Storm control is a feature for monitoring traffic levels and dropping broadcast, multicast, and unknown unicast packets, which is commonly known as BUM Traffic, and when a specified traffic level, referred to as the storm control level or storm control bandwidth is exceeded, limiting the traffic to protect the Local Area Network environment. In this blog post, we will try to understand the basics of it.

Storm Control Broadcast Level

Although the Storm Control feature is mainly used for Broadcast, we should configure it to protect from unnecessarily used Multicast and Unknown Unicast packets. There can be bugs in the software or hardware or due to the mis-cabling or configuration, if any of the above traffic exceeds the limit that we specify, traffic should be blocked. We need to understand some terminologies if we want to understand Storm control and its usage on Network Switch.

In the above configuration, we will show not only for Broadcast but also for Multicast and Unknown Unicast threshold levels on the Cisco switches.

Cisco Storm Control

Let’s have a look at how Storm Control is used in Cisco switch and let’s learn some new terminologies.

interface GigabitEthernet0/0
 storm-control broadcast level bps 100k 90k
  Continue reading

In this blog post, I will explain some of the Multicast basics that most of us look for. MPLS Multicast and many other Multicast Design, Troubleshooting, and Multicast Deployment topics are explained in the different blog posts on the website. Also, this post will cover the many fundamental Multicast frequently asked questions briefly. For a more detailed explanation of the particular topic, you can check our other blog posts on the website.

Before we start, please note that if you are looking for IP and MPLS Multicast video course, you can click here.

What is Multicast used for?

There are many reasons in the real life for Multicast, but mostly we are seeing it in the financial networks, stock exchange, Large Campus Networks for IP Surveillance, and IPTV Multicast purposes.

When it comes to the deployment details, although we will cover them in separate blog posts, in IPTV, Source Specific Multicast, in Financial Networks, Bidirectional Multicast is used.

Also, using Multicasting provides resource optimization, which means,  less bandwidth, less source, and receiver CPU and Memory usage it can provide.

IP Multicast Routing

There are many Multicast Protocols for Multicast to work in the Networks but when it Continue reading

BGP Local Preference is a BGP attribute that is used for Outbound path manipulation in today’s Computer Networks. Path manipulation is known as BGP Traffic Engineering as well and the Local Preference attribute is the most common technique for it in real networks. In this blog post I will be explaining the use case, comparison with other outbound path manipulation techniques, and how the BGP Local Preference attribute works we will understand.

First of all, we should know that it is not a Cisco specific attribute, it is a standard attribute, which is used in other vendor equipment as well. Vendor interoperability works without issue.

Because a picture is worth a thousand words, let’s have a look at the below topology to understand how it works.

In the above topology, AS65000 has two paths to AS1.

Prefixes from AS1 are learned via two paths but AS65000 wants to use the left path as a Primary Path and the right path as a backup path.

The reason in real-life people wants to use their links as primary and backup this way is usually a cost. One of the links might be expensive and another can be cheaper, and they may want Continue reading

AWS CLF Exam

How to pass the Certified Cloud Practitioner from AWS, exam details and type, and what to expect

AWS CLF Exam Content & Topics

The exam agenda starts with the concept of cloud computing and differences of it with on-premise networks.

then it shows you all the AWS services that will be more than enough to migrate or establish a network on AWS’s cloud

which will have all the facilities and can be fully or partially managed by AWS for you.

and of course everything comes for a price, AWS will declare the prices of their services, what is for FREE and what is not

and will provide many easy tools for costs calculation and best practices with AWS.

Amazon’s Touch in the CLF Exam

Amazon provides a free tier 12-month access to whomever creates an account for the 1st time with them

the account has a free access to many AWS services that will allow for both studying and actual testing/benefiting from their services.

AWS CLF Exam Nature & Type

The current version of this exam CLF-C01 has a 65 written question in the exam.

all the questions are single/multi-answer MCQs and no other type of questions Continue reading

What is AWS CLF

Amazon Web Services (AWS) CLF or CCP, how you want to name it (CLF is the official exam and badge name).

as it stands for Certified Cloud Practitioner, with the current version of CLF-C01.

