diff --git a/personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md b/personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md new file mode 100644 index 0000000..426a831 --- /dev/null +++ b/personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md @@ -0,0 +1,227 @@ +JASON DAVIS | Lewisville, TX | (940) 340-9369 | newton214@gmail.com | linkedin.com/in/jason-davis-27442118a + +PROFESSIONAL SUMMARY + +I’ve spent 15 years building, scaling, and defending the infrastructure that +powers Fortune 500 enterprises, hyperscale cloud, and financial institutions. +I started as a Unix systems engineer and specialised in networks, which means +I don’t just configure switches—I understand the entire stack, from kernel +tuning to BGP policy. + +At AWS GovCloud, I learned what breaks when you try to run VXLAN/EVPN at +hyperscale. I designed overlays for high‑compliance tenants, automated away +manual toil, and developed reference patterns that turned one‑off designs into +repeatable products. At Verizon, I led multi‑million dollar transformations +that migrated legacy data centers to modern fabrics and SD‑WAN. At Charter, +I debugged buffer drops on encrypted storage replication because I knew how +to trace a packet from the wire to the application. + +Earlier in my career, I spent two years at Kaiser Permanente deploying Cisco +ACI fabrics across multiple data centers, fixing Oracle Exadata OSPF issues +that had stalled a major vendor, and uncovering silent buffer drops on Data +Domain replication that were corrupting encrypted backups. At American +Residential Services, I architected and executed a 100+ site SD‑WAN migration +to Cisco Viptela and engineered a $15K out‑of‑band management solution from +repurposed eBay hardware—because good engineers don’t need big budgets to +deliver reliable operations. + +Today, I bring that same obsession with reliability, automation, and resourcefulness +to every fabric I touch. I hold a Fortinet NSE 4, an RHCSA, and a CCNP; I’m actively +finishing my NSE 5 and RHCE. I don’t need a job—I need a revolution worth +believing in. If you’re building the next generation of network infrastructure, +I want to help you build it right. + +CORE COMPETENCIES + +NETWORK FABRICS +• VXLAN/EVPN (Cisco Nexus, Arista) – Spine‑Leaf, MP‑BGP EVPN (Type‑2/Type‑5) +• Anycast Gateway / Symmetric IRB, L3VNI, Multi‑Tenant VRFs +• Multicast, Head‑End Replication, EVPN Multi‑Site +• Cisco ACI – fabric deployment, migration, policy model + +SECURITY & SD‑WAN +• Fortinet Security Fabric (NSE 4) – FortiGate, FortiManager, FortiAnalyzer +• Meraki SD‑WAN (TBX SME), Versa SD‑WAN, Cisco Viptela +• Palo Alto, ASA, Juniper SRX, Zero Trust Architecture + +CLOUD & HYBRID +• AWS (GovCloud, Direct Connect, Transit Gateway) +• Hybrid Cloud Interconnect, VMware NSX‑T, Kubernetes Overlay (Cilium) +• Equinix Fabric, Cloud On‑Ramps + +AUTOMATION & IaC +• Python (Netmiko, NAPALM, Flask), Ansible (Cisco, NX‑OS, Fortinet) +• Terraform (AWS, Equinix), YANG/NetConf, REST APIs +• Git, CI/CD, Bash, Pre‑/Post‑Diff Validation, Tcl (NetApp LACP analysis) + +SYSTEMS FOUNDATION +• Red Hat Enterprise Linux (RHCSA), RHCE (in progress) +• Unix (AIX, Solaris), Kernel Tuning, Arch Linux (personal lab) +• Storage networking – Data Domain, NetApp, Exadata + +MONITORING & OBSERVABILITY +• gNMI/Telemetry, sFlow, Prometheus/Grafana +• PRTG, SolarWinds, Splunk, NetFlow/IPFIX +• Custom Python Anomaly Detection + +CERTIFICATIONS + +• Fortinet NSE 4 – Certified +• Fortinet NSE 5 – In Progress (FortiManager, FortiAnalyzer) +• Red Hat Certified System Administrator (RHCSA) +• Red Hat Certified Engineer (RHCE) – In Progress (Ansible) +• Cisco CCNP Enterprise & Data Center +• AWS Certified Solutions Architect – Associate +• Cisco DevNet Associate + +PROFESSIONAL EXPERIENCE + +TBX – Consulting Systems Engineer, SD‑WAN & Security SME +May 2022 – Sept 2024 +Subject Matter Expert for Meraki SD‑WAN and Fortinet Security Fabric. +• Architected FortiGate SD‑WAN, IPSec