Orhan Ergun 5 Comments

Some people who passed the exam on FEB 2017 lost their CCDE !

As you know May 11 2017 exam has been cancelled. I shared the details in this post. Cisco took very hard decision but saved the CCDE certification. I have been suggesting that new scenarios should be added for a long time. Read this post and see why I have been suggesting it.


As you know, one company started to sell the CCDE scenarios on December, right after one guy from that company passed the exam on November 2016. They confirmed that their dumps worked !

You may not know but two days back Cisco revoked the CCDE certificates of some people who passed the exam on February 2017.

Probably this decision made that company very angry and they started to play their last game.

If you don’t read the above post, below points may not be clear. Please go through those posts first if you haven’t read yet.


Why I say this is last game ? 

Because they have been constantly fighting against me.

Let me show you the story

  1. They started asking hints from me about the CCDE exam. ( Conversations shared with Cisco)
  2. They started to sell by workbook as real dumps. (They didn’t publish on their website but click here to see another company which did the same)
  3. They started to sell real exam scenarios and were saying people that I confirmed the answers (They were doing this before they passed and mostly true because I answer more than 400 questions everyday in average and unless people specifically tell me that they are asking real exam question, I answer all technical questions)
  4. They sent an email to people and tried to show that I started to sell the scenarios as I was angry to those guys 🙂 Click here to see the post which I wrote about that too.  (You will see that my phone and all the other information is true, they have an access to everything ! But email was going to them and they could negotiate with the people)
  5. They don’t stop, you will see throughout the post their other games too.


So in order to raise their income they did everything. But they don’t consider the below points.


If I would sell the scenarios why would I 


  1. Publish one 200 pages and another 600 pages workbooks and continuously working with the industry experts to update the versions.
  2. Why I bothered to create 1000 pages training document which I share with all my Instructor Led Bootcamp attendees
  3. Why I bothered to create many CCDE Practical exam scenarios ? I’m supposed to have the real ones, why I am creating and teaching the different ones.
  4. Why I prepared more than 100 hours Self-Paced CCDE Practical Training videos !
  5. Why I bothered to publish 250 technical articles , isn’t it easy money to teach real exam scenarios ?
  6. Why I spent my time to create 450 questions to prepare people for CCDE Written exams ?
  7. Why I bother to do technical editing for the Cisco Press books, spending that time with the real scenarios I can make much much more money, trust me.
  8. Why I wrote on many famous websites (Packetpushers, Networkcomputing) many articles or recording podcasts, when you start selling 100s of people join you, you get famous any way right ?
  9. Spend time with at least 100 students to understand their real life network design and made hours and hours free design discussions , during that time I could teach them those real scenarios and of course charge money.
  10. Why I record all my sessions and provide them to the attendees. If I teach real labs, why I publish them ?
  11. If I teach the scenarios, why me and my chat agents never accept when people ask whether we provide pass guarantee ?
  12. Why even yourself were advertising ‘ If you want to learn go to Orhan , If you want to pass join us’. (This was true by the way, I cannot provide pass guarantee)
  13. Why I didn’t announce each and every time 27 people or 100 people  ? I remember I was proud when only two people passed the exam and one attended my class and other provided about my documents an excellent feedback (Thanks Daniel Dib ! )
  14. Why I couldn’t open even in a single bootcamp in Qatar but the same company could open two dumpcamps in couple months.


Their last game is not different from the above ones. I teach almost each and every topics which people would encounter in the CCDE exam and even more.

They share this time videos which I talk about technical topics. People asked me, isn’t it you ? Of course it is. Finding my voice or face while talking about any topic is not hard. And placing the scenarios underneath is not a rocket science.

I allow free retake and students attend many times (I know some guys attended 7times), some people have almost 1000 of hours of my videos.

Writing an exam simulation application, finding the 8 of those real scenarios are much much harder, no one accomplished it since 8 years. Congrats !


They claim that is the reason Cisco cancelled the May exam. 

