Shabaaz Malik

Hello. Well, my name is Malik. I am from Jammu and Kashmir, India. I have done my schooling from Saint Joseph Senior's School, Chandigarh. I have done a BTech in computer science. I have been working in networking as a network engineer for the last 3 years. My first experience was in Lumen Technologies Private Limited, and my next experience is in APT Research Private Limited, where my role is to configure and maintain the network, configure switches, firewalls, VPNs, help end-users with their VPN issues, communicate with them in case of outages, and configure firewalls. And in my current role, I configure servers from a network perspective, from installation to configuration. I configure it all independently, and we monitor all the stuff, such as ping, SNMP, CPU load, and NetFlow version 9, version 5. So, basically, I'm working around the clock to completely work as a network engineer in my current organization. And with that, I have a good understanding of networks, how they function, how to route traffic, and how to add routes in servers. I have a good understanding of networking.

Throughput is basically when we have a good understanding of the network or the data packets coming from one end to another. We can see how much the packets are coming and if we have any lag or issues getting those packets to travel from one end to another. And good throughput is like we are getting a good amount of data without any lag, without any issues. And we can monitor all the stuff, like code put and throughput in our network monitoring tools to check whether we are getting a good amount of data or not. And basically, we can use all our graphs to understand the throughput and the output, and how it's getting.

For network troubleshooting, I would say, first, I can check the IP address command to see how many IP addresses are given for specific interfaces of the server, and I can check the netstat -g -n to check the multicast IPs, which we have subscribed. And I can check the route -n or netstat -r to check the routing table of the server. And I can see the configuration files of Rocky 8.4 version via going to the directory of /etc/network/scripts/sysconfig/network-scripts where I can check the files of each interface, and I can add the routes in it. And I can manually add a route for a specific interface like IP route add 10.10.10.10/32, ip v4, dev the specific interface name or I can have VLAN interfaces also with the same purpose, like IP or MCL add l for example, the name of the interface is l3-100 and VLAN ID is 100 and ip v4 version and the dev the interface name is l3-100, the physical interface name. So, we have a lot of commands to troubleshoot networking in Linux. And, like, we can check the SNMP also while checking the system CTL status as an MPD service. We can check the time stamping by system CTL status, SFPD, their services, or network services. We can restart them. And we do have a lot of commands in Linux to check the network.

For configuring the network connectivity on a Linux system, for an operating system RHEL 8.4 Linux, we have files stored in the directory like /etc/sysconfig/network/scripts. There, we will get the complete list of the configuration files of the interfaces. We can manipulate those configuration files. We can change those configuration files. We can add new configuration files there for our specific purpose, like giving the IPs or adding the routes for IPs. We can have ifcfg files for giving the information like an IP to a specific interface. We can create a file like vi ifcfg-<name> of the interface. So, I can go inside it and add the IP address by giving the ETHDEVICE is equal to this LAN0 type, everything I can give there. And then I can add the route also by using route -o -route <name> of the interface and I can add the route manually by giving a command "ip route add" for example, 10.10.10.10/22 24 and dev is the name of dev for example LAN0, the name of the interface that the route will go with this interface, or I can add the default route as well by using "route add default" the next hop and the name of the IP. In Rocky 9, we have the similar thing but in a bit different way. We can add the interface information in the directory like /etc/systemd/network and then /etc/systemd/network/monitor. There, we have everything like we can have, we can create, manipulate, or write the name, write the IPs, or and for the spare interface names like if you want to change the names of the interfaces, we can go to the file like /etc/udev/rules.d/ and we can cat the file which starts with 70-persistent-net-rules. Here, we can rewrite the name of the interfaces against the MAC address of those interfaces. If you want to check the SFP cards in that server, we can write a command "sfp-key" where we will get whether the interface whether the SFP cards are of 10G or 20G. The series starts with 2522 is a 10G card which has two ports, and the series starts with 2541 is a 40G port which has only one port which can be divided into four 10G each ports by using a breakout cable.

In a cloud-based data center environment, so what we'll do, first of all, we'll check how much storage we need for that platform, and we'll check the hardware we want as per our needs. And then we can install an operating system, whatever we need, like we have. We have different operating systems of Linux. We will install those operating systems, and then we'll check the cloud storage we want, how much cloud storage we want for that or in that server, and then we can configure it from the network end, like adding the routes, adding the IPs for a specific interface or giving security rules. Like, we can give SSH keys for secure connections, and we can check the SSL certificates by going into the directory, like /etc/SSL/certificates to check whether we have the certificate, and we'll add those certificates in there. So then finally, we can start our server and verify whether everything is working fine. If everything is working fine, then our process is over. We can end this process, and our server is working fine in a cloud-based data center environment.

