Orhan Ergun

Author Archives: Orhan Ergun

OPEX and CAPEX in Network Design

OPEX and CAPEX are two important network design considerations. From the high level we should understand these two design requirements.

 

OpEx refers to operational expenses such as support, maintenance, labor, bandwidth and utilities. Creating a complex network design may show off your technical knowledge but it can also cause unnecessary complexity making it harder to build, maintain, operate and manage the network.

 

A well- designed network reduces OpEx through improved network uptime (which in turn can avoid or reduce penalties related to outages), higher user productivity, ease of operations, and energy savings. Consider creating the simplest solution that meets the business requirements.

 

CapEx refers to the upfront costs such as purchasing equipment, inventory, acquiring intellectual property or real estate. A well-thought design provides longer deployment lifespan, investment protection, network consolidation and virtualization, producing non-measurable benefits such as business agility and business transformation and innovation, thus reducing risk and lowering costs in the long run.

 

Last metric in the COST constraint is TCO (Total cost of ownership).

TCO is a better metric than pure CapEx to evaluate network cost, as it considers CapEx plus OpEx. Make your network designs cost-effective in the long run and do more Continue reading

BGP Path Validation New Mechanism – AS Cones

When it comes to Routing Security, BGP Origin and Path Validation should be understood very well.

It is the problem of all, not just large Service Providers. Enterprises, Service Providers, Mobile Operators, basically whoever are interacting with Global Routing.

IRR, RPKI, BGPSEC, Origin Validation and Path Validation are the fundamentals of BGP Routing Security. We have many other posts for the subject on the website but in this post I want to share with you new approach for BGP Path Validation. It is called as AS-Cones.

At the moment, it is still IETF draft but soon it is expected to be Standard RFC.

I discussed it with the inventor of the mechanisms, Melchior Aelmans along with many other routing security topic and decided to share with you!

In the below video, Orhan Ergun, Melchior Aelmans and Jeff Tantsura, discussing new approaches in BGP Security – Path Validation.

They explain ASPA – Autonomous System Provider Authorization , and another approach AS-Cone and they compare those two.

Not only BGP Security Path Validation, but they identify the current known problems of the Global Routing Table/DFZ, such as Hijacks, different types of hijacks, route leaks and they discuss some prevention techniques such Continue reading

Flat/Single Level vs. Multi Level IS-IS Design Comparison

Flat/Single Level vs. Multi Level IS-IS Design Comparison. Flat routing means, without hierarchy, entire topology information of the network is known by each and every device in the network.

IS-IS has two levels. Thus, for IS-IS, Multi Level means Two Level IS-IS. Level 1 and Level 2.

When we have two levels, Level 1 routers don’t know the topology of Level 2 and vice versa. By hiding topology information of different level routers, scalability is achieved. Reason we achieve more scalable network is when there is a failure or new information added or metric changes in one Level, another level doesn’t run SPF algorithm.

 

But what are the design consideration when we have Flat or Multi Level IS-IS networks. Is Multi Level IS-IS design, which mean, Hierarchical IS-IS design always good? Answer is no. Although Multi Level provides Scalability, it comes with extra complexity and end to end routing convergence time increase.

 

So, I prepared below comparison charts to discuss different design aspects when it comes to IS-IS Single vs. Multi Level design.

 

If you like this comparison chart, you can see more of them in my CCIE Enterprise Training.

 

single vs. multi level IS-IS

The post Flat/Single Level vs. Multi Continue reading

Four necessary steps in routing fast convergence

When it comes to fast convergence, first thing that we need to understand what is convergence?

 

Convergence is the time between failure and the recovery. Link, circuits, routers, switches all eventually fails. As a network designers, our job is to understand the topology and whenever there is qrequirement, add backup link or node. Of course, not every network, or not every place in the network requires redundancy though. But let’s assume, we want redundancy, thus we add backup link or node and we want to recover from the failure as quickly as possible, by hoping before Application timeout.

 

But what is the time for us to say , this network is converging fast. Unfortunately, there is no numerical value for it. So, you cannot say, 30 seconds , or 10 seconds , or 1 second is fast convergence. Your application convergence requirement might be much below 1 second.

