WEBVTT 1 00:00:00.120 --> 00:00:03.720 Imagine stepping behind the curtain of the digital world, not 2 00:00:03.839 --> 00:00:07.960 just you know, seeing the data flowing, but truly understanding 3 00:00:07.960 --> 00:00:12.199 the blueprints how networks are actually built, why they're designed 4 00:00:12.199 --> 00:00:16.600 that way, and how they connect well everything. Right today, 5 00:00:16.800 --> 00:00:20.199 we're doing just that, a deep dive into the let's say, 6 00:00:20.359 --> 00:00:22.839 art and science of enterprise network design. 7 00:00:22.600 --> 00:00:24.920 And we're using a pretty serious guide for this journey. 8 00:00:24.920 --> 00:00:30.280 It's an official certification resource, basically the playbook network architects use. 9 00:00:30.399 --> 00:00:33.039 Yeah, packed up the fundamentals, but also the really cutting 10 00:00:33.119 --> 00:00:36.000 edge stuff that makes today's networks teck exactly. 11 00:00:36.320 --> 00:00:38.000 So our mission here is to pull out the most 12 00:00:38.159 --> 00:00:41.039 vital bits of knowledge from all this material. We want 13 00:00:41.079 --> 00:00:45.520 you to walk away not just informed, but really getting 14 00:00:45.560 --> 00:00:48.159 what it takes to build a network that's stable, secure, 15 00:00:48.359 --> 00:00:50.439 and crucially scalable. 16 00:00:50.119 --> 00:00:54.000 Connecting the dots basically theory to practice. That's the plan. Okay, 17 00:00:54.280 --> 00:00:57.920 let's dive in, starting right at the foundation ip addressing. 18 00:00:58.280 --> 00:01:01.759 It's kind of a story of well scarcity leading eventually 19 00:01:01.799 --> 00:01:03.039 to abundance, it really is. 20 00:01:03.119 --> 00:01:06.439 It all kicked off with IPv four way back in nineteen. 21 00:01:06.159 --> 00:01:08.480 Eighty one ancient history and tech terms. 22 00:01:08.400 --> 00:01:11.239 Pretty much, but by the mid nineties people were already 23 00:01:11.280 --> 00:01:15.120 talking about apparent exhaustion running out of addresses. It seemed 24 00:01:15.200 --> 00:01:16.920 like a potential crisis. 25 00:01:16.439 --> 00:01:18.480 A major roadblock for the Internet's growth. 26 00:01:18.200 --> 00:01:22.719 Surely, absolutely, and that pressure it sparked some incredible ingenuity 27 00:01:23.280 --> 00:01:25.719 to cope with this dwindling supply. We got things like 28 00:01:25.840 --> 00:01:28.519 CIDR classless inner domain routing. 29 00:01:28.400 --> 00:01:30.079 Which made address allocation more. 30 00:01:30.000 --> 00:01:35.280 Flexible, right exactly, and NAT network address translation, letting many 31 00:01:35.280 --> 00:01:38.879 devices hide behind one public IP and of course RFC 32 00:01:39.000 --> 00:01:40.959 nineteen eighteen private address space. 33 00:01:41.159 --> 00:01:45.200 These weren't just technical tricks, they were fundamental design strategies totally. 34 00:01:45.319 --> 00:01:48.000 They had to be think about. ITA gave out the 35 00:01:48.079 --> 00:01:51.480 last main IPv four blocks in twenty eleven, am in 36 00:01:51.480 --> 00:01:54.840 in twenty fifteen, so even now, being smart about how 37 00:01:54.879 --> 00:01:58.640 you allocate those remaining IPv four addresses is still a 38 00:01:58.680 --> 00:02:01.200 critical design task thinking about that scarcity. 39 00:02:01.319 --> 00:02:04.480 Yeah, it was a really clever, maybe less obvious design 40 00:02:04.519 --> 00:02:06.760 workaround that came out of it, beyond just you know, 41 00:02:06.799 --> 00:02:08.280 the basic NAT definition. 42 00:02:08.400 --> 00:02:10.960 That's a good point. NAT often gets criticized right for 43 00:02:11.120 --> 00:02:12.400 breaking end to end stuff. 44 00:02:12.479 --> 00:02:14.879 Yeah, network peerists aren't always fans, but. 45 00:02:15.039 --> 00:02:17.919 Its ability to let companies merge even if they happened 46 00:02:17.919 --> 00:02:21.639 to be using the same private IP ranges internally. That 47 00:02:21.800 --> 00:02:26.319 was a lifesaver. Ah the overlapping networks problem precisely imagine 48 00:02:26.360 --> 00:02:30.039 trying to readdress thousands, maybe tens of thousands of devices 49 00:02:30.120 --> 00:02:35.520 during a merger, hugely expensive, risky nightmare. NAT provided a practical, 50 00:02:35.599 --> 00:02:39.759 if not perfectly elegant workaround. It kept businesses running and 51 00:02:39.840 --> 00:02:44.120 related to that efficiency, understanding subnetting and VLSU variable length 52 00:02:44.159 --> 00:02:47.719 subnet masking is just essential for designers. 