The premiere source of truth powering network automation. Open and extensible, trusted by thousands.

NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.

Difficult Concepts for Newbies

By stretch | Monday, January 21, 2013 at 12:42 a.m. UTC

Earlier today on Twitter, I asked:

What networking concept do you wish you could go back in time and explain to your newbie self?

I received some interesting responses, ranging from understanding what purpose the OSI model serves to RIB versus FIB, from spanning tree to VRFs. Having taught a number of CCNA classes and been in a position to gauge student reactions, some of the responses were predictable. Others, like Bill's comment about not understanding the benefit of the OSI model, were intriguing.

I think that many of the knowledge gaps common in our field can be traced to a phenomenon in professional education where concepts are not thoroughly explained simply because the explainer has forgotten having learned them. An author of a book on spanning tree, for example, may be intimately familiar with the operaton of the protocol, and explain in numbing detail the root bridge election process, but fail to explain why a root bridge is necessary. I thought it would be an interesting exercise to take a casual poll along readers and see what other fundamental knowledge is commonly not well understood until one is several years into his or her career.

Back to the question at hand: For me, I think it would be IPsec. Not that I truly understand how it all works under the hood still today, but learning about IKE and ISAKMP and phase one and phase two early on was harsh. What about you?

Posted in Education


January 21, 2013 at 4:04 a.m. UTC

MIMO multi-stream radio and COHERENT optical modulation.

Endless Mike
January 21, 2013 at 6:23 a.m. UTC

I'm gonna throw out the obvious one and say subnetting

January 21, 2013 at 7:23 a.m. UTC

difference between switching and routing, or when switching is applied and when routing is applied. I know, it is very basic for networking guys, but sometimes for server administrators or application administrators it is hard to understand.

January 21, 2013 at 9:43 a.m. UTC

Back in the days, That was definitely IP Multicast routing... The first time I read about it, it felt just counter intuitive compared to unicast routing :) :)! With the bloody (at that time :)) RPF checks, the weird IP mroute table and its flags, the point of having an RP for Mrouting protocols with explicit joins, RPT, SPT...
That was just a LOT!

January 21, 2013 at 12:59 p.m. UTC

spanning tree, NAT

January 21, 2013 at 1:15 p.m. UTC

Multicast in all its glory.

Alex S
January 21, 2013 at 4:03 p.m. UTC

NAT ... on Cisco devices. I can grasp it with let's say iptables. I cannot "get it right" with Cisco IOS mechanics.

Jeet Bhatia
January 21, 2013 at 4:58 p.m. UTC

Definitely Multicast!

January 21, 2013 at 5:43 p.m. UTC

Back in the days NAT and STP makes me sick. Today, believe: DNS is not SO clear. Who do the searchs, recursive searchs, etc

January 21, 2013 at 6:05 p.m. UTC

Applying filtering/ interpreting a packet capture on the fly and keeping the source and destination addressing straight.

Its easy when you're whiteboarding it or doing it in a scheduled window. Its not so easy to remember when you're filtering specific ports or IP addresses because "it needed to be done 5 minutes ago".

I always kept it straight by associating source with the word from, and destination with the word to.

Easy concept, but keeping it straight with no sleep at 3AM on a conference call is not.

Brent Salisbury
January 21, 2013 at 6:37 p.m. UTC

Hey Jeremy, very interesting thoughts. Just to add to your feedback collection, some 12 years ago, all I could wait to do was getting on the stick and operating IOS. I was more concerned with knowing how to nail up BGP adjacencies then being able to differentiate L2-L4 headers. I would have saved myself a few cycles a couple years down the road if I had pulled on the reigns a bit.

That said your point on relevant vs. irrelevant is good. I like the questions, RIB, FIB, LFIB all fundamentals of control and data plane packet processing. Those concepts will outlast us all, so well worth a few months of focused study.


January 21, 2013 at 8:48 p.m. UTC

What networking concept do you wish you could go back in time and explain to your newbie self?


For years: oooo you can get stuff from my domain, oooo big deal, you can do that with FTP!

It wasn't until the boss said "So, can the server thingie connect to {branch office}?" that the light finally came on.

January 22, 2013 at 4:28 a.m. UTC

For me, it would be the technologies around the lower layers; layer three and up are obvious for me (I know, that's the crux of the problem at hand), but spanning tree and loopless directed graphs, with different graphs logically overlaid (with different roots) makes difficult for me.

January 22, 2013 at 6:38 a.m. UTC

How to use/read packet captures. It's incredibly useful to be able to look at a packet capture and realize(for instance) that you have thousands of fragmented packets going across a GRE+IPsec tunnel and maybe you should adjust the MTU size(or use "tunnel path-mtu-discovery") or being able to prove that an issue getting blamed on the network is actually being caused by a server denