Troubleshooting: traceroute, tcpdump, Wireshark, show interfaces, show bgp summary, ping with source
0 / 5 completed
1 / 5
A network engineer explains a routing issue to the team: "The problem is BGP path selection — we're advertising the same prefix from two different AS paths. The remote peer is preferring the longer AS-PATH, which routes traffic through a congested link. I'll add AS-PATH prepending on our primary path to make the backup route more attractive." What is BGP AS-PATH prepending?
BGP (Border Gateway Protocol): the routing protocol of the internet; used between autonomous systems (ASes). AS-PATH prepending: a TE (traffic engineering) technique where you repeat your own AS number in the AS-PATH attribute, making the route appear longer (and thus less preferred) to remote peers. Used to influence inbound traffic paths. BGP vocabulary: AS (Autonomous System) — a network under a single administrative domain with a unique ASN. Prefix / NLRI — a network block (e.g., 203.0.113.0/24) advertised in BGP. BGP attributes for path selection (in order): WEIGHT (Cisco-local), LOCAL_PREF (within AS), shortest AS-PATH, ORIGIN (IGP > EGP > incomplete), MED, eBGP > iBGP, lowest IGP metric, lowest router ID. eBGP — BGP between different ASes. iBGP — BGP within the same AS. BGP community — optional tagging attribute to signal routing policy. Route reflector — iBGP scaling mechanism; avoids full-mesh iBGP requirement. RPKI (Resource Public Key Infrastructure) — cryptographically validates BGP route origins to prevent hijacking. BGP hijack — malicious or accidental route advertisement of someone else's prefix. Famous example: Pakistan Telecom hijacking YouTube routes in 2008. In conversation: "We prepend our AS twice on the backup link — that's enough to make peers prefer the primary link under normal conditions."
2 / 5
A network architect explains link redundancy to a new engineer: "We have two uplinks to our core switch. Without Spanning Tree Protocol, both links would be active and create a broadcast storm — Layer 2 loops are catastrophic. STP elects a root bridge and blocks redundant paths while keeping them available for failover." What is Spanning Tree Protocol (STP) and what problem does it solve?
Spanning Tree Protocol (STP, IEEE 802.1D): a Layer 2 loop-prevention protocol. Without it, broadcast frames in a switched Ethernet network would loop indefinitely — creating "broadcast storms" that saturate all links and crash the network. STP mechanism: 1) Elect a root bridge (lowest bridge ID). 2) Each non-root bridge selects one root port (lowest cost path to root). 3) Each network segment selects one designated port. 4) All other ports become blocking ports. STP vocabulary: BPDU (Bridge Protocol Data Unit) — control frames STP uses to exchange topology information. Port states: Blocking → Listening → Learning → Forwarding (classic STP takes 30-50 seconds to converge). RSTP (802.1w — Rapid STP) — replaces classic STP; converges in seconds. MSTP (802.1s) — maps multiple VLANs to multiple STP instances for load balancing. PortFast — Cisco feature: skips STP listening/learning states on access ports (no risk of loops on end-device ports). BPDU Guard — shuts down a PortFast port if it receives a BPDU (protects against accidentally connecting switches to "fast" ports). Root guard — prevents a port from becoming a root port; protects root bridge placement. In conversation: "The network outage was a rogue switch plugged into two access ports — STP wasn't properly configured and we got a broadcast storm."
3 / 5
A senior network engineer describes the company WAN architecture: "We replaced our private MPLS circuits with SD-WAN. Each branch office has two cheap internet links — broadband and 4G LTE — and the SD-WAN overlay handles path selection, failover, and QoS centrally. We saved 60% on WAN costs." What is SD-WAN and how does it differ from traditional MPLS?
MPLS (Multiprotocol Label Switching): a private WAN technology from the carrier. Packets are forwarded based on labels, not IP lookup. Provides: guaranteed bandwidth, low latency, QoS. High cost: a 100 Mbps MPLS circuit between two cities might cost €3,000/month. SD-WAN (Software-Defined Wide Area Network): runs over commodity internet (broadband, LTE, 4G/5G). An overlay software layer handles: path selection (choose best link per application), failover (detect degraded link, switch instantly), QoS (prioritise voice/video), centralised management. SD-WAN vocabulary: Underlay — physical transport (internet, MPLS, LTE). Overlay — encrypted tunnel layer managed by SD-WAN. Application-aware routing — routes traffic based on application type (video → low-latency link; bulk transfer → high-bandwidth link). Zero-touch provisioning — new branch router ships pre-configured; connects and registers to SD-WAN controller automatically. Hub-and-spoke vs full-mesh — WAN topology; SD-WAN can emulate full-mesh over internet cheaply. MPLS vs SD-WAN comparison: MPLS — guaranteed QoS, predictable, expensive, slow to provision. SD-WAN — cheaper, faster to deploy, resilient (multi-link), but depends on public internet quality. Hybrid approach: many enterprises use MPLS for latency-sensitive traffic + SD-WAN for cloud/internet. In conversation: "After SD-WAN rollout, branch internet access went from routing all traffic through HQ to breaking out directly — latency to O365 dropped from 80ms to 12ms."
4 / 5
A network engineer explains a data centre technology: "We use VXLAN as our overlay network. Each virtual network gets a 24-bit VNI — that allows 16 million logical networks versus the 4,096 VLANs VXLAN was designed to replace. Tenant A and Tenant B are completely isolated even though they share the same physical switches." What is VXLAN and why does it scale better than traditional VLANs?
VXLAN (Virtual Extensible LAN, RFC 7348): an overlay protocol that encapsulates original Ethernet frames (Layer 2) inside UDP packets (Layer 3). Enables Layer 2 networks to span across a Layer 3 IP fabric — essential for data centres and cloud environments. VXLAN vocabulary: VNI (VXLAN Network Identifier) — 24-bit field = 2²⁴ = ~16.7 million unique segments (vs VLAN's 12-bit = 4,096). VTEP (VXLAN Tunnel Endpoint) — the device (physical switch, hypervisor) that encapsulates/decapsulates VXLAN frames. Underlay — the physical IP network VXLAN runs on. Overlay — the logical L2 tenant networks created by VXLAN. Data centre networking vocabulary: Spine-leaf topology — modern data centre fabric: leaf switches connect to all servers; spine switches provide uplinks; all spine-leaf paths equal cost (ECMP). Replaces older three-tier (core-distribution-access) for better east-west traffic. ECMP (Equal-Cost Multi-Path) — traffic load-balanced across multiple equal-cost links. East-west traffic — server-to-server traffic within a data centre; dominates in microservices architectures. North-south traffic — traffic entering/leaving the data centre from the internet. BGP EVPN — control plane for VXLAN in modern data centres; distributes MAC and IP reachability through BGP. In conversation: "We hit the 4,096 VLAN limit when onboarding our 500th tenant — migrating to VXLAN/EVPN solved the scalability problem completely."
5 / 5
A network architect explains a link failure scenario: "When the primary uplink failed, OSPF detected the topology change within 1 second and reconverged in under 3 seconds — traffic rerouted automatically. That's Hello interval plus dead interval plus SPF calculation. We tuned the timers to achieve sub-second convergence on critical paths." What is OSPF and what does convergence mean in a routing context?
OSPF (Open Shortest Path First): a widely-used link-state IGP (Interior Gateway Protocol, RFC 2328). Each OSPF router builds a complete map of the network topology (the LSDB — Link State Database) and runs Dijkstra's SPF algorithm to calculate shortest paths. The result: the IP routing table. Convergence: the process by which all routers in a network reach a consistent view of the topology after a change (link failure, new link, router restart). Fast convergence = less traffic disruption. OSPF vocabulary: LSA (Link State Advertisement) — control messages OSPF routers send to share topology information. LSDB (Link State Database) — each router's full map of the network topology. SPF (Shortest Path First / Dijkstra algorithm) — algorithm OSPF runs to compute best paths from LSDatabase. Hello packet — periodic keepalive; by default every 10s (point-to-point) or 10s (broadcast). Dead interval — 4× Hello; after this time without Hello, the neighbour is declared down. DR / BDR (Designated Router / Backup DR) — elected on broadcast segments to reduce LSA flooding. OSPF area — topology segmentation for scalability; Area 0 (backbone) connects all other areas. IGP comparison: OSPF vs EIGRP (Cisco-proprietary, hybrid distance-vector/link-state) vs IS-IS (similar to OSPF; preferred by ISPs and large data centres). In conversation: "After tuning BFD on the OSPF peers, our failover went from 3 seconds to 150 milliseconds — below the threshold users can perceive."