Total 11 Blogs

Created by - Orhan Ergun

AWS SAA vs. CLF - Can I skip one?

AWS are known for their famous highly demanded Solutions Architect Associate (SAA) Certificate, and many thinks that it is the first step with AWS and Cloud Computing, the question now is it?, or is there any step that should be taken before, like the AWS Cloud Practitioner CLF exam?. in this blog post we will discover and compare the agenda and the main pillars each exam teach you, and see if it worth skipping CLF and start directly with SAA. Cloud Concepts Your very first chapter to start studying AWS CLF with will be the cloud concepts, this will give a general overview of what is the idea and concept of cloud computing, what would AWS provide regarding that, and are you about to experience. Luckily this part is shared between both the exams of AWS CLF and SAA, and we'll find a share for it here and there, to understand what we are about to start with such exams. that makes them equal here, 1-1. Security and Compliance Having zero knowledge about cloud computing and the restrictions and differentiations that might occur with it, upon implementing a new network on the cloud for the first time will require the knowledge of official documents, government restrictions and compliances, regional compliances as well. Now that is a point where CLF wins as it mentions and provides all the necessary documents and resources to check the security and compliances requirements based on the region you are planning to implement a cloud network on. so far 2-1 for CLF. AWS Core Services This pillar represent the back bone of whatever you should study and learn with AWS, all the services hosted on cloud, in other words, inside AWS real Data Centers, are shown and detailed here, service after another. The CLF exam focuses for more than 30% of its weight on the Core services giving you a good knowledge to call it a start with AWS, while the SAA exam is "about" this pillar, you will spend your time with that exam studying the core services, designing the core services, architecting solutions together, all within the same cloud, one solid well-built/designed network on the cloud of AWS. In general, you will learn about the Core services of AWS 3 times more with SAA compared to CLF, making SAA the ultimate beginning with AWS services. we can say it is a point to SAA, so we have 2-2 now. AWS Economics The last pillar to check and talk about in this post is the one that teaches you billing, payments, discounts, Free tier, support, programs, and pricings. All of that is in the CLF exam but NOT mentioned in the SAA exam unfortunately, it is a major and big point for the CLF as ignoring these skills will result is disasters when dealing with AWS services in real life. And that sent the last point for today to the CLF exam, 3-2. Conclusion With all the above being said, does that make starting with AWS SAA directly a mistake or a wrong step in the path of AWS carrier for me! The Answer is that you can practice and prepare the best with AWS by: Either Start with CLF and then SAA Or, start with SAA but refer to the official documents from AWS the fills the gaps of Compliance and Economics which will be equal to the amount of time and efforts spend studying the CLF exam! Resources For us on orhanergun.net, we provide both the AWS CLF and AWS SAA exams courses on the website, detailed explanation based on the official agenda of the exams by AWS, alongside with many other AWS and Cloud courses, you can either get a life-time subscription per course, which will provide all the future exam updates for free. or contact our sales to get a full annual access to a variety of courses based on the tier you desire.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Administrative Distance - How preferred is it

OSPF Administrative Distance, or OSPF AD, is the key of electing OSPF among other routing protocols (if existed) leading to the same target within the same routing table, in this blog post we will discover the basics and types of Administrative Distances for OSPF across multiple different platform. Administrative Distance For Cisco systems operating systems, regardless of their platforms, all the IOS-XE, IOS-XR, and NX-OS OS's treats OSPF based on the "AD" which has the value of "110". Now the most important thing is not just to know the numerical value which will be useless without knowing its order of preference among the other routing protocol Administrative Distances. OSPF AD with Cisco OS's The values will be as follows regarding the Static and Dynamic Routing Protocols: Direct = 0 Static = 1 eBGP = 20 EIGRP = 90 OSPF 110 IS-IS = 115 RIP = 120 iBGP = 200 This Shows that OSPF routes to a specific target can be hidden if one of the dynamics (EIGRP or eBGP) routes was installed in the routing table, that also includes the Direct and Static as well. Route Preference Dealing with devices/platforms from Juniper Networks will get you to face and operate with JunOS, the one unified operating system they have, across their different platforms. with juniper the concept of Administrative Distance still exists and still play the same role, but instead, they name it only differently here by calling it as "Route Preference". OSPF AD with Juniper JunOS Some protocols will be treated differently here, and some others will be missing (cases like EIGRP as it is a Cisco proprietary). Direct/Local = 0 Static = 5 OSPF internal = 10 IS-IS L1/L2 = 15/18 RIP = 100 OSPF external = 150 IS-IS external L1/L2 = 160/165 BGP = 170 OSPF here has to types of routes and stands in the middle of the table, with the absence of EIGRP, only Direct/Local and Static routes can beat OSPF routes, making it the most preferred dynamic routing protocol. Routing Protocol Preference With another operating system like Huawei's Versatile Routing Platform (VRP) we will see many similarities with the one of JunOS, but there is a small difference to catch in the table described below. OSPF AD with Huawei's VRP Still missing EIGRP here, check the surprise of where OSPF stands within the table: Direct = 0 OSPF = 10 IS-IS L1/L2 = 15/18 Static = 60 RIP = 100 OSPF external = 150 BGP = 255 OSPF is the first protocol here!, putting away the Static route, even IS-IS beats Static route as well, interesting... Route Preference Again One more platform to check their preferences and that would be The Nokia Service Router Operating System (SR OS). OSPF AD with Nokia's SR OS It has the same name and many similar numbers to Juniper's JunOS table: Direct = 0 Static = 5 OSPF = 10 IS-IS L1/L2 = 15/18 OSPF external 150 IS-IS external L1/L2 = 160/165 BGP = 170 So at the end we find Cisco is almost the only one who names it differently, have different protocols, different order, and clearly different numbers of values for the Administrative Distances.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Routing Protocol Network Engineer Interview Questions!

OSPF is the most common network engineer interview topics without any doubt. Almost all network engineers faced with some OSPF questions in their interview. Thus I thought it is important to cover common questions and the answer with the blog post.From OSPF LSAs to OSPF Areas, by having Multi Area Hierarchical OSPF for stability, OSPF security and OSPF Fast Convergence, I prepared many questions and explaining them in detail in the below video.   There are many questions in the video and if you liked the video, subscribe to Orhan Ergun YouTube Channel and share your thoughts in the comment section.    Note: OSPF Interview Questions in this video from basics to advanced level and studying this 65 minutes video will enhance your OSPF knowledge definitely!   [embed]https://www.youtube.com/watch?v=2DGhGCGwU3o&t=76s[/embed]

Published - Fri, 07 Aug 2020

Created by - Orhan Ergun

Book Giveaway Winners

As you know couple days ago I announced that I will giveaway 3 of my books to 10 people. In this post, you will see the names of the winners. Thanks for the all participants and I am glad to share my efforts with the community. Also I have many new connections who I can provide useful content by the time. At the end of the post, you will see another surprise by me!         1022 people liked it, some of them was 2nd level connection while they liked, and some of them applied after 11pm gmt+3 on Sunday Feb9, 2020. Thus, 894 people were counted as eligible. Random name picker on https://commentpicker.com/random-name-picker.php was used to pick the names. List of the people who won the books as below. We will be connecting them to learn which book they want to receive from us.   Akinfemi Akinyanju Dennis Krulac Vannaro Mao Navid Yahyapour Vuthha Seang Marius Viotel Nastasa Luca Banfo Ahsan Mateen Abderrahmane Bendaoud Siva Ntshobane Hassan Shah   I would give the books to 10 people but one of my LinkedIn followers wanted to give one book as a gift, thus we selected 11 people. Thanks IGHO, excellent behavior.   During the giveaway campaign, I have seen very helpful people, have a look at below one.     Thanks all those participant. You love reading!  Thus, maybe another help,  I want to give anyone who read this post ' Any of my books till Feb 15,2020 ' will be $25 by using the below links. CCDE In-Depth Service Provider Design and Architecture Segment Routing Theory and Practical Approach       

Published - Mon, 10 Feb 2020

Created by - Orhan Ergun

Dynamic Network Diagrams, This is what we need!

We all create network diagrams. Network Engineers create network diagrams.  But for who ? When ? How they are accurate ? Do we really need network diagrams ? Let me share my thoughts with you. Network engineers have been creating network diagrams, physical diagrams, logical diagrams, showing Vlans , IP addresses , so many connections, switches, routers, firewalls, so many network devices for decades. When I think about the consumers of these diagrams, they  are mostly , if not all the time , are used by only the network engineers. We have system admins , database , storage , security engineers, managers and many other teams in our companies. When we think about the time and effort needed to create these network diagrams, there is significant amount of operational expenses. And when we think about the ROI (Return on investment), network diagrams are only used by network engineers. You might think that, it is necessary to explain the network to other network engineers for documentation purposes, or when there is a newly hired engineer who can benefit from the network diagrams, but I would argue on these too. The reason is, diagrams which you create today will probably not be accurate after couple years. Let’s admit that we don’t reflect every changes to the diagrams, we don’t update these diagrams every month , every quarter etc. Documentation and creating these diagrams is already a painful and boring task for the network engineers. If there is no up to date diagram, what is the point of keeping it in the first place. When you leave your job and new network engineer joins, how he/she will understand the current , most recent network topology, protocols used in the network etc. This process needs to be automated. There are plenty of great tools today which can create very detailed , very organized networking diagrams for you and in fact they can do it in couple minutes.     Source: IP Fabric NIMPEE Solution    We don’t have to be a Visio expert. As Orhan Ergun, I had to create these diagrams for the customers so many times. The time the tales for creating detailed, organized yet still understandable diagrams is huge. With the NFV, many of the networking functions are virtualized and this makes drawing of the network diagrams more complicated and time consuming. Automation is the future and future is now.  As I mentioned above, there are great tools which can create network diagrams in addition to things such as verification , network analysis , configuration repository, inventory management etc. Last year I became an advisory to the board for one of these companies, called IP Fabricand the progress made by this company is great. Start trying this tool in your network, have your dynamic, up to date network diagrams and many other automated functions for a very low cost. And please don’t forget to thank me later on : )You can click here to understand their solution and talk to them to discover the functionalities which can bring benefits to your network operation.

Published - Wed, 27 Nov 2019

Created by - Orhan Ergun

Segment Routing and MPLS VPN

MPLS VPN and Segment Routing. Many people have been asking what are the differences between MPLS VPN and Segment Routing. In fact, this is a wrong question, because Segment Routing provides transport, MPLS VPN provides Service. They are not mutually exclusive but they are complementary. In order to create end to end MPLS VPN service, Segment routing and MPLS VPN have to be provisioned in the network together. So, Segment Routing is Underlay, MPLS VPN is Overlay. MPLS VPN can be setup without Segment Routing. Instead of Segment Routing as a Transport mechanism, LDP, RSVP,BGP or plane IP can be a Transport for the VPNs. Let me explain all of the above with the below example.Segment Routing Architecture is covered in RFC 8402. If you are not familiar with Segment Routing at all, I suggest you to read my Segment Routing Key Points post now. If you are okay with the basics, please continue reading. Label 100 for the PE2 (Egress PE) loopback is advertised with the IGP protocol (Not via LDP or RSVP), and all the routers use identical label.(Node/Prefix Label is unique throughout the network) Unlike LDP, label 100 does not change hop by hop with Segment Routing. Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes from PE2. BGP next hop is PE2 loopback on PE1. PE2 loopback is assigned label 100 and advertised in the IS-IS sub-TLV or OSPF Opaque LSA advertisements. In the above picture, Label 2000 is the VPN label which is advertised by PE2 to PE1 for the CE2 prefix. If you are familiar with MPLS VPNs, remember that P routers (P-1 and P-2 in the topology) are not aware of VPN label. P1 does not change the core/transport label (Label 100) , it just sends the packet to the P2. If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In sum, only the VPN label is sent to the PE2. Without using LDP but just by using IGP, MPLS VPN service is provided. Segment Routing does not require LDP for the transport tunnel because it uses IGP for the label advertisement. Please note that Segment Routing eliminates to use LDP only for the transport label operation only. If you setup MPLS layer 2 VPN service and use LDP for PW signaling , Segment Routing and Targeted LDP are used as two control plane protocols to setup MPLS L2 VPN. MPLS is very powerful with its applications. MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic Engineering are the most common applications of IP/MPLS networks. MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and Web OTT. More importantly, you can use all the MPLS applications with Segment Routing. Resource consumption such as the CPU and Memory can be reduced with Segment Routing greatly. Summary: Segment Routing and MPLS VPN are used in today networks together. Segment Routing just eliminates removing LDP and RSVP as Transport Mechanism , for the Service LDP and BGP is used to provision MPLS Layer 2 or MPLS Layer 3 VPNs. Segment Routing still requires LDP or BGP for the MPLS VPN service. They have to be running together in the network to create end to end MPLS VPN service.

Published - Tue, 26 Nov 2019

Created by - Orhan Ergun

May CCDE Practical exam results have been announced. Student feedbacks in this post!

