Valid Government of Canada Secret security clearance

Experienced Principal Network Architect/Design Engineer with 25+ years of success in Cloud Networking/Computing, IT, Datacenters, Service Providers, and telecommunications. Proven leadership and technical expertise for impactful outcomes aligned with business objectives. Proficient in end-to-end project management, from analysis, evaluation, requirement definition, product selection, deployment, development to post-implementation support. Successful track record in analytical thinking and effective management.

Articulate communicator adept at simplifying complex concepts for diverse audiences. Establishes strong rapport with staff and clients across organizational levels. Excels in delivering engaging presentations to technical and management audiences. Motivational team leader with a focus on staff development and training for high-impact contributions. Multiple performance awards for exceptional leadership and customer service excellence. Demonstrates flexibility and adaptability in diverse situations.

Objective:

Leverage my design, architecture, integration, and troubleshooting expertise to contribute in Cloud Networking/Computing, Hybrid/Multi-Cloud environments, Datacenters, Service Providers, and Telecommunications & Networking.

Summary:

A strong Network/System Engineer with 25+ years’ experience in Network Architect, designing, testing and Security, implementation, monitoring, troubleshooting, system integration and development test.

Actively engaged in various projects responsible for strategizing, executing, and overseeing cloud environment workloads across multiple cloud platforms such as AWS, Azure, GCP, and others

Provide technical direction to project teams to ensure quality information systems and appropriate technology for customers in a responsive and cost-effective manner.

Provide Architectural solution for various typical scenarios in cost effective manners.

Lead various customer Capacity Planning technical discussions, Customer training sessions, Product Architectural design and training session and technology deep dive discussions with Worldwide Advance Service group ((EMEA, North America and APAC).

Work towards network architecture consistency across platforms and infrastructure projects

Self-motivated, dedicated, excellent team player, flexible approach towards problem solving and support.

Extremely dedicated work ethics will go to any length to get a task completed.

Recognized numerous time (Cisco – Innovation, CAP awards, Hyperchip Pride, Equinix Innovation etc) for timely solutions and problem solving skills.

Prime for Educational Customer driven program includes strategic Troubleshoot Skill development, Network Infrastructure designing, Routing Protocols Implementation and Troubleshooting.

Proven track record for Tier III support

Proven track record for successful completion of product trials with various Core and Enterprise customers.

Core Knowledge Areas:

Network Design

Automation

Resource & Timeline Estimates

Project Management

Process Improvements

Quality Control & Analysis

Training & Development

Cloud Networking/Computing ( Hybrid and MultiCloud)

Technical Documentation

Staff Recruitment

Client & Interdepartmental Relation

CyberSecurity

Summary of Technical Skills:

Extensive Cloud networking Knowledge of (AWS, Azure, GCP).

Extensive knowledge of Cisco high end routing and switching platforms e.g. Cisco NCS 5500, 6000,CRS-1, CRS-3, ASR-9K, ASR-1K, ASR-5K 12000, Nexus 1000v, Nexus 2k, 3k, 5k,7K,9K Catalyst 6500,5000, and 3550 (Multi Layer Switch), Juniper MX series, Nokia 7750 Service Routers

Extensive knowledge of Networking OS IOS-XR, IOS-XE, Nexus OS, IOS, Junos, Nokia SR OS, Arcos etc.

Good knowledge of Openstack, Cisco VPP.

Good understanding of Azure Services for Enterprise like Microsoft Azure Store-Simple, Automation, Backup and Site Recovery.

Good understanding of Azure PaaS Services (Web Apps, API apps, Logic Apps, Mobile Apps)

Good knowledge of load balancer like F5 and A10.

Good knowledge of IPV6 migration, 6RD, CGN-NAT

Good knowledge of firewalls like fortinet and Cisco Security platforms like Fortinet Fortigate firewalls, Cisco ASA,, Cisco VPN 3000 / 5000, Concentrator, Cisco IDS, IBM Secure Way, Check Point Firewall 1

Good knowledge of System Security (network side).

Good knowledge of Cloud Technologies Virtualization, IaaS, PaaS, SaaS, NaaS

Good knowledge of Virtualizations, Linux KVM, Kubernetes and Docker Containers.

Good knowledge of monitoring. Using Model Driven Telemetry, SNMP etc.

Good knowledge of SCO Unix, linux, AIX, MS Windows, and MAC OS.

Good knowledge of Microsoft Teams, Sharepoint, Confluence, Coda etc.

Good knowledge of OpenFlow, SDN, SD-WAN, telemetry, YANG, RestConf.

Good knowledge of datacentre SAN switches Cisco MDS 9000, Cisco Nexus Switches, Brocade DCX and DCX-4S, Brocade 5000.

Good Knowledge of CICD Pipeline

Good knowledge of git and other IaC tools like terraform.

Good Knowledge of Ansible

Good knowledge of scripting l programming languages like Python, Java Script, as well as web development tools such as HTML

Good knowledge of Internet services Name servers using Infoblox, BIND DNS, Route 53, and Microsoft DNS. Web servers using IIS, Apache and MS Index server, FTP servers using Wu-Ftpd, NcFtpd, MS Ftp. Proxy/Cache server using Squid and MS Proxy and ISA, Certificate Server using Netscape and Microsoft Certificate Servers.

Extensive knowledge of Ethernet 10G, 100G, 400G, tunable XFP, tunable SFP+, 40G QSFP, 100G CFP, 802.1ad, 802.3ah, 802.1ag.

Good Knowledge of Mobile and wireless technologies like CDMA, 2G, 3G, 4G, LTE, WiMax, WiFi, 802.11a, 802.11b, 802.11n, 802.11g, 802.11 ac, and Wireless controllers from Cisco and Aruba.

Good Knowledge of SAN, FCoE, FCIP, Fiber Channel

Good Knowledge of VoIP, VoFR

Significant documentation skills including Microsoft Visio and PowerPoint schematics.

Good Knowledge of Network scanners and vulnerability analysis tools ISS System Scanner Console, ISS Internet Scanner, SATAN, ISS, Portscan, Nmap

Extensive knowledge of below mentioned Networking protocols and technologies.

·

Networking BGP, Cloud Networking of ( AWS, Azure, GCP), MBGP,TCP/IP, OSPF/OSPFv3, EIGRP, IS-IS, MPLS, LDP, MLDP, RSVP, Segment Routing, SR V6, Multicast v4 and v6, mvpnv4, mvpnv6, QOS, BSR, MSDP, VoIP, NAT, VPN, MacSec, IPsec VPN, GetVPN, DMVPN, FlexVPN,L3VPN, 6PE/6VPE, L2VPN, VPLS, PBTS, MPLS-TE, FRR, P2MP tunnels, GMPLS (RSVP-TE), L2TPv3, NextGen Firewalls (Palo Alto, Fortigate etc), Distributed Cloud Firewall, IDS, IPS, Cyber Security, OTV, EVPN, vPC, MPLS VPN using BGP Policy routing, IPV6, IPv6 migration e.g using 6RD, DS-Lite, Ethernet, FDDI, TACACS+ and RADIUS, STP/RSTP/MSTP, LACP, BFD, NetFlow, sFlow, IPFIX, hsrp, vrrp, glbp.

,

Technologies IPSec,IKE v1 and IKE v2, Kerberos, SSH, RADIUS,TACACS+, SDN, ISDN, FR, ATM and VPDN’s, PKI, AAA, VPN Using IPSec, lawfull access, OTN/SONET/SDH (G.709, DWDM, OC12, OC48, OC192,, OC768)

.

.

