Add personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md

2026-02-11 20:04:22 +00:00
parent 1859fe474f
commit 8726bf4f70
1 changed files with 227 additions and 0 deletions
--- a/personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md
+++ b/personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md
@@ -0,0 +1,227 @@
 JASON DAVIS | Lewisville, TX  |  (940) 340-9369  |  newton214@gmail.com | linkedin.com/in/jason-davis-27442118a
 PROFESSIONAL SUMMARY
 I’ve spent 15 years building, scaling, and defending the infrastructure that 
 powers Fortune 500 enterprises, hyperscale cloud, and financial institutions. 
 I started as a Unix systems engineer and specialised in networks, which means 
 I don’t just configure switches—I understand the entire stack, from kernel 
 tuning to BGP policy.
 At AWS GovCloud, I learned what breaks when you try to run VXLAN/EVPN at 
 hyperscale. I designed overlays for high‑compliance tenants, automated away 
 manual toil, and developed reference patterns that turned one‑off designs into 
 repeatable products. At Verizon, I led multi‑million dollar transformations 
 that migrated legacy data centers to modern fabrics and SD‑WAN. At Charter, 
 I debugged buffer drops on encrypted storage replication because I knew how 
 to trace a packet from the wire to the application.
 Earlier in my career, I spent two years at Kaiser Permanente deploying Cisco 
 ACI fabrics across multiple data centers, fixing Oracle Exadata OSPF issues 
 that had stalled a major vendor, and uncovering silent buffer drops on Data 
 Domain replication that were corrupting encrypted backups. At American 
 Residential Services, I architected and executed a 100+ site SD‑WAN migration 
 to Cisco Viptela and engineered a $15K out‑of‑band management solution from 
 repurposed eBay hardware—because good engineers don’t need big budgets to 
 deliver reliable operations.
 Today, I bring that same obsession with reliability, automation, and resourcefulness 
 to every fabric I touch. I hold a Fortinet NSE 4, an RHCSA, and a CCNP; I’m actively 
 finishing my NSE 5 and RHCE. I don’t need a job—I need a revolution worth 
 believing in. If you’re building the next generation of network infrastructure, 
 I want to help you build it right.
 CORE COMPETENCIES
 NETWORK FABRICS
 • VXLAN/EVPN (Cisco Nexus, Arista) – Spine‑Leaf, MP‑BGP EVPN (Type‑2/Type‑5)
 • Anycast Gateway / Symmetric IRB, L3VNI, Multi‑Tenant VRFs
 • Multicast, Head‑End Replication, EVPN Multi‑Site
 • Cisco ACI – fabric deployment, migration, policy model
 SECURITY & SD‑WAN
 • Fortinet Security Fabric (NSE 4) – FortiGate, FortiManager, FortiAnalyzer
 • Meraki SD‑WAN (TBX SME), Versa SD‑WAN, Cisco Viptela
 • Palo Alto, ASA, Juniper SRX, Zero Trust Architecture
 CLOUD & HYBRID
 • AWS (GovCloud, Direct Connect, Transit Gateway)
 • Hybrid Cloud Interconnect, VMware NSX‑T, Kubernetes Overlay (Cilium)
 • Equinix Fabric, Cloud On‑Ramps
 AUTOMATION & IaC
 • Python (Netmiko, NAPALM, Flask), Ansible (Cisco, NX‑OS, Fortinet)
 • Terraform (AWS, Equinix), YANG/NetConf, REST APIs
 • Git, CI/CD, Bash, Pre‑/Post‑Diff Validation, Tcl (NetApp LACP analysis)
 SYSTEMS FOUNDATION
 • Red Hat Enterprise Linux (RHCSA), RHCE (in progress)
 • Unix (AIX, Solaris), Kernel Tuning, Arch Linux (personal lab)
 • Storage networking – Data Domain, NetApp, Exadata
 MONITORING & OBSERVABILITY
 • gNMI/Telemetry, sFlow, Prometheus/Grafana
 • PRTG, SolarWinds, Splunk, NetFlow/IPFIX
 • Custom Python Anomaly Detection
 CERTIFICATIONS
 • Fortinet NSE 4 – Certified
 • Fortinet NSE 5 – In Progress (FortiManager, FortiAnalyzer)
 • Red Hat Certified System Administrator (RHCSA)
 • Red Hat Certified Engineer (RHCE) – In Progress (Ansible)
 • Cisco CCNP Enterprise & Data Center
 • AWS Certified Solutions Architect – Associate
 • Cisco DevNet Associate
 PROFESSIONAL EXPERIENCE
 TBX – Consulting Systems Engineer, SD‑WAN & Security SME
 May 2022 – Sept 2024
 Subject Matter Expert for Meraki SD‑WAN and Fortinet Security Fabric.
 • Architected FortiGate SD‑WAN, IPSec VPN, and security policies for enterprise 
  clients; NSE 4 certified, NSE 5 in progress.
 • Designed Meraki MX/Z3 auto‑VPN topologies, traffic shaping, and application‑
  aware routing for multi‑site deployments.
 • Developed Python/Ansible automation frameworks for zero‑touch provisioning 
  and config validation, cutting deployment time by 30%.
 • Authored and delivered advanced workshops on Zero Trust, SD‑WAN security, 
  and automation; trained partner SEs and customers.
 • Led POCs that directly influenced seven‑figure enterprise deals.
 AMAZON WEB SERVICES (GOVCLOUD) – Network Development Engineer
 Sept 2021 – May 2022
 Tier 3 escalation for critical networking incidents in a hyperscale, 
 multi‑tenant, high‑compliance environment.
 • Architected VXLAN/EVPN overlay solutions for GovCloud tenants – translated 
  segmentation requirements into MP‑BGP EVPN address‑family configurations.
 • Built Python automation frameworks to model, validate, and deploy underlay/
  overlay policies across thousands of devices; reduced provisioning time by 
  40% and eliminated configuration drift.
 • Designed hybrid interconnect strategies using AWS Direct Connect and Transit 
  Gateway, integrating on‑prem VXLAN fabrics with AWS VPCs via eBGP.
 • Deployed and troubleshot BGP control planes at hyperscale – route reflection, 
  next‑hop reachability, RT/RD consistency across multi‑tenant partitions.
 • Developed SOPs and post‑mortem guidance; institutionalised “automation‑first” 
  remediation patterns.
 VERIZON ENTERPRISE SOLUTIONS – Principal Network Architect
 Jan 2020 – Sept 2021
 Led enterprise‑scale fabric architecture and migration for Fortune 500 clients 
 in finance, healthcare, and retail.
 • Engineered VXLAN/EVPN data center fabric designs – L3VNI per tenant, anycast 
  gateway addressing, consistent RD/RT schemas.
 • Led Avis migration from legacy Cisco MPLS to Versa SD‑WAN + Aruba edge; 
  designed hybrid overlay interconnect with zero downtime.
 • Developed pre/post diff Bash scripts for configuration validation, reducing 
  change‑related incidents by 35%.
 • Mentored solution architects on YANG, NetConf, Meraki API, and Python; 
  shifted team from CLI‑first to API‑first mindset.
 • Spearheaded Walgreens nationwide WAN optimisation – integrated underlay BGP 
  with overlay SD‑WAN controllers for application‑aware routing.
 CHARTER COMMUNICATIONS – Data Center Network Engineer
 Sept 2018 – Oct 2019
 Managed enterprise F5 LTM/GTM and A10 load balancing; implemented next‑gen 
 overlay networks.
 • Implemented EVPN/VXLAN overlay networks on Nexus 9K – multi‑tenant 
  segmentation across national data centers.
 • Automated TACACS configuration with Bash scripts, eliminating manual errors 
  and credential misconfigurations.
 • Identified critical buffer tail drops on Data Domain SSL replication 
  (port 29000) using PRTG and packet capture; root cause was underlay MTU 
  mismatch and oversubscription.
 • Coordinated cross‑team Video VPN deployment, aligning network, security, 
  and Linux systems teams.
 ZIVARO – Senior Network Consultant
 Oct 2018 – Jan 2020
 • Designed and deployed VXLAN data center fabric for Denver Health using 
  Cisco ACI with BGP EVPN underlay – HIPAA‑compliant micro‑segmentation and 
  workload mobility.
 • Advocated Ansible over DNA Center for Simmons Foods automation; delivered 
  Ansible playbooks, saving client $50K+ in proprietary licensing.
 • Implemented Layer 3 to the edge for CDPHE despite organisational resistance; 
  architected migration plan that became team standard.
 • Key contributor to Cisco Gold Partner recertification – led technical 
  deep‑dives on EVPN/VXLAN, ACI, and automation.
