Orhan Ergun

Author Archives: Orhan Ergun

Datacenter Design: Shortest Path Bridging 802.1aq

IEEE 802.1aq Shortest Path Bridging (SPB) uses IS-IS as an underlying control plane mechanism that allows all the links in the topology to be active.

In sum, it supports layer 2 multipath. SPB is used in the datacenter; however, it can also be used in the local area network. In this article, Figure-1 will be used to explain shortest path bridging operation.

 

leaf and spine topology

 

Figure-1 – Leaf and Spine Topology

 

In Figure-1, both leaf and spine nodes run IS-IS to advertise the topological information to each other.

In SPB, IS-IS is used by the bridges to find the shortest path to each other, and it allows the topology to be calculated.

But unlike routing, large scale bridging uses only IS-IS link state protocol for the topological information, not for the reachability information.

This means that the addresses of MAC are not advertised within IS-IS.

Some vendor implementations can also use IS-IS to advertise MAC address information since they only need an additional TLV for this operation. Scalability of IS-IS for the MAC addresses advertisement is questionable for large scale deployment; thus, both BGP for MAC address distribution and IS-IS for physical topology creation might be a good option.

Continue reading

HSRP, VRRP and GLBP Basics and Comparison

HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course.

HSRP and GLBP are the Cisco specific protocols but VRRP is an IETF standard. So if the business requirement states that more than one vendor will be used , then VRRP is the best choice to avoid any vendor interoperability issue.

For the default gateway functionality HSRP and VRRP uses one virtual IP corresponds one Virtual Mac address.

GLBP operates in a different way. Clients still use one virtual IP address but more than one virtual mac address is used. So each default gateway switch has its own virtual Mac address but same virtual IP address.

To illustrate this, let’s look at the below picture.

 

 

In the above picture, clients use same gateway mac address since the first hop redundancy protocol is HSRP.

If GLBP was in used, on the Continue reading

Inter AS Option C – Design Considerations and Comparison

Inter AS Option C is the most complex, insecure, uncommon, but extremely scalable inter provider MPLS VPN solution.

I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course.

In this post, I will explain how service providers can use Inter AS Option C to assist customers to have an end-to-end MPLS VPN service.

In the Inter AS Option B post, I explained that ASBR routers between the service providers do not keep a VRF table for the VPN customers.

As depicted in the fig.1 (shown below), as for Inter AS Option B, MP-BGP VPNv4 session is set up between service providers’ ASBR PEs.

 

 

inter-as option b

 

Figure 1: Inter-AS Option B

 

As for Inter AS Option B, ASBR routers – the provider-edge devices between the service providers – maintain only the VPN prefixes of the customers in the BGP table.

In fact, I have shown that VPNv4 BGP session has been set up between the ASBRs.

The high-level operational differences between Inter AS Option C and Inter AS Option B are in two folds: one is that ASBRs do not have VRF table; the other is that unlike Continue reading

Russ White – Orhan Ergun CCDE Practical Exam Scenario

I am glad to announce that Russ White and I have been preparing a CCDE Practical Exam ( Lab Exam ) Scenario. This is the most realistic scenario available anywhere. Why? Because it is not only prepared by a CCDE but also by one of the exam founders!

Disclosure : This is not asked in the CCDE exam , but the structure and idea is very similar to what would be found in the exam.

Russ White is one of the CCDE exam founders and the Author of Optimal Routing Design, Practical BGP, Advanced IP Network Design, and many other network design and architecture books. Russ and I have put much effort into preparing this scenario.

I will first present this scenario for the first time in the July CCDE Training class. (You can see from here the topics which I will talk about in the class as well.)

There are already more than 20 people in the class and multiple people will attend the CCDE Exam in August. I am sure this scenario will be an excellent resource for the CCDE candidates.

If you want to be a good network designer as well as a CCDE, it is Continue reading

MPLS Layer 3 VPN Deployment

In this post I will explain MPLS Layer 3 VPN deployment by providing a case study. This deployment mainly will be for green field environment where you deploy network nodes and protocols from scratch. This post doesn’t cover migration from Legacy transport mechanisms such as ATM and Frame Relay migration as it is covered in the separate post on the website.

