Network Enhancers - "Delivering Beyond Boundaries" Headline Animator

Monday, September 26, 2011

Difference Between Optimum, Fast and CEF Switching

This Explaination is more on to the Interrupt Context Switching Mechanism which is being used by Fast Switching, Optimum Switching & CEF Switching. All the three mentioned switching techniques uses the cache. So you can see how the cache is used by the switching methods and becasue of that cache fact it is said that cisco uses interrupt context switching.

Fast Switching
Fast switching stores the forwarding information and MAC header rewrite string using a binary tree for quick lookup and reference. In Fast Switching, the reachability information is indicated by the existence of a node on the binary tree for the destination of the packet. The MAC header and outbound interface for each destination are stored as part of the node's information within the tree. The binary tree can actually have 32 levels. In order to search a binary tree, you simply start from the left (with the most significant digit) in the (binary) number you are looking for, and branch right or left in the tree based on that number. For instance, if you are looking for the information related to the number 4 in this tree, you would begin by branching right, because the first binary digit is 1. You would follow the tree down, comparing the next digit in the (binary) number, until you reach the end.

Optimum Switching
Optimum switching stores the forwarding information and the MAC header rewrite information in a 256 way multiway tree (256 way mtree). Using an mtree reduces the number of steps which must be taken when looking up a prefix. Each octet is used to determine which of the 256 branches to take at each level of the tree, which means there are, at most, 4 lookups involved in finding any destination. For shorter prefix lengths, only one−three lookups may be required. The MAC header rewrite and output interface information are stored as part of the tree node.

CEF (Cisco Express Forwarding) Switching
Cisco Express Forwarding also uses a 256 way data structure to store forwarding and MAC header rewrite information, but it does not use a tree. Cisco Express Forwarding uses a trie, which means the actual information being searched for is not in the data structure; instead, the data is stored in a separate data structure, and the trie simply points to it. In other words, rather than storing the outbound interface and MAC header rewrite within the tree itself, Cisco Express Forwarding stores this information in a separate data structure called the adjacency table.

Tuesday, September 20, 2011

Understanding GPON Architecture and Traffic Flows

This article discusses traffic flows in GPON. As discussed in GPON Fundamentals article, the OLT is the first aggregation point in GPON access network. The OLT terminates the GPON Transmission Convergence (GTC) layer on the user side and forwards Ethernet frames to Ethernet layer on the network side. Figure 1 shows the termination points for ONU/ONT scenario.

The U reference point represents the customer-facing interface of the ONU/ONT. It is possible that the U reference point can be within the ONU/ONT device when ONT and RG devices are combined into a single device.

The R/S reference point represents the OLT facing ONT interface. The S/R reference point represents the Optical Distribution Network (ODN) connecting GPON interface on the OLT. The S/R and R/S interfaces contain all the protocol elements necessary to allow communication between OLT and one or more ONTs over ODN.

The V reference point represents the network-facing interface of the OLT.

Relationship between T-CONT and GEM Ports


T-CONT: A traffic bearing object within an ONU/ONT that represents a group of logical connections, and is treated as a single entity for the purpose of upstream bandwidth assignment on the PON. In the upstream direction, it is used to bear the service traffic. Each T-CONT corresponds to a service traffic of one bandwidth type. Each bandwidth type has its own QoS feature.

ALLOC_ID: Each T-CONT is identified by the ALLOC_ID uniquely. The ALLOC_ID ranges from 0 to 4095. It is allocated by OLT i.e. a T-CONT can only be used by one ONU/ONT per PON interface on the OLT.

GEM Port: A GPON Encapsulation Method (GEM) port is a virtual port for performing GEM encapsulation for transmitting frames between the OLT and the ONU/ONT. Each different traffic-class (TC) per UNI is assigned a different GEM Port. Each T-CONT consists of one or more GEM Ports. Each GEM port bears one kind of service traffic i.e. a T-CONT type.

GEM Port ID: Each GEM Port is identified by a port ID uniquely. The Port ID ranges from 0 to 4095. It is allocated by the OLT i.e a GEM port can only be used by a single ONU/ONT per PON interface on the OLT.

Figure 2 shows the relationship between T-CONT and GEM Ports.