They think people are stupid.

  • Who would want Cisco to cancel this exam ?
  • If someone is teaching the real scenarios, do you think that He wants Cisco changed the scenarios, why I published all those posts and asked new scenarios  ?
  • Why Cisco only revoked the CCDE certs of the people who were advertised by them on February 2017. Why they didn’t touch my students !
  • Would that same guys, in 2016, would write a post (2000 people read that post !) and ask Cisco to change or add new scenarios ?
  • Would I talk to Cisco on Jun 2016 about the scenarios (Not everyone is aware but Cisco knows of course)
  • Which company started to cry when the exam changed and who supported the decision !
  • Why all the industry believe that the reason is that company and suddenly a video appeared or not even a single comment on the Internet about me cheating (People may not like the quality of the recordings or my English, thats different story but why no one since 4 years claimed that Orhan Ergun is cheating, why now ?)   ?


I didn’t start my training on Feb 2017, or 2016 , I have been doing it since 2014. And many famous industry experts used my resources, participated to create , appreciate my knowledge. Your tricks will not destroy me. We WON , You LOST. You will loose CCIE battle as well.


People who don’t know me or don’t read this post will probably will believe you, your tricks are very real. Congrats, but spend time to learn network design so at least you can do consultancy when you cannot sell dumps anymore. Also, always remember the day which you begged me for the exam tricks! If I see any opposite comment anywhere, I publish it too !

If anyone in the industry tell that you asked money from me to share the scenarios, please talk. Please !


By the way, some of those people who lost their certificate just lost because of that company. I know personally some of those people, they could have passed the exam without this company, and some people contacted me and said they never attended their bootcamp but still advertised when they passed ?

Everyone who know me will vouch for me, will support me. I suggest to that company ‘ Focus on August exam and advertise more people than me and more importantly, get the feedbacks of the real people about your technical training ! ‘


I expect next time they share my naked video and it will not be surprise 🙂

Now, whatever you want to do, people know all the truth and I request from everyone who read this post, share your comments about my trainings, resources and my participation to CCDE community and hopefully we don’t see these companies anymore.



Orhan Ergun 11 Comments

May CCDE Practical exam is cancelled worldwide,all the details !

May 11 2017, CCDE Practical exam has been cancelled worldwide on May 4, 2017.


People reacted differently for this cancellation.


I have 200+ CCDE candidates in my study groups, thus I think I am the person who can provide you the most accurate information about the reaction of the candidates.


Most, if not all my students were happy from the cancellation. We are definitely support Cisco for that , but , BIG BUT, cancellation was too late. 1 week earlier than exam day !


Most of them booked their flights and the hotels.


We don’t know whether Cisco will refund all their expenses. Just refunding exam fee clearly is not enough.

This would be big problem among the exam attendees. How they will know whether the exam will not be cancelled again ?


Why CCDE Practical exam has been cancelled ? 


I wrote a post about the company who was selling the CCDE Practical exam scenarios. So if you pay them, they give you a guarantee and you pass the exam.

First time in the CCDE Practical exam history, one company achieved this. Congrats to most successful ‘ exam dumper ‘ company.

This lead Cisco to cancel CCDE Practical exam first time in the exam history !


What can happen after now ?

Does Cisco cancel CCDE Practical exam again ? 


You should first understand that, Cisco will bring new scenarios and this company will try to find all the new questions, with the backgrounds and they have to collect each and every answer and they need to make sure someone with their dumps pass the exam.


4 new scenarios at least a year or more for them to crack.


If they start selling again, Cisco can cancel the exam. I will definitely inform industry when they try to sell again, so you will get the signal whether there is a new cancellation possibility.

By the way, since they guarantee passing the exam, do they refund the money ? 🙂


What will happen to people who passed the exam on February 2017 ?


This question has been asking from day one by all the industry. I announced 5 students who passed the exam on February 2017. As a most well known , successful and helpful CCDE training, I advertise 5 people, but a company which is famous by selling CCIE dumps, advertise 5 times more CCDE in the same exam.


