FastTrack Training. "Network Basics." "Basics of routing." Eddie Martin December 2012

  • Tutorial
About a year ago, I noticed an interesting and fascinating series of lectures by Eddie Martin, which is incredibly intelligible, thanks to its history and real life examples, as well as colossal experience in teaching, which allows us to gain an understanding of rather complex technologies.



We continue the cycle of 27 articles based on his lectures:

01/02: “Understanding the OSI Model” Part 1 / Part 2
03: “Understanding the Cisco Architecture”
04/05: “The Basics of Switching or Switches” Part 1 / Part 2
06: “ Switches from Cisco ”
07: “ The area of ​​use of network switches, the value of Cisco switches ”
08/09:“ Basics of a wireless LAN ” Part 1/ Part 2
10: “Products in the area of ​​wireless LANs”
11: “The value of Cisco wireless LANs”
12: “The basics of routing”
13: “The structure of routers, routing platforms from Cisco”
14: “The value of Cisco routers”
15/16: “Basics of data centers” Part 1 / Part 2
17: “Equipment for data centers”
18: “The value of Cisco in data centers”
19/20/21: “Fundamentals of telephony” Part 1 / Part 2 / Part 3
22: Cisco Collaboration Products
23:“Cisco Collaboration Product Value”
24: “Security Essentials”
25: “Cisco Security Software Products”
26: “Cisco Security Product Value”
27: “Understanding Cisco Architectural Games (Overview)”

And here is the twelfth of them.

FastTrack Training. "Network Basics." "Basics of routing." Eddie Martin December 2012


Today we’ll talk about routers - what it is, why we need them, and what opportunities they have. I will tell you about bandwidth and similar things. So, routers connect heterogeneous networks, but not only networks, they also connect with each other.

Suppose I have a company headquarters, and there is also a data center and switches in this building, and I want to connect them to the branch of the company where the employees are located. To do this, I need a service provider called WAN (Wide Area Network) - access to a network that covers large areas and includes a large number of nodes (global network).



I take the router, connect it to the WAN provider, and it transfers my data to the branch. On the other side of the WAN, I also put the switch and another router, which is also connected to the provider. What should interest me? How the provider will transfer my data.
Because here, where we have a data center, I use 10 gigabit Ethernet with high bandwidth. Relatively speaking, here I have a large pipe through which I pass my data stream. And on the other side, our branch has a pipe of the same diameter. And what is available on the provider side? The same big pipe? No, he has a small thin tube, that’s this diameter.

This is a good example of how we should analyze the capabilities of the provider in order to provide the necessary bandwidth. Imagine a fire, a huge building that is burning, and we call firefighters to put out the fire, for this we need such a huge pipe, 3 inches in diameter - to let through a huge stream of water and put out this fire faster. And what do we have with the provider? A straw for a cocktail. Its network compared to ours has approximately the same bandwidth.



Do you know what the provider does in this case? Every month he gives me a present called a service bill. The larger the stream I pass through his network, the greater the “gift” he brings to me. As a result, it costs me more and more.

What do we do? We manage this process and arrange QoS routing priority. And the routers act as guards, they decide what data to pass outside and when, and which not. Such a network can be very, very large. Let us have hundreds of locations associated with the provider. Physically, it looks like this, but logically we have from these locations there are many tunnels that lead from these locations to our routers through the WAN.



Remember we said that the routing process is controlled by L3 routers? We drew this in the form of two L2 men who turn to the higher third, so that he organizes the exchange of information. And the third one decides where and how to send traffic.



All this is mixed in such a way that the man at the top can send traffic in all directions - to the main office, to the branch, and to other places. He makes sure that the two lower “guys” exchange information as efficiently as possible, and for this, router routing protocols are used. These protocols span the entire network from the outside and allow other networks to connect.



Here, on the right, I will draw a new VLAN. Are all routers aware of this? Not really. You need to add another second-level guy to the company in the lower half of the circle on this router. And then the job of the L3 guy will be to report this new network to all other routers if someone asks about this new network. This is what routers do.



There are several types of routing protocols, we have the RIP protocol for managing small networks (Routing Information Protocol) and the dynamic routing protocol OSPF (Open Shortest Path Firs), based on link-state technology and using to find the shortest path . These are standard protocols that can be used on any of the routers. And there is the maximum form of the protocol, for the largest networks, it is called BGP (Border Gateway Protocol) - the boundary gateway protocol. It is used for such a large network as the Internet. All routers connecting to the Internet use BGP. And the routing tables are huge, you know, you need quite a lot of memory for them.

Cisco has another proprietary protocol - EIGRP (Enhanced Interior Gateway Routing Protocol), which means "advanced internal gateway routing protocol." This is the best protocol of all depicted here. It combines the best of RIP and OSPF.

