MPLS Applications, what are the MPLS Applications?. MPLS Applications mean MPLS Services. So what can we do with MPLS basically.

Although the very first purpose of MPLS was fast switching, by the time services/applications with MPLS evolved and there are just so many reasons to use MPLS.

Below are some of the most common use case , or in other words, Applications with MPLS.

Important MPLS applications/services for the network designers are listed below.

CGN and so many IPv6 topics are covered in great detail in my IPv6 Zero to Hero Course.

But with CGN you are not enabling IPv6.

CGN is a way to solve the IPv4 depletion problem in a very problematic way. Companies are also using trade-market to purchase IPv4 public addresses. Average cost per IPv4 address is around 8-10$ currently. This might increase by the time. And it would be wise to expect to see much bigger DFZ space by the time because of de-aggregation.

 

With CGN, IPv4 private addresses are shared among many customers and those shared addresses are NATed at the CGN node twice.

 

CGN Advantages

• It is well known NAT , two times NAT operation , customer and SP side, no IPv6 learning curve
• CPE – Customer NAT doesn’t need to change
• CPE doesn’t need to support IPv6

CGN Disadvantages

VPN – Virtual Private Network is most common overlay mechanism in Networking. We have many of them, GRE, mGRE, IPSEC, DMVPN, GETVPN, LISP, FlexVPNs, MPLS VPNs and so on. But what are the important and fundamentals thing about VPNs?.In this post I will explain some of them.

OPEX and CAPEX are two important network design considerations. From the high level we should understand these two design requirements.

When it comes to Routing Security, BGP Origin and Path Validation should be understood very well.

It is the problem of all, not just large Service Providers. Enterprises, Service Providers, Mobile Operators, basically whoever are interacting with Global Routing.

IRR, RPKI, BGPSEC, Origin Validation and Path Validation are the fundamentals of BGP Routing Security. We have many other posts for the subject on the website but in this post I want to share with you new approach for BGP Path Validation. It is called as AS-Cones.

At the moment, it is still IETF draft but soon it is expected to be Standard RFC.

I discussed it with the inventor of the mechanisms, Melchior Aelmans along with many other routing security topic and decided to share with you!

In the below video, Orhan Ergun, Melchior Aelmans and Jeff Tantsura, discussing new approaches in BGP Security – Path Validation.

They explain ASPA – Autonomous System Provider Authorization , and another approach AS-Cone and they compare those two.

Not only BGP Security Path Validation, but they identify the current known problems of the Global Routing Table/DFZ, such as Hijacks, different types of hijacks, route leaks and they discuss some prevention techniques such as BigNetwork Filter, Peer Lock, IRR , RPKI , Origin Validation and many other things, during 2 hours, intense discussion.

If you are interested in routing , routing security, this is one of the must to watch video.

Flat/Single Level vs. Multi Level IS-IS Design Comparison. Flat routing means, without hierarchy, entire topology information of the network is known by each and every device in the network.

IS-IS has two levels. Thus, for IS-IS, Multi Level means Two Level IS-IS. Level 1 and Level 2.

When we have two levels, Level 1 routers don’t know the topology of Level 2 and vice versa. By hiding topology information of different level routers, scalability is achieved. Reason we achieve more scalable network is when there is a failure or new information added or metric changes in one Level, another level doesn’t run SPF algorithm.

But what are the design consideration when we have Flat or Multi Level IS-IS networks. Is Multi Level IS-IS design, which mean, Hierarchical IS-IS design always good? Answer is no. Although Multi Level provides Scalability, it comes with extra complexity and end to end routing convergence time increase.

So, I prepared below comparison charts to discuss different design aspects when it comes to IS-IS Single vs. Multi Level design.

If you like this comparison chart, you can see more of them in my CCIE Enterprise Training.

When it comes to fast convergence, first thing that we need to understand what is convergence?

Convergence is the time between failure and the recovery. Link, circuits, routers, switches all eventually fails. As a network designers, our job is to understand the topology and whenever there is qrequirement, add backup link or node. Of course, not every network, or not every place in the network requires redundancy though. But let’s assume, we want redundancy, thus we add backup link or node and we want to recover from the failure as quickly as possible, by hoping before Application timeout.

