Finally done with that on last Friday 28th, that test was like a stone over my head, with all my work and family I had almost no time for studding but I did it anyhow.
So now for additional 2 years I can unchanged my signature :-).
The test was not that hard (ver3) I think the hard was the anticipation for a hard question that will fail me.
Sunday, August 30, 2009
Thursday, July 16, 2009
DCOF – Data Center of the Future
yesterday we had a virtual event provided by some of the leaders in Data Center Computing (Cisco, VMware, EMC, Oracle, NetApp, APC, EMERSON) the web virtual Event entail some of the challenges and current design's as well as future design and solutions we may encounter in Data Centers.
From my prospective the main event where the 2 first presenters Cisco and VMware, both have joind forces to show you how the Data Center of the Future should look like, VMware as the Application infrastructure and Cisco as the Networking complimentary.
We will expect to see them more and more in Data Centers providing High Availability Fault tolerance and network resilience between Data Centers.
Some of the hot discussed topics where the:
- VN-link – amazing Cisco Nexus 1000V basically that is a replacement for vSwitch (VMware layer 2 switch on ESX/ESXi) and I will add to it an amazing with huge amount of capabilities in compare to the vSwitch under the ESX/ESXi.
- FCOE – Fiber Channel Over Ethernet std although not new, in the context of Data Center resiliency, management, scalability and cost reduction FCOE can is defiantly an option.
- vSphere – VMware Cloud solution version 4, was announced several weeks ago officially by VMware, yesterday was interesting to see the vision for the data center and there honesty about some of their weakness in the networking area (where Cisco compliment them to some level).
I work today a lot with VMware solutions and see their adaptation as their products advanced, the DCOF will be very interesting…
Monday, July 13, 2009
CCIE Re-certification
I have had in the past months much considerations to take before I am starting the process again of studying for my certification, some of the considerations I will share with you (some I will leave to my self).
1) Time - that is the main point as in the last 1.5 years since the CCIE my work had become so hectic and demanding that I barely have time for my family let alone my self.
2) Money - yes you would think becoming a CCIE would win you the jackpot but I would share with you a secret it will not (may be for some lucky ones) the financial crises had got to all.
3) Family - I have 1 wife 1 son and 1 in the oven (we say tphoo tphoo tphoo like touch wood). so I need again to split my self into several pieces hopefully I would be able to reassemble all back (transformers...).
4) Work - Yes work this is the place my pay check come from, again split my self.
5) Should I consider a different track - I gone back and forward on that question over and over.
6) What material to take - again read the same books, rfc's... and if it is a new track where to start.
I will not bore you with all the details and I will tell you that the final result was
1) Time = night
2) Money = dont have a choice, my job dose not pay for that but is also fair and not taking my title under her "wings" like I hear about many others.
3) Family = I would just say that I love my wife son and soon to be ...
4) Work = the only once that do not have any considerations.
5) I Decided to re cert in my current track R&S, much less time!
6) Yes no choice but to go back to txt books.
1) Time - that is the main point as in the last 1.5 years since the CCIE my work had become so hectic and demanding that I barely have time for my family let alone my self.
2) Money - yes you would think becoming a CCIE would win you the jackpot but I would share with you a secret it will not (may be for some lucky ones) the financial crises had got to all.
3) Family - I have 1 wife 1 son and 1 in the oven (we say tphoo tphoo tphoo like touch wood). so I need again to split my self into several pieces hopefully I would be able to reassemble all back (transformers...).
4) Work - Yes work this is the place my pay check come from, again split my self.
5) Should I consider a different track - I gone back and forward on that question over and over.
6) What material to take - again read the same books, rfc's... and if it is a new track where to start.
I will not bore you with all the details and I will tell you that the final result was
1) Time = night
2) Money = dont have a choice, my job dose not pay for that but is also fair and not taking my title under her "wings" like I hear about many others.
3) Family = I would just say that I love my wife son and soon to be ...
4) Work = the only once that do not have any considerations.
5) I Decided to re cert in my current track R&S, much less time!
6) Yes no choice but to go back to txt books.
Advice unless you have a spare time or your job helpSo Wish me Luck (I will keep my date to my self for now) :-)
you (time, money, and they need it) do not consider a different track, specialize in your own track be the best you can be where you at.
