Network Design - What it's all about

It has become imperative to prioritize network design as part of a solid business strategy. This post zooms in on the workings of network design and what it’s all about. The goal is to broaden stakeholder’s perspective on the elements that are in play with network design. Network Design - Why Taking control of the network in a responsible way to keep things relevant and on track in accordance to the business requirements is key to being successful when it comes to network design.

Classical Enterprise LAN Design - Part II

This post delves into the pros and cons of another classical enterprise LAN design. Focus is on detailing why you might choose such a design and the workings of it. A few optimizations are shown, too. For Part I check out Classical Enterprise LAN Design - Part I Topology Below topology is the starting point. Some choices have been taken as described in the green boxes. SW1 and SW2 are distribution switches that mark the demarcation between L2/L3 from access to the rest of the network (core).

Classical Enterprise LAN Design - Part I

Many enterprises still have what is considered a classical network. This post deals with one such design. Focus is on highlighting the reasons why a network is built this way and reveal its shortcomings. Lastly some suggestions on how to optimize the logical design are shown. Topology Below topology is the starting point. Some choices have been taken as described in the green boxes. SW1 and SW2 function as the boundary between L2 and L3.

IP Addressing and Segmentation for Enterprises

This post touches upon various approaches of designing an IP addressing plan for an enterprise network. It will also deal with segmentation in general, because IP addressing and segmentation are dependent on each other. IP Addressing A typical enterprise network consists of multiple sites of varying sizes that might span a wide geographical area - even international and/or inter-continental. A such we have different areas of network types that needs IP addresses.

Campus Segmentation and Beyond

Security is top of mind for most companies today. And for good reasons. Every day new major security incidents hit both the private and public sectors. We’re no longer dealing with curious geeks, script kiddies, and smaller groups of cyber criminals. Hacking used to be a niche thing. Today state-sponsored hackers are a reality. Although you cannot guarantee protection from these malicious events, you can try to limit the risk and possibility of their success.

VRF-aware RADIUS with DNAC

DNAC is currently not designed to be VRF-aware with its Network Settings. The AAA server settings are configured with global context regardless of the device management IP being in a VRF. Here is what DNAC provisions for RADIUS: aaa new-model aaa authentication login default local aaa authentication login dnac-cts-list group dnac-client-radius-group local aaa authentication dot1x default group dnac-client-radius-group aaa authorization exec default local aaa authorization network default group dnac-client-radius-group aaa authorization network dnac-cts-list group dnac-client-radius-group aaa accounting Identity default start-stop group dnac-client-radius-group aaa accounting update newinfo periodic 2880 !

Jinja Templates in DNAC

In this post I will show you some examples of Jinja templates that might inspire you to create your own. As always my focus is centered on how stuff works rather than how you use the product. I will provide a breif overview of the Template Editor, though. For a user guide, please have a look at the official doc: Create Templates to Automate Device Configuration Changes One of the main advantages of DNAC is its ability to help you automate certain tasks within your network.

DNAC Code Names

DNA Center has a versioning scheme that uses four digits. At the time of writing the recommended DNAC version is  2.b.c.d - The first digit is the major release which introduces “significat market value, including infrastructure and architectural changes”  a.2.c.d - The second digit is a minor version that includes “new functions and features in the platform”. It is categorized as a “new market value” release and also an anchor point for long-lived releases

CCDE Journey

CCDE is one of the most sought-after and valuable IT certifications today. It used to be very service provider focused. The current version, CCDEv3, was launched November 2, 2021 and it changed radically in terms of technology coverage. Also, this version adds the AoE (Area of Expertise) scenarios of choice, meaning you can choose one scenario based on three different technology areas: Large Scale Networks On-Prem and Cloud Services Workforce Mobility To become a CCDE you must pass a written exam and a practical exam - respectively in that order.

MPLS VPNs vs. VRF-lite

Segmentation is becoming more and more critical as part of securing a network. In this article I will compare MPLS VPNs to VRF-lite. Both are ways to segment a network logically at L3 using VNs (VRFs). Many years ago when I was new to networking technologies I had some fear of “MPLS”. I was biased and I though of MPLS as something insanely complicated that only service providers used in their network to magically inter-connect large companies.