Orhan Ergun No Comments

Last 5 Days to Enjoy the DesignWorld Subscription Discount

Hello Everyone

As you all know, the DesignWorld is a place where you can find network design videos, articles, quizzes, and comparison charts. Currently, only CCDE resources are there, but the good news is that other courses will be added, too. In addition, CCDA and CCDP courses will be added.

There was a promotion for the DesignWorld subscription. It has been sold for a $499, which is 50% of the actual price($999).

We announced this discount for only 50 people. Although more than 50 people have already registered, now we have decided to extend it by more than 5 days. So, hurry now to subscribe!

Read more

Orhan Ergun No Comments

April 2016 CCDE Bootcamp

CCDE Bootcamp – This is an Online Cisco CCDE exam preparation training.

Probably you all know the success of Orhan Ergun’s CCDE Bootcamps and how it has been helping so many engineer become a better network engineer/designer. If you don’t know, please just take a tour on the website. Check the Success Stories, Why Orhan and the Sample Videos.

Let’s continue to our journey with the April 2016 CCDE class.

Please note that, there is a 20% discount for the early registrations. February 15 is the last day.

Come and learn the network design from the best !

Read more

Orhan Ergun No Comments

CCDE Study Guide

CCDE Study Guide – Are you looking for a book that will teach you all the topics on advanced technical networking? If so, I would be very pleased to recommend CCDE Study Guide written by Marwan Al-Shawi to you.

As one of the professionals who contributed immensely to this book, I must admit that Marwan wrote this book in collaboration with a number of savvy designers. IT experts who contributed to this wonderful book include Russ White, Andre Laurent, Denise Fishbourne, Ivan Papeljnak, and Orhan Ergun. In fact, all the IT concepts in this book are enlightening! The book has many drawings, which will assist learners to understand network design.

Today, I spoke with one of my old friend, an expert in CCDE, who read Marwan’s book, and his comment was this: “The book contains pictures that explain a thousand words.”

Read more

Orhan Ergun 1 Comment

January 2016 Online CCDE Bootcamp

I have just decided to schedule my next online class for the February 2016 CCDE Practical exam preparation because of three reasons. One is the high level of demand for my early CCDE bootcamps; the other is the overwhelming number of students pursuing the CCDE; the last is the high numbers of students who passed the exam from my class.

Click here for an overview of the students who have passed the latest (October 2015 ) CCDE Practical exam.

This class will not only include an overview of the technology concepts needed to pass the exam but also include several mini and full design scenario that mimic the structure of the CCDE lab exam.

Read more

Orhan Ergun 6 Comments

November CCDE Achievers

I am very proud to announce that Daniel Lardeux, Johnny Britt and Mohammad Haddad passed the CCDE Practical exam yesterday and they joined the CCDE Club, which is one of the most respected IT certifications.

Their CCDE numbers will arrive in a couple of days.

See the existing Global List of the CCDEs, their companies and numbers here. If you are not in the list, have changed your company or want to be on the list, contact me.

Daniel and Mohammad joined my July class and Johnny used the CCDE Practical preparation bundle.

I would like to stress that four guys from my class or using my preparation resources attempted the November 2015 CCDE Practical exam and three of them passed! A 75% success rate is not a small thing for this certification.

They all glad that they have not only learned the CCDE-related topics but also the real life network design.

Read more

Orhan Ergun 2 Comments

Cisco CCDE Practical Self Study Materials

CCDE Practical Self Study Materials are available now !

Update : This materials are more than a year old. New workbook will release by July 15th 2016 as hard copy only. Old materials only cover 30% of the new book. Also videos are not available for download anymore, only can be accessible with subscription. Please click here for subscription. 

 

Advanced Technologies Workbook

Update : New book has 50+ Case Studies, 20+ Comparison Charts , 10 Design Quizzes and Answers , as well as full length CCDE Practical Scenario.

 

Old Book : Design advices from a practical standpoint , more than 10 case studies and 1 CCDE practical sample scenario. You will have 1 year free update.

Read more

Orhan Ergun 6 Comments

Russ White – Orhan Ergun CCDE Practical Exam Scenario

I am glad to announce that Russ White and I have been preparing a CCDE Practical Exam ( Lab Exam ) Scenario. This is the most realistic scenario available anywhere. Why? Because it is not only prepared by a CCDE but also by one of the exam founders!

Disclosure : This is not asked in the CCDE exam , but the structure and idea is very similar to what would be found in the exam.

Russ White is one of the CCDE exam founders and the Author of Optimal Routing Design, Practical BGP, Advanced IP Network Design, and many other network design and architecture books. Russ and I have put much effort into preparing this scenario.

I will first present this scenario for the first time in the July CCDE Training class. (You can see from here the topics which I will talk about in the class as well.)

There are already more than 20 people in the class and multiple people will attend the CCDE Exam in August. I am sure this scenario will be an excellent resource for the CCDE candidates.

If you want to be a good network designer as well as a CCDE, it is not enough to understand the technologies alone, but you also need to understand how business intersects with those technologies.

You need to understand how business drives the network, and how the network can drive the business.

How can you analyse the network ? How can you prepare an architecture ? What are the attributes of good design? What are the most important tradeoffs? All of this will be discussed and more!

This is the ONLY CCDE Design class offered online. Travel and time away from home is null thus saving you not only time but money!

UPDATE: THE JULY CLASS IS FULL!
REGISTER FOR YOUR SEAT AT THE OCTOBER CLASS NOW BEFORE IT SELLS OUT!

Orhan Ergun 4 Comments

CCDE Practical Training Demo Video

I have been delivering CCDE practical training for quite some time. Couple months ago I have started a survey for my CCDE training. 134 people voted and here is the results.

ccde practical class

Read more

Orhan Ergun 28 Comments

CCIE vs CCDE

CCIE vs.CCDE is probably one of the most frequently asked questions by networking experts.

How many times have you asked yourself or discussed this topic with your friends? Many times, right?

I have CCIE routing switching and/or service provider, should I continue to design certificates such as CCDE or should I study for another expert level certification, perhaps virtualization certification?

To illustrate my answer, let me give you an example.

Consider that you would build Greenfield network. (Usually, it is the same for Brownfield as well).

First, you need to understand the business, how many locations it has, where it is located, where is HQ or HQs, Datacenter, POP locations, and so on.

After that, you try to understand how the business can assist its consumers.

It can be retail, airport, stadium, or service provider network.

All these businesses have similar and different requirements,

For example, stadium architecture requires you to have ticketing systems, access control systems, and streaming the game, all of which are connected to the network. So, you need to understand the business requirements, how they want their revenue to appear, and how their systems interact with one another. Then, you will provide the business an architecture to support its requirements.

You may need to enable QoS or Multicast for that application, as an example.

Architecture refers to the process of gathering, analyzing, and clarifying the business requirements.

Without Architecture, a Design Is Just a Guess

The designer needs to understand the business objectives and high-level functional specifications.

In the retail store example, store sales information may be updated with some central locations such as Datacenter for the purpose of analyzing data only, and high availability requirements of the store may not have much priority.

Now, let me give an example that shows that it is pertinent that you understand why a design is important and why it requires different strategies.

A Business has 1000 sites connected to two data centers. (Technically, we call it Hub and Spoke).

It plans to open 1000 additional sites within 2 years.

The business wants to operate its WAN network. While its data is highly classified, the business carries a small amount of data between remote sites and data centers.

The business can tolerate up to half an hour downtime. Since the enterprise has many remote sites, it wants to reduce the cost of devices in the remote offices.

Ideally, the enterprise wants to operate those sites using small resources on its devices. And since there are many sites, it wants the most cost effective WAN solution.

As you must have observed, I did not mention anything technical so far.

All these requirements can be received from the business leader, perhaps the CIO or CTO of the company.

Let me translate these business requirements and the structure of the technical terms.

  • The company has many sites, and it needs scalable design.
  • The available requirements are not tight.
  • The business’s network physically fits Hub and Spoke (Star) topology.

So far, MPLS L3 VPN service from the provider seems suitable for its requirements. Let’s continue.

  • The business wants to operate its WAN network.

Now, we have eliminated the MPLS L3VPN option. If you get l3 VPN from the provider, you can have multi-point-to multi-point capability; however, you may lose your control. This is because you are transferring SLA and risks to the service provider even though you depend on their performance and control.

After understanding the architecture and business requirements, translating those requirements to technical solution is the design.

You can come up with many valid design alternatives.

But you should always proffer the simplest solution.

  • The business believes that its data is highly confidential, so we need to encrypt its data.

Based on the business requirements, IPSEC over DMVPN would be a valid design.

DMVPN can be set up over leased lines, virtual leased line, Internet, and so on.

Since its availability requirement is not tight and the business wants the most cost effective design, IPSEC over DMVPN over the Internet is suitable.

The equipment choice is important, but not necessarily, from the design point of view. The CCDE task is generally a CCDA engineer’s job.

If you are lucky, you can tell your boss that it is not your job

Which routing protocol would you choose? More importantly, do not forget that they have two data centers.

Architecture understood the applications and the systems, all of which the business needs. The business also needs the interactions those systems have with each other at the conceptual level.

The designer will translate those requirements to the technical requirements. After that, the designer will find the best technologies for these requirements.

CCIE as an operational task will translate these technical requirements and technologies to low-level configuration state.

The designer doesn’t configure NHRP, IPSEC Crypto, Routing Protocols, Redistribution, Area Assignment, and so on.

CCIE does not necessarily need to know if EIGRP or OSPF would be a better option for the business. However, CCIE needs to know how links can be assigned to the OSPF Areas, how EIGRP Stub is configured, and so on.

What would be your design for the above business requirements?

 

Orhan Ergun 25 Comments

OSPF Design Challenge

OSPF and MPLS is most commonly used two technologies in an MPLS VPN environment.

In this post I will share a mini design scenario with you and ask couple questions about the fictitious company architecture.

Read more

Orhan Ergun 17 Comments

CCDE Training

I am very pleased to announce that my student Hamed Zolghadri passed the CCDE Practical exam in February, and now he has joined the CCDE club Read more

Orhan Ergun No Comments

CCDE Practical exam preparation – Podcast

Wouldn’t you want to listen the story from the guys who passed the CCDE exam ?

What are their CCDE Recommended reading list ?

Is there any CCDE Training which they suggest for CCDE Preparation?

Which technologies they recommend for the CCDE candidates to focus ?

Read more

Orhan Ergun 8 Comments

CCDE Practical Exam Blueprint

What is in the CCDE Practical exam blueprint ?

If you passed CCDE Written ( 352-001 ) already, practical exam is the only barrier between you and certificate !

Below blueprint is the first step for your CCDE journey.

You will know that what are the concepts which you need to be an expert !

Read more

Orhan Ergun 3 Comments

Route Redistribution Best Practices

You need route redistribution for many reasons.

In this post,the drivers for the route redistribution but more importantly the best practices for applying route redistribution will be explained in great detail. Read more

Orhan Ergun 4 Comments

BGP Route reflectors and potato routing

Hot_Potato

If you are designing enterprise, service provider, even datacenter networks you have to understand BGP route reflector.

You want to know what is hot , cold and mash potato routing. Read more

Orhan Ergun 12 Comments

CCDE Before and After !

Don’t expect technical topic in this post. Instead I wanted to show how was my situation before and after the CCDE – Cisco Certified Design Expert !. Enjoy 🙂

BEFORE

before_ccde

Orhan Ergun ( At the Right, Handsome one 🙂 ), Neil Moore (Only 8xCCIE in the world at the left) and Brian McGahan ( INE ) at the back.

AFTER

ccde_cake

Celebration time.. Thanks to my wife !

And.. Certificate comes. I hope this blog helps to get your CCDE.

ccde_cert

Orhan Ergun No Comments

Network Design Mistakes

Orhan Ergun prepared a topology for the CCDE students. A topology has full of design mistakes and 2 CCDE candidates will try to find the issues. Orhan will help them but let’s see if they can find all the mistakes. Enjoy !

Orhan Ergun 2 Comments

MPLS Layer 2 and Layer 3 VPN

RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.

In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and  defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.

With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.

Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.

With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.

Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.

If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.

In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.

All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.

One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.

If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.

 

Orhan Ergun 20 Comments

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.

Our aim is to carry all the customer routes between the service providers.

There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.

 

 

option a

 

 Figure 1: Inter-AS OptionA

I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.

In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.

The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).

Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.

The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.

For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.

PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).

 

Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.

 

SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.

Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.

However, other Inter AS VPN options do not have these capabilities.

ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.

For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs  same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.

SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed  from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.

ASBRs associate each such sub-interface with a VRF.

Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.

Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol,  it is operationally cumbersome thus hard to scale.

Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.

In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.

Between the service providers on ASBRs, either IGP protocols or EBGP is used.

More importantly, other Inter AS Options (Inter AS Option B and Inter AS Option C) require additional control-plane protocols to advertise the customer or infrastructure prefixes between the ASBRs.

Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)

For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.

MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.

Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.

 

Inter-AS MPLS VPN s

Inter AS MPLS VPN Options Comparison

 

Do you use MPLS VPN service? Is it from one provider or multiple providers?

Let’s talk about your design in the comment section.