Summary
Overview
Work History
Education
Skills
Websites
Timeline
Generic

Harshitha S

Dallas

Summary

  • Highly motivated and results-driven Senior Network Engineer with 7+ years of extensive experience in IP network design, integration, deployment, and advanced troubleshooting across diverse enterprise, data center, service provider, and multi-cloud environments.
  • Specialist in deploying and managing Arista Networks solutions including EVPN-VXLAN data center fabrics, L2LS/L3LS architectures, and CVaaS for large-scale enterprise and service provider networks.
  • Expertise in building greenfield and brownfield Arista deployments using 7000 Series platforms (7280CR3, 7050SX3, 7500E, 7368X4) with eBGP underlay/overlay, MLAG redundancy, VARP gateway, and multi-region DCI connectivity.
  • Proficient in integrating Arista EOS with multi-vendor environments including Cisco Nexus-to-Arista migrations, CheckPoint/Palo Alto firewall peering, F5 BIG-IP load balancers, and Cisco SD-WAN edge routing.
  • Expertise in designing and implementing advanced Cisco SD-WAN (Viptela, Versa, Silver Peak) solutions and Cisco ACI fabric for data center modernization.
  • Experienced in automating EVPN-VXLAN fabric deployments using AVD collection, generating device configurations from structured YAML inventory files, and validating network state with AVD post-deployment testing and eos_validate_state roles.
  • Skilled in engineering secure hybrid cloud connectivity using AWS Direct Connect and Transit Gateway, with hands-on experience terminating circuits on Arista border leafs and establishing eBGP peering to AWS/Azure/GCP.
  • Proficient in designing and managing AWS VPCs, subnets, routing, and security groups. Experience with Route 53, CloudWatch, and network traffic monitoring in AWS environments for operational visibility and high availability.
  • Expertise in implementing ExpressRoute for high-throughput private connectivity and Azure Firewall for centralized security policies.
  • Proficient in configuring VNets, Network Security Groups (NSGs), and Azure VPN Gateway to enable scalable, secure hybrid cloud architecture.
  • Familiar with GCP’s Identity-Aware Proxy (IAP), firewall rules, and operations suite for monitoring and securing cloud-native environments.
  • Demonstrated experience in supporting hybrid infrastructure services, including hardware, operating systems (Windows Server, Linux), and both network and software platforms in high-availability cluster environments.
  • Experienced in Infrastructure as Code (IaC) using Terraform for provisioning and managing cloud network infrastructure in AWS and Azure.
  • Adept at managing advanced load balancing solutions including F5 BIG-IP (LTM, GTM, iRules, ASM) and Citrix NetScaler ADC.
  • In-depth knowledge of routing protocols including BGP (complex path manipulation, RPKI, BFD for sub-second convergence), OSPF (multi-area design, NSSA), EIGRP, across enterprise and data center environments.
  • Skilled in wireless network design and management using Cisco WLCs (Catalyst 9800), Aruba Mobility Controllers, and Cisco Meraki, including Ekahau site surveys.

Overview

8
8
years of professional experience

Work History

Professional Services Network Engineer

Arista Networks
09.2024 - Current
  • Deployed brownfield EVPN-VXLAN fabric infrastructure across 6 data centers using Arista 7280CR3 spines and 7050SX3 leafs with eBGP underlay and BGP EVPN overlay supporting 200+ production devices.
  • Configured BGP routing with eBGP peering between spines and leafs using /31 point-to-point links, implementing EVPN address-family with send-community extended for Type-2 and Type-5 route propagation.
  • Engineered EVPN multi-domain DCI over metro dark fiber circuits connecting four data centers, re-advertising Type-2/3/5 routes with next-hop-self to enable 70+ VRF stretch, 700+ VLAN stretch, and active-active workload mobility with optimized VTEP flood-lists.
  • Implemented VXLAN overlay networks with VTEP source interfaces on Loopback1, enabling Layer 2 extension across Layer 3 underlay fabric with 86 VRF instances supporting multi-tenant environments.
  • Built EVPN-VXLAN symmetric IRB architecture using L3VNI per VRF, configuring anycast gateway with VARP for active-active Layer 3 routing across MLAG leaf pairs.
  • Configured OSPF multi-area design with Area 0 backbone for underlay routing, implementing NSSA areas for external route filtering and BFD for sub-second failure detection.
  • Deployed BGP route-reflector architecture for EVPN overlay on spines eliminating full-mesh iBGP peering requirements, validating EVPN route propagation across 150+ leaf switches.
  • Configured BGP graceful restart with restart-time 300 seconds and stalepath-time 360 seconds on eBGP sessions, ensuring seamless route retention during planned maintenance.
  • Implemented MTU optimization setting underlay to 9214 bytes and overlay to 9100 bytes, accommodating 54-byte VXLAN encapsulation overhead without packet fragmentation.
  • Implemented MLAG across 60+ leaf pairs with active-active redundancy, configuring peer-link on Port-Channel interfaces with VLAN trunk via management VRF heartbeat.
  • Configured VXLAN flood lists using Head-End Replication (HER) without multicast dependency, validating MAC address learning via EVPN Type-2 route advertisements.
  • Automated Arista EOS fabric provisioning using Ansible AVD framework with YAML data models, Jinja2 templates, and Git-based version control for 200+ devices.
  • Integrated Cisco SD-WAN Viptela with Arista 7500E border leafs via eBGP AS 65515, redistributing 1,200+ routes to 250 branch edge routers over dual 100GbE uplinks.
  • Deployed F5 BIG-IP and NetScaler clusters with LACP, advertising VIPs via BGP /32 routes, implementing PBR + DSCP marking for SNAT/USIP mode traffic steering.
  • Deployed out-of-band management network using dedicated L2LS topology with 7050SX3 OOB cores and 7010TX leafs, supporting 68 management devices with isolated MGMT VRF.
  • Implemented DNS integration using BlueCat appliances with anycast /32 advertisements via eBGP, configuring recursive lookups and split-horizon policies across production VRFs.
  • Configured CVP Studios for automated compliance checks (TACACS+, NTP, ACL audits) and ZTP DHCP relay/option 67 infrastructure for mass device provisioning, generating weekly reports and auto-remediating drift via configlet pushes.
  • Executed multi-vendor migration from Nexus to EOS, translating vpc/vrf context/HSRP configuration to mlag/vrf instance/VARP, validating routing parity across migration windows.
  • Integrated CheckPoint security gateways with border leafs transitioning from Layer 2 subinterface to MLAG with SVI-based eBGP, implementing AS-override for inter-VRF routing.
  • Integrated Palo Alto PA-5250 with Arista 7010T using eBGP and BFD (300ms interval, 3x multiplier) for sub-second failover across 18 DMZ VRFs.
  • Deployed AAA infrastructure with TACACS+ and RADIUS servers, configuring source-interface binding, AAA for exec and commands level 15 with local fallback.
  • Built WAN edge using Cisco Catalyst 8000V dual-homed to Arista 7358X4, configuring BGP multihop, BFD (250ms), AS-path prepending, and local-preference 200.
  • Onboarded Cisco ISE 3.1 with Arista 7020SR, enabling 802.1x and RADIUS CoA for dynamic VLAN assignment across 3,500 endpoints with dACLs.
  • Implemented 802.1X dynamic VLAN assignment with multi-host authentication, MAC-based authentication, LLDP bypass for VoIP phones, unauthorized VLAN egress for endpoints.
  • Configured control plane protection using service ACLs for SSH/SNMP/eAPI access, implementing copp-system-policy with platform-specific class maps for IPv4/IPv6.
  • Deployed AWS Direct Connect 10Gbps on Arista 7150S with 802.1Q private VIF, configuring eBGP to AWS ASN 64512 and advertising 45 on-prem subnets to Transit Gateway.
  • Configured Azure ExpressRoute on Arista 7060CX pairs using LACP and BGP prefix-lists to control 30+ VNet routes with MED-based path selection.
  • Configured Aruba ClearPass 6.10 with Arista 7048T using TACACS+ and RADIUS, implementing 50+ IoT profiling policies with automated VLAN assignment.
  • Architected CloudVision-as-a-Service deployment with TerminAttr streaming telemetry to cloud endpoints on port 443, utilizing Studios with Jinja2 configlets for provisioning.
  • Documented network architecture with topology diagrams, CRD, LLD, HLD and runbooks for troubleshooting EVPN-VXLAN fabric issues, delivering KT sessions to operations teams.

Senior Network Engineer

Austin Energy
Austin, TX
08.2023 - 08.2024
  • Led the planning and multi-phase rollout of Cisco SD-WAN (Viptela) across 250+ sites, replacing legacy MPLS circuits to enhance application performance and cut WAN costs, deployed using Cisco ISR 4000 and Catalyst 8000 Series routers.
  • Optimized advanced Viptela SD-WAN policies for Application-Aware Routing (AAR), traffic engineering using BFD triggers, and dynamic QoS to prioritize critical utility applications.
  • Implemented Direct Internet Access (DIA) with integrated Zscaler cloud security (ZIA) for secure internet access at branch locations.
  • Managed and ensured high availability for vManage, vSmart, and vBond controllers (v20), including certificate management and disaster recovery protocols for the SD-WAN fabric.
  • Installed Cisco ACI (APIC version 5.x/6.x) in dual multi-POD data centers, utilizing Cisco Nexus 9000 Series (9300/9500) switches as spines and leafs, including APIC cluster setup and fabric discovery.
  • Configured virtual networking in lab environments with Catalyst 9000, Juniper MX routers, Arista 7000 switches, deploying BGP, OSPF, VLANs to mirror production topologies.
  • Supported developer testing with Cisco Nexus 9000 ACI integration and VMware vCenter VMM for VM-aware network policies.
  • Delivered escalated tier support internally and with vendors, resolving complex Layer 2/3 network issues across multi-vendor environments.
  • Applied end-to-end QoS (LLQ, WRED, DSCP mapping) for VoIP (Cisco CUCUM 14.x) and video over SD-WAN, LAN, and WLAN.
  • Implemented Juniper Junos-based Layer 2 and Layer 3 fabric architectures replicating Arista’s VXLAN EVPN overlays, including route reflector setup and BGP EVPN control plane migration.
  • Integrated and validated Cisco ACI L3Outs using OSPF (Area 0, NSSA) and BGP (iBGP/eBGP with AS path prepending, MED tuning) for resilient external and shared services connectivity.
  • Troubleshoot complex lab network/cloud issues using Wireshark, Cisco IOS-XE, Junos OS CLI, and cloud provider tools.
  • Installed, upgraded and maintained Palo Alto Networks PA-5200/PA-7000 series firewalls (PAN-OS 10.2/11.0) in active/passive HA pairs at data center perimeters and internet edges.
  • Developed granular security policies on Palo Alto firewalls utilizing App-ID, User-ID, Content-ID, and advanced Threat Prevention (WildFire, DNS Security, Anti-Spyware).
  • Implemented GlobalProtect VPN (v5.x/6.x) for 10,000+ users, featuring SAML integration with Okta for MFA, and Host Information Profile (HIP) checks for endpoint compliance.
  • Acted as Load Balancing SME for enterprise applications, providing architecture design, platform upgrades, and advanced troubleshooting across F5 BIG-IP, Citrix NetScaler, and Infoblox/BlueCat DDI platforms, ensuring resiliency and HA for mission-critical services.