AWS CLF is the very first step for any engineer, regardless of their experience in the IT domain,

to start understanding and put a step in the world of cloud computing.

CLF with AWS Services

The exam/certificate focuses on many different aspects, some are shared with other exams from AWS, some are CLF-Focused.

This includes the concept of cloud computing, comparison of many aspects of networking between On-premise networks and cloud networks.

Introduction to AWS and how much does AWS covers/offers of on-premise services on their cloud, ready to be directly initiated and used.

AWS most critical aspect when you decide to network on their infrastructure, and that is “Billing”, this is a very important and critical concept to really understand and know how to deal with when you start working with AWS networks.

Is AWS-CLF important?

Many tends to skip this exam, and keeps spreading the idea that “SAA is the Associate exam of AWS Services, and it should be the Continue reading

Cisco CCNP ENARSI Exam

It is the very version released for this exam, kind of replacing the Routing+TShoot exam of the old CCNP RS,
and it has the code of 300-410

CCNP ENARSI Exam Content & Topics

the exam generally has 4 modules to study and focus on, teaching you configuring and troubleshooting many protocols,

on the aspect of “routing, virtualization & security, IP services, and assurance”

Skills learned with ENARSI

Deep Dive Troubleshooting Mainly for:

• EIGRP
• OSPF
• BGP
• mGRE and IPSec (DMVPN)

Focus on for the CCNP ENARSI Exam

The carrier of this badge is expected to have a skills level for routing, security, and virtualization that is definitely higher than the level covered by the CCNP ENCOR exam, and near reaching the level of the CCIE Enterprise Infrastructure, so be careful by really LABBING every topic in the exam with all the possibilities and scenarios.

CCNP ENARSI Exam Nature & Type

The first and the current version of the exam has the code of 300-410.

even though that agenda barely have the word “describe” within its modules, and that most of the topics are to be configured

and troubleshooted, but just like ALL the new NON-LAB Continue reading

What is CCNP ENARSI

What is ENARSI, one of the “Specialist” level exam and certificate belonging to the CCNP Enterprise domain, that was announced on June 9th – 2019.

it is the first version of the ENARSI exam that not only participates in the CCNP Enterprise certificate, but also once passed, it will grant the candidate a certificate called:

• Cisco Certified Specialist – Enterprise Advanced Infrastructure Implementation

ENARSI and CCNP Enterprise

ENARSI was not the only exam announced from Cisco regarding CCNP Enterprise Specialty, an entire new domain of knowledge and hierarchy was there as well.

ENARSI might be your first and best choice if one of 2 cases:

• if you wish to go deep dive with routing protocols and services on enterprise level networks bases
• if you already know the old CCNP RS and you wish to refresh topics related to it

The other exams are “ENSDWI, ENSLD, ENWLSI, ENWLSD, and ENAUTO”

So as mentioned in previous blogs, the ENCOR + one of the exams mentioned above (could be the ENARSI)

will result in a CCNP Enterprise Certified

Is ENARSI Important?

It is actually very important not just to accomplish the nice, highly wanted, Continue reading

DEVASC Exam for DEVNET Associate

DEVASC Study Resources and Plan are available and detailed in the course of DEVASC 200-901 on out website.

DEVASC Course and study plan

The exam is not simple or foundational level, it is as always with Cisco, starts with you from scratch.

up to a solid level where you are capable of discussing and implementing a solution.

so studying and preparing should be careful and detailed as well.

Even though the exam is considered a Written one, but preparation are almost 30% written only

and by that i mean theoretical parts where you only get some concepts and leave, no implementations.

SO 70% of the preparation should be practical, coding and validating a lot, constructing and encoding requests

to communicate and work with Cisco platforms remotely.

DEVASC and how to Study

studying should be by constructing and validating every code for every request and platform of Cisco mentioned in the exam agenda.