So latency issues in a network are like seeing how we'll find those latency issues. Let's say, if we're pinging something and we're getting very high latency, indicated by that RTT value. So if we want to check why we're getting it, we can use the trace route command to see the pathway of our data that's taking place. So if we found that it's going the other way or the way it shouldn't be taken, it should take the shortest path, so we can manipulate the route. We can manipulate the traffic in that specific router to make it easy for them to use the shortest path, so our latency will come down. And latency issues may also come when we have some flapping issues with our ISP links. So at that time, latency issues can occur. So, basically, to overcome all those latency issues, we need to monitor our network properly. We need to monitor the sensors we have for latencies, why we're getting high latency. Like, it should be coming in nanoseconds. Right? So we can check it. And we do have tools like PRTG through which we monitor the latency issues, like how to resolve them and how to overcome these latency issues, the routes, the path, how we're getting those paths from where we're getting them, and what's the RTT time of it?

The scenario where we can investigate is when there's a discrepancy like throughput is the total quantity of the data transferred through the network, right, but including overheads as well. Goodput is the amount of useful data transmitted, minus overhead. Goodput is the total amount of data transmitted minus overhead. So, it describes a situation where network goodput does not match the expected throughput, including how you would investigate and address discrepancies. So, basically, if the goodput is not matching with the throughput, then goodput is actually the lesser amount of data than the throughput. If the goodput is not matching with what it's expected via the throughput, then there should be an issue with the throughput. So, we can check the links, we can check the bandwidth of the link, why it's not getting the data, whether the packets are getting dropped or not. Because the goodput is the amount of useful data without overhead, but the throughput includes the amount of complete data, total amount of data including overheads as well. So, if it's not matching, we have an idea that the throughput might have some issue or packets are getting dropped, or we have some bandwidth issues, or there's some glitch, there's some issue with the link, like we're getting data drops and all.

So to manage bandwidth utilization and locate resources for high priority services, we can use the quality of service in the router. And we can manually configure the quality of service where we can give priority for some specific tasks and give the highest bandwidth to them. We can do this with the firewall also. Like, in Meraki firewall, we can make a policy of, for example, if we have 40 Mbps of total bandwidth, we can make the policy to give 30 Mbps of bandwidth to a specific IP address or to a number of IP addresses. So we can add the policy with that where those with the highest priority jobs will get in first and will be able to use the highest possible bandwidth, which we have already configured via US policies or via the policies.

Steps required to design and specify system requirements for a new network solution. So, basically, what if we are starting from scratch, then we need 1 router, which will be connected with the ISP at the end. It will be connected with the ISP. And we need to focus on scalability also. So, we'll find the router which has all the features of a layer 3 router. Like, we can use protocols like OSPF, BGP in that. And then we will see what other requirements we need. For example, if we have a new setup, then basically, it should be completely connected. So, we might need access points for office setup Wi Fis and all. We might need switches. We don't need to buy high-end switches, which are very costly. We can buy switches, which are fair, which are okay with the performance we want. So, we can buy micro routers. We can buy SG 300 switches, which are not much costly as compared to Nexus, which is also layered layer 3 switches in which we can add BGP routes also. So, basically, it depends upon what we are going to design and what are the requirements. For a simple design, we can have 1 router if we are talking about the same area in a specific area. If you're, we can have a router which supports VPNs. We can have, like, I can give an example of MikroTik routers, which are not much costlier. We can have switches. We should have a firewall, which will manage our security traffic, which will allow and deny the traffic based on our needs, whether we want SSH or we want ping to be enabled or to be allowed with that. So, basically, all of them.

to optimize server utilization in a data center, virtualization technologies are used. basically, we have a lot of virtual technologies, like servers kept in the cloud or using cloud servers, or virtual servers, which are very beneficial. we don't need any space for them, and we only have to pay a certain amount after a month or a year. it's very useful because if you were going to buy a server, it would definitely be costly to buy a server and have space for it in the data center. so instead, we can have a virtual server in the cloud, and if we want, we can increase the storage easily without any issues. we can optimize the servers that are virtually placed because it's very easy – we don't have to do anything ourselves. we just have to request the company managing our servers to do it. it's a very easy and optimistic way to run our servers in a virtual format because it optimizes the overall performance of the server. we didn't want to have any space in our personal data centers or buy any racks for those servers, so it's very leveraged for us to optimize server utilization.

We can have a backup of configuration firewall configurations. And, how we'll manage it throughout the network is, like, we have different sites of a network. So, how will we do it? We will, if you want to monitor any of the firewalls or manage any firewall configurations, we can take a backup of those configurations or we can just check the router, switches, and firewalls.