But what is the time for us to say , this network is converging fast. Unfortunately, there is no numerical value for it. So, you cannot say, 30 seconds , or 10 seconds , or 1 second is fast convergence. Your application convergence requirement might be much below 1 second.

Thus, I generally call ‘ Fast Convergence’ is the convergence time faster than default convergence value. Let’s say, OSPF on Broadcast media is converging in 50 seconds, so any attempt to make OSPF convergence faster than 50 seconds default convergence value is OSPF Fast Convergence on Broadcast media.

There are in general 4 steps for making the convergence faster, so 4 steps for Fast Convergence.

MTL – Multi Technology Lab consist of many technologies in a large topology. When network design is considered, there is no single protocol, many protocols interact with each other. In my CCIE Enterprise Infrastructure Training, I have many MTL (Multi Technology Lab), and students are able to watch the videos, and with the config files, they are able to perform each task in the Lab themselves.

From OSPF, EIGRP to BGP, QoS to Multicast, Layer 2 Technologies to Security, SD-WAN and many other technologies are all in the same lab. Traditionaly these kind of Labs were called as Mock Labs but better term is Multi Technology Lab. If you see on the social media next time one of this labs with OE logo, you know that it is MTL! Let me see your comment

You can check the schedule of next CCIE Enterprise Course by clicking here! 

OSPF is the most common network engineer interview topics without any doubt. Almost all network engineers faced with some OSPF questions in their interview. Thus I thought it is important to cover common questions and the answer with the blog post.

From OSPF LSAs to OSPF Areas, by having Multi Area Hierarchical OSPF for stability, OSPF security and OSPF Fast Convergence, I prepared many questions and explaining them in detail in the below video.

There are many questions in the video and if you liked the video, subscribe to Orhan Ergun YouTube Channel and share your thoughts in the comment section.

Note: OSPF Interview Questions in this video from basics to advanced level and studying this 65 minutes video will enhance your OSPF knowledge definitely!

In the networks, we don’t have only single protocol. There are always many protocols and their interaction/synchronization is important. Otherwise, blackholes, routing or switching loops can occur or at least suboptimal routing/forwarding can be a problem.

I explain this topic in Self Paced CCIE Enterprise Training in great detail.

In the networks, all protocols interact with each other. Whenever you add, replace or change the protocol, as a network designer you should consider the overall impact. Throughout the book many interactions will be shown and the best practices will be shown to find an optimal design.

First interaction is between layer 2 protocols and the gateway protocols. Spanning tree and the HSRP interaction is explained in the below example.

One important factor to take into account when tuning HRSP is its preemptive behavior.

Preemption causes the primary HSRP peer to re-assume the primary role when it comes back online after a failure or maintenance event.

Preemption is the desired behavior because the STP/RSTP root should be the same device as the HSRP primary for a given subnet or VLAN. If HSRP and STP/RSTP are not synchronized, the interconnection between the distribution switches can become a transit link, and traffic takes a multi- hop L2 path to its default gateway.

 

In the topology above, Spanning Tree root, First Hop Redundancy (HSRP, VRRP) functionality is on the same device. If there is a network services devices such as Firewall, active firewall context should be also

on the same device.

Imagine, left distribution switch (STP Root, FHRP Active) device fails in the above topology. Right distribution device become STP root and the FHRP active.

When the failed left distribution device comes back, since by default STP is preemptive, left distribution device become STP root again.

But if HSRP is used in the above topology as First Hop Redundancy Protocol, since HSRP preemption is not enabled by default, right distribution device stays as HSRP active. By the way, preemption, by default is enabled with VRRP!

 

When the Spanning tree root and the HSRP active functionality is on the different devices for the same Vlan, traffic has to pass through the Inter distribution link. Which mean, when the access switches send the packet, networktraffic goes through first, left distribution switch and then right distribution switch on the above topology, because the right distribution switch is the default gateway.

 

HSRP preemption needs to be aware of switch boot time and connectivity to the rest of the network. It is possible for HSRP neighbor relationships to form and preemption to occur before the primary switch has L3 connectivity to the core. If this happens, traffic can be dropped until full connectivity is established.

 

The recommended best practice is to measure the system boot time, and set the HSRP preempt delay statement to a greater than this value.