VPN, and security policies for enterprise + clients; NSE 4 certified, NSE 5 in progress. +• Designed Meraki MX/Z3 auto‑VPN topologies, traffic shaping, and application‑ + aware routing for multi‑site deployments. +• Developed Python/Ansible automation frameworks for zero‑touch provisioning + and config validation, cutting deployment time by 30%. +• Authored and delivered advanced workshops on Zero Trust, SD‑WAN security, + and automation; trained partner SEs and customers. +• Led POCs that directly influenced seven‑figure enterprise deals. + +AMAZON WEB SERVICES (GOVCLOUD) – Network Development Engineer +Sept 2021 – May 2022 +Tier 3 escalation for critical networking incidents in a hyperscale, +multi‑tenant, high‑compliance environment. +• Architected VXLAN/EVPN overlay solutions for GovCloud tenants – translated + segmentation requirements into MP‑BGP EVPN address‑family configurations. +• Built Python automation frameworks to model, validate, and deploy underlay/ + overlay policies across thousands of devices; reduced provisioning time by + 40% and eliminated configuration drift. +• Designed hybrid interconnect strategies using AWS Direct Connect and Transit + Gateway, integrating on‑prem VXLAN fabrics with AWS VPCs via eBGP. +• Deployed and troubleshot BGP control planes at hyperscale – route reflection, + next‑hop reachability, RT/RD consistency across multi‑tenant partitions. +• Developed SOPs and post‑mortem guidance; institutionalised “automation‑first” + remediation patterns. + +VERIZON ENTERPRISE SOLUTIONS – Principal Network Architect +Jan 2020 – Sept 2021 +Led enterprise‑scale fabric architecture and migration for Fortune 500 clients +in finance, healthcare, and retail. +• Engineered VXLAN/EVPN data center fabric designs – L3VNI per tenant, anycast + gateway addressing, consistent RD/RT schemas. +• Led Avis migration from legacy Cisco MPLS to Versa SD‑WAN + Aruba edge; + designed hybrid overlay interconnect with zero downtime. +• Developed pre/post diff Bash scripts for configuration validation, reducing + change‑related incidents by 35%. +• Mentored solution architects on YANG, NetConf, Meraki API, and Python; + shifted team from CLI‑first to API‑first mindset. +• Spearheaded Walgreens nationwide WAN optimisation – integrated underlay BGP + with overlay SD‑WAN controllers for application‑aware routing. + +CHARTER COMMUNICATIONS – Data Center Network Engineer +Sept 2018 – Oct 2019 +Managed enterprise F5 LTM/GTM and A10 load balancing; implemented next‑gen +overlay networks. +• Implemented EVPN/VXLAN overlay networks on Nexus 9K – multi‑tenant + segmentation across national data centers. +• Automated TACACS configuration with Bash scripts, eliminating manual errors + and credential misconfigurations. +• Identified critical buffer tail drops on Data Domain SSL replication + (port 29000) using PRTG and packet capture; root cause was underlay MTU + mismatch and oversubscription. +• Coordinated cross‑team Video VPN deployment, aligning network, security, + and Linux systems teams. + +ZIVARO – Senior Network Consultant +Oct 2018 – Jan 2020 +• Designed and deployed VXLAN data center fabric for Denver Health using + Cisco ACI with BGP EVPN underlay – HIPAA‑compliant micro‑segmentation and + workload mobility. +• Advocated Ansible over DNA Center for Simmons Foods automation; delivered + Ansible playbooks, saving client $50K+ in proprietary licensing. +• Implemented Layer 3 to the edge for CDPHE despite organisational resistance; + architected migration plan that became team standard. +• Key contributor to Cisco Gold Partner recertification – led technical + deep‑dives on EVPN/VXLAN, ACI, and automation. + +ENTRUST (ZIVARO) – Cloud Network Engineer +Jan 2020 – Present +• Implemented PCI‑DSS‑compliant AWS network infrastructure – VPC segmentation, + security groups/NACLs, Transit Gateway routing; passed QSA audit. +• Built staging environment despite VP‑level opposition; validated Ansible ACL + playbooks (cisco.ios) pre‑production, proving risk reduction and change + accuracy. +• Provided emergency architecture support for Illinois Credit Union VPN + deployment – troubleshot IPsec tunnels and BGP peering to restore service. + +KAISER PERMANENTE – Senior Data Center Engineer +May 2016 – Apr 2018 +Led data center network modernisation for one of the largest healthcare +organisations in the United States. +• Deployed Cisco ACI fabric across multiple data centers – designed EPG + contracts, bridge domains, and L3Outs; migrated legacy Nexus 7K/5K + infrastructure to Nexus 9K with zero downtime. +• Resolved critical OSPF routing issues on Oracle Exadata racks that had + delayed a major vendor implementation; diagnosed misconfigured interface + costs and summarisation, enabling the project to meet its deadline. +• Identified and fixed buffer tail drops on Data Domain SSL‑encrypted + replication traffic (port 29000) that were silently corrupting backups + across the DR link. Used PRTG, SPAN sessions, and deep packet analysis to + isolate MTU mismatch and egress queue depletion. +• Enhanced HPNA (HP Network Automation) functionality by developing custom + reporting and compliance scripts, improving operational visibility and + reducing audit remediation time. +• Collaborated with storage, database, and application teams to optimise + network performance for Exadata, NetApp, and VCE Vblock platforms. + +AMERICAN RESIDENTIAL SERVICES – Senior Network Engineer +Jan 2018 – Jan 2019 +Architected and executed a complete network transformation for a national +home services provider with 100+ locations. +• Led end‑to‑end migration from legacy MPLS/hub‑spoke topology to Cisco + Viptela SD‑WAN – designed transport‑side policies, application‑aware + routing, and zero‑touch provisioning; executed site cutovers with zero + business‑impacting incidents. +• Standardised firewall configurations across Cisco ASA and Juniper SRX + platforms, implementing consistent security policies and VPN templates. +• Deployed Cisco Umbrella DNS filtering as a lightweight security layer + across all sites, reducing malware callbacks by 60% within 30 days. +• Engineered a cost‑effective out‑of‑band management and UPS solution using + repurposed Cisco 2811 routers, cellular modems, and second‑hand APC units + sourced from eBay – saved the company over $15,000 while providing + resilient remote access during power outages. +• Implemented RANCID for automated configuration backups and version control, + establishing configuration audit trails for the first time. + +AT&T (TIAA‑CREF) – Lead Network Architect +Jul 2010 – May 2016 +Led $100M+ network infrastructure refresh for a top‑tier financial institution. +• End‑to‑end architecture and design – Nexus 9K, ASR9K, F5 BIG‑IP; delivered + under budget and ahead of schedule. +• Optimised mainframe OSPF routing (Area 51) – resolved route flapping and + suboptimal path selection; required deep understanding of mainframe TCP/IP + and traditional routing protocols. +• Identified NetApp LACP RFC non‑compliance via custom Tcl script; vendor + acknowledged defect and released firmware fix, preventing undetected link + failure risk. +• Created reference architectures and standardised configuration templates + for blackhole routing, security policies, and high‑availability designs; + adopted globally. + +DYNAMIC IMPACT MARKETING LLC – Principal & Technical Strategist +Sept 2024 – Present +• Founder consultancy applying infrastructure engineering to marketing tech. +• Build automated data pipelines (Python) and technical audit frameworks. + +EDUCATION & MILITARY SERVICE + +United States Air Force – Senior Airman, Honorable Discharge + +CONTINUOUS LEARNING + +• SRv6, eBPF/Cilium, NVIDIA Spectrum, BlueField DPUs – self‑directed study +• Arch Linux maintainer – kernel tuning, systemd, network namespaces +• Fortinet NSE 5 (FortiManager, FortiAnalyzer) – In Progress +• Red Hat RHCE (Ansible, system roles) – In Progress \ No newline at end of file