General – Why Are Certification Exams Not Higher Quality?
I was reading Ivan’s blog as I often do when I came across this post about why certifications suck.
The author Robert Graham had a sample question from the GIAC Penetration Tester (GPEN) exam. The question looked like this:
By default, which protocol do Linux systems use to transmit packets for tracing a network path? a) UDP b) TCP c) ICMP d) TTL e) ECHO
Obviously being a networking expert I have my networking glasses on but I have to respectfully disagree with these gentlemen that I don’t think this is such a bad question at all. Trust me, I’ve seen much worse.
So traceroute works differently on different operating systems. If you work with penetration testing I would argue that you need to have a good understanding of different operating systems. You should know how they behave, what their characteristics are and how you can fingerprint them. The correct answer here is UDP. Linux systems and Cisco devices normally use UDP to send packets for a traceroute while Windows systems use ICMP when doing a traceroute. The answer is of course not TCP because TCP would require the three-way handshake and why would a device want to start a Continue reading
QoS – Quick Post on Low Latency Queuing
A friend was looking for some input on low latency queuing yesterday. I thought the exchange we had could be useful for others so I decided to write a quick post.
The query was where the rule about the priority queue being limited to 33% came from. The follow up question is how you handle dual priority queues.
This is one of those rules that are known as a best practice and doesn’t really get challenged. The rule is based on Cisco internal testing within technical marketing. Their testing showed that data applications suffered when the LLQ was assigned a to large portion of the available bandwidth. The background to this rule is that you have a converged network running voice, video and data. It is possibly to break this rule if you are delivering a pure voice or pure video transport where the other traffic in place is not business critical. Other applications are likely to suffer if the LLQ gets too big and if everything is priority then essentially nothing is priority. I have seen implementations using around 50-55% LLQ for VoIP circuits which is a reasonable amount.
How should dual LLQs be deployed? The rule still applies. Continue reading
General – The Future of Networking – Pete Lumbis
The next person I interviewed about the future of networking is my friend Pete Lumbis. Pete used to be the routing escalations TAC leader at Cisco and now he is working at Cumulus as a SE. Pete holds both a CCIE and a CCDE.
Daniel: The networking world is changing. What are the major changes coming up in the next few years that you think we will see?
Pete: Automation is the big thing these days. Either through APIs or abstraction tools like Ansible or Puppet. I think there will be more embracing of automation, but as a side effect I think we will have to start building networks that are more automation friendly by creating fewer exceptions and one-offs. This also touches on a larger point which is the need to build systems and networks that are less fragile. Automation is less scary when you have an architecture that can tolerate some level of failure.
Daniel: What are the major skills that people in networking need to learn to stay ahead of the curve?
Pete: Fundamentals don’t change. ARP is ARP. MAC addresses still have 48-bits. Understanding fundamentals will always be key. Beyond that it’s going to be about Continue reading
General – The Future of Networking – Russ White
Hello my friends,
Lately I have been thinking a lot about the future of networking and the career paths in this domain. As you probably know I like to guide and mentor people and with everything going on in the industry it can be confusing to find your way and to know what skills to work on to stay ahead of the curve.
I decided to reach out to some of my friends to ask them of their vision of the role of the future networking engineer and how to prepare for the changes that we are now seeing. First out is my friend Russ White who is also the co-author of the book Unintended Features that we wrote together.
Daniel: What are the major skills that people in networking need to learn to stay ahead of the curve?
Russ: Some of these have never changed — for instance, communication and abstraction. Some skills have been more important forever, such as people skills and project manage, but they never seem to really rise to the top in terms of actual demand. I don’t think this is going to change much; companies say they want people skills, and then recruit based Continue reading
General – Network Engineering vs Coding
Introduction
There has been a lot of talking about the future of the network engineer for the last couple of years. Many articles have declared that we MUST learn to program or we will be banished from the world by the programming overlords! I definitely do not agree with this bold statement but lately I have started to learn Python. Why?
Why Learn Programming?
As a network architect I probably won’t ever write a line of code or at least very rarely so. So why bother learning?
I didn’t learn a lot of programming back in my days of school. I fiddled around a bit with Basic, some Pascal and then at the university I tried some C# and C++. I never felt connected with programming. I never felt that I was good at it. This surprised me a bit because I’ve always been good at learning things. I’m good at analyzing things, troubleshooting things and I have a strong background in maths and science in general. I had all the skills that good programmers normally have so why couldn’t I learn programming? Because I struggled I didn’t enjoy doing it so I never pushed through until it “clicked”.
Later Continue reading
Book – Unintended Features
Hi everyone,
I have some exciting news to share with you. I’ve been working on a book lately together with Russ White. It’s called Unintended Features – Thoughts on thinking and life as a network engineer. The book is partly based on blog post we have written in the past but also some unique content for the book. The outline of the book is as follows:
So you’ve decided you want to be a network engineer—or you’re already you a network engineer, and you want to be a better engineer, to rise to the top, to be among the best, to… Well, you get the idea. The question is, how do you get from where you are now to where you want to be? This short volume is designed to answer just that question.
This book tries to teach concepts not found in other writings such as thinking more about architecture and seeing patterns in technology and how to stay current in the networking industry. With the rapid pace of the networking industry it seems like we are sipping from the fire hose. How can we prevent this? Isn’t every new technology pretty much an old one with some new Continue reading
CCDE – My Journey To Becoming Swedens 2nd CCDE
On May the 17th I passed the CCDE practical in Madrid and became Swedens 2nd CCDE, CCDE #20160011. This post describes my journey to passing the CCDE practical in my 1st attempt and the materials that I used to do so.
Let me start by saying that this is a tough exam, a very tough exam. You need to be an expert in RS and SP technologies and there is no instant feedback in the exam, like you would get in the CCIE lab. In the CCIE lab you will see you are missing routes or if your output does not match the output the lab guidelines told you to match. In the CCDE practical there will be very few questions that you are 100% sure that you got the optimal answer. Design is a more subjective skill than implementation. I had several moments where I felt that I could just as well leave because there was no chance I was going to pass the lab. You need to be mentally strong to put those thoughts aside and just keep performing your best throughout the whole exam. You might be doing a lot better than you think.
The first section Continue reading
CCDE – I passed the CCDE Practical in Madrid!
Hi everyone.
I’ve not been posting lately because I have been studying very hard for the CCDE practical.
Passed the lab in Madrid? Isn’t this guy from the North? I was supposed to take this exam in Frankfurt on Tuesday the 17th of May. Wise from my trips to the CCIE lab in Brussels I took a flight that landed around noon on Monday. I have a routine I like to use the day before a big exam. I had just scouted the Pearson Professional Centre (PPC) location and got back to my room. At 14.05 I receive an e-mail from Pearson Vue saying they can’t deliver my exam. Can you imagine the panic I felt? I had been preparing for months of furious studying for this day. The CCDE practical is only delivered every three months so I would have to wait for three more months to take it if I could even get a seat then. I had prepared for this day and my plan was to try to pass it and if I didn’t, come back in three months and pass it then.
There was no time to waste. I found an open seat in Madrid Continue reading
GENERAL – HOW TO BUILD A NETWORK PT.3
In the previous posts I talked about why it’s important to build a network and how you can do it but there is still one component missing. Any guesses?
How do we maintain our network once we have built it?
Stay In Touch
You spent all this time and put effort into building a network. Are you going to let this effort go to waste? I hope not. It’s important to stay in touch every now and then and check in how your friends are doing. This could be by sending an e-mail, a text message, just giving them a call or going for a lunch. Don’t contact them only when you need their assistance. Don’t be a leach. Show that you appreciate them and the help you have received from them in the past.
Return The Favor
One of your contacts helped you with a technology or troubleshooting an issue which helped you move forward in a project. The next time they may require assistance from you. When this time comes, maybe you are very busy at work. Do you simply turn them down? I hope not and if you do don’t expect any help the next time you Continue reading
Cisco Live – News About the Customer Appreciation Event (CAE)
Cisco Live takes place in Las Vegas between the 10th and 14th of July this year. Every Live event, Cisco holds a customer appreciation event (CAE) in an arena close by the conference center. Last year we saw an amazing performance from Aerosmith hosted in San Diego. The year before that, Imagine Dragons put on a show in San Francisco.
This years event will be hosted at the T-Mobile Arena on the Las Vegas strip. This is a very new arena that opened on April, 6, just days ago. The pictures below show renderings of the arena.
T-Mobile Arena® will be the destination in Las Vegas for live events – from amazing music acts to thrilling sporting events – it will set a new standard for what entertainment means in the city that does it best. The 20,000-seat T-Mobile Arena ® will host exciting, world-class events with something for everyone – from UFC, boxing, hockey, basketball and professional bull riding to high-profile awards shows and top-name concerts.