Certification:

Cisco Systems

CCIE # 23989 (Service Provider + Data Center)

Cisco Certified Design Specialist

Implementing and Operating Cisco Security Core Technologies

CSS (Cisco Qualified Security Specialist)

Cisco Certified Specialist - Data Center Core

Cisco Certified Specialist – Service Provider Core

Cloud Certifications

Aviatrix MultiCloud Network Professional

Aviatrix Multicloud Network Operations Specialty

https://www.credly.com/badges/df77e922-1f48-4af7-a738-32ae4d63397b/public_url

Networking in Google Cloud https://www.coursera.org/account/accomplishments/specialization/NHVXWJKUNBQ4

Education:

2022-23 Scaler Academy course of Programming Constructs, Data structure and Algorithms and System Design

2022

1992-1996

University of Texas at Austin

N.E.D University of Engineering & Technology, Karachi, Pakistan.

Post Graduate Program in Cloud Computing

Bachelors in Electrical Engineering

Patents:

US11520615B1 Virtual network function virtual domain isolation

Techniques for virtualized network functions (VNFs) that provide for domain isolation of networks coupled to the VNF are described. A virtual network function (VNF) includes a cloud virtual domain coupling the VNF to a cloud service, a management virtual domain coupling the VNF to a management service, and an external virtual domain having a public Internet Protocol (IP) address. The external virtual domain receives an authentication request providing access credentials for a VNF customer from a cloud client device, provides the authentication request to the management service via the management virtual domain, receives an authentication response from the management service, and, in response to determining that the VNF customer access credentials are valid, initiates application of a policy that allows the cloud client device to configure the cloud virtual domain or the cloud service and disallows configuration of the external virtual domain and the management virtual domain.

https://www.patentguru.com/US11520615B1

Bandwidth aggregation service model using virtual gateway in Equinix Cloud Exchange (ECX)Bandwidth aggregation service model using virtual gateway in Equinix Cloud Exchange (ECX).

US 1209-189USP1 · Issued May 22, 2020

Hierarchical tenant aware distributed DHCP.

US 1209-172USP1

Professional Experience:

Senior Solutions Architect Aug 2023 to Present

Aviatrix.

Technical enablement and enhancement of the world's first multi-cloud networking and security training and certification program - Aviatrix Certified Engineer (ACE)

Creates new ACE training content and updates and enhances the existing one.

Creates knowledge base documents (KBs) on community, videos, etc.

Delivered various live instructor-led trainings to students from Customers and Partners of various ACE tracks.

Work closely with IT team for process improvement, automation and integration.

Work with customers for successful deployments of Aviatrix Solution in their Multicloud Environment.

Principal Network Architect Dec 2016 to July 2023

Equinix.

Introduced Intent-based Programmable Network for Equinix Interconnection services - scalable layered Architecture was developed in-house, includes network abstraction layer, and SDN controller to provision multi-domain multi-tenant services on shared hardware. Presented How Equinix is deploying Intent Based Network in MPLS WC 2019.

https://www.segment-routing.net/conferences/2019-04-11-MPLS-WC-2019-equinix/

Responsible for Global Network Architecture, Engineering, and Network service orchestration function for Equinix InterConnection (Cloud Exchange, IX, Internet access, Metro Connect) and IaaS/PaaS (Network Edge, Edge Metal) platform spanning across EMEA, APAC and AMER regions.

Responsible for Equinix nextGen Architecture, SDN strategy and technology stack selection

Develop strategy to short list vendors based on conducted POC results

Architecture and Design of virtualization technology stack selection (VMs, K8s, DPDK/SRIOV, vSwitch vs VPP) for IaaS platform offering where 3rd party vendor's VNFs are hosted as market place.

Engaged for developing network abstraction layer to hide networking complexity by offering vendor-agnostic model-driven service objects for distributed service provisioning.

Architected network slicing on Equinix global backbone offering encrypted, high bandwidth, and low latency slices with control given to tenants to steer application traffic based on application SLAs.

Developed Architecture and Design for real-time resource state monitoring and close loop back system for customers to interact using custom policy and take appropriate action based on application SLAs

Support Engg team to help validate solutions scale and performance.

Develop rollout strategy into production.

Train Ops team and help with deployment

Design and implemented nextGen DNS solution using UltraDNS and Infoblox devices.

Design and implemented private Dataceneters for equinix customers using Cisco Nexus 9K.

