Total 286 Blogs

Created by - Orhan Ergun

The difference between Load balancing and Load Sharing

Load Balancing and Load Sharing - It is important to understand the difference between load balancing and load sharing.   Routing protocols after calculating the routes from their databases , they automatically put equal cost routes into the routing table. Only exception to this behaviour is BGP. Unless you enable multi-path support , BGP doesn’t place equal cost routes into routing table.   EIGRP can place unequal cost paths into routing table in addition to equal cost ones.   For both ECMP and UCMP paths if you check the route information with ‘ show ‘ commands , you will encounter ‘ traffic sharing ‘ values. Routers will use only routing protocol information based on layer 3 , 4 information will hash the flows and send them always over one link, another flow over different link. Very similar to ‘ round robin ‘ behaviour of the load balancers.Round-robin load balancing is similar to load-sharing Let’s imagine server load balancing: Load balancers can measure the servers resources such as CPU , memory , established session numbers, least connections.Based on those numbers, gives more intelligent decision and redirect to flows to best servers. Load balancing based on least connection allows intelligent decision Although we use the term ‘ load balancing ‘ with the routers,switches; it is good to know that the correct term is ‘ load sharing ‘. It’s Your Turn Do you think should I extend this post by adding more information on Load Balancing? Let me know in the comment box below.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Carrier Supporting Carrier – CSC

CSC Carrier Supporting Carrier is a hierarchical MPLS VPN architecture between the Service Providers.   Service is an MPLS VPN service mostly but doesn’t have to be as you will see throughout the post. I am explaining this topic in deep detail in my Instructor Led CCDE and Self Paced CCDE course. Customer carrier ( Provider ) receives an MPLS VPN service from the Core/Backbone carrier. Although CSC architecture is not common in real life, if you are studying for the CCDE , CCIE Service Provider, JNCIE exams, you should know this architecture. We have two Service Providers at least. Can it be three ? Yes If two different customer carriers setup their Inter-AS MPLS VPN over a Core/Backbone Carrier,although architecture get really complex, it is possible. (Inter-AS Option C would be an ideal in this case) Carrier Supporting Carrier also an Inter-AS MPLS VPN solution but it tries to solve different problem. Let’s remember what we were trying to accomplish with all the Inter-AS MPLS VPNs with the very high level overview picture.Customer’s 2 sites are connected to 2 different service providers. Let’s look at what problem Carrier Supporting Carrier Architecture solves.Customer’s 2 sites are connected to the POP locations of a Service Provider which receives an MPLS VPN service from another Service Provider. In the above picture from the SP-1 point of view, SP-2 just provides a reachability between the SP-1 devices. SP-2 doesn’t know anything about SP-1’s customer prefixes.This brings to solution a scalability. SP-2 just carries Service Provider -1 routers loopbacks, not even infrastructure addresses. I will talk about what would be the better solution rather than Carrier Supporting Carrier at the end of the article but let’s look at how Carrier Supporting Carrier works, in detail.We have two Service Providers, SP-1 and SP2. SP1’s customer has two location. R1 in location 1 is connected to SP-1 Site-1 router R1 which runs EIGRP. R11 in location 2 is connected to SP-1 Site-2 router R9 which runs EIGRP . SP-1 has OSPF in its both location as core IGP. SP-2 which is a backbone carrier has IS-IS as its core IGP. LDP is a label signalling protocol for both Service Providers. ( It could be RSVP as well ) SP-1 is called as a Customer Carrier and SP-2 is called as a Backbone or Core Carrier. R4 is a VPN route reflector in SP-1 Site 1. R10 is a VPN route reflector in SP-1 Site 2.They run MP-BGP VPNv4 session with the PEs. SP-1 provides an MPLS L3 VPN service to CE Site-1 and Site-2. SP-2 provides an MPLS L3 VPN service to SP-1 which is customer carrier. SP-2 treats SP-1 as its regular VPN customer thus on the edges SP-2 puts all SP-1 prefixes into VRF. SP-1 doesn’t use VRF since SP-1 doesn’t send its customer prefixes to SP-2.Instead only loopback addresses of SP-1 is sent to SP-2. Thus Global routing table of SP-1 is advertised to the SP-2. This can be achieved by running either IGP or BGP at the edges. In this topology R3-R5 and R7-R8 runs IGP, specifically OSPF as CSC-CE – CSC-PE protocol. Whole purpose of this architecture is to provide reachability between CE-`1 and CE-2 by using SP-2 as transparent from the SP-1 point of view. Thus SP-2 shouldn’t break end to end LSP. End to End LSP is setup between the SP-1’s edge routers.In our topology R2 and R9 has to reach each other’s loopback likewise Router reflector and the other PEs should reach each other. IBGP VPNv4 session is setup between the RRs in each domain. Since between the sites of SP-1, BGP session is an IBGP session, RR doesn’t change the next hop of the Edge PEs. If it is an EBGP session; on the RR you need to say that BGP next-hop shouldn’t be changed as in the Inter-AS Option C case. If you will remember one thing from this article then read below paragraph. In the Carrier Supporting Carrier Architecture,in order to hide end user prefixes ( SP-1’s customer prefixes), between CSC-CE and CSC-PE (SP-1 and SP-2 ASBRs), mpls is enabled through either LDP or BGP+label (RFC 3107). CSC-PEs ( R5 and R7 in our topology ) assign a VPN label for all of the loopbacks of SP-1. SP-2 advertises those label towards MP-BGP as a VPNv4 label to edge PEs, and also towards CSC-CE (R3 and R8 in our topology) through LDP or BGP. So on the R5 and R7, we have three labels in the label stack in the SP-2 domain. In R6 top most label can be removed with PHP operation. (If Pipe mode QoS enables Explicit Null could be signalled , so PHP is not done) Top most label (Transport label) is for the edge devices reachability for the BGP next hop (Loopback of R5 and r7) of SP-2 , second label is VPN label for the customer/SP-1 for SP-1 edge devices reachability of SP-1 and the third label is the VPN label of SP-1 for the end customer prefixes. If you use in SP-2 MPLS Traffic engineering and FRR for Carrier Supporting Carrier Service, you see up to 5 labels in the label stack thus MTU needs be considered but also hardware should support deep label stack. Although I explained only an MPLS VPN service in the Customer carrier network, Carrier Supporting Carrier architecture is used to provide an additional layer of hierarchy. If customer carrier wants to provide an Internet Service and don’t want to receive CSC service from the backbone carrier for its MPLS VPN customers, same operation (Advertising only loopbacks from the CSC-CE to CSC-PE and assign a label for the loopbacks) is done. Conclusion : Although backbone/core carrier provides an MPLS Layer 3 VPN service with the Carrier Supporting Carrier architecture, better solution for backbone carrier is to provide Layer0 service (DWDM),Layer 1 (Sonet/SDH,POTN and so on) or layer 2 service ( Ethernet, MPLS L2VPN and so on) since providing MPLS Layer 3 VPN in this case operationally more complex than providing basic connectivity. DWDM and SONET/SDH for the long haul links is an expensive solution,especially if the requirement is fast recovery.SONET/SDH can provide this but requires additional hardware such as APS (Automatic Protection Switching). Thus probably for both customer carrier and backbone carrier ideal solution would be Layer 2 MPLS VPN on the backbone carrier. To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Architecture Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here What about you ? Are you an Enterprise or Service Provider engineer ? Do you provide or receive Carrier Supporting Carrier service ?