Cisco is not only holding their CAE there. The arena also uses Cisco technology called Cisco StadiumVision which is an innovative digital content distribution system. The system is used to centrally manage and Continue reading
CCIE – Cisco Learning Network Sale on CCIE Training for the CCIE RS Lab
Are you preparing for the CCIE RS lab? Cisco 360 is the official training program for the CCIE. There are other training vendors out there which are also high quality, like INE and Narbik, Cisco 360 has an advantage in that they can leverage the real platform of the lab though. If you want to assess how ready you are you can take an assessment lab at Cisco 360. You will also have the opportunity to get more comfortable with the lab platform that is used in the lab. You will also have the opportunity to practice the TS and DIAG section to make sure you are comfortable with those sections of the lab when the big day comes.
CLN will have a sale during April and May which means that you can save between 10-20% on these products to help you prepare for the CCIE RS lab. For the CCIE there are currently three products on sale.
The first product is a bundle and it’s a starter and advanced mini bundle for 1599$ and contains the following.
- Core and Advanced Workbooks with 25 Expert-level labs for hands-on practice. Labs 01–20 have troubleshooting and configuration sections each, labs 21–25 include Continue reading
General – How to Build a Network Pt.2
In the previous post I talked about why you should build a network of people to both help you in your career and to improve your own skillset. How does one build this network of people?
There are endless ways of building a network and the ways I describe here are based on my personal experience. That said, I do believe that there are some common factors regardless of what approach you take.
Interacting in Forums – There are a lot of forums available, forums for Cisco Learning Network, Cisco Support Community, training vendor forums, product forums, vendor forums. These are often the best resources for getting help on a product and finding those golden nuggets of information that are not always available from the official documentation. There are often very skilled and experienced people in these forums answering posts and writing posts. Try to contribute to the forums and to learn from them and start interacting with these people. Many forums have some form of ranking which makes it easier to spot the people that are the most active on the forums.
I started writing a lot on CLN several years ago and that has been very benificial for Continue reading
General – How to Build a Network Pt.1
Building a strong network of people is very important in creating a successful career in IT. In these posts we will start first look at why building a network is important and in the other posts we will look at how to actually build the network and how to make sure that you are also contributing to the network and not only exploiting it.
If you came here to read about connecting cables or routing protocols, sorry, this is not that kind of post. This post is about how to build a network of people.
People often understimate the power of having a big reach in the industry through a network of people. I often hear in my role that I’m almost too effective sometimes. Part of that is because I have a very good network of people that I trust and rely on. In this blog we will look at WHY you want to build a network of people.
The Borg Mind – Have you heard of Star Trek? No? Are you sure you work in IT? 
Jokes aside, there is species called the Borg in the series which do not so nice things. What it is nice about Continue reading
CCIE – CCIE SPv4 Review by Nick Russo
My friend Nick Russo just took the SPv4 lab and passed it. This is his story.
On 8 March 2016, I passed Cisco’s CCIE Service Provider version 4 lab exam. It was my second attempt. I realize there is little information on the Internet about this test because it is still rather new. This blog post will detail my personal strategy for passing the CCIE SPv4 lab exam. Most CCIEs and CCDEs agree that a smart strategy is a critical part of passing any Cisco expert-level lab; many folks are technically proficient but need to remain organized to be effective.
Note: the views expressed in this blog post are mine alone and do not necessarily represent the views of Cisco. No correlation between my comments and Cisco’s recommendation study strategies should be made. Also note that no technical exam content is discussed here in accordance with Cisco’s CCIE NDA. Comments fishing for such information will be deleted.
First, the new blueprint has 3 sections: Troubleshooting (TSHOOT), Diagnostic (DIAG), and Configuration (CONFIG). The CCIE SPv4 program explains these topics in detail within the new blueprint so that is not discussed again here. Since each section is slightly different, one should have Continue reading
CCDE – Carrier Supporting Carrier
Introduction
In the previous post I showed some of the options two interconnect two AS so that a customer can buy a VPN in two different locations from two different SPs. There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. It is also possible to combine CSC with the Inter-AS options in the previous post, I will show an example of this being used in a real life network in the research world.
Carrier Supporting Carrier
CSC is a technology used to expand the reach of a SP by using another SP as transport. The concept is shown in the following diagram.
The customer carrier is providing a service to the customer. It can be an Internet service, MPLS switched or not or an MPLS L3 VPN. The CSC VPN service provides MPLS transport for the customer carrier. It is also sometimes referred to as Continue reading
CCDE – Inter AS L3 VPNs
Introduction
Sometimes a customer needs a L3 VPN between two locations where the same SP is not present. This can be on a national or international basis. It would be possible to buy an Internet circuit and run an overlay such as DMVPN but what if the customer wants to buy a MPLS VPN circuit?
