Orhan Ergun

Author Archives: Orhan Ergun

EIGRP Stub

EIGRP Stub – It is actually one of the EIGRP Scalability features but also it helps many other things in EIGRP. Also, in this post, we will share a topology that will be used to explain some design caveats with EIGRP design.

Before we explain the EIGRP Stub, let me explain some EIGRP convergence behaviors.

If you are looking for much more detail on EIGRP Design and Practical Labs, have a look at our EIGRP Training.

 

EIGRP Stub Orhan Ergun

 

When the EIGRP node loses the Connection to the prefixes. If there is no feasible successor installed in the EIGRP topology database.

The router is marked as active and the EIGRP query is sent to every neighbor.

In the above topology, Router D doesn’t know the 192.168.0.0/24 network. Router C sends a summary 192.168.0.0/16. That’s why it replies without asking Router E.

Router B has an alternate path, thus, Router B replies immediately.

Router J doesn’t have any EIGRP neighbors. It replies to the Query immediately.

Router G doesn’t know the 192.168.0.0/24 network. Router F filters the 192.168.0.0/24.

That’s why Router G replies without asking Router H.

So, as you can see, Continue reading

ABR vs ASBR in OSPF

ABR vs ASBR in OSPF. If you are new to Network Engineering and you are learning Dynamic Routing Protocol from scratch, you want to understand the differences between ABR vs ASBR and if there are similarities you would like to learn those too. In this post, we will learn both similarities and differences.

Let’s first understand both of these terms. ABR is purely an OSPF terminology, but ASBR is not. In fact, the detailed post about ASBR and the usage of ASBR in Different Places of Networking is explained in our What is ASBR Blog post.

ABR – Area Border Router is a device which is connecting two different OSPF Areas. One of those OSPF areas has to be Area 0, which is also known as Backbone Area.

OSPF ASBR

 

In the above topology, R3 is an ABR, connecting Area 0 and Area 1, R4 is an ABR as well, connecting Area 0 and Area 2.

R1 is referred to as Internal Backbone Roter as it doesn’t have any other connection than Area 0, Backbone Area.

In this topology, there is also an ASBR – Autonomous System Boundary Router. It is called ASBR because on that router external prefixes are injected Continue reading

What is MPLS used for?

What is MPLS used for?. A very common question among IT Engineers. What are the common use cases of MPLS – Multi-Protocol Label Switching? 

When it is first invented, 20+ years ago, it was considered one of the most scalable ways of doing VPNs. Faster packet processing could be achieved compared to IP destination-based routing because the IP address was 32 bits long but the Labels are just 20 bits long.

But, quickly after the first invention purpose, MPLS VPNs became the most dominant reason for Networks to deploy MPLS – Multiprotocol Label Switching technology.

It supported Ethernet over MPLS – EoMPLS, which is known as Point to Point Layer 2 MPLS VPN, and then soon after VPLS, which is Virtual Private Lan Service, vendors started to support.

VPLS is any to any, or also known as many to many technologies. It means you can connect. your multiple sites in Layer 2 and extend IP subnet by using VPLS technology. It works based on a full mesh of Pseudowires.

After Pseuodowire based Layer 2 VPNs, MPLS actual boom happened with MPLS Layer 3 VPNs.

With MPLS Layer 3 VPN, which is also known as Peer-to-Peer VPN, MPLS CE, Continue reading

What is ASBR?

What is ASBR? Autonomous System Boundary Router. This seems easy, it is just used in OSPF, isn’t it?. In fact, that is wrong. You will learn in this post something, that is hopefully you will learn the first time. Let’s have a look at it.

ASBR is a node, that is connecting two or more networks. It can be a router or switch and it can be positioned at the Internet Edge. The router at the Internet Edge is referred to as IGW (Internet Gateway) Router and it can be an IGW Router.

It can be located between two different networks to provide MPLS service for example. Between two networks, service is referred to as Inter-AS MPLS VPNs and in RFC 2547, Section 10, 3 different Inter-AS MPLS VPN Options are explained. In all of them, the routers that are connecting two different Autonomous System is referred to as ASBR as well.

On those routers, usually, BGP runs in Inter-AS MPLS VPN service. OSPF is not mandatory.

Thus, saying it is used in OSPF would be a false claim. It can be used for many different services in the networks and ASBR can run any routing protocol, not just Continue reading

What Layer is MPLS?

