Network technologies and trends


November 21, 2015  8:27 AM

A review of CCDE Study Guide by Marwan Al-shawi

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
BGP, Cisco, Cisco certifications, Cisco Press, EIGRP, Network design, Networking, OSPF, Protocols, VPN

Since I received the “CCDE Study Guide” from Jamie Shoup till date, I simply couldn’t able resist reading such a wonder book from Marwan Al-shawi.  I believe it was a great initiative from Marwan Al-shawi to write this book. Since I read this book from cover to cover I believe it’s the right time for me to write a complete review of this book.

CCDE book

As mentioned in my initial review , Marwan did a great job in penning down this title, he has gone an extra mile to come out with this title. The topics are organised well and he addressed almost all the topics of CCDE blue print at very high level. The “CCDE Study Guide” is divided into 6 parts with following chapters

Part I Business-Driven Strategic Network Design

  • Chapter 1 Network Design Requirements: Analysis and Design Principles

Part II Next Generation – Converged Enterprise Network Architectures

  • Chapter 2 Enterprise Layer 2 and Layer 3 Design
  • Chapter 3 Enterprise Campus Architecture Design
  • Chapter 4 Enterprise Edge Architecture Design

Part III Service Provider Networks Design and Architectures

  • Chapter 5 Service Provider Network Architecture Design
  • Chapter 6 Service Provider MPLS VPN Services Design
  • Chapter 7 Multi-AS Service Provider Network Design

Part IV Data Center Networks Design

  • Chapter 8 Data Center Network Design

Part V High Availability

  • Chapter 9 Network High-Availability Design

Part VI Other Network Technologies and Services

  • Chapter 10 Design of Other Network Technologies and Services

I enjoyed reading almost all the topics, yet got bored on the topics which I don’t have much exposure. The book is addressed at very high level. In order to enjoy this book one should posses good understanding of the concepts be it MPLS, MPLS TE, MPLS VPN or as simple as of Layer 2 Network Design. Marwan is no where attempting you to understand topics from grasp level. I can understand Marwan must have gone through tons of technical resources to come with such a wonderful title. His experience and knowledge  is quite visible in the content he developed.

Few things which I really liked in this title are

  • The design scenarios presented are quite useful and there are plenty of them
  • The design goals one should consider
  • The business driven factors
  • Enormous  amount of Diagrams which complement the text.
  • The seamless flow of topics
  • Design related Questions
  • Further Reading Section

Its also good to see this title now part Safari Online, those who have Safari subscription can enjoy reading this book even for enhancing their design principles.

This title would have added extra value if the following things were considered

  • A small design challenge at the end of each chapter based on exam pattern
  • Typos
  • Hyperlinking  all the reference materials ( few hyperlinks are there)

Over all a must read book not only for those who are perusing CCDE but also for those who are involved in Designing complex networks. Also I would like to thank  Marwan Al-shawi  for coming out with such a great book as its quite helpful to me.

November 19, 2015  6:44 AM

CCIE Data Center Version 2 is coming

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, Cisco, Cisco Press, VXLAN

 

With the introduction of ACI, Nexus 9k and many other SDN components I was expecting Cisco will soon announce the new version of CCIE Data Center.

As anticipated Cisco announced the revision of CCIE Data Center from Version 1.0 to 2.0, to be a CCIE Data Center v2.0, Cisco will be testing the candidate’s knowledge and capabilities on the latest skill and technologies which are broadly classified into six domains.

CCIE Data Center v1.0

CCIE Data Center v.20

    1. Cisco Data Center Architecture
    2. Cisco Data Center Infrastructure-Cisco NX-OS
    3. Cisco Storage Networking
    4. Cisco Data Center Virtualization
    5. Cisco Unified Computing System
    6. Cisco Application Networking Services
  1. Cisco Data Center L2/L3 Technologies
  2. Cisco Data Center Network Services
  3. Data Center Storage Networking and Compute
  4. Data Center Automation and Orchestration
  5. Data Center Fabric Infrastructure
  6. Evolving Technologies

When you compare Domain topics of CCIE Data Center v1.0 and Data Center v2.0 form above shown table one could notice Cisco is introducing  more technology centric topics, the interesting catch here is Evolving Technologies . One could certainly experience below technical topics like in CCIE Data Center v2.0 exams