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

MPLS Transport Profile (MPLS-TP) Basic Explanation and Key Points

MPLS-TP - Multi-Protocol Label Switching Transport Profile (MPLS-TP) is a new technology developed jointly by the ITU-T and the IETF. The key motivation is to add OAM functionality to MPLS in order to monitor each packet and thus enable MPLS-TP to operate as a transport network protocol. MPLS Technologies and Design are explained in deep detail in Instructor Led CCDE and Self Paced CCDE course. Motivations for MPLS Transport Profile Evolution of SONET/SDH transport networks to packet switching driven by growth in packet-based services (L2/L3 VPN, IPTV, VoIP, etc) and desire for bandwidth and also QoS flexibility in transport network was one of the main drivers of MPLS Transport Profile. Requirements of an MPLS Transport Profile was defined in RFC 5654. MPLS-TP is a new packet transport mechanism which has the same operational model with TDM based transport networks. It is useful to understand some of the key differences between MPLS-TP and classic MPLS. MPLS-TP vs. IP/MPLS MPLS-TP uses network management instead of signalling protocols for determinism (know where your packets are). GMPLS is defined as MPLS TP signalling protocol and provides control plane functionality to MPLS TP networks. MPLS TP doesn’t force GMPLS to be used though. No routing protocols or IP control plane in MPLS Transport Profile. NMS is used in MPLS TP. Also MPLS Transport Profile doesn’t have :Penultimate Hop Popping (PHP) – last hop IP meaning no MPLS OAM end to end. Thus there is no PHP in MPLS Transport Profile. Equal Cost Multi-Path (ECMP) – makes OAM difficult. That’s why there is no ECMP in MPLS Transport Profile Label Switched Path (LSP) merging – makes OAM difficult. Applications MPLS-TP is a packet transport protocol with capabilities that traditionally belong to transport networks such as SONET/SDH and OTN. The intention with MPLS-TP is to be able to replace such legacy networks as SONET/SDH, though not OTN, while still keeping the advantages of packet transport. Due to its extensive feature catalogue, MPLS-TP is very flexible and can be used for many different applications. One main advantage is that it uses Pseudowire (PW) as a transport entity. PWs are able to encapsulate any type of traffic, such as Asynchronous Transfer Mode (ATM), Frame Relay, Point-to-Point Protocol (PPP), Ethernet, etc. MPLS Transport Profile is applicable to situations where reliability, QoS and OAM are the main requirements. MPLS Transport Profile can be operated/controlled via network management or a control plane, the latter being a main advantage when dynamic provisioning is required. Moreover, MPLS-TP is fully compatible with IP/MPLS networks, which presents many possibilities for network solutions that demand MPLS/MPLS-TP interworking. MPLS Transport Profile can run over Ethernet, SONET/SDH (G.783) and OTN (G.709, G.872) using Generic Framing Procedure (GFP). In these studies OTN was chosen as the underlying layer and thus the delay from the GFP should be included for the MPLS-TP or the OTN layer. When MPLS network is controlled by IP/LDP or RSVP, LSP (Label Switched Path) is always unidirectional. Which mean, return traffic requires an additional LSP. Thus return traffic can pass completely different set of routers/nodes than forward traffic. MPLS TP LSP is a bidirectional LSP which provides deterministic path since the nodes in forward direction is exactly same as reverse direction. Same delay and jitter is provided since the forward and reverse traffic goes through same set of routers/nodes. MPLS Transport Profile doesn’t change the IP/MPLS data plane. Still 32 bits MPLS Header is used. 20 bits of MPLS Label space, 3 bits for EXP, 1 bit for bottom of stack indicator and 8 bits for TTL. I mentioned in the beginning of this post, MPLS TP can use GMPLS for control plane function. Generalized MPLS (GMPLS) provides deterministic and connection oriented behaviour using LSPs (Label Switched Paths). MPLS-Transport Profile also uses Targeted LDP (T-LDP) to set up pseudowires (PWs) over GMPLS LSPs, to provide VPWS (Virtual Private Wire Service) and VPLS (Virtual Private LAN Service). MPLS Transport Profile mandates running protocols such as BFD (Bidirectional Forwarding Detection) over GMPLS LSPs and PWs, to provide OAM functionality.   Last but not least MPLS Transport Profile LSPs are connection oriented. Connection oriented is a communication mode in telecommunications and computer networking, where a communication session or a semi-permanent connection is established before any useful data can be transferred, and where a stream of data is delivered in the same order as it was sent. I recommend below as extra study resources for those who are interested in MPLS Transport Profile Deploying Packet Transport with MPLS Transport Profile Requirements of an MPLS Transport Profile To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Quality of Service Best Practices