Vlan, VTP and Trunking are most fundamentals yet important topics in Layer 2 Networking.

I explain this topic from design, theory and hands-on perspective in my CCIE Enterprise Infrastructure Training. 

Before using Vlan, VTP or enabling Trunk in the network, below best practices should be kept in mind.

Of course best practices may not be applicable to every network, so whichever is suitable for your network, on your networking devices, and necessary, then consider them.

LISP – Locator and Identity Separation Protocol is the main piece of Cisco SD-Access Solution. LISP is a control plane of SD-Access and many network engineers want to understand, and they need to understand LISP in more detail. I discussed with the inventor of LISP, Dino Farinacci!

LISP is the Control Plane protocol of Cisco SDA which is Campus Network Design and Deployment solution. It helps for automating Campus network with the help of DNA-Controller and in the framework, there are 3 planes. Control Plane , Data Plane and Management Plane.

Control Plane is LISP, which comes with different architectural nodes such as MR/MS (Map Resolver/Map Server), ITR )(Ingress Tunnel Router), ETR (Egress Tunnel Router) and PXTR (Proxy Ingress and Egress Tunnel Router).

There are many discussions on Linkedin and Twitter on why EVPN was not chosen as Control Plane for SD- Access. Let’s skip this discussion for now but let’s understand that, SDA uses different terminologies and although they do the same functions, they are not exactly LISP terminologies.

For better understanding. let me share what are the corresponding terminologies of SDA

Control Node : MR/MS

Edge Nodes: ITR and ETR

Border Node : PXTR (Proxy ITR and ETR)

In the discussion with Dino Farinacci, we discussed many basics and some advanced topics with LISP and Jeff Tantsura was my co-host in the video.

Below are some of the discussion points:

1. What are most common use cases of LISP? Which one do you see in real deployments?

2. What does LISP Control Plane and LISP Data Plane means?

3. Can you talk about LISP role in Cisco’s SD-Access?

4. Is there vendor interoperability? Can I use LISP with Cisco and other vendors in the same network? Or is it just some software implementation?

5. Can LISP replace BGP? Many people talked about this use case in the past, what do you think about it?

https://www.youtube.com/watch?v=al3ykkkltbY&t=1558s

Most common IOT Routing Protocol RPL- Orhan Ergun and Pascal Thubert inventor of the protocol!

I discussed RPL – Routing over Low Power Lossy Networks, which is common IOT Routing Protocol with the inventor of the Protocol in detail.

If you are a network engineer, you shouldn’t only focus on traditional, general purpose routing protocols such as OSPF , IS-IS and BGP. I am usually calling them general purpose, because, you can use them on WAN, LAN and DC environment. In fact we started to see all of them in the Datacenter Networks. There is even guidance of using EBGP in Massively Scale Datacenter in RFC 7938.

But, if environment is constraint/limited to some attributes, then traditional routing protocols are not sufficient. For example, if you need to avoid battery powered links in the network, complex Traffic Engineering methods (RSVP-TE, SR-TE) need to be used together with traditional routing protocols.

RPL is one of those routing protocols which work very well on constrained environment.

If you are interested in routing protocols, BELOW video is must to watch!

Some of the discussion points in this video:

1. What is RPL, why we need it,?

2. DAG and DODAG formation?

3. RPL is a distance vector protocol., it considers the energy control as an attribute, Cisco’s EIGRP protocol is distance vector as well, why we don’t use EIGRP instead of RPL? Just because EIGRP is Cisco preparatory?

4. BGP is used for almost every service (L2, L3, Unicast , Multicast, VPNs. Security and so on) Could BGP is used in the environments where RPL is used?

5. What are the other protocols in the network we have to use to have RPL? (Is 6lowpan mandatory for RPL)?

6. What are the use cases for it in real world applications? Smart Grid , Connected vehicles ?

7. Which vendors have an implementation for it?

8. What are the competitor/alternative protocol for it?

9. Are there so many networks in the world using it?

10.Can it be used at any other place than IOT networks?

Service Provider Network design and deployment is one of the most mysterious parts of Networking. Usually we don’t see real life SP network design and deployment discussions.