The customer could buy a VPN from SP1 in location1 and a VPN from SP2 in location2. The two SPs would then have to exchange traffic somehow to make the customer circuit end to end. The concept is shown in the following topology.
The customer connects to the PE of each of the SPs. The SPs need to interconnect at some common point, either through a public peering place such as an IX or with an private interconnect at a common location. The routers that connect to each other are called autonomous system border routers (ASBR). There are three main options and a fourth option which combines two of the others.
Inter-AS Option A
Option A is the most simple of the options to interconnect the ASBRs. Each customer VRF requires either a physical interface or more likely a subinterface. Option A has Continue reading
CCDE – BGP Confederations
Introduction
BGP Confederations are one of two tools a network designer has to work around the full mesh requirement of iBGP. BGP confederations are defined in RFC 5065 which obsoletes RFC 3065. This is how the RFC defines BGP confederations:
This document describes an extension to BGP that may be used
to create a confederation of autonomous systems that is
represented as a single autonomous system to BGP peers
external to the confederation, thereby removing the “full mesh”
requirement. The intention of this extension is to aid in
policy administration and reduce the management complexity
of maintaining a large autonomous system.
The other option to work around the full mesh requirement is of course route reflection.
BGP Confederation Operation and Use Case
BGP confederations work by having several sub AS or member AS that are used internally to divide the BGP domain. From the outside they all look like they are the same AS though. By breaking up the BGP domain, there will be less iBGP peerings which makes the full mesh requirements easier to handle. Do note though that it’s entirely possible to use route reflection within a member AS to combine the two technologies.
BGP confederations made a Continue reading
CCDE – BGP Convergence
Introduction
This post will look at the steps involved in BGP convergence and how it interacts with IGP to converge.
Any network of scale will use route reflectors (RRs) so this post will focus on deployments with RRs. Networks running a full mesh will have all paths available which makes hot potato routing and fast convergence easily achievable, at the cost of scaling and management overhead. A combination of full mesh and RRs is also possible where one scenario would be to run a full mesh within a point of presence (PoP) and RRs within the pop, peering with central RRs.
BGP can be used for both internal (iBGP) and external (eBGP) peerings and convergence and timers differ depending if it’s internal or external peerings.
BGP is a path vector protocol which means that it behaves as a distance vector protocol where it can only advertise routes that are installed into the RIB. There is an exception to the rule when BGP selective route download (SRD) is used to not download routes to the RIB but still advertise the routes. BGP will by default only install one path into the RIB even if there are multiple equal candidates and it Continue reading
Network Simulation – Cisco VIRL Now Available in the Cloud
There has been a lot happening around VIRL the last few weeks. A new release of VIRL just got released and today the VIRL team announced that they are adding support for running VIRL in the cloud.
Cisco has chosen to work together with Packet, a bare metal cloud provider. This is how Packet describes themselves.
At Packet, we're out to build a better internet by supercharging the container revolution with smart, API-driven bare metal. Our platform brings the price and performance benefits of bare metal servers to the cloud, powering highly-available performance workloads through a unique, never-congested network.
The following picture summarizes why Cisco has chosen Packet.
Compared to Amazon AWS, Packet is a bare metal cloud provider which means that the resources you rent will be dedicated to you. Packet does not run any hypervisors, meaning that the workloads are not virtualized.
If you have an existing install of VIRL, you can use Terraform by Hashicorp to provision your new VIRL server at Packet. I had never heard of Terraform before, this is how Hashicorp describes Terraform.
Today we announce Terraform, a tool for safely and efficiently building, combining, and launching infrastructure. From Continue reading
CCDE – DMVPN Crypto Design Considerations
This post will describe some of the crypto design considerations for DMVPN.
DMVPN Overview and Crypto Overhead
First let’s have a quick recap of what Dynamic Multipoint VPN (DMVPN) is. DMVPN is an overlay technology where multi point GRE tunnels are used to form an overlay where a routing protocol will run across the overlay. DMVPN is a hub and spoke technology where the DMVPN hub acts as a centralized control plane. DMVPN uses Next Hop Resolution Protocol (NHRP) to register the IP addresses of the spokes with the hub. When a router looks in its routing table, the next-hop will be the IP address of the tunnel, not the real outside IP which must be used for the GRE encapsulation. To find the outside IP of the spoke, NHRP is used to resolve the next-hop to the real outside IP.
DMVPN runs over public transport. This means that it’s possible to snoop the traffic while in transit. To prevent this from happening, DMVPN is often combined with IPSec to encrypt the packets. IPSec can run in two modes, transport mode and tunnel mode. In transport mode, the original IP header is not encrypted and there is no additional IP Continue reading