Ahmed Eldeeb 1 Comment

ARP, ARP Inspection, ARP Types and Deployment Considerations

Layer 2 security –  ARP and ARP Inspection




This article is the second of our layer 2 attacks identification and mitigation techniques series, which will be a part of a bigger series discussing Security Infrastructure. Dynamic ARP Inspection relies on DHCP snooping technology explained in the previous article. It’s strongly recommended to be familiar with DHCP snooping, if you are not, just take a quick look at it.

Read more

Ahmed Eldeeb 1 Comment

Layer 2 security – DHCP Details, DHCP Snooping

Layer 2 security – DHCP Details, DHCP Snooping 



This article is the first of a series explaining layer 2 attacks identification and mitigation techniques, which will be a part of a bigger series discussing Security Infrastructure.


We will be discussing the most common attacks and how to mitigate them; but more important, we will discuss deployment and design considerations.


During this series of articles, I will follow two different approaches;

1) Explain attacks related to OSI model layers (Like this layer2 security series)

2) Securing a specific traffic flow (Like securing user Internet traffic)

There will also be video lectures, webinars, and open discussions at the end of each major part. If you are interested in security infrastructure architecture, stay tuned.



Read more

Orhan Ergun No Comments

Spanning Tree Best Practices

Spanning Tree Protocol (STP) is a control plane mechanism for Ethernet. It is used to create a Layer 2 topology (a tree) by placing the root switch on top of the tree.

Since classical Ethernet works based on data plane learning and Ethernet frames don’t have TTL for loop prevention, loops are prevented by the STP blocking the links.

As you can see from the below figure, some links are blocked by the spanning tree. If Spanning Tree wouldn’t block those links, loop would occur in the below topology.

Read more

Orhan Ergun 1 Comment

What is flow-based load balancing ?

Flow-based load balancing is used mostly in layer 2 networks, although in Layer 3 routing, packets can be load balanced per packets or per flow, flow-based load balancing is commonly used with the Local area network, datacenter and datacenter interconnect technologies.

There are two important load balancing mechanisms in layer 2. Vlan-based load balancing and Flow-based load balancing. Understanding the differences of these two is important for network engineers, thus please read Vlan-based load balancing post from here as well.

Load-balancing is probably a wrong term though and load-sharing should be used for stateless devices and I explained the differences between load-balancing and load-sharing here.

Let’s look at below figure to understand flow-based load balancing.

flow-based load balancing

Figure -1 Flow based load balancing with basic switch topology

Read more

Orhan Ergun 1 Comment

What is VLAN Load Balancing?

In layer 2 switching, the Ethernet frames should be received from the same port where it was sent, otherwise layer 2 switching or switching loop occurs.

Let me explain this concept with the topology depicted below (Figure -1).


vlan load balancingFigure -1 VLAN load balancing

In the above figure, either Port 1 or Port2 is used to send the traffic, and the same port should be used to receive the traffic. The switches use MAC addresses to process the Ethernet frames. Read more

Orhan Ergun No Comments


HSRP VRRP GLBP Comparison– In this post I am going to cover the similarities and the differences between HSRP VRRP and GLBP protocols.

All these technologies provide first hop redundancy for the hosts.

I will use the below table for HSRP VRRP GLBP Comparison and the design attributes listed in it.

For the more technology comparison tables such as MPLS , Quality of Service , Multicast, VPNs , Security and more please click here.


Read more

Orhan Ergun 5 Comments

Datacenter Design: Shortest Path Bridging

IEEE 802.1aq Shortest Path Bridging (SPB) uses IS-IS as an underlying control plane mechanism that allows all the links in the topology to be active.

In sum, it supports layer 2 multipath. SPB is used in the datacenter; however, it can also be used in the local area network. In this article, Figure-1 will be used to explain shortest path bridging operation.

leaf and spine


Read more

Orhan Ergun 35 Comments


HSRP, VRRP and GLBP are the three commonly used first hop redundancy protocols in local area networks and the data center.

In this post, I will briefly describe them and highlight the major differences. I will ask you a design question so we will discuss in the comment section below.

hsrp vrrp glbp

source: Orhan Ergun CCDE Study Guide – Workbook

Read more

Orhan Ergun 2 Comments

Why and Where Ring topology is used ?

Ring topology is used mostly for economical reason. It is very common topology in the service provider access, and it is not so uncommon in Aggregation and Core ( Backbone ) networks as well.