Thus, I generally call ‘ Fast Convergence’ is the convergence time faster than default convergence value. Let’s say, OSPF on Broadcast media is converging in 50 seconds, so any attempt to make OSPF convergence faster than 50 seconds default convergence value is OSPF Fast Convergence on Broadcast media.

 

There Continue reading

What is MTL in CCIE Enterprise Infrastructure Training?

MTL – Multi Technology Lab consist of many technologies in a large topology. When network design is considered, there is no single protocol, many protocols interact with each other. In my CCIE Enterprise Infrastructure Training, I have many MTL (Multi Technology Lab), and students are able to watch the videos, and with the config files, they are able to perform each task in the Lab themselves.

 

From OSPF, EIGRP to BGP, QoS to Multicast, Layer 2 Technologies to Security, SD-WAN and many other technologies are all in the same lab. Traditionaly these kind of Labs were called as Mock Labs but better term is Multi Technology Lab. If you see on the social media next time one of this labs with OE logo, you know that it is MTL! Let me see your comment ?

 

You can check the schedule of next CCIE Enterprise Course by clicking here! 

Multi Technology Lab

The post What is MTL in CCIE Enterprise Infrastructure Training? appeared first on orhanergun.net.

OSPF Routing Protocol Network Engineer Interview Questions!

OSPF is the most common network engineer interview topics without any doubt. Almost all network engineers faced with some OSPF questions in their interview. Thus I thought it is important to cover common questions and the answer with the blog post.

 

From OSPF LSAs to OSPF Areas, by having Multi Area Hierarchical OSPF for stability, OSPF security and OSPF Fast Convergence, I prepared many questions and explaining them in detail in the below video.

 

There are many questions in the video and if you liked the video, subscribe to Orhan Ergun YouTube Channel and share your thoughts in the comment section.

 

Note: OSPF Interview Questions in this video from basics to advanced level and studying this 65 minutes video will enhance your OSPF knowledge definitely!

 

The post OSPF Routing Protocol Network Engineer Interview Questions! appeared first on orhanergun.net.

Cisco Viptela SD-WAN Training

Cisco Viptela SD-WAN Training. I recently added Self Paced Cisco Viptela SD-WAN training under Training on the website. You can purchase it and start studying the course right away.

This course covers all SD-WAN  concepts from basic to advance level.

Not only many hours theory and design, but there are more than 12 hours Lab/Configuration in this course to demonstrate, different features in SD-WAN.

Students of this course are placed in a study group, so when they have any problem, we support them in the group. This is key for learning and I follow the same methodology in all my trainings.

It covers at the moment, Cisco Viptela SD-WAN but when the new content is available for the other vendors SD-WAN solution, students will be able to access the new content for free as well.

Starting from installing certificates on the SD-WAN Controller (VBond, VSmart, VManage), all the way cloud integration, Direct Internet Access, Dynamic Path Selection, Application Based Traffic Engineering, QoS, Forward Error Correction, Deduplication, Zero Touch Provisioning and many other topics are covered from theory and design aspects and demonstrated in a Lab environment.

Last but not least, guest designers will discuss their real life SD-WAN design and Continue reading

100+ Hours CCIE Enterprise Infrastructure Training/Bootcamp

100+ hours CCIE Enterprise Infrastructure Training/Bootcamp. Can it happen? Yes, in fact my CCIE Enterprise Instructor Led course is over 100 hours, design , theory and lab content.

 

In the CCIE Enterprise training I go through not only traditional technologies such as OSPF, EIGRP , BGP , MPLS, Multicast, QoS, IPv6 etc. but also there are so many SD-WAN , SD-Access and Network Programmability and Automation content.

Probably you have seen some topologies on social media (I use LinkedIn mostly), those topologies consists of many tasks and we cover all of them in the training.

 

I have two versions of CCIE Enterprise Training.

 

     1.Self Paced CCIE Enterprise Infrastructure Training:

 

In this training, all the content of CCIE Instructor Led training is covered but as a recorded video format. Participant of Self Paced CCIE Enterprise Training gets not only videos but also Config files/Labs , workbooks, design comparison charts (don’t forget there is 3 hours design module in CCIE Enterprise exam), session materials and so on. Self Paced training students are placed in a study group together with the Instructor Led CCIE Enterprise training/bootcamp students.

 

    2. Instructor Led CCIE Enterprise Infrastructure Continue reading

BGP Convergence and ASn allocation design in Large Scale Networks

BGP Convergence and ASn allocation design in Large Scale Networks covered in this post and the video at the end of the post.

