Jeffrey Wilson

Jeffrey Wilson

Network Architect & Automation Engineer

View Resume
Get in Touch

BGP Operations & Incident Response

Diagnosed campus-wide CDN loss as an inbound traffic-steering prefix leak overnight, sent a cold email to a Google network engineer at 8:40am day 2, and had confirmation in hand before the war room reconvened: restored service via peer shutdown within minutes. Followed with RPKI/ROA registration and a permanent BGP advertisement redesign that eliminates the leak vector class. Multihomed ISP policy, RTBH, uRPF, and carrier WAN boundary design across a 20-year arc.

Read the full story →

Network Automation

Built production automation across the full threat response lifecycle — RTBH blackhole injection via iBGP, email parsing, and Quagga CLI wrapping — replacing a multi-step approval workflow with a single-operator paste operation. Authored a TextFSM template corpus against five OS families with preflight coverage reporting and per-site gap analysis. Splunk, Palo Alto, CA Spectrum, and DHCP telemetry pipelines built in Perl and Python; homegrown NMS/IPAM validated by commercial replacement on departure.

Read the full story →

Campus Fabric Architecture

Enforced NNI-only core boundary on the 2024 campus overhaul against organizational pushback — held design position through completion on the basis that collapsing edge ports onto core merges failure domains and destroys deterministic troubleshooting. Guided distribution-layer VRF design and provided architectural clarity on isolated FIB sharing a common SPBM backbone. Consolidated the LEARN provider boundary in 2023 by learning IOS-XR l2transport to collapse a discrete L2 breakout switch into ASR subinterfaces — eliminated dedicated hardware, reduced capex, and cleaned the provider handoff stack.

See the work →

Cross-Domain Authority

Owned the baylor.edu identity and HTTP architecture for 15 years — Palo NAT, F5 iRules, DNS, and SSL SAN cert stack — across four teams with no organizational mandate over any of them. Execution ran on reputation and trust; architecture scaled from 16K to 20K students and 1G to 2x10G ISP handoff without redesign. Personally built and operated F5 BigIP LTM configuration for years before a dedicated specialist was hired; retained architectural lead on novel point solutions even after the specialist came aboard.

See the work →

Observability

Built a multi-source Grafana stack at zero budget and own initiative: Statseeker, Palo Alto HA pair session counts, DHCP pool utilization, and CA Spectrum asset data — all correlated in InfluxDB via custom Perl pipelines. Session count color-coding detected unexpected HA failover events five to six times over five years. DHCP pool alerting triggered wireless admin rebalancing workflow before client impact.

See the work →

Overlay Networking

Network architecture advisor on NSX-v deployment and subsequent NSX-T transformation; SME for VXLAN-to-Geneve encapsulation migration and underlay implications. Led brownfield discovery and design-artifact generation for a multi-state hospital fabric upgrade targeting Cisco replacement — identified root cause of a production outage at the SPBM/Cisco boundary before either vendor team did.

See the work →

Selected Writing

  • When the Spec Is the Only Source of Truth

    This post began as a LinkedIn reflection on RFC reading and first-principles thinking. The story went deeper into RFC 2865 RADIUS authentication than a LinkedIn post could hold. RFC 2865 RADIUS Authentication The authentication failures were intermittent. Not every packet. Not every user. Just enough to know something was wrong at the byte level. I…

  • 460 Devices, No Documentation, and the Pipeline That Changed That

    The engagement had 460 managed devices and no current topology documentation. Network topology automation was the only viable path — manual spreadsheet work would have taken weeks and produced a point-in-time artifact no one could re-run. The Cisco design team needed three structured deliverables before they could move: device inventory, physical topology graph, VLAN/service map.…

  • 1500 != 1500: MTU, OSPF ExStart, and a 14-Byte Blind Spot

    What OSPF is actually doing when it stalls in EXSTART, why MTU is the non-obvious suspect, and what to check first when you hit it.