Cisco shouldn’t revoke certificate of these people.


But definitely I support ‘ Interview ‘ idea. Cisco should do an interview with all the CCDEs who passed the practical exam on February.


In this way, no one would think to contact with these dumpers. Since they will not be able to find students, they won’t spend time to beg people for the new questions and answers.


I trust my students , their knowledge , so I support interview idea. Please Cisco do it.


I was in Dubai Onsite bootcamp when Cisco cancelled the exam, we celebrated this news with the students. 3 of them would attend the exam by the way. They were happy because no one can tell them ‘ paper CCDE ‘ .Although they were ready for the exam, they were thinking that for the overall good, decision was correct.


I have seen that dumper company crying and blaming Cisco. Don’t do it !

This exam has been cancelled because of you ! You are shame for your country !

What can I do for you ? 

I don’t want to do marketing in this post but without solution this post wouldn’t be complete. If you research you will see that people will refer two CCDE providers. Talk to them first. Who provides what ? What are their approaches and so on. You can achieve this exam only by studying. After cancellation news, my bootcamp registrations boosted. People realise that it seems. I announced 33% discount on all CCDE products. Check all the details from here


Last but not least, Thank you Cisco, it was hard decision , you did it. You protect the reputation of CCDE certification, next time please cancel it earlier if you need and have proper communication channel with the candidates after you cancel it.







Orhan Ergun No Comments

May 2017 Dubai CCDE Bootcamp Attendees Feedbacks !

Dubai 5 days Instructor Led Bootcamp just finished. Attendees were from Spain, Bahrain , Saudi Arabia, India and Abu Dhabi.


I discussed several real network designs with attendees such as one of the bank networks, one financial institute, couple service provider networks (Belong to these students or they involve designs of these networks)





I went through all the CCDE blueprint topics to cover the technology part and several CCDE Practical scenarios.


One of the students recorded a video while I am talking on Multicast 🙂





Before you read attendees feedback from below,  please know that I scheduled two more Onsite CCDE Training, one in Istanbul/Turkey and another in Dubai/UAE for 2017. Also if you register until 15th of July 2017, 33% early bird discount you will get for these trainings.


Check training schedule and locations from here to get more information and registration right now !  (As soon as you register, you will have  the self-study resources which you need to go through until the bootcamp)


For more information about training and registration please send an email to : sales@orhanergun.net


Below are the feedback of the attendees.




Ahmed Al-Mutawa

Sr. Network Administrator at Bahrain Credit – CCIE# 55654


Coming from an Enterprise networking background, I discovered a lot of information that I need to focus on thanks to Orhan’s CCDE Bootcamp.


The level of knowledge and information that Orhan has and provides to the students is amazing, while covering a lot in terms of network design examples that are valid in the real world.


I would like to thank Orhan very much for his time and efforts and would definitely attend his course again and again ever after passing the CCDE exam.


I highly recommend it to everyone.




Rahul Siddhanak

Network Engineer – Abu Dhabi Islamic Bank 


Would like to say something about the Orhan Ergun’s CCDE Bootcamp :

1.   Excellent training

  • Step by Step Covered

2.  Helpful for understanding customer network requirement for adding new technologies, scaling the networks, network mergers and migrations.

3. During training I found my weak point in MPLS Traffic Engineering.

Also Online videos are helpful for self-study. Note: Video quality must be better, HD videos.




Hari Manayathu

Solutions Architect at Cisco Systems 


Thanks Orhan for the interactive sessions provided. Your bootcamp really helped to understand the preference of one technology over another on different design scenarios.

I would recommend the Orhan’s training for who are preparing for CCDEs and design engineers.

For the future, please consider to add more details about Segment Routing and SDN.





Konrad Rzadzinski 

Network Consultant – The Great Cornholio


We didn’t cover everything (5 days Dubai Bootcamp) but I learned quite a lot. And the book is truly spectacular and really useful.