Constructing and sending API’s and requests will be by using:

• Postman with XML, JSON, and YAML
• CURL request using Git Bash CLI
• Python Scripts from Python IDLE

Validating the results will always be through the same construction and pushing platform mentioned above.

Continue reading

Cisco DEVASC Exam

How to Pass DEVASC? the new exam from Cisco, first version released in 2019, having an exam code of 200-901

DEVASC Exam Content & Topics

the exam generally has 6 modules to study and focus on, teaching you data encoding languages for the first time,

introducing the Cisco Sandbox for practices, and start automation Cisco’s platforms over the Sandbox.

Skills learned with DEVASC

many encoding, programming, and automation skills, including:

• XML, JSON, YAML
• API’s
• SDK’s
• NETCONF & RESTCONF
• IaC and CI/CD
• Python
• Git bash & Github
• Cisco Sandbox

Cisco’s Touch in DEVASC Exam

the presence here for Cisco is not to just TEACH you DEVNET/DEVOPS

but to allow you to implement and practice most of the tools/techniques on their platform

using the FREE new sandbox service.

DEVASC Exam Nature & Type

the first and the current version of the exam has the code of 200-901

it is kind of a written exam, why kind of?, because the exam questions can be:

• MCQ’s (single/multi answer multi choice questions)
• DnD’s (Drag and Drops)
• Fill in the Blanks
  • that is the tricky one, as you will have to fill in the blank the missing parts of a Code
  • it Continue reading

What is DEVASC

What is DEVASC, a new question actually, DEVNET Associate from Cisco Systems is their first DEVOPS derived DEVNET certificate that was announced on June 9th – 2019.

it is the first version of the DEVASC exam that grants the Cisco Certified DEVNET Associate certificate,
and has the exam number of 200-901

DEVASC and DEVNET

DEVASC was not the only exam announced from Cisco regarding DEVNET, an entire new domain of knowledge and hierarchy was there as well.

DEVASC would be your first step in that hierarchy, then you will see DEVNET Professional which contains so many exams inside it.

one of them is mandatory, and a selective one of the others is required to become a CCDevP, that will be for another blog.

and the highest peak is the recently officially announced CCDevE, an 8-Hours LAB exam to validate how expert you are with Cisco DEVNET.

Is DEVASC Important?

not just because it is a fresh branch, or not something that is generally provided by other vendors, but because the agenda of the DEVASC are very useful.

they do as always with Cisco, start from scratch telling you what is DEVOPS, DEVNET, DEVASC, Continue reading

Bgp bestpath as-path multipath-relax, why this BGP feature is used?. Let’s understand the case with the topology and I will tell you the real-life use case of the Bgp bestpath as-path multipath-relax feature.

In EBGP Multipath, we have two rules to satisfy the Multipathing requirements.

The number of AS has to be the same across the two paths and the AS number needs to be the same as well.

In the above topology, for the destination prefix, 192.168.0.0/24, we have two paths.

Both of the paths are 2 AS Path Lenght, AS 100, and AS200.

And both of the paths consist of the same ASes, AS 100 and AS 200.

Thus, on the above topology, if we enable EBGP Multipath feature it just works.

We will change the AS number in one of the paths in the below topology and EBGP Multipath will not work.

Let’s remember the rules again. 1: Number of AS Paths 2. AS number in the AS Paths has to be the same.

In the above figure, the number of AS in both of the paths is 2.

But AS numbers are different.

One of the paths: Continue reading

EIGRP Stub – It is actually one of the EIGRP Scalability features but also it helps many other things in EIGRP. Also, in this post, we will share a topology that will be used to explain some design caveats with EIGRP design.

Before we explain the EIGRP Stub, let me explain some EIGRP convergence behaviors.

If you are looking for much more detail on EIGRP Design and Practical Labs, have a look at our EIGRP Training.

When the EIGRP node loses the Connection to the prefixes. If there is no feasible successor installed in the EIGRP topology database.

The router is marked as active and the EIGRP query is sent to every neighbor.