This protocol is very popular with customers, because when they find out that this is their own Cisco software, our own protocol, they say: “Oh yes, we want it”! And since this is our protocol, who is the only provider of routers that supports it in the best way? What is our share of the routing market? From 70%, closer to 80%, depending on where the routers are used. In fact, here, in the case of a border router of this branch, our share is more than 80%, since we are very good at this. And I will show you why soon. Why do you think Cisco has held the lead in this market segment for many, many years? Are our routers faster than others? No, that cannot be said. But they embody all innovative technologies, all the latest achievements are in these routers. We enable our routers to do more than just routing. But this is WAN.

There are other networks and other connection paths. Add another network below - the Internet. Where is the internet located? Everywhere! It’s like a cloud, it’s the second global network. What's the first one? PSTN (Public Switched Telephone Network) is a public switched telephone network. Please note that if I buy a network segment from a service provider, then I will only be connected to someone else, directly to someone else. So, if I am connected to the Internet, what does my service provider do? He connects me to the cloud and says - go anywhere. I can connect to www.cisco.com or www.ibm.com , I can connect to anyone I want. And it is much cheaper! Because I direct my traffic bypassing the WAN, I do not need to buy WAN along the entire route.

Can I connect my business through the Internet? Absolutely. I can use send traffic on these routes using a VPN, a virtual private network. So, we are launching our private virtual network over the Internet, what should we do? Provide security! We must encrypt our data along the entire route. Therefore, it is possible that the requirements for this router should include encryption at the hardware level. When we talked about SDN (software-defined networking), we talked about the fact that if traffic goes through our device, then in the case of SDN we need to have a fairly powerful processor for encrypting it on the server side, that's where the hardware chip plays a role. This is probably the biggest minus of the SDN, since it is inefficient to do this on the server side.

But this is VPN, VPN can be of two types. It can be from point to point, or provide remote access. If Eddie starts his VPN client at this computer, then he connects via the Internet to this router and can enter our network, also bypassing the WAN provider. This is called a remote access VPN. How many of you have a CVO (Cisco Virtual Office)? Connecting to CVO is provided using a router that can encrypt your traffic using SSL, it connects to our private network over the Internet via a separate tunnel, and your router will encrypt everything that passes through it. This is the difference between a remote access VPN and an SSL VPN. So, we have a point-to-point or site to site VPN and remote VPN access. Point-to-point access can be arranged from home,

The advantage of such a solution is, first of all, its cheapness, maybe you can even get more traffic. But what do we lose when using a VPN? Unlimited access, we get limited access. What is QoS? Can we guarantee it in this case?

Suppose I sit at home with my laptop and use the cable Internet from Time Warner Calbe, and my VPN stops working, our site cisco.com does not open, there is no access. I call the provider and I hope that a person will answer me, if it is possible of course. I am lucky and I tell him that I think that my Internet is “down”. He replies: “Really? I don’t see any technical problems in your area. ” “But I can't connect to Cisco.” - “Listen, do me a favor, please open your browser, can you enter google.com”? “Yes, loading.” What will he say to me? That's right: “Have a nice day, thanks for your call, the problem is not mine, it looks like Cisco has it!” What do I have in this case? Technical support, but lost the quality of service.



If I buy traffic from a provider, I buy guaranteed bandwidth through the WAN between two points, 1 Mbps or 2, and this will be guaranteed. Can I guarantee anything when using a VPN with remote access? No I can not. What will I get in this case instead of help? That's right, at best: "Thanks for the call!" And that will be all, but even this is not guaranteed.

The same CVO routers place voice traffic in front of any others, but until it reaches the final destination, this will not be guaranteed. That is, we cannot provide QoS here, we are only trying to save on traffic. This will work, most of the time, but there will be a time when speed over the Internet will decrease. There were documented cases where the Internet speed decreased, and in some cases the network “froze”. Have you heard that a few months ago the Internet on the east coast of the United States turned out to be “frozen” for 13 seconds? Imagine what a frozen video looks like! It "froze", the Internet connection is dead. Within 13 seconds, the Internet was dead. What will happen to your video, which you will transmit over the network? It will be interrupted. The connection will disappear. Service interruption guaranteed. So you see

We can contact your provider and buy a service called MPLS (Multiprotocol Label Switching) - multi-protocol label switching, a mechanism in a high-performance telecommunications network that transfers data from one network node to another using labels. This service gives you a lot and Cisco loves it very much, because it was our company that created it for network service providers in the mid-90s, theoretically. We are the “fathers” of MPLS.