This content is explained in great detail in my BGP Zero to Hero course as well as CCIE Enterprise Training.

 

BGP is always known as slowly converged protocol. In fact this is wrong knowledge. If you just mention about BGP Control plane convergence, can be true but we always ignore BGP Data Plane Convergence which is commonly known as BGP PIC (Prefix Independent Convergence) 

 

In this post, I will explain the BGP Path Hunting process which slows down the convergence process. Path Hunting is not only BGP but in general distance vector protocols convergence problem.

 

Effect of Path Hunting gets very problematic in densely meshed topologies such as CLOS or Fat Tree.

 

Many Leaf and Spine switches might be in the network and when EBGP is used (As it is recommended in RFC 7938) Path Hunting should be avoided by allocation the Autonomous System number to the networking devices wisely.

 

Otherwise, for the prefix which is not anymore advertised to network due to failure for example, BGP speaking routers try any Continue reading

BIER – Bit Indexed Explicit Replication

BIER is Bit Indexed Explicit Replication which is a newest proposal for IP Multicast.

Although I say IP Multicast, of course it works on MPLS networks as well.

BIER works by assigning every edge device a Bit Mask position. Then, instead of sending Multicast packet to each destination IP address (Receiver IP address), basically it sets the Bit positions and save the amount of data plane state.

It uses Unicast transport as underlay reachability, and Bit Mask is advertised through IGP control plane.

So, OSPF and IS-IS newly assigned TLVs handle the BitMask to Edge device (BFER – Bit Forwarding Edge Router in BIER terminology) assignment and distribution.

It is in theory can be used not only for multicast but also for Unicast traffic as well.

When we use it, we don’t need to have mLDP, RSVP P2MP LSPs, or PIM in the Core Network (Of course at the Edge, you can still have towards the customer in mVPN scenarios).

So basically, by removing those protocols from the network, in theory, simpler network design you should have. I am saying in theory, because having less protocol doesn’t always mean, having simpler design.

Because we would be throwing the complexity to Continue reading

BGP+SPF for Hyperscale/Massively Scale Datacenter Deployment

BGP+SPF Imagine we replace BGP best path selection decision with SPF. BGP+SPF exactly does that. In this post, I will explain why we are looking for alternative protocols for Massively Scale Datacenter.

Although there is no exact answer how many devices should be in the datacenter so datacenter can be considered Massively Scale, but we know 10.000 Racks are not uncommon in these type of datacenter and each rack, when BGP is used as a transport, gets it’s own unique AS number.

Before I explain BGP+SPF, let’s understand why traditional , very well know, OSPF or IS-IS are not used in these type of datacenter.

Answer is scalability. OSPF and IS-IS are chatty protocols and flooding aspect of these protocols are just not suited to very densely meshed connectivities. Yes, these datacenter run on CLOS topology and CLOS is densely meshed topology.

Also, we want to have wide ECMP in these type of datacenter, meaning, between the TOR, Leaf and Spine devices, there are so many equal cost path and we want to utilize them all. OSPF and IS-IS will be limited to number of ways of ECMP.

BGP is very well suited protocol which provides very wide ECMP Continue reading

CCIE Enterprise Infrastructure Training

CCIE Enterprise Infrastructure Training by Orhan Ergun. As Orhan Ergun, I always aim to provide best training in the world. I started recently CCIE Enterprise Infrastructure v1. 0 training. In this post you will see why you should get this training, why you should get it from Orhan Ergun, what are the requirement to attend , what are the unique benefits, training outline and many other details.

 

CCIE Enterprise Infrastructure v1.0

 

  • New CCIE Enterprise Infrastructure training will prepare you for the new solutions of enterprise networks in today’s networking era.
  • This Training is more oriented on the basis of new and latest solutions instead of the legacy network technologies.

 

Benefits of Orhan Ergun CCIE Enterprise Infrastructure Training: 

  • 20 days – 10 Weekends – 2 and half months (80 hours, 4 hours each day, on weekends) training
  • CCIE IE Workbook and Classroom materials (More than thousand pages)
  • It will be live training but self paced training will be provided when it is completed for free to the attendees
  • Attendees will be able to receive SP Design and Segment Routing Workbooks 
  • When you want to attend CCDE Training, extra 40% discount

 

Why CCIE Enterprise Infrastructure Training Continue reading

Book Giveaway Winners

As you know couple days ago I announced that I will giveaway 3 of my books to 10 people. In this post, you will see the names of the winners. Thanks for the all participants and I am glad to share my efforts with the community. Also I have many new connections who I can provide useful content by the time. At the end of the post, you will see another surprise by me!

 

 

 

 

1022 people liked it, some of them was 2nd level connection while they liked, and some of them applied after 11pm gmt+3 on Sunday Feb9, 2020. Thus, 894 people were counted as eligible.

Random name picker on https://commentpicker.com/random-name-picker.php was used to pick the names.

List of the people who won the books as below. We will be connecting them to learn which book they want to receive from us.

 

  1. Akinfemi Akinyanju
  2. Dennis Krulac
  3. Vannaro Mao
  4. Navid Yahyapour
  5. Vuthha Seang
  6. Marius Viotel Nastasa
  7. Luca Banfo
  8. Ahsan Mateen
  9. Abderrahmane Bendaoud
  10. Siva Ntshobane
  11. Hassan Shah

 

I would give the books to 10 people but one of my LinkedIn followers wanted to give one book as a gift, thus we selected 11 Continue reading

GPON vs. Traditional Ethernet Architecture

GPON (Gigabit Passive Optical Network) is used to reduce the number of active switching nodes in the network design. Network Design Best practice in Campus networks and many Datacenter networks (Not Massively Scale Datacenters), is to use Three-Tier; Access, Distribution and Core network design. Although the design decision depends on the scalability requirements in the Campus and DC, two layer; Access and Collapsed Distribution/Core design can be used. Below figure depicts common three tier Access, Distribution and Core design.

 

This post was first published on “Service Provider Networks Design and Architecture by Orhan Ergun” book. 

 

GPON vs Active Ethernet

Figure – GPON vs. Traditional Ethernet Architecture, Source: cisco.com

 

In Three-tier Traditional campus networks, there are active Ethernet devices used in each tier. Active means, nodes require electricity. Active Ethernet switches forward traffic based on forwarding rules. If it’s a Layer 2 network, traffic is forwarded based on Layer 2 information, if it is a Layer 3 design, traffic is forwarded based on routing protocol information.

GPON in the campus network replaces traditional three-tier design with two-tier optical network, by removing the Active access and distribution layer Ethernet switches with the ONT, Splitter and OLT devices. Although ONT Continue reading

Edge Computing Providers

Edge computing is a networking philosophy focused on bringing computing as close to the source of data as possible, in order to reduce latency and bandwidth usage. In a simpler term, edge computing means running fewer processes in the cloud and moving those processes to local places, such as on a user’s computer, an IoT device, or an edge server.

 

This post was first published in ‘ Service Provider Networks Design and Architecture by Orhan Ergun ‘ book.

Bringing computation to the network’s edge minimizes the amount of long-distance communication that has to happen between a client and server.

For Internet devices, the network edge is where the device, or the local network containing the device, communicates with the Internet. The edge may not be a clear term; for example, a user’s computer or the processor inside of an IoT camera can be considered the network edge, while the user’s router, ISP, or local edge servers are also considered the edge.

 

It is important to understand that the edge of the network is geographically close to the device, unlike origin servers and cloud servers, which can be very far from the devices they communicate with.

 

Cloud computing Continue reading

Segment Routing Workbook by Orhan Ergun

Recently I published a new book on Segment Routing.

Segment Routing have been deployed by many networks (Both Enterprises and Service Providers ) for many different use cases such as Traffic Engineering, Fast Reroute , Monitoring and so on and I believe Segment Routing will be even more popular in near future. Thus, I believe this book should be read by anyone who are interested in networking.

You can get the sample copy of the book and purchase it from here. 

This book covers both Theory and Practical aspect of Segment Routing.

Segment Routing is a technology that is gaining popularity as a way to simplify MPLS networks. It has the benefit of interfacing with Software Defined Networks and works based on Source Routing.

This Workbook will be useful for those who want to understand, deploy,  verify and troubleshoot Segment Routing Networks. This Workbook will be useful for the  CCIE and CCDE certification exams.

