Home

ITIL Foundation Overview

July 10, 2015

Miftah Rahman Other Stuff , , , , , , , , , , , , , Leave a comment

I have been teaching some network implementation courses from vendors like Cisco, Juniper, and CompTIA for a while now, from the scope of Routing-Switching, Collaboration (Voice and Video over IP), Network Security, Service Provider, Data Center, and actually got into Network Design

Some student said…”because Network right now viewed as a SERVICE like another IT scope (Application as a service, Infrastructure as a service, and so on), do we have a specialized knowledge about managing IT as a service, not just a network?”

Well…there ARE some…a guideline of best practices (most of practitioner call it…a Framework)

  • ISO 20000 for IT Service Management
  • ISO 27001 for IT Security
  • COBIT
  • COSO
  • ITIL

In fact…here’s the chart that those topics cover

So you see my reason why I choose ITIL for learning IT as a Service, because IT IS talk about how to manage IT Services and pretty much cover all aspect too (although not in specific…just in general terms)

And here’s my journey to ITSM (IT Service Management) called ITIL (IT Infrastructure Library)…Formed by OGC (Open of Government Commerce) from UK

Right now the certification is handled by EXIN (its own “PearsonVUE” for exam), which is approved from AXELOS (Government of UK and Capita – a management company, joint venture)

Hope this article (and more coming) will be informative for you guys…

(untuk bahasa2 inggris yang terlalu panjang maknanya nanti ada translate-nya, dengan gaya gw sendiri tentunya)

——————————–

ITIL in a Nutshell

ITIL has been out for quite a while now that it reaches version 3 (ITILv3) which focused on Service Lifecycle (v1 focused about service mainframe, v2 talks about framework more)

Lifecycle? Yes…you know PPDIOO (the one that Cisco create for Designing Network Services) right? a lifecycle…a continuous service improvement

For example, Cisco can’t offer selling Router forever right? There’s gotta be some improvement…like Cisco bought company called Catalyst for their switches and Celcius for their Collaboration products

For what? In the marketplace, especially modern one…no one can MONOPOLIZE (monopoly) the market, so you see their reason why they choose to diversify (and getting strong on the router brand also)

Because there are competitions!!!…if you can’t move forward…you’ll be left behind…simple as that

As a part of ITSM, ITIL provide practitioners and student insight how should IT services works

Because ITSM is…how IT can provide value to customer
(customer here is not limited to buyers…internal users can be customer because they USE that services that IT provides to them)

So what is this term called Service? I know…it like this pic below right?

It called serves Son….please don’t go full retard…

Service in IT is how (by means) to deliver the value (from provider) to customer by facilitating outcome that the customer want to achieve without the ownership of cost and
risk (ITIL Service Strategy book page 13)

Indonesian Translate: Service didalam IT itu intinya bagaimana cara kita (sebagai IT provider, entah itu outsource atau IT internal department) mendeliver sebuah pelayanan yang konsumen butuhkan tanpa harus mikirin resiko dan biaya sehingga pelayanan itu ada nilainya/harganya…alias patut dipertahankan

Case A: XYZ Company offer to customer some 4G services

They certainly be asking “is it worth it? Our traffic is currently no more than 512 kbps? Why we must use this excessive 100 mbps (4G speed is more than 100mbps) with GREAT COST? What value (benefit) added to us by using this?

Case B: XYZ Company want to replace 1841 router (ISR G1) to 1941 router (ISR G2), they CERTAINLY will be asking…

why we must replace the working, stable, and almost bug-free router (1841 is badass, I must say) and take the risk of making our networks down?!

Is the Network Service offered by 1941 good enough for them?!? Now you get what I mean SERVICE

Who handle the service delivered to customer? Service Owner…a person or units (a group of person) that handled that service

Service owner in case A: telecommunication service provider, because they provide that 4G services

Service owner in case B: IT Solution Vendor, because they provide maintaining the Company network infrastructure (changing, maintaining, removing, etc.)