Hello, May 2019 CCDE Practical exam results announced few days ago. I am happy to help 4 people to have their CCDE number on May 2019 exam. Congrats to Matt , Fredrik , Dmytro and Schilling for passing CCDE Practical exam. They received their numbers! Let me help you to get it now ! Next Webex CCDE Class will start in 10 days! You can see Webex based CCDE Courses by clicking here You can see Onsite/In-Class CCDE Courses by clicking here I would like to share their testimonials with you. Hope to see you in one of my classes soon.! Matt Cross – Technical Architect at Heartland – CCDE #2019::7 Orhan did an excellent job of filling in the gaps of knowledge that I had that took me to the finish line of the practical exam CCDE. The community of people that Orhan facilitates are both engaging and supportive of the journey to CCDE. Orhan was always quick to answer any email or chat messages that I sent him. Overall I am very happy with the time spent engaged in the material and bootcamp. Thanks Orhan! DmytroOsmachka – CCDE #2019::10 Orhan, I came, I learned and now I got my CCDE number! For those who prepare for the CCDE Practical exam, all what you need is some experience and Orhan’s guidance! Thanks Orhan for all your support. Shiling Ding – Sentinel Technologies – CCDE #2019::12 Just passed the CCDE Practical exam! I attended Orhan Ergun’s CCDE training program, used Orhan’s Instructor Led and Self-Paced CCDE training and Online CCDE Practical Scenarios during my CCDE journey. Orhan’s CCDE In Depth book is an excellent summary book about almost all topics related to CCDE. Orhan’s practical scenarios are well organized and discussions in his webex are very valuable. Orhan’s also from time to time host webex lectures on different technology topics, I find it’s another revenue to refresh and strength my understanding of different topics. Orhan’s study group is very active, different peers share their experience, discussion and insight on not only the CCDE but also different technologies. I surely appreciate Orhan’s excellent training materials, constant guidance and demonstrated dedication to help me get CCDE. As always, life is a constant learning experience, CCDE is only one of small steps! Please be aware: Many people still are not aware that we have started CCIE SP training. In fact some students already passed and I will try to announce them periodically. You can have a look at the details of CCIE SP training by clicking here CCIE SP and CCDE together provide operational and design experience, thus I recommend you to get Bundle CCIE SP and CCDE Course.  See you in one of the upcoming CCDE trainings! 

Published - Fri, 08 Nov 2019

Created by - Orhan Ergun

Recommended Networking Resources for September 2019 Second Week

There are so many good resources for Network Engineers out there. I started to share the ones I liked last week. Click here to see September 2019, First Week Networking Recommended Resources. As you know, I will share 5 resource every week. There are so many in my list already, I can’t wait for the next week to share next recommended 5 resources! Let’s start. This post is explaining the basics of Active-Active Datacenter concept. https://www.missioncriticalmagazine.com/blogs/14-the-mission-critical-blog/post/89161-architecting-for-activeactive-data-centers 2. BGP Information Security is very important to secure Global Internet. Origin Validation can be done in two ways, IRR and RPKI, Networks can have both at the same time. Below post explains RPKI (Resource Public Key Infrastructure) in very good detail. https://blog.cloudflare.com/rpki-details/ 3.  BIER (Bit Indexed Explicit Replication) is very cool new tool for scalable IP and MPLS Multicast Design. When I explain it in few words, I say, Segment Routing removes the requirement of LDP and RSVP for Transport LSP in MPLS, BIER does the same thing for Multicast Traffic. You don’t need PIM, mLDP etc. Below Packet Pusher podcast is all about BIER and couple other cool Datacenter specific Routing protocols (RFC 7938 type of Datacenter routing protocol) RIFT and BGP+SFC. PQ Show 115: BIER, RIFT & BGP+SFC At IETF 98 4. Is IPv6 faster than IPv4? Let’s try to understand what are the considerations IPv4 or IPv6 can be faster. Below APNIC post have some good statistics as well. Why is IPv6 faster? 5.  We have Flat Internet concept. Many large ASes exchange traffic in either Private or Public Peering with each other directly. Those networks are directly connected and their traffic is just one hop away. This effectively reduces average AS-Path length to 4 in Global Internet Routing Table (Commonly known as DFZ- Default Free Zone). Below research paper is explaining with a great analysis about Flat Internet paradigm and how networks are just one hop away mostly in today Internet.https://irtf.org/raim-2015-papers/raim-2015-paper20.pdf

Published - Fri, 08 Nov 2019

Created by - Orhan Ergun

Recommended Networking Resources for September 2019 Third Week

There are so many good resources for Network Engineers out there. I started to share the ones I liked on beginning of this month. Click here to see previous Networking Recommended Resources. As you know, I share 5 resource every week. There are so many in my list already, I can’t wait for the next week to share next recommended 5 resources! Let’s start. Below video is explaining different NAT concepts, specifically CGN (Carrier Grade NAT) and present some good statistics about usage of CGN in Mobile/Cellular Networks. 2. BGP Information Security is very important to secure Global Internet.  BGP Leaks effect potentially millions of users when it happens. Below post explains ‘What is BGP Route Leak’ , starting from ‘What is BGP’ and shows an example how by starting intentional Route Leak to steal crypto currency.  https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ 3.  Nice video on SD-WAN at DKNOG. Explaining some technical details but mainly stay at the architectural level.  4. For those who are looking to understand Diffserv (Differentiated Services) Quality of Service Architecture, must read RFC 4594.  https://tools.ietf.org/html/rfc4594 5.  Today, most of the IP networks use PIM (Protocol Independent Multicast) when they have Multicast in their networks.Before PIM, DVMRP was deployed in many large scale networks. In the below video, GEANT (European Research Institute) explains how they deployed DVMRP and how they migrated from DVMRP to PIM, and the reasons for migration.

Published - Fri, 08 Nov 2019