Between the ONT and OLT is the ODN, and Ethernet frames are carried over it through the use of GEM Channels. GPON has GEM channels as part of its GTC layer. The GEM channels carry variable-length Ethernet frames. GEM channels are identified by GEM Port IDs. This identifier is assigned by OLT upon creation of a new channel and is only valid during the entire life-cycle of the channel. Each GPON interface for a given ONT can have several GEM Ports. A GEM Port ID is unique per GPON interface and represents a specific traffic or group of flows between the OLT and the ONT.

There are 2 types of GEM Channels:

  • Downstream-only GEM Channels - These channels are used to transmit downstream broadcast/multicast traffic from OLT to all ONTs. The ONTs identify traffic meant for them based on GEM Port ID.
  • Bi-directional GEM Channels - These channels are used for upstream and downstream traffic between the OLT and the ONT. The frames are transmitted from the OLT into the GPON interface and are forwarded only on the U interface of the ONT on which that GEM Port has been assigned.

GEM Ports are used to differentiate among traffic classes (TCs). A U interface may have several GEM Ports associated with it that support different TCs. Thus, within a GPON interface, each GEM Port carries one or more traffic flows associated with a specific TC.

On U interface, traffic is classified into VLANs with various Ethernet priorities based on: Physical Port, VLAN ID, 802.1p bits, &/or DSCP. Once the traffic has been assigned a VLAN and COS (802.1p) values, these two values are used to select an upstream GEM Port so that QoS can be applied to the flows carried by the GEM Port. A GEM Port always belongs to a single T-CONT. In downstream direction, the ONT forwards the traffic received by GEM Ports to appropriate U interface.

1:1 VLAN

In a 1:1 VLAN architecture, the ONT maps each 1:1 VLAN into a unique U interface. There are 2 variations on tag assignment at V interface in upstream direction - the traffic at V interface could be double-tagged or single-tagged.

  • For double-tagged VLANs at V, the ONT can either assign a C-VLAN ID or translate a C-VLAN ID. The OLT adds the S-VLAN ID. (Subscriber 1 in Figure 3)
  • For double-tagged VLANs at V, the ONT can assign S-C VLAN IDs to incoming traffic, and the OLT passes through the traffic. (Subscriber 2 in Figure 3)
  • For single-tagged VLAN at V, the ONT adds the S-VLAN ID or translates an incoming tag to S-VLAN ID, and the OLT passes through the traffic. (Subscriber 3 in Figure 3)

In the downstream direction, the OLT removes the outer tag or passes through the traffic to proper GEM port based on the tag value and priority bits. The ONT removes the tags and forwards frames from the GEM port to its associated U interface.


For N:1 VLAN model, the ONT always adds the S-VLAN ID or translate an incoming tag to S-VLAN ID for upstream traffic. The OLT will pass-through any upstream traffic with S-VLAN ID on them. In the downstream direction, the OLT will pass-through traffic with S-VLAN ID to ONT by determining GEM Port based on MAC address and priority bits. If the GEM Port cannot be determined, then the frame is flooded using the unidirectional GEM Port associated with the S-VLAN ID. The ONT will remove the tag and forward frames from the GEM Port to appropriate U interface. For N:1 model, traffic is always single-tagged at V interface.

QoS and Traffic Management

As seen from figure 1, the GPON link connects the OLT and ONTs to transport Ethernet services. Please note that GPON can also encapsulate ATM and TDM (E1, E3) services. The GTC Adaptation sublayer maps Ethernet frames into GPON GEM frames. A QoS mechanism is required in GEM to support Ethernet QoS (i.e. 802.1p bits). In order to provide QoS, two mechanisms are employed-

  • Classification of traffic into traffic classes
  • Forwarding the traffic classes into GEM Ports and T-CONTs configured to emulate Ethernet QoS service

Upstream Traffic Management

Figure 5 shows a sample model of upstream traffic management. It shows 4 T-CONTs per PON interface where each T-CONT represents a specific traffic class (TC). The Classifier receives traffic from U interface and maps to queues as per configuration using associated GEM Ports. If a second UNI interface is present on the same ONT, it would also perform classification and map the traffic to TC(s). As mentioned above, a GEM Port must bear one or more T-CONTs. Other upstream traffic from other ONTs is mapped to other 4 T-CONTs according to the TC.

At the OLT, each TC is mapped into a separate queue. T-CONTs from various ONTs that share the same TC are mapped to the same queue, and a scheduler is used among the queues towards the network-facing port i.e. V interface.