53 00:02:47.120 --> 00:02:48.439 Not just chopping up networks. 54 00:02:48.520 --> 00:02:52.560 No, it's about precision. Assigning just enough addresses, like using 55 00:02:52.599 --> 00:02:56.199 a tiny thirty mask only two usable IPS for a 56 00:02:56.280 --> 00:02:59.120 point to point link between routers, minimal. 57 00:02:58.800 --> 00:03:01.120 Waste, or thirty two for a address. 58 00:03:00.879 --> 00:03:03.879 Exactly gives the router a stable identity that's always up, 59 00:03:04.000 --> 00:03:06.719 perfect for management using just one address. It's all about 60 00:03:06.759 --> 00:03:09.479 efficiency and enabling good route summarization later. 61 00:03:09.599 --> 00:03:13.240 Okay, addresses assigned, But for any of this to actually work, 62 00:03:13.599 --> 00:03:16.719 we need ways to translate names people use into these numbers, 63 00:03:17.000 --> 00:03:19.599 and for devices on the same network to find each 64 00:03:19.599 --> 00:03:20.759 other's hardware addresses. 65 00:03:21.120 --> 00:03:25.039 Absolutely essential. Plumbing DNS, the Domain Name system does the 66 00:03:25.080 --> 00:03:29.080 heavy lifting translating website names into IP addresses so routers 67 00:03:29.120 --> 00:03:30.080 know where to send stuff. 68 00:03:30.199 --> 00:03:32.400 The Internet's phone book basically. 69 00:03:32.000 --> 00:03:35.879 Kind of yeah, and then locally on the same network segment, 70 00:03:35.919 --> 00:03:39.919 you've got ARP Address resolution protocol that's mapping the known 71 00:03:39.960 --> 00:03:42.599 IP address to the physical MIS address needed for the 72 00:03:42.639 --> 00:03:43.479 final delivery. 73 00:03:43.560 --> 00:03:45.919 They seeing basic, but if they fail. 74 00:03:45.840 --> 00:03:49.240 Everything grinds to a halt. Their robust design is fundamental. 75 00:03:49.319 --> 00:03:52.159 Okay. So if IPv four was this story of scarcity, 76 00:03:52.599 --> 00:03:55.840 then IPv six that's about abundance, right, A huge lead 77 00:03:55.840 --> 00:03:57.960 from thirty two bids to one hundred and twenty eight bits. 78 00:03:58.199 --> 00:04:00.199 How does that change the design thinking. 79 00:04:00.240 --> 00:04:03.240 Oh, it's night and day. That vast address space, I mean, 80 00:04:03.240 --> 00:04:06.280 it's almost unfathomably large. Let's designers ditch many of the 81 00:04:06.319 --> 00:04:09.319 complex workarounds that IPv four scarcity forced on us. Like 82 00:04:09.439 --> 00:04:13.560 Matt potentially, yes, but beyond just more addresses, IPv six 83 00:04:13.639 --> 00:04:16.399 was designed with improvements. It has a simpler header, which 84 00:04:16.439 --> 00:04:20.199 routers can process faster less overhead. Right, security is built in. 85 00:04:20.480 --> 00:04:24.000 iPSC is an optional, it's a requirement, and path MTU 86 00:04:24.079 --> 00:04:27.120 discovery is standard, which eliminates the need for routers to 87 00:04:27.160 --> 00:04:30.639 fragment packets. That's a big deal for efficiency and reliability. 88 00:04:30.759 --> 00:04:34.240 So a cleaner, potentially faster, more secure foundation. 89 00:04:34.680 --> 00:04:38.079 That's the idea, and think about land design. The recommendation 90 00:04:38.240 --> 00:04:40.399 is to use a sixty four subnet for pretty much 91 00:04:40.399 --> 00:04:41.199 every land segment. 92 00:04:41.439 --> 00:04:45.279 Sixty four. That's billions upon billions of addresses for one 93 00:04:45.399 --> 00:04:46.480 network segment. 94 00:04:46.319 --> 00:04:49.199 Exactly more than you could ever possibly use. But it 95 00:04:49.279 --> 00:04:53.519 massively simplifies adjusts planning, and it enables things like SLA 96 00:04:53.639 --> 00:04:57.560 stateless Address autoconfiguration where devices can essentially give themselves a 97 00:04:57.600 --> 00:04:59.720 unique address without needing a DHCP server. 98 00:05:00.079 --> 00:05:03.439 That's a huge shift from meticulously planning every single IPv 99 00:05:03.519 --> 00:05:06.800 four subnet. And you mentioned a really key design practice 100 00:05:06.800 --> 00:05:09.639 for getting IPv six addresses to avoid future pain. 101 00:05:09.879 --> 00:05:12.759 Yes, this is crucial for long term stability, to avoid 102 00:05:12.839 --> 00:05:16.160 the massive renumbering projects that plagued IPv four networks when 103 00:05:16.160 --> 00:05:19.079 you changed ISPs. The strong recommendation is to get your 104 00:05:19.079 --> 00:05:22.759 IPv six address blocks directly from a regional Internet registry 105 00:05:22.800 --> 00:05:24.120 and RIR. 106 00:05:24.000 --> 00:05:28.120 Like Elion in North America or apn EK in Asia Pacific. 107 00:05:28.000 --> 00:05:31.000 Exactly, rather than just getting a block from your service provider. 108 00:05:31.199 --> 00:05:35.319 This makes your address based portable independent. It's a foundational 109 00:05:35.319 --> 00:05:37.040 decision for future proofing in. 110 00:05:37.000 --> 00:05:40.959 This structure from INA down to RIRs than ISPs. Then 111 00:05:41.040 --> 00:05:45.439 companies that helps keep the global Internet routing table manageable. 112 00:05:45.800 --> 00:05:49.120 It does. It allows for massive route summarization at the 113 00:05:49.199 --> 00:05:53.000 higher levels, even with the colossal number of potential networks. 114 00:05:53.319 --> 00:05:56.079 Okay, so we've got this amazing IPv six world, but 115 00:05:56.399 --> 00:05:59.240 let's face it, IPv four isn't going away overnight. How 116 00:05:59.319 --> 00:06:01.959 do network our caitects designed for this transition? How do 117 00:06:02.040 --> 00:06:03.839 they bridge that gap? Good question. 118 00:06:04.240 --> 00:06:07.160 The preferred method, the gold standard, really is dual stack, 119 00:06:07.480 --> 00:06:11.000 running both IPv four and IPv six protocols simultaneously on 120 00:06:11.079 --> 00:06:14.759 all your devices and network segments. Everything speaks both languages. 121 00:06:14.360 --> 00:06:17.199 So new stuff uses IPv six. Old stuff still works 122 00:06:17.199 --> 00:06:18.560 on IPv four pretty much. 123 00:06:18.879 --> 00:06:22.319 But sometimes a full dual stack rollout isn't immediately feasible, 124 00:06:22.360 --> 00:06:24.720 so designers have other tools, transitional tools. 125 00:06:24.759 --> 00:06:27.600 Tunneling is one option, like six to four or isotap. 126 00:06:27.399 --> 00:06:31.240 Right encapsulating IPv six packets inside ipp four packets to 127 00:06:31.279 --> 00:06:34.240 cross parts of the network that only understand IPv four. 128 00:06:34.519 --> 00:06:36.519 And then there are translation mechanisms. 129 00:06:36.160 --> 00:06:38.720 INDs sixty four and DNS sixty four exactly. 130 00:06:39.120 --> 00:06:42.639 They allow IPv six only clients to talk to IPv 131 00:06:42.720 --> 00:06:46.319 four only servers by translating addresses and protocols at the boundary. 132 00:06:46.800 --> 00:06:50.319 These are definitely migration tools, not usually the desired end state, 133 00:06:50.439 --> 00:06:52.480 but vital for the transition period. 134 00:06:52.720 --> 00:06:57.240 Okay, so addressing is clearly the beddrog. But once devices 135 00:06:57.279 --> 00:07:00.000 have addresses, how does the traffic figure out the best 136 00:07:00.120 --> 00:07:02.480 way to get from A to B? Especially in a big, 137 00:07:02.560 --> 00:07:04.079 complex enterprise network. 138 00:07:04.120 --> 00:07:07.399 Oh now we're talking about the network's GPS routing protocols 139 00:07:07.480 --> 00:07:09.040 guiding that traffic efficiently. 140 00:07:09.240 --> 00:07:11.120 And the first big design choice here seems to be 141 00:07:11.120 --> 00:07:14.839 this fundamental split distance vector versus link state protocols. What's 142 00:07:14.879 --> 00:07:15.639 the core difference. 143 00:07:15.680 --> 00:07:18.720 It's a huge difference, and it impacts scalability. How fast 144 00:07:18.720 --> 00:07:21.279 the network recovers from chain is convergent speed and just 145 00:07:21.360 --> 00:07:25.639 general complexity. Distance vector protocols like the classic RIP. 146 00:07:25.600 --> 00:07:28.120 Routing information protocol showing its age a bit. 147 00:07:28.000 --> 00:07:33.240 Now, Definitely they're simpler. Conceptually, Routers basically learn from their 148 00:07:33.279 --> 00:07:37.920 immediate neighbors, sharing their entire routing table periodically, routing by 149 00:07:38.000 --> 00:07:39.360 rumor some call it, which. 150 00:07:39.240 --> 00:07:42.120 Sounds like it could be slow. If something changes far away. 151 00:07:42.000 --> 00:07:44.839 It can be, and it can lead to more overhead 152 00:07:45.000 --> 00:07:49.079 sending those full tables around. Link state protocols like OSPF 153 00:07:49.079 --> 00:07:53.040 for ISIS work very differently. Also, each router builds a 154 00:07:53.079 --> 00:07:56.519 complete map, a topology of the entire network area it's in. 155 00:07:57.120 --> 00:08:00.439 They achieve this by flooding information about their own direct 156 00:08:00.439 --> 00:08:01.399 connections their. 