QOS Best Practices - What is best practice ? Below is a Wikipedia definition of best practice. This apply to education as well. A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.Always classify and mark applications as close to their sources as possible.   Although in real life designs we may not be able to follow best practice network design due to many constraints such as technical , budgetary or political constrains, knowing the best practices is very critical for network design in real life as well as in the exams.   Thus below are the general accepted Quality of Service Best Practices. I covered Quality of Service Best Practices and the many other technology best practices in the CCDE In-Depth which is my latest network design book.   Classification and marking usually done on both ingress and egress direction but queuing and shaping usually are done on Egress. Ingress Queening can be done to prevent Head Of Line blocking. Other wise, queuing is done almost in any case at the egress interface. Less granular fields such as CoS and MPLS EXP (Due to number of bits) should be mapped to DSCP as close to the traffic source as possible. COS and EXP bits are 3 bits. Thus you can have maximum 8 classes with them. DSCP is 6 bits and 64 different classes can be used. Thus DSCP is considered as more granular. This knowledge is important because when MPLS Layer 3 and Layer 2 VPN is compared, MPLS Layer 3 VPN provides more granular QoS as it uses DSCP instead of COS (Class of Service bits which is carried in Layer 2) Follow standards based Diffserv PHB markings if possible to ensure interoperability with SP networks, enterprise networks or merging networks together. RFC 4594 provides configuration guidelines for Diffserv Service Classes. If there is real time, delay sensitive traffic, LLQ should be enabled. Because LLQ is always served before than any other queuing mechanism. When the traffic in LLQ is finished, the other queues are handled. LLQ is the combination of CBWFQ (Class based weighted fair queuing) and Priority Queuing. Enable queuing at every node, which has potential for congestion. For example in Wide Area Network edge node, generally the bandwidth towards wide area network is less than local area network or datacenter, thus WAN edge is common place of QoS queuing mechanism. Limit LLQ to 33% of link bandwidth capacity. Otherwise real time traffic such as voice can eat up all the bandwidth and other applications suffer in case of congestion. Enable Admission Control on LLQ. This is very important since if you allocated a bandwidth which can accommodate 10 voice call only, 11th voice call disrupts all 11 calls. Not only the 11th call. Admission control for real time traffic is important. Policing should be done as close to the source as possible.Because you don’t want to carry the traffic which would be dropped any way. (This is a common network design suggestion which I give my clients for security filters). This is one of the most important Quality of Service Best Practices. Do not enable WRED on LLQ. (WRED is only effective on TCP based applications. Most if not all real time applications use UDP, not TCP) Allocate 25% of the capacity for the Best Effort class if there is large number of application in the default class. For a link carrying a mix of voice, video and data traffic, limit the priority queue to 33% of the link bandwidth. Use WRED for congestion avoidance on TCP traffic. WRED is effective only for TCP traffic. Use DSCP based WRED wherever possible. This provides more granular implementation. Always enable QoS in hardware as opposed to software if possible. In the campus environment, you should enable classification and marking on the switches as opposed to routers. Switches provide hardware based Quality of Service. Because 802.1p bit (COS bits) is lost when the packet enters the IP or MPLS domain, mapping is needed. Always implement QoS at the hardware, if possible, to avoid performance impact. Switches support QoS in the hardware, so, for example, in the campus, classify and mark the traffic at the switches. QoS design should support a minimum of three classes: EF (Expedited Forwarding)DF (Default Forwarding/Best Effort) AF (Assured Forwarding) If company policy allows YouTube, gaming, and other non-business applications, scavenger class is created and CS1 PHB is implemented. CS1 is defined as less than best effort service in the standard RFC. On AF queues, DSCP-based WRED should be enabled. Otherwise, TCP synchronization occurs. WRED allows the packet to be dropped randomly and DSCP functionality allows packet to be dropped based on priority. Whenever it is possible, don’t place TCP and UDP traffic in the same queue, place them in a separate queues. If the requirement is to carry end to end customer marking over MPLS Service Provider network, ask Pipe Mode Diffserv tunnelling service from the service provider. Uniform mode changes the customer marking thus customer needs to remark the QoS policy at the remote site. This creates configuration complexity for the customer. This may not be the full list but definitely important and common Quality of Service best practices. If you want to discuss, add anything for this post, please share it in the comment box below.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