Downstream Traffic Management
Figure 6 shows a sample model of downstream traffic management. In downstream direction, T-CONT is not used. Traffic received from the V interface at the OLT is assigned to queues according to the TCs. It is then transmitted in the downstream direction to the PON interface by using a scheduler. At the ONT, the traffic is classified again and placed into appropriate queues for each U interface. A scheduler is used to transmit frames to the U interface.

Thursday, September 15, 2011

Wimax Architecture

Wimax is fully ip network which gives the last mile users to access internet at high speed. Wimax architecture consists of the following components:-
1. MS(Mobile Subscriber) or SS(Subscriber Station)
2. ASN (Access Service Network)
3. CSN (Core or connectivity Service Network)
MS or SS are used by the users to connect the VPN or Internet by using air interface. All the MS or SS connects to the BS(Base Station) and BS further connects to the ASN-Gty.
ASN network consists of Base Stations and ASN-Gty(Access Service Network Gateway). BS are responsible for providing air interface to mobile subscribers to connect VPN or Internet. Apart from this BS manages the subscribers QOS policy enforcements, traffic classification, session managements and handovers during roaming.

ASN-Gty works as LNS(Layer 2 Network Server) server which aggregates all the layer 2 traffic and provides the connectivity to internet. A part from this it manages QOS profiles, keys management, radius client, mobility tunnels with base stations for roaming users. Allocates profile as Simple and Mobile ip communication for SS or MS and becomes foreign agent for them.

CNS consists of AAA, HA, VHR, OSS. It connects to the internet gateway to route the traffic in case of data network. If MS looks for voip calls in that case it also provides the connectivity to PSTN network.

Tuesday, September 13, 2011

Difference Between HLR and VLR

 Home Location Register (HLR) and Visitors Location Register (VLR) are databases that contain the mobile subscriber information as per the GSM architecture. In general there is one central HLR per mobile network operator and one VLR per each Mobile Services Switching Centre (MSC) but this can vary according to the different vendor implementations. Capacity of HLR and VLR can directly affect the subscriber capacity of the mobile network operator.


HLR contains entries for each and every subscriber (MSISDN Number) within a mobile network. Mostly HLR contains static and permanent information about a subscriber. For an example subscriber status, service subscriptions (Voice, Data, SMS etc.), supplementary services, permissions etc. Other than this static information, it has temporary information such as current VLR number and MSC number. HLR works as the central location to route calls within the respective mobile operator’s network. Most of the administrative activities regarding the subscribers are controlled and centralised around the HLR. In most vendor implementations Authentication Centre (another element in GSM architecture) is integrated to HLR to provide more efficient and effective mobile network design. In this case HLR contains authentication information as well.


VLR is a database that contains part of the data available in the HLR and other dynamic information about the mobile stations’ currently roaming in the administrative areas of the associated VLR. Data in the VLR are more dynamic than the other because of the mobility nature of the mobile stations. When a mobile station moves from one Location Area to another their information is updated in the VLR, so as to locate the mobile stations. When a subscriber moves out to new VLR area then HLR inform the old VLR to remove the information related to the given subscriber. Interface between HLR and VLR is called as D-Interface as per the GSM standard which help to share information between nodes. Information about location such as LAI (Location Area Information), attached status and Temporary Mobile Subscriber Identity (TMSI) are stored in the VLR. Also some of the authentication information is passed from HLR to VLR for the authentication requirements.

What is the difference between HLR and VLR?

HLR and VLR have their own functionality within the GSM architecture. There is also a communication interface between HLR and VLR as per the GSM architecture. Number of communications take place within HLR and VLR nodes to share their information. For an example when one subscriber move from one VLR area to another area their locations are updated in the VLR and new VLR information is updated in the HLR. But if a subscriber moves within the same VLR area no such interaction with the HLR is needed.

Both HLR and VLR store the subscriber information as per the GSM architecture to provide mobile communication services to subscribers registered within the network. In general HLR contains information about all subscribers within a network while VLR contains more dynamic information relevant to subscribers roaming within the VLR area. This can vary depending on the network architecture design because in most cases HLRs’ act as centralized nodes while VLRs are mostly geographically diversified nodes. HLR acts as a fixed reference point to a given mobile station (subscriber) while his VLR can vary depending on the mobility and network design.

Even though both HLR and VLR act as databases within the same mobile network, in most designs VLRs are assigned limited geographical area to handle all dynamic data about the subscribers within that area while HLR act as more centralized node that provide more static information about the subscribers within whole network. HLR handles the subscriber administration activities within the network while VLR supports the mobility function and other dynamic information about the subscribers.

Wednesday, September 7, 2011

Interrupt Context Switching Vs Process Switching

Process Switching
Process switching is the default switching technique used by all cisco routers and ios. According to process switching when the packet comes from media to the interface it will check the following steps given below:-
1) Check the destination address in the routing table.
2) Look for the recursive lookup or find the directly connected outgoing interface.
3) Mac rewrite for the next hop.

For every packet the same steps need to be followed which actually involves the cpu and lot of processing consequence diminish in performance.

Interrupt Context Switching

This is also switching technique used by many cisco routers and ios. According to interrupt context switching a cache is maintained which stores the information of packet which comes first. After that if it finds the same packet credentials then instead of going to the processor it will go to the cache. From cache it gets it all the requirements and forwards the packet towards the destination. That’s why it is called fast switching; optimum switching and cef switching all are using interrupt context switching.
Difference between process and interrupt context switching
1) A cache is maintained in the interrupt context switching where as in process switching it follows all the steps mention above.
2) Interrupt context switching is faster that process switching.
3) Interrupt context switching uses destination based load balancing whereas process switching uses per packet based load balancing.

Monday, September 5, 2011

Basics of GPON

GPON stands for Gigabit Passive Optical Networks. GPON is defined by ITU-T recommendation series G.984.1 through G.984.6. GPON can transport not only Ethernet, but also ATM and TDM (PSTN, ISDN, E1 and E3) traffic. GPON network consists of mainly two active transmission equipments, namely- Optical Line Termination (OLT) and Optical Network Unit (ONU) or Optical Network Termination (ONT). GPON supports triple-play services, high-bandwidth, long reach (upto 20km), etc.

Figure 1 shows various FTTx network architectures.

A single fibre from the OLT runs to a passive Optical Splitter (passive means, it does not require any power to operate) which is located near the users' locations. The Optical Splitter merely divides the optical power into N separate paths to the users. The optical paths can vary between 2 to 128. From the Optical Splitter, a single mode (SM) fibre strand run to each user. This is shown in figure 2. GPON adopts two multiplexing mechanisms- a) in downstream direction (i.e. from OLT to users), data packets are transmitted in an broadcast manner, but encryption (AES) is used to prevent eavesdropping, b) in upstream direction (i.e. from users to OLT), data packets are transmitted in a TDMA manner.

The next section describes GPON key technologies.

ONU Identifier (ONU-ID)

ONU-ID is an 8-bit identifier that an OLT assigns to an ONU during ONU activation via PLOAM messages. The ONU-ID is unique across the PON and remains until the ONU is powered off or deactivated by the OLT.

Allocation Identifier (ALLOC_ID)

ALLOC_ID is a 12-bit number that the OLT assigns to an ONU to identify a traffic-bearing entity that is a recipient of upstream bandwidth allocations within that ONU. This traffic-bearing entity is also called T-CONT.

Each ONU is assigned a default ALLOC_ID which is equal to that ONU's ONU-ID, and may be assigned additional ALLOC_IDs as per OLT's discretion.

Transmission Containers (T-CONT)

A Transmission Container (T-CONT) is an ONU object representing a group of logical connections that appear as a single entity for the purpose of upstream bandwidth assignment on the PON. For a given ONU, the number of supported T-CONTs is fixed. The ONU autonomously creates all the supported T-CONT instances during ONU activation. The OLT discovers the number of T-CONT instances supported by a given ONU.

To activate a T-CONT instance to carry upstream user traffic, the OLT has to establish a mapping between T-CONT instance and an ALLOC_ID, which has been previously assigned to the ONU via PLOAM messages. Any ALLOC_ID assigned to the ONU, including the default ALLOC_ID, can be associated with single user traffic T-CONT.

There are 5 types of T-CONTs which can be allocated to the user-
  1. Type 1: This T-CONT is of fixed bandwidth type and mainly used for services sensitive to delay and high priority like VOIP.
  2. Type 2 and Type 3: Both T-CONT are of guaranteed bandwidth types and mainly used for video services and data services of higher priorities.
  3. Type 4: This T-CONT is of best-effort type and mainly used for data services such as Internet and services of low priority which do not require high bandwidth.
  4. Type 5: This T-CONT is of mixed type, involving all bandwidth types and bearing all services.