MPLS provides you with a channel between points, in this case it connects our headquarters with a branch where you can choose the speed. There are three types of traffic that travels over this network.

The first view is data. Suppose I have 2 Mbps, of which 1 Mbps I want to allocate a significant part for data transfer. If the rest of the channel is free, give me the full bandwidth for the data. So, when I transmit data on this “pipe”, the provider marks them with a special label, which guarantees me the selected speed and throughput. And he will charge me for it.



What else can I transfer over this network? Right, voice. What happens when I make a phone call from headquarters to the branch? It takes up little traffic and does not need a lot of bandwidth, but it needs a lot of speed, the call should be really fast. All I need is 256 Kbps. I turn to the provider and say that I need to transmit the voice at this speed. And he guarantees that it will be exactly as I need, marking my voice with another mark. But he says that since this is a different type of traffic and we want to receive it quickly, he needs to make certain “drastic changes” for this to ensure “instantaneous”. As a result, these 256 Kbps can cost more than 1 Mbps. But now, his network will know that it is a voice, and will pass it first and fast,

Probably the next one should be a video. How can I skip video on this network? Let me remind you that we still have 768 Mbit / s. For video I need a lot of speed, because using it helps me do great things. This is part of my business process, so the video should work!

What properties does a video have? The same as the voice, but it requires a lot of bandwidth. This will require me to pay even more, but I will optimally distribute my network costs. In this way, I push QoS from my networks to this network. Therefore, MPLS is the most useful thing for us.



I previously worked in South Carolina and was selling voice. And when we did this with the help of ancient technologies, the term “suck” was born, we used Frame Relay and it was terrible for us.

There was a question regarding the transmission standard T1 - a digital channel using telephone lines that allows you to guarantee speed. But why does the provider not want to provide you with this standard? It also works like a Talbot store selling clothes to my wife. Sells you everything in parts. For if he offers to buy me this entire channel, which we considered, for voice, video and data, for $ 725 together, then I will most likely say: “To hell with this MPLS. Just give me T1 at a speed of 1.5 Mbps. " But he will not want to do this, he will refuse.

What is the work of a network service provider? How does he make money? You are probably smarter than me, because you guessed it. It does not sell bandwidth, but network access. I will give an example to bring you closer to understanding the essence. Recall the very first way you connected to the Internet. This is dial-up. You went to the provider, paid him the money, and he provided you with a phone number for $ 19 per month, where you dialed using a modem. But do you really think that this was your personal modem, and it served only you? No, the provider sold it at least 20 times! He sold this bandwidth again, and again, and again. This was his job. Why does he not like to provide a dedicated T1 channel? Because he will not be able to resell it! He provides it only to you and no one else and had to reserve this channel for you,

And MPLS differs from T1 in that oversell is permissible. It’s like in Vegas, the correct odds are applied that guarantee the success of the casino. You use the guaranteed full flow, others use it, anyone can use it, and at the same time, it is guaranteed to receive it! And what am I doing? I sell this to you with an oversell ratio of 1 to 1.5, or even 2-2.5. And you are still able to get a guaranteed channel and continue to pay a premium price.

And the greatness of MPLS is that it is worldwide. Take people from Perth, the west coast of Australia, it's on the opposite end from Sydney, business people are there, other business people live in Melbourne. So, if I want to connect to a valley in North Carolina, I will definitely contact AT&T or any other provider and say that we need the MPLS channel in Perth because I want to open a new office there. And he provides us with MPLS. Can we use frame relay instead of MPLS? Not. Do not even try, you will get nothing but a headache. I tried to do this many times, tried to transfer all the necessary technologies there, but nothing came of it.

Tell me what is SIP? That's right, this is a session establishment protocol. Where did he come from, why did it come from? SIP helped move from the traditional T1 RPI (Primary Rate Interface) line we used for voice to VOIP technology. And I could go to the same service provider and ask to sell me more band to forward SIP as well. But this did not reduce the price of his services. However, you could certainly send this signal on the same line.

How is the guarantee of bandwidth in a non-guaranteed network that is resold several times? Everything is very simple, users do not press keys on their keyboard at the same time. Therefore, the chance that you will not receive your channel is close to 0. Nevertheless, T1 meant that I would definitely take 1.5 Mbit / s from others. T1 is actually the transmission of the first level, in Europe they use its equivalent E1, it is almost the same. We use 24 channels of 64 Kbit / s, which in total gives 1.5 Mbit / s. We can talk about this in a little more detail when we talk about telephony, but in fact these 1.5 Mbps bandwidth were used to support 24 phone calls, what we did was essentially remove the separation between them. So think about it again

MPLS is a great thing for us, people! She is really good! It is used by all providers and all users. The main reason why I go so deep into the details is that I know 3 partners, 3 people who came to Cisco, and two of them created these technologies right before my eyes. Service providers call it MPLS, but the provider also calls it differently - VPN. We have already said what VPN provides - security, direct data transfer, encryption, we believe that this is exactly what a VPN is. Why does the provider call her that? Because providing us with these services, he creates a virtual network for himself.