157 00:08:01.199 --> 00:08:03.519 Link states, so everyone gets the same map. 158 00:08:03.480 --> 00:08:06.399 Within an area. Yes, and with that map, each router 159 00:08:06.639 --> 00:08:10.480 independently calculates the shortest path to every destination using an 160 00:08:10.480 --> 00:08:12.279 algorithm like diykstras. 161 00:08:11.920 --> 00:08:16.319 Which means faster convergence. Right yeah, if LINKO down, everyone recalculates. 162 00:08:15.759 --> 00:08:18.759 Quickly, much faster typically, and they only send updates when 163 00:08:18.839 --> 00:08:22.199 something actually changes, not the whole table periodically, so less 164 00:08:22.279 --> 00:08:25.279 routine overhead. The trade off is they generally need more 165 00:08:25.319 --> 00:08:27.959 memory and CPU power on the router and can be 166 00:08:28.000 --> 00:08:29.920 more complex to configure initially. 167 00:08:30.040 --> 00:08:32.600 And then there are hybrids like eig. 168 00:08:32.440 --> 00:08:36.799 RP right Enhanced Interior Gateway Routing Protocol. Cisco developed it 169 00:08:36.840 --> 00:08:39.159 to try and get the best of both worlds. Faster 170 00:08:39.279 --> 00:08:43.559 convergence than RIP, but maybe less complex than OSPF. In 171 00:08:43.600 --> 00:08:46.600 some ways, it uses aspects of both approaches. 172 00:08:46.799 --> 00:08:50.000 Okay, so you might have multiple protocols running, maybe some 173 00:08:50.080 --> 00:08:53.919 static routes someone configured manually. How does a router decide 174 00:08:53.919 --> 00:08:56.360 which route to actually believe or trust the most. 175 00:08:56.559 --> 00:09:00.320 That's where administrative distance or AD comes in. It's a 176 00:09:00.320 --> 00:09:03.159 critical concept for designers to master. Think of it as 177 00:09:03.159 --> 00:09:06.679 a trustworthiness score. Lower AD wins, So a. 178 00:09:06.679 --> 00:09:10.799 Route learned via EIGRP with its default eight of ninety. 179 00:09:10.639 --> 00:09:13.879 Is considered more trustworthy than an OSPF route default one 180 00:09:14.000 --> 00:09:15.879 ten or a RIP route. 181 00:09:15.639 --> 00:09:17.360 At one twenty than static routes. 182 00:09:17.240 --> 00:09:20.720 Default eighty of one, usually the most trusted because presumably 183 00:09:20.759 --> 00:09:23.759 the administrator put it there for a specific reason. Understanding 184 00:09:23.799 --> 00:09:26.960 AD is absolutely key to predicting and controlling how traffic 185 00:09:27.000 --> 00:09:29.919 actually flows, especially when you start mixing routing sources like 186 00:09:30.000 --> 00:09:33.000 redistributing routes between OSPF and EIGRP. 187 00:09:33.240 --> 00:09:36.559 Got it trustworthiness first, but then among routes from the 188 00:09:36.600 --> 00:09:39.440 same protocol, how does it pick the best path. It's 189 00:09:39.480 --> 00:09:41.799 got to be more than just counting routers like RIP does. 190 00:09:42.039 --> 00:09:46.120 Oh Absolutely, hopcount is a very crude metric. Modern protocols 191 00:09:46.120 --> 00:09:50.399 are much more sophisticated. OSPF uses cost, which by default 192 00:09:50.480 --> 00:09:53.240 is calculated based on the bandwidth of the link. Faster 193 00:09:53.320 --> 00:09:55.080 links get a lower cost, making them more. 194 00:09:54.960 --> 00:09:58.480 Profitable, so ten giglink beats a one giglink exactly. 195 00:09:58.919 --> 00:10:02.200 EIGRP is e and more complex. Its metric can factor 196 00:10:02.240 --> 00:10:06.720 in bandwidth, delay, interface load, and even reliability. This allows 197 00:10:06.759 --> 00:10:09.600 designers to really fine tune path selection based on what 198 00:10:09.679 --> 00:10:12.960 matters most for the application. Maybe lowest delay for voice, 199 00:10:13.039 --> 00:10:14.360 highest bandwidth for file. 200 00:10:14.200 --> 00:10:18.000 Transfers, and the big nightmare for routing loops, right traffic 201 00:10:18.039 --> 00:10:21.000 going round and round forever. How do designers prevent. 202 00:10:20.799 --> 00:10:24.080 That routing loops are definitely catastrophic? They can melt down 203 00:10:24.120 --> 00:10:28.039 a network segment. Fast protocols have built in loop prevention mechanisms, 204 00:10:28.120 --> 00:10:29.799 things like split horizon. 