IS-IS Routing Protocol Interview Questions

IS-IS Interview Questions - IS-IS is a link state routing protocol. Commonly used in Service Provider networks. Back in old days, IS-IS routing protocol software was more stable and robust compare to OSPF, thus many service provider choose IS-IS as their interior routing protocol. I collected the questions which I received from my students and readers related with IS-IS routing protocol and my answers in this post. I am explaining this topic in deep detail in my CCDE Bootcamp and Self Paced CCDE course. Below questions are commonly asked. Question 1: In OSPF ASBR is used for external domain (external routes) injection, could u please let me know in ISIS who will be utilise to connect different routing protocol domain…. Is that L1/L2 or L2 or L1? Answer 1: First of all, ASBR is not just an OSPF concept. Whichever device performs redistribution regardless of routing protocol, that device is called as an ASBR. Redistribution can be performed in both Level 1 and Level 2 domains. IS-IS L2 domain is an equivalent of OSPF backbone area. L2 domain has to be contiguous. L1 domain is similar to totally not so stubby areas.It doesn’t allow any external or summary information but allows redistribution into domain. Thus external information’s can be injected in L1 domain as well. Question 2: Can L1 routes be redistributed into different protocol? Is that a part of good design to do so? Answer 2: You can redistribute routes from both L1 and L2 domains into another routing protocol. In general both are not a good design. You should carry the external routing information from another domain through BGP. See the redistribution best practices post here. Question 3: Is IS-IS routing protocol only for IP networks – Does it support CLNS routing? Answer 3: IS-IS is not only for IP routing. IS-IS was originally invented for CLNS. It runs top of layer 2. There is an ethertype for IS-IS packets. It is not an IP based protocol, like EIGRP and OSPF. For EIGRP and OSPF you need an IP protocol number. OSPF for example use IP protocol number 89. If it is layer 2 protocol such as IS-IS you need an ether type value. Question 4: ISIS routing protocol can’t be use for DMVPN is that true?? So with DMVPN just EIGRP or is there any other protocol which we can use? Answer 4: IS-IS routing protocol can’t support IP based tunnel; it is not supported with DMVPN. If you have point to point GRE tunnel, then IS-IS can run over GRE. It is not just EIGRP over DMVPN ,in fact OSPF, BGP, even RIP can run over DMVPN. In fact even RIP scales better than OSPF. You need to manually configure OSPF to scale your network, but flooding will stay as a problem whatever you do. Thus for large scale networks, EIGRP is the best for the DMVPN design. Question 5: What is the benefit of set-overload bit in ISIS routing protocol? Answer 5: It is used to avoid black holing. Imagine a scenario where you have BGP on every router. Which mean you don’t run MPLS in the core. In case of a link failure, IGP, as well as BGP neighborship goes down. If you don’t set overload bit on the intermediate routers, since IS-IS will converge faster than BGP, BGP destinations will be blackhole. If you set overload bit on a router, router is not used as a transit router; it waits to BGP to converge. It is very similar to IGP LDP synchronisation. But overload bit is used for IGP BGP synchronisation in IS-IS routing protocol. Question 6: Is there a designated router in IS-IS , similar to OSPF DR? When we should or shouldn’t use it ? Answer 6: In a multi-access networks, such as Ethernet, IS-IS elects a DIS (Designated Intermediate System). DIS is very similar to DR (Designated Router in OSPF),creates a pseudo node to represent multi-access segment. Without