Saturday, May 27, 2006

MPLS in the Enterprise

I knew it. I have been talking about it from the past 2 years.
It’s coming. I knew it, and it’s coming.

When people talk about MPLS, they always associate it with Service Provider. By adding label to the packet between layer 2 and layer 3, MPLS can provide so many services such as Layer 3 VPN, Layer 2 VPN, Traffic Engineering and so on.

Why Enterprise customers need MPLS?
MPLS was invented originally to optimize and increase the switching performance by not doing Layer 3 lookup, but MPLS label lookup instead. Nowadays switching performance in network device has been increased and it is equal for either Layer 3 lookup or layer 2 lookup. So increasing the performance is not the answer we are looking for.

Okay, it’s really good to consolidate ATM backbone and Frame-Relay backbone into single IP infrastructure with Layer 2 VPN. But which Enterprise customer maintains the physical layer for its backbone? And forget about Traffic Engineering for time being.

The most applicable MPLS service for Enterprise is: Layer 3 VPN. But wait, why in single Enterprise network you need to run MPLS L3 VPN?

Well, the answer is obvious if you have any third party vendors or consultants working in several places in your network. You want them to use your network transparently: they can connect to each other but they can’t see your infrastructure. MPLS L3 VPN is the answer.

Now I want to push it even further. I have one project to build big campus network, with core, distribution, and access switches topology. And the users are divided into several departments. The policy from my customer: within one department, regardless of the physical location, users should be able to connect to each other. But they should not be able to connect to any other departments. And all of them share the same data center, and share the same Internet connection.

I have two options for this: put Access Control List (ACL) in any distribution switches or the gateways. This is the most common option that any Network Engineers would choose. The second option is to have VPN within each department so they will not be able to communicate to each other. VPN can be provided with normal GRE tunnel, IPSec, and.. MPLS.
Compare to the other two, MPLS configuration is easier and more fit to address the above requirement.

The MPLS cloud will start from distribution switches. So at minimum, distribution should run hardware that can support MPLS. From Cisco this can be Catalyst 6500 series with Supervisor 720-3B. We can terminate each VPN into the firewall, one VRF for one VLAN connected to the firewall. With this way, we can have all the MPLS VPN connected to firewall as DMZ. Later on, if it’s required to provide specific access between VPN, all the connection can be inspected and filtered through the firewall.

Things get interesting if you want to extend MPLS to the access switches. Cisco encourages to have Routing terminated into the access nowadays, to eliminate the requirement of Spanning-Tree Protocol and HSRP. If we can run routing in access switches, the gateway for all users will be the access switch itself. No STP and HSRP required. And to extend MPLS to the access, we need to have VRF-Lite feature to bind each user VLAN to dedicated uplink to Distribution switches. In distribution switches, each uplink from access switch will be placed into designated VRF.

So it’s coming, everyone. MPLS is already here, and it’s inevitable.
All Enterprise customers hear me now: MPLS time has come.

Saturday, May 20, 2006


I’m overloaded.

From the past couple of months I have been involved in 4 major projects in my company. Some of them are the largest that we have ever dealt with. This promotes my company as the hottest Cisco partner in the country, and we do the hottest project in town together with Cisco directly. And how about my roles? From technical project manager, lead engineer, designer, consultant, implementation supervisor, to logistic manager. Working starts from pre-implementation until training and project hand-over.

I’m under pressure.

All the projects have similar time frame. All of them started from last month, and 2 will start the installation during this summer, while the other 2 will be still in design process.
Meeting, meeting, meeting. Design workshop. Presentation. High Level and Low Level Design. Implementation Plan. Network Ready for Use. Site Readiness. Material Delivery. Staging. Material inspection. Site survey. Testing procedure. Documentation.
So many things to do, so less time to have.

I’m overjoyed.

Four different customers from airport, shopping mall, residential and university. Different technology on each place. From MPLS Layer 3 VPN, very high availability design, 10 Gigabit to the edges, triple play with Multicast and QOS, OSPF multi area, Wireless network with LWAPP and layer 3 roaming, IP Telephony, Firewall and Intrusion Prevention System, up to network management. Different design and customer requirements. Different expectations. Different rules.

