Summary : Played a pivotal role within the IPsec Data Path QA team, actively participating in design discussions and test plan reviews, performing feature validations, and automating test cases using the in-house Python-based framework.

Worked on the below Features/Activities,

** ACL support to allow fragmented packets in VCS ** - Creating a static 3-tuple stateless ACL derived from the user configured stateful/4-tuple stateless ACL to identify and permit fragmented traffic.

** 0% Probability SPI Collision and Symmetric NAT support ** – Designing a new SPI format that mitigates SPI collisions and also enhancing the existing SPI lookup which is adaptable to various deployment scenarios. Additionally, implementing data path adjustments to allow IPsec NAT probes to effectively handle Symmetric NAT environments.

** Path MTU Discovery Support ** – Facilitating Path MTU discovery support involves acquiring the uplink MTU of the local/remote peer endpoints, utilizing this information to configure the tunnel PMTU and relay feedback to access clients via ICMP when they are engaged in PMTU discovery.

** Strongswan Integration in Test Automation Environment ** – Successfully incorporated Strongswan into the Test Automation framework, extending coverage for a wide range of IKE use cases that customers encounter when utilizing third-party IKE Gateways.

Summary : Responsible for validating Nuage VRS (Virtualized Routing and Switching) features, and conducting platform testing for WBX (DC Gateway).

Worked on the below features,

** AVRS Saner Flow Eviction ** – Safeguarding the control plane flows, specifically the BGP PE-CE and BFD kernel/Fast-Path flows between AVRS and VNF. This protection ensures that these control plane flows are shielded from eviction, which typically occurs during idle periods and major revalidation scenarios, especially in scaled flow conditions..

** AVRS Control Plane Protection ** – Engaged in CPU/Memory footprint dimensioning for AVRS, guaranteeing the protection of control plane packets (such as BGP, BFD, openflow, ARP, etc.) across different interface levels (including Uplink, vhostuser, dpvi, and ovs-netlink) under various conditions. This included considerations for Interface Queues and CPU budget allocation to safeguard the control packets, all verified using Ixia.

** AVRS 2.0(Next Gen 6wind DPDK) ** – Qualification of the Next Gen 6wind DPDK module, built on the foundation of RHEL 8.2. Additionally, responsible for formulating and validating the method of procedure for upgrading existing deployments to RHEL 8.2.

** SSH Enhancements ** – Accommodating the new Encryptions/Authentication algorithms/libraries support for SSH/SFTP/SCP protocols for different authentications methods (like local, Radius and TACACS) on Out-band management and In-Band interfaces.

** WBX Remote Upgrade Support ** – Support for independently upgrading the SROS VM and hypervisor from local disk and from the remote location

** WBX Exposure of Hardware CPU Queue Statistics ** – Displaying the different CPU Queues statistics(Processed/Dropped) for all supported control packets (ICMP, BGP, OSPF, ARP, DNS, ICMP etc)

** WBX Platform Testing ** - L2/L3 Snake testing, port media-mode testing, Redundant Power Supply testing, L3 interfaces ping test, DDOS test on OOB mgmt interface

Summary : Actively engaged in the qualification process for the security features of the ALU Smallcell Project.

Worked on the below features,

** Support of Smallcell Factory Data Update ** -- Enabling operators to update factory provisioned data such as domain name, Security Gateway certificate, and authentication type for small cells directly from the Home Device Manager (HDM).

** Smallcell Dynamic Certificate Renewal ** -- Support of Automated and Manual certificate renewal feature support for different customers PKI architectures (like Three tunnel Multistrand 3G/4G, Single tunnel Multistrand 3G/4G).

** Certificate Management Server Migration ** -- Migration of 9981 CMS server to Insta NCM server

** ALU VPN Firewall Brick to SR7750 Migration** -- Migration of small cells Data/Control Path and Certificate management system(CMS) Control path from ALU VPN Firewall Brick to SR7750 Security Gateway.

** Next Gen Security Gateway** -- Conducting thorough validation of Qualifying the next generation Security Gateway (ACME Packet MSG Vs ALU SR7750), with a special emphasis on evaluating the IPsec (IKEv2) Control/Data plane as well as Radius functionalities within the SmallCell End-to-End (E2E) network.