DIS, every router would flood the LSPs to each other. For efficient flooding on a multi-access networks, you want to have DIS. But from the convergence point of view, having a DIS is not good. Election takes time. But also LSP will traverse more hop to reach to every other router. If you have only two routers which are connected back to back through Ethernet, since it will be broadcast, IS-IS elects a DIS. If you have only two routers on a segment, having a DIS doesn’t improve flooding. But if you change the type to point to point you will get better convergence since there will not be a DIS. Question 7: External routes can be summarised within L1 area only,is that true? Answer 7: No. In IS-IS external routes since they will be regenerated at the L1/L2 router, you can summarize on L1/L2 router as well. You may want to check this RFC. Question 8: Do you think that ISIS routing protocol flooding mechanism better than OSPF? What is the difference between full and partial SPF ? Answer 8: Flooding is very similar in OSPF and IS-IS. But IS-IS and OSPFv2 behave different for the route calculation. OSPF sends reachability and topology information within an area in Type 1 (Router LSA). Which mean, if you add even loopback interface on one router in an area, all the routers in the same area will run full SPF. In IS-IS reachability and topology information is carried in different TLV in the LSP. So if you add a loopback on the router, the other routers will just run partial SPF. Only the topology change triggers full SPF calculation is IS-IS, In large scale network, full vs. partial SPF is important for the CPU. Question 9: Full mesh – to reduce flooding use mesh-groups what does Mesh-groups mean? Answer 9: In highly meshed networks this is the mechanism for link state protocols to control the flooding. It is not specific to IS-IS routing protocol, same concept is used in OSPF as well. Since MPLS traffic engineering for the distributed path computation use link state protocols, mesh group is applicable for the MPLS TE as well. Basically you elect a router or two for redundancy and say that just those two routers will flood the LSP to the other routers. Those routers has to have connection to the all the nodes in the topology of course. Thus you eliminate flooding churn. Question 10: Multi topology routing, what are the benefits in ISIS? Answer 10: If you have IPv4 and IPv6 on your network and IPv6 routing topology is different than IPv4, then having a multi topology routing gives benefit. Don’t forget that you will have 2 LSDB, one for IPv4 and one for IPv6.Y You need to have extra memory and CPU on the routers and troubleshooting will be much harder. Thus MTTR (Mean time to repair) increases. If IPv6 topology follows the IPv4, You don’t need MTR. Don’t complicate your network. Question 11: Multi instance routing what are the benefits in ISIS routing protocol? Answer 11: As RFC 6822 defines; Multi Instance IS-IS can be used to an alternate to Multi Topology Routing. But Multi instance on a link is critical in some topology for the OSPF operation. Those topologies often require putting the link in non-backbone area and creating a Virtual Link on the link. Thus multi instance on a link is excellent solution for OSPF. IS-IS routing protocol solves the same issue by default having L1/L2 router. To have a great understanding of SP Networks, you can check my new published Service Provider Networks Design and Perspective Book. It covers the SP network Technologies with also explaining in detail a factious SP network. If you are a service provider network engineer, what is your IGP ? Do you have one or two level IS-IS on your network? Is there any Enterprise Network engineer who runs IS-IS routing protocol on their network?