In order to change something, we must know why we must change it or the reason why we must maintain it orsome parameters of why we change it

That parameter is called Baseline

Example A: we must change bandwidth limitation of HTTP traffic to 1mbps from 512 kbps because its getting laggy (performance baseline)

Example B: all network in branch XYZ must use 192.168.1.0 ip addressing scheme (configuration baseline)

And sure…why we must maintain a service, change a service, expanding/advancing the service, or even remove a service…because there ARE some business case (like benefit, cost, risk or potential problem)

And nearly all the business case justification is MONEY, we certainly want to advance…but often blocked by the invisible wall…called BUDGET

(Imagine Jessy J singing Price tag, okaaay…sing along with me!!!)

Because ITIL Foundation is mainly talk about service offered to customer, sure enough that customer will ask about what function it can do, what task that can be performed by this services, and what process can be helped by it

The ability to carry out certain task (both function and process) in ITIL is called Capabilities

And because Capabilities is consist of function and process, what is these in ITIL?

Function is to define what activities that team of people (Service Desks, IT Supports, etc.) and tools (software/hardware) can do

And Process is a structured set of activities designed to accomplish a SPECIFIC objective. A process takes one or more defined inputs and turn them into defined outputs (Service Strategy book page 20)

My Translate: Process is a set of activities that those FUNCTION performing, more like coordinated activities…that we hope to produce something from that process…which is “VALUE”

The person that responsible for making sure that process doing what is supposed to do is called Process Owner, pretty sure this person must be accountable too (the right person to do the right thing)

And the person that making sure that process is able to perform the operation is called Process Manager
(this person must report to process owner)

There is 4 attributes that define what a called process:

  • Trigger – what start the process (what causing the process to start)
  • Activity itself
  • Dependency – what components that require before process is running
  • Sequence – what step should we do for continuing the process to accomplish objective

3 key for a good process:

  • Can measured – with decimal or percentage (success rate of execution of problem for example)
  • Specific result – not in general, but specific (computer must connect to network, anything else like Media Player such music and video can be ignored)
  • Meet expectation – expect repairing network under 10 minutes

——————–

Example: Service Desk (Function) will perform maintain computer network connectivity and perform as IT first level help desk before delegating to higher level officer (Process)

The Process of Service Desk of IT Support:

  1. Trigger – Trouble Ticket from user/customer
  2. Activity – perform general computer checkup
  3. Dependency – the IP address must be correct (if we want to resolve the problem remotely)
  4. Sequence – perform documentation for Fault Management (avoid the same problem occurring again because we have the database of the fault)

What can we get from IT Support Help Desk Process

  1. Measured – the success rate of computer repair is 80%
  2. Specific Result – all repaired computer can connect to the network
  3. Meet Expectation – all repairing computer done under 10 minutes

Is it good? The answer may vary…depends on company’s IT policy

Like IT Support (perform activities like repairing computer service, Process Manager) must report to IT Manager (the one who responsible for making sure repairing computer is taking right amount of time, Process Owner)

In ITIL Capabilities is defined as Intangible Assets, where Resources like Infrastructure (Data Center, Router, Switch), Human (can be Intangible too), or even Money is defined as Tangible Asset

What is an Asset? Asset is anything that provide value to Company. Asset divided by 2:

  • Tangible Assets: Router, Switch, Data Center, or anything that can be purchased (including Human)
  • Intangible Assets: can’t be purchased but can be developed, such as Human Capital (we can train them!!!), Social Media (Customer Brand Awareness

———————————–

ITIL Service Lifecycle

ITIL is mainly talking about:

  • Service Strategy (what can we say about our current company prospect, what should we do to our current state)
  • Service Design (now we know what to do, lets plan something)
  • Service Transition (how to properly migrate our planning into operational state)
  • Service Operation (how to keep our service operational on AGREED level, usually customer satisfaction)
  • Continuous Service Improvement (what can we do to make our 4 service above keep running and improving)

ITIL foundation cover most of them (including its sub-topics), but if you want to have a detailed knowledge

