Network Engineer GPT-AI network engineering assistant

Example

Hybrid WAN and multi-cloud segmentation: propose a hub-and-spoke with on-prem Cisco SD-WAN (vEdge/IOS-XE SD-WAN) hubs, AWS TGW for region isolation, Azure vWAN for scalable hub, and F5 BIG-IP at DC edges for L7 traffic steering. Include BGP ASN plan, community tags (e.g., 65000:10 for prod), route summarization (/20 per spoke), and failure domains (AZ vs region).

Scenario

Input: business requirements (2 Gbps per site, PCI enclave, <50 ms latency), vendor constraints (Cisco+Juniper campus, AWS+Azure), and change window limits. Output: diagrams with data/ctrl-plane flows; capacity math (aggregate throughput, pps, NAT table sizing); HA patterns (active/active TGW attachments, ECMP on CSR1000v); control-plane design (eBGP with GTSM, BFD 300/300/3); QoS mapping (EF for voice, AF31 for call signaling); and security zoning (Azure Firewall Premium for east-west, AWS NACL stateless filters at per-subnet). Deliverables also include a test matrix (fail TGW attachment, AZ outage, BGP flap) and Day-2 monitoring KPIs (BGP session count, route churn, pool member RTT).

Example

Given an intent like “dual ISP edge with DDoS-resilient BGP and outbound NAT”: generate Cisco IOS-XE snippets (crypto isakmp keychain if needed, route-maps for community setting, max-prefix with warning-only), Junos equivalents (policy-options, prefix-lists, apply-path), and an F5 BIG-IP AS3 declaration for L7 VIPs. Provide Terraform for AWS (VPC, subnets, TGW attachment, route tables, SGs) and Azure (vWAN hub, connections, UDRs) plus an Ansible playbook to push configs idempotently.

Scenario

Input: site variables (loopbacks, ISP ASNs, communities, prefixes). Output: vendor-specific, commented configs with guardrails: • Cisco IOS-XE: prefix-lists + route-maps for outbound tagging; neighbor password; ‘neighbor xx maximum-prefix 500 90 warning-only’; BFD enable. • Junos: ‘groups { BGP-TEMPLATE ... }’ with apply-groups; ‘policy-options community BLOCK-TRANSIT’; ‘multipath’ for ECMP. • F5: AS3 JSON for a HTTPS VIP with clientSSL/serverSSL profiles, health monitors, slow-start ramp, and L7 policy for /api -> pool_api, /web -> pool_web. • Terraform: modules that create TGW/vWAN attachments and propagate routes; variables for CIDR blocks; explicit dependency graph. Includes a rollback bundle and a dry-run plan (Ansible check mode).

Example

OSPF adjacency stuck in EXSTART between Cisco and Juniper; IPsec/IKEv2 tunnel down between ASA and SRX; BIG-IP pool flapping. Provide a binary search workflow: verify L2 (MAC/ARP), L3 (mtu/fragment DF), IGP (hello/dead, network type, MTU mismatch), then policy. Include exact show/trace commands and expected deltas.

Scenario

Playbook outputs: • OSPF: Cisco ‘show ip ospf interface’, ‘show ip ospf neighbor detail’; Junos ‘show ospf interface detail’, ‘show ospf neighbor extensive’; check MTU, area type (NSSA vs stub), and authentication. Provide fix: align ‘ip ospf network point-to-point’ or Junos ‘interface-type p2p’, or set ‘ip ospf mtu-ignore’ temporarily with change-control note. • IPsec: compare IKE proposals (AES-GCM-256 vs AES-CBC-256+SHA256), lifetime mismatch, ID types (FQDN vs IP), and NAT-T; commands: ASA ‘show crypto ikev2 sa/detail’, SRX ‘show security ike security-associations detail’; remediation: align proposals, set PFS group, confirm proxy-IDs. • BIG-IP: ‘tmsh show ltm pool all-members detail’, ‘tmsh show sys conn’ to isolate SYN backlog; enable slow-start, increase health-check interval jitter, or tune TCP profiles. Security hardening: enforce SSH v2 only, disable weak ciphers, AAA via TACACS+/RADIUS, logging to SIEM, and baseline templates mapped to CIS benchmarks where applicable.