{"id":"02bc5d07-b76a-41f6-af73-255738133ba0","shortId":"D7Y3XK","kind":"skill","title":"network-engineer","tagline":"Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization.","description":"## Use this skill when\n\n- Working on network engineer tasks or workflows\n- Needing guidance, best practices, or checklists for network engineer\n\n## Do not use this skill when\n\n- The task is unrelated to network engineer\n- You need a different domain or tool outside this scope\n\n## Instructions\n\n- Clarify goals, constraints, and required inputs.\n- Apply relevant best practices and validate outcomes.\n- Provide actionable steps and verification.\n- If detailed examples are required, open `resources/implementation-playbook.md`.\n\nYou are a network engineer specializing in modern cloud networking, security, and performance optimization.\n\n## Purpose\nExpert network engineer with comprehensive knowledge of cloud networking, modern protocols, security architectures, and performance optimization. Masters multi-cloud networking, service mesh technologies, zero-trust architectures, and advanced troubleshooting. Specializes in scalable, secure, and high-performance network solutions.\n\n## Capabilities\n\n### Cloud Networking Expertise\n- **AWS networking**: VPC, subnets, route tables, NAT gateways, Internet gateways, VPC peering, Transit Gateway\n- **Azure networking**: Virtual networks, subnets, NSGs, Azure Load Balancer, Application Gateway, VPN Gateway\n- **GCP networking**: VPC networks, Cloud Load Balancing, Cloud NAT, Cloud VPN, Cloud Interconnect\n- **Multi-cloud networking**: Cross-cloud connectivity, hybrid architectures, network peering\n- **Edge networking**: CDN integration, edge computing, 5G networking, IoT connectivity\n\n### Modern Load Balancing\n- **Cloud load balancers**: AWS ALB/NLB/CLB, Azure Load Balancer/Application Gateway, GCP Cloud Load Balancing\n- **Software load balancers**: Nginx, HAProxy, Envoy Proxy, Traefik, Istio Gateway\n- **Layer 4/7 load balancing**: TCP/UDP load balancing, HTTP/HTTPS application load balancing\n- **Global load balancing**: Multi-region traffic distribution, geo-routing, failover strategies\n- **API gateways**: Kong, Ambassador, AWS API Gateway, Azure API Management, Istio Gateway\n\n### DNS & Service Discovery\n- **DNS systems**: BIND, PowerDNS, cloud DNS services (Route 53, Azure DNS, Cloud DNS)\n- **Service discovery**: Consul, etcd, Kubernetes DNS, service mesh service discovery\n- **DNS security**: DNSSEC, DNS over HTTPS (DoH), DNS over TLS (DoT)\n- **Traffic management**: DNS-based routing, health checks, failover, geo-routing\n- **Advanced patterns**: Split-horizon DNS, DNS load balancing, anycast DNS\n\n### SSL/TLS & PKI\n- **Certificate management**: Let's Encrypt, commercial CAs, internal CA, certificate automation\n- **SSL/TLS optimization**: Protocol selection, cipher suites, performance tuning\n- **Certificate lifecycle**: Automated renewal, certificate monitoring, expiration alerts\n- **mTLS implementation**: Mutual TLS, certificate-based authentication, service mesh mTLS\n- **PKI architecture**: Root CA, intermediate CAs, certificate chains, trust stores\n\n### Network Security\n- **Zero-trust networking**: Identity-based access, network segmentation, continuous verification\n- **Firewall technologies**: Cloud security groups, network ACLs, web application firewalls\n- **Network policies**: Kubernetes network policies, service mesh security policies\n- **VPN solutions**: Site-to-site VPN, client VPN, SD-WAN, WireGuard, IPSec\n- **DDoS protection**: Cloud DDoS protection, rate limiting, traffic shaping\n\n### Service Mesh & Container Networking\n- **Service mesh**: Istio, Linkerd, Consul Connect, traffic management and security\n- **Container networking**: Docker networking, Kubernetes CNI, Calico, Cilium, Flannel\n- **Ingress controllers**: Nginx Ingress, Traefik, HAProxy