Sunday, January 29, 2017

STP Failover Scenario-1

Networks Baseline
STP Failover Scenario-1

Well we already discussed about the STP ( Spanning Tree Protocol ) and the BPDU associates with it and also we discussed on the BPDU (  BPDU Configurational and BPDU TCN ).

Even we discussed on RSTP as well that how the convergence time is quicker in the case of RSTP. The reason i guess you know now as you had gone with all the previous articles of STP, RSTP.

Today i will discuss on the how failover in the STP will comes when the links between the switches are down and how path is re-selected for the frames to be floated from source to destination.

Audience # CCNA R&S, Network Engineer, Network Experts, Network Design Experts, NOC/TAC Engineer and Systems Engineer.

Let's start with the example or the scenario as defined below 

Fig 1.1- STP Link Failure
Now as per the above picture you can see that we have the failure of the link between the Switch or Catalyst A and Catalyst C. Please don't misunderstood regarding the catalyst. Catalyst is same as switch.

Now Catalyst A is the root bridge here, When link between switch A and Switch C fails. FE1/2 of switch C will transition to Forwarding status. But there is change in the topology and Root Bridge or Catalyst A will send the TCN BPDU to all switches or catalyst ( as there is change in the topology now ). 15 seconds is for CAM table to time out and start process of  re-fresh or  re-flooding from time of TCN BPDU arriving at switch. As Root Bridge says to clear your CAM tables so that you can get the TCN BPDU further.So Switch C waits for TCN BPDU from Root after the failure.  Root SW A sends TCN to B, B sends it to SW C who will change its port upon receiving TCN. I guess you are able to understand now... No ?

Let me explain in another way , Link that is Root port on C goes down, C still has other port getting BPDUs from B so it does not have to wait for timer to expire (no need for 20 sec max age) and moves the other port to listening, learning , and forwarding.This is layer 1 failure on same switch that has root and blocking port. Switch knows that one of its port failed so starts STP process on the other port skipping 20 sec. Total 30 sec

Note: STP only Root switch will send TCN when it hears about topology change. When non-root switch gets it, it starts 15 sec timer and sends TCN ACK back to Root.

Hope it clarify the failure scenario in the STP which causes TCN BPDU to comes in to the picture. We will come with another failure scenario where the link between the Catalyst A and Catalyst B fails and then we will discuss what happen and how TCN BPDU will generate and how much time it takes in STP to converges.

Monday, January 23, 2017

The Concept of VDC ( Virtual Device Context ) - Nexus Switches

Networks Baseline
The Concept of VDC ( Virtual Device Context ) - Nexus Switches

Whenever you are talking about the Cisco datacenter environment in Nexus Switching, VDC is the first thing is in your mind. VDC ( Virtual Device Context ) is actually the separation of the single physical Nexus chassis into various different virtual chassis. So in simple words you can say that a single chassis divided into more than 2 chassis virtually to operate differently.

Audience # CCIE-Datacenter, Nexus Switching Experts, Network Experts, Network Engineers, Network Architect and Network Design Experts.

Before starting with the VDC ( Virtual Device Context ), you need to know where VDC works and how. The VDC feature can be enabled in the Cisco Nexus 7k Chassis. There are lot of models available in Cisco Nexus 7K Chassis and they are

  • Cisco Nexus 7004 Chassis
  • Cisco Nexus 7009 Chassis
  • Cisco Nexus 7010 Chassis
  • Cisco Nexus 7018 Chassis
All these Nexus datacenter chassis are equipped with this feature called as VDC ( Virtual Device Context ). So now question is why we required VDC ? How we create VDC in the enterprise network and how many VDC's can be created from the single Chassis.

Fig 1.1- VDC's in Nexus Chassis

Why we required VDC ? 
Well all these questions can be addressed differently as per the first question, VDC is generally used to lower the running costs of the physical chassis. Let us suppose you have 3 layer architecture in your datacenter environment, what are you laying there, Cisco Catalysts 6500 Chassis in the Core, Cisco Catalysts 6500 chassis in the distribution layer and at the access you can have various cisco chassis like 3800 series catalysts switches or 2960 switches or any other as per the design the requirement of the network. There is good amount if investments on Cisco 6500 Chassis or 6800 Chassis for this design recommendations. 

With the help of VDC ( a feature only used in Cisco Nexus 7k Chassis ) we have Single Nexus 7k Chassis and divided into 2 parts virtually and it acts differently on Core and distribution layers. So as per the good design you have the Nexus 7K Chassis in the peers, so you have 2 Physical Chassis and 4 Virtually Chassis representing Core and Distribution with vPC feature enabled and high capacity traffic from server to core. Similarly for the connectivity of the one datacenter to another datacenter, you can also create the another VDC from the same single Chassis named as OTV for the inter-datacenter connectivity.

Note: Make sure if there are 3 VDC's you are creating, it means they are 4 VDC's. How ?
  • 1 VDC : Core
  • 1VDC: Distribution 
  • 1 VDC : OTV 
  • 1 VDC : Admin VDC from where you actually creating all VDC's in the chassis.
How we create VDC in the enterprise network ?
It totally depends upon the need and the recommendation or the design of the enterprise network we required. If it's a standalone datacenter, then perhaps we required only 2 VDC's with 1 Admin VDC in the network or if there is any kind of the traffic is flowing with in two datacenter or one datacenter is shadowing the other datacenter then there will be another VDC named as OTV comes into picture. 

I knew your next question and that is What is OTV ? Well we will come up with OTV feature in the Nexus in the upcoming articles, but here we are totally discussing about the VDC feature in the Nexus Devices.

Fig 1.2- Cisco Nexus VDC Architecture

How many VDC's can be created from the single Chassis ?
This is interesting question, Well for this you need to know about the supervisor engine used in the Nexus Chassis or however if you are new to Nexus environment you can understand the supervisor concept from the Cisco Catalyst 6500 or 6800 Chassis. 

Nexus 7K can be used with the two Supervisor engines, Like if we are talking about the Nexus 7010 Chassis, it means it has 2 Supervisor engines and other 8 Slots are for I/O modules where you can use F or M modules. ( We will discuss F and M Modules in later article with the use cases )

So we have 3 kinds of Supervisor engines in Nexus Chassis can be used and they are :
  • SUP1
  • SUP2
  • SUP2E
What is the difference between these SUP Engines and how it impacts VDC's in the chassis ?
That is the  valid question, let me explain you these, These SUP engines are actually the evolution of the technology with the upgraded features and support, so we have the following Architecture with these SUP Engines

  • With the use of SUP 1 in Nexus Chassis, you can maximum create 4 VDC in Nexus Chassis
  • With the use of SUP 2 in Nexus Chassis, you can create 5 VDC's
  • With the use of SUP2e in Nexus Chassis you can create 9 VDC's
Hope with this article you are able to understand the concept of VDC's in the Datacenter environment. If still you have any queries please feel free to comment on the posts so that we can reply you back with your answers.

MPLS Route Target ( RT )

Networks Baseline
MPLS Route Target ( RT )

Route Target is one of the extended community of BGP used in MPLS networks. Before to understand the concept of the Route Target, you need to understand the basic concept like VRF, RD which is generally used in MPLS network. VRF ( Virtual route forwarding ) and RD ( Route distinguisher ) which we discussed earlier in the post, Now the other major and important term is RT ( Route Target ) Used with RD and VRF.

Audience # CCIE-SP, MPLS, Network Expert, Network Specialist, Network Engineer and Network Designer and Architect.

Now why RT is used in the MPLS Network, RT ( Route Target ) comes into the pictures when you have multiple remote sites which is connected to MPLS. So there are two concepts of Import and export in RT, so now the question is where these import and export are being used.

On any VRF, when you configure RT import, it imports all the prefixes that matches the configured RT value as one of the attribute in the BGP update. So in any-any VRF, it is common to see all PE configured with same RT value (You may see more RT depending on inter-VRF scenarios). So RT is used to export the routes from one site and import at other side and vice versa. So by using import and export you can have the specific routes at the sites. It's the concept of the route filtering for specified site.

Fig 1.1- MPLS Route Target Concept

As i earlier said, RT is a extended community of 32 bit and the information regarding the RT will be sent by MP-iBGP protocol to all the PE's where customer sites are directly connected.

It is not mandatory to use ASN as part of RD or RT. You can use XXX:YYY format. The use of ASN:XXX is useful from operational point of view. 

We will come up with the next session where we can define the difference between RT and RD and the other features used in the MPLS like the explanation of MP-iBGP used instead of iBGP and also the feature for Traffic engineering like RSVP.

Sunday, January 22, 2017

MPLS Labels

Networks Baseline
Well Thanks for following the various articles in Networks-Baseline Blogs. Today we are come up with one of the most interesting article in the MPLS Service provider and that is called as MPLS Labels.

Before understanding the concept of Labels, everyone should know about the MPLS, that how it works and what are the capabilities of the MPLS in the service domain. Label is the part of the MPLS domain where information is transferred from one device to another device by the exchange of the labels.

#Audience : CCIE-SP, MPLS , Network Engineers, Network Experts, Solution Architect and NOC/TAC Engineers.

MPLS Label Format

MPLS uses 32 bit of label field with the information like TTL, Experimental bit and bottom of stack. Let me show you the architecture of the MPLS label.

Fig 1.1-MPLS Label Format
As per the above picture you can understand the size of the label field in the MPLS with all the information.

  • Label : 20 Bit field
  • EXP : 3 bit of Experimental field
  • Stack : 1 bit of bottom of Stack
  • TTL : 8 Bit of TTL Field
Now question is there, who is assigning labels in the MPLS domain ?
well, answer to the question is LDP protocol. LDP called as label distribution protocol used in the MPLS domain to assign the specified label for the specified routes in the MPLS domain. The prefix to label bindings are built and stored in the LIB (label information base), control plane, which is then used to create the LFIB (Label Forwarding Information Base) data or forwarding plane. The lookups are actually done in the LFIB, not the FIB.

So there are 3 terms you heard and that is LIB, FIB and LFIB, What is the difference between these 3 terms ?
So below is the answer to your question 

LIB is control plane - built by LDP, RSVP, etc based on entries in the RIB (routing information base - also control plane, built by OSPF, connected, static, etc). Maps all the entries in the RIB to an appropriate label
LFIB is forwarding plane. These are the entries that are used for forwarding lookup. Derived from the FIB (forwarding information base, which is derived from RIB).
FIB, along with the adjacency table is what comprises CEF.
Note: Please don't include the labels that is learnt by RSVP, that is different concept and will be covered in MPLS traffic engineering.
Fig 1.2 - MPLS Labels Mechanism
The above diagram shows you the basic mechanism regarding the MPLS labels in the MPLS domain and how we can check with the commands as well. Please make yourself aware that all labels are locally significant and generated by router in the MPLS domain with the help of LDP protocol. Also make sure to enable the MPLS services on the router you need to enable the CEF command on the router first.
Please let me know any further questions on MPLS labels, i am happy to address the same and also come up with the lab so that it can practically be tested.

Cisco Security : Open DNS ( Cisco Umbrella )

Networks Baseline
Well in Today's market security is the main concern for all the enterprise networks and without security all other architecture will not be so effective, so all the platforms are dependent on each other.

#Audience : Cisco CCIE-Security, SOC Engineers,  Network Experts, Cisco Security experts, CISSP engineers and System Engineers.