Sunday, March 01, 2009
TCP Window Scale
One of the overlooked subjects especially when it come to the CCIE RS is the real deep knowledge and understanding of TCP, the one subject from the scope of TCP that I would like to pass to you readers is the concept of Window Scaling.
Why do we need window scaling or what the hell is it?!
First may be lets start with the why, I do not know about you guys but when I am buying something I expect to utilize it fully and not half way, and the same goes to my Internet line if I buy 10Mbps pipe I do not want to utilize only 5Mbps.
So What is Window Scaling and how can he help us better utilize our pipe?! Window Scaling is an optional enhancement that allows us to extend our window size so you say wait why do I need to extend my window size?
Well normally the window size is 16 bit with a max size of 64K byte and when you are talking about a in your LAN delay (1ms avg) that is more then enough for just above 500Mbps but when we are over the WAN we start experiencing some delays the amount of throughput we can provide is decreasing fast, already with 10ms delay you can have only just above 5oMbps with 100ms we already in 5Mpbs and you see where is that going. so what and how we can take the 16bit we have in the TCP header and make them bigger well the simple answer is we cant as we have only 16bit not one bit more in the header for window.
but what we can do is use the options 3 byte filed to where we indicate what is our scale factor, the defined scale factor can be between 0 to 14 where the max window can be 1GB
65536 * (2^14) = 1073741824 well now we are talking this is a window.
but with grate window come grate responsibility, now we need to watch out for overflowing the network causing congestion (the congestion will be for another talk).
So basically what we learned is that the higher the Delay we need a bigger window to free the belt on our traffic.
The Max Throughput calc is actually very simple:
[ WIN(in bits)/delay(in second) ] / 1000000 = Throughput in Mbps
Scale Window calc is:
(2^scale factore) * window(bytes)
Notice that as the WS is optional it must be offered by both sides to and the lowest WS factor win.
Why do we need window scaling or what the hell is it?!
First may be lets start with the why, I do not know about you guys but when I am buying something I expect to utilize it fully and not half way, and the same goes to my Internet line if I buy 10Mbps pipe I do not want to utilize only 5Mbps.
So What is Window Scaling and how can he help us better utilize our pipe?! Window Scaling is an optional enhancement that allows us to extend our window size so you say wait why do I need to extend my window size?
Well normally the window size is 16 bit with a max size of 64K byte and when you are talking about a in your LAN delay (1ms avg) that is more then enough for just above 500Mbps but when we are over the WAN we start experiencing some delays the amount of throughput we can provide is decreasing fast, already with 10ms delay you can have only just above 5oMbps with 100ms we already in 5Mpbs and you see where is that going. so what and how we can take the 16bit we have in the TCP header and make them bigger well the simple answer is we cant as we have only 16bit not one bit more in the header for window.
but what we can do is use the options 3 byte filed to where we indicate what is our scale factor, the defined scale factor can be between 0 to 14 where the max window can be 1GB
65536 * (2^14) = 1073741824 well now we are talking this is a window.
but with grate window come grate responsibility, now we need to watch out for overflowing the network causing congestion (the congestion will be for another talk).
So basically what we learned is that the higher the Delay we need a bigger window to free the belt on our traffic.
The Max Throughput calc is actually very simple:
[ WIN(in bits)/delay(in second) ] / 1000000 = Throughput in Mbps
Scale Window calc is:
(2^scale factore) * window(bytes)
Notice that as the WS is optional it must be offered by both sides to and the lowest WS factor win.
Sunday, December 21, 2008
MPLS Deployment reasons
1) Faster convergence, in the old days that was a valid reason due to the relatively complex forwarding task that required more resources then Label forwarding. Today non relevant
2) RFC 1483 the newer 2684 AAL5 ATM Adaptation Layer 5 the implementation of IP over ATM
3) BGP Core Free on the SP network, as with MPLS lookup is done based on Labels and not destination address there is no need to have the
BGP table in the Core for external prefixes lookup's. this is a massive change from the requirement that
Every router in the core must have BGP enabled (cpu and memory intensive load) to only the edge router have BGP enabled mean higher performance
and capability.
Note: edge routers still need to have the BGP routing tables, edge routers are translating between ip routing decision to label based decisions.
4) Deployment scalability, when we face with large scale client to deploy (client that connect with 50 - 300 sites and more) we need to
have under the consideration the deployment scalability and management, with that in mind 2 models of deployment are optional:
a) VPN Overlay - creating a point to point connection over the SP network, can be achieved in layer 1, 2 or 3.
Layer 1 TDM E1 T1...
Layer 2 ATM FR...
Layer 3 GRE, IPIP...
b) Peer to Peer - creating a connection between sites trough the ISP and with him, what I mean is that the SP need to
join the client network and to achieve client privacy the SP need to manage acl's and routing updates, not very scalable and
a lot of overhead. notice that in addition to the disadvantage for the SP on the additional management overhead and complexity
there is the client control (doesn't have any) of his layer 3 network trough the SP.
With MPLS the VPN allow the Peer to Peer bad model to have advantage over the Overlay model where in the MPLS we use VRF
Virtual Routing Forwarding separators between each network and the configuration is done only on each new site.
meaning that if I am an SP and I have 3 client (Cisco, Microsoft, Verizon) each vrf will have a unique color vrf Cisco, vrf Microsoft and
vrf Verizon, and to join a new branch is only to color this branch traffic accordingly, so the main work is done in the initial design and
implementation and any new addition is actually very simple to add.
5) TE - traffic engineering is a small phrase for a very big spectrum of options, normally traffic routing is decided at each point
separately and usually the best route is chosen according to the shortest path to destination, using TE we can make the routing
decision based on multiple criteria options. allowing the traffic to fully utilize network capability.
FRR - Fast ReRouting is a very good feature that allow you to detect and reroute based on router availability in less than 50ms
Very important in high sensitive traffic like VoIP.
Friday, October 24, 2008
JUNIPER JNCIA-ER SCORE 90
Well I know this is not Cisco but I have just passed 30 min ago my JNCIA-ER exam with score of 90, to be honest that was one of the shortest test's I have ever had, usually I stay no meter what to the last minute but because I was pretty sure on my answers I have left after ~20 min.
The resources provided from the www.juniper.net/fasttrack/ site are excellent and answer 100% to the test questions. almost to good to be true.
I must say that the last 3 weeks I have been playing with the junos (under my vmware setup) it seem to be realy nice and powerful OS.
So for you professionals and experts I think it should be very nice knowledge edition, I am still thinking if I want to proceed with the JNCIS-ER exam or stop here with juniper, I will update you later.
All of you have a nice weekend :-)
The resources provided from the www.juniper.net/fasttrack/ site are excellent and answer 100% to the test questions. almost to good to be true.
I must say that the last 3 weeks I have been playing with the junos (under my vmware setup) it seem to be realy nice and powerful OS.
So for you professionals and experts I think it should be very nice knowledge edition, I am still thinking if I want to proceed with the JNCIS-ER exam or stop here with juniper, I will update you later.
All of you have a nice weekend :-)
Friday, October 10, 2008
Spanning Tree Basics
Spanning Tree is one of the topics that most people a really scared as it is almost fully automatic feature People don’t bother to dig into it; my idea here is to give you a simple way to understand the protocol basics And also get a glance on its complex.
First thing when I learn a new protocol I would like to look how it is working on the low level, so here I have drown you the BPDU structure, you can see that all implementations have a common ground and thus there is full backward support:
Filed Description:
PID = Protocol ID Always 0x0000
VID = Version ID
1) STP 0x00
2) R-PVST 0x02
BT = BPDU Type
1) STP 0x00
2) R-PVST / MST 0x02
TCN / TCN Ack is used only with IEEE 802.1D or with interoperation with RSTP.
Proposal and agreement handshake are bits used to prevent loops, proposal sent from a designated port And agreement is sent from the root port.
Unlike IEEE 802.1D in which any transition between the blocking and the forwarding state causes a topology change, Only transitions from the blocking to the forwarding state cause a topology change with RSTP.
Root ID
Show the Root Bridge Priority and the MAC address
Root Cost
Show your distance from the Root Bridge
BID = Bridge ID
Here the switch advertise his own Bridge MAC and Priority
Port ID
A 2 byte number, the first octet build from a configurable priority, the second octet is a number set by the Bridge for the port BPDU was sent from usually in newer Bridge model the port id is the Port number but in Older models it was a random number assigned to the port.
Newer models:
Show spanning-tree vlan 1 detail
Older models:
Show spanning-tree
MAge = Message Age
Indicate an estimated time required for a BPDU to be sent and received by any other bridge, although specified in time it is actually increasing The value by hop count.
MA = Max Age
This filed is given from the root bridge and by default set to 20 sec indicate the max age of a BPDU.
Hello
Indicate the time between each BPDU sent from the root bridge. Default 2 sec
FWDD = Forward Delay
Indicate the amount of time the bridge should stay in each state when transiting from blocking to forwarding.
V1_L = Version 1 Length
V3_L = Version 3 Length
MST EXTENTION
MST Config ID
MST Config Name = configuration name
MST Config Revision Number = configuration revision number
MST Config digest = configuration digest
CIST Bridge Identifier =
CIST Internal Root Path Cost = cost to the root bridge
CIST Remaining hops = default (20) state the max number of hops from the root bridge
if packet received a packet with remaining hops set to 0 then he will
Ignore the spanning tree BPDU and will be able to declare himself as Root
Understand the debug as it is one of the tools you have to troubleshoot in real time, but with that said you need to make sure you do not activate spanning tree debug on production with logging console enable as you will probably end up locked out from your switch.
! Do before debug under global config
No logging console
logging buffered 200000
end
clear logging
debug spanning-tree bpdu
! output will be displayed under the “show logging”
! to disable debug
un all
Example output from the debug:
*Apr 14 01:19:56: STP: enc 01 00 0C CC CC CD 00 14 F2 E9 44 16 00 32 AA AA 03 00 00 0C 01 0B ! you can see destination MAC 01 00 0C CC CC CD the Cisco multicast address for PVST+ also LCP show AA AA indicate to look into the next 5 byte of information in the LCP, the last 2 byte indicate the ethertype 010b is for PVST+
*Apr 14 01:19:56: STP: Data 000002023C60670014F2E944000000000060670014F2E9440080160000140002000F00
*Apr 14 01:19:56: STP: VLAN0103 Fa0/22:0000 02 02 3C 60670014F2E94400 00000000 60670014F2E94400 8016 0000 1400 0200 0F00 ! BPDU represented in hex
*Apr 14 01:19:56: RSTP(103): Fa0/22 repeated msg
*Apr 14 01:19:56: RSTP(103): Fa0/22 rcvd info remaining 6
*Apr 14 01:19:56: STP: VLAN0104 rx BPDU: config protocol = rstp, packet from FastEthernet0/22 , linktype SSTP , enctype 3, encsize 22
Short story on the LCP
LLC (Logical Link Control) also called 802.2 header and is between 3 to 8 byte long containing protocol type information of the packet.
The 3 first bytes are mandatory:
DSAP Destination Service Access Point
SSAP Source Service Access Point
And one more byte that is important only when using SNA in any other cases it is ignored
Now you will probably ask what the additional 5 byte is.
Now this is where it gets little complex, when using standard STP IEEE or ISL trunks (Cisco Run ISL with PVST that is much similar to the standard accept for the vlan ID addition) then DSAP and SSAP will be set to 0x42 but when configuring DOT1Q trunks on Cisco then they use PVST+ and they are setting the SSAP and DSAP to 0xAA where it point to the additional 5 byte where we get the SNAP (SubNetwork Access Protocol) that is giving us a description of what protocol we are using in layer 3 (AppleTalk, IP, XNS….)
Ok this until now are the basics for STP, once you have the structure in place it will be much easier (warning: it is not easy) to understand how it works.
Recommended reading: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml
First thing when I learn a new protocol I would like to look how it is working on the low level, so here I have drown you the BPDU structure, you can see that all implementations have a common ground and thus there is full backward support:
Filed Description:
PID = Protocol ID Always 0x0000
VID = Version ID
1) STP 0x00
2) R-PVST 0x02
BT = BPDU Type
1) STP 0x00
2) R-PVST / MST 0x02
TCN / TCN Ack is used only with IEEE 802.1D or with interoperation with RSTP.
Proposal and agreement handshake are bits used to prevent loops, proposal sent from a designated port And agreement is sent from the root port.
Unlike IEEE 802.1D in which any transition between the blocking and the forwarding state causes a topology change, Only transitions from the blocking to the forwarding state cause a topology change with RSTP.
Root ID
Show the Root Bridge Priority and the MAC address
Root Cost
Show your distance from the Root Bridge
BID = Bridge ID
Here the switch advertise his own Bridge MAC and Priority
Port ID
A 2 byte number, the first octet build from a configurable priority, the second octet is a number set by the Bridge for the port BPDU was sent from usually in newer Bridge model the port id is the Port number but in Older models it was a random number assigned to the port.
Newer models:
Show spanning-tree vlan 1 detail
Older models:
Show spanning-tree
MAge = Message Age
Indicate an estimated time required for a BPDU to be sent and received by any other bridge, although specified in time it is actually increasing The value by hop count.
MA = Max Age
This filed is given from the root bridge and by default set to 20 sec indicate the max age of a BPDU.
Hello
Indicate the time between each BPDU sent from the root bridge. Default 2 sec
FWDD = Forward Delay
Indicate the amount of time the bridge should stay in each state when transiting from blocking to forwarding.
V1_L = Version 1 Length
V3_L = Version 3 Length
MST EXTENTION
MST Config ID
MST Config Name = configuration name
MST Config Revision Number = configuration revision number
MST Config digest = configuration digest
CIST Bridge Identifier =
CIST Internal Root Path Cost = cost to the root bridge
CIST Remaining hops = default (20) state the max number of hops from the root bridge
if packet received a packet with remaining hops set to 0 then he will
Ignore the spanning tree BPDU and will be able to declare himself as Root
Understand the debug as it is one of the tools you have to troubleshoot in real time, but with that said you need to make sure you do not activate spanning tree debug on production with logging console enable as you will probably end up locked out from your switch.
! Do before debug under global config
No logging console
logging buffered 200000
end
clear logging
debug spanning-tree bpdu
! output will be displayed under the “show logging”
! to disable debug
un all
Example output from the debug:
*Apr 14 01:19:56: STP: enc 01 00 0C CC CC CD 00 14 F2 E9 44 16 00 32 AA AA 03 00 00 0C 01 0B ! you can see destination MAC 01 00 0C CC CC CD the Cisco multicast address for PVST+ also LCP show AA AA indicate to look into the next 5 byte of information in the LCP, the last 2 byte indicate the ethertype 010b is for PVST+
*Apr 14 01:19:56: STP: Data 000002023C60670014F2E944000000000060670014F2E9440080160000140002000F00
*Apr 14 01:19:56: STP: VLAN0103 Fa0/22:0000 02 02 3C 60670014F2E94400 00000000 60670014F2E94400 8016 0000 1400 0200 0F00 ! BPDU represented in hex
*Apr 14 01:19:56: RSTP(103): Fa0/22 repeated msg
*Apr 14 01:19:56: RSTP(103): Fa0/22 rcvd info remaining 6
*Apr 14 01:19:56: STP: VLAN0104 rx BPDU: config protocol = rstp, packet from FastEthernet0/22 , linktype SSTP , enctype 3, encsize 22
Short story on the LCP
LLC (Logical Link Control) also called 802.2 header and is between 3 to 8 byte long containing protocol type information of the packet.
The 3 first bytes are mandatory:
DSAP Destination Service Access Point
SSAP Source Service Access Point
And one more byte that is important only when using SNA in any other cases it is ignored
Now you will probably ask what the additional 5 byte is.
Now this is where it gets little complex, when using standard STP IEEE or ISL trunks (Cisco Run ISL with PVST that is much similar to the standard accept for the vlan ID addition) then DSAP and SSAP will be set to 0x42 but when configuring DOT1Q trunks on Cisco then they use PVST+ and they are setting the SSAP and DSAP to 0xAA where it point to the additional 5 byte where we get the SNAP (SubNetwork Access Protocol) that is giving us a description of what protocol we are using in layer 3 (AppleTalk, IP, XNS….)
Ok this until now are the basics for STP, once you have the structure in place it will be much easier (warning: it is not easy) to understand how it works.
Recommended reading: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml
Subscribe to:
Posts (Atom)