In the above topology, Router D doesn’t know the 192.168.0.0/24 network. Router C sends a summary 192.168.0.0/16. That’s why it replies without asking Router E.

Router B has an alternate path, thus, Router B replies immediately.

Router J doesn’t have any EIGRP neighbors. It replies to the Query immediately.

Router G doesn’t know the 192.168.0.0/24 network. Router F filters the 192.168.0.0/24.

That’s why Router G replies without asking Router H.

So, as you can see, Continue reading

ABR vs ASBR in OSPF. If you are new to Network Engineering and you are learning Dynamic Routing Protocol from scratch, you want to understand the differences between ABR vs ASBR and if there are similarities you would like to learn those too. In this post, we will learn both similarities and differences.

Let’s first understand both of these terms. ABR is purely an OSPF terminology, but ASBR is not. In fact, the detailed post about ASBR and the usage of ASBR in Different Places of Networking is explained in our What is ASBR Blog post.

ABR – Area Border Router is a device which is connecting two different OSPF Areas. One of those OSPF areas has to be Area 0, which is also known as Backbone Area.

In the above topology, R3 is an ABR, connecting Area 0 and Area 1, R4 is an ABR as well, connecting Area 0 and Area 2.

R1 is referred to as Internal Backbone Roter as it doesn’t have any other connection than Area 0, Backbone Area.

In this topology, there is also an ASBR – Autonomous System Boundary Router. It is called ASBR because on that router external prefixes are injected Continue reading

What is MPLS used for?. A very common question among IT Engineers. What are the common use cases of MPLS – Multi-Protocol Label Switching? 

When it is first invented, 20+ years ago, it was considered one of the most scalable ways of doing VPNs. Faster packet processing could be achieved compared to IP destination-based routing because the IP address was 32 bits long but the Labels are just 20 bits long.

But, quickly after the first invention purpose, MPLS VPNs became the most dominant reason for Networks to deploy MPLS – Multiprotocol Label Switching technology.

It supported Ethernet over MPLS – EoMPLS, which is known as Point to Point Layer 2 MPLS VPN, and then soon after VPLS, which is Virtual Private Lan Service, vendors started to support.

VPLS is any to any, or also known as many to many technologies. It means you can connect. your multiple sites in Layer 2 and extend IP subnet by using VPLS technology. It works based on a full mesh of Pseudowires.

After Pseuodowire based Layer 2 VPNs, MPLS actual boom happened with MPLS Layer 3 VPNs.

With MPLS Layer 3 VPN, which is also known as Peer-to-Peer VPN, MPLS CE, Continue reading

Before Starting Cyber Security

Cyber Security, sometimes you might find it as Cyber Operations, CyberOps, is the branch of Network Security that focuses on attacks, from the internet or from the inside of the network, gaps, bugs, look for them before they get used, fix them, and look again.

so the engineers continue to keep looking and fixing, as the internet is always evolving and generating more threats.

How to Study Cyber Security

generally, the domain of security (Information Security, Cyber Security) has nowadays hundreds of certifications and exams from many different vendors.

some are involved in the industry of making security devices/components, others are there just to teach us and make us the best engineers in the domain.

and mostly, cyber stuff comes from companies that focuses on creating the content/references more.

rather than information security exams and books that comes from vendors that produces platforms (Firewalls, IPS, IDS, NGFW, NGIPS, ESA, WSA, and many others).

so as a beginner, up to higher than an expert, many exams should be studied.

of course alongside with some other general/networking exams that you might already hold before studying the cyber security, and these exams will be mentioned below.

Top 10 Cyber Continue reading

CCNP ENCOR vs ENARSI

is it even related?, or should I ask “comparable?”

yes it is both actually, and in this blog we will review both of the exams, talk about the agenda, which one should be taken before the other, and result of both of them.

Relation between CCNP ENCOR vs ENARSI

both the exam belongs to the certificate of Cisco CCNP Enterprise,  and taking each individually will grant you A Certificate!