Dynamic Bandwidth Allocation (DBA)

The OLT is responsible for allocating upstream bandwidth to the ONUs. Because the access network is shared, ONU upstream transmissions could collide if they were transmitted at random times. ONUs can be located at varying distances from the OLT, and hence the transmission delay from each ONU is unique. The OLT measures delay and sets a register in each ONU via PLOAM (Physical Layer Operations, Administration and Maintenance) messages to equalize its delay with respect to all other ONUs on the access network. This is called Ranging.

Once the delay of all ONUs have been set, the OLT transmits grants to individual ONUs. A grant is permission to use a defined interval of time for upstream transmission. The grant map is dynamically re-calculated every few milliseconds. The map allocates bandwidth to all ONUs such that each ONU receives timely bandwidth for its needs.

DBA is a methodology that allows quick adoption of users' bandwidth allocation based on current traffic requirements and it is especially good for dealing with bursty upstream traffic. GPON uses TDMA for managing upstream access by ONUs, and at any one point in time, TDMA provides unshared timeslots (upstream bandwidth over time) to each ONU for upstream transmission.

DBA allows upstream timeslots to shrink and grow based on the distribution of upstream traffic loads. DBA functions on T-CONTs, which are upstream timeslots, and each is identified by a particular ALLOC_ID. An ONU must have atleast one T-CONT, but most have several T-CONTs, each with its own priority or traffic class, and each corresponds to a particular upstream timeslot on the PON. Without DBA support on the OLT, upstream bandwidth is statically assigned to T-CONTs, which cannot be shared, and can be changed only through a management system.

There are two forms of DBA - Status Reporting DBA (SR-DBA) and Non-Status Reporting DBA (NSR-DBA).

In NSR-DBA, an OLT constantly allocates a small amount of extra bandwidth to each ONU. If the ONU has no traffic to send, it transmits idle frames. If the OLT observes that an ONU is not sending idle frames, it increases the bandwidth allocation to that ONU. Once that ONU starts sending idle frames, the OLT reduces its allocation accordingly. NSR-DBA has the advantage that the ONUs need not be aware of DBA, however, its disadvantage is that there is no way for the OLT to know how to allocate bandwidth to several ONUs in the most efficient way.

SR-DBA involves explicit T-CONT buffer status provided by the ONUs when OLT polls them. In this method, the OLT solicits T-CONT buffer status, and the ONUs respond with a separate report for each assigned T-CONT. The report contains the data currently waiting in T-CONTs in the specified time slots. OLT receives the status (DBA) report, re-calculates bandwidth allocation (BW Map) through DBA algorithm and sends new BW Map to the ONUs in-band with downstream traffic. The ONU receives the BW Map from OLT and sends the data in the specified time slots. When an ONU has no information to send, upon receiving a grant from the OLT, it sends an idle cell upstream to indicate that its buffer is empty. This informs the OLT that the grants for that T-CONT can be assigned to other T-CONTs. If an ONU has a long queue waiting in its buffer, the OLT can assign multiple T-CONTs to that ONT.

GPON Transmission Convergence (TC) Layer

ITU-T recommendation G.984.3 describes GPON TC layer which is equivalent to Data Link layer of OSI model. It specifies GPON frame format, the media access control protocol, OAM processes and information encryption method. Figure 3 shows the GTC frame structures for downstream and upstream directions. The downstream GTC frame consists of the physical control block downstream (PCBd) and the GTC payload section. The upstream GTS frame contains multiple transmission bursts. Each upstream bursts consists of the upstream physical layer overhead (PLOu) section and one or more bandwidth allocation intervals associated with a specific ALLOC_ID.

The downstream GTC frame provides the common time reference for the PON and common control signaling for the upstream.

Downstream GPON Frame Format

A downstream GTC frame has a duration of 125us and is 38880 bytes long, which corresponds to downstream data rate of 2.48832 Gbps. Figure 4 shows a detailed downstream GTS frame format.

The OLT sends the PCBd in the broadcast manner, and every ONU receives the entire PCBd. The ONUs then act upon the relevant information contained therein. The Psync field indicates beginning of the frame to the ONUs. The Ident field contains an 8-KHz Superframe Counter field which is employed by the encryption system, and may also be used to provide low rate synchronous reference signals. The PLOAMd field handles functions such as OAM-related alarms or threshold-crossing alerts. BIP field is Bit Interleaved Parity used to estimate bit error rate. The downstream Payload Length indicator (Plend) gives the length of the upstream bandwidth (US BW) map. The Plend is sent twice for redundancy. Each entry in the Upstream Bandwidth (US BW) map field represents a single bandwidth allocation to a particular T-CONT. The number of entries is given in the Plend field.

The Allocation ID (ALLOC_ID) field indicates the recipient of the bandwidth allocation i.e. a particular T-CONT. The lowest 254 allocation ID values are used to address the ONU directly. During the ranging process, the first ALLOC_ID given to the ONU must be in this range. This ALLOC-ID is known as the default Allocation ID. This ALLOC_ID is same as ONU-ID number used in PLOAM messages. If further ALLOC_ID values are required for that ONU, they should be taken from those above 255. ALLOC_ID 254 is the ONU Activation ALLOC_ID- used to discover unknown ONUs. The Flag field allows the upstream transmission of physical layer overhead blocks for a designated ONU. The Slot Start and Stop field indicates the beginning and ending of upstream transmission window. The CRC field provides error detection and correction on bandwidth allocation field.

The GTC payload field contains a series of GEM (GPON Encapsulation Method) frames. The downstream GEM frame stream is filtered at the ONU based upon the 12-bit Port ID field contained in the header of each GEM frame. Each ONU is configured to recognize which Port-IDs belong to it. The Port-ID uniquely identifies a GEM Frame.

Upstream GPON Frame Format

The Upstream GTS frame duration is also 125us and is 19440 Bytes long, which gives an upstream data rate of 1.24416 Gbps. Each upstream frame contains a number of transmission bursts coming from one or more ONUs. Each upstream transmission burst contains an upstream physical layer overhead (PLOu) section and one or more bandwidth allocation intervals associated with individual ALLOC-IDs. The BW map dictates the arrangement of the bursts within the frame and the allocation intervals within each burst. Each allocation interval is controlled by a specific allocation structure of the BW map. Figure 5 shows upstream GTC frame format.

The physical layer overhead (PLOu) at the start of the ONU upstream burst contains the preamble which ensures proper physical layer operation of the burst-mode upstream link. The PLOu field contains the ONU-ID field which indicates the unique ONU-ID of the ONU that is sending this transmission. The upstream physical layer OAM (PLOAMu) field is responsible for management functions like ranging, activation of an ONT, and alarm notifications. The upstream power leveling sequence (PLSu) field contains information about the laser power levels at the ONUs as seen by the OLT. The dynamic bandwidth report (DBRu) field informs the queue length of each T-CONT at the ONT.

Mapping of GEM Frames into GTC Payload

GEM traffic is carried over the GTC protocol in transparent fashion. In the downstream direction, GEM frames are transmitted from the OLT to the ONUs using the GTC frame payload section. The OLT may allocate as much duration as it needs in the downstream, upto and including all of the downstream frame. The ONU filters the incoming frames based on Port-ID. In the upstream direction, frames are transmitted from ONU to OLT using the configured GEM allocation time. The ONU buffers GEM frames as they arrive, and then sends them in bursts when allocated time to do so by the OLT. The OLT receives the frames and multiplexes them with the frames from other ONUs.

Ethernet over GEM
The Ethernet frames are carried directly in the GEM frame payload. The preamble and SFD bytes are discarded prior to GEM encapsulation. Each Ethernet is mapped to a single or multiple (by fragmenting) GEM frames.

Juniper SRX Basic System Setup

To create an admistratitive user to manage the device, first create the username and then assign the username a class:
root# set system login user authentication plain-text-password
New password:
Retype new password:
root# set system login user admin class super-user

Set the system hostname:
root# set system hostname 

Set DNS Servers for the device, it is a good idea to setup at least 2 DNS servers:
root# set system name-server
root# set system name-server

This section will setup the unrust interfaces and zones.

First we need to assign an IP to the interface:
root#set interface ge-0/0/0 unit 0 family inet address

Next assign the interface to the untrust zone:
root#set security zones security-zone untrust interfaces ge-0/0/0.0

Setup SSH and HTTPS for remote management:
root#set system services ssh
root#set security zones security-zone untrust host-inbound-traffic system-services ssh
root#set system services web-management https system-generated-certificate
root#set security zones security-zone untrust host-inbound-traffic system-services https

Finally create a default route to exit the untrust interface :
root#set routing-options static route next-hop (address of upstream router)

This section will setup up the trust interface and zones.
First we need to assign an IP to the interface:
root# set interface fe-0/0/7 unit 0 family inet address

Next assign the interface to the trust zone:
root# set security zones security-zone untrust interfaces fe-0/0/7.0
root# set system services ssh root-login allow

To setup management of the firewall, it is a good idea to only allow secure access like HTTPS and SSH on the untrust zone and unsecure management access like HTTP and Telnet can be enabled in the trust zone.

To setup ssh
root# set system services ssh
root# set security zones security-zone trust host-inbound-traffic system-services ssh
root# set security zones security-zone trust host-inbound-traffic system-services http
root# set system services web-management https system-generated-certificate
root# set security zones security-zone trust host-inbound-traffic system-services https

Sunday, September 4, 2011

MPLS Interview Questions

1. What is the difference between VPN and MPLS?

VPN is generally Virtual Private Network which could be configured by using GRE tunnels. In that if you want a full mesh than administrator need to setup n*n-1 tunnels. But in case of MPLS VPN, by default CPE works in full mesh form because of route target.

2. What is MPLS and why it is being so popular in short time?

MPLS is multi protocol label switching mechanism which uses the label to forward the traffic to the next hop address. It is popular because it must be used for CPN (Converge Packet Network).

3. What is the protocol used by MPLS?

MPLS uses TDP or LDP.

4. MPLS works on which layer?

It works between layer 2 and layer 3.

5. What is the difference between P and PE router?

P router doesn’t have Customer network routes where in PE router is having customer network routes. Another reason is P router doesn’t require MP-iBGP but for PE it is must.

6. Can I make my PE router as P?

To make your PE router as P, you need to remove the BGP configurations and after that it will not participate with customer network.

7. Two routers are having 4 equal cost links, how many ldp sessions will be established?

One session

8. My LDP router id, OSPF router id and BGP router id is different, will it work to forward the traffic of customers or not?

LDP router id and BGP router-id should be same if SP is using labels only for loopbacks. If labels are generated for each and every route then no problem at all.

9. What is Penultimate Hop Popping and why it is required? Which router performs the PHP function?
Second last router performs the Penultimate Hop Popping function to remove the top most label.

11. What are the different types of labels?

Implicit Null, Explicit Null, Aggregate Label etc.,

12. How to make customer route unique?

By adding route distinguisher

13. What is the difference between RD and RT?

RD is not an extended community where as RT is an extended community.

14. Can I assign a same RD to two different customers?

RD is unique and local to router.

15. Is RD travels in route update?


16. My customer is having three branches and all are attached to three different PEs, In this case can I use the different vrf names?


17. What is downstream on demand?

Downstream router is the one which is responsible to advertise the label first to upstream router in case of downstream on demand method is selected.
Upstream router is the one which advertise the labels to its downstream router after receiving label bindings from it.

18. How to filter MPLS labels?

By using ACLs

19. What is the default range of MPLS labels in Cisco routers? How to extend that range?

16 – 100000 is default range

20. Without route reflector can I implement MPLS?

Yes, need to develop full mesh BGP

21. What is the difference between VPNv4 and IPv4 address family?

we always accept and forward ip packets to customers, for this we need to use ipv4 address-family. When the customers packets are being received by PE they become labeled one and to forward labeled packets to different PE/RR; address-family vpnv4 is required. In short we can say that ipv4 address-family is being used for customers and vpnv4 address-family is used by SP core.

22. What is MP-iBGP? Can we use normal BGP in lieu of MP-iBGP?

No, MP-iBGP is used because of the support of multi protocol which normal BGP doesn’t support

24. What is CEF and without enabling CEF, can we make MPLS work?

 CEF is mandatory in Cisco routers for MPLS.

25. I am receiving end to end customer routes on various PE but not able to ping those routes, what’s could be the problem?

LDP is not configured in the path.

27. Default timers of LDP?

28. Does LDP require OSPF, IS-IS or BGP?

 IGP is required for IP Reachability

29. In neighbor discovery command, I am receiving only xmit, what does it mean?

 At another end MPLS IP is not configured.

30. What is transport address?

Route id is transport address

Difference Between 4G and 3G Technology

What does “4G” mean? 4G is a marketing term that service providers are using to describe the “fourth generation” of wireless services.They typically offer between four and ten times the performance of 3G networks.

What technologies run 4G services ?

