Jeffrey Wilson

Jeffrey Wilson

Network Architect & Automation Engineer

View Resume
Get in Touch

BGP Operations & Incident Response

Diagnosed campus-wide CDN loss as an inbound traffic-steering prefix leak overnight, sent a cold email to a Google network engineer at 8:40am day 2, and had confirmation in hand before the war room reconvened: restored service via peer shutdown within minutes. Followed with RPKI/ROA registration and a permanent BGP advertisement redesign that eliminates the leak vector class. Multihomed ISP policy, RTBH, uRPF, and carrier WAN boundary design across a 20-year arc.

Read the full story →

Network Automation

Built production automation across the full threat response lifecycle — RTBH blackhole injection via iBGP, email parsing, and Quagga CLI wrapping — replacing a multi-step approval workflow with a single-operator paste operation. Authored a TextFSM template corpus against five OS families with preflight coverage reporting and per-site gap analysis. Splunk, Palo Alto, CA Spectrum, and DHCP telemetry pipelines built in Perl and Python; homegrown NMS/IPAM validated by commercial replacement on departure.

Read the full story →

Campus Fabric Architecture

Enforced NNI-only core boundary on the 2024 campus overhaul against organizational pushback — held design position through completion on the basis that collapsing edge ports onto core merges failure domains and destroys deterministic troubleshooting. Guided distribution-layer VRF design and provided architectural clarity on isolated FIB sharing a common SPBM backbone. Consolidated the LEARN provider boundary in 2023 by learning IOS-XR l2transport to collapse a discrete L2 breakout switch into ASR subinterfaces — eliminated dedicated hardware, reduced capex, and cleaned the provider handoff stack.

See the work →

Cross-Domain Authority

Owned the baylor.edu identity and HTTP architecture for 15 years — Palo NAT, F5 iRules, DNS, and SSL SAN cert stack — across four teams with no organizational mandate over any of them. Execution ran on reputation and trust; architecture scaled from 16K to 20K students and 1G to 2x10G ISP handoff without redesign. Personally built and operated F5 BigIP LTM configuration for years before a dedicated specialist was hired; retained architectural lead on novel point solutions even after the specialist came aboard.

See the work →

Observability

Built a multi-source Grafana stack at zero budget and own initiative: Statseeker, Palo Alto HA pair session counts, DHCP pool utilization, and CA Spectrum asset data — all correlated in InfluxDB via custom Perl pipelines. Session count color-coding detected unexpected HA failover events five to six times over five years. DHCP pool alerting triggered wireless admin rebalancing workflow before client impact.

See the work →

Overlay Networking

Network architecture advisor on NSX-v deployment and subsequent NSX-T transformation; SME for VXLAN-to-Geneve encapsulation migration and underlay implications. Led brownfield discovery and design-artifact generation for a multi-state hospital fabric upgrade targeting Cisco replacement — identified root cause of a production outage at the SPBM/Cisco boundary before either vendor team did.

See the work →

Selected Writing

  • 460 Devices, No Documentation, and the Pipeline That Changed That

    The engagement had 460 managed devices and no current topology documentation. Network topology automation was the only viable path — manual spreadsheet work would have taken weeks and produced a point-in-time artifact no one could re-run. The Cisco design team needed three structured deliverables before they could move: device inventory, physical topology graph, VLAN/service map.…

  • 1500 != 1500: MTU, OSPF ExStart, and a 14-Byte Blind Spot

    What OSPF is actually doing when it stalls in EXSTART, why MTU is the non-obvious suspect, and what to check first when you hit it.

  • When the Fix Becomes the Failure: ECMP, Zone Protection, and a 64KB Ceiling

    Three ECMP firewall cutovers went cleanly. The fourth did not — and the cause turned out to be Palo Alto MSS clamping, hidden inside a zone protection profile that had passed through three clean rollouts undetected. It was the highest profile pair in the sequence, sitting at the data center boundary. The Setup The Baylor…