Inter AS Option B – Design Considerations and Comparison

Inter AS Option B is highly scalable, reasonably secure, but operationally complex inter autonomous MPLS VPN architecture.

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

Keeping the Cisco CCDE Exam Secure!

One of the most important thing about CCDE exam is security. We all think that it is secure, it is not cheatable. There is no CCDE dump. We all believe that. CCDE exam has been around for more than 10 years and there are still only less than 500 people in the world. It seems what we think about exam security is correct.

Is LISP (Locator Identity Separation Protocol) Dead?

Today, there are many networking technologies which haven’t been widely deployed. And among them are Internet Multicast and IPv6 although these two protocols have many benefits .

BGP PIC Edge – Prefix Independent Convergence

BGP PIC Edge provides sub second convergence time in the case of edge link or node failure. BGP PIC is a useful for MPLS VPN service and can be provided by the Service provider as a value added service thus might provide additional revenue.

BFD is not a Fast Convergence mechanism !

BFD is not a fast convergence mechanism. BFD stands for Bidirectional Forwarding Detection. It is an important tool for the IP layer but there is a confusion in the network community about it.

Stretched VLANs and Failing Firewall Clusters

After publishing the Disaster Recovery Faking, Take Two blog post (you might want to read that one before proceeding) I was severely reprimanded by several people with ties to virtualization vendors for blaming virtualization consultants when it was obvious the firewall clusters stretched across two data centers caused the total data center meltdown.

Let’s chase that elephant out of the room first. When you drive too fast on an icy road and crash into a tree who do you blame?

• The person who told you it’s perfectly OK to do so;
• The tire manufacturer who advertised how safe their tires were?
• The tires for failing to ignore the laws of physics;
• Yourself for listening to bad advice

For whatever reason some people love to blame the tires ;)

Kernel of Truth season 2 episode 13: Open networking is not whitebox

Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!

Click here for our previous episode.

Roopa Prabhu and Roopa’s hype man Pete Lumbis join Kernel of Truth host Brian O’Sullivan to discuss why open networking is not just whitebox, it’s so much more. Between the general advantages of this kind of architecture to the benefits of being backed by the Linux kernel and Linux community— open networking is a great option to have not just now but going forward. Learn how this open development community works together to the advantage of everyone, not just networking, and with companies of all sizes, including hyper-scale ones, improving things like the sanitation of code and so much more. As a special bonus you’ll also learn what to eat in the data center. Spoiler: the answer is nothing but Brian might have an opinion otherwise.

Guest Bios

Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to Continue reading

Heads Up! A Slight Change to the Internet Society Election Process

I’m writing to the Internet Society community today with a notice that there is a key change to the Procedures for Selecting Trustees starting this year.  This change reduces the duration of voting period from 28 to 14 days in the Internet Society Board of Trustees elections through which Chapters and Organization Members get to elect candidates to the Board.

If you read the 2019-2020 Elections Timetable carefully, you may notice that the Candidates Forum and the voting period are no longer done in parallel. As the below timeline shows, the 28-day period that used to be allocated for voting and the Candidates Forum is now split into two distinct sequential stages: the first 14 days is for the Candidates Forum and the second 14 days is for voting.

This decision was made for two reasons.

The first is to allow candidates to be heard fully before votes are cast. Upon examining the activity log of the last elections, we realized that some voters cast their ballots before the candidates had a chance to interact with the community. Voting before hearing what candidates have to say in the Candidates Forum is detrimental to the elections process as it encourages Continue reading

Juniper Targets VMware, Data Center Complexity With Contrail Insights

Deutsche Telekom, Telefónica, Vodafone Combat Germany’s Dead Zones

BrandPost: The Benefits of Refreshing Router-Centric WANs with SD-WAN

The advantages of SaaS applications and other cloud services has businesses rethinking their traditional router-centric WAN strategy. That’s because many of today’s business-critical applications carry the twin challenges of needing high performance, especially for latency-sensitive applications such as unified communications, combined with high volumes of data. These requirements can quickly swamp traditional WAN connections that backhaul data and transactions through the data center. Without the ability to connect directly to the internet, application speeds slow and performance suffers.The other challenge is that routers generally only view data at the packet level, with little to no intelligent recognition or prioritization of business applications. As a result, mission-critical SaaS applications must not only compete for bandwidth with other business data, but also with non-essential traffic such as YouTube videos or Spotify streams. Without the ability to recognize, prioritize, and steer connections to business-critical SaaS applications, it’s all just data going in and out of the branch routers. The result is lowered application functionality, user experience, and business results.To read this article in full, please click here

The Week in Internet News: Facebook Moves Forward with Encryption, Despite Concerns

Forging ahead: Facebook plans to move ahead with plans to expand encryption despite concerns from law enforcement agencies that it will be used by criminals, the New York Times reports. Facebook’s decision to expand encryption across its Messenger platform comes after complaints by top law enforcement officials in the United States, United Kingdom, and Australia that Facebook’s plan to encrypt messaging on all its platforms would make it more difficult to find child sex predators and pornographers.

Investigate the ISPs: Mozilla has asked Congress to investigate data collection by Internet service providers following reports that Comcast is lobbying against browser plans to implement the encryption scheme DNS-over-HTTPS, Vice reports. Mozilla’s rollout of DNS-over-HTTPS “has raised questions about how ISPs collect and use sensitive user data in their gatekeeper role over internet usage,” the browser maker wrote.

The next billion: The next billion Internet users will have significantly different goals and needs than the first billion, Quartz says. While many observers have talked about the Internet being a tool to deliver basic needs, many new users will be focused on using the Internet for leisure activities, the article predicts. And while many users in the West are focused on privacy, many Continue reading

AT&T Sounds Alarm on 5G Security

BGP Route Reflector in Plain English

BGP Route Reflector in Plain English, in this post, I will explain you the BGP Route Reflector basics, after you read this post, you will be able to answer many questions regarding BGP Route Reflectors.

I am explaining this topic in deep detail in my Onsite CCDE , Live/Webex CCDE , Self Paced CCDE and also my specialized “BGP Zero to Hero” course.

Outline of this post is as below.

• What is BGP Route Reflector ?
• Why BGP Route Reflector is used ?
• What is the alternate methods ?
• Different type of BGP Route Reflectors
• Benefits of BGP Route Reflector
• Problems with the BGP Route Reflector
• BGP Route Reflector Redundancy

To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here
What is BGP Route Reflector ?

A route reflector (RR) is a network routing component for BGP (RFC 4456). It offers an alternative to the logical full-mesh requirement of internal border gateway protocol (IBGP).

Above is the wikipedia definition of BGP Route Reflector. Let’s extend the definition a bit.

BGP Route Reflector Continue reading

Juniper Guns for Cisco, Aruba With Mist AI

What does PE-CE mean in MPLS?

What does PE-CE mean in the context of MPLS ? What is CE , P and PE device in MPLS and MPLS VPN ?

These are foundational terms and definition in MPLS.

MPLS is one of the most commonly used encapsulation mechanism in Service Provider networks and before studying more advanced mechanisms, this article is must read.

In order to understand PE-CE, we need to understand first what are PE and CE in MPLS.

I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course.

Let’s take a look at below figure.

Note: If you are looking for a much more detailed resource on this topic, please click here.

MPLS VPN PE-CE

Figure -1 MPLS network PE, P and CE routers

In Figure-1 MPLS network is shown. This can be an Enterprise or Service Provider network. MPLS is not only a service provider technology. It can provide segmentation/multi tenancy for the enterprise environment as well.

Three different types of router are shown. CE , PE and P routers.

CE devices are located in the customer site. PE and P devices are located in the Service Provider site.

If it is Enterprise network, WAN Continue reading

BGP Route Reflector Clusters

BGP route reflectors, used as an alternate method to full mesh IBGP, help in scaling.

BGP route reflector clustering is used to provide redundancy in a BGP RR design. BGP Route reflectors and RR clients create a cluster. (Cluster = BGP RR + BGP RR Clients)

I am explaining this topic in deep detail in my Onsite CCDE , Live/Webex CCDE , Self Paced CCDE and also my specialized “Live/Webex BGP Zero to Hero” course.

In IBGP topologies, every BGP speaker has to be in a logical full mesh. So, every BGP router has to have a direct IBGP neighborship with each other. However, route reflector is an exception.

If you place a BGP Route Reflector , IBGP router sets up BGP neighborship with only the route reflectors.

In this article, I will specifically mention the route reflector clusters and its design.

For those who want to understand BGP Route Reflectors, I highly recommend my ‘ BGP Route Reflector in Plain English ‘ post.

If you want to learn Route Reflector Loop Problem , check this post

Also, I explained BGP Route Reflectors, Route Reflector Design Options and many other Service Provider Design topic in my Service Provider Design Workshop.

Continue reading

How Difficult is SD-WAN?

In a recent Packet Pushers Heavy Networking episode, Ethan and Greg discussed how difficult SD-WAN is, and why you shouldn’t outsource your SD-WAN to a MSP. So, how difficult is really SD-WAN?

Now, this is of course going to depend on your organization’s level of skill, as well as what vendor you go with, but there are still some conclusions that we can come to.

Most of the SD-WAN solutions are operated by cloud-hosted SDN controllers, where the vendor has setup the virtual machines running the software for you. This greatly simplifies a lot of things that have been painful in the past. From a Cisco perspective, this is some of the pain that has been removed from you:

• Controllers – Controllers are installed for you and backed up by Cisco
• Software – Software is managed centrally, don’t need to login to each device to update it
• Traffic engineering – Can modify routing behavior without being an expert in say BGP
• Certificates – Only devices with a valid certificate can join the overlay, you don’t need your own Public Key Infrastructure (PKI)
• Pre Shared Keys (PSK) – Keys used for IPSec are rotated automatically without manual intervention

This means Continue reading

Junos – Loading Configs – 5 of 5 – Set

This is the fifth post in the Loading Configs series. In this post, we will cover the load set command. …

Continue reading →

The post Junos – Loading Configs – 5 of 5 – Set appeared first on Fryguy's Blog.