I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course.

With MPLS, Layer 2 and Layer 3 VPN can be provided and main difference between MPLS Layer 2 and Layer 3 VPN from the deployment point of view is, in MPLS Layer 3 VPN, customer has a routing neighborship with the Service Provider.

In MPLS Layer 2 VPN, Service Provider doesn’t setup a routing neighborship with the customer.

In the below topology I show you basic MPLS network.

 

what does pe ce mean

 

Figure – MPLS Network , Components and the Protocols

 

  • CE is the Customer Edge device and generally located at the customer location.
  • PE is the Provider Edge Device and located at the Service Provider POP location.
  • P is the Provider device and located inside the Service Provider POP location.

 

Continue reading

PS Core Network Concepts

Most of the educational documents related to PS Core Network start with Call Flows. Attach Call Flow, PDP Context, Paging, etc. Basically that was my problem when I started working in PS Core because the Call Flows include a lot of messages which in turn include a lot of parameters and Information Elements so starting with the Call Flows without knowing at least the Identifiers included in these messages is not the best approach to understand PS Core principles.

This is why this article will be all about the MBB terms that are commonly presented in all Call flows and in most of the MBB talks in general. Once one is comfortable with that, the Call flows will be easy to interpret.

I am bringing some for clarification.

International Mobile Subscriber Identity (IMSI)IMSI

IMSI is a unique Identifier that is allocated to each MS in GSM/UMTS System and stored in SIM Card. (Conforming to ITU E.212 numbering standard)

 

Temporary Mobile Subscriber Identity (TMSI)

In order to support the subscriber identity confidentiality service the VLRs and SGSNs may allocate Temporary Mobile Subscriber Identities (TMSI) to visiting mobile subscribers.

Below is an MS providing P-TMSI Identity to Network

 

 

Continue reading

Evolved Packet Core – Welcome to Long Term Evolution!

As an end user, I am always welcoming the “4G” Signal indicator on my mobile because basically for me this maps to a better Download Speed, good quality VoIP calls (skype, Hangout, Whatsapp, etc) , better Streaming, and HD Videos.

 

evolved packet core

 

This article is all about the “4G” indicator. I am discussing the Evolved Packet Core together with the EUTRAN, Evolved Universal Terrestrial Radio Access Network Technologies that are realizing the 4G Service offered to end users.

With Data rates above 100 Mbps and latency of milliseconds that enables the best video streaming and online gaming experience; One may think of 4G networks as a replacement for 2G/3G Network which is valid in some cases. However, we see that the decision to “dismantle” 2G/3G is still in the operators roadmaps.

Before we go through the LTE/EPC Network Setup, Let’s list three main definitions and abbreviations that are closely related to 4G.

LTE, Long Term Evolution: LTE is basically the Framework for delivering high-speed Data rates for Mobile and Data Terminals. It started with 3GPP R8 and it is commercially introduced to Markets with term “4G” although “4G” requirements are covered by LTE-Advance (3GPP R10)

EUTRAN, Evolved Universal Terrestrial Radio Continue reading

IS-IS Design considerations on MPLS backbone

Using IS-IS with MPLS require some important design considerations. IS-IS as a scalable link state routing protocol has been used in the Service Provider networks for decades.

In fact, eight of the largest nine Service Providers use IS-IS routing protocol on their network as of today.

If LDP is used to setup an MPLS LSP, important IS-IS design considerations should be carefully understood.

As you might know IS-IS routing protocol uses IS-IS levels for hierarchy.

Similar to other routing protocol, synchronization is one of the consideration. IGP-LDP synchronization is required when MPLS LSP is setup with the LDP protocol. Otherwise routing black holes occur.

One of the important IS-IS design considerations when it is used with MPLS is PE devices loopback IP addresses are not sent into IS-IS Level1 domain in Multi-Level IS-IS design. This problem doesn’t happen in flat IS-IS design since you cannot summarize the prefixes in flat/single level IS-IS deployment.

In IS-IS L1 domain, internal routers only receive ATT (Attached) bit from the L1-L2 router. This bit is used for default route purpose.

If there is more than one L1-L2 router, still only default route is sent into Level1 subdomain/level.

Internal IS-IS Level 1 routers don’t know Continue reading

Introduction to Disaster Recovery

Businesses want to choose reliable equipments, components and technologies while designing a network. You may deploy most reliable equipments from your trusted vendor or deploy most mature technologies with carefully do not forget eventually every system fails!

Depends on where is your datacenter located, different disasters may happen. For U.S storm, tornado is not uncommon. I remember just couple years before because of major flooding, Vodafone couldn’t serve to their customer in Turkey for at least 1 day.

Thus, resiliency is an important aspect of the design plan.Resiliency means, how fast you can react to failure with the simplest explanation.

Disaster recovery is the response and remediation that a company follows after a planned or unplanned failure. Businesses often have a secondary datacenter used mostly for backup. If the company has multiple datacenter, they can be used as active/active though.

Secondary datacenter can take the responsibility in the case of a primary datacenter fails if it is used as backup.

Recovery time will depend on business requirements.For the mission critical applications, business may tolerate very short if not zero down time. Then the cost of the required equipments in primary and backup datacenters, skilled engineer who can Continue reading

4 people passed CCDE Lab with my CCDE training recently!

I realised just now that I didn’t share the names of the people who used my CCDE resources and got their CCDE numbers recently.

I know all of them, their capabilities, technical strength. I am happy to see that they are CCDE now.

Congrats to Ken Young , Jaroslaw Dobkowski , Malcolm Booden , Bryan Bartik.

Some of them used Self Paced CCDE Course , Some joined Instructor Led CCDE Training as well. I am honoured to hear good feedbacks from all and share their feedbacks in the related pages on the website.

In 2017, around 10 people passed the CCDE Lab exam with these people. And there was one cancelled exam on May 2017.

CCIE vs. CCDE

CCIE vs. CCDE is probably one of the most frequently asked questions by networking experts.

To get more information on CCDE contents and syllabus, you can check my Instructor Led CCDE or Self Paced CCDE course webpages.

How many times have you asked yourself or discussed this topic with your friends? Many times, right?

I have CCIE routing switching and/or service provider, should I continue to design certificates such as CCDE or should I study for another expert level certification, perhaps virtualization certification?

To illustrate my answer, let me give you an example.

Consider that you would build Greenfield network. (Usually, it is the same for Brownfield as well).

First, you need to understand the business, how many locations it has, where it is located, where is HQ or HQs, Datacenter, POP locations, and so on.

After that, you try to understand how the business can assist its consumers.

It can be retail, airport, stadium, or service provider network.

All these businesses have similar and different requirements,

For example, stadium architecture requires you to have ticketing systems, access control systems, and streaming the game, all of which are connected to the network. So, you need to understand the business requirements, Continue reading

VRF-Lite+GRE/dot1q or MPLS L3 VPN

I am going to create a new category on the blog which we will discuss together the different technologies,protocols, designs and architecture.

You can suggest a discussion topics and you all please welcome to join the discussions in the comment box of each topic.

I want to throw a first topic for the discussions !

Which Enterprise Architecture is more complex ? ( Did you read network complexity article in the blog ? )

MPLS VPN Technologies and Design are explained in detail in my Instructor Led CCDE and Self Paced CCDE course.

 

VRF-lite with GRE/dot1q or MPLS L3VPN ?

 

It is very subjective topic I think there is not absolute corrects thus please share your opinion.Collective of our answers will be creating a detail article and will provide a good resource for the people before they decide a particular technology,protocol,architecture.

UPDATE : Let me provide very brief overview for vrf-lite and MPLS VPNs.

How they can be carried through an overlay to provide data plane separation and how same tasks can be achieved with MPLS layer 3 VPNs.

Vrf-lite provides a control and data plane separation without requiring an MPLS as control or data plane. You don’t need an MPLS Continue reading

1 4 5 6 7 8 24