205 00:10:29.480 --> 00:10:32.000 Don't advertise a route back out the same way you learned. 206 00:10:31.759 --> 00:10:34.879 It precisely simple but effective. Poison reverse is a more 207 00:10:34.919 --> 00:10:38.519 aggressive version. Then there are mechanisms like maximum hopcounts RAP 208 00:10:38.639 --> 00:10:41.720 gives up after fifteen hops EGRP typically defaults to one 209 00:10:41.799 --> 00:10:45.480 hundred and fundamentally good route summarization is also a loop 210 00:10:45.519 --> 00:10:50.080 mitigation technique. How does summarization help with loops by hiding 211 00:10:50.159 --> 00:10:54.360 detailed topology information. If a specific link flaps up and 212 00:10:54.399 --> 00:10:57.159 down within a summarized block, the rest of the network 213 00:10:57.200 --> 00:11:01.080 doesn't necessarily need to know or react, using instability and 214 00:11:01.120 --> 00:11:05.320 preventing potential transient loops during convergence. It shrinks routing tables 215 00:11:05.320 --> 00:11:08.559 and limits the scope of changes, crucial for scalability. 216 00:11:08.759 --> 00:11:11.200 Makes sense, Let's dive into some of these protocols a 217 00:11:11.279 --> 00:11:15.320 bit more. EIGRP, what's a key design advantage it offers. 218 00:11:15.080 --> 00:11:19.519 Well beyond its fast convergence using the DAL algorithm. A 219 00:11:19.639 --> 00:11:22.799 really powerful and somewhat unique feature for designers is its 220 00:11:22.799 --> 00:11:27.000 ability to do unequal cost load sharing, Meaning most protocols, 221 00:11:27.039 --> 00:11:29.480 if they load balance, only do it across paths that 222 00:11:29.519 --> 00:11:33.879 have the exact same metric the same cost. EIGRP using 223 00:11:33.919 --> 00:11:36.919 the variance command, can be configured to send traffic across 224 00:11:37.000 --> 00:11:40.039 multiple paths, even if one path is say slightly slower 225 00:11:40.159 --> 00:11:42.399 or has a higher metric than the best path. 226 00:11:42.279 --> 00:11:44.320 So you can use links that might otherwise sit idle. 227 00:11:44.440 --> 00:11:48.120 Exactly, you can get better overall bandwidth utilization out of 228 00:11:48.159 --> 00:11:52.879 your network infrastructure. That's a significant practical advantage in many designs. 229 00:11:53.200 --> 00:11:57.399 Okay, what about IASSI Intermediate system to intermediate system sounds 230 00:11:57.399 --> 00:12:01.200 a bit old school OSI, but service love it. Why. 231 00:12:01.600 --> 00:12:05.320 It is based on OSI principles running directly over layer two, 232 00:12:05.360 --> 00:12:09.159 but It's incredibly robust and scalable for enterprise designers who 233 00:12:09.279 --> 00:12:12.720 might encounter it or consider it. Its inherent hierarchical nature 234 00:12:12.759 --> 00:12:15.720 is a plus for very large networks, but maybe more 235 00:12:15.759 --> 00:12:18.720 relevant today is its early adoption and strong support for 236 00:12:18.759 --> 00:12:22.440 things like wide metrics. Wide metrics using a larger field 237 00:12:22.480 --> 00:12:25.679 like twenty four bits for the metric calculation. This gives 238 00:12:25.720 --> 00:12:29.879 extremely fine grained control over path selection compared to say 239 00:12:30.320 --> 00:12:34.720 OSPF's default cost calculation. It's ideal for sophisticated traffic engineering 240 00:12:34.720 --> 00:12:37.399 where you need to precisely steer different types of traffic 241 00:12:37.440 --> 00:12:40.639 down specific paths based on very subtle differences. 242 00:12:40.759 --> 00:12:45.039 Interesting and OSPF open shortest path first probably the most 243 00:12:45.080 --> 00:12:48.440 common interior gateway protocol and enterprises key design points. 244 00:12:48.639 --> 00:12:52.399 It's the workhorse for sure. Uses Dykstra's SPF algorithm cost 245 00:12:52.480 --> 00:12:56.159 based on bandwidth. Designers need to understand the neighbor relationship requirements, 246 00:12:56.200 --> 00:13:00.000 things like matching area IDs timers MTU sizes must match 247 00:13:00.080 --> 00:13:01.519 for two routers to become neighbors. 248 00:13:01.840 --> 00:13:06.720 In the concept of areas area zero the backbone stub areas. 249 00:13:06.360 --> 00:13:10.720 Yes OSTF areas are fundamental to its scalability, breaking a 250 00:13:10.840 --> 00:13:13.720 large network into areas limits the scope of the SPF 251 00:13:13.759 --> 00:13:17.159 calculation and the amount of routing information routers need to handle. 