Orhan Ergun No Comments

Single Vs. Dual Carrier Design

Companies don’t always have high availability. What’s more, there is always a concern of budget and complexity with the high availability even though a number of factors need to be considered during network design.

If the applications of the company do not require high availability, dual carrier or two links to the same carrier is not necessary.

Multihoming refers to a connection to the two different carriers/service providers even though two routers via two links to the same provider is not considered multihomed.

Read more

Orhan Ergun No Comments

Dual Core Network Design

Dual Core Network Design – Dual core design, also known as dual plane or disjoint plane topologies, refers to a highly redundant network chosen by companies whose main objective is to improve the resiliency of their network. Created using different data planes, dual core design is implemented by companies that receive the service from the different service providers. Put simply, big companies use dual core design in order to improve their network. Institutions that generally use this design are found in Europe; they include banks, hospitals, and other financial institutions. What’s more, some companies outside Europe use this design.

The links – passing through same fiber conduit, building, town, or city – are identified as Shared Risk Link Group (SRLG) since they share the same fate if there are any technical glitches. It is pertinent to carefully identify SRLG links between the providers. And if there are shared links, diverge links should be demanded.

core network design


Read more

Orhan Ergun 2 Comments

What is The Real Reason Behind IP and MPLS Traffic Engineering ?

MPLS traffic engineering has many use cases and it helps to solve the problems in an MPLS enabled networks.

These use cases are in general; QoS guarantee, End to End SLA , Fast reroute, Admission control and so on.

All of them at the end is done for the COST SAVING.

The real reason behind MPLS Traffic engineering is cost saving. This is same for the IP Traffic Engineering as well.

Sometimes as a technical people we tend to forget the real reason behind these technologies and push ourselves to make it work on the network although we could find an easier, simpler, flexible, scalable solutions since we don’t focus on the business problem.

In this article I will show you couple alternative ways for the traffic engineering and then explain why you wouldn’t need MPLS Traffic engineering for the link bandwidth utilization.


traffic engineering fish problem

Read more

Orhan Ergun 30 Comments

VPN Design discussion

In this post, I will give you a business requirements and information about the business of a fictitious company,together we will try to find an optimal solution for the given questions.

There will be many valid solution as you will see from the comments, we will have to make tradeoffs between each design goals while selecting one design vs another.  Read more

Orhan Ergun 12 Comments

Network Complexity

Network complexity plays a very important role during network design. Every network designer tries to find the simplest design.

Although there is no standard definition for the network complexity yet, there are many subjective definitions.

In today network designs decisions are taken based on an estimation of network complexity rather than absolute, solid answer.

If you are designing a network, probably you heard many times a KISS (Keep it simple and stupid) principle.

We said that during a network design you should follow this principle. As you will see in the later in the article ,if you want to have robust network you need some amount of  complexity.

Today I throw a new idea which we should use as a principle for the network design.

“SUCK” it is the abbreviation of “SO UNNECESSARY COMPLEXITY IS KEY”.

People refuse to have network complexity and believe that network complexity is bad. But this is wrong !

Every network needs complexity, network complexity is good !

Let me explain: Read more

Orhan Ergun 27 Comments

Campus Network Design Scenario

In this post I will give you a campus network design scenario and as always will wait your answers.

You need to specify what are the mistakes, you need to recommend a technical solutions to Superent which is a fictitious company and don’t forget to give your answers based on customer requirements rather than industry best practices whenever if it is applicable.

If requirement is not given, you should follow the standards/best practices. Read more

Orhan Ergun 25 Comments

OSPF Design Challenge

OSPF and MPLS is most commonly used two technologies in an MPLS VPN environment.

In this post I will share a mini design scenario with you and ask couple questions about the fictitious company architecture.

Read more

Orhan Ergun 31 Comments

OSPF protocol

OSPF Protocol – OSPF, Open shortest path first is a dynamic routing protocol which creates a topology between the routers to distribute routing information inside an Autonomous system.

If you are not familiar with OSPF, don’t worry ! In this article OSPF will be explained in great detail.

Are you interested in design aspect of OSPF, many OSPF design examples will be covered in the article.

Maybe OSPF network engineering interview question is what you are looking for. Read more

Orhan Ergun 8 Comments

CCDE Practical Exam Blueprint

What is in the CCDE Practical exam blueprint ?

If you passed CCDE Written ( 352-001 ) already, practical exam is the only barrier between you and certificate !

Below blueprint is the first step for your CCDE journey.

You will know that what are the concepts which you need to be an expert !

Read more

Orhan Ergun 4 Comments

Active-Active Data center Design Models

Active-active data center design can be accomplished in many ways.

You want to have best possible data center design, don’t you  ?

I will mention from some technologies which are used in an active-active data center design at the end of this article.

Read more

Orhan Ergun 3 Comments

Route Redistribution Best Practices

You need route redistribution for many reasons.

In this post,the drivers for the route redistribution but more importantly the best practices for applying route redistribution will be explained in great detail. Read more

Orhan Ergun 1 Comment

Network Design – Physical Topology Matters

Short time ago I published a video on my youtube channel about Triangle vs Square Network Topology and I highly recommended triangle topology whenever it is possible.

I received couple of questions about the topologies and wanted to explain one of them in this post for everyone.

I used below topology in the video;



Left picture illustrates the triangle physical topology and right one for the square topology.

Distribution layer devices are advertising the same networks in both topology. It says router but it could be the Multilayer switch as well.

Assume we are running OSPF but using triangle instead of square applies to any other IGP protocol ( EIGRP , IS-IS , even RIP ).

The reason you want to use triangle topology is high availability.In the left topology if the link between core and distribution layer fails, will not be any routing protocol convergence  since the core devices will do the ECMP ( Equal Cost Multi Path) towards distribution, and distribution will do ECMP towards core thus all the links will be in the RIB and FIB so will be used actively. ( Flow based load-balancing ).

For the square topology; if the same link fails , since the left core device to destination prefix through the other core device metric is higher than the direct (failed) path , there is no equal cost and unless you enable Unequal cost multi path with EIGRP , you can’t place two routes for that prefix in the FIB. ( You may want to check OSPF Optimized Multipath draft ).

Question : In real life deployment , would we announce the same prefix from the two different distribution switches as depicted in the picture ?.

Answer : Yes we do. If we have distribution layer as depicted in the picture, which mean we have access layer as well. If Access layer is layer 3 which mean, default gateway for the devices is the access layer switch, then access and distribution layer would be running routing protocol.And from the design point of view you would want to run OSPF since between distribution and core is also OSPF and you don’t want to have more than one IGP in your topology unless you have to.

I used layer 3 access as an example for the simplicity but, we announce the prefixes from both distribution layer devices with multilayer access design ( Access-Distribution Layer 2 ) with or without MLAG ( VSS , VPC , MLAG with ICCP ). If you are using MLAG based solution, it is a matter of the number OSPF neighbour ship counts. I would want to see your comment if you know/guess the reason.

Orhan Ergun 12 Comments

CCDE Before and After !

Don’t expect technical topic in this post. Instead I wanted to show how was my situation before and after the CCDE – Cisco Certified Design Expert !. Enjoy 🙂



Orhan Ergun ( At the Right, Handsome one 🙂 ), Neil Moore (Only 8xCCIE in the world at the left) and Brian McGahan ( INE ) at the back.



Celebration time.. Thanks to my wife !

And.. Certificate comes. I hope this blog helps to get your CCDE.


Orhan Ergun No Comments

Network Design Mistakes

Orhan Ergun prepared a topology for the CCDE students. A topology has full of design mistakes and 2 CCDE candidates will try to find the issues. Orhan will help them but let’s see if they can find all the mistakes. Enjoy !

Orhan Ergun 5 Comments


Why you want to use particular first hop redundancy protocol. In this video Orhan Ergun is explaining Cisco specific HSRP ,GLBP and industry standard VRRP protocols.

What are the design considerations ?.

Orhan Ergun 5 Comments

Spanning Tree CST , PVST+ , RSTP and MST

In this video Orhan Ergun explains all the spanning tree modes and compare them from the design point of view. If you need scalability use MST , if you want fast convergence and flexibility use RSTP and so on. If you want me to share more spanning tree videos or explain specific technology please comment below.


Orhan Ergun 2 Comments

MPLS Layer 2 and Layer 3 VPN

RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.

In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and  defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.

With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.

Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.

With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.

Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.

If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.

In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.

All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.

One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.

If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.


Orhan Ergun 20 Comments

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.

Our aim is to carry all the customer routes between the service providers.

There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.



option a


 Figure 1: Inter-AS OptionA

I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.

In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.

The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).

Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.

The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.

For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.

PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).


Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.


SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.

Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.

However, other Inter AS VPN options do not have these capabilities.

ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.

For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs  same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.

SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed  from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.

ASBRs associate each such sub-interface with a VRF.

Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.

Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol,  it is operationally cumbersome thus hard to scale.

Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.

In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.

Between the service providers on ASBRs, either IGP protocols or EBGP is used.

More importantly, other Inter AS Options (Inter AS Option B and Inter AS Option C) require additional control-plane protocols to advertise the customer or infrastructure prefixes between the ASBRs.

Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)

For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.

MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.

Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.



Inter AS MPLS VPN Options Comparison


Do you use MPLS VPN service? Is it from one provider or multiple providers?

Let’s talk about your design in the comment section.