Long haul links are expensive thus in order to provide last mile connectivity in the Service Provider access domain, nodes might be connected to the closest nodes which have similar functionality. Read more

Orhan Ergun 3 Comments

Common Networking Protocols in LAN, WAN and Datacenter

Spanning Tree, Link Aggregation , VLAN and First Hop Redundancy protocols are used in Campus, Service Provider Access and Aggregation and in the Datacenter environment. There are definitely other protocols which are common across the Places in the Networks but in order to keep this article short and meaningful I choose these four. Read more

Orhan Ergun 1 Comment

Bridging, Provider Bridging, Provider Backbone, and Shortest Path Bridging

I received an interesting comment to my last post on networkcomputing  It was about Avaya’s SPB and how it served in the core of the network at the Sochi Olympics.

For those who are not familiar with acronym, SPB stands for Shortest Path Bridging and it is used for large scale bridging in the data center (Though it is not limited to datacenter environment).

Since the Idea behind of SPB is removing the Spanning Tree protocol and benefits from multipathing which can be easily achieved with layer 3 routing, with SPB,bridging can be implemented in a smarter way. Also better resiliency is achieved with SPB compare to the classical bridging.

In this post I will explain large scale bridging, layer 2 multipathing technologies, some vendor implementations such as Fabricpath of Cisco , SPB of Avaya. I will mention their pros and cons as well. Before going technical details of these technologies, let’s examine traditional/classical bridging, let’s see how large scale bridging problem is solved while examining resiliency and multipathing capabilities of each solution.

Read more

Orhan Ergun 1 Comment

Network Design – Physical Topology Matters

Short time ago I published a video on my youtube channel about Triangle vs Square Network Topology and I highly recommended triangle topology whenever it is possible.

I received couple of questions about the topologies and wanted to explain one of them in this post for everyone.

I used below topology in the video;



Left picture illustrates the triangle physical topology and right one for the square topology.

Distribution layer devices are advertising the same networks in both topology. It says router but it could be the Multilayer switch as well.

Assume we are running OSPF but using triangle instead of square applies to any other IGP protocol ( EIGRP , IS-IS , even RIP ).

The reason you want to use triangle topology is high availability.In the left topology if the link between core and distribution layer fails, will not be any routing protocol convergence  since the core devices will do the ECMP ( Equal Cost Multi Path) towards distribution, and distribution will do ECMP towards core thus all the links will be in the RIB and FIB so will be used actively. ( Flow based load-balancing ).

For the square topology; if the same link fails , since the left core device to destination prefix through the other core device metric is higher than the direct (failed) path , there is no equal cost and unless you enable Unequal cost multi path with EIGRP , you can’t place two routes for that prefix in the FIB. ( You may want to check OSPF Optimized Multipath draft ).

Question : In real life deployment , would we announce the same prefix from the two different distribution switches as depicted in the picture ?.

Answer : Yes we do. If we have distribution layer as depicted in the picture, which mean we have access layer as well. If Access layer is layer 3 which mean, default gateway for the devices is the access layer switch, then access and distribution layer would be running routing protocol.And from the design point of view you would want to run OSPF since between distribution and core is also OSPF and you don’t want to have more than one IGP in your topology unless you have to.

I used layer 3 access as an example for the simplicity but, we announce the prefixes from both distribution layer devices with multilayer access design ( Access-Distribution Layer 2 ) with or without MLAG ( VSS , VPC , MLAG with ICCP ). If you are using MLAG based solution, it is a matter of the number OSPF neighbour ship counts. I would want to see your comment if you know/guess the reason.

Orhan Ergun No Comments

Network Design Mistakes

Orhan Ergun prepared a topology for the CCDE students. A topology has full of design mistakes and 2 CCDE candidates will try to find the issues. Orhan will help them but let’s see if they can find all the mistakes. Enjoy !

Orhan Ergun 5 Comments


Why you want to use particular first hop redundancy protocol. In this video Orhan Ergun is explaining Cisco specific HSRP ,GLBP and industry standard VRRP protocols.

What are the design considerations ?.

Orhan Ergun 5 Comments

Spanning Tree CST , PVST+ , RSTP and MST

In this video Orhan Ergun explains all the spanning tree modes and compare them from the design point of view. If you need scalability use MST , if you want fast convergence and flexibility use RSTP and so on. If you want me to share more spanning tree videos or explain specific technology please comment below.