Fast Convergence and Network Stability is required in the Service Provider Networks. Specifically it is more important in the Core/Backbone Networks, compared to other places such as Aggregation or Access Networks.

I discussed these topics with Mohamed Radwan, along with many other important considerations in the Service Provider Networks. At the end of the post, you will see the recording of our discussion. If you find this video useful, let me know in the comment section!

Below are some of the discussion topics during the session:

1. BFD and Layer 1 Failure Detection Mechanisms

2. Prefix Prioritization

3. IGP – BGP Sync

4.IGP – LDP Synch

5. LDP Session Protection

6. LSP Throttling Timers

7. Link, Node, SRLG Failure Cases and Convergence Steps

8. Next Hop Tracking and BGP Scanner

9. IBGP Minimum Route Advertisement Interval

10. EBGP Fast External Fallover

Internet Exchange Point Design and Deployment in Real Life, this is one of the most confidential topics in networking.

Although there are 500 IXP on Internet, people definitely needs guidance, or at least want to know what others are doing. I wanted to help people who are looking for real life design and deployment practices, thus recorded a video with one of the Internet Exchange Points, Grenada IX – GREX and sharing the video in this post.

In the below video I am discussing real life IXP – Internet Exchange Point design and deployment with the peering coordinator of Grenada IX- GREX, Brent Mc Intosh.

We discussed below topics;

1. What is Peering, what is the job of Peering Coordinator

2. Private, Public Peering, Bilateral , Multilateral Peering

3. Business Model of Grenada Internet Exchange Point – What is Commercial IXP, What is Non-Profit IXP?

4. Different Peering Policies

5. Participants , 4 ISP , Couple Largest CDNS, some Enterprise etc. in Grenada IX

6.. Who pays for the transit connectivity of CDN when they join to IXP 6. Infrastructure connectivities , both Layer 2 and Layer 3 Fabric

7. How Cache-fill is provided in Grenada IX – GREX

8. How Akamai joined to GREX

9. Which CDN – Content Provider is the hardest one to bring into IXP?

10. Some best practices for IXP design and deployment

Autonomous System Provider Authorization – ASPA is a new approach for the Path Validation in BGP Information Security.

Only Path Validation Standard in IETF is BGP SEC which is specified in RFC 8205.

In this post, I won’t explain BGPSEC, but basically it works based on encrypting the entire path and useful only if there is full adoption among the Autonomous Systems in Global Internet (Default Free Zone). Main problem though, since entire path is encrypted, resource requirements on the Routers quite significant with BGPSEC. There are two new approaches for Path Validation and both are in Draft state in IETF at the moment.

These are AS-Cones and ASPA which is the purpose of this post.

I discussed ASPA (Autonomous System Provider Authorization)  with the Author of the Draft, Alexander Azimov on how Internet can be made more secure with ASPA which is a new proposal.

Securing Internet is Hard Challenge,Preventing Route Leaks, Hijacks, Malicious Activities are not trivial.Current approaches such as BGPSEC or SoBGP doesn’t work. In this video, also, Origin Validation, Path Validation, SoBGP, BGPSEC, RPKI, ROA, RIR, LIR, Hijacks, Exact Prefix Hijacks, Sub Prefix Hijacks,Route Leaks and many other BGP Security features, techniques and protocols have been discussed.

It is over 2 hours but I think you will learn a lot about Inter-domain routing security. Sharing the video below!

Cisco Viptela SD-WAN Training. I recently added Self Paced Cisco Viptela SD-WAN training under Training on the website. You can purchase it and start studying the course right away.

This course covers all SD-WAN  concepts from basic to advance level.

Not only many hours theory and design, but there are more than 12 hours Lab/Configuration in this course to demonstrate, different features in SD-WAN.

Students of this course are placed in a study group, so when they have any problem, we support them in the group. This is key for learning and I follow the same methodology in all my trainings.

It covers at the moment, Cisco Viptela SD-WAN but when the new content is available for the other vendors SD-WAN solution, students will be able to access the new content for free as well.

Starting from installing certificates on the SD-WAN Controller (VBond, VSmart, VManage), all the way cloud integration, Direct Internet Access, Dynamic Path Selection, Application Based Traffic Engineering, QoS, Forward Error Correction, Deduplication, Zero Touch Provisioning and many other topics are covered from theory and design aspects and demonstrated in a Lab environment.