  • VXLAN
  • EVPN
  • LISP
  • Policy Driven Fabric (ACI)

Following are the some of the key hardware changes in the CCIE Data Center v.2.0 blueprint

  • APIC Cluster
  • Nexus 9300
  • Nexus 7000 w/ F3 Module
  • Nexus 5600
  • Nexus 2300 Fabric Extender
  • UCS 4300 M-Series Servers

I believe Cisco took a strategic decision to announce the new version of CCIE Data Center exam as this will empower them to capitalise the huge SDN market share, its been a general tendency of the customers to adopt the SDN solutions based on the availability of technical resources. I hope Cisco will certainly add value to their CCIE certifications and ensure strict guidelines are followed when it comes to delivery of the exam and also make their exams more realistic.

Those who are preparing for the CCIE Data Center v1.0 exam don’t need to panic as they have time until July 2, 2016.

  • Last day to test for the v1.0 written – July 22, 2016
  • First day to test for the v2.0 written – July 25, 2016
  • Last day to test for the v1.0 lab – July 22, 2016
  • First day to test for the v2.0 lab – July 25, 2016

Screen Shot 2015-11-19 at 9.36.59 AM

One more change one is going to experience in CCIE Data Center v2.0 lab is the introduction of Diagnostic module which lasts for 60 minutes and focuses on the skills required to properly diagnose network issues, without having device access. The main objective of the Diagnostic module is to assess the skills required to properly diagnose network issues. These skills include:

  • ·  Analyze
  • ·  Correlate

– Discerning multiple sources of documentation (in example e-mail threads, network topology diagrams, console outputs, logs, and even traffic captures.)

In the Diagnostic module, candidates need to make choices between pre-defined options to indicate:

  • ·  What is the root cause of an issue
  • ·  Where is the issue located in the diagram
  • ·  What is the critical piece of information allows us the identify the root cause
  • ·  What piece of information is missing to be able to identify the root cause

However the Configuration and Troubleshooting module follows the same pattern of  CCIE Data Center v1.0 , basically it consists of one topology  where the candidate has to complete the given tasks in 7hours of time.

Since the introduction of Diagnostic module in CCIE R&S v 5.0  Cisco is keep on adding this module every new version of CCIE exams be it CCIE Service Provider or CCIE Data Center.

I wish all the CCIE Data Center aspirers a best of luck and I am pretty sure soon training materials will be out by Cisco Press and INE as they seems to be pioneers when it comes to CCIE Study Materials.


November 16, 2015  7:39 PM

Palo Alto Networks Firewall Interface Types – Tap Mode

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Ethernet, Firewalls, Interface, Palo Alto Networks, Switch

As discussed in one my post, we all know Palo Alto Networks Firewall allows us to implement in many modes, one such mode is TAP Mode. Now you all might be wondering what is a TAP mode?

TAP Mode is basically used to monitor the traffic passing through the firewall, basically a TAP Mode interface can be easily used for

  • POC of Palo Alto Network Firewalls
  • To monitor passively all the traffic passing across a network using SPAN or mirror port

Palo Alto Tap Mode

One can easily configure SPAN/RSPAN in his/ her network Switch and pass the traffic thought the Palo Alto Firewall to monitor the traffic, by doing so one can have a complete visibility of the network and Palo Alto Networks really comes with a some great reports as well. This kind of monitoring can be done in TAP mode only, it reads all the spanned traffic and there will be a visibility in Palo Alto Network Firewall ACC tab.

To place a Palo Alto Networks Firewall one doesn’t  need to do any changes to their existing network design also in TAP Mode the traffic will not blocked or any URL filtering can be enabled. It’s a really a cool feature from Palo Alto Networks Firewall , in my next post lets see how a Palo Alto Networks can be configured in TAP mode. One nice little feature Palo Alto Network Firewall supports is, it  can process the encrypted SPAN traffic.


November 7, 2015  3:54 PM

Should Juniper reconsider their strategy towards JNCIE Certifications?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, Certifications, Cisco, Juniper Networks, Palo Alto Networks

As these days my focus is more into Network  security and my current job demands more of the security. Being a CCIE I thought rather than investing my time, energy  and money on one more CCIE,  I thought of  staring the journey of JNCI-SEC . I was totally banking on assumptions and expectations , those who comes from Cisco back ground they know,  technically there are no prerequisites to be a CCIE or CCDE. My assumptions were wrong and baseless, in reality one has to start from the scratch, especially if some one is planning to his/her start Juniper Certification track.

I was little disappointed but this never stopped me from planning certifications in the Network Security tracks, I changed my vision and realigned my plans and started focusing on Palo Alto, F5  and Cisco CCDE Certifications. I am currently focusing on CCDE as I did passed the Palo Alto PCNSE 7 exam and it was a great experience. Though we have some of the Juniper Firewalls in our setup yet  I am not motivated to jump into the journey of JNCI-SEC because of the prerequisites.

Now coming back to Juniper Networks, I strongly believe they need to realign their vision and approach towards their expert level certifications, as at time those who hold expert level certifications from other vendors do get demotivated to start their journey from entry level certificate and then to professional and finally the expert level certifications. I am pretty sure if Juniper removes the prerequisites for their expert level certifications lot of experts would jump in to challenge themselves with Juniper Expert Level Certifications like JNCIE.


November 6, 2015  6:13 PM

Palo Alto Networks Firewall Interface Types – 101

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Administrator, Ethernet, Firewalls, HA, Interface, LAYER3, Loopback, Palo Alto Networks, tunnel, VLAN

 

When it comes to Palo Alto Networks Firewall it supports  wide range of deployment options and interface types as well. One can easily mix and match the interface types in real world deployments.

Most of the Palo Alto Networks Firewall support following interface types

  • Ethernet – These are physical interfaces and can be configured as the following types
    • Tap
    • HA
    • Virtual Wire
    • Aggregate
    • Layer 2
    • Layer 3

Screen Shot 2015-11-06 at 9.08.14 PM

It’s a know fact that one can use tap mode, virtual wire mode , layer 3 mode , layer 2 mode etc in a single Palo Alto Firewall. This is the beauty of Palo Alto Networks Firewall.

Also Palo Alto Networks Firewall supports following Interface Types

  • VLAN
  • Loopback
  • Tunnel
  • Decrypt Mirror

I will try to address in detail about all the above mentioned interfaces in the upcoming post.


November 2, 2015  5:52 PM

A review for CISCO CERTIFIED DESIGN EXPERT work book

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Cisco, Design, MPLS

Recently I was provided with a copy of CISCO CERTIFIED DESIGN EXPERT  which Orhan uses to teach his CCDE online classes, upon going through the workbook, I discovered his work book covers all the topics of CCDE blue print. The work book looks simple and easy to understand. The topics are covered in simple format I believe he relies more on his work book as a note and relies more on his online classes.

At the end of the each topic ,there are case studies followed by some questions on those topics , he concludes the topic with reference books for further studies, what videos one should watch online ( Cisco Live, podcast etc.) and also links to the articles one can refer for further information

He also concludes the work book with a complete scenario  perhaps like an exam where you are challenged with questions and emails. You are suppose to answer these questions .

Personally I like the MPLS case study, the good thing about these case studies are they are quite short and concise, over all I could see  a reflection of Service Provider experience and hard work of Orhan in developing this Work Book.

I would conclude by a recommendation  to Orhan to enhance his content by adding  more scenarios which are business driven, I am sure by adding this he will take his work book to the next level.

Over all I enjoyed reading CISCO CERTIFIED DESIGN EXPERT work book developed Orhan and I am thankful to him for sharing this valuable work with me. Personally it will certainly help me for my CCDE practical  preparations.


October 31, 2015  4:48 PM

How to configure a Layer 3 zone in Palo Alto Networks Firewall?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Administrator, Ethernet, Firewalls, Interface, LAYER3, Palo Alto Networks

Configuring a zone in Palo Alto firewall is quite easier, since most of the configuration tasks can be done at GUI level, it makes life easier of the Network Security Engineer, they can use their standard browser to access the Palo Alto Networks Firewall. In this example lets do the following

  1. Create a Layer 3 Zone called Trust
  2. Assign an interface to the newly created zone

Step 1

Go to Palo A lot Networks firewall WebUI and select Network>Zones and then click Add to create a new zone

Palo Alto Zone Step 1

Step 2

Click Add and create a Zone and name it Trust and type should be Layer 3 as shown below

Palo Alto Zone Step 2

Step 3

Assign an interface to the newly created zone by clicking Add and then select the interface ( ethernet 1/1) and click ok.