There are lot of Security players in the market in different domains and some of the domains are as follows

  • Access control and Policy
  • Advance Malware Protection ( AMP )
  • Cloud Security ( Open DNS )
  • Email Security
  • Web Security
  • Firewalls
  • Network Security
  • Network visibility and enforcement
  • Next Generation intrusion prevention system ( NGIPS )
  • Security Management
  • VPN and End point Security clients
Today's in the market, only Cisco is the player who is in every above security domain and have competition with other players in different domains.

In this topic we are more concentrated about the cloud security which Cisco have a solution called Open DNS. So Open DNS is the cloud based security solution which is excellent and capable for securing your first line of defence.

Fig 1.1 - Cisco Umbrella ( Open DNS )

In the recent study, it has been seen that about 65 million people use OpenDNS every day for a safer and faster Internet, including thousands of companies from Fortune 500’s to small businesses. But Cisco is just scratching the surface of the online population and everybody needs better security. With Cisco’s incredible global reach, resources, and technologies it has been believed that to accelerate open DNS vision of helping people connect with confidence on any device, anywhere, anytime.

It is free if you are going to change your DNS settings and put DNS IP's of Open DNS instead of using the DNS IP's of Google or your local ISP's. Open DNS actually a cloud based solution which is connected to the various DNS across the world. Once threat is traced by Open DNS in any of its window, it automatically blocked the threat IP's to enter to the enterprise network before it starts sending malware to the network.

WOW ! So by using the Open DNS you can have the capability for securing your network before entering it.  Open DNS is the excellent solution which Cisco pitching the customers now a days and i think customers should go with this solution anyhow to save their enterprise network from malware and treats. Cisco now called this solution as Cisco Umbrella ( Open DNS ).

We will come up with the next session which includes how we can use open DNS in any of the enterprise network and how it works and effectively secure the cloud.

What to choose L2MPLS or L3MPLS

Networks Baseline
What to choose L2MPLS or L3MPLS 

Well this is very interesting article for the candidates who really are in the service provider domain or who study hard on the MPLS technologies and how MPLS technology is used in the enterprise network.

MPLS is always the core of the service provider and the connectivity from one PE router to another PE router will be via MPLS technology where you have internal routing protocol for data traffic like OSPF( Open shortest path First ) and IS-IS ( intermediate system to intermediate system ) and the concepts of the label which is handled by the protocol LDP/TDP ( Label distribution protocol or Tag distribution protocol ) and the control plane traffic flows from the indirectly connected MP-iBGP protocols between two PE routers across the globe of the single Service provider.

Audience # MPLS candidates, CCIE-SP candidates, NOC Engineers, TAC Engineers, Systems Engineer, System Architect and Network Engineers

So now question if MPLS is there in the core then what is the difference between L2MPLS and L3MPLS, Why they differ and how we can have these kinds of environment in the enterprise network. Well your question is genuine, while understanding the concept you should know about the concept of VPLS where L2 instances are shared rather than L3 instances with the service provider.

So the answer to your question is as follows:

L3 VPNs the routing for the customers is done by the Service Provider who maintains a VRF per customer or per L3VPN. It means customer sends the traffic in the form of Packets via CE router with the connectivity of the BGP protocol, It means pure routing is done at the edges of the MPLS network where PE-CE connectivity is there and traffic is like routing updates from the customer locations and need to connect to the other locations of the customer across the globe.

Fig 1.1 L3MPLS connectivity

In case of a L2VPN, the analogy can be like laying an Ethernet cable across the customer locations, where routing will be managed by the customer. So it means that routing information is not being shared to the service provider and the traffic will be received as frames or L2 traffic to the service provider and there is tunnel between one PE router to another PE router for the connectivity between one location to another.

Fig 1.2- L2MPLS Fundamental

So hope you understand the concept and the difference between L2MPLS and L3MPLS. So many of the customer in the enterprise network don't want to share the routing information, so they uses L2MPLS instead of L3MPLS but many of the customer uses L3MPLS now a days and its not like it is not secure, it is always secure.

There are lot of service provider across the globe who provides MPLS connectivity to the customers, Some of them are as shown below. Sorry if i missed MPLS providers, i knew many of the ISP's provide MPLS connectivity to the customer across the globe.

North America
  • AT&T : United States of America
  • Verizon : United States of America
  • CenturyLink : United States of America
  • Sprint : United States of America
  • Telus : Canada
  • Bell : Canada
South America
  • Sparkle
  • PCCW
  • Nextel
  • Global Crossing
  • Orange Business Services : France
  • BT Global Services : United Kingdom
  • Colt : United Kingdom
  • Vodafone : United Kingdom
  • SITA : France
  • T-Systems : Europe
  • Telefonica : Europe
  • KPN: Europe
  • NTT Communications 
  • Interroute
  • Easynet
Asia Pacific
  • Singtel : Singapore
  • Tata Communications : India
  • Bharti Airtel : India
  • Telstra Global : Australia
  • China Unicom : China
  • China Telecom : China
  • NTT Communications : Japan
  • Hutchison Global Services : Asia
  • Reliance : India

Wednesday, January 18, 2017

Introduction to Routing Protocol

Networks Baseline
Introduction to Routing Protocol

Well start with the routing Protocol, Routing Protocol is the dynamic way to route the traffic or you can say the route the packets in the WAN domain. It can be done by Static routing but we are using routing dynamic protocol in many of the cases. Now question raised, if we have the Static routing and we can use static routing for route the packets then why we are using the Routing protocols in some the cases.

The Reason why we are using the Routing Protocols is there are hundreds or thousands of subnets routing from one device to another device and if you are using the Static route you have to use the static route for every subnet in a manual way and it takes time and also create a lot of confusion or difficult to manage as well. To resolve this problem Routing Protocol comes in to the picture which understand the subnets routing in an algorithm and routed to the connected routers via a path and the rules are set by the routing protocols. Some time people says that it is called as the dynamic rules of the protocol to route the number of the subnets from one device to another.

#Audience : CCNA Candidates, CCNA, Cisco NOC /TAC engineers, Field engineers and the Systems Engineer 

So we have number of the routing protocols used and these routing Protocols are as below:

  • RIP : Routing Information Protocol - AD 120
  • IGRP : Interior Gateway Routing Protocol - AD-100
  • EIGRP : Enhanced IGRP AD-90
  • OSPF : Open Shortest Path First AD-110
  • IS-IS : Intermediate system to intermediate system AD-115
  • BGP: Border Gateway Protocol AD-20
Fig 1.1 -Types of Routing Protocols

There are two category of the interior routing protocol and they are 
  • Distance Vector Routing Protocol
  • Link State Routing Protocol
Distance Vector Routing Protocol depends upon the distance between the source and the destination. It always prefer the route where distance between the source and the destination is low or sometimes people say lower hop count. The routing protocol under distance vector is as :
  • RIP
  • IGRP

Link State routing protocol is the protocol which works on the algorithm, like wise OSPF routing protocol works on the dijkistra algorithm which depends upon the parameters like cost, Better the cost, the path will be selected. The routing protocol comes under Link state rules are 
  • OSPF 
  • IS-IS
EIGRP is a mixed protocol and can have the features of Distance vector as well as the link state. it also works on the parameters and will be discussed in the later stage when we will explain the full operation of the protocol.

There is another category of the routing protocol and called as external protocols. All the above routing protocols described yet are internal protocols. 

BGP - Border gateway routing protocol is only one external routing protocol and also called as path vector routing protocol which is used to connect between two different AS- Autonomous systems or you can say ISP's. We will discuss the BGP in detail in further post.

We will come up with all these protocols one by one in details and will also show the use cases and the labs around all these routing protocols. 

Please let me know if there is any questions around the basic concepts of the routing protocols 

Note that these routing protocols used between the Routers who understand this and the traffic flow is between one router to another router in one domain or in different domain.

Sunday, January 15, 2017

Basics of Hyper-convergence : Cisco Hyperflex Converged Systems

Networks Baseline
Basics of Hyper-convergence : Cisco Hyperflex Converged Systems

Next generation data platform for hyper-convergence, that is what now a days a very hot topic in the market of enterprise network. Did you heard about the term server virtualisation in the enterprise network ever ? Its not time to have the physical servers in the environment, may be enterprises are thinking to virtualised the same, so that virtualised server can be used for various applications, a single server can be used as multiple virtualised server with compute, storage and network ( everything is software defined ).

#Audience: Datacenter engineers, Server experts, Virtualised engineers, TAC/NOC engineers and the Network Architect experts.

There are lot of competitors in this domain called as hyper-convergence and they are below as:

  • Hyper-V : Microsoft Hyper-convergence
  • Hyperflex: Cisco systems 
  • VSphere : VMware Hyper-convergence
  • AHV hypervisor : Nutanix
  • XenServer : Citrix Hyper-convergence 

I am still confused what this hyper-convergence is ? i knew regarding the server virtualisation, i knew how it works in the environment, but how hyper-convergence fits in the enterprise networks and makes my network smooth and reliable and handles all possibles functions in my domain ?

The explosion of virtualized server workloads such as databases, network services, collaboration applications, and unified communications has given rise to the need for a more intelligent approach to infrastructure management. With hundreds of virtualized applications running in a typical datacenter, IT infrastructure requires alignment with the virtualization stack. Traditional 3-tier architectures result in inefficiencies in provisioning, silos between IT and business units, and inability to scale globally as business needs grow.

So Hyper-convergence model gives you all in one virtualised server, means its architecture that integrates compute and storage in software defined network.

Cisco Hyperflex:
So cisco comeup with the solution called as Cisco hyperflex which work as hyper-convergence model to resolve all the issues of customer virtualised server with compute, storage in software defined model.

Fig 1.1 - Cisco Hyperflex Architecture

If you look the architecture of the Cisco hyper-flex model, you will come to know that virtualized server, storage and Network infrastructure in one model.

The Cisco HyperFlex HX Data Platform includes:
  • Enterprise-class data management features that are required for complete lifecycle management and enhanced data protection in distributed storage environments—including replication, deduplication, compression, thin provisioning, rapid, space-efficient clones, and snapshots 
  • Simplified data management that integrates storage functions into existing management tools, allowing instant provisioning, cloning, and snapshots of applications for dramatically simplified daily operations 
  • Independent scaling of the computing, caching, and capacity tiers, giving you the flexibility to scale the environment based on evolving business needs 
  • Continuous data optimization with inline data deduplication and compression that increases resource utilization with more headroom for data scaling 
  • Dynamic data placement in node memory, enterprise-class flash memory (on solid-state disk [SSD] drives), and persistent storage tiers (on hard-disk drives [HDDs]) to optimize performance and resiliency—and to readjust data placement as you scale your cluster 
  • API-based data platform architecture that provides data virtualization flexibility to support existing and new cloud-native data types 

We will come up with the next section where we can define the architecture view of Cisco Hyperflex and how it works in the Datacenter virtualized domain.

Similarly like Cisco Hyperflex, Microsoft Hyper-V, Nutanix AHV and VMware VSphere are the major competitors in the market in hyper-converged networks.

Hyper-Convergence is popular in North America region and yet to have the impact in the Asia Pacific and Europe market. These are called as the Next generation technology in the data center domain and going to be very popular in the coming aegis.

Stay connected, we will be coming with the more research in the Hyper-converged markets and will come up with the full fledge model with explanation. Please let me know if there is any questions regarding the hyper-convergence topic.

The Concept of PHP in MPLS -- Penultimate Hop Popping

The Concept of PHP in MPLS -- Penultimate Hop Popping

Well before starting with the concept of PHP, one should now the basic concept of MPLS and how MPLS works, Like how the labels are pushed, POP and label swapping is done in the MPLS network.

If you remember the basic concepts of the MPLS, the PE-CE router have the routing exchange information by using static routing or by the use of any routing protocol. If there is enterprise network comes into picture which need MPLS solution with more than 50 subnets to be advertised they generally uses BGP protocol between PE-CE routers.

If i am using these terms PE- CE, it means PE- Provider Edge router ( MPLS Provider ) and CE -Customer Edge router ( Enterprise Company ).

Audience # MPLS, CCIE-SP, Service Provider Domain, Network Engineers, NOC/TAC engineers, System Engineers, Network Designers and Network Architect

So first of all if i am talking about the concept of PHP make sure you know that PHP is the part of the MPLS and is only used in Provider's MPLS Network. So all you know that instead of routing instances in the MPLS core, there is labels exchange by using TDP/LDP protocol and data plane traffic is flowed via internal routing protocol ( IS-IS or OSPF ) at the initial stage and then the traffic flows via TDP/LDP by exchanging the Labels. So LSP- Label Switch Path is there for specific traffic.

Lets take an example We have customer 1 and we need to route the traffic from one location to another location across the globe, then there is LSR's and the specified LSP's from one PE to another PE across the MPLS domain to reach from the head office and to the remote site. Every LSR switched or exchanged only one label and send the frame format to next LSR. At the last PE router, so have two Labels ( one is MP-iBGP label and other is LDP Label ), to push the customer traffic to the CE router, PE router needs to POP both the labels and send the default customer traffic to CE route. It is like two operations done on the other PE router and have the high CPU utilisation as well.

To save the two operations on a remote PE router and save the utilisation of the PE router, there is one concept comes into the picture called as PHP- Penultimate Hop Popping.

Fig 1.1 - MPLS PHP
Fig 1.1 - MPLS PHP

What is that ? Why we are using ? Is this concept solve the above issue of two POP labels at PE router?

Yes, It is so by PHP concept, we done POP operation of LDP label at the second last LSR router so that when it sends the label to the last PE router it has only one label in the stack and that label is MP-iBGP label. Now when last PE router gets the update from the LSR with only one Label of MP-iBGP, it matches the same with the update it received from the remote PE router about the specified customer and then it pushed that update to the CE router for which it belongs.

Well now i am sure you understand the concept of the PHP in the MPLS domain and also understand how push/pop/label swapping is done in the MPLS core domain.

We will come up with the further more sessions on MPLS domain and will help you with the real scenarios on the MPLS network which including the concept of MP-iBGP updates and LDP operations.

Saturday, January 14, 2017

Switch communications - BPDU Messages

Networks Baseline
Switch communications - BPDU Messages

Well in the switched network, how one switch interact with other switch in the domain. It is frame moving from one switch to other switch which includes the information of the MAC address of the source and the destination.

Ok, Frames that is fine then what is BPDU ? where BPDU comes in to picture ?
BPDU stands for Bridge protocol data unit

BPDU actually is a frame which have the STP information and BPDU is generally comes in to picture when it comes to the election of the " Root Bridge " in the switched network or if there is any change in the topology means any other switch comes in the network it will share its information and if prevention is not there the procedure of the root bridge starts again. So now you understand when BPDU comes into the picture.

#Audience : CCNA Routing & Switching , Network Engineers, TAC/NOC Engineers, Network Design and CCNA Interview Preparation Guide 
Fig 1.1 BPDU

Now question is how many types of BPDU's are there used in the network, let me tell you, there are two types of BPDU messages in the network and they are :

  • Configurational BPDU: The BPDU message initiate by every switch to understand about the MAC addresses in the switched network of all switches. By using configurational BPDU, the election of Root Bridge is done, where you will able to know which switch have the lowest MAC address for " Root Bridge" as database of all switches are exchanged in the network.
  • TCN BPDU:  TCN BPDU or called as Topology change notification BPDU generates by the Root bridge when a new Switch comes in the network causes the changes. The TCN BPDU messages can be initiated by the switch anytime depends upon the changes in the Switched network. You can have the same as well in the network when one switch goes off from the network and you have topology changes.
BPDU messages contains the information about the Ports, priorities, addresses and Costs in it. Its a kind of frame which have all the information of the STP ( Spanning tree Protocol )

Hope you are clear with the BPDU message types in the switched network or you called it Local Area network where root bridge selection or any topology changes in the network happens.

We will come up with the other topics on STP like STP stages and other important features ( backbone fast, port fast and uplink fast). why we are using these features, is there any used cases on these features.

The Concept of vPC in Cisco Nexus Switching

Networks Baseline
The Concept  of vPC in Cisco Nexus Switching

In the new Era, enterprise companies are more concentrating for the innovation of Datacenter environment. There are lot of things happened in Datacenter like now a days enterprise or service providers are thinking of Hyper-converged networks which can have the Software defined storage capacity with the use of X-86 based servers and on the top of it they are using various next generation technologies and applications. Companies are now investing more in the datacenter storage, computing, the new concept of East-west traffic is concerned now and the market share holder like Cisco using their technology called ACI to resolve it while other using the technologies SDN, NFV in their domains. so lot of things are improving for the Storage, switching, security and collaboration in Datacenter environment.

Audience # CCIE Datacenter, Cisco Students, Network Engineers, NOC/TAC Engineers, System Engineers and Network Experts

Apart from all the technologies what we discussed above, we start it one by one. We have lot of topics to covered like Datacenter Switching, Storage, UCS, Hyper-converged, Software defined or Server based compute network. But we can now start with the basic concepts of Datacenter and that starts from Datacenter switching. The first and the basic topic in Cisco Datacenter Switching is " The concept of vPC in Nexus Devices "
So if i am talking about the Nexus Devices, it means the Cisco devices used in the Datacenter environment with high capabilities and throughput.
vPC is the concept always used in the Nexus devices, it is similar to the concept of port channel in the basic network terms but having other capabilities. 

Port Channel and vPC
Port channel is the concept of aggregation of the two different ports links from one device to other. So port channel is between 2 devices always. Let me explain you in more clarity, we have two devices named " Device 1 and Device 2 " Both these devices have two links between them. So we can create a single port channel between Device 1 and Device 2 by using both the single links between them. When we are doing it we are actually increasing the full bandwidth between both the devices and other important thing is if one of the link is down the other link is there and the connection between the devices will not dropped but the throughput of the links decreased.

Fig 1.1- Port Channel

So Port-channel is well know to all of you now, but if i am talking about the concept of vPC, its little bit different. Here we have a device named " Device 1 and we have other two device as well named " Device 2 and Device 3" so you can have the vPC between the these 3 devices in form of port channel

Hain ? what it means ?
Well you actually doing the port channel between 3 devices a parent and 2 child devices in the network. It will increase the throughput or bandwidth of the links and also resolve the issues of the looping in the network. So vPC ( Virtual Port channel ) is a port channel between the devices more than 2 and used in the enterprise datacenter environment. 

Fig 1.2- vPC domain and Features

So you can have the following features using vPC
  • While STP blocks redundant links but by using vPC no block links.
  • Lowe oversubscription  and loop free network
Wow, then what is VSS ? i heard a lot on VSS ? 

VSS and vPC
VSS : Virtual Switching systems, generally used in the high end enterprises switches or you can use them in the Core network switching system. The concept is same as of vPC, the port channel between more than 2 devices with multi chassis environment but a slight difference is there.

Fig 1.3- VSS Concept

In VSS, the paired device have one control plane but two data plane, means if we have two devices in the VSS and having port channel with two other device down the line, the paired device ( Master and Slave ) , Master can be accessed and managed while Slave cannot be accessed as there is no control plane for Slave paired device. So they act as 1 device two the other devices with only one control plane, but if you are talking in respect to the vPC, the paired vPC devices have their own control plane and data plane Means ?

It means that if two devices are in vPC Paired, they have 2 control planes and 2 data planes while in VSS it is only 1 control plane and 2 data plane. in vPC you can manage and access both the vPC paired devices but in VSS you can't.

Hope you are clear about the port channel, VSS and vPC concept. We will come up with the more conceptions of all these technologies and the use cases in the live environment.

Friday, January 13, 2017

Cisco Jabber, Cisco Spark : Competition to Skype for Business

Networks Baseline
Well most of the industries around the globe are emerging and they need such kind of Collaboration  solution that they can chat, can call ( audio and Video ) , receive voice messages, can have Outlook calendar synchronised with only one tool and the solution for this is as below :

Microsoft : Lync and now Skype for Business
Cisco : Jabber and Spark

If we are talking about the Business for Skype and Jabber they are almost have the same features like you can have chat within the enterprise network, you can even have the voice and video calls through the same application and can share your screen ( you can present your screen to multiple people and also can provide the control to remote user or vice versa  ) These kinds of applications can also share data or file to the remote user with having limited of at least 10 Mbps of size.

Fig 1.1- Skype for Business

You can enjoy the Business class IP voice and video telephony with IM and presence.Both these applications are integrated with Microsoft Office and web services like WebEx ( Cisco ) in a enterprise network.

Fig 1.2- Cisco Jabber

Audience # Cisco Collaboration #CCIE-Collaboration #Systems Engineer #Microsoft Voice Engineer #Network Architect #NOC/TAC engineer- Voice

So now what Cisco Spark is all about, Is that the same like Jabber, then are they going to merge both Jabber and Spark. Well Cisco is investing a lot on Spark as Spark is next generation Share-point with the existing features of Jabber. It allow specified users to access some private documents and also all participants can use all of Cisco UC and Collaboration tools like arrange A/V Conf between all of users or leave txt message or Voice massage or invite all of participants to WebEx conference with one button. Simply WoW !

When replacing a legacy communication system the Cisco Spark service helps to replace disjointed experiences and scalability challenges. It could also be your last ever upgrade. This is a Key system or PBX replacement.

For anyone starting to outgrow their ‘best e ort / DIY’ communications, the Cisco Spark service provides all of the tools needed, simply and securely from the cloud. So that is what the Ad-hov voice solution for enterprise network.

Cisco Spark is totally a secure and a cloud based solution with number of advantages in the next generation collaboration experience to the world.

With Cisco Spark you get all the best Cisco collaboration services wrapped up in a complete service providing users a great experience regardless of location or device - enabling them to call, message, and meet with anyone, anywhere, anytime. Also because Cisco hosts the service in our cloud, all the services are always up to date with the latest market leading Cisco applications and services. 

Fig 1.3- Cisco Spark

Spark has been designed to promote e ective teamwork, with messaging, le sharing, and providing teams somewhere virtual to meet. It also makes meeting more productive with a complete meeting lifecycle approach, with tools for before, during, and after meetings. 

Cisco Spark is coming to your doors to knockout the major share in the industry. Cisco Spark is excellent solution and may be in up coming time it will bypass the Microsoft voice solution like Skype for Business  But Yes Microsoft is one of the major competitor to cisco in collaboration domain and still 60% of the market share in the collaboration. Most of the enterprise companies relying on Skype for Business

Approach to Service Provider domain : MPLS Basics ( RD and VRF concept )

Networks Baseline
Approach to Service Provider domain : MPLS  ( RD and VRF concept )

Well when we are talking about the service providers domain, the first thing came into mind is MPLS- Multi Protocol labelled switching

So MPLS is the technology used by service providers to connect the customer sites across the globe. To understand the MPLS we should know the basic routing, the concept of CEF, what is VRF, how data plane and control plane and also why we are using the various protocol like LDP/TDP, MP-iBGP protocol and what is label switching, what is PUSH/POP operations.

Audience : CCIE Service Providers, Network Engineers, Cisco enterprise engineers and TAC/NOC engineers and the systems engineer.

Lets start with the basic concept of MPLS, in short we can say that MPLS where routing at the edge and label switching in the core operates.The Edge devices in the MPLS network is PE router, which connected to CE ( Customer Edge router ) via routing protocol, it can be BGP or static routing that totally depends upon the number of the subnets routed into the domain of service provider.

We have two kind of MPLS services taken by customer, it can be L2MPLS and L3MPLS, now question what is L2MPLS and L3MPLS and when and where they can be opt for the operation.

What is the difference between L2MPLS and L3MPLS

L2MPLS is taken by the customer where customer don't want to share the L3 routing information with the service provider, it means the instead of pushing the packets from CE routers, we are pushing the frames from L2 device ( Frame relay switch or ATM Switch ) to the customer. The L2MPLS tunnel created end to end via the L2 media switches.

L3MPLS is taken by the customer where customer ready to share the L3 routing information with the customer and want to connect to the remote site. So the packets are being transferred from CE router to PE routers via routing protocol ( Static route or BGP or any other, depends upon the network design which customer actually requires )

So hope you understand the basic difference between L2MPLS and L3MPLS features and approach.

For L3MPLS, a single service provider PE router is connected to the various CE routers of different customer having the same IP subnet at local network. The subnets can be segregated  via RD ( Route distinguisher ) with VRF. Let me take an example

Fig 1.1- MPLS basic operations

Customer -1 : Subnet
Customer -2 : Subnet
Both the customers have the same subnet in their local domain and send the subnets to PE routers at service provider end, now it can only be distinguished via VRF+RD at the PE end. Now the situation is like
Customer -1 : Network-1 ( subnet ) + VRF-1 + RD100---- VPN 1 now
Customer -2 : Network-2 ( Subnet ) + VRF-2 + RD200---- VPN 2 now

So now the network is different for both the customers. I hope you guys understand the concept of RD and VRF here.

RD : Route Distinguisher - used to distinguished the same subnet getting from two different customer
VRF: Virtual route Forwarding - Its the Logical name to distinguish the network in the MPLS domain.

In next session we will come with the more concepts on RT, MP-iBGP, LDP/TDP, Label Swapping and other concepts used in the MPLS to understand the whole picture of the Service provider domain.

Thursday, January 12, 2017

Next Generation Firewalls : Cisco ASA Firepowers

Networks Baseline
Next Generation Firewalls : Cisco ASA Firepowers

Cisco come-up with the next generation firewalls called Cisco ASA Firepowers which have various capabilities like NGIPS- Next Generation Intrusion Prevention, AVC- Application visibility and control, AMP- Advance Malware Prevention and URL filtering.

It can be used as a module and run differently then ASA. The ASA Firepower module can software and Hardware.

Fig 1.1- Cisco ASA Firepower

#Audience : Cisco Security ( CCIE -Security, Systems Engineer, Architecture Specialist, Network Design engineers )

Competition : Palo-Alto Firewalls, Checkpoint Firewalls, Bluecoat Firewalls , Fortinet Firewalls
  • Cisco Next generation firewalls have continuous analysis and retrospective detection feature while all other firewalls have limited feature.
  • Cisco Next generation firewalls continuously using network file trajectory feature while it is not available there in Palo-alto, Checkpoint and Fortinet Firewalls
  • Cisco Next Generation firewall have impact assessment and Security automation feature, so that feature is lacked there in other firewalls,  Cisco have adaptive threat management feature as well in their next generation firewall call ASA Firepower.
  • It also have Behavioural indicators of compromise ( loCs) included in Firepower.
  • They have inbuilt feature os user, network and endpoint awareness.
  • NGIPS- Next Generation Intrusion Prevention is signature based in Fortinet and Palo- Alto Firewalls but in Cisco Next generation Firepower, it is inbuilt.
  • They have the other features like advanced threat protection while other have limited feature.
  • You can also have Malware remediation feature in ASA Firepowers.
Study has been done for the other features also like Threat intelligence ( Talos ), Cisco ASA Firepower can handled 1.5 million of Unique malware samples per day and that is much much more than the other firewall category.

Unique study that Cisco ASA firewall can block upto 19.7 billion threats per day while other firewalls didn't have report. It also scanned 600 billion Emails while fortinet firewall can do it upto 6 billion only. It can also handled 16 billion web requests per day while in competition Fortinet can only done 35 million of web requests, what a huge margin it is and yes Cisco firepower is advanced next generation firewall with full features.

Fig 1.2- ASA Firepower 

So this is the basic features and the capability of Cisco ASA Firepower called the " Next Generation Firewall" 

It is the basic tutorial on Cisco Firepower, we will come with other stuff in the next generation firewalls and the how it works in the real environment with the traffic flow.

Sunday, January 8, 2017

VTP( VLAN Trunking Protocol ) : Switching Technique

Networks Baseline
VTP ( Virtual Trunking protocol )

VTP  is one of the most important topic to understand if you are starting with the Switching. Before VTP you need to understand various other concepts like VLAN.

VTP  defines the VLAN information in the network. VTP( VLAN Trunking Protocol ) tells the information to all the switches in the same domain. VTP packets are sent in IEEE 802.1q ( dot 1q ) frames. By using VTP you can create, delete or edit the VLAN information in the Network. We can define the same in the way like VTP modes. Below is the picture shown for the VTP Packet type. Hope it clears you the basic Packet format of VTP.

Fig 1.1- VTP Packet Format

There are 3 VTP modes and these modes are :-

VTP Modes defined as:
  • VTP Server: In Server mode, actually VLAN information in the network can be created, modified and deleted. It advertise the VTP information to all the switches in the VTP domain and can be explained in the VTP advertisements.
  • VTP Client: whatever information VTP server sends, it copies and replicate the same in his own database. So it means that VTP Client is the carbon copy of the VTP server.
  • VTP Transparent: It is totally independent domain and it doesn't have any effect if there is any information sent by VTP server. so it own its database.
VTP Versions:

There are 3 different versions of VTP exists now and that is VTP version 1, Version 2 and Version 3
  • VTP V1: VTP V1 is the basic version with all the capabilities including the Ethernet and other VLANS instead of Token Ring VLANs.
  • VTP V2: VTP V2 is the advance version of VTP V1 with the extra capability of Token Ring VLANs that is not included in VTP V1.
  • VTP V3 : VTP V3 is generally the next version of VTP Version 2 where the VLAN ranges increase from 1001 to 4096 and also the capability to Private VLAN.
VTP Message type information will be described in another article soon.

Private VLANs : Switching Technique

Networks Baseline
Private VLANs : Switching Technique

Before to know Private VLAN

Private VLAN concept is the core switching concept and is for that you need to understand the basic VLAN techniques. If you understand the concept of the basic Switching like VLAN, VTP and STP then go and try to understand the concept of the private VLAN. First talk about the basic concept of VLAN as below

VLAN: Virtual LAN

The Concept of VLAN is simple creating the instances of local networks within a single network so that they cannot talk to each other. It means if we have a single Network, we can create various VLANs like VLAN 2, VLAN 3, VLAN 4. Lets Define that VLANs

VLAN2: HR Department
VLAN3: Finance Department
VLAN4: Engineering Department

So we are differentiate all these departments from each other so that they cant talk to each other without the concerns of system admin. so Hope the concept of basic VLAN you guys understand now. Lets talk about the Private VLAN. Why and where these private VLANs are used. 

If we are talking about the Private VLANs we need the following audience for this article

# Audience : CCNA R&S Guys, System Admins, Enterprise Resident Engineers and especially the Cisco Switching guys or the CCIE R&S Guys.

Lets start with the introduction portion of the Private VLANs which start with the concept of the Primary and the host port types. Make sure you need to configure the same as per the concept of Private VLAN described below


A private VLAN secures traffic between a primary port and host
  • In private VLAN create a VLAN with same id and within that VLAN you create isolated VLAN community VLAN.. So that they can’t communicate with each other.
  • The private VLAN feature provides the ability to extend the capabilities of a “standard” VLAN. Switch ports assigned within the primary VLAN are able to see traffic from all devices within the primary VLAN.

Why We Use a Private VLAN?

If an Internet Service Provider (ISP) had a limited number of subnet space and wanted to maximize it by assigning all of the customers in a geographic area into the same IP subnet. Of course, most customers do not want other people seeing their layer 2 switched traffic, as it opens up potential security issues. Individual customers who only have a single port connected into the service provider can be assigned into an isolated private VLAN, their traffic would then only be sent and received by the ISP devices connected directly to the primary VLAN.

The Below diagram shows the basic network diagram which will describe you the various modes in the Private VLANs. The IP used below are for dummy used and is not related to any of the real or live networks.The Diagram shows the various modes like Isolated, Community VLANs which will be described below.

Fig 1.1- Private VLANs

Isolated VLAN: forwards frames from I ports to P ports. Since Isolated ports do not exchange frames with each other, we can use just ONE isolated VLAN to connect all I-Port to the P-port.
Community VLANs: Transport frames between community ports (C-ports) within to the same group and forward frames upstream to the P-ports of the primary VLAN.

Promiscuous (P): Usually connects to a router – a type of a port which is allowed to send and receive frames from any other port on the VLAN.

Difference between VLAN & Private VLAN :
  • Different Vlans must belong to different IP subnets.
  • PVlans belong to the same IP subnet.
  • VLAN works in Layer 2 and Layer 3.
  • PVlans is method to segment device at layer 2.

Thursday, January 5, 2017

Starters - Wireless

Route XP
Starters - Wireless

Wireless, the name suggests that networks without wires. why people come with these kinds of solution. Well every time you connect the wires for connectivity and if you want to move to other floor and looking for the place from where you can connect again with the wires to access the various applications or data it seems to be the tough job but if you don't have these wireless connectivity of course you need to search for the wired connections in the offices but now evolution of the technology moves with the seamless  experience where you need not to connect to the wired devices anyhow, you have the wireless AP's ( Access Points ) in your offices and you automatically connected with the wireless.

Brand :                 Cisco Systems
Access Points :     Wireless Device to connect to edge devices
Domain:                Wireless Domain
Audience :            Network Engineers, Cisco Starters, Systems Engineer

So now you understand about the Access points but they are further connected to the WLAN controllers who handles automatic RF powers, channels, authentication and security. These WLAN controllers can be used for inter-controller roaming for wireless mobility group as well. So the concept of connecting to the Various Access points in the offices can be with the different profiling like you have employees ( with the full profiling and can access every application ) , Guest users ( which can only access the basic applications with limited access ) or the VIP users ( where the profiling is prioritised with the high bandwidth capabilities and all ) 

Above shown the basic connectivity of the Access points with the WAN device called as router and all the edge devices will be connected to the access points with the RF signals or channels. we will discuss every part in detail ( RF, Channels used, Authentication and Profiling ) all these features will be described later on with full explanation. This post is basically understanding of the wireless network in offices. There are various wireless Access points and WLAN controllers in the market with various features on the basis of the demand and the architecture if the customer network ( Small scale, Enterprise and Datacenter environment). We will come up with the architectural view of the all the access points and WLAN controllers in the various network.

Popular Posts