Work on various in house proof of concepts and Epic discussions for Cloud Exchange, IX, VRAAS related features

Research, evaluate and stay current on emerging tools, techniques and technologies.

Create information/technology plans based on an understanding of the Equinix organizational strategic direction, technical context and business needs

Provide technical support for marketing initiatives through participation in proposals and marketing studies

Identify, develop, update and enforce standards and procedures.

Interface with resources in the CIO, CTO, CMO and CSO organizations on system infrastructure problems, technical concerns, and financial issues

Senior Network Design Engineer March 2014 to Nov 2016

Microsoft.

Senior member of Microsoft NIS design team.

Supports almost 900 Microsoft sites around the world and the networking components that connect those sites, which are used by a combination of over 220,000 Microsoft employees and vendors. Responsible for providing wired, wireless, and remote network access for the organization, implementing network security across the network, including network edges. Make sure that the nuts and bolts of network functionality work as they should: IP addressing, name resolution, traffic management, switching, routing, and so on.

Designed SDWAN and GetVPN solution for remote sites.

Worked with network architect, Internal tools, hardware, and software groups from various network equipment vendors (Cisco/Arista/Aruba/Juniper/F5 etc.), to identify and develop scalable and cost effective network designs.

Developed engineering standards for new network architectures, devices, and code releases. The output of this effort directly impacts the delivery of any and all new networking technologies targeted for deployment in the production network.

Lead the in-house certification and initial deployment of Cisco 5520 WLC and Aruba 7030 WLC.

Responsible for making and implement new cost effective datacentre network design for Microsoft Internal Datacentres and Internal worldwide network of Microsoft.

Venture Integration.

Designed solutions that scale to meet requirements and are easily supported by operations teams.

Worked closely with vendors to understand emerging technologies and how they would benefit the Microsoft network

Assisted in moving workloads from Microsoft Internal Datacenter to Azure using IaaS and PaaS infrastructure virtual network, automated deployment and configuration management with PowerShell and Azure Resource Manager(ARM) and Azure Express Route, Virtual Machine Storage and Virtual Machine Core networking.

Assisted clients with network traffic analysis, deep knowledge of protocol analysis

Consulted with application owners (Lync) and design scalable and supportable datacentre designs to meet application requirements

Designed and Deployed large scale Datacentre networking solutions using Cisco Nexus 3k, 5k and 9K.

Designed and Update complex Enterprise Management Network (EML).

Designed and update QOS implementation within MSIT network.

Worked closely with service providers, service managers, Regional IT and Operations teams.

Worked on new designs/solutions, bringing them from concept to in life operations.

Customer Support Specialist Oct 2013 to Feb 2014

Solace Systems.

Solace makes messaging middleware appliances that let companies efficiently distribute data to desktop, enterprise and mobile applications.

As support specialist help Solace customers to deploy Solace messaging router in their middle ware environment, integrate with mission critical applications, network, SAN etc.

Senior Network Consultant July 2013 to Oct 2013

Federal Government of Canada (Via CGI).

Assignments/Achievements:

Migrate Federal Govt of Canada departments users to new multitenant buildings, hosting multiple departments sharing all network equipment’s, help them with detail design using cisco 3750 as access-switches for all services data, VoIP, video, wireless and Catalyst 6509 with SUP 2T using as VSS for aggregation switch and Cisco ASR-1K as CE router, layer 3 connectivity between new campus site to datacentre using encrypted layer3 flexVPN.

Design, Implement and improve Federal Government of Canada Shared Metropolitan Service, Migrated from GSR to ASR-9K and ASR-1K

Network Consulting Engineer Jan 2011 to July 2013

Cisco Systems, Inc.

As a member of Cisco Advanced Services IPNEC team, led Bell Canada's test team for Customer Deployment, Certification, and POC testing in the Core network. Successfully managed multiple software and hardware verification projects, overseeing scoping, implementation planning, technical team leadership, and hands-on verification of end-to-end customer network solutions

Assignments/Achievements:

As SME, led Bell Canada Mobility convergence project, serving as team lead for certification. Achieved a significant reduction in convergence time from 20 sec to under 1 sec in all failure scenarios, collaborating closely with Bell Canada and Cisco teams.

