Archive

Category Archives for "Daniels networking blog"

Book – Unintended Features

Hi everyone,

I have some exciting news to share with you. I’ve been working on a book lately together with Russ White. It’s called Unintended Features – Thoughts on thinking and life as a network engineer. The book is partly based on blog post we have written in the past but also some unique content for the book. The outline of the book is as follows:

So you’ve decided you want to be a network engineer—or you’re already you a network engineer, and you want to be a better engineer, to rise to the top, to be among the best, to… Well, you get the idea. The question is, how do you get from where you are now to where you want to be? This short volume is designed to answer just that question.

This book tries to teach concepts not found in other writings such as thinking more about architecture and seeing patterns in technology and how to stay current in the networking industry. With the rapid pace of the networking industry it seems like we are sipping from the fire hose. How can we prevent this? Isn’t every new technology pretty much an old one with some new Continue reading

CCDE – My Journey To Becoming Swedens 2nd CCDE

On May the 17th I passed the CCDE practical in Madrid and became Swedens 2nd CCDE, CCDE #20160011. This post describes my journey to passing the CCDE practical in my 1st attempt and the materials that I used to do so.

Let me start by saying that this is a tough exam, a very tough exam. You need to be an expert in RS and SP technologies and there is no instant feedback in the exam, like you would get in the CCIE lab. In the CCIE lab you will see you are missing routes or if your output does not match the output the lab guidelines told you to match. In the CCDE practical there will be very few questions that you are 100% sure that you got the optimal answer. Design is a more subjective skill than implementation. I had several moments where I felt that I could just as well leave because there was no chance I was going to pass the lab. You need to be mentally strong to put those thoughts aside and just keep performing your best throughout the whole exam. You might be doing a lot better than you think.

The first section Continue reading

CCDE – I passed the CCDE Practical in Madrid!

Hi everyone.

I’ve not been posting lately because I have been studying very hard for the CCDE practical.

Passed the lab in Madrid? Isn’t this guy from the North? I was supposed to take this exam in Frankfurt on Tuesday the 17th of May. Wise from my trips to the CCIE lab in Brussels I took a flight that landed around noon on Monday. I have a routine I like to use the day before a big exam. I had just scouted the Pearson Professional Centre (PPC) location and got back to my room. At 14.05 I receive an e-mail from Pearson Vue saying they can’t deliver my exam. Can you imagine the panic I felt? I had been preparing for months of furious studying for this day. The CCDE practical is only delivered every three months so I would have to wait for three more months to take it if I could even get a seat then. I had prepared for this day and my plan was to try to pass it and if I didn’t, come back in three months and pass it then.

There was no time to waste. I found an open seat in Madrid Continue reading

GENERAL – HOW TO BUILD A NETWORK PT.3

In the previous posts I talked about why it’s important to build a network and how you can do it but there is still one component missing. Any guesses?

How do we maintain our network once we have built it?

Stay In Touch

You spent all this time and put effort into building a network. Are you going to let this effort go to waste? I hope not. It’s important to stay in touch every now and then and check in how your friends are doing. This could be by sending an e-mail, a text message, just giving them a call or going for a lunch. Don’t contact them only when you need their assistance. Don’t be a leach. Show that you appreciate them and the help you have received from them in the past.

Return The Favor

One of your contacts helped you with a technology or troubleshooting an issue which helped you move forward in a project. The next time they may require assistance from you. When this time comes, maybe you are very busy at work. Do you simply turn them down? I hope not and if you do don’t expect any help the next time you Continue reading

Cisco Live – News About the Customer Appreciation Event (CAE)

Cisco Live takes place in Las Vegas between the 10th and 14th of July this year. Every Live event, Cisco holds a customer appreciation event (CAE) in an arena close by the conference center. Last year we saw an amazing performance from Aerosmith hosted in San Diego. The year before that, Imagine Dragons put on a show in San Francisco.

This years event will be hosted at the T-Mobile Arena on the Las Vegas strip. This is a very new arena that opened on April, 6, just days ago. The pictures below show renderings of the arena.

T-Mobile-rendering-1
T-Mobile-rendering-1
T-Mobile-rendering-2
T-Mobile-rendering-2
T-Mobile Arena® will be the destination in Las Vegas for live events – from amazing music acts to thrilling sporting events – it will set a new standard for what entertainment means in the city that does it best. The 20,000-seat T-Mobile Arena ® will host exciting, world-class events with something for everyone – from UFC, boxing, hockey, basketball and professional bull riding to high-profile awards shows and top-name concerts.