What Layer is MPLS?. This basic question needs to be clarified for the Network Engineers.

MPLS – Multi-Protocol Label Switching first was invented for fast packet processing. As MPLS Label is 20 bits, and IP address is 32 bits, processing MPLS Label was considered faster back in old times.

Today, as of 2022 MPLS is used for many different purposes, one of the most common reasons to have MPLS in the Networks is VPN.

MPLS VPNs, MPLS Layer 2 VPN, and MPLS Layer 3 VPN are two of the most common VPN mechanisms in large Enterprise and Service Provider Networks.

The label is used for two reasons in MPLS VPNs.

A tunnel label or transport label is used for the reachability between the edge devices, PE devices in MPLS networks.

And another label, which is the VPN label is used to differentiate the customers in MPLS VPN.

Both of these labels are placed between MAC Header and IP Header in IP Packets.

Thus, as you can see from the below picture as well, MPLS is commonly referred to as Layer 2.5.

 

MPLS Layer 2.5

Figure – MPLS is Layer 2.5

 

As you can see, from the above Continue reading

Gratuitous ARP – GARP

GARP (Gratuitous ARP): Is an ARP message sent without request. Mainly used to notify other hosts in the network of a MAC address assignment change. When a host receives a GARP it either adds a new entry to the cache table or modifies an existing one. I will expand more about GARP in the next section, as it’s the one that concerns us most from a security point of view.

Gratuitous ARP

GARP messages

GARP Request: A regular ARP request that contains the source IP address as sender and target address, source MAC address as sender, and broadcast MAC address (ff:ff:ff:ff:ff:ff) as a target. There will be no reply to this request

GARP Reply: The source/destination IP addresses AND MAC addresses are set to the sender addresses. This message is sent to no request.

GARP Probe: When an interface goes up with a configured IP address, it sends a probe to make sure no other host is using the same IP; hence, preventing IP conflicts. A probe has the sender IP set to zeros (0.0.0.0), the target IP is the IP being probed, the sender MAC is the source MAC, and the target MAC address Continue reading

Network Engineer Salary

Network Engineer Salary, Average Network Engineer Salary, and Senior Network Engineer Salary

Many people have been searching these words on OrhanErgun.Net for some time.

Many people also have been asking me, how much they can earn monthly if they start their Network Engineering career or if they change the country, as an experienced Senior Network Engineer how much they can get.

Check these courses on  CCNP Course and   CCIE course content for becoming a better Network Engineer and definitely getting a higher salary as well. 

I think the answer depends on many criterias. Since this post will be read by people all around the world, it is important to share some insights on the topic.

Before talking about dependencies, you should know some facts about the CCNA, CCNP, and CCIE certification. These are some of the most popular certifications which help you to get or change jobs. Of course, as of 2022, Cloud Computing and Network Automation jobs are getting very popular and there are some certifications for those technologies as well.

But I will use Cisco examples in this post.

Unlike CCDE, Cisco CCNP and Cisco CCIE Certification is known by the recruiters very Continue reading

is CCIE still worth it in 2022? CCIE vs Network Automation or something else?

Is CCIE still worth it in 2022?

I have been seeing this discussion on social media, especially Linkedin and Twitter for some time. In this post, I will be sharing my opinions on it and hope it can help the decision of some Network Engineers who follow our blog.

As of 2022, you may realize that many Evolving Technologies getting a lot of attention and I think, most of them deserve the attention.

These are SD-WAN, SDA, Cloud Computing, Network Automation and Programmability, SDN, IOT we can say. Of course, there are many other technologies if you are dealing with Security, Wireless, Service Provider, Datacenter or many other domains of IT.

But, as a certification, if we remember the subject of this post: Is CCIE still worth it in 2022?.

CCIE is not just a technology but as a certificate, deals with many technologies and products.

 

orhan ccie

 

And, there are many different CCIE Tracks. CCIE Enterprise is the most popular one and I will give my examples by using CCIE Enterprise Infrastructure Exam as it is the by far most popular and most well-known by the Network Engineering community.

CCIE Enterprise Infrastructure exam doesn’t only cover Continue reading

Which CCIE is most demanded in 2022?

Which CCIE is most demanded in 2022?. Most of us, almost every Network Engineer in our IT career probably asked this question. It is important because demanded certification provides job security and having it means finding a job or changing the company easily.

Cisco CCIE has many different tracks as of 2022. After CCIE certification, the next step is CCDE. Before we continue most demanded CCIE, I would like to say that CCDE is not well known by the recruiters, so may be hard to find a job easily with it, but it is quite popular and respectful among the CCIEs. So, if someone passes CCIE Enterprise or CCIE Service Provider, they are definitely aware of CCDE and start considering that certificate.

Let’s continue our most demanded CCIE track discussion.

For many years most demanded CCIE was always CCIE Routing and Switching. As you might be aware, Cisco changed the CCIE Routing and Switching certification name to CCIE Enterprise Infrastructure, and the CCIE Enterprise syllabus has been updated as well.

We provide many CCIE tracks and among our students, CCIE Enterprise Infrastructure training is the most popular CCIE, most demanded CCIE track as well.

We recommend CCIE Continue reading

CCIE Salary – How much you can get if you pass Cisco CCIE Certification?

CCIE Salary, Cisco CCIE salary. Many people have been searching these two words on OrhanErgun.Net for some time.

Many people also have been asking me, how much they can earn monthly if they pass Cisco CCIE practical/lab exam.

For more information on CCIE course content, success stories, and registration, this is our CCIE Course.

I think the answer depends on many criteria. Since this post will be read by people all around the world, it is important to share some insights on the topic.

Before talking about dependencies, you should know some facts about the CCIE certification. Unlike CCDE, Cisco CCIE Certification is known by the recruiters very well as it has been posted as a job requirement for decades.

There are thousands of them in the world, especially Cisco CCIE Routing and Switching, the new name Cisco CCIE Enterprise Infrastructure certificate is around 50000+ people we are talking about.

At the beginning of his post, I said that CCIE salary depends on many criteria.

These are in general

  • Country
  • Position
  • Changing the company
  • Years of experience

Most probably there are other things that would affect the salary of the CCIE but these are my observations.

The country is Continue reading

BGP Routing Security Discussion on Linkedin

After I published the Telstra’s hijack effecting many networks post on Linkedin, one of my students asked couple good questions under that post.

 

I thought sharing that post here would be beneficial for those who follow orhanergun.net blog, as I explained couple important frequently asked questions about BGP Global routing security.

John Ojo sent the below question/comment: 

 

Orhan Ergun thanks for the insights. Hence the need for IRR & RPKI. I attended your BGP Zero to Hero training now this makes more sense to me haven seen flowspec a few weeks ago previously from Centurylink to this protonmail /24 prefix highjack. But my questions are; 1. Why do all these companies not implement these path validation controls?

2. Is it lack of competent BGP Engineers or Peering Coordinators can BGPSec not be automated to avoid human errors? BGP Security controls seem to overwhelm a lot of companies and not all the Security approaches are full proof anyway. Should they just wait until it happens? The need for continuous training and retraining cannot be overemphasized on BGP in-depth. I recommend them to train at Orhan Ergun LLC www.orhanergun.net

 

My answer to his Continue reading

Telstra’s Hijack effected many networks today!

Today I woke up with a Telstra’s ProtonMail Hijack news. In fact, one of my Linkedin connections, friend,  sent me the ITNews post about the incident.

When I saw it, obviously it was Hijack, not Route Leak or other type of attacks but, the post was not explaining any technical detail, what kind of attack it was, can it be prevented somehow ,etc.

Thus, I wanted to mention briefly about those points, explaining technically, while trying to keep it understandable.

By the way, BGP Security and many other topics about BGP was covered in my week long BGP Zero to Hero course. If you are technical person, don’t miss it!.

Before I start explaining this incident, I should mention that, this incident was totally different than recent Century Link caused outage. In Century Link case, issue was their routing policy. In fact, carrying security policy over routing (I know sounds complex, thus I won’t mention, lack of feedback loop with Flowspec, RFC 5575).

 

Okay, what happened with Telstra’s Hijack? 

 

Telstra Hijack

 

Swiss email provider ProtonMail shared a tweet that Telstra was announcing its 185.70.40.0/24.

This subnet belongs to ProtonMail and Telstra announcing it as Continue reading

Century Link/Level 3 Outage is one of the biggest Internet Problem! 3.5% Drop in Global Internet Traffic

Century Link Outage

 

On August 30, 2020, Level 3/Century Link, AS 3356 had major Internet outage. In fact this outage effected massive amount of networks, including very well know ones such as Amazon, Microsoft, Twitter, Discord, Reddit etc.

3.5% Global Internet Traffic was dropped due to this outage and entire network converged after almost 7 hours. This is huge amount of time. When we usually discuss convergence, specifically fast convergence, ‘Seconds’ if not ‘ Milliseconds ‘ are the target values.

No one wants to have minutes level network convergence. But when there is an Outage like this, we categorize them as ‘ Catastrophic Failures’ and unfortunately network design usually doesn’t take this kind of failures into an account.

But could it be prevented?

In the first place, let’s understand that, this event, similar to many other catastrophic network events, started at a single location. (According to a CenturyLink status page, the issue originated from CenturyLink’s data center in Mississauga, a city near Ontario, Canada.)

But it spread over entire backbone of AS3356.

In fact, I remember on 2014, which we famously know as 512k incident happened because of this network (Level 3) as well and that event also caused Continue reading

MPLS Applications/Services

MPLS Applications, what are the MPLS Applications?. MPLS Applications mean MPLS Services. So what can we do with MPLS basically.

Although the very first purpose of MPLS was fast switching, by the time services/applications with MPLS evolved and there are just so many reasons to use MPLS.

 

Below are some of the most common use case , or in other words, Applications with MPLS.

 

Important MPLS applications/services for the network designers are listed below.

 

    • Layer 2 MPLS VPN (EoMPLS, VPLS, EVPN , VXLAN EVPN etc.)
    • Layer 3 MPLS VPN
    • Inter-AS MPLS VPNs (Layer 2 or Layer 3)
    • Carrier Supporting Carrier
    • MPLS Traffic Engineering
    • Seamless MPLS
    • GMPLS (Generalized MPLS)
    • MPLS Transport Profile (MPLS-TP)

 

MPLS infrastructure can have all of the above MPLS application/ services at the same time. Most of them are architecture, so MPLS Labeling protocols itself (such as LDP, RSVP) are not enough for providing above applications/services.

Usually MPLS protocols, are used commonly with BGP, IGP and other protocols.

I just wanted to mention what people mean when they talk about MPLS applications, thus I am keeping post short but before I finish the post, let me recommend you a book, called . ‘ MPLS Continue reading

Integrated Services QoS – Hard QoS

Integrated Services QoS – Hard QoS is first QoS approach, but currently we are not using. At the end of this post, you will know what is Integrated QoS, what was the idea with it and why it is not used today.

 

Quality of service (QoS) is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.

Two QoS approaches have been defined by standard organizations.

These are:

  • Intserv (Integrated Services) and
  • Diffserv (Differentiated Services).

Intserv QoS demands that every flow requests a bandwidth from the network and that the network would reserve the required bandwidth for the user during a conversation.

Think of this as on-demand circuit switching, each flow of each user would be remembered by the network. This clearly would create a resource problem (CPU, memory , bandwidth) on the network, and thus it was never widely adopted.

Not only allocation bandwidth for each and every flow on each network device in the path, but also keep tracking these flows and tearing down when the flow is terminated is very resource intensive and people thought this will not be scalable and we haven’t seen deployment for it.

Protocol Continue reading

Some must to know information about VPNs

VPN – Virtual Private Network is most common overlay mechanism in Networking. We have many of them, GRE, mGRE, IPSEC, DMVPN, GETVPN, LISP, FlexVPNs, MPLS VPNs and so on. But what are the important and fundamentals thing about VPNs?.In this post I will explain some of them.

 

Virtual Private Network is the logical entity, which is created over a physical infrastructure. It can be setup over another private network such as MPLS or public network such as Internet.

 

All VPN technologies add extra byte to the packet or frame, which increases the overall MTU so the network links should be accommodated to handle bigger MTU values.

 

VPN technologies work based on encapsulation and decapsulation.

 

For example GRE, mGRE and DMVPN encapsulate IP packets into another IP packet, VPLS and EVPN encapsulates Layer 2 frame into an MPLS packets.

 

You can run routing protocols over some VPN technologies but not all VPN technologies allow you to run routing protocols.

In order to support routing over tunnel, tunnel endpoints should be aware from each other.

 

For example MPLS Traffic Engineer tunnels don’t support routing protocols to run over, since the LSPs are unidirectional which mean Head-end Continue reading