Presented a five-day MPLS Network design and Deployment workshop for SANOG 20.

(http://www.sanog.org/sanog20/program.htm#workshop)

Led the introduction of ASR-1K as the next-gen Route Reflector for both VPN and Internet RR in Bell Canada's Core Network. Oversaw the certification process and collaborated with Bell Technology, design teams, and Cisco network operation support team.

Participated in the interop testing of Alcatel 7750 Service Router and Cisco ASR9000 Router

.

Worked as Technical and team lead to introduce ASR-1K as next gen IPSec PE, which can scale and support upto 2000 point of sale client for IPsec tunnel using Cisco Flex VPN technology, in Bell Canada Core Network, lead the certification process and closely worked with Bell Technology and design teams, also with Cisco network operation support team

Give TOI (Transfer of Information) training to both Bell Canada management and technical staff for CRS-3 MC.

Give TOI to Bell Canada technical staff for new convergence features to be deployed in Bell Canada network.

Lead and test ASR-9K as next Gen PE device as per requirement of Bell Canada.

Lead and test new CPE device ASR-1K as per requirement of Bell Canada.

Lead and test end to end QOS deployment on Bell Canada Core network for Qos Architecture, with Classification, application marking and distributed into Classes and applying Queueing policies with enforcement points in network.

Lead and test Bell Canada Core CRS-routers upgrade to IOS-XR 3.9.2 and Core GSR routers upgrade to 12.0(32) SY9b as per requirements of Bell Canada.

Lead and test migration of Bell Canada Core network PE routers from GSR-IOS 12.0(32) SY9b to GSR-XR 3.9.1 as per requirements of Bell Canada.

Lead and test improve end to convergence project for Bell Canada SP core network for Bell Mobility with end to end convergence goal of 3 secs, test and suggest new features to be deployed on Bell Canada network using GSR-XR 3.9.1, ASR-9K 4.0.3 as PE routers, CRS-1 and CRS-3 as core routers, ASR-1006 as RR, 3845 as Cell site CE device.

Technical Leader June 2003 to Dec 2010

Cisco Systems, Inc.

As a member of Cisco Systems Engineering department:

Completed several software and hardware verification project accountability including scoping, implementation planning, technical team leadership and hands on verification of end-to-end customer network solutions.

Assignments/Achievements:

Served as Subject Matter Expert (SME) for IOS-XR features, collaborating on C12K, CRS-1, and CRS-3 e.g. BGP NSR, L3VPN, 6VPE, 6PE, Multicast, MVPN, BFD, L2VPN, cfm etc.

Worked closely with the Automation team to develop an in-house automation tool for complex customer simulated topologies.

Technical lead for various IOS-XR release features, focusing on scalability and robustness in field deployment.

Led development test efforts for Edge features on C12k and CRS Platform which include L3VPN, 6PE, 6VPE, BGP NSR, P2MP, BFD, ACL, Route Reflector, L2VPN, VPLS, Native Multicast, MVPN, LDP, MPLS TE/FRR, QoS, fabric infrastructure and system Infrastructure includes CPU complex, Interrupt, Slow path testing

Collaborated with TAC Engineers to resolve critical issues on customer networks.

Reviewed PRD/SFS, test plans, and provided focused feedback.

Led a customer-focused "tiger team" to minimize live customer network migration issues.

Designed network topologies for testing, ensuring successful customer deployment of various features.

Collaborated with software developers to troubleshoot complex system problems escalated from support teams.

Analyzed and characterized router performance, identifying and troubleshooting network issues and software defects.

Enhanced test efficiency through hands-on script development and automation (TCL, Unix shell, Perl).

Delivered in-house training to development test teams and customer support teams.

Major contributor to innovating Base Line Integration Testing (BIT).

Led multiple IOS-XR release BIT efforts to improve quality and stability.

Co-authored a white paper for 6VPE (EDCS-628811).

Led IOS-XR release Feature Integration Testing (FIT) efforts, mentoring a team of engineers.

