Orhan Ergun

Author Archives: Orhan Ergun

Multicast PIM Dense Mode vs PIM Sparse Mode

Multicast PIM Dense mode vs PIM Sparse mode is one of the most important things for every Network Engineer who deploys IP Multicast on their networks. Because these two design option is completely different and the resulting impact can be very high. In this post, we will look at, which situation, which one should be used, and why.

Although we will not explain PIM Dense or PIM Sparse mode in detail in this post, very briefly we will look at them and then compare them for clarity. First of all, you should just know both PIM Dense and PIM Sparse are the PIM Deployment models.


pim dense vs pim sparse mode

PIM Dense Mode

PIM Dense mode work based on push and prune. Multicast traffic is sent everywhere in the network where you enable PIM Dense mode.

This is not necessarily bad.

In fact, as a network designer, we don’t think there is bad technology. They have use cases

If Multicast receivers are everywhere or most of the places in the network, then pushing the traffic everywhere is not a bad thing.

Because when you push, you don’t build a shared tree, you don’t need to deal with the RP – Rendezvous Point, because Multicast Continue reading

How Does Satellite Internet Work?

The orbiting satellite transmits and receives its information to a location on Earth called the Network Operations Center (NOC). NOC is connected to the Internet so all communications made from the customer location (satellite dish) to the orbiting satellite will flow through the NOC before they reached the Internet and the return traffic from the Internet to the user will follow the same path.


satellite internet


How does Satellite Internet work?

Data over satellite travels at the speed of light and Light speed is 186,300 miles per second. The orbiting satellite is 22,300 miles above earth (This is true for the GEO-based satellite)

The data must travel this distance 4 times:

1.  Computer to satellite

2.  Satellite to NOC/Internet

3.  NOC/Internet to satellite

4.  Satellite to computer

Satellite Adds latency

This adds a lot of time to the communication. This time is called “Latency or Delay” and it is almost 500 milliseconds. This may not be seen so much, but some applications like financial and real-time gaming don’t like latency.

Who wants to pull a trigger, and wait for half a second for the gun to go off?

But, latency is related to which orbit the Continue reading

BGP RTBH – Remotely Triggered Blackholing

BGP RTBH – Remotely triggered blackholing is used for DDOS prevention for a long time by many companies. DDOS – Distributed Denial of Service Attacks have an economic impact. According to an NBC News article, More than 40% of DDOS Attacks cost $1 million per day.

Remote Triggered Blackhole is a technique that is used to mitigate DDOS attacks dynamically.
Before RTBH, customers used to call the Operator when there is an attack, Operator NOC engineers used to connect to the attacked network, trace the source of the attack, place the filters accordingly and the attack goes away.
•Manual operation is open to configuration mistakes, cannot scale in large networks, and between the attack and the required action, services stay down

There are two types of RTBH

Destination based RTBH
Source-based RTBH
Let’s have a look at both of them in this blog post.

Destination-Based BGP RTBH – Remotely Triggered Blackholing

The first RTBH idea was Destination-based RTBH.With this technique, SP and the Customer agree on the discard community.
When there is an attack on the server, the victim (customer) sends the server prefix with the previously agreed community value.
When SP receives the update with that community, action Continue reading

BGP-LS BGP Link State – What is it? Why BGP LS is used?

BGP LS, BGP Link-State is used to distribute Link state information and traffic engineering attributes from the network nodes to the Centralized TE controller. RSVP-TE has been providing resource allocation and providing an LSP with the distributed path computation algorithm (CSPF) for decades. It requires topology information from the network and only link-state IGP protocols such as OSPF and IS-IS can carry the topology information required for the controller to set up a shortest from each node to each destination prefix. 

In order to overcome Bin Packing, Dead Lock, or Network-wide optimal traffic engineering, centralized controllers have been used for a long time. Because with the distributed computation for Traffic Engineering, the above issues might arise.
RFC 7752 specifies the details of North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP.
PCE (Path Computation Element) is an SDN controller which provides optimal path computation in Multi Area and Multi AS (Autonomous System) deployments.
It requires Link State and Traffic Engineering attributes such as Link coloring, SRLG, reserved bandwidth, etc., from the network.
Link state IGP protocols (OSPF, IS-IS) can be used for this purpose but they are considered chatty and non-scalable, thus BGP with Continue reading

CCIE Service Provider v5.0 What, Why, When?

In this post, we will look at what is CCIE Service Provider v5.0, what comes with it, which technologies we need to learn, what is the difference between CCIE SP v4 and CCIE SP v5, why you should study for CCIE Service Provider v5, when you should study for CCIE SP exam, after which certificate you should aim it for, we will look at all of these questions.

What is the Cisco CCIE Service Provider v5 Exam?

The CCIE Service Provider  v5 lab exam is testing skillsets related to the service Provider solutions integration, interoperation, configuration, and troubleshooting in complex networks. CCIE SP v5 is the latest version of the CCIE Service Provider lab exam. When the candidates pass this exam, they get their CCIE number.

This certification syllabus covers most, if not all real-life Service Provider network technologies.

What is the difference between CCIE SP v4 and CCIE SP v5?

From the technology standpoint, the biggest difference between CCIE SPv4.1 and the CCIE SP v5.0 exam is Network Programmability and Automation Module. It is 20% of the entire exam, thus very important in the CCIE Service Provider exam. You can access Orhan Ergun’s CCIE SP Network Continue reading

Orhan Ergun CCIE Enterprise Infrastructure Course Review 1

I see some people have been asking what other people are thinking about Orhan Ergun’s CCIE Enterprise course, thus starting today to share what other people share about us on their blog posts as well. Not just on social media, but with these blog posts, because they are able to share more thoughts about us, I think it is very valuable feedback for everyone.

I would like to start with the website ‘ samovergre.com ‘.

He is our CCIE Enterprise student and you can find his CCIE study plan on this page. He is sharing feedback about our CCIE Enterprise training and other study materials he uses for his CCIE Enterprise study.

Why Orhan Ergun CCIE Enterprise Infrastructure Course?

One thing that was very important there was that He understand the uniqueness of our CCIE Enterprise Training. It is the design part.

Everyone can teach you how to configure routers or routing protocols, but a design mindset is a completely unique thing and for years, if you are a Network Engineer, probably you have heard about our CCDE training and its success too.

Now, we continue delivering our design knowledge and experience to our CCIE students as well and Continue reading

Why Core or Backbone is used in Networking?

Why Core or Backbone is used in Networking?. Before we start explaining this question, let’s note that these two terms are used interchangeably. Usually, Service Providers use Backbone, and Enterprise Networks use Core terminology but they are the same thing.

Why Network Core is Necessary?

The Key Characteristics of the Core, the Backbone part of the networks are:

  • High-Speed Connectivity. Today it is 100s of Gigabit networks and is usually used as a bundle to increase the capacity.
  • Bringing Internet Gateway, Access, Aggregation, and Datacenter networks together. It connects many different parts of the network, and glues together.
  • Redundancy and High Availability are so important. Redundant physical circuits and devices are very common.
  • Failure impact is so high in this module, compared to other modules
  • Full Mesh or Partial Mesh deployment is seen mostly as these type of topologies provides the most amount of redundancy and the direct path between the different locations.
  • Commonly known in the Operator community as Backbone or ‘P Layer

Redundancy in this module is very important.

Most of the Core Network deployments in ISP networks are based on Full Mesh or Partial Mesh.

The reason for having full mesh physical connectivity in the Core network Continue reading

Multicast BIER – Bit Indexed Explicit Replication

Multicast BIER – RFC8279

Bit Index Explicit Replication – BIER is an architecture that provides optimal multicast forwarding through a “BIER domain” without requiring intermediate routers to maintain any multicast-related per-flow state. BIER also does not require any explicit tree-building protocol for its operation.

So, it removes the need for PIM, MLDP, P2MP LSPs RSVP, etc.

A multicast data packet enters a BIER domain at a “Bit-Forwarding Ingress Router” (BFIR), and leaves the BIER domain at one or more “Bit-Forwarding Egress Routers” (BFERs).

The BFIR router adds a BIER header to the packet.

The BIER header contains a bit-string in which each bit represents exactly one BFER to forward the packet to.

The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header.

Multicast BIER Advantages

The obvious advantage of BIER is that there is no per-flow multicast state in the core of the network and there is no tree building protocol that sets up trees on-demand based on users joining a multicast flow.

In that sense, BIER is potentially applicable to many services where Multicast is used.

Many Service Providers currently investigating Continue reading

What is NFV – Network Function Virtualization

Network Functions Virtualization (NFV) was founded by the European Telecommunication Standard Institute (ETSI) with Industry Specification Group (ISG) which contains seven of the world’s leading telecom network operators.

A challenge of large-scale telecom networks is increasing the variety of proprietary hardware and launching new services that may demand the installation of new hardware. This challenge requires additional floor space, power, cooling, and more maintenance. With evolving virtualization technologies in this decade, NFV focuses on addressing the telecom problems by implementing network functions into software that can run on server hardware or hypervisors.

Furthermore, by using NFV, installing new equipment is eliminated and it will be related to the health of underlay servers and the result is lower CAPEX and OPEX.

There are many benefits when operators use NFV in today’s networks. One of them is Reducing time-to-market to deploy new services to support changing business requirements and market opportunities for new services.

Decoupling physical network equipment from the functions that run on them will help telecom companies to consolidate network equipment types onto servers, storage, and switches that are in data centers. In NFV architecture, the responsibility for handling specific network functions (e.g. IPSEC/SSL VPN) that run in one Continue reading

Bilateral Peering and Multilateral Peering

Bilateral Peering is when two networks negotiate with each other and establish a direct BGP peering session. In one of the previous posts, Settlement Free Peering was explained, in this post, both Bilateral and Multilateral Peering will be explained and both are deployment modes of Settlement Free Peering. 

This is generally done when there is a large amount of traffic between two networks. Tier 1 Operators just do Bilateral Peering as they don’t want to peer with anyone, other than other Tier 1 Operators. The rest of the companies are their potential customers, not their peers.

Multilateral Peering

As mentioned above, Bilateral Peering offers the most control, but some networks with very open peering policies may wish to simplify the process, and simply “connect with everyone”. To help facilitate this, many Exchange Points offer “multilateral peering exchanges”, or an “MLPE”.

  • An MLPE is typically an exchange point that offers a “route-server”, allowing a member to establish a single BGP session and receive routes from every other member connected to the MLPE.
  • Effectively, connecting to the MLPE is the same as agreeing to automatically peer with everyone else connected to the MLPE, without requiring the configuration of a BGP session Continue reading

What is CDN – Content Delivery Networks?

Content Delivery Network companies replicate content caches close to a large user population. They don’t provide Internet access or transit service to the customers or ISPs but distribute the content of the content providers. Today, many Internet Service Providers started their own CDN businesses as well. An example is Level 3. Level 3 provides its CDN services from its POP locations which are spread all over the World.

Content distribution networks reduce latency and increase service resilience (Content is replicated to more than one location). More popular contents are cached locally and the least popular ones can be served from the origin

Why CDN – Content Delivery Networks are necessary?

Before CDNs, the contents were served from the source locations which increased latency, thus reducing throughput. Contents were delivered from the central site. User requests were reaching the central site where the source was located.


CDN - Content Delivery Networks


Figure 1 – Before CDN

With CDN Technology, the Contents are distributed to the local sites.



CDN - Content Delivery Networks


Figure 2 – After CDN


Amazon, Akamai, Limelight, Fastly, and Cloudflare are the largest CDN providers which provide services to different content providers all over the world. Also, some major content providers such Continue reading

What are New in Cisco CCDE v3 Exam?

Currently, in 2022, the CCDE exam version is version 3. There are many new changes in CCDE v3 compared to CCDE v2 and in this blog post, some are the new changes will be explained, also for the things that stay the same will be highlighted as well. Also, I will share my takes in the post about these changes.

Before starting the technical changes, let’s start with the exam result announcement change.

CCDE v2 exam has been announced in 8-12 weeks. This was effectively allowing CCDE exam candidates to schedule the exam two times maximum in a year.

Students wouldn’t schedule the exam if they fail because the announcement date and new exam date were usually overlapping.

This changed anymore.

With CCDE v3, exam results are announced in 48 hours. It is almost like CCIE exams.

The CCDEv3 Practical Exam will be in the Cisco CCIE Lab locations anymore

CCDE v2 Lab/Practical exam was done in Professional Pearson Vue Centers. There were 300 of them and done in many different countries.

Unfortunately, this change may not be good for many exam takers as Cisco CCIE Lab locations are not available in many countries and are not as common as Continue reading

BGP Allowas-in feature Explained in 2022

BGP Allowas-in feature needs to be understood well in order to understand the BGP loop prevention behavior, But also, why the BGP Allowas-in configuration might create a dangerous situation, and what are the alternatives of BGP Allowas-in will be explained in this post.

What is the BGP Allowas-in feature?

BGP Allow-as-in feature is used to allow the BGP speaker to accept the BGP updates even if its own BGP AS number is in the AS-Path attribute.

By default EBGP loop prevention is, if any BGP speaker sees its own AS Number in the BGP update, then the update is rejected, thus the advertisement cannot be accepted. But there might be situations to accept the prefixes, thus there are two options to overcome this behavior.

Either accepting the BGP update even if the AS number is in the AS-Path list, with the BGP Allow AS feature or changing the behavior with the BGP AS Override feature.

Without BGP Allowas, let’s see what would happen.

BGP AS Override

In this topology, Customer BGP AS is AS 100. The customer has two locations.

Service Provider, in the middle, let’s say providing MPLS VPN service for the customer.

As you can understand from the topology, Service Provider Continue reading

BGP AS Override Feature Explained in 2022

BGP AS Override needs to be understood well in order to understand the BGP loop prevention behavior, But why BGP AS Override might create a dangerous situation, and what are the alternatives of BGP AS Override will be explained in this post.

What is BGP AS Override

BGP AS Override feature is used to change the AS number or numbers in the AS Path attribute. Without BGP AS-Override, let’s see what would happen.

BGP AS Override

In this topology, Customer BGP AS is AS 100. The customer has two locations.

Service Provider, in the middle, let’s say providing MPLS VPN service for the customer.

As you can understand from the topology, Service Provider is running EBGP with the Customer, because they have different BGP Autonomous Systems.

The service provider in the above topology has BGP AS 200.

Left customer router, when it advertises BGP update message to the R2, R2 sends to R3 and when R3 sends to R4, R4 wouldn’t accept the BGP update,

When R4 receives that update, it will check the AS-Path attribute and would see its own BGP AS number in the AS Path.

Thus is by default rejected, due to EBGP loop prevention.

If the router sees its Continue reading

BGP Route Reflector vs Confederation

BGP Route Reflector – RR vs Confederation is one of the first things Network Engineers would like to understand when they learn both of these Internal BGP scalability mechanisms. For those who don’t know the basics of these mechanisms, please read BGP Route Reflector in Plain English and BGP Confederation Blog posts from the website first.

BGP Route Reflector vs BGP Confederation

There are many differences when we compare Confederation vs Route Reflector and in this post, some of the items in the comparison chart will be explained.


bgp route reflector vs confederation

BGP Route Reflector vs Confederation Scalability

Both of these techniques are used in Internal BGP for scalability purposes. But BGP RR changes the Full Mesh IBGP topologies to the Hub and Spoke. BGP confederation divides the Autonomous System into the sub-ASes but inside every Sub-AS, IBGP rules are applied.

Inside BGP Sub Autonomous System, full Mesh IBGP or Route Reflector is used. So, we consider BGP RR compare to Confederation to be more scalable because inside Sub-AS still full-mesh IBGP might be used.

If RR inside Sub-AS is deployed, then configuration complexity would increase.

BGP Route Reflector vs Confederation Loop Prevention

BGP Route Reflector in order to prevent the routing loop Continue reading

BGP vs EIGRP 10 Important differences between them!

In this post, we will compare BGP and EIGRP. We will look at some of the important aspects when we compare BGP vs EIGRP. Although EIGRP is used as an IGP and BGP is used mainly as an External routing protocol, we will compare from many different design aspects. Also, BGP can be used as an Internal IGP protocol as well and we will take that into consideration as well.

bgp vs eigrp


We prepared the above comparison chart for BGP vs EIGRP comparison. We will look at some of those important Comparison criteria from a design point of view.

BGP vs EIGRP Scalability

One of the biggest reasons we choose BGP, not EIGRP is Scalability. BGP is used as a Global Internet routing protocol and as of 2022, the Global routing table size for IPv4 unicast prefixes is around 900 000. So almost a million prefixes we carry over BGP on the Internet.

