NITA MUKHERJEE nita @ mukherjee.net http://www.mukherjee.net/nita/ San Jose, CA 95132 (408) 347-1354 PROFESSIONAL INTERESTS Network engineering and the design, implementation and support of core WAN and LAN infrastructure. WORK EXPERIENCE Ariba, Inc (Sunnyvale, CA) Feb 2004 - present Network Engineer Part of a 3-person team that supports all corporate network issues both locally, and at all remote offices (8 domestic & 14 intl offices): - Tested, documented, and in the process of rolling out Aruba networks wireless infrastructure in production - Participated in network integration of recent acquisitions. Santa Clara University (Santa Clara, CA) Feb 2002 - Jan 2004 Senior Network Engineer Part of a small team responsible for supporting all networking issues on the Santa Clara University campus. My duties involved: Infrastructure Design and Deployment: - Set up BGP multihoming with Verio and SBCIS. - Led the design effort for the campus splitDNS architecture. - Set up and maintained bind 9 DNS servers and ISC v3 DHCP servers under Redhat Linux 7.3. - Participated in 3Com network core upgrade in 2002 and led core upgrade to Extreme BlackDiamond in 2003. - Wrote Perl scripts to automate various network management tasks. - Set up traffic policies and QoS to prioritize inbound and outbound application traffic using Packeteer's PacketShaper 6500. - Set up server load balancing on several web sites using Extreme Networks devices. - Tested and deployed Redline Networks SSL accelerator in conjunction with server load balancer. - Researched and documented possible BGP multihoming designs for campus network. - IP address allocation, and re-IPing of dorm subnets to optimize route aggregation. - Planned and configured 4 levels of rate-limiting on dorm switches. - Maintain Extreme BlackDiamond core routers & Cisco border router. Security: - Identified firewall rule changes required for all projects I was involved in. - Set up iptables on DNS and DHCP servers running Redhat Linux 7.3. - Configure and maintain ACLs on core routers and border router to mitigate DDOS attacks and propagation of viruses. Daily operations: - Day-to-day troubleshooting, including traffic sniffing with Sniffer and tcpdump when necessary. - Tracking down and shutting down switch ports in abuse situations. Planning and Project Management: - Prepared vendor comparison charts for 802.11b access points and core routers. - Project planning for the network core upgrade and for all of my projects. Excite@Home Corporation (Redwood City, CA) May 1999 - Dec 2001 Engineer (Network Systems Design, Product Design, and Network Design) Network Systems Engineer, Open Access & Systems Eng'ing (Feb 2001 - Dec 2001) Was a member of the engineering group at Excite@Home designing infrastructure to enable support of Open Access (customer choice of ISP) in the Excite@Home network: - Conducted a provisioning monitoring feasibility and gap analysis. - Led the preliminary design effort for Boston Open Access trial in early phases. - Set up Open Access lab equipment and tested MPLS on Cisco 7206's. - Identified usage-based monitoring and billing requirements for Open Access product, and evaluated vendors in that space. - Met with leading router vendors to learn about RFC 2547 implementations. Assessed the viability of each product as a key piece of @Home's next generation open access solution. Product Design Engineer, Product Development (Jan 2000 - Jan 2001) Participated in the design of residential gateway provisioning with the @Home service, and was heavily involved in the design and development of @Home's residential DSL product. - Led the design effort for @Home residential DSL. Worked with all engineering and operations groups to define and design network requirements. Authored the technical specifications and developed the DSL data model in conjunction with IT. - Met with several vendors of broadband aggregation routers and helped to narrow down choices based on requirements. - Planned and carried out lab testing to evaluate Redback SMS 1800 and Nortel/Shasta routers that met product requirements. - Investigated and compared element and subscriber management systems from various vendors of DSL aggregation routers. - Identified feature enhancements required of Redback's AOS and Rhythms' Netop (subscriber management system) for scalability and reliability. - Participated in CLEC negotiations related to DSL. - Wrote white paper documenting DSL vs cable technologies. - Documented automated provisioning process for @Work HFC (cable) and residential gateway products. - Evaluated several dual-ethernet routers and residential gateways for use in @Home and @Work products (Netscreen 5, Cayman, etc). - Launched @Work HFC internet access product offering using Netscreen 5 routers. - Investigated network changes required in order to enable multicasting in @Home's regional networks. Network Design Engineer, Network Engineering (May 1999 - Jan 2000) Participated in the network design necessary to support various projects within @Work: - Prepared @Work RFP (Request for Proposal) responses and evaluated cost of Cisco hardware required for networking contracts. - Maintained the list of standard IOS images for different Cisco devices within @Work. - Helped design custom network access solutions for potential @Work contracts (e.g. solutions requiring integrated firewalls, solutions requiring DSL access for a corporate campus, etc) Carnegie Mellon University August 1997 - April 1999 Senior Network Engineer Was a senior member in the network engineering group. This group is responsible for operation, troubleshooting, expansion, and maintenance of Cisco-based campus network infrastructure serving well over 10,000 devices based on a wide variety of hardware and operating system platforms. Duties included sharing in daily operation and troubleshooting of network infrastructure, and responsibility for multicast support, xDSL remote access, network management, network monitoring, and a variety of smaller projects. Multicast infrastructure: - Designed multicast infrastructure for campus network and deployed multicast testbed. - Identified and examined multicast issues relevant to migration of the current flat, bridged network to edge-routed topology. - Established and maintained the internet-wide cisco-multicast mailing list. xDSL remote access: - Technical and administrative leadership of, and project management for, Carnegie Mellon University (CMU) HDSL trial. Tested and selected from amongst several PairGain HDSL products. - Troubleshooting for CMU/Bell Atlantic ADSL trial, involving about 100 users using Westell modems. - Network engineering and deployment of CMU/NPTC (North Pittsburgh Telephone Company) ADSL trial, involving Paradyne Hotwire MVL products. Deployment included connection of CMU's network to NTPC network via T1 frame relay connection via a Cisco 2514. - Network engineering and deployment of CMU/Bell Atlantic commercial ADSL offering, based on Westell equipment and involving the connection of CMU's network to Bell Atlantic via an ATM DS3 link. Network management: - Installed CiscoWorks for Switched Internets (CWSI) for Solaris. - Tested TrafficDirector with Fast Ethernet Switchprobe. - Installed and configured Cisco Resource Manager to track Cisco device inventory and to facilitate image upgrades of Catalyst switches and various IOS devices. Network monitoring and troubleshooting: - Resolved problems by analyzing traffic on campus backbone, ADSL subnets, and problem segments. - Participated in diagnosis and resolution of external attacks on CMU's firewall-free environment. - Tools employed included Unix tcpdump, Solaris snoop, and FTP Software's LANwatch for Windows 95. - Monitored traffic trends using MRTG and Cisco's Netflow. Miscellaneous: - Identified and performed router and switch image upgrades as necessary, both manually and via Cisco's Resource Manager. - Identified memory and image upgrades necessary to bring low-end routers and switches into Year 2000 compliance. - Extended CMU's campus network to a remote location by using a pair of Cisco 762 ISDN routers. - Created input files for rapid, automated snmp-based configuration of various Catalyst switches using in-house ``snmpconf'' utility. - Participated in evaluations of beta switch hardware (Cisco 2916XL, 1924F). - Documented and prepared project plans for all of my projects. Telesat Canada Satellite Ground Systems September 1996 - July 1997 Network Administrator Overhauled, documented, and subsequently maintained the mission-critical satellite control LANs serving approximately 250 HP-UX workstations; designed and implemented both analog and ISDN-based secure remote access solutions; planned and coordinated development group relocation. LAN overhaul included: - upgrading existing coax backbone to CAT5 - switch installation (Catalyst 3000 switches) - hub installation (HP AdvanceStack hubs) and enhancement to provide SNMP capabilities - installation of HP LANProbe units - implementation of router-based access control (Cisco 2514 routers) to prevent unauthorized access LAN maintenance included: - creation and maintenance of LAN diagrams showing network layout, cross-connections, and cabling - installation of network management software for network monitoring (HP Openview and Ciscoworks) - administration of NCD WinCenter Secure remote access solution included: - installation and configuration of Cisco 2511 access server to provide analog dialin capability - installation and configuration of Cisco 3640 and Cisco 766 units to provide ISDN and Centrex modem dialup access - user authentication and access management via TACACS+ and CRYPTOCard's RB-1 token system - installation and configuration of offsite access to X-windows applications using Hummingbird Exceed and Xpress Relocation planning and coordination included: - identification of equipment and cabling requirements - installation of new backbone router (Cisco 7204) - subnet creation to optimize performance and provide fault containment Public Works & Government Services Canada Government Telecommunications & Informatics Services July 1991 - September 1996 Microtechnology Officer (LAN Administrator; Coach; Mentor) Initially, installed and supported from scratch the first Novell and OS/2 LANs in the National Capital Region Service Office (NCRSO) of Government Services Canada (GSC). Built up 3 Netware LANs and 3 OS/2 LANs which eventually encompassed about 180 workstations. Later, promoted to "Coach" and was ultimately responsible for all support, problem resolution, crisis handling, and training course coordination for all LANs spanning 5 GSC sites -- 9 Netware LANs and 3 OS/2 LANs encompassing about 1000 workstations. Finally, moved laterally to a "Mentor" position allowing for greater technical involvement in my work. Led a team responsible for all LANs in the largest GSC cheque production site (NCRSO) in Canada. Was responsible for LANs encompassing approximately 400 machines, including critical non-stop cheque production LANs which required 24-hr on-call support. Microtechnology Officer, Mentor (Jul/95 - Sep/96): - Administered three critical Netware 3.1x LANs, one non-stop IBM OS/2 Cheque Production LAN, and IBM SNA gateways. - Guided a team of 6 technical support officers. - Provided theoretical and hands-on training to team members. - Coordinated, prioritized, and monitored distribution and completion of projects and tasks at my site. - Evaluated LAN hardware and software for all 5 Ottawa GSC sites. - Implemented fault tolerance for all Netware LANs (various levels, including SFT 2.5 primary/backup servers, SFT 2 duplexing, and SFT 1 mirroring). - Documented contingency planning procedures. Microtechnology Officer, Coach (Mar/94 - Jun/95): - Standardized technical processes at all sites. - Identified and coordinated all training activities for all technical support officers within the team. - Coordinated all project activities at all sites. - Acted as a contact for crisis situations. - Provided assistance and coordination to mentors at different sites. - Interviewed people to recruit new technical support staff. - Performed ring splits to accommodate growth and optimize performance. - Developed a Gupta SQL Windows application to monitor skills and co-ordinate training for individuals within the Production-LAN Support Group. Microtechnology Officer, LAN Administrator (Jul/91 - Mar/94): - Installed, maintained, diagnosed problems with, and was involved in the administration of several Token Ring and Ethernet Netware LANs. - Provided enduser support and technical support of diverse networked hardware, software and applications linked in a WAN environment. - Was involved in the installation and troubleshooting of a Cubix dialin communications server at the RCMP (Royal Canadian Mounted Police) office. - Promoted to Microtechnology Officer, Coach in March 1994. CERTIFICATION and EDUCATION CERTIFICATION: CheckPoint Certified Security Administrator (CCSA) January 2004 CERTIFICATION: Cisco Certified Network Associate (CCNA) February 2002 CERTIFICATION: Certified Novell Engineer (CNE) December 1995 PROFESSIONAL TRAINING COURSES 1991 - 1996 Technical Courses (Various Institutions): - Total of 14 courses, including HP-UX 10.x, Netware 4.x, TCP/IP, Routing/Bridging, Network Security, High Performance Cabling. Soft Skills Courses (Public Service Commission, Canada): - Project Management; Time Management for Managers and Professionals; Negotiating Skills; Coaching Skills; Career Management; Consulting Process UNIVERSITY OF OTTAWA 1987 - 1991 Graduated with honors. Bachelor of Science (B.Sc.) degree in degree in Computer Science. TECHNICAL SKILLS Networking: - Cisco Hardware: Wide range of routers (e.g., 6509, 75xx, 72xx, 251x, 4700, 3640, 76x), switches (e.g., 5000, 290x, 29xxXL, 19xx, 28xx, 3000), firewall (PIX), and VPN concentrators (e.g. 30xx) - Other Hardware: Extreme BlackDiamond routers & Summit switches, HP products, e.g. HP AdvanceStack hubs; Bay Networks synoptics hubs. - Technology: Ethernet, Fast Ethernet, Token Ring, 802.1q VLANs, ADSL, wireless (802.11b), HDSL, Frame Relay, ATM, ISDN, site-to-site and remote access VPNs - Cabling: 100baseT, 100baseF, 10baseT, 10base2 - Protocols: layer 3 (IP, IPX), routing (RIP, RIPv2, OSPF, BGP4), multicast (PIM, DVMRP), group management (IGMP, IGMPv2, CGMP) - Operating Systems: Cisco IOS through version 12.0, Netware 3.1x and 4.x - Management: CiscoWorks for Switched Internets, Cisco Resource Manager, HP Openview, Netware Management System (NMS), Cricket - Diagnostic Tools: tcpdump, sniffer, LANwatch, snoop, switch probes, protocol analyzers, Fluke Enterprise LANMeter, kismet - Traffic Analysis: open source tools (e.g. ntop, nettop), cisco netflow - DNS/DHCP: Bind 9, Cisco Network Registrar, ISC DHCP server Operating Systems: Redhat Linux, Windows 98 and 95, Windows XP, MS-DOS, other UNIX variants (Solaris 2.5, SunOS, HP-UX 9 and 10) PERSONAL - I am a legal permanent resident of the United States, and I am a citizen of Canada. - I am a native speaker of English, and am also fluent in spoken and written French and in spoken Bengali. ------------------------------------------------------------------------ This document was last updated on April 25, 2004. The current version is available from http://www.mukherjee.net/nita/