Building network automation solutions

9 module online course

Start now!

Category: VPN

End of June webinars rescheduled to July

In a bout of stupidity only someone like Dilbert could commit I’ve scheduled two webinars in the week of Cisco Live. Fortunately one of the readers was very quick to point it out and I’ve rescheduled DMVPN: Advanced and Crazy Scenarios and Choose the Optimal VPN Service for July 7th.

On a sunnier front, I’d never got so many registrations in the first 24 hours as I did after announcing the DMVPN webinar. The number of seats might be limited (I need to check our Webex license); it’s probably a good idea to hurry up and register.

add comment

DMVPN: Advanced and crazy scenarios

When developing the Choose the optimal VPN service webinar, I decided to test everything I was talking about in a lab (you wouldn’t believe how much misinformation is spread across the Internet) and ended up with several DMVPN scenarios that most people would consider to be somewhere between peculiar and outrageous.

The best one: DMVPN Phase III network with ODR between spokes and level-1 hubs and OSPF inside a hierarchy of hubs ... of course fully redundant all the way down to the spokes.

The webinar has been rescheduled to July 7th (Cisco Live is taking place from June 27th to July 1st).

The design scenarios were simply too god to be left to rot on my hard drive (some of them were screaming to be documented and talked about), so I organized them into a progressively evolving story described in the DMVPN: Advanced and crazy scenarios webinar.

If you’re a CCNP/CCIE-level engineer interested in DMVPN, I’m positive you’ll enjoy this webinar (click here to register) ... and I’ll try to serve you as many curveballs as I can manage to fit within two hours.

see 17 comments

Followup: Choose the Optimal VPN Service

It took me even longer than usual to process the feedback from the Choose the Optimal VPN Service webinar; all the things happening in May (from having numerous presentations to climbing my hardest route ever) left me mentally and physically exhausted. The webinar was great success and although we’ve covered nine VPN technologies in just over two hours, we’ve managed not to get lost ... and the Q&A session at the end took almost 45 minutes, clearly a good indication that the students were engaged and wanted to understand all the intricate details. Here are two quotes from the participants:

Great session. Enjoyed the compare/contrast approach and feel that this approach gets to the critical issues most quickly.

Bob Dixon

It was good. I can’t wait for the recordings and the configuration examples. I’d like a single session about DMVPN, it has a lot of tricks.

Enrique Villa Crespo

Enrique’s wish is coming true; I’m already planning the “Advanced and Crazy DMVPN designs”.

If you’ve missed this session, register for the next one.

read more see 1 comments

Tunneling VPNs and Zone-Based Firewalls

Arnold sent me an excellent question yesterday; he bought my Deploying Zone-Based Firewalls book, but found no sample configurations using IPSec VPN. I was able to find a few sample configurations on CCO, but none of them included the self zone. The truly interesting bit of the puzzle is the traffic being received or sent by the router (everything else is self-explanatory if you’ve read my book), so those configurations are not of great help.

Realizing that this is a bigger can of worms than I’ve expected, I immediately fixed the slides in my Choose the Optimal VPN Service webinar, which now includes the security models for GRE, VTI and DMVPN-based VPN services (you can still register for the May 12th event).

These last-second changes were included in the downloadable PDF materials that the registered attendees can already get from our Webex site.

read more see 5 comments

MPLS/VPN services and the barrier to change

Whenever you decide to use MPLS/VPN services from a Service Provider, you’re effectively ripping out your network core (including the core routers) and replacing it with the layer-3 SP backbone (the equipment vendors or service providers sometimes fail to mention this fact).

The network core outsourcing usually makes sense from the financial perspective, but also creates a significant lock-in and high switching costs that you should consider in combination with the CapEx/OpEx cost analysis when selecting your VPN service. We’ll discuss the benefits and drawbacks of MPLS/VPN and numerous other VPN technologies in the Choose the Optimum VPN Service webinar (register here).

see 3 comments

The Big Picture and my webinars (with a VPLS example)

Ever since I’ve figured out how to explain complex topics to bright engineers, I wanted to develop content (books, courses, documents) that explained (in this order):

  • The Big Picture and WIIFM (What will the student gain by understanding and deploying something based on what I’m describing).
  • How the technology we’re using actually works (remember: knowledge, not recipes) and finally
  • How to configure, monitor and troubleshoot the actual boxes used to build the solution.

I’m positive you agree this approach makes perfect sense, and every now and then I’ve managed to get it right (for example, in the MPLS VPN books). Unfortunately, you’re often facing an uphill battle, as people want to focus on hands-on topics and hate to learn why things work the way they do instead of memorizing recipes like “Thou shalt not have more than 3 OSPF areas per router”.

read more add comment

Understanding modern VPN services

Numerous MPLS-based VPN services developed in the last few years have resulted in a total confusion. When someone told you he’s using MPLS VPN services a few years ago, he was almost always using the “traditional” MPLS VPN services (described in my MPLS and VPN Architectures book). Today, he could be using (layer-3) MPLS VPN services, pseudowires or VPLS. To help you understand the various options, I’ve created a VPN services taxonomy document in the CT3 wiki. This document will give you an overview of both Service Provider-offered and self-created VPN solutions.

All these VPN solutions are described in more details in the Choose the optimal VPN service webinar (what is a webinar). You can register by following this link.

add comment