I’m choked. I’m choked, to the limit.

I can’t breath. All the workloads. All the responsibilities.
It’s hell a lot of fun, but it’s not worth it anymore.
Keep working days and nights, even during the weekends.
No complaints, until I started getting phone calls from my daughter:
“Daddy, where are you? I want to have my dinner with you.”

I’m choked. And I believe it’s not worth it.
Especially since I still haven’t got my respect.

I need to do something about it.

Friday, May 05, 2006


Due to the option that I took, I have to give up one of the thing that I like the most: my 325i. Yup, it’s BMW 2002 model with 2.5L engine that can bring me 0 to 100 km/h in 7 seconds. Sunroof and navigation system. Pretty white chick.

I knew it since beginning that the 3rd option would not be easy. It is the red pill that Neo had to take in order to know what the meaning of The Matrix is. Well, it may not be that hard, but it is still not a straight trough highway where I can see the end of the road. Again, the power of uncertainty is something that can really make our life so dynamic, and so painful at the same time.

Anyway, when I sold my car last week and started driving a rental Toyota Corolla, my friend told me that I would lose something that he called BMW Respect.
What the heck is that? It is a respect that other car owners give you in the street, he replied. Everytime you try to change your lane with you BMW or any expensive cars, people tend to give you more room.
That’s silly, I though, there is no such thing.

So here I was, driving my Toyota happily in one of Dubai busy streets. Okay, I was in the slow lane and I wanted to increase my speed. It was time for me to change my lane.
What the…???!!! This guy almost hit my car! He didn’t reduce his speed at all to give me some room to enter the lane.
What’s your problem, dude? Maniac.

I started thinking about my friend’s respect. Nah, it’s just a coincidence. There’s always speedy maniac everywhere.

I kept trying to convince myself until I got the same experience over and over again. Everytime I tried to change the lane, I really had to fight for it. I never faced this issue with my previous car.
What’s wrong with Toyota, guys?
So that kind of respect really exists?

In another day, I went to one store in shopping mall to buy something. I noticed that I was left alone for quite some time, none of the store attendants tried to approach me to ask what I want or offer me services.
Were all of them busy? Not really. That guy was standing in the corner and did nothing other than watching the whole store. What? There was a couple who wore decent clothes and the guy went to them with a big smile and offered his favor.

Okay, I was wearing only normal shirt and jeans. But does it mean I’m not a potential buyer? In fact I was ready to spend my money but the story ended up by me walking out the store due to the way its employee treated me.

My thought about this respect started bugging me. Yesterday I drove my car to my office which is located in one of five star hotels in Sheik Zayed Road, Dubai’s main road.
Normally everytime I drive through the hotel atrium with my BMW, there’s always one hotel officer who offers me valet parking.
Hey, what happens today? Where’s the valet parking guy?
With my company policy I can’t use hotel valet service anyway, but it’s still good to see at least those guys try to show me some respect.

Wait. Did I say respect?
So is my friend definition about respect really true?

Why does such standard exist?
So people must drive expensive car to get respect?
So people must wear decent clothing to get service?

Suddenly I feel vulnerable. I feel insecure.
Not because of my Toyota looks like made from the cheap material just like normal Coke can and it makes me feel really insecure if I ever get into even a small accident.
I feel vulnerable about my life. About the way some people treat other people with their own definition of respect.

I feel insecure about my job.
Is this the reason why even I have been with my current company for 4 years now and never get any raise? Even I believe I have delivered some of my company largest project successfully but as a person I'm still not within the standard to get my respect?

And is this the reason why I still can’t join Cisco ME until now?
No way. Cisco Systems is an Equal Opportunity Employer. At least that’s what written in the website.
And isn’t it clear from the last Gulf partner summit that they would not hire people from partner? But wait. Isn’t one of my CCIE colleagues who used to work with my company joining Cisco recently?
Is it because he has more experience and expertise than me or because some other reasons?

Another hopeless thought.

I just want to work in a place where people respect me only because of my expertise and performance in delivering the job.
And nothing else.
Please let me know if such place exists.