• Cisco Certified Specialist – Enterprise Core
• Cisco Certified Specialist – Enterprise Advanced Routing and Service

so it is a win-win scenario, but still the question is which one should i take first, and that will be followed below

Difference between CCNP ENCOR vs ENARSI Agenda

ENCOR first, generally a Technology Core exam, focusing on 7 domains of knowledge:

• Architecture
• Virtualization (Device, Path, and Network Virtualization)
• Infrastructure (Switching, Routing, and IP Service)
• Assurance
• Security
• WLAN
• Automation

and NO DEEP DIVE in any of these!!!

while for ENARSI:

• Virtualization (Path Virtualization)
• Infrastructure (Routing and IP Services)
• Security

and that’s it!,

• no Architecture
• in Virtualization no Device nor Network Virtualization, and for the path Virtualization it is different than ENCOR.
• as in the ENCOR you Continue reading

What is ASBR? Autonomous System Boundary Router. This seems easy, it is just used in OSPF, isn’t it?. In fact, that is wrong. You will learn in this post something, that is hopefully you will learn the first time. Let’s have a look at it.

ASBR is a node, that is connecting two or more networks. It can be a router or switch and it can be positioned at the Internet Edge. The router at the Internet Edge is referred to as IGW (Internet Gateway) Router and it can be an IGW Router.

It can be located between two different networks to provide MPLS service for example. Between two networks, service is referred to as Inter-AS MPLS VPNs and in RFC 2547, Section 10, 3 different Inter-AS MPLS VPN Options are explained. In all of them, the routers that are connecting two different Autonomous System is referred to as ASBR as well.

On those routers, usually, BGP runs in Inter-AS MPLS VPN service. OSPF is not mandatory.

Thus, saying it is used in OSPF would be a false claim. It can be used for many different services in the networks and ASBR can run any routing protocol, not just Continue reading

What Layer is MPLS?. This basic question needs to be clarified for the Network Engineers.

MPLS – Multi-Protocol Label Switching first was invented for fast packet processing. As MPLS Label is 20 bits, and IP address is 32 bits, processing MPLS Label was considered faster back in old times.

Today, as of 2022 MPLS is used for many different purposes, one of the most common reasons to have MPLS in the Networks is VPN.

MPLS VPNs, MPLS Layer 2 VPN, and MPLS Layer 3 VPN are two of the most common VPN mechanisms in large Enterprise and Service Provider Networks.

The label is used for two reasons in MPLS VPNs.

A tunnel label or transport label is used for the reachability between the edge devices, PE devices in MPLS networks.

And another label, which is the VPN label is used to differentiate the customers in MPLS VPN.

Both of these labels are placed between MAC Header and IP Header in IP Packets.

Thus, as you can see from the below picture as well, MPLS is commonly referred to as Layer 2.5.

Figure – MPLS is Layer 2.5

As you can see, from the above Continue reading

CCNP ENCOR

The Enterprise Core Exam, that also leads to the certificate of:

“Cisco Certified Specialist – Enterprise Core”

is one of many new exams and certs that were announced by Cisco back in summer 2019.

What is The ENCOR?

this exam is actually jumping in the middle of the CCNP Certificate and labeling it as CCNP Enterprise

throwing the old label of CCNP Routing & Switching with all its old 3 exams (Routing, Switching, and Troubleshooting).

ALSO, interestingly it is replacing the old CCIE Routing & Switching Written Exam, with a new method of becoming CCIE

and that is the CCIE Enterprise Infrastructure, that only requires this ENCOR as a prerequisite.

so it is nice to pass the ENCOR exam and be involved on both CCNP Enterprise and CCIE Enterprise Infrastructure.

How Professional is the ENCOR?

The first impression that you might take when you hear about an exam that replaces the old famous CCNP Routing & Switching, also replacing that difficult, expert-rate, 100+ written exam of the CCIE Routing & Switching.

then you get either frightened of that exam’s level, or brace you yourself for something so advanced and challenging coming, well, the Continue reading