But will it be safe when we say only a part of this network will be used by a client who needs to transfer medical documents? One of our partners. Not. Is there any difference between my traffic and yours on this network? What is the difference? Just in one label defining the name of the client. MPLS provides you with 7 such labels depending on the characteristics of the user.

The first label is a user label; there is no encryption in it. If I’m on the same network, I can view your data if I wish. Also, how can I hear your phone call when you are nearby.

So, I had a client. He had a lot of confidential information, and he asked our partner if they would give him an MPLS VPN, would this protect his data transfer? And they answered him: "Yes sir, of course." Here is what the partner literally told him. "Yes sir, of course." My work was almost down the drain. And I decided nevertheless to be curious: “Can I ask a question? I'm just curious. You said you encrypt his traffic over the network, sir? ” “It's MPLS VPN, a virtual private network, we encrypt all traffic, sir.” And I said, “Are you really doing this?” And I knew not! I said: “Is this an additional service that you provide for these people?” “It's built into the system, sir, it's a VPN.” In my mind, I said: "How soon you take your little asses away from here, just as soon you will not get this deal." Since I had something to do with it, they annoyed me, because they did not listen to me and did not understand the technology that they used. So they are gone. The next person came in about half an hour later, we had a little discussion, I did it on the board, showed the client what I was talking about and he said: “Oh God, these people will not work with me.” The next client came in: “Can you explain MPLS to me as a client?” “Well, that’s ... Wait, you can explain to me, they have their own engineers who go into all these details, let's ask them.” So, my information will be protected, I asked a question? “Yes sir, of course.” I almost completely fell out of the chair. these people will not work with me. ” The next client came in: “Can you explain MPLS to me as a client?” “Well, that’s ... Wait, you can explain to me, they have their own engineers who go into all these details, let's ask them.” So, my information will be protected, I asked a question? “Yes sir, of course.” I almost completely fell out of the chair. these people will not work with me. ” The next client came in: “Can you explain MPLS to me as a client?” “Well, that’s ... Wait, you can explain to me, they have their own engineers who go into all these details, let's ask them.” So, my information will be protected, I asked a question? “Yes sir, of course.” I almost completely fell out of the chair.

The third person understood this: “No sir, we cannot do this, but we can do this for an additional fee, I will do it and we can make it compatible with service providers.” It is possible that the traffic of these service providers can be encrypted. If you want, it will be cheaper for you to do it yourself. This is good, that makes a big difference. And from that day, every time I touch on the topic of WAN and all this, I talk about it. Because we know about it.



For me personally, MPLS is a wonderful thing because I worked in IP-telephony and I went through several battles when it was not, and I love it because I can push my QoS along the route here. I know how much traffic I received, I can “push” it here and here, but this is not encryption. We can encrypt this, but on the side of our router or you can get this service from your service provider, but this is not MPLS inherent, it is a virtual private network.

I have a friend with a CCIE certificate and in all these large networks he always does MPLS. His name is Stefan and he is a Swede and he cannot pronounce MPLS, he says - “MPLSVPN”, that’s one word. He says it's funny since he is a Swede, but he says “MPLSVPN”. In the understanding of people, VPN is secure. But really not! And with our clients, financial institutions, health protection institutions, we will be better confident that we talked about this. Because we come to them to talk about how our equipment transmits video and voice and they say "Oh my God, that's great!" But we better focus on security. Because, I will tell you, starting now and in the next 5 years, there will be more security holes that will more and more lead to the need to protect all this,

Question. Why does Cisco have its own routing protocol? Because it ties customers to our routers. Just a joke, a joke :) Because the standard open protocol was good, but it consumed a lot of processor power and all that, and it all took time to process. Again, these were standards and we could work with them, but we decided to do something better and we did it, we implanted them into our software, and it began to work better. But we will not let this become a standard, we do not want this. This is our intellectual property and we came with it. It is just like CocaCola does not give everyone its formula. We got ours. We developed EIGRP, which is magical now. And a lot of customers say that: “I’m unlikely to use OSPF, since we have a router from Cisco,



Continuation:

FastTrack Training. "Network Basics." “Building Routers, Cisco Routing Platforms.” Eddie Martin December, 2012

Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending it to your friends, a 30% discount for Habr users on a unique analogue of entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).

Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA!Read about How to Build Infrastructure Bldg. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?

Also popular now: