Professional Summary :
o 15 years of experience in software product development with 5+ years in people management.
Experience Summary :
Cisco Systems India Private Limited Sr. Manager Mar 2011 – till date
Cisco Systems India Private Limited Manager Sep 2006 – Feb 2011
Cisco Systems India Private Limited Software Engineer Jan 2001 – Aug 2006
Aquila Technologies Private Limited Software Engineer Aug 2000 – Nov 2000
Accord Software and Systems Private Limited Software Engineer Aug 1997 – Aug 2000
Educational Qualification :
- Bachelor of Engineering (Computer Science) from Gogte Institute of Technology, Belgaum with 81% aggregate score.
- Pre-university at Jagadaguru Tontadaraya College, Gagag, with 78% aggregate score.
- Schooling at Loyola High School, Gadag.
Technical Skills :
Operating System: Cisco IOS, Linux, HP-UX (HP –Unix), Windows 98/NT/XP,
Languages: C, TCL
Networking:IP/IPv6, BGP, OSPF, EIGRP, OSPF, RIP, ODR, CDP, NHRP, MPLS, L2TP, GRE, LISP
Security: IKE/IPSec, Kerberos, PAM, SSH, SSL, PKI
Technologies: IKE/IPSec VPNs, DMVPN, GETVPN, SSLVPN, EzVPN, Virtualization, Cloud Computing, DCE, SNMP/MIBs
Products: VMWARE, Cisco Routers, Cisco Switches, HP Systems, Vyatta
Utilities/Tools: Clearcase, CVS, GDB, XRAY, Purify, Profilers, CDETS/DDTS
Trainings Undergone:
- Management Fundamentals
- 7 Habits of Highly Effective People
- HBDI – Human Brain Development Index
- Cisco Business Essentials
- Cisco Certified Network Assistant (CCNA)
- Cisco IOS Bootcamp
Last Role
I’m responsible for complete delivery of IOS IPSec/SSL based VPNs (SSLVPN, FlexVPN, DMVPN, EzVPN, Remote-Access VPNs). My team is structured with two managers, one focused on core technology and other on VPN solutions. My primary role includes VPN strategy development and execution.
Achievements in Leadership Role.
Ø Leadership of Cisco IOS VPN solution by successfully defining VPN strategy and execution.
o Expanding the reach by propagating VPN technology to several new platforms – ASR1000, Cat3K, Cat4K. Currently working on NXOS.
o Collaboration with several technology groups (NSSTG, MARSBU, EARBU, ISBU, ESTG, Product Marketing and Release Ops) to deliver VPN technology.
o Innovation and execution has been the hallmark of the team to maintain leadership in VPN technology. To its credit team has several patents, IETF drafts/RFCs and Cisco pioneer award.
o Led the IPv6 initiative to make VPN technologies IPv6 compliant.
Ø Cross-functional initiatives
o Accelerate Go-To-Market by optimizing SDLC (Software Development Life Cycle) process.
o Adoption of IOU (IOS on Unix) for development, test and automation, thus significantly improving productivity.
Ø People Development
o Periodic trainings (soft skills and technical skills) for the team.
o EmTLP (Enroll high potential engineers in technical leadership program)
o
Projects Executed (Reverse chronological) :
Title: FlexVPN Spoke-Spoke Feb 2011 - June 2011
Role: Manager
Team size: 2
Description:
FlexVPN is next generation VPN solution that unifies DMVPN, EzVPN and Remote-Access VPN solution. My team worked on embedding DMVPN functionality into FlexVPN solution for a complete unified solution.
Title: Dynamic Multipoint VPN (DMVPN) Aug 2006 - Apr 2011
Role: Manager
Team size: 7
Description:
Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software solution for building scalable IPsec Virtual Private Networks (VPNs). Cisco DMVPN uses a centralized architecture to provide easier implementation and management for deployments that require granular access controls for diverse user communities, including mobile workers, telecommuters, and extranet users.
Cisco DMVPN allows branch locations to communicate directly with each other over the public WAN or Internet, such as when using voice over IP (VOIP) between two branch offices, but doesn't require a permanent VPN connection between sites. It enables zero-touch deployment of IPsec VPNs and improves network performance by reducing latency and jitter, while optimizing head office bandwidth utilization.
Functionality:
Ø DMVPN Phase 1 - Hub & Spoke VPN
Ø DMVPN Phase II - Spoke-Spoke VPN
Ø DMVPN Phase III - Shortcut Switching
Ø DMVPN Usability enhancements - NHRP MIB, Syslogs, UI enhancements
Ø DMVPN scalability - Improve scale from 350 to 6000 tunnels.
Ø DMVPN Platform support - Porting to ASR1000
Ø DMVPN IPv6
Ø DMVPN integration with DHCP, QoS
Ø DMVPN Modularity and Componentization
Ø Network Segmentation with DMVPN (2547 over DMVPN)
Responsibilities:
Led a team of seven smart engineers. From inception to full-fledged solution, it was fully developed by the team with several engineering innovations. The team has several patents to its credit. Team delivers about 2-3 features in 4 month release cycle. DMVPN now commands 10000+ customers and contributes $300M towards cisco's revenue annually.