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Fast Convergence and the Fast Reroute – Definitions/Design Considerations in IP and MPLS

Fast Convergence and the Fast Reroute Network reliability is an important design aspect for deployability of time and loss sensitive applications. When a link, node or SRLG failure occurs in a routed network, there is inevitably a period of disruption to the delivery of traffic until the network reconverges on the new topology. Fast reaction is essential for the failed element for some applications. There are two approaches for the fast reaction in case of failure: Fast convergence and fast reroute. Although people use these terms interchangeably, they are not the same thing. In this post I will explain the definitions and high level design considerations for fast convergence and the fast reroute. Fast Reroute mechanisms in IP and MPLS , design considerations and pros and cons of each one of them will be explained in a separate post. When a local failure occur four steps are necessary for the convergence. These steps are completed before traffic continues on the backup/alternate link. 1. Failure detection (Protocol Hello Timers , Carrier Delay and Debounce Timers, BFD and so on) 2. Failure propagation (LSA and LSP Throttling timers) 3. New information process (Backup/Alternate path calculation) (SPF Wait and Run times) 4. Update new route into RIB/FIB (After this step, traffic can continue to flow through backup link) For fast convergence, these steps are tuned. Tuning the timers mean generally lowering them as most vendors use higher timers to be on the safe side. Because as you will see later in this post, lowering these timers can create stability issue in the network. When you tune the timers for failure detection, propagation and the new path calculation, it is called fast convergence. Because traffic can continue towards alternate link faster than regular convergence since you use lower timers. (Instead of 30seconds hello timer, you can use 1 second hello , or instead of 5 seconds SPF wait time, you can make it 10 ms and so on.) Although the RIB/FIB update is hardware dependent, the network operator can configure all the other steps. One thing always needs to be kept in mind; Fast convergence and fast reroute can affect network stability. If you configure the timers very low, you might see false-positives. Unlike fast convergence, for the fast reroute, backup path is pre-computed and pre-programmed into the router RIB/FIB. This increases the memory utilization on the devices. There are many Fast Reroute mechanisms available today. Most known ones are; Loop Free Alternate (LFA), Remote Loop Free Alternate (rLFA), MPLS Traffic Engineering Fast Reroute and Segment Routing Fast Reroute. Loop Free Alternate and the Remote Loop Free Alternate if also known as IP or IGP Fast Reroute Mechanisms. Main difference between MPLS Traffic Engineering Fast Reroute and the IP Fast Reroute mechanisms are the coverage. MPLS TE FRR can protect the any traffic in any topology. IP FRR mechanisms need the physical topology of the networks to be highly connected. Ring and square topologies are hard for the IP FRR topologies but not a problem for MPLS TE FRR at all. In other words, finding a backup path is not always possible with IP FRR mechanisms if the physical topology is ring or square. Best physical topologies from this aspect is full mesh. If MPLS is not enabled on the network, adding MPLS and RSVP-TE for just MPLS TE FRR functionality is considered as complicated. In that case network designers may want to evaluate their existing physical structure and try to alternate/backup path by adding or removing some circuit in the network. IGP metric tuning also helps router to find alternate loop free paths. Fast reroute mechanisms can be considered as subset of fast convergence. But as you can understand from this post, all the above steps are taken after the failure in fast convergence and all of them are already ready in fast reroute. In fast reroute, traffic can flow through the backup path as soon as failure is detected. For the fast failure detection, best thing is to rely on physical detection mechanisms such as carrier delay , debounce timers, Automatic Protection Switching and so on. Sometimes it is impossible to use these mechanisms (If there is Layer 1 or 2 device between the routers for example) then the best mechanism for the fast failure detection is BFD. Last but not least, convergence time is always faster with fast reroute mechanisms (50 ms is not a magic with them) compare to fast convergence (Generally less than a second but after that stability is a problem) mechanisms.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

I discussed some IP Mobility solutions including LISP!