Would recommend not only to CCDE candidates, but also to anyone trying to broaden their horizons.

We didn’t talk more about some technologies (like segment routing, unified/seamless MPLS) – but I understand, simply not enough time.

We could’ve done more case studies (and learn technology while doing those scenarios) – but We had a mix-experience group so first some ‘ overall ‘ theory was required.

All in all, money well spent 🙂



Abdulraouf Hamed Hosah

It was a great opportunity to join the Orhan Ergun’s Dubai CCDE Bootcamp. Mr Orhan did huge effort for the class to provide knowledge and more experience. It was a good experience.

Thank you Mr. Orhan





Alaa Issa

Sr.Solutions Architect Engineer – 3xCCIE ( Collab|DC|Security )#27146


I attended Orhan Ergun’s Dubai Bootcamp. Training was very good. Environment, tools , class interaction and the materials were very good.

Totally recommend it to intermediate to expert level engineers but I don’t encourage beginners to attend it.


Thanks a lot Orhan.



Orhan Ergun No Comments

April Online CCDE Class is going to start today

I am excited as today, 2017 CCDE April Online (Webex) class is going to start. Actually , there is only half an hour and we will start.

Every day will be 4 hours and minimum 11 days it will take. We will go through the theory , best practices and the case studies for many technologies for the first 5 6 days.

After that 5 days, there will be inly scenario. CCDE Practical Scenarios I mean,

Different business environments I created in the scenarios. Sometimes Enterprise network, sometimes we build Internet Service Provider network with many technologies , sometimes Mobile Operator looking of upgrade their UMTS environment and migrate to 4G, sometimes Internet Exchange Point in Africa region.

Sometimes we will talk about datacenter design, sometimes we will discuss the advances in BGP and MPLS.

But always design..

Some of them will attend my class to learn more.

Some of them already got their CCDE but wanna learn or refresh.

Some of them will never attend CCDE exam.

And this time (2017 CCDE Exam) , it will be a battle between Real and paper CCDEs.

Hope to see you in the future in one of my classes too. Take care.

Ahmed Eldeeb No Comments

Mac Flooding Attack , Port Security and Deployment Considerations

This article is the 4th in Layer 2 security series. We will be discussing a very common layer 2 attack

which is MAC flooding and its TMtigation “Port Security MAC limiting”

If you didn’t read the previous 3 articles; DHCP snooping, Dynamic ARP Inspection, and IP Source

Guard; I recommend that you take a quick look at them just to get an overview on layer 2 security. Read more

Orhan Ergun 8 Comments


MPLS (Multi Protocol Label Switching) quiz !

Learn while assessing your knowledge.

This quiz is part of the MPLS Review Questions of my new version of CCDE Workbook. There are more than two hundred questions in it and you can have it from the website directly (PDF version) or from Amazon (Hardcopy)Read more

Orhan Ergun No Comments

What is happy eyeballs ?

What is happy eyeballs ?


This term is very important to understand if you are deploying dual stack IPv6 network.


Before defining happy eyeballs, do you know what is an eyeball network ? Where is it used ? Where does ‘ happy eyeballs ‘ term come from ?  Read more

Orhan Ergun 20 Comments

Broadband Network Architecture – Access Network Models

There are many broadband services Service Providers offer to their customers today. As a network engineer you need to know the most common services and their advantages, disadvantages, design characteristics and so on.


In this post, I will introduce these services and if I can see interest from the readers, I will explain the design aspects and deployment models of each one of them.


So if you are reading this post right now and interested to know more, put your comments in the comment box below.


Note : I am going to explain broadband services in this post, not baseband, we are in 2017 right !


Access network infrastructure link the backbone network to the customers.


There are two groups of broadband access technologies. Fixed broadband technologies and Mobile Broadband technologies.


You can find many Mobile Broadband articles on the website.


access network infrastructure

Figure 1: Access Network Technologies and the associated infrastructures 

Read more

Orhan Ergun 4 Comments

CCDE Real Labs/Scenarios

I think it is time to write otherwise people will loose their money for nothing. Today I got a whatsapp message from someone who says ‘ I can’t join your Onsite CCDE training, is there a way to buy REAL scenarios Online ‘.  Read more

Ahmed Eldeeb 2 Comments

ARP, ARP Inspection, ARP Types and Deployment Considerations

Layer 2 security –  ARP and ARP Inspection




This article is the second of our layer 2 attacks identification and mitigation techniques series, which will be a part of a bigger series discussing Security Infrastructure. Dynamic ARP Inspection relies on DHCP snooping technology explained in the previous article. It’s strongly recommended to be familiar with DHCP snooping, if you are not, just take a quick look at it.

Read more

Orhan Ergun No Comments

33% discount until 1st of April 2017 on all CCDE Products !



33%  Discount – Limited seats !

On all CCDE Products
It is only valid until 1st of April 2017

33% OFF On Below Products ! 

CCDE In-Depth 
New CCDE Workbook buy now »

Online CCDE Training  buy now »
Self Paced CCDE Training
Lifetime Access
 buy now »


Discount is valid for both Online Instructor Led CCDE Training and In-Class Instructor Led Training.

I receive so many questions regarding Dubai Onsite bootcamp, this discount is valid for it as well.

Note : There is only 3 seats left for the Onsite bootcamp. You may not be able to register please contact immediately with sales@orhanergun.net


Ahmed Eldeeb 2 Comments

Layer 2 security – DHCP Details, DHCP Snooping

Layer 2 security – DHCP Details, DHCP Snooping 



This article is the first of a series explaining layer 2 attacks identification and mitigation techniques, which will be a part of a bigger series discussing Security Infrastructure.


We will be discussing the most common attacks and how to mitigate them; but more important, we will discuss deployment and design considerations.


During this series of articles, I will follow two different approaches;

1) Explain attacks related to OSI model layers (Like this layer2 security series)

2) Securing a specific traffic flow (Like securing user Internet traffic)

There will also be video lectures, webinars, and open discussions at the end of each major part. If you are interested in security infrastructure architecture, stay tuned.



Read more

Orhan Ergun No Comments

Fast Convergence and the Fast Reroute – Definitions/Design Considerations in IP and MPLS

Fast Convergence and the Fast Reroute Network reliability is an important design aspect for deployability of time and loss sensitive applications. When a link, node or SRLG failure occurs in a routed network, there is inevitably a period of disruption to the delivery of traffic until the network reconverges on the new topology.


Fast reaction is essential for the failed element for some applications. There are two approaches for the fast reaction in case of failure:

Fast convergence and fast reroute. Although people use these terms interchangeably, they are not the same thing.

In this post I will explain the definitions and high level design considerations for fast convergence and the fast reroute.

Fast Reroute mechanisms in IP and MPLS , design considerations and pros and cons of each one of them will be explained in a separate post.


When a local failure occur four steps are necessary for the convergence. These steps are completed before traffic continues on the backup/alternate link.

1. Failure detection (Protocol Hello Timers , Carrier Delay and Debounce Timers, BFD and so on)
2. Failure propagation (LSA and LSP Throttling timers)
3. New information process (Backup/Alternate path calculation) (SPF Wait and Run times)
4. Update new route into RIB/FIB (After this step, traffic can continue to flow through backup link)


For fast convergence, these steps are tuned. Tuning the timers mean generally lowering them as most vendors use higher timers to be on the safe side. Because as you will see later in this post, lowering these timers can create stability issue in the network.


When you tune the timers  for failure detection, propagation and the new path calculation, it is called fast convergence. Because traffic can continue towards alternate link faster than regular convergence since you use lower timers. (Instead of 30seconds hello timer, you can use 1 second hello , or instead of 5 seconds SPF wait time, you can make it 10 ms and so on.)


Although the RIB/FIB update is hardware dependent, the network operator can configure all the other steps.

One thing always needs to be kept in mind; Fast convergence and fast reroute can affect network stability. If you configure the timers very low, you might see false-positives.

Unlike fast convergence, for the fast reroute, backup path is pre-computed and pre-programmed into the router RIB/FIB. This increases the memory utilization on the devices.


There are many Fast Reroute mechanisms available today. Most known ones are; Loop Free Alternate (LFA), Remote Loop Free Alternate (rLFA), MPLS Traffic Engineering Fast Reroute and Segment Routing Fast Reroute.

Loop Free Alternate and the Remote Loop Free Alternate if also known as IP or IGP Fast Reroute Mechanisms. Main difference between MPLS Traffic Engineering Fast Reroute and the IP Fast Reroute mechanisms are the coverage.


MPLS TE FRR can protect the any traffic in any topology. IP FRR mechanisms need the physical topology of the networks to be highly connected.


Ring and square topologies are hard for the IP FRR topologies but not a problem for MPLS TE FRR at all. In other words, finding a backup path is not always possible with IP FRR mechanisms if the physical topology is ring or square. Best physical topologies from this aspect is full mesh.


Read more

Orhan Ergun 6 Comments

OSPF Best Practices


OSPF Best Practices

Understanding and using best practices is very important though may not be feasible in all networks due to budget , political or other technical constraints.


In this post I will explain the best practices on OSPF networks. This best practices come from my real life design and deployment experience , knowledge and lessons learned of 15 years of Enterprise, Service Provider and Mobile Operator networking background.


Before we start, I want to touch briefly on Topology and Reachability information in OSPF as I will use these terms many times throughout this post and you’ll see whenever you study network design.

Reachability information means, IP address and subnets on the devices and the links. Router loopbacks, and the links between the routers have an IP address and these information are exchanged between the routers in OSPF. This process is known as control plane learning.

Topology information means, connection between the routers, metric information , which router is connected to which one. With this information, routers find a shortest path tree in OSPF.  Note that IS-IS uses the same process to find a shortest path for each destination but there is no topology information in EIGRP. In other words, EIGRP neighbors don’t send topology information to each other.


Another term which I will use throughout this post is single area design.

Single area OSPF design is also known as Flat OSPF design. Generally we refer OSPF Area 0 only (Backbone area) deployment. There is no second area, all the nodes are in the backbone area.


  • Stub, Totally Stub, NSSA and Totally NSSA Areas can create sub optimal routing in the network.Because these are types prevent some information into an area. Whenever there is specific information in the routing table, optimal path can be found , whenever there is summarization (less reachability information in the routing table) suboptimal routing might occur.


  • OSPF Areas are used for scalability. If you don’t have valid reason such as 100s of routers, or resource problems on the routers, don’t use multiple areas.


  • OSPF Multi area design increases the network complexity. Complexity sometimes is necessary and not the bad thing but just aware that multi area design compare to single/flat OSPF area design is more complex as you need to place ABR in the correct place, dealing with the multi area design related problems such as MPLS Traffic Engineering and MPLS LSP issues. 


  • Two is company, three is crowded in design. Having two OSPF ABR provides high availability but three ABR is not a good idea. Unless you have a capacity requirement , I don’t recommend to have three links , nodes , logical entity and so on  in the networks.


  • ABR slows down the network convergence. Knowing this important, without ABR in single/flat OSPF design, there is no Type 1, Type 2 to Type 3 LSA generation, similarly Type 4 LSAs also regenerated from the Type 1 LSAs.


  • Having separate OSPF area per router is generally considered as bad. You should monitor the routers resources carefully and placed as much routers as you can in one OSPF area.


  • Not every router has powerful CPU and Memory, you can split up the router based on their resource availability. Low end devices can be placed in a separate OSPF area and that area type can be changed as Stub, Totally Stub, NSSA or Totally NSSA.


  • Always look for the summarization opportunity, but know that summarization can create sub optimal routing. Sub optimal routing may not be a problem for some applications but some applications require very low delay , jitter and packet loss. Sub optimal routing increases a chance of delay (latency).


  • Good IP addressing plan is important for OSPF Multi Area design. It allows OSPF summarization (Reachability) thus faster convergence and smaller routing table.


  • Having smaller routing table provides easier troubleshooting. Dealing with less information decreases mean time to repair. Identifying the problem and fixing would be faster.  Because there will be less routing prefixes in the routing table and the routing protocol databases so troubleshooting would be much easier and it would be probably manageable by the average skilled engineers.


  • Having smaller routing table increases convergence time as well. Summarization reduces the routing table size that’s why provides faster network convergence.


  • OSPF NSSA area in general is used at the Internet Edge of the network since on the Internet routers where you don’t need to have all the OSPF LSAs yet still redistribution of selected BGP prefixes are common.


  • Topology information is not sent between different OSPF areas, this reduces the flooding domain and allows large scale OSPF deployment. If you have 100s of routers in your network, you can consider splitting the OSPF domain into Multiple OSPF areas. But there are other considerations for Multi Area design and will be explained in this chapter.


  • Use passive interface as much as you can. Passive interface should be enabled if you don’t want to setup an OSPF neighborship.


  • For very large scale OSPF design, transit subnets can be removed from the OSPF topology. This has been defined in RFC 6860. This feature is known as ‘ prefix suppression ‘ on Cisco routers. Removing these links reduces the routing table size thus increases the network convergence and makes troubleshooting easier.


  • If there will be maintenance on the router which runs OSPF , ‘ max-metric router lsa ‘ should be enabled to remove the router from the topology without having packet loss. Actually router still stays in the OSPF topology but since it will advertise maximum metric in Type 1 LSA (Router LSA), traffic is not forwarded to it, if there is an alternate path. If there is no alternate path, even with the ‘ max-metric router lsa ‘ router receives network traffic.
Similar to OSPF best practices , you can find other Best Practices in network design on the website.
Orhan Ergun No Comments

Turkiyede CCDE Egitimi

Bu Turkce paylastigim ilk post olacak. Heyecanliyim. Ama daha cok , Turkiyede ve Turkce CCDE Egitimi verecek olmaktan dolayi heyecanliyim.

Takipcilerim bilirlerki 2 yildan fazla bir suredir Cisco CCDE Egitimi vermekteyim ve egitimlerime Dunyanin her yerinden 100 lerce kisi katilmistir.

Cogunlukla Online/Live olmakla birlikte, Amerikada, Dubai de , Afrika da , Qatar ve Avrupada Onsite egitimler de veriyorum.

Insanlar, basta network design ogrenmek amaciyla bu egitime katiliyorlar. Tabiki ogrendikleriyle birlikte CCDE Egitimini de gecmeleri mumkun oluyor. Iki yil icerisinde 30 dan fazla ogrencim CCDE numaralarini aldi bile. Read more

Orhan Ergun No Comments

MPLS Layer 3 VPN Deployment

MPLS Layer 3 VPN Deployment

In this post I will explain MPLS Layer 3 VPN deployment by providing a case study. This deployment mainly will be for green field environment where you deploy network nodes and protocols from scratch. This post doesn’t cover migration from Legacy transport mechanisms such as ATM and Frame Relay migration as it is covered  in the separate post on the website. Read more

Orhan Ergun 2 Comments

MPLS Transport Profile (MPLS-TP) Basic Explanation and Key Points

MPLS Transport Profile (MPLS-TP)

Multi-Protocol Label Switching Transport Profile (MPLS-TP) is a new technology developed jointly by the ITU-T and the IETF. The key motivation is to add OAM functionality to MPLS in order to monitor each packet and thus enable MPLS-TP to operate as a transport network protocol.


Read more

Orhan Ergun No Comments

Quality of Service Best Practices

Quality of Service Best Practices

What is best practice ? Below is a Wikipedia definition of best practice. This apply to education as well.


A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.Always classify and mark applications as close to their sources as possible.


Although in real life designs we may not be able to follow best practice network design due to many constraints such as technical , budgetary or political constrains, knowing the best practices is very critical for network design in real life as well as in the exams.


Thus below are the general accepted Quality of Service Best Practices. I covered Quality of Service Best Practices and the many other technology best practices in the CCDE In-Depth which is my latest network design book.


  • Classification and marking usually done on both ingress and egress direction but queuing and shaping usually are done on Egress.


  • Ingress Queening can be done to prevent Head Of Line blocking. Other wise, queuing is done almost in any case at the egress interface.


  • Less granular fields such as CoS and MPLS EXP (Due to number of bits)  should be mapped to DSCP as close to the traffic source as possible. COS and EXP bits are 3 bits. Thus you can have maximum 8 classes with them. DSCP is 6 bits and 64 different classes can be used. Thus DSCP is considered as more granular. This knowledge is important because when MPLS Layer 3 and Layer 2 VPN is compared, MPLS Layer 3 VPN provides more granular QoS as it uses DSCP instead of COS (Class of Service bits which is carried in Layer 2)


  • Follow standards based Diffserv PHB markings if possible to ensure interoperability with SP networks, enterprise networks or merging networks together. RFC 4594 provides configuration guidelines for Diffserv Service Classes.


  • If there is real time, delay sensitive traffic, LLQ should be enabled. Because LLQ is always served before than any other queuing mechanism. When the traffic in LLQ is finished, the other queues are handled.


  • LLQ is the combination of CBWFQ (Class based weighted fair queuing) and Priority Queuing.


  • Enable queuing at every node, which has potential for congestion. For example in Wide Area Network edge node, generally the bandwidth towards wide area network is less than local area network or datacenter, thus WAN edge is common place of QoS queuing mechanism.


  • Limit LLQ to 33% of link bandwidth capacity. Otherwise real time traffic such as voice can eat up all the bandwidth and other applications suffer in case of congestion.


  • Enable Admission Control on LLQ. This is very important since if you allocated a bandwidth which can accommodate 10 voice call only, 11th voice call disrupts all 11 calls. Not only the 11th call. Admission control for real time traffic is important.


  • Policing should be done as close to the source as possible.Because you don’t want to carry the traffic which would be dropped any way. (This is a common network design suggestion which I give my clients for security filters). This is one of the most important Quality of Service Best Practices.


  • Do not enable WRED on LLQ. (WRED is only effective on TCP based applications. Most if not all real time applications use UDP, not TCP)


  • Allocate 25% of the capacity for the Best Effort class if there is large number of application in the default class.


  • For a link carrying a mix of voice, video and data traffic, limit the priority queue to 33% of the link bandwidth.


  • Use WRED for congestion avoidance on TCP traffic. WRED is effective only for TCP traffic.


  • Use DSCP based WRED wherever possible. This provides more granular implementation.


  • Always enable QoS in hardware as opposed to software if possible. In the campus environment, you should enable classification and marking on the switches as opposed to routers. Switches provide hardware based Quality of Service.


  • Because 802.1p bit (COS bits) is lost when the packet enters the IP or MPLS domain, mapping is needed. Always implement QoS at the hardware, if possible, to avoid performance impact.


  • Switches support QoS in the hardware, so, for example, in the campus, classify and mark the traffic at the switches.


Read more

Orhan Ergun No Comments

Interdatacenter broadcast control – ARP Proxy in OTV and EVPN

When it comes to multi domain or Inter datacenter communication, minimizing the broadcast traffic between the datacenters is an important scaling requirement.

Especially if you are dealing with millions of end hosts, localizing the broadcast traffic is critical to save resources on the network and the end hosts. Resources are bandwidth , CPU , memory and so on.

In this post I will mention how ARP cache is populated in OTV and EVPN technologies and the importance of ARP proxy function.  Read more