DMVPN solution is a combination of networking technologies namely; IPSec, NHRP, GRE, Routing protocols (BGP, OSPF, EIGRP, RIP, ...) owned by different teams within cisco. The development demands extensive collaboration and negotiating skills with the peer Business Units.
Title: Virtualization and Cloud Security Oct 2010 – Dec 2011
Role: Project Manager
Team size: 6 people
Description:
Virtualization and Cloud Security is a program to provide Security Services in virtual environments. It includes Access Security (VPNs), Threat Defense (IPS, IDS, Firewall), Storage Security and many others. I'm required to come up with access security strategy in the cloud environments and deliver to it. The focus includes virtualization of CISCO VPN technologies namely IPSec VPNs, DMVPN, GETVPN and SSLVPN to enable in cloud environments.
Goals:
Ø Virtualization and Cloud Access Strategy for VPNs (In-Progress)
Ø Development of VPNs solutions for the cloud environments. (In-Progress)
Responsibilities:
Ø Understanding virtualization and cloud technologies, defining VPN requirements and coming up with VPN strategy for cloud access.
Ø Coordination between marketing, development, test and release teams and preparing a development plan.
Ø Execution Commit of the plan, Status updates, Escalation handling, conflict resolution and other support functions.
Title: Secure Shell (SSH) Jan 2009 – till date
Role: Manager
Team size: 3
Description:
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.[1] The two major versions of the protocol are referred to as SSH1 or SSH-1 and SSH2 or SSH-2. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis.[2] The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
Functionality:
Ø SSH sustaining
Ø SSH Quality
Ø SSH: RSA support
Ø SSH Host Key Support
Ø VRF-Aware SSH
Ø Componentization for T, mcp_dev, dsgs7 release trains
Responsibilities:
SSH was transitioned to me in Jan 2009 with primary goal to improve quality. As part of the effort we set a target to reduce CFD (customer found defects) by 50% by improving quality and bring down resource utilization from three to one engineering. Both the goals were successfully achieved. We started with series of discussions on IOS SSH implementation and its interactions with other subsystems like TCP, TTY and documented it. In the process team identified hot-spots and redesigned parts of the software. In additional to quality, team is responsible for delivering new requirements for SSH and delivered upon the features/functionality listed above.
Title: Mosaic Mar 2010 – till date
Role: Project Manager
Team size: 5-10 people
Description:
Mosaic is a program to make Cisco's IPSec stack and IPSec solutions IPv6 compliant. It is part of umbrella program Borderless Network IPv6 (BNv6) to make all Cisco Product’s IPv6 complaint. It is a cross-BU effort involving more than 6 teams. It is a four phase program spanning over a period of 18 months. The phases, their deliverables and status are listed below:
Functionality:
Ø Mosaic Phase I – USGv6 compliance (completed – Aug 2010)
Ø Mosaic Phase II – DMVPNv6, IPSec Infrastructure, FlexVPN, SSLVPN Infrastructure, PKIv6 (completed – Dec 2010)
Ø Mosaic Phase III – IPSec MIBs, 4301 compliance Phase I (development in progress)
Ø Mosaic Phase IV and beyond – GETPVNv6, HA, 4301 compliance Phase II, FlexVPNv6 (planning in progress)
Responsibilities:
Ø Working with Marketing to identify and prioritize requirements.
Ø Coordination between marketing, development, test and release teams and preparing a development plan.
Ø Execution Commit of the plan, Status updates, Escalation handling, conflict resolution and other support functions.
Title: IPSec support on ASR1000 Platform Mar 2008 – June 2010
Role: Project Manager
Team size: 5-10 people
Description:
The Cisco® ASR 1000 Series Aggregation Services Router product line includes security capabilities that are built into the platform and do not require service blades. Security features are viewed as integral parts of the base Cisco ASR 1000 Series product rather than as add-on service modules. We were required to port IPSec stack and IPSec VPN solution on the platform and new feature development.
Functionality:
Ø IPSec stack port to ASR1000 and (Release - RLS3/12.2(33)XNC)
Ø IPSec feature development of ASR1000 (Release – RLS4, RLS5, RLS6, RLS7)
Responsibilities:
Ø IPSec stack port from T train to ASR1000 platform was a big challenge as it was required to deliver in 4 months. It was a huge undertaking as similar effort to port IPSec on cat6k platform has been in progress for more than 9 months that was finally shelved. I took on the challenge to lead the effort with couple of engineers and completed in about 3 months. As part of the development, my role included:
o Building the requirements with marketing and prioritizing the requirements.
o Coordination between marketing, development, test and release teams and preparing a development plan in close collaboration with the ERBU platform team.
o Execution Commit of the plan, Status updates, Escalation handling, conflict resolution and other support functions.
o
Ø I was responsible for interfacing with ERBU for all the requirements for the platform and successful delivery of IPSec features in RLS4, RLS5, RLS6, RLS7. The other activities that required were:
o Building queries for bug tracking and identifying holes using scrubber tool.
o
Title: DMVPN Shortcut Switching
Company: Cisco Systems India Private Limited
Role: Software Engineer
Duration: 4 months
Code Size: 4 KLOC
Team Size: 1
Description:
DMVPN - Shortcut Switching: The Shortcut Switching Enhancements for NHRP in DMVPN Networks feature provides a more scalable to deploy DMVPN. Key benefits of the feature are: Route summarization, Zero traffic loss, flexible topologies (heirarchical, partial mesh, etc.), spoke-spoke is feasible with ODR.
My Role:
Ø Worked with TAC (Mike Sullenberger) to understand problem statement, potential solutions and then designed and implemented NHRP redirect and NHRP shortcut functionality. As part of shortcut switching feature, I also implemented spoke-spoke tunneling in NAT environments when one or both spokes are behind NAT devices. NHRP redirects and spoke-to-spoke with NAT was a new innovation.
Title: Static Virtual Tunnel Interface (SVTI), Dynamic Virtual Tunnel Interface
Company: Cisco Systems India Private Limited
Role: Software Engineer
Duration: 4 months
Code Size: 3 KLOC
Team Size: 1
Description:
IP security (IPsec) virtual tunnel interfaces (VTIs) provide a routable interface type for terminating IPsec tunnels and an easy way to define protection between sites to form an overlay network. IPsec VTIs simplify configuration of IPsec for protection of remote links, support multicast, and simplify network management and load balancing.
My Role:
Ø Define problem statement – IPSec remote-access solutions have several shortcomings compared to PPP remote-access solution. In order to leverage common infrastructure and align with other access solutions, it was desired to implement VTI.
Ø Design and Implementation – Leverage tunnels and virtual-template infrastructure to implement VTI
Title: IPSec integration with PKI-AAA
Company: Cisco Systems India Private Limited
Role: Software Engineer
Duration: 4 months
Code Size: 1 KLOC
Team Size: 1
Description:
PKI - AAA Integration: Allows router to use an AAA server at the back-end to provide authorization; provides granular control based on certificate fields. It is desired to integrate this functionality for better access control of the users.
My Role:
Ø Define a problem statement, design and implement.
Title: VRF-Aware IPSec
Company: Cisco Systems India Private Limited
Role: Software Engineer
Duration: 6 months
Code Size: 5 KLOC
Team Size: 2
Description:
The VRF-Aware IPsec feature introduces IP Security (IPsec) tunnel mapping to Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). Using the VRF-Aware IPsec feature, you can map IPsec tunnels to Virtual Routing and Forwarding (VRF) instances using a single public-facing address.
My Role:
Ø Design and Implementation in Cisco IOS.
Title: Distribute Computing Environment (DCE)
Client: Hewlett Packard
Role: Software Engineer
Duration: 3 years
Team Size: 12
Description:
The OSF Distributed Computing Environment (DCE) is an industry-standard, vendor-neutral set of distributed computing technologies. DCE is deployed in critical business environments by a large number of enterprises worldwide. It is a mature product with three major releases, and is the only middleware system with a comprehensive security model.
DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments. DCE is a key technology in three of today's most important areas of computing: security, the World Wide Web, and distributed objects.
My Role:
Ø Sustaining and development of DCE conrol program (DCECP)
Title: PAM-Kerberos
Client: Hewlett Packard
Role: Software Engineer
Duration: 4 months
Team Size: 1
Description:
Pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independent of the underlying authentication scheme.
My Role:
Ø Design and development of Kerberos pluggable authentication module.
Consulting Services :
Project: VSS to CVS Migration
Client: Aztec Software and Services Pvt Limited.
• Design and develop VSS to CVS migration tool.
• Migrate existing source code from VSS to CVS
• CVS Training for users and administrators.
Project: Office Setup
Client: Pixel Infotek Private Limited
• Design and setup LAN network
• Setup Squid proxy for Web Access control and caching
• Setup Linux based firewall and VPN.
Project: Office network setup
Client: Vizury Interactive
As a Infrastructure consultant, my role was to
• design network with following capabilities
o load-balancing,
o resiliency,
o bandwidth management and traffic prioritization
o UTM
• Evaluate multiple vendor products (Cyberoam, SevaSys) and recommend for their office.
• Setup Vyatta system as a backup system in case any of the vendors do not qualify.
Patents :
* Continuing ISAKMP & IPSec security associations after address of
endpoints change [Cisco]
* Method and System for Learning Network Information [Cisco]
* Methods and apparatus for providing shortcut for a virtual private network [Cisco]
* Optimized Dynamic Multipoint Virtual Priviate Network Over IPv6 Network [Cisco]
* IP SECURITY WITHIN MULTI-TOPOLOGY ROUTING [Cisco]
* Any to Any Multicasting In A Tunnel Based Virtual Private Network [Cisco]
Personal Details :
Father’s Name : Manikchand R Bafna
Date of Birth : 7th Oct 1975
Sex : Male
Nationality : Indian
Marital Status : Single
Languages Known : English, Kannada, Hindi, Marwadi.
Communication Address : #14, 4th cross, 4th block, Kumarapark West, Bangalore - 560020
Permanent Address : #25, Mahaveer Colony, Near Cotton Market,Gadag - 582101