 ENTRUST (ZIVARO) – Cloud Network Engineer
 Jan 2020 – Present
 • Implemented PCI‑DSS‑compliant AWS network infrastructure – VPC segmentation, 
  security groups/NACLs, Transit Gateway routing; passed QSA audit.
 • Built staging environment despite VP‑level opposition; validated Ansible ACL 
  playbooks (cisco.ios) pre‑production, proving risk reduction and change 
  accuracy.
 • Provided emergency architecture support for Illinois Credit Union VPN 
  deployment – troubleshot IPsec tunnels and BGP peering to restore service.
 KAISER PERMANENTE – Senior Data Center Engineer
 May 2016 – Apr 2018
 Led data center network modernisation for one of the largest healthcare 
 organisations in the United States.
 • Deployed Cisco ACI fabric across multiple data centers – designed EPG 
  contracts, bridge domains, and L3Outs; migrated legacy Nexus 7K/5K 
  infrastructure to Nexus 9K with zero downtime.
 • Resolved critical OSPF routing issues on Oracle Exadata racks that had 
  delayed a major vendor implementation; diagnosed misconfigured interface 
  costs and summarisation, enabling the project to meet its deadline.
 • Identified and fixed buffer tail drops on Data Domain SSL‑encrypted 
  replication traffic (port 29000) that were silently corrupting backups 
  across the DR link. Used PRTG, SPAN sessions, and deep packet analysis to 
  isolate MTU mismatch and egress queue depletion.
 • Enhanced HPNA (HP Network Automation) functionality by developing custom 
  reporting and compliance scripts, improving operational visibility and 
  reducing audit remediation time.
 • Collaborated with storage, database, and application teams to optimise 
  network performance for Exadata, NetApp, and VCE Vblock platforms.
 AMERICAN RESIDENTIAL SERVICES – Senior Network Engineer
 Jan 2018 – Jan 2019
 Architected and executed a complete network transformation for a national 
 home services provider with 100+ locations.
 • Led end‑to‑end migration from legacy MPLS/hub‑spoke topology to Cisco 
  Viptela SD‑WAN – designed transport‑side policies, application‑aware 
  routing, and zero‑touch provisioning; executed site cutovers with zero 
  business‑impacting incidents.
 • Standardised firewall configurations across Cisco ASA and Juniper SRX 
  platforms, implementing consistent security policies and VPN templates.
 • Deployed Cisco Umbrella DNS filtering as a lightweight security layer 
  across all sites, reducing malware callbacks by 60% within 30 days.
 • Engineered a cost‑effective out‑of‑band management and UPS solution using 
  repurposed Cisco 2811 routers, cellular modems, and second‑hand APC units 
  sourced from eBay – saved the company over $15,000 while providing 
  resilient remote access during power outages.
 • Implemented RANCID for automated configuration backups and version control, 
  establishing configuration audit trails for the first time.
 AT&T (TIAA‑CREF) – Lead Network Architect
 Jul 2010 – May 2016
 Led $100M+ network infrastructure refresh for a top‑tier financial institution.
 • End‑to‑end architecture and design – Nexus 9K, ASR9K, F5 BIG‑IP; delivered 
  under budget and ahead of schedule.
 • Optimised mainframe OSPF routing (Area 51) – resolved route flapping and 
  suboptimal path selection; required deep understanding of mainframe TCP/IP 
  and traditional routing protocols.
 • Identified NetApp LACP RFC non‑compliance via custom Tcl script; vendor 
  acknowledged defect and released firmware fix, preventing undetected link 
  failure risk.
 • Created reference architectures and standardised configuration templates 
  for blackhole routing, security policies, and high‑availability designs; 
  adopted globally.
 DYNAMIC IMPACT MARKETING LLC – Principal & Technical Strategist
 Sept 2024 – Present
 • Founder consultancy applying infrastructure engineering to marketing tech.
 • Build automated data pipelines (Python) and technical audit frameworks.
 EDUCATION & MILITARY SERVICE
 United States Air Force – Senior Airman, Honorable Discharge
 CONTINUOUS LEARNING
 • SRv6, eBPF/Cilium, NVIDIA Spectrum, BlueField DPUs – self‑directed study
 • Arch Linux maintainer – kernel tuning, systemd, network namespaces
 • Fortinet NSE 5 (FortiManager, FortiAnalyzer) – In Progress
 • Red Hat RHCE (Ansible, system roles) – In Progress