Cisco is not only holding their CAE there. The arena also uses Cisco technology called Cisco StadiumVision which is an innovative digital content distribution system. The system is used to centrally manage and Continue reading

CCIE – Cisco Learning Network Sale on CCIE Training for the CCIE RS Lab

Are you preparing for the CCIE RS lab? Cisco 360 is the official training program for the CCIE. There are other training vendors out there which are also high quality, like INE and Narbik, Cisco 360 has an advantage in that they can leverage the real platform of the lab though. If you want to assess how ready you are you can take an assessment lab at Cisco 360. You will also have the opportunity to get more comfortable with the lab platform that is used in the lab. You will also have the opportunity to practice the TS and DIAG section to make sure you are comfortable with those sections of the lab when the big day comes.

CLN will have a sale during April and May which means that you can save between 10-20% on these products to help you prepare for the CCIE RS lab. For the CCIE there are currently three products on sale.

The first product is a bundle and it’s a starter and advanced mini bundle for 1599$ and contains the following.

  • Core and Advanced Workbooks with 25 Expert-level labs for hands-on practice. Labs 01–20 have troubleshooting and configuration sections each, labs 21–25 include Continue reading

General – How to Build a Network Pt.2

In the previous post I talked about why you should build a network of people to both help you in your career and to improve your own skillset. How does one build this network of people?

There are endless ways of building a network and the ways I describe here are based on my personal experience. That said, I do believe that there are some common factors regardless of what approach you take.

Interacting in Forums – There are a lot of forums available, forums for Cisco Learning Network, Cisco Support Community, training vendor forums, product forums, vendor forums. These are often the best resources for getting help on a product and finding those golden nuggets of information that are not always available from the official documentation. There are often very skilled and experienced people in these forums answering posts and writing posts. Try to contribute to the forums and to learn from them and start interacting with these people. Many forums have some form of ranking which makes it easier to spot the people that are the most active on the forums.

I started writing a lot on CLN several years ago and that has been very benificial for Continue reading

General – How to Build a Network Pt.1

Building a strong network of people is very important in creating a successful career in IT. In these posts we will start first look at why building a network is important and in the other posts we will look at how to actually build the network and how to make sure that you are also contributing to the network and not only exploiting it.

If you came here to read about connecting cables or routing protocols, sorry, this is not that kind of post. This post is about how to build a network of people.

People often understimate the power of having a big reach in the industry through a network of people. I often hear in my role that I’m almost too effective sometimes. Part of that is because I have a very good network of people that I trust and rely on. In this blog we will look at WHY you want to build a network of people.

The Borg Mind – Have you heard of Star Trek? No? Are you sure you work in IT? ? Jokes aside, there is species called the Borg in the series which do not so nice things. What it is nice about Continue reading

CCIE – CCIE SPv4 Review by Nick Russo

My friend Nick Russo just took the SPv4 lab and passed it. This is his story.

On 8 March 2016, I passed Cisco’s CCIE Service Provider version 4 lab exam. It was my second attempt. I realize there is little information on the Internet about this test because it is still rather new. This blog post will detail my personal strategy for passing the CCIE SPv4 lab exam. Most CCIEs and CCDEs agree that a smart strategy is a critical part of passing any Cisco expert-level lab; many folks are technically proficient but need to remain organized to be effective.

Note: the views expressed in this blog post are mine alone and do not necessarily represent the views of Cisco. No correlation between my comments and Cisco’s recommendation study strategies should be made. Also note that no technical exam content is discussed here in accordance with Cisco’s CCIE NDA. Comments fishing for such information will be deleted.

First, the new blueprint has 3 sections: Troubleshooting (TSHOOT), Diagnostic (DIAG), and Configuration (CONFIG). The CCIE SPv4 program explains these topics in detail within the new blueprint so that is not discussed again here. Since each section is slightly different, one should have Continue reading

CCDE – Carrier Supporting Carrier

Introduction

In the previous post I showed some of the options two interconnect two AS so that a customer can buy a VPN in two different locations from two different SPs. There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. It is also possible to combine CSC with the Inter-AS options in the previous post, I will show an example of this being used in a real life network in the research world.

Carrier Supporting Carrier

CSC is a technology used to expand the reach of a SP by using another SP as transport. The concept is shown in the following diagram.

CSC-Overview
CSC-Overview

The customer carrier is providing a service to the customer. It can be an Internet service, MPLS switched or not or an MPLS L3 VPN. The CSC VPN service provides MPLS transport for the customer carrier. It is also sometimes referred to as Continue reading

CCDE – Inter AS L3 VPNs

Introduction

Sometimes a customer needs a L3 VPN between two locations where the same SP is not present. This can be on a national or international basis. It would be possible to buy an Internet circuit and run an overlay such as DMVPN but what if the customer wants to buy a MPLS VPN circuit?

The customer could buy a VPN from SP1 in location1 and a VPN from SP2 in location2. The two SPs would then have to exchange traffic somehow to make the customer circuit end to end. The concept is shown in the following topology.

Inter-AS-L3VPN Overview
Inter-AS-L3VPN Overview

The customer connects to the PE of each of the SPs. The SPs need to interconnect at some common point, either through a public peering place such as an IX or with an private interconnect at a common location. The routers that connect to each other are called autonomous system border routers (ASBR). There are three main options and a fourth option which combines two of the others.

Inter-AS Option A

Option A is the most simple of the options to interconnect the ASBRs. Each customer VRF requires either a physical interface or more likely a subinterface. Option A has Continue reading

CCDE – BGP Confederations

Introduction

BGP Confederations are one of two tools a network designer has to work around the full mesh requirement of iBGP. BGP confederations are defined in RFC 5065 which obsoletes RFC 3065. This is how the RFC defines BGP confederations:

This document describes an extension to BGP that may be used
to create a confederation of autonomous systems that is
represented as a single autonomous system to BGP peers
external to the confederation, thereby removing the “full mesh”
requirement. The intention of this extension is to aid in
policy administration and reduce the management complexity
of maintaining a large autonomous system.

The other option to work around the full mesh requirement is of course route reflection.

BGP Confederation Operation and Use Case

BGP confederations work by having several sub AS or member AS that are used internally to divide the BGP domain. From the outside they all look like they are the same AS though. By breaking up the BGP domain, there will be less iBGP peerings which makes the full mesh requirements easier to handle. Do note though that it’s entirely possible to use route reflection within a member AS to combine the two technologies.

BGP confederations made a Continue reading

CCDE – BGP Convergence

Introduction

This post will look at the steps involved in BGP convergence and how it interacts with IGP to converge.

Any network of scale will use route reflectors (RRs) so this post will focus on deployments with RRs. Networks running a full mesh will have all paths available which makes hot potato routing and fast convergence easily achievable, at the cost of scaling and management overhead. A combination of full mesh and RRs is also possible where one scenario would be to run a full mesh within a point of presence (PoP) and RRs within the pop, peering with central RRs.

BGP can be used for both internal (iBGP) and external (eBGP) peerings and convergence and timers differ depending if it’s internal or external peerings.

BGP is a path vector protocol which means that it behaves as a distance vector protocol where it can only advertise routes that are installed into the RIB. There is an exception to the rule when BGP selective route download (SRD) is used to not download routes to the RIB but still advertise the routes. BGP will by default only install one path into the RIB even if there are multiple equal candidates and it Continue reading

Network Simulation – Cisco VIRL Now Available in the Cloud

There has been a lot happening around VIRL the last few weeks. A new release of VIRL just got released and today the VIRL team announced that they are adding support for running VIRL in the cloud.

Cisco has chosen to work together with Packet, a bare metal cloud provider. This is how Packet describes themselves.

At Packet, we're out to build a better internet by supercharging the container revolution with smart, API-driven bare metal. Our platform brings the price and performance benefits of bare metal servers to the cloud, powering highly-available performance workloads through a unique, never-congested network.

The following picture summarizes why Cisco has chosen Packet.

Packet Bare Metal Cloud
Packet Bare Metal Cloud

Compared to Amazon AWS, Packet is a bare metal cloud provider which means that the resources you rent will be dedicated to you. Packet does not run any hypervisors, meaning that the workloads are not virtualized.

If you have an existing install of VIRL, you can use Terraform by Hashicorp to provision your new VIRL server at Packet. I had never heard of Terraform before, this is how Hashicorp describes Terraform.

Today we announce Terraform, a tool for safely and efficiently building, combining, and launching infrastructure. From  Continue reading

CCDE – DMVPN Crypto Design Considerations

This post will describe some of the crypto design considerations for DMVPN.

DMVPN Overview and Crypto Overhead

First let’s have a quick recap of what Dynamic Multipoint VPN (DMVPN) is. DMVPN is an overlay technology where multi point GRE tunnels are used to form an overlay where a routing protocol will run across the overlay. DMVPN is a hub and spoke technology where the DMVPN hub acts as a centralized control plane. DMVPN uses Next Hop Resolution Protocol (NHRP) to register the IP addresses of the spokes with the hub. When a router looks in its routing table, the next-hop will be the IP address of the tunnel, not the real outside IP which must be used for the GRE encapsulation. To find the outside IP of the spoke, NHRP is used to resolve the next-hop to the real outside IP.

DMVPN runs over public transport. This means that it’s possible to snoop the traffic while in transit. To prevent this from happening, DMVPN is often combined with IPSec to encrypt the packets. IPSec can run in two modes, transport mode and tunnel mode. In transport mode, the original IP header is not encrypted and there is no additional IP Continue reading

CCDE – Introduction to GET VPN and GET VPN Design Considerations

Introduction to GET VPN

GET VPN is a Cisco proprietary technology aimed for private WAN designs where there is a need to encrypt the traffic. This may be due to regulatory requirements or just a need to keep traffic private. GET VPN is common deployed over private WAN topologies such as MPLS VPN or VPLS.

GET VPN uses IPSec to encrypt the traffic but the main concept of GET VPN is to use group security association (SA) as opposed to the standard LAN to LAN tunnels where the SA is created in a point to point fashion.

Technologies such as DMVPN requires overlaying a secondary routing infrastructure through the tunnels while GET VPN can use the underlying routing infrastructure. Traditional point to point IPSec tunneling solutions suffer from multicast replication issues because the replication must be performed before tunnel encapsulation and encryption at the router closest to the source. The provider will see all traffic as unicasts due to the overlay which means that replication can not performed in the provider network.

In GET VPN, all group members (GMs) share a common SA which is also known as the group SA. A GM can then decrypt traffic that was encrypted Continue reading

Firewall – Some Insight into the Cisco ASA Failover Process

I’m currently working on a design and needed to verify some failover behavior of the Cisco ASA firewall.

The ASA can run in active/active or active/standby mode where most deployments I see run in active/standby mode. When in a failover pair the firewalls will share an IP address and MAC address, very similar to HSRP or VRRP but it also synchronizes the state of TCP sessions, IPSec SA’s, routes and so on. The secondary firewall gets its config from the primary firewall so everything is configured exactly the same on both firewalls.

To verify if the other firewalls is reachable and to synchronize state, a failover link is used between the firewalls. The firewalls use a keepalive to verify if the other firewall is still there. This works just like any routing protocol running over a link where you expect to see a hello from your neighbor and if you miss 3 hello’s, the other firewall is gone. This timer can be configured and in my tests I used a hello of 333 ms and a holdtime of 999 ms which means that convergence should happen within one second.

The first scenario I was testing was to manually trigger a Continue reading

CCDE – WAN Speeds and Basic Voice Calculation

I’m preparing for the CCDE practical and I was doing a practice scenario by Jeremy Filliben and I realized that I’m not comfortable with all of the WAN speeds so I might as well write a blog post on it. I was familiar with some of them like T1, E1, DS3, OC-192 etc but there are still some I could not remember. This post will describe some of the most commonly used WAN rates.

Some of the CCDE scenarios are based on that we are upgrading a network or migrating from an old network. In real life it’s likely that most service providers will already have moved to Ethernet but it makes a more interesting scenario to build a network mimicing the FRR capabilities of SDH for example.

Digital Signal 0 (DS0) is a rate that was introduced to carry a digitized single call at 64 kbits/s. A DS1 can transport 24 DS0 and runs at 1544 kbit/s. Note that 24 * 64 is 1536 but the extra 8 kbit/s is used for frame synchronization. A DS3 runs at 44736 kbit/s and can transport 28 DS1 or 672 DS0. A T3 also runs at the same rate as a DS3. Continue reading

CCIE – CCIE SPv4 Review by Nick Russo

Nick Russo is a good friend of mine which just took the CCIE SPv4 exam. As far as I know he’s one of the first to attempt it and this blog may be the first actual review of the lab experience. Here is Nick’s story from the CCIE SPv4 lab.

On 2 Feb 2016, I attempted the CCIE SPv4 lab exam for the first time. I have not seen nor heard of anyone else attempting it; the proctor at RTP mentioned that only “a few” people take it each month and everyone has done poorly. That was both a good and bad thing: good, because after leaving the test I felt confident that I had done respectably. If I failed, it wouldn’t have been by much. It was bad because it choked me up for a minute or so, reminding me that I am crossing into uncharted territory with this exam. Every time I read a question I always had a general idea of how to solve it, even the trick questions with which Cisco hopes to catch you.

As a general comment, there is a ton of IOS XR on this exam. Unlike SPv3, there aren’t a few XR Continue reading

CCIE – How to Prepare for the CCIE Lab

Summary: By preparing a plan and strategy for the CCIE lab, the chance of passing will be a lot higher.

Over the years I have written about the CCIE multiple times and also mentored people on how to prepare for the lab. This post will summarize my experience of how to prepare for the CCIE lab. This post assumes that the CCIE written has already been successfully passed.

The first thing to do if you haven’t done it already is to make sure you have the support from your family before starting to prepare for the lab. Explain to them the time that you will need to put in to prepare and also explain why you want to do it and what the benefits of doing it will be. Preparing for the lab can take 1000-2000h which is a big commitment. Don’t bypass this step as it may seriously affect your family situation if you do.

Once you have commited it is time to grade yourself. Go through the blueprint for the track you are preparing for at the Cisco Learning Network. Grade yourself on each topic from 1-5 on where you believe you are today. Make a realistic assessment, Continue reading

1 7 8 9 10 11 13