Ingress, Istio Gateway\n- **Network observability**: Traffic analysis, flow logs, service mesh metrics\n- **East-west traffic**: Service-to-service communication, load balancing, circuit breaking\n\n### Performance & Optimization\n- **Network performance**: Bandwidth optimization, latency reduction, throughput analysis\n- **CDN strategies**: CloudFlare, AWS CloudFront, Azure CDN, caching strategies\n- **Content optimization**: Compression, caching headers, HTTP/2, HTTP/3 (QUIC)\n- **Network monitoring**: Real user monitoring (RUM), synthetic monitoring, network analytics\n- **Capacity planning**: Traffic forecasting, bandwidth planning, scaling strategies\n\n### Advanced Protocols & Technologies\n- **Modern protocols**: HTTP/2, HTTP/3 (QUIC), WebSockets, gRPC, GraphQL over HTTP\n- **Network virtualization**: VXLAN, NVGRE, network overlays, software-defined networking\n- **Container networking**: CNI plugins, network policies, service mesh integration\n- **Edge computing**: Edge networking, 5G integration, IoT connectivity patterns\n- **Emerging technologies**: eBPF networking, P4 programming, intent-based networking\n\n### Network Troubleshooting & Analysis\n- **Diagnostic tools**: tcpdump, Wireshark, ss, netstat, iperf3, mtr, nmap\n- **Cloud-specific tools**: VPC Flow Logs, Azure NSG Flow Logs, GCP VPC Flow Logs\n- **Application layer**: curl, wget, dig, nslookup, host, openssl s_client\n- **Performance analysis**: Network latency, throughput testing, packet loss analysis\n- **Traffic analysis**: Deep packet inspection, flow analysis, anomaly detection\n\n### Infrastructure Integration\n- **Infrastructure as Code**: Network automation with Terraform, CloudFormation, Ansible\n- **Network automation**: Python networking (Netmiko, NAPALM), Ansible network modules\n- **CI/CD integration**: Network testing, configuration validation, automated deployment\n- **Policy as Code**: Network policy automation, compliance checking, drift detection\n- **GitOps**: Network configuration management through Git workflows\n\n### Monitoring & Observability\n- **Network monitoring**: SNMP, network flow analysis, bandwidth monitoring\n- **APM integration**: Network metrics in application performance monitoring\n- **Log analysis**: Network log correlation, security event analysis\n- **Alerting**: Network performance alerts, security incident detection\n- **Visualization**: Network topology visualization, traffic flow diagrams\n\n### Compliance & Governance\n- **Regulatory compliance**: GDPR, HIPAA, PCI-DSS network requirements\n- **Network auditing**: Configuration compliance, security posture assessment\n- **Documentation**: Network architecture documentation, topology diagrams\n- **Change management**: Network change procedures, rollback strategies\n- **Risk assessment**: Network security risk analysis, threat modeling\n\n### Disaster Recovery & Business Continuity\n- **Network redundancy**: Multi-path networking, failover mechanisms\n- **Backup connectivity**: Secondary internet connections, backup VPN tunnels\n- **Recovery procedures**: Network disaster recovery, failover testing\n- **Business continuity**: Network availability requirements, SLA management\n- **Geographic distribution**: Multi-region networking, disaster recovery sites\n\n## Behavioral Traits\n- Tests connectivity systematically at each network layer (physical, data link, network, transport, application)\n- Verifies DNS resolution chain completely from client to authoritative servers\n- Validates SSL/TLS certificates and chain of trust with proper certificate validation\n- Analyzes traffic patterns and identifies bottlenecks using appropriate tools\n- Documents network topology clearly with visual diagrams and technical specifications\n- Implements security-first networking with zero-trust principles\n- Considers performance optimization and scalability in all