So, proven scalability for BGP we can say. EIGRP usually can carry only a couple of thousands of prefixes, this is one of the reasons, EIGRPrp is used as an Internal dynamic routing protocol, not over the Internet.

BGP vs EIGRP in Full Mesh, Ring and Hub and Continue reading


DMVPN – Dynamic Multipoint VPN and MPLS VPN are two of the most popular VPN mechanisms. In this post, we will look at DMVPN vs MPLS VPN comparison, from many different aspects. At the end of this post, you will be more comfortable positioning these private VPN mechanisms.


When we compare the two protocols, we look at many different aspects. For this comparison, I think very first we should say that DMVPN is a Cisco preparatory tunnel-based VPN mechanism but MPLS VPN is standard-based, RFC 2547, non-tunnel based VPN mechanism. Although, whether MPLS LSP is a tunnel or not is an open discussion in the networking community, we won’t start that discussion here again.

DMVPN and MPLS VPN over the Internet

Another important consideration for MPLS VPN vs DMVPN is, that DMVPN can be set up over the Internet but MPLS VPN works over private networks, Layer 2 or Layer 3 based private networks. DMVPN tunnels can come up over the Internet and inside the tunnels routing protocols can run to advertise the Local Area Networks subnets.

But MPLS requires Private network underlay.


Figure – DMVPN Networks can run over Internet or Private Networks 


Continue reading

IS-IS Routing Ptrotocol

IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS.

Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks.

IS-IS Routing Protocol in Networking

IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol.

IS-IS TLV Codes – Specified in RFC 1195

IS-IS TLV format


You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs.

1. IPv6 Address Family support (RFC 2308)
2. Multi-Topology support (RFC 5120)
3. MPLS Traffic Engineering (RFC 3316)
IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF.
is-is dataplane

IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID.

IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS.

IS-IS doesn’t require an IP address for the neighborship.

Continue reading

Introduction to MPLS – Fundamentals of MPLS

MPLS Multiprotocol Label Switching is one of the most popular and commonly used technologies in today’s Service Provider and Enterprise networks. In this post, we will explain the most fundamental topics about MPLS. After reading this post, you will learn a lot about MPLS, why we should use MPLS to MPLS packet formats, USA cases of MPLS to MPLS advantages and MPLS disadvantages, some recommendations about MPLS books, MPLS training, some basics MPLS questions, and many other things will be covered. Sit tight and let’s enjoy!.

What is MPLS in Networking?

Multiprotocol Label Switching – MPLS, is a networking technology that switch the network traffic using the shortest path based on “labels,” rather than IP destination addresses, to handle forwarding over a private Wide Area Network.

MPLS is a scalable and protocol-independent solution, that can carry Layer 3 IP and Non-IP and Layer 2 traffic, PPP, HDLC, Frame-Relay, Ethernet, all are possible.

MPLS provides transport and can be considered one of the tunneling mechanisms.

MPLS transport protocols as of 2022, are LDP, RSVP, Segment Routing and BGP LU.

An MPLS network is Layer 2.5, meaning it falls between Layer 2 (Data Link) and Layer 3 (Network) of the OSI Continue reading

Multicast PIM SSM – Source Specific Multicast

Multicast PIM SSM – Source Specific Multicast from a design point of view will be explained in this post. The Shortest Path Tree concept, Advantages, and disadvantages of Multicast PIM SSM will be covered as well.

What is Source Specific Multicast – PIM SSM?

PIM is a Multicast Routing Protocol. There are two categories of PIM protocol. PIM Dense mode and PIM Sparse Mode.

PIM Sparse Mode has 3 different modes of deployment. PIM SSM – Source Specific Multicast, PIM ASM – Any Source Multicast, and PIM Bidir – Bidirectional Multicast.

In this post, we will only cover PIM SSM but for the other PIM Sparse mode and PIM Dense mode design and deployment posts, place check Multicast category.

PIM SSM is called Source-Specific because Multicast receivers not only specify the Multicast Group that they are interested in but also they can signal to the network which course they are interested in or they are not interested in.

PIM SSM in the Routing Table

In the routers, we have multicast routing tables. SSM Multicast routing entries in the routers are seen as S, G.

S stands for multicast Source and G is used for multicast Group.

Source information has to Continue reading

1 2 3 24