252 00:13:17.600 --> 00:13:19.759 For designers, a common insight is that while the different 253 00:13:19.759 --> 00:13:24.480 area types STUB, totally stubby, NSSA offer flexibility, sometimes simpler 254 00:13:24.559 --> 00:13:25.480 is better, like. 255 00:13:25.559 --> 00:13:27.759 Using totally stubby areas for remote sites. 256 00:13:27.879 --> 00:13:30.960 Exactly, a totally stubby area gets only a default route 257 00:13:30.960 --> 00:13:33.919 from its area border router ABR. It hides all the 258 00:13:33.960 --> 00:13:37.600 complexity of the rest of the network. This dramatically simplifies 259 00:13:37.600 --> 00:13:40.440 the riting table on the remote routers, saving resources and 260 00:13:40.519 --> 00:13:44.080 often making troubleshooting easier. And OSPF three just adapts this 261 00:13:44.159 --> 00:13:45.720 whole structure for IPv six. 262 00:13:45.840 --> 00:13:49.960 Right. Finally, the Big one BGP Border Gateway Protocol. This 263 00:13:50.000 --> 00:13:52.200 connects the Internet right. Enterprises use it to talk to 264 00:13:52.200 --> 00:13:52.960 their ISPs. 265 00:13:53.159 --> 00:13:56.679 That's its main role. Yes, BGP is fundamentally different. It's 266 00:13:56.720 --> 00:13:59.720 a path vector protocol. It's less concerned with the shortest 267 00:13:59.720 --> 00:14:02.879 path and more concerned with the best policy compliant path 268 00:14:02.960 --> 00:14:06.519 between different organizations, different autonomous systems or asns. 269 00:14:06.759 --> 00:14:09.559 So it's about business relationships and routing policies as much 270 00:14:09.559 --> 00:14:10.519 as technical metrics. 271 00:14:10.840 --> 00:14:15.399 Very much so. Enterprises mainly deal with EBGP external BTP 272 00:14:15.639 --> 00:14:19.120 for AP peering with ISPs or other companies, and sometimes 273 00:14:19.159 --> 00:14:22.720 IBGP internal BGP to carry those external routes within their 274 00:14:22.759 --> 00:14:24.080 own network, and. 275 00:14:23.960 --> 00:14:26.960 That IBGP I hear it has a scaling challenge the 276 00:14:27.000 --> 00:14:28.639 full mesh requirement. 277 00:14:28.320 --> 00:14:32.320 It does by default, every IBGP router needs to peer 278 00:14:32.440 --> 00:14:35.600 directly with every other IBGP router in the same as 279 00:14:36.080 --> 00:14:39.039 in a large network. That's a lot of connections to manage. 280 00:14:39.440 --> 00:14:42.120 That's where design solutions like root reflectors come in. 281 00:14:42.240 --> 00:14:42.960 How do they help? 282 00:14:43.200 --> 00:14:45.960 A root reflector acts like a central point. Routers peer 283 00:14:45.960 --> 00:14:48.440 with the reflector and the reflector reflects the routes it 284 00:14:48.519 --> 00:14:51.159 learns to its other peers. This breaks the need for 285 00:14:51.200 --> 00:14:55.039 that full mesh, making IBGP much more scalable in large designs. 286 00:14:55.320 --> 00:14:58.279 Confederations are another more complex solution. 287 00:14:58.519 --> 00:15:03.639 And BGP paths selectction. It's complicated with all those attributes 288 00:15:03.679 --> 00:15:07.960 like aspath med local preference, which one do Enterprise designers 289 00:15:07.960 --> 00:15:09.679 often manipulate for practical outcomes. 290 00:15:10.000 --> 00:15:13.159 Local preference is a really common and powerful one. It's 291 00:15:13.200 --> 00:15:16.840 an attribute used inside your own autonomous system. You set 292 00:15:16.879 --> 00:15:19.639 a higher local preference value on the routes coming in 293 00:15:19.720 --> 00:15:22.639 from the ISP connection you prefer to use for outbound traffic. 294 00:15:22.679 --> 00:15:25.240 So you tell your internal routers, hey, use this Internet 295 00:15:25.240 --> 00:15:26.559 link first if it's available. 296 00:15:26.679 --> 00:15:30.519 Exactly. It's a primary tool for influencing your outbound traffic 297 00:15:30.559 --> 00:15:33.720 flow when you have multiple Internet connections. A very important 298 00:15:33.720 --> 00:15:37.519 for traffic engineering and ensuring you use your primary maybe 299 00:15:37.679 --> 00:15:40.639 higher bandwidth or lower cost link effectively. 300 00:15:40.759 --> 00:15:45.919 Okay, routing protocols chosen, paths selected, but architects need more 301 00:15:45.960 --> 00:15:48.960 granular control ye right and faster failure detection. 