Couple days ago I discussed some IP Mobility solutions, including LISP (Locator Identity Separation Protocol) with the CCDE students. Basically all IP Mobility solutions work in a similar way. New location of the host Address needs to be learned either via routing system or authoritative server. Host information is called identity and it can be MAC address or IP address which mean identity doesn’t have to be Layer 2, it can be Layer 3 as well. In LISP terminology authoritative server is called as Mapping Database. There are two roles of mapping database. Creating a database (Map Server) and answering the LISP queries (Map Resolver). It is very similar to DNS architecture. It was a random question, I didn’t plan to talk about LISP but basically I answered maybe 20 questions in an hour. Thus you will not see unfortunately diagrams, topologies and so on but I promise I will share much detailed and clear LISP (Locator Identity Separation Protocol) article and video soon. You can watch the video from the youtube channel by clicking below link. Don’t forget to subscribe to the channel, many things are on the way !   [embed]https://www.youtube.com/watch?v=WsEYiF5knG0[/embed]

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Packet loss with Fast Reroute!

Packet loss with fast reroute - Do we still lose packet with fast reroute? One of my students asked me this question. And I would like to share the answer with everyone.   Before we discuss whether or not we lose packet with fast reroute mechanisms, let’s remember what fast reroute is. It is pertinent to know that fast reroute is not the same as fast convergence. With fast convergence, we can touch protocol timers, squeeze them, and maybe tweak FIB prefix instalment method in order to install golden prefixes before the link prefixes. And in the end, we have less than a second convergence time. This may be enough for your network applications. But note that with fast convergence, a backup path is not pre-installed in the FIB. Fast reroute can provide 50ms convergence time. Yes, it can. And this is the most important difference from the end result point of view. But from the technology implementation point of view, the difference is that with fast reroute, a backup path is pre-installed in the FIB (Forwarding Information Base). So, if your fast reroute mechanism works based on a tunnel (Some FRR mechanisms don’t require a tunnel), a backup tunnel is pre-installed. And that is why fast reroute is known as a proactive, fast convergence is a reactive protection method. Let’s take a look at the question again. Do we still lose packet with fast reroute? The answer is YES. As I said, fast reroute can provide 50ms convergence time depending on mainly the fast failure detection time. This 50ms is the time between the failure and success of using a backup path. All the traffic in this 50 ms is lost. The application timeout can tolerate this. But I think it is important to know that there will be packet loss with fast reroute. Let's discuss more detail in my Instructor Led CCDE Training!

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

Is Fate Sharing bad thing in network design?

Fate sharing in networking - Is fate sharing bad thing in network design? Someone asked this question recently on my youtube channel and I want to share a post for the website followers as well. First of all, what is fate sharing ? Below is the Wikipedia definition of fate sharing. ” Fate-sharing is an engineering design philosophy where related parts of a system are yoked together, so that they either fail together or not at all “ We use this term a lot of time when we suggest a design recommendation for Multi Service PE (Provider Edge) devices in the Service Provider networks. Multi Service PE provides more than one service in the Service Provider networks. Many Service Providers follow this design philosophy. Main reason for SPs to use more than one service (Ex: Internet and VPN) on the same router is cost. In order to reduce cost by better utilizing the router resources is not a bad idea but there is a fate sharing in this case. Internet based attack can bring down the Multi Service PE and VPN customers on the same device are affected as well. In this case fate sharing is harmful. But is fate sharing always a bad thing ? Actually no. As always it depends. I can hear the voice of Transport Engineers right now ? When there is a connection between two routers for example, if link fails and only one side of the link goes down (This is the case when you have a transport equipment or routers connected via the Ethernet switch), for the failure detection upper layer protocol is used (BFD, Protocol hellos etc.). But of course it is better if both sides of the link go down at the same time. This is called fate sharing as well and in this type of situation, Transport people want fate sharing. (In fact one of the capabilities of MPLS-TP is fate sharing through the inline OAM messages). Thus we can’t say that fate sharing is always a bad thing but depends on the situation. To keep this post as short and understandable I won’t give another example but if you would like me to provide more example let me know, share your thoughts in the comment box below.

Published - Tue, 26 Nov 2019