network designs\n- Plans for redundancy and failover in critical network paths\n- Values automation and Infrastructure as Code for network management\n- Emphasizes monitoring and observability for proactive issue detection\n\n## Knowledge Base\n- Cloud networking services across AWS, Azure, and GCP\n- Modern networking protocols and technologies\n- Network security best practices and zero-trust architectures\n- Service mesh and container networking patterns\n- Load balancing and traffic management strategies\n- SSL/TLS and PKI best practices\n- Network troubleshooting methodologies and tools\n- Performance optimization and capacity planning\n\n## Response Approach\n1. **Analyze network requirements** for scalability, security, and performance\n2. **Design network architecture** with appropriate redundancy and security\n3. **Implement connectivity solutions** with proper configuration and testing\n4. **Configure security controls** with defense-in-depth principles\n5. **Set up monitoring and alerting** for network performance and security\n6. **Optimize performance** through proper tuning and capacity planning\n7. **Document network topology** with clear diagrams and specifications\n8. **Plan for disaster recovery** with redundant paths and failover procedures\n9. **Test thoroughly** from multiple vantage points and scenarios\n\n## Example Interactions\n- \"Design secure multi-cloud network architecture with zero-trust connectivity\"\n- \"Troubleshoot intermittent connectivity issues in Kubernetes service mesh\"\n- \"Optimize CDN configuration for global application performance\"\n- \"Configure SSL/TLS termination with automated certificate management\"\n- \"Design network security architecture for compliance with HIPAA requirements\"\n- \"Implement global load balancing with disaster recovery failover\"\n- \"Analyze network performance bottlenecks and implement optimization strategies\"\n- \"Set up comprehensive network monitoring with automated alerting and incident response\"\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["network","engineer","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-network-engineer","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/network-engineer","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34666 github stars · SKILL.md body (9,752 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T06:51:37.829Z","embedding":null,"createdAt":"2026-04-18T21:41:21.250Z","updatedAt":"2026-04-23T06:51:37.829Z","lastSeenAt":"2026-04-23T06:51:37.829Z","tsv":"'1':961 '2':970 '3':979 '4':988 '4/7':235 '5':998 '53':281 '5g':204,571 '6':1009 '7':1018 '8':1027 '9':1038 'access':389 'acl':400 'across':913 'action':75 'advanc':130,319,535 'alb/nlb/clb':215 'alert':358,712,715,1003,1115 'ambassador':261 'analysi':471,499,588,624,631,633,638,693,705,711,762 'analyt':526 'analyz':844,962,1100 'anomali':639 'ansibl':651,658 'anycast':328 'api':258,263,266 'apm':696 'appli':67 'applic':169,242,402,613,701,822,1074 'approach':960 'appropri':851,975 'architectur':13,113,128,195,371,746,931,973,1055,1086 'ask':1152 'assess':743,758 'audit':738 'authent':366 'authorit':831 'autom':342,353,647,653,667,674,892,1080,1114 'avail':795 'aw':146,214,262,503,914 'azur':160,166,216,265,282,505,605,915 'backup':777,782 'balanc':168,179,210,213,223,226,237,240,244,247,327,487,939,1095 'balancer/application':218 'bandwidth':494,531,694 'base':311,365,388,584,909 'behavior':808 'best':30,69,925,947 'bind':275 'bottleneck':849,1103 'boundari':1160 'break':489 'busi':767,792 'ca':340,373 'cach':507,512 'calico':456 'capabl':142 'capac':527,957,1016 'cas':338,375 'cdn':200,500,506,1070 'certif':332,341,351,355,364,376,835,842,1081 'certificate-bas':363 'chain':377,826,837 'chang':750,753 'check':314,676 'checklist':33 'ci/cd':661 'cilium':457 'cipher':347 'circuit':488 'clarif':1154 'clarifi':61 'clear':856,1023,1127 