Led automation efforts for 6PE/6VPE, supporting EFT customers like BT and SAVVIS.

Conducted customer certification testing for IOS 32S release for Bell Canada.

Produced over 1300 DDTS (bugs) across 250+ components, contributing to software stability.

Contributed to organizing training material and classes for CCIE preparation.

Presented a five-day workshop on MPLS Network design and Deployment for SANOG 11. (http://www.sanog.org/sanog11/program.htm)

Provided continuous IOS-XR regression support and assisted in writing EC slides for different features.

Executed UT/IT test plans for critical features like 6PE/6VPE, multicast, etc., ensuring high-quality results.

Worked closely with TMEs/Customers to evaluate solutions and address issues, ensuring customer satisfaction.

Collaborated with the design team to solve issues related to IPv6, Routing, Signalling, and Multicast.

Mentored and supported new hires and engineers in various DT teams.

Conducted Technical Overview of Internet (TOI) and chalk talks on various technical topics for DT groups.

Conducted IPv4/IPv6 hardware forwarding testing and participated in various rebase activities.

Reviewed designers’ feature and design specifications and assisted in reproducing critical bugs.

System Test Engineer Nov 2002 to May 2003

Hyper Chip Inc.

As a member of Hyperchip’s Systems Engineering department:

Write test Cases for Signalling (RSVP, LDP) and Routing Protocols (OSPF, BGP and ISIS ).

Tested system for Scalability, Robustness, Performance, and Interpretability, collaborating with vendors like Cisco and Juniper.

Collaborated closely with developers to troubleshoot Routing and Signalling protocol issues.

Developed test plans and detailed test cases for the PBR-1280.

Conducted extensive testing of the PBR-1280, executing test cases, investigating bugs, and analysing protocol implementation/interoperability.

Created proof-of-concept scenarios and conducted customer product demonstrations.

Delivered training presentations and mentored junior members of the Systems Engineering group.

Contributed to the development of training courseware and documentation for the PBR-1280.

Network Engineer/Security Analyst,

Compaq Canada (Part of New HP)

Oct/2001 to Oct 2002

Responsibilities:

As a team lead responsible for various Network Re-Engg and Integration tasks and Tier III customer support

Orchestrated customer strategic network solutions using Cisco and Juniper Products.

Designed and administered LAN/WAN networks, implementing high-availability infrastructure with Cisco routers, switches, and access servers (IP, EIGRP, OSPF, BGP).

Investigated and resolved performance issues during network migration, employing Hierarchical Network Design, Policy Implementation, and Load-balancing strategies.

Spearheaded the migration of a Data Centre for 500,000 users of Rogers Cable (Compaq Client), prioritizing high availability, scalability, and security with Cisco Catalyst 6509 Switches, Content Switching, intrusion detection, and firewalls.

Performed capacity planning, future network and security design, cost analysis, business cases, and documentation.

Documented daily routine processes for system management, security, and vulnerability escalation.

Conducted network performance testing and capacity planning.

Riyad Bank Nov 1997 to Aug 2001

Worked in Private Networking Engineering group as a team leader on following projects:

Cisco Enterprise Network

Investigated routing network performance issues during migration, proposing solutions based on Hierarchical Network Design, Policy Implementation, Load-balancing strategies, and Router CPU/Memory usage.

Designed, engineered, and implemented routing networks and Switched LAN.

Led the development of various customer strategic network solutions and prepared RFPs.

Managed Network Monitoring System, evaluating performance baselines.

Ensured adherence to Corporate Security and Change Management policies for servers and software.

Played a key role in developing and maintaining internal and external network security policies, procedures, and standards.

Led the network group in resolving escalated issues promptly.

Developed project plans for hardware and software upgrades, including installation and testing.

Provided support for commercial and in-house engineering software packages.

Analysed and forecasted H/W and S/W needs, negotiated with vendors, and generated purchase orders.

Developed and executed disaster recovery tests and contingency planning for all network equipment.

Researched new network technology and assessed migration impact.

Contact this candidate