Palo Alto Zone Step 3

Once you are done and click commit you should see the following  final output which states the name of the zone followed by the type of the zone and what interfaces associated with it.

Palo Alto Zone Step 4

 

When it comes to zone configuration Palo Alto Network Firewalls are straight forward and easy. One could use the same template to configure any types of zone . In upcoming post lets see what is management profile and how it can be configured.


October 29, 2015  3:56 PM

Cisco to acquire Lancope to enhance their Cyber Security Threat Defence Capabilities

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Cisco, Cisco security, Network security, Networking, Security intelligence

This week Cisco announced their intention to acquire  Alpharetta, GA based network security company called Lancope, Inc for $452.5 million in cash . Lancope provides network behaviour analytics, threat visibility and security intelligence to help protect companies against top cyber security threats.

Well this acquisition now draws some interesting quesitons,

How Cisco will place themselves in security domain for coming days?
Is this going to add any value either to Cisco or their customers?
Is this going make them leaders in the field of security?

Only time can say.

“As enterprises digitize, security challenges rapidly evolve. Real time visibility and understanding of the behavior of every machine or device on the network becomes critical in adapting the ability of enterprises to identify and respond to the next wave of cyber threats,” said Rob Salvagno, vice president, Cisco Corporate Development. “Cisco is committed to helping organizations defend their networks and devices. Together with Lancope, our combined solutions can help turn a customer’s entire network into a security sensor.”

Interesting comments from Rob Salvagno, this shows how serious Cisco is when it comes to Security, Cisco wants Lancope to be part of Cisco Security Business Group organization led by David Goeckeler, senior vice president and general manager.Cisco are aiming to close this deal by the second quarter of fiscal year 2016.


October 28, 2015  5:39 PM

Cisco VIRL is adding more value to its users.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
CCIE, CCNA, CCNP, Certifications, Cisco, Cisco Routers, Firewalls, Networking, Switches

When it comes to simulating networking scenarios using Cisco Routers, Firewalls , Switches we have a great tool called VIRL. Since its introduction, VIRL has gone viral people started using to extensively for CCNA, CCNP and even CCIE preparations. People tend to rely more on VIRL these days to master the networking concepts, testing their customer topologies, trying new features, planning the migrations etc.

VIRL

As of today VIRL offers maximum 15 nodes which at times can be a limiting factors to simulate some complex labs, the community of VIRL users were not satisfied fully and the community raised this to Cisco, as a good listener Cisco listened them and announced that , starting November 2015 the node limit will be increased to 20 for free, that’s a great move and I would congratulate the VIRL team for making this possible.

One more enhancement Cisco is offering 30 nodes VIRL package, one can easily upgrade their existing node limit form15 to 30 by paying the upgrade fee which is unknown. I suggest to lookout for VIRL updates and take advantage of these new announcements.


October 26, 2015  9:54 AM

CCDP – ARCH Version 3.0 is here

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Cisco, Cisco certifications, Data Center, Network design, Scalability

Cisco is doing some major revamps when it comes to Cisco Design certifications , Cisco announced new version for their CCDA Certification from DESGN version 2.1 to 3.0.  It’s a welcome move from Cisco especially when technology is evolving so fast.

In the newly designed 300-320 ARCH exam Cisco has removed following topics

  •  Design for infrastructure services
  •  Identify network management capabilities in Cisco IOS Software
  •  Create summary-able and structured addressing designs
  • Describe IPv6 for campus design considerations
  • Describe the components and technologies of a SAN network
  • Create an effective e-commerce design
  • Create remote access VPN designs for the teleworker

Following topics are added to ARCH exam

  • Create stable, secure, and scalable routing designs for IS-IS
  • Determine IPv6 migration strategies
  • Design data center interconnectivity
  • Design data center and network integration
  • Select appropriate QoS strategies to meet customer requirements
  • Design end to end QoS policies
  • Design a network to support Network Programmability (SDN)
  • Describe network virtualization technologies for the data center

 

The interesting addition is the SDN part, this is a great move from Cisco.  I hope soon Cisco will release Cisco Press Study guides.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: