Share this page!

Daniel Dib Profile picture
Twitter logo
May 6 7 tweets 2 min read
For the last couple of years I have worked extensively with #SDWAN. Let me share with you some of the common design mistakes that I see, often to save a few bucks, which ends up costing more in the end. Let's focus on the transports. A 🧵
Don't cheap out on bandwidth. Bandwidth is relatively
cheap. Get two INET transports, from different
providers if possible. Have them be the same BW
and use them equally. Having them different BW
will complicate the design and policy.

2/7
For dual router sites, connect both routers to
both of the transports. This allows for faster
convergence and no need to configure TLOC
extension. ISP needs to provide two ports,
though.

3/7
Don't let your ISP play stupid games with you.
Do NOT procure some kind of active/backup setup
like this with VRRP and different BW depending
on what router is active. This is horrible to
operate and complicates your design. No, god no.

4/7
Running an overlay comes with some overhead, of course.
That means a lower MSS as IPSec takes up some of those
precious bytes. Calculate the overhead and see if the
ISP can support a larger MTU to account for this. This
is not a must but having 1500 bytes available is nice.

5/7
Often Zero Touch Provisioning relies on device getting
IP address via DHCP. Ask your ISP if they can provide
a public IP via DHCP. Surprisingly often, they can't,
and there are some workarounds but your life is easier
if you have DHCP on your interfaces.

6/7
Avoid NAT. Yes, many scenarios still work, depending on
the type of NAT, but having a network without NAT makes
the probability of your tunnels coming up a lot higher
and easier to troubleshoot the data plane. Get a public
IP for your devices.

7/7

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Daniel Dib

Daniel Dib Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @danieldibswe

Daniel Dib Profile picture
Mar 20
SD-WAN is not so much about providing new tech as it is about making that tech more accessible. Let's take an example of an existing WAN. Possibly a DMVPN or similar.

It's not easy to do traffic engineering with EIGRP and OSPF, especially not with OSPF.

1/x
These are IGPs and were not designed to cater to policy and traffic engineering. With OSPF you basically only have cost to play with. With EIGRP you have bandwidth and delay. However, how do you achieve different view depending on where you are coming from?

2/x
Messing with metrics means you just used a big hammer and everyone in the routing domain will get affected by the change. Yes, there are areas and possibly some hacks but let's just agree that this is not a good approach. So what we have left is BGP.

3/x
Read 7 tweets
Daniel Dib Profile picture
Mar 20
Tell me something about names in your country.

In Sweden surnames like Johansson, Persson, Andersson, Svensson are very common. It literally means Johan's son, Per's son, and so on. There is also Persdotter, Jakobsdotter, which is the same but with daughters. 1/x
There are some men that have a traditionally female name as one of their names. Apparently there are around 25 men with Annika in their name because their heritage is from Annikasgården. 2/x
Some Swedish surnames are "soldier names". They were given to soldiers. Examples of these are Tapper (brave), Stolt (proud), Frisk (healthy), Nöjd (happy), Strid (battle), Sköld (shield), and so on. 3/x
Read 5 tweets
Daniel Dib Profile picture
Feb 26
Reviewing a #CCDE book is definitely taking me back to the days of preparing for and taking the practical. Here are some of the things that can help you perform your best. A 🧵
Connect with the scenario. This may seem obvious but you can't approach this without putting you in the shoes of the network designer. In most exams, you answer a question in isolation. Here, you go along a story and have to live with your decision, and the business as well.
A scenario will have background information. Is it relevant how much revenue the business has? How many stores they have? Or is it there just to make you find more relevant information such as current problem areas or iniatives? Learn to filter this info.
Read 12 tweets
Daniel Dib Profile picture
Sep 12, 2021
It can be difficult getting the experience to become a network architect, but there are many things you can do even if your role today does not involve design. In this thread I will give you some pointers and feel free to add your own.

1/x
The first step is always the fundamentals. You need to have a good level of understanding of the fundamentals. If you don't know OSPF or ISIS, how will you know when to pick one over the other? You have to start with the fundamentals and get some operational experience also. 2/x
Start reading books on network design. Even if you aren't going for a certification, there are books like the CCDE study guide by my friend @CCDE066 There are books for the CCDP as well. You have the excellent The Art of network Architecture by @LadyNetwkr and @rtggeek 3/x
Read 12 tweets
Daniel Dib Profile picture
Sep 1, 2020
Some thoughts on CL outage, sorry @ioshints too lazy to blog this right now 🙂

First problem was input validation. It shouldn't have been possible to enter wildcards, but the validation failed (buggy code). It would make sense to add more logic here... 1/x
It shouldn't be allowed to filter traffic belong to CL infra, BGP, ISIS, loopbacks, management etc etc...

Second problem was this was implemented without running tests (from what I can tell). The rule could have been tested on a virtual device first. CP is easy to simulate. 2/x
The fault should have been caught in these tests and and the rules should not have made it to production.

Furthermore, there should be a ruleset, a safety net, of rules you can't override. You shouldn't be able to filter out traffic from the router itself. Think CP. 3/x
Read 7 tweets
Daniel Dib Profile picture
May 3, 2020
I've been working for the same company, Conscia, for more than five years now. This thread will describe why I have stayed and will help managers and leaders to understand how you can keep high performers around.

This is going to take a number of tweets.
Everything starts with culture. You can't fake culture. Forget about ping pong tables, free lunch and things of that nature. Those are fine but they are NOT culture. I don't, and probably most other high performers, have zero fucks to give about things like that.
Culture is something you build from the ground. With passionate employees that want to improve and that want to help others improve. You can try to, and can have some results improving culture, but if the company was built on shit culture, results won't be good.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(