The two main technologies are Long Tenn Evolution (LTE) and WiMax. The IEEE (Institute of Electrical and Electronics Engineers) developed the WiMax standard; the 3GPP, an industry body for providers that use GSM (the leading technology for cellular communications), heads development of the LTE standard. WiMax and LTE use different types of wireless spectrum.

How fast ls 4G compared with 3G ?

WiMax providers are advertising download speeds of between 2 megabits per second and 6 mbps, with peak speeds of 10 mbps or more. Verizon, which will launch LTE networks in the United States later this year, is expecting to offer services with download speeds in the 5 mbps to 12 mbps range.may also be able to replace your home DSL or cable modem service with a 4G service you can use both at home and on the road.

Difference between 3G and 4G Network Technologies

1. Downlink data rates for 3G in around 2Mbps in stationary mode whilst 4G specifications it should be 1 Gbps and in highly mobile environment 3G downlink speed should be around 384Kbps and 100 Mbps in 4G networks.

2. Multiple access technique to be used by 3G is CDMA and its variations and in 4G both the technologies (LTE and WiMAX) using OFDMA (Orthogonal Frequency Division Multiple Access) in downlink.

3. In the uplink LTE uses SC – FDMA (Single Carrier FDMA) and WiMAX continue to use OFDMA whilst 3G networks use CDMA variations.

Thursday, September 1, 2011

Difference Between WiMAX and WiMAX 2

WiMAX and WiMAX 2 both are wireless broadband technologies to deliver high data rate and low latency. WiMAX is already implemented and WiMAX 2 is in development phase. WiMAX belongs to IEEE 802.16 family and 802.16d and 802.16e is already in place. WiMAX 2 is building upon 802.16m and which is backward compatible with WiMAX. The expectation of WiMAX 2 is to deliver more than 100 Mbps on a device when on mobility of 500 km/h.

WiMAX 2 (Wireless Interoperability for Microwave Access, IEEE 802.16m)

WiMAX 2 is a successor of WiMAX and building upon IEEE 802.16m standard. WiMAX supposed to give more capabilities than 802.16 with backward compatibility with WiMAX Air Interface R 1.0 and R 1.5. WiMAX 2 expected to deliver more than 1000 Mbps with low or no mobility and more than 100 Mbps with mobility with low latency and increased VoIP capabilities.

It’s an ideal solution to provide high speed internet connections to rural areas and it’s a best option for backhauling the local offices or mobile stations. This is an end to end IP technology.

Typically it operates in 450 MHz to 3800 MHz.

WiMAX (IEEE 802.16)

WiMAX (802.16) (Wireless Interoperability for Microwave Access) is a 4th Generation mobile access technology for high speed access. The current version of this technology can provide around 40 Mbps in reality and the updated version is expected to deliver 1Gbps in fixed endpoints.

WiMAX falls under IEEE 802.16 family and 802.16e (1×2 SIMO,64 QAM,FDD) gives 144 Mbps download and 138 Mbps upload. 802.16m is the expected version to be delivered around 1Gbps in fixed endpoints.

WiMAX has fixed version and mobile version. The fixed WiMAX version (802.16d and 802.16e) could be used for broadband solutions for home and can be used for backhauling remote offices or mobile stations. The WiMAX mobile version (802.16m) could be used as the replacement of GSM and CDMA technologies with expected high throughput is referred as WiMAX 2.

WiMAX down Link Data rates:

Air Interface R1.0
2×2 MIMO 10 MHz TDD – Around 37 Mbps

Air Interface R1.5
2×2 MIMO 10 MHz TDD – Around 40 Mbps
2×2 MIMO 20 MHz TDD – Around 83 Mbps
2×2 MIMO 2×20 MHz FDD – Around 144 Mbps

Air Interface R2
2×2 MIMO 2×20 MHz FDD – Around 160 Mbps
4×4 MIMO 2×20 MHz FDD – Around 300 Mbps

Difference Between WiMAX and WiMAX 2
(1) Basically both come from same family IEEE 802.16

(2) WiMAX can offer maximum around 300 Mbps with 4×4 MIMO whereas WiMAX 2 supposed to offer around 1000 Mbps with less mobility or no mobility.

(3) Latency will be lower in WiMAX 2 than WiMAX, since WiMAX comes with more VoIP capabilities.

(4) WiMAX is already launched and WiMAX 2 is expected to be launched later 2011 or early 2012


My Blog List

Networking Domain Jobs