302 00:15:49.120 --> 00:15:53.799 Absolutely. That gets us into route manipulation redistribution. Taking routes 303 00:15:53.840 --> 00:15:57.960 from one protocol say OSPF and injecting them into another 304 00:15:58.080 --> 00:16:00.879 like BGP is powerful for connecting different parts of a network, 305 00:16:01.240 --> 00:16:04.320 but it's also risky. Also, you can easily create routing 306 00:16:04.320 --> 00:16:08.240 loops or suboptimal paths if you're not careful. So designers 307 00:16:08.320 --> 00:16:10.840 must use right filtering with things like route maps or 308 00:16:10.840 --> 00:16:14.240 distribute lists to control exactly which routes get redistributed and 309 00:16:14.320 --> 00:16:16.279 prevent feedback. It's essential and. 310 00:16:16.360 --> 00:16:20.440 Policy based routing PBR. That sounds like overriding the routing table, 311 00:16:20.559 --> 00:16:21.519 it is essentially. 312 00:16:21.759 --> 00:16:25.039 PBR lets you make routing decisions based on criteria other 313 00:16:25.080 --> 00:16:27.960 than just the destination address, like the source IP address 314 00:16:28.080 --> 00:16:31.120 or even application type, so a designer could say all 315 00:16:31.120 --> 00:16:34.320 traffic from the guests Wi Fi network, regardless of destination, 316 00:16:34.639 --> 00:16:37.919 should be sent out this specific maybe cheaper internet link. 317 00:16:38.240 --> 00:16:41.600 It allows for very granular policy enforcement. 318 00:16:41.360 --> 00:16:45.360 Very handy, and for failures, waiting for routing protocol timers 319 00:16:45.360 --> 00:16:46.080 could be slow. 320 00:16:45.960 --> 00:16:49.279 Way too slow sometimes, especially for real time applications. That's 321 00:16:49.320 --> 00:16:53.080 where BFD BI Directional Forwarding Detection is a game changer. 322 00:16:53.399 --> 00:16:57.039 It's a lightweight protocol designed purely for super fast failure detection, 323 00:16:57.320 --> 00:16:59.440 often in subsecond timeframes. 324 00:16:58.960 --> 00:17:00.480 Works across different links types. 325 00:17:00.320 --> 00:17:02.799 YEP, any media type, and it integrates with most routing 326 00:17:02.840 --> 00:17:08.799 protocols BGP, eigrp ospf isis. When BFD detects a link failure, 327 00:17:08.880 --> 00:17:11.960 it immediately tolls the routing protocol, which can then converge 328 00:17:12.119 --> 00:17:14.680 much much faster than waiting for its own HELLO timers 329 00:17:14.759 --> 00:17:18.359 or hold timers to expire. Critical design element for high availability. 330 00:17:18.559 --> 00:17:22.559 Okay, infrastructure addressed, traffic routed and controlled. But how do 331 00:17:22.599 --> 00:17:26.680 you actually watch all this? Keep tabs on performance health issues? 332 00:17:26.839 --> 00:17:29.200 Right? You need the eyes and ears network management and 333 00:17:29.279 --> 00:17:34.759 monitoring and the cornerstone protocol here is SNMP Simple Network Management. 334 00:17:34.359 --> 00:17:36.680 Protocol still simple after all these years. 335 00:17:36.839 --> 00:17:39.640 Oh well, the name's stuck. It's the industry's standard way 336 00:17:39.680 --> 00:17:42.599 for a network management system and NMS to query devices 337 00:17:42.599 --> 00:17:46.799 for information like CPU load, interface errors, or for devices 338 00:17:46.839 --> 00:17:48.480 to send alerts called traps. 339 00:17:48.759 --> 00:17:51.240 But security was an issue with early versions, wasn't. 340 00:17:51.079 --> 00:17:55.759 It huge issue? SNMPv one and v twoc used community strings, 341 00:17:55.759 --> 00:17:59.640 which were basically just plaintext passwords. Anyone sniffing the network 342 00:17:59.640 --> 00:18:02.559 could right them. That's why the critical design decision today 343 00:18:02.680 --> 00:18:05.240 is to use smmpv three. What is V three ad 344 00:18:05.480 --> 00:18:09.279 robust security? It provides authentication verifying who is asking and 345 00:18:09.400 --> 00:18:12.079 encryption scrambling the data. You can have different levels like 346 00:18:12.119 --> 00:18:16.519 off nopriv authentication no encryption or off PREV both. Deploying 347 00:18:16.640 --> 00:18:20.440 SNMPv three securely is non negotiable for modern network management 348 00:18:20.480 --> 00:18:21.079 plane design. 349 00:18:21.319 --> 00:18:25.319 Okay, so SNMP tells you device status, but what about 350 00:18:25.319 --> 00:18:28.799 the traffic itself? What's actually flowing across the network? 