Please buy these books @150 dollar each…haha

And in the next article..lets hop into Service Strategy (if I have time and not lazy enough to write hahaha)

———————————–

Reference

Cbt Nuggets ITIL Foundation video by Chris Ward

http://its.yale.edu/news/itil-foundations-what-service

http://blog.social-advantage.com/2007/11/examples-of-intangible-capability.html

and Nanda Noviza Rachman as my ITIL Mentor…thanks bro

DMVPN Introduction (Dynamic Multipoint VPN)

July 7, 2015

Miftah Rahman Config Router, Network Theory , , , , , , , 5 Comments

Well…its been a while since last time I post something to my beloved blog, and now lets go straight to the topic

What is DMVPN? Why we use it? And How we do it?

Prerequisite for learning:

  • GRE (generic routing encapsulation)
  • knowledge of Routing (Protocol)
  • and….a little bit about CEF

btw…since this is the introduction, I’ll teach you how to develop DMVPN Phase 1

———————————-

Introduction

A problem with GRE…

Klo kita punya kasus kek gambar diatas…bagaimana supaya R2, R3, R4 bisa terkoneksi satu sama lain dengan GRE?

Klo yang pernah nyoba pasti jawabnya…Hub-and-Spoke atau lebih bagus lagi…FULL MESH

Baru 4 node aja…kita harus handle 6 tunnel, bayangin klo 7, 8, sampe 10 router atau kantor cabang

The solution…we will build dynamic tunnel called DMVPN (Dynamic Multipath VPN)

———————————————-

DMVPN…how it works

DMVPN itu terdiri dari 3(5) teknologi:

  1. Multipoint GRE (mGRE)
  2. Next-Hop Resolution Protocol (NHRP)
  3. Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
  4. *Dynamic IPsec encryption
  5. *Cisco Express Forwarding (CEF)

Basic DMVPN cukup pake 3 point diatas…Secure DMVPN baru pake point 4, dan…DMVPN phase 2 & 3 pake point 5

DMVPN phase? Ya…DMVPN VPN dibagi jadi 3 fase

  • Phase 1: Spoke register dynamically to Hub each time they want to do communication between Spoke
  • Phase 2: Spoke-to-Spoke tunnel…using CEF, but still use Hub for NHRP source
  • Phase 3: multiple Hub for scalability

mGRE: daripada gw bikin tunnel static tiap node kek GRE, mending gw bikin hub-and-spoke aja, gw tanyain ke hub…jalan untuk ke tujuan/destination lewat mana, baru gw bikin tunnel kesana

trus nanyainnya pake apa? Pake NHRP (Next-Hop Resolution Protocol)

Apaan itu NHRP? Next Hop Resolution Protocol (NHRP) is a protocol or method that can be used so that a computer sending data to another computer can learn the most direct route (the fewest number of hops) to the receiving computer (RFC 2332)

Kek contoh diatas…tapi mirip kek ARP (Address Resolution Protocol) yah? Ho oh

Bedanya dimana? Ya beda tong…ARP minta tolong switch buat minta next-hop mac-address, NHRP minta tolong router untuk minta next-hop IP

Spoke dalam NHRP disebut NHC (NHRP Client), sedangkan Hub dalam NHRP disebut NHS (NHRP Server)

————————————————

DMVPN Configuration

Pre-config:

  • IP addressing and Default route in each router (except Internet)
  • Klo pake GNS…pake IOS 3725

On Hub (R1)

Penjelasan:

Int tunnel 0 dan tunnel source fa0/0 pretty self-explanatory (and ip address too)

  • Tunnel mode gre multipoint: ini mGRE-nya
  • Tunnel key 1234: security measure buat tunnel (MANDATORY since IOS 12.3(14)T or 12.3(11)T3…klo ga, mGRE ga mau jalan)
  • Ip nhrp network-id: locally significant, biar si router tau dia mau ngirim NHRP ke “domain” mana (jadi 2 tunnel atau lebih bisa join di domain yang sama, lebih dinamis…contoh: buat PT.A pake id 1, buat PT.B pake id 2)
  • Ip nhrp authentication [STRING]: security measure, hanya node2 yang tau yang berhak bikin tunnel via registrasi ke hub
  • Ip nhrp map multicast dynamic: salah satu key component DMVPN, jadi Hub bisa mapping siapa mau bikin tunnel ke siapa, asal ngomong dulu ke dia (mapping-nya kek mac-address Port Security “sticky” di switch)
  • Ip nhrp shortcut: digunakan di DMVPN phase 3, untuk rewrite CEF entry…after getting redirect message? Who gave it?…
  • Ip nhrp redirect: this is the one who gave it, fitur ini mirip ke ICMP Redirect, klo si hub tau best path ke destination yang lebih pendek/cepat…dia akan ngasih tau ke source node-nya “kirim aja ke sono langsung…”

Jadi untuk ip nhrp shortcut and redirect digunakan untuk DMVPN phase 2 dan 3

Penjelasan:

Rata2 sekarang switch/router sudah mendukung jumbo frame (MTU lebih dari 1500), tapi klo engga…dengan path-mtu-discovery, router bisa ngukur besar paket yang akan dikirim supaya ga di fragmentasi (that’s the definition of MTU right?!?)

(kadang2 suka ga jalan ini mtu-discovery, entah karena ICMP nya ke blok makanya “pengukuran” MTU-nya kaga jalan, jadi kasi aja no path-mtu-discovery…). Kita juga bisa kasi manual MTU limiter kek Ip mtu 1400 artinya kita set max MTU 1400, nah MSS (max-segment size) kita kurangin -40 (best practice dr expert gitu, gw juga ga tau kenapa mesti -40) jadi 1360 biar ga kepotong (tindakan preventif kali ya…)

In R2, R3, and R4 (bedain IP-nya aja)

Penjelasan:

Most notable configuration in this router is ip nhrp nhs [destination tunnel ip address], artinya kita ngasi tau ke router ini…klo mau bikin tunnel tolong registrasi ke ip tersebut (NHS)

Emang ip tersebut bisa diraih lewat mana? Untuk bisa ke ip tersebut kita pointing ke ip physical/fisiknya router target, and that’s why ip nhrp map [ip tunnel] [ip physical] placed in CLI

Plus klo mau multicast…kirim aja ke ip physical tersebut juga dengan ip nhrp map multicast [ip physical]

By the way…dalam NHRP…IP Physical tersebut dinamakan NBMA Address

DMVPN is done…anything missing? Yes…now the routing takes place

Masukin ip network tunnel-nya, masukin juga network 10.0.0.0-nya (di R2, R3, dan R4 juga sama)

Don’t forget….EIGRP is DISTANCE VECTORthere is SPLIT HORIZON (jalan keluar DAN masuknya Cuma 1…interface tunnel 0), so disabling split-horizon (no ip split-horizon) and next-hop-self (no ip next-hop-self) will do the wonder

————————————————

The Verification

Dari sini kita bisa liat…R1 dynamically learn about others tunnel via NHRP

And lets check out the routing table

Lets check in R2 pinging and tracing to R3

Lets check the wireshark…(coba ping dari R4 ke R2, trus cek di R1…jgn di cek sama yang udah tunneling kek R2 ke R4 misalkan)

Anddd…R1 correctly redirect to 172.16.0.2 which is R2 tunnel IP

————————————————

Reference:

DMVPN Explained by Petr Lapukhov #16379 @http://blog.ine.com/2008/08/02/dmvpn-explained/

DMVPN Type by by Petr Lapukhov #16379 @http://blog.ine.com/2008/12/23/dmvpn-phase-3/#more-400

NHRP by IETF RFC 2332 @http://www.ietf.org/rfc/rfc2332.txt?number=2332

NHRP Network-id https://supportforums.cisco.com/discussion/12075461/dmvpn-ip-nhrp-network-id

Adjust MSS https://learningnetwork.cisco.com/thread/40703

Older Entries Newer Entries