Network Engineer

UCLA
Los Angeles, CA
08.2021 - 07.2023
  • Managed a campus-wide network refresh for hospital system, migrating aging Cisco switches to Catalyst 9300/9400 Series (IOS-XE), enhancing performance, enabling modern features.
  • Segmented departmental traffic using VLANs (Clinical, Admin, Guest, Medical Devices/IoT) and implemented QoS for critical healthcare applications (PACS, EMR, Telemetry).
  • Optimized internal routing using OSPF (multi-area design) across the extensive hospital campus network for efficient and resilient L3 connectivity.
  • Managed BGP routing for external connectivity and disaster recovery, implementing route filtering and path selection policies on edge routers.
  • Deployed Palo Alto Networks PA-3200 series firewalls (PAN-OS 10.1/10.2) for securing critical data center segments, implementing application-based security policies and User-ID for granular access control.
  • Configured Cisco ASA 5516-X firewalls (ASA v9.12+) for perimeter security, including granular ACL implementation and managing software updates to ensure security compliance.
  • Configured secure site-to-site IPsec VPNs (IKEv2, AES-256) on Cisco ASA and Palo Alto firewalls to connect the main hospital campus with remote clinics and partner facilities.
  • Leveraged Cisco DNA Center (DNAC v2.x/v2.4) for network assurance, monitoring health of Catalyst 9k switches, employing its analytics capabilities for troubleshooting network issues.
  • Designed and implemented DMVPN (Phase 2/3 using NHRP, IPsec, EIGRP) solutions for secure and scalable connectivity to a cluster of newly acquired outpatient facilities.
  • Administered Symantec Blue Coat ProxySG appliances for secure web gateway solutions, configuring web filtering, and SSL inspection policies to protect against web-based threats.
  • Managed F5 BIG-IP LTM (TMOS v14.x/15.x) solutions for load balancing critical healthcare applications, including VIP creation, pool management, and SSL offloading.
  • Administered Infoblox Trinzic appliances (NIOS 8.x/9.x) supporting over 15,000 DHCP leases and 40,000 DNS records in a multi-data center healthcare environment.
  • Configured Cisco SD-WAN (Viptela) components, including vEdge routers and centralized policies via vManage, for specific pilot programs aimed at enhancing branch connectivity.
  • Planned and executed migration projects transitioning legacy firewall environments to Cisco Meraki security appliances using Meraki APIs for automated provisioning and monitoring.
  • Configured and deployed Silver Peak Unity EdgeConnect SD-WAN to optimize WAN performance for 30+ remote clinics, leveraging dynamic path control.
  • Contributed to Cisco ACI L2/L3 connectivity designs, including L3Out configurations with OSPF for integrating the ACI fabric with the existing hospital network core.

Network Engineer

DISH Networks
Remote
05.2020 - 06.2021
  • Managed and optimized firewall operations across a multi-vendor environment including Cisco ASA/Firepower (FTD v6.4-v6.7), Checkpoint (R80.30/R80.40), and Juniper SRX (Junos 19.x), ensuring high availability and policy compliance for corporate and retail networks.
  • Designed and implemented Palo Alto Networks (PAN-OS 9.1/10.0) security policies, including Application/URL filtering, advanced Threat Prevention (WildFire), and Data Filtering.
  • Supported secure remote access solutions using Cisco FTD (v6.4-v6.7) with AnyConnect, implementing robust VPN policies to ensure data integrity and confidentiality.
  • Secured site-to-site IPsec VPNs (IKEv2, AES-GCM) between corporate headquarters, retail stores, distribution centers, ensuring encrypted and authenticated communication channels.
  • Optimized multi-domain Checkpoint firewall environments, managing policies, NAT rules, and threat prevention enforcing consistent security controls across distributed networks.
  • Performed detailed Cisco ASA 5516-X firewall policy management, including ACL modifications, object management, and software updates.
  • Ensured secure SD-WAN (Cisco Viptela, Versa Networks) deployments by defining security policies for IPsec overlay tunnels, validating policy enforcement, and contributing to SASE integration efforts for branch offices and stores.
  • Secured BGP routing infrastructure by implementing prefix-lists, route-maps for filtering, AS-path prepending for traffic engineering, and RPKI for route origin validation on edge routers.
  • Hardened OSPF and EIGRP routing domains through authentication mechanisms (MD5/SHA), passive-interface configurations, and route redistribution filtering to prevent unauthorized information exchange.
  • Managed secure DNS/DHCP services, implemented SNMPv3 for encrypted monitoring.
  • Utilized Wireshark for deep packet inspection during security incident investigations and troubleshooting.
  • Implemented VLAN segmentation strategies, configured STP security mechanisms (BPDU Guard, Root Guard, Loop Guard) to protect Layer2 infrastructure from instability and attacks.
  • Leveraged MPLS WAN infrastructure for secure and prioritized data transport between retail stores, distribution centers, and corporate offices, ensuring QoS for critical applications.

Network Engineer

Syntel
Hyderabad, India
01.2018 - 03.2020
  • Participated in campus LAN redesign projects for SME clients, focusing on implementing L2/L3 architectures using Cisco Catalyst 2960, 3750, and 3850 series switches.
  • Configured and verified OSPF and EIGRP routing protocols on Cisco routers under the guidance of senior engineers for small to medium-sized client networks.
  • Deployed and troubleshot Cisco Catalyst switches, implementing VTP (client/server modes), STP (RSTP, PVST+), and EtherChannel (LACP/PAgP).
  • Configured First-Hop Redundancy Protocols (HSRP, GLBP) on distribution layer switches to ensure default gateway availability.
  • Provided daily operational support for Cisco ASA 5505/5510 firewalls, managing ACLs for internet, VLAN and internet access, and configuring NAT/PAT as per senior engineer instructions.
  • Assisted in troubleshooting basic site-to-site IPsec VPN connectivity issues on Cisco ASA firewalls, escalating complex issues when necessary.
  • Performed L2/L3 troubleshooting of network connectivity, performance issues using tools such as Wireshark for basic packet analysis, Ping, Traceroute, and detailed switch/router CLI diagnostics (show commands, debugs), resolving an average of 15+ tickets per week.
  • Managed IOS upgrades for Cisco routers (2800, 2900, 3800, 3900 series) and switches, ensuring adherence to client change management processes and minimizing service disruption under supervision.
  • Handled DNS and DHCP services on Windows Servers and entry-level Infoblox appliances for various client environments, including scope creation and reservation management.
  • Diligently documented network diagrams using Visio, updated device configurations, and maintained troubleshooting guides and incident resolution steps in ticketing systems.
  • Monitored network device health, availability, and performance using tools like Nagios and WhatsupGold, reporting anomalies to senior staff.
  • Assisted in setting up and tuning basic QoS policies for VoIP traffic on client networks to improve call quality, based on pre-defined templates.

Education

Master of Science - Computer Science

Texas State University
Texas

Skills

  • LAN/WAN Design & Architecture
  • TCP/IP Suite (IPv4/IPv6)
  • SD-WAN
  • VPN (IPsec, SSL, DMVPN)
  • VLAN (8021Q)
  • VTP
  • NAT/PAT
  • STP (RSTP, PVST, MSTP)
  • EtherChannel (LACP/PAgP)
  • MPLS
  • VXLAN
  • EVPN
  • Frame Relay
  • Cisco Routers (ISR 4K, Cat 8K, ASR 1K/9K)
  • Cisco Switches (Catalyst 9K Series, Nexus 2K-9K Series)
  • Juniper Routers (MX Series)
  • Juniper Switches (EX/QFX Series)
  • Arista Switches (7000 Series)
  • OSPF
  • BGP
  • EIGRP
  • RIP
  • IS-IS
  • RIPv2
  • Multicasting
  • Palo Alto
  • Cisco ASA/Firepower
  • Fortinet (FortiGate)
  • Checkpoint
  • Juniper SRX
  • Cisco ISE
  • Aruba ClearPass
  • Zscaler
  • Blue Coat
  • PAP/CHAP
  • Cisco PIX
  • SolarWinds
  • Wireshark
  • Splunk
  • Nagios
  • WhatsupGold
  • Infoblox IPAM
  • HRping
  • Cisco DNA Center Assurance
  • Cisco IOS
  • IOS-XE
  • IOS-XR
  • NX-OS
  • Juniper Junos
  • Arista EOS
  • PAN-OS
  • FortiOS
  • F5 TMOS
  • Linux
  • Windows Server
  • Windows 10/11
  • Cisco ISR (1000, 4000)
  • Catalyst 8000
  • ASR (1000, 9000)
  • Juniper (MX, M & T Series)
  • Cisco (1800-3900, 4300-4500, 7206VXR)
  • F5 Networks BIG-IP (LTM, GTM, iRules, ASM)
  • Citrix NetScaler ADC
  • A10 Thunder ADC

Websites

Timeline

Professional Services Network Engineer

Arista Networks
09.2024 - Current

Senior Network Engineer

Austin Energy
08.2023 - 08.2024

Network Engineer

UCLA
08.2021 - 07.2023

Network Engineer

DISH Networks
05.2020 - 06.2021

Network Engineer

Syntel
01.2018 - 03.2020

Master of Science - Computer Science

Texas State University

Similar Profiles

CREATE PROFILE
Harshitha S