351 00:18:28.920 --> 00:18:32.680 For that level of detail, NetFlow is invaluable or its 352 00:18:32.680 --> 00:18:34.799 standardized version ipfax. 353 00:18:35.119 --> 00:18:35.720 How does it work? 354 00:18:36.039 --> 00:18:39.599 It collects metadata about IP flows. A flow is basically 355 00:18:39.759 --> 00:18:42.720 a sequence of packets going between the same source and 356 00:18:42.759 --> 00:18:47.160 destination ips and ports using the same protocol. NetFlow records 357 00:18:47.160 --> 00:18:50.240 details like how many packets, how many bytes, timestamps to 358 00:18:50.440 --> 00:18:51.559 s markings, so you. 359 00:18:51.480 --> 00:18:53.759 Can see who's talking to whom and how much data 360 00:18:53.799 --> 00:18:54.960 they're sending exactly. 361 00:18:55.200 --> 00:18:58.119 But the surprising insight for designers is how versatile this 362 00:18:58.200 --> 00:19:00.640 data is. Yes, it's great for troubleshoot why is the 363 00:19:00.640 --> 00:19:04.240 network slow, or capacity planning, or even billing. But it's 364 00:19:04.279 --> 00:19:08.359 also incredibly powerful for security spotting, denial of service attacks, 365 00:19:08.440 --> 00:19:11.680 or unusual traffic patterns that might indicate malware, and for 366 00:19:11.720 --> 00:19:13.559 application performance monitoring too. 367 00:19:13.680 --> 00:19:15.799 Though it's more than just counting bytes much more. 368 00:19:15.839 --> 00:19:18.759 It gives deep visibility with relatively low impact on the 369 00:19:18.759 --> 00:19:20.119 network devices themselves. 370 00:19:20.319 --> 00:19:23.200 What about other data to aid tools network teams rely 371 00:19:23.319 --> 00:19:24.119 on well. 372 00:19:24.440 --> 00:19:29.039 CDP Cisco Discovery Protocol is ubiquitous in Cisco environments. Layer 373 00:19:29.079 --> 00:19:33.440 two protocol lets Cisco devices automatically find their neighbors. 374 00:19:32.839 --> 00:19:34.839 Super useful for mapping things out quickly. 375 00:19:35.000 --> 00:19:38.759 Incredibly useful shows you the neighbor's device type, IP address, 376 00:19:38.920 --> 00:19:41.680 the specific port you're connected to. But and this is 377 00:19:41.720 --> 00:19:45.680 a key security design point, you absolutely must disable CDP 378 00:19:45.880 --> 00:19:48.240 on interfaces facing untrusted. 379 00:19:47.759 --> 00:19:49.960 Networks like the Internet connections exactly. 380 00:19:50.079 --> 00:19:52.599 You don't want to be broadcasting details about your internal 381 00:19:52.599 --> 00:19:55.240 devices to the outside world. And then there's cislog for 382 00:19:55.319 --> 00:19:59.799 logging events, right, it's the standard way for devices, routers, switches, firewalls, 383 00:19:59.799 --> 00:20:02.960 s first to send event messages to a central cislog server. 384 00:20:03.599 --> 00:20:07.319 Messages are categorized by a facility like OSPF for system 385 00:20:07.599 --> 00:20:11.839 and severity level from debugging up to emergency for designers, 386 00:20:12.039 --> 00:20:15.759 Ensuring consistent and useful logging is configured across the infrastructure 387 00:20:16.079 --> 00:20:18.160 is crucial for troubleshooting and auditing. 388 00:20:18.319 --> 00:20:21.000 Got it eyes and ears covered. Now let's get into 389 00:20:21.000 --> 00:20:25.680 actually building the structures land one and cloud design. Starting 390 00:20:25.680 --> 00:20:29.160 with a campus land that classic three layer model core distribution, 391 00:20:29.319 --> 00:20:30.839 access is that's still the way to go. 392 00:20:31.119 --> 00:20:35.039 It absolutely still is, maybe with some variations. That hierarchical 393 00:20:35.079 --> 00:20:38.799 model provides a really solid framework for designing scalable, resilient, 394 00:20:38.880 --> 00:20:40.599 and manageable campus networks. 395 00:20:40.680 --> 00:20:42.200 Can you break down the rolls quickly? 396 00:20:42.599 --> 00:20:46.279 Sure? Access layer is where your end users and devices connect, 397 00:20:46.599 --> 00:20:50.720 think switches and wiring closets, provides port security power over 398 00:20:50.799 --> 00:20:55.799 Ethernet for phones and aps. VLAN assignments not sare the edge. Right, 399 00:20:56.039 --> 00:21:00.160 Then the distribution layer aggregates the connections from multiple access switches. 400 00:21:00.480 --> 00:21:03.440 This is a really critical layer. It often handles routing 401 00:21:03.480 --> 00:21:08.880