Book Content:

  • Segment routing fundamental and concepts
    • Segment routing introductions
    • SR and MPLS data plane
    • Segment routing global block
  • Segment routing in IGP
    • SR Control Plane overview
    • SR in OSPF
    • SR in ISIS
    • IP FRR (LFA/TI-LFA)
    • Configuration lab and troubleshooting tips
    • Segment Routing and LDP

Different wordings for the same definition/meaning in Networking

In computer network engineering almost always we use different definitions/wordings to explain same thing. In this post, I will give you some examples, please add whatever else you remember in the comment box below , we can discuss them there.

 

All below keywords explain the same thing. 

 

Let’s start with MPLS Cases :

  1. Tunnel Label , Transport Label , Transport Label , Outer Label , Topmost Label , Outmost Label : They all define PE to PE reachability in MPLS network.
  2. Ingress PE , Source PE , Headend PE , Ingress LSR , Edge LSR : Either in MPLS VPN or MPLS Traffic Engineering cases, you can see these keywords and they all define the same thing.
  3. Inner Label, VPN Label , VC (Virtual Circuit) Label , Service Label : They all define same thing which is Layer 2 VPN customer service information.

Inter Domain Routing Cases :

  1. IX (Internet Exchange) , IXP (Internet Exchange Point) , Internet Exchange , Peering Point , Exchange Point
  2. Public Peering Exchange , MLPE (Multi Lateral Peering Exchange) , Public Exchange

IOT Case:

  1. Smart Device, Smart Object , Sensors , Intelligent Object , Smart Things

Routing :

ASBR , IGW (Internet Continue reading

BGP PIC – Prefix Independent Convergence Fundemantals

BGP PIC ( Prefix Independent Convergence ) is a BGP Fast reroute mechanism which can provides sub second convergence even for the 500K internet prefixes by taking help of IGP convergence.

BGP PIC uses hierarchical data plane in contrast to flat FIB (Forwarding table) design which is used by Cisco CEF and many legacy platforms.

In a hierarchical dataplane , the FIB used by the packet processing engine reflects recursions between the routes.

I will explain the recursion concept throughout the post so don’t worry about the above sentence, it will make sense.

There are two implementation of BGP PIC concept and they can protect the network traffic from multiple failures.

Link, node in the core or edge of the network can be recovered under a second and most of the case under 100ms ( It mostly depends on IGP convergence, so IGP should be tuned or IGP FRR can be used ).

In this article I will not explained IGP fast convergence or IGP Fast reroute but you can read my Fast reroute mechanism article from here.

BGP PIC can be thought as BGP Fast Reroute Mechanism which relies on IGP convergence for the failure detection. ( All overlay Continue reading

Ask these questions before you replace any technology in your network !

If you are replacing one technology with the other, these questions you should be asking.

This may not be the complete list and one is maybe more important than the other for your network , but definitely keep in mind or come back to this post and check before you replace one technology with another one !

 

Is this change really needed ? Is there a valid business case ?

 

First and most important question, because we are deciding whether this change is absolutely necessary. If the technology which you will migrate won’t bring any business benefit (OPEX, CAPEX , New Revenue Stream etc.) then existing technology should stay.

This is true for the new software release on the routers as well. If there is no new feature which you need to use with the new software release and if there is no known bug that effects the stability of the network, having a longer software lifecycle is better than upgrading the software frequently.

 

What is the potential impact to overall network ?

 

New technology might require extra resource usage on the network. Can your network devices accommodate this resource usage growth ? Opposite is true as well. New technology Continue reading

Please don’t register to South Africa/Johannesburg CCDE Class, it is full !

Hi Everyone,

I would like to inform you that Instructor Led CCDE Class in South Africa/Johannesburg Training is full. So please don’t register for it.

Having more people will reduce the time required for discussions. Those who attended any of my earlier class know that we have already very packed agenda, approximately 2000 pages documents and so many real life discussions in 5 days. Hopefully we will schedule another training session in SA next year, and please when I announce, just hurry up for registration.

I will be in Johannesburg between May 13 – 18, if you would like to meet me, please send me an email to [email protected]

Even if you are not considering any network design training, still that is okay, would like to meet and know as many network engineer as I can while still I am able to ?

The post Please don’t register to South Africa/Johannesburg CCDE Class, it is full ! appeared first on orhanergun.net.