Last but not least, guest designers will discuss their real life SD-WAN design and deployment with Orhan Ergun and students will be able to access any newly added discussions, labs or materials in this course for free!

You can purchase this course as a part of CCIE Enterprise Infrastructure Training as well.

As usual, Orhan Ergun offers you the best course!

Cisco Viptela SD-WAN Course Outline:

Prerequisite Knowledge:

• Familiarity with Basics of the routing protocols
• Familiarity with LAN, WAN and Datacenter basic terminologies such as VLAN, STP, IP, Router, Switch, Firewall etc.

Please contact with sales@orhanergun.net for group discounts, corporate trainings and any other non-technical topics.

100+ hours CCIE Enterprise Infrastructure Training/Bootcamp. Can it happen? Yes, in fact my CCIE Enterprise Instructor Led course is over 100 hours, design , theory and lab content.

In the CCIE Enterprise training I go through not only traditional technologies such as OSPF, EIGRP , BGP , MPLS, Multicast, QoS, IPv6 etc. but also there are so many SD-WAN , SD-Access and Network Programmability and Automation content.

Probably you have seen some topologies on social media (I use LinkedIn mostly), those topologies consists of many tasks and we cover all of them in the training.

I have two versions of CCIE Enterprise Training.

     1.Self Paced CCIE Enterprise Infrastructure Training:

In this training, all the content of CCIE Instructor Led training is covered but as a recorded video format. Participant of Self Paced CCIE Enterprise Training gets not only videos but also Config files/Labs , workbooks, design comparison charts (don’t forget there is 3 hours design module in CCIE Enterprise exam), session materials and so on. Self Paced training students are placed in a study group together with the Instructor Led CCIE Enterprise training/bootcamp students.

    2. Instructor Led CCIE Enterprise Infrastructure Training:

In this training, I am talking live with the students. Webex or In-person based live training. Instructor Led CCIE Enterprise students get Self Paced version of the course for free. Also, all the advantages of the Self Paced training comes for free with it.

My CCIE Enterprise Bootcamp students get always additional discount when they want to join ay of my trainings. Even if training is already discounted. I call this ‘ Investment Protection‘

You can have questions, you should ask always questions, send them please to sales@orhanergun.net

Do your research very well, ask people on the Internet before you join any training, not only CCIE or CCDE but any training. Already 100s of people are in my CCIE Enterprise Study Group and you can just ask anyone on Internet about it!

Below are some of the topics in this training:

BGP Convergence and ASn allocation design in Large Scale Networks covered in this post and the video at the end of the post.

This content is explained in great detail in my BGP Zero to Hero course as well as CCIE Enterprise Training.

BGP is always known as slowly converged protocol. In fact this is wrong knowledge. If you just mention about BGP Control plane convergence, can be true but we always ignore BGP Data Plane Convergence which is commonly known as BGP PIC (Prefix Independent Convergence) 

In this post, I will explain the BGP Path Hunting process which slows down the convergence process. Path Hunting is not only BGP but in general distance vector protocols convergence problem.

Effect of Path Hunting gets very problematic in densely meshed topologies such as CLOS or Fat Tree.

Many Leaf and Spine switches might be in the network and when EBGP is used (As it is recommended in RFC 7938) Path Hunting should be avoided by allocation the Autonomous System number to the networking devices wisely.

Otherwise, for the prefix which is not anymore advertised to network due to failure for example, BGP speaking routers try any path which was previously learned.

I thought the best way to understand the problem space and solutions, sharing video with the Lab configuration would be best, thus I recommend you to watch below video and if you find it useful, share your comments in the comment section below.

In this video, I am explaining BGP Convergence in CLOS/Fat Tree topologies, demonstrating BGP Path Hunting problem, different BGP ASn (Autonomous System Number) allocation schemas for large scale networks with the configuration in a lab.

Also I am explaining the suggested Autonomous System allocation schema from RFC 7938 and share the different alternative ASn designs as well. If you are interested in BGP, Bellman-Ford Loop avoidance and convergence characteristics, or overall increasing routing knowledge, this video is for you!