSL VPN client and performance improvement; include
algorithm/protocol, TLS protocol improvement (patent grants#7716731),
architecture, software static, and dynamic analysis using various
software tools in C++/C.
- Design, developed NTLM authentication and zlib compression features for
SSL VPN client.
- Analysis and fix beta VPN subsystem, including IKE, IPsec, L2tp, to
deliver next generation's Security Appliance product in LINUX development
environment.
Independent Consultant, Ian Martin, NH. (2002-2004)
- Design, developed PPPoE and interface entity for BRAS (broadband access)
carrier grade router using C/C++ on LINUX.
- Design, developed ASP.NET secured web application and service in
multimedia presentation that use SOAP encryption, XML, WSDL, Java script
and C#.NET in .NET framework /visual studio for multi-tier architecture
programming, SSL hosting on MS IIS.
- Design, developed network monitor/packet analyzer using C# and C++
packet driver in
Windows2000/XP; sending packets from unmanaged C++ to managed C#
environment
for LINUX's LDP, MPLS and ip-route2 QoS traffic analysis.
Principal Engineer, Ellacoya Networks, NH. (2000-2001)
- Lead designed, developed and delivered tagged VLAN in C++ for VxWorks and
MPC68302 embedded system on Gigabit Ethernet XPIF port with MMC network
processor switch as backbone in chassis, one control blade and multiple
data blades, using CVS source control. The flow-id and ATM type cell data
frame used for forwarding across different blade through back-plane if
local connection information is resolved; otherwise, forward to control
blade, through out-of-band ether net, for global connection resolution.
- Design and developed L2TP tunnel server into one integral PPP and L2TP
state machine making both LAC and LNS as connection end-point using
RADIUS/CHAP as subscriber authentication in C++ and distributed software
architecture for service steering, subscriber management product.
The port based and tagged VALN is for multiple slots chassis device in
fully distributed software environment. Each slot have multiple either net
ports. The control and data path are separated globally and locally to
achieve forwarding efficiency. Software architecture has one central
global process and one local control process for each blade on the slot.
For control path, the local control process will attempt to resolve each
port's forwarding request; if failed, it will forward the request to the
global process (on the control blade) for final resolution. The control
process has configuration management and CLI for user interface. It
maintain a table that mapping VLAN_ID to all ports on the chassis. It also
push down the configuration to related local process (blade). The data path
uses high speed switch fabric by setting up flow id with ATM cell like data
frame. A flow table that maps between ports and VLAN_ID is maintained.
The multicast flow/id is used for multicast frames. This table is globally
maintained and pushed down to related local process/blade. It is fail-over
aware. This VLAN design spec. is available for review.
Technical Staff, Indus River Networks Corp. (merged with Cabletron), Mass.
(1999-2000)
- Lead design, develop, and deliver L2TP for IPSec VPN device in a fully
distributed scalable configuration management. The VPN device is a single
general purpose CPU with stackable configuration management (CM) system.
It's CM has one PC as master. For each VPN device, a local CM process is
actively communicating to the master CM to receive configuration and
request connection resolution. The VPN device separate control path and
data path in the kernel driver of the comm. stack. The L2TP comm. stack
is both implement as kernel driver in Windows 2000 (for client) and LINUX
(for the IndusRiver's VPN device). This enterprise VPN product uses LAC
and LNS as end-points. Created L2tp call state machine for PPP/LAC at
same end-point for LINUX and Windows kernel driver in C++. Using SoftIce,
DBG, syslog, clearcase software tools.
Principal Engineer, Shiva Corporation (merged with Intel), Mass. (1998-
1999)
- Participating in NextGen projects initiative using StrongArm processor.
Designed PPP over ATM.
- Demonstrated the CDSA (Common Data Security Architecture) for PKIX
compliant in VC++,JDK.
- Add ACL (Access Control List) subsystem for IPSec adding filter rules for
each secure tunnel and
in firewall rules into Shiva's VPN gateway in Pharlap embedded real time
kernel system using VC++ 5.0.
- Participate in the development of VPN SOHO router from market survey to
hardware/software design.
- Analyzed Public key Certification Process including Diffie-Hellmen key
generation and related
encryption/decryption algorithms and evaluated Shiva SST certification
process.
- Designed PPP over analog 56k MODEM on Power PC / STREAMS platform.
- Participated in ISDN features evaluation from 3rd party modules.
Senior Software Engineer, Zydacron Inc. Manchester, New Hampshire. (1996-
1998)
- Managed deliver ISDN U product for N. America mkt. Developed product
spec. design and testing procedures. Completed beta program for QA and
marketing. Engineering including using ISDN S/T platform to design and
developed state machine for the U interface layer-one embedded software
for M68302. Three pairs of ISAC and IECQ chips are used on the board to
achieve 3 BRI ISDN interface.
- Enhanced & developed a video library to setup CODEC (AVP3) chip on
board from host PC. Using MFC and Visual C++ 4.0 tools. Including
techniques of window, keyboard and mouse system hook of WINDOWS 95.
Developed a software logic to integrate the on board Zoran video chip DMA
display and MS Direct Draw video display in WINDOWS 95 through PCI bus.
- Technical transfered the COMMON-ISDN-INTERFACE driver version2.0 in
WINDOWS 95/NT from Europe. Including all B-channel comm-stack B3(X25),
B2(X75,HDLC), B1 and layer 3 D-channel. Integrated with MC68302
controller on physical layer through ISA bus. The driver is in C and C++
for WINDOWS 95's VxD driver. Created a CAPI application to test the
driver by using MFC. Created a NDIS driver to integrated into other
vender's driver.
Independent Consultant, Dover, New Hampshire. (1994-1996)
- Implement ST2+ protocol (Stream Protocol RFC 1819) on PC Windows95/NT
using
VC++/MFC for both end-station and router features. Created ST2+ stack
paralleled to IP stack driver.
Implemented ST2+ finite state machines, provide WinSock API of St2+
Agent for application.
- Designed and implemented QoS ReSource Manager (RSM) for ST2 system on
Bay Networks router
embedded system (GAME version 8.10) Modified I/O driver (Enet and MK50)
and the priority queue. Ported Leaky Bucket Policing algorithm to provide
ST2 flow control mechanism using tagged packet as communication mechanism.
- Developed software tools on PC including Yacc, Lex using BC/C++.
Systems Project Engineer, Meter & Control Business, General Electric, NH
(1988 - 1994).
Participated development of distributed artificial intelligence system
(Expert System) and maintaining/improving the system. Serve the role as
both system administrator and knowledge engineer. Including meter knowledge
crafting, presentation and platform programming by using Object Orient
Analysis/Design, LISP/C/ASM and various scripts programming languages in
remote access via MODEM for client's knowledge distribution/presentation
and LAN servers for knowledge crafting and system development in
Honeywell/PC distributed database environment.
SPECIALIZATIONS/SKILLS
VPN, IP QoS, Data Communication, E-Commerce, Network security, Expert
Systems, languages including C/C++/C#, LISP, PASCAL, Assembly (80x86,
NEC753xx, TMS320Cxx), FORTRAN, BASIC, JAVA, JScript. RT/OS including
VXWORKS, LINUX, MS WINDOWS, and proprietary embedded OS.
EDUCATION
M.S. Computer Science, University of Southern Maine, Portland, Maine
M.S. Structural Engineering, University of Iowa, Iowa City, Iowa
B.S. Civil Engineering, Chung-Yuan University, Chung-Li, Taiwan
Contact this candidate