'client':420,622,829 'cloud':10,94,108,120,143,177,180,182,184,188,192,211,221,277,284,396,429,599,910,1053 'cloud-specif':598 'cloudflar':502 'cloudform':650 'cloudfront':504 'cni':455,560 'code':645,671,896 'commerci':337 'communic':485 'complet':827 'complianc':675,726,729,740,1088 'comprehens':105,1110 'compress':511 'comput':203,568 'configur':665,681,739,985,989,1071,1076 'connect':193,207,445,574,778,781,811,981,1060,1063 'consid':873 'constraint':63 'consul':288,444 'contain':438,450,558,935 'content':509 'continu':392,768,793 'control':460,991 'correl':708 'criteria':1163 'critic':888 'cross':191 'cross-cloud':190 'curl':615 'data':818 'ddos':427,430 'deep':634 'defens':994 'defense-in-depth':993 'defin':556 'deploy':668 'depth':996 'describ':1131 'design':881,971,1049,1083 'detail':80 'detect':640,678,718,907 'diagnost':589 'diagram':725,749,859,1024 'differ':53 'dig':617 'disast':765,788,805,1030,1097 'discoveri':272,287,295 'distribut':252,800 'dns':270,273,278,283,285,291,296,299,303,310,324,325,329,824 'dns-base':309 'dnssec':298 'docker':452 'document':744,747,853,1019 'doh':302 'domain':54 'dot':306 'drift':677 'dss':734 'east':478 'east-west':477 'ebpf':578 'edg':198,202,567,569 'emerg':576 'emphas':900 'encrypt':336 'engin':3,6,24,36,49,90,103 'environ':1143 'environment-specif':1142 'envoy':229 'etcd':289 'event':710 'exampl':81,1047 'expert':4,101,1148 'expertis':145 'expir':357 'failov':256,315,775,790,886,1036,1099 'firewal':394,403 'first':866 'flannel':458 'flow':472,603,607,611,637,692,724 'forecast':530 'gateway':153,155,159,170,172,219,233,259,264,269,467 'gcp':173,220,609,917 'gdpr':730 'geo':254,317 'geo-rout':253,316 'geograph':799 'git':684 'gitop':679 'global':245,1073,1093 'goal':62 'govern':727 'graphql':545 'group':398 'grpc':544 'guidanc':29 'haproxi':228,464 'header':513 'health':313 'high':138 'high-perform':137 'hipaa':731,1090 'horizon':323 'host':619 'http':547 'http/2':514,540 'http/3':515,541 'http/https':241 'https':301 'hybrid':194 'ident':387 'identifi':848 'identity-bas':386 'implement':360,863,980,1092,1105 'incid':717,1117 'infrastructur':641,643,894 'ingress':459,462,465 'input':66,1157 'inspect':636 'instruct':60 'integr':201,566,572,642,662,697 'intent':583 'intent-bas':582 'interact':1048 'interconnect':185 'intermedi':374 'intermitt':1062 'intern':339 'internet':154,780 'iot':206,573 'iperf3':595 'ipsec':426 'issu':906,1064 'istio':232,268,442,466 'knowledg':106,908 'kong':260 'kubernet':290,406,454,1066 'latenc':496,626 'layer':234,614,816 'let':334 'lifecycl':352 'limit':433,1119 'link':819 'linkerd':443 'load':167,178,209,212,217,222,225,236,239,243,246,326,486,938,1094 'log':473,604,608,612,704,707 'loss':630 'manag':267,308,333,447,682,751,798,899,942,1082 'master':117 'match':1128 'mechan':776 'mesh':123,293,368,410,437,441,475,565,933,1068 'methodolog':951 'metric':476,699 'miss':1165 'model':764 'modern':9,93,110,208,538,918 'modul':660 'monitor':356,518,521,524,686,689,695,703,901,1001,1112 'mtls':359,369 'mtr':596 'multi':119,187,249,772,802,1052 'multi-cloud':118,186,1051 'multi-path':771 'multi-region':248,801 'multipl':1042 'mutual':361 'napalm':657 'nat':152,181 'need':28,51 'netmiko':656 'netstat':594 'network':2,5,11,23,35,48,89,95,102,109,121,140,144,147,161,163,174,176,189,196,199,205,380,385,390,399,404,407,439,451,453,468,492,517,525,548,552,557,559,562,570,579,585,586,625,646,652,655,659,663,672,680,688,691,698,706,713,720,735,737,745,752,759,769,774,787,794,804,815,820,854,867,880,889,898,911,919,923,936,949,963,972,1005,1020,1054,1084,1101,1111 'network-engin':1 'nginx':227,461 'nmap':597 'nsg':606 'nsgs':165 'nslookup':618 'nvgre':551 'observ':469,687,903 'open':84 'openssl':620 'optim':16,99,116,344,491,495,510,875,955,1010,1069,1106 'outcom':73 'output':1137 'outsid':57 'overlay':553 'p4':580 'packet':629,635 'path':773,890,1034 'pattern':320,575,846,937 'pci':733 'pci-dss':732 'peer':157,197 'perform':15,98,115,139,349,490,493,623,702,714,874,954,969,1006,1011,1075,1102 'permiss':1158 'physic':817 'pki':331,370,946 'plan':528,532,882,958,1017,1028 'plugin':561 'point':1044 'polici':405,408,412,563,669,673 'postur':742 'powerdn':276 'practic':31,70,926,948 'principl':872,997 'proactiv':905 'procedur':754,786,1037 'program':581 'proper':841,984,1013 'protect':428,431 'protocol':111,345,536,539,920 'provid':74 'proxi':230 'purpos':100 'python':654 'quic':516,542 'rate':432 'real':519 'recoveri':766,785,789,806,1031,1098 'reduct':497 'redund':770,884,976,1033 'region':250,803 'regulatori':728 'relev':68 'renew':354 'requir':65,83,736,796,964,1091,1156 'resolut':825 'resources/implementation-playbook.md':85 'respons':959,1118 'review':1149 'risk':757,761 'rollback':755 'root':372 'rout':150,255,280,312,318 'rum':522 'safeti':1159 'scalabl':134,877,966 'scale':533 'scenario':1046 'scope':59,1130 'sd':423 'sd-wan':422 'secondari':779 'secur':12,96,112,135,297,381,397,411,449,709,716,741,760,865,924,967,978,990,1008,1050,1085 'security-first':864 'segment':391 'select':346 'server':832 'servic':122,271,279,286,292,294,367,409,436,440,474,482,484,564,912,932,1067 'service-to-servic':481 'set':999,1108 'shape':435 'site':416,418,807 'site-to-sit':415 'skill':19,41,1122 'skill-network-engineer' 'sla':797 'snmp':690 'softwar':224,555 'software-defin':554 'solut':141,414,982 'source-sickn33' 'special':7,91,132 'specif':600,862,1026,1144 'split':322 'split-horizon':321 'ss':593 'ssl/tls':330,343,834,944,1077 'step':76 'stop':1150 'store':379 'strategi':257,501,508,534,756,943,1107 'subnet':149,164 'substitut':1140 'success':1162 'suit':348 'synthet':523 'system':274 'systemat':812 'tabl':151 'task':25,44,1126 'tcp/udp':238 'tcpdump':591 'technic':861 'technolog':124,395,537,577,922 'termin':1078 'terraform':649 'test':628,664,791,810,987,1039,1146 'thorough':1040 'threat':763 'throughput':498,627 'tls':305,362 'tool':56,590,601,852,953 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'topolog':721,748,855,1021 'traefik':231,463 'traffic':251,307,434,446,470,480,529,632,723,845,941 'trait':809 'transit':158 'transport':821 'treat':1135 'troubleshoot':131,587,950,1061 'trust':127,378,384,839,871,930,1059 'tune':350,1014 'tunnel':784 'unrel':46 'use':17,39,850,1120 'user':520 'valid':72,666,833,843,1145 'valu':891 'vantag':1043 'verif':78,393 'verifi':823 'virtual':162,549 'visual':719,722,858 'vpc':148,156,175,602,610 'vpn':171,183,413,419,421,783 'vxlan':550 'wan':424 'web':401 'websocket':543 'west':479 'wget':616 'wireguard':425 'wireshark':592 'work':21 'workflow':27,685 'zero':126,383,870,929,1058 'zero-trust':125,382,869,928,1057","prices":[{"id":"0f88b634-881b-486e-9b24-ad2c53480ca3","listingId":"02bc5d07-b76a-41f6-af73-255738133ba0","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:41:21.250Z"}],"sources":[{"listingId":"02bc5d07-b76a-41f6-af73-255738133ba0","source":"github","sourceId":"sickn33/antigravity-awesome-skills/network-engineer","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/network-engineer","isPrimary":false,"firstSeenAt":"2026-04-18T21:41:21.250Z","lastSeenAt":"2026-04-23T06:51:37.829Z"}],"details":{"listingId":"02bc5d07-b76a-41f6-af73-255738133ba0","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"network-engineer","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34666,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-23T06:41:03Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"755ab1b9bee8cb8ee63babf9c902b9998d1f6f7d","skill_md_path":"skills/network-engineer/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/network-engineer"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"network-engineer","description":"Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/network-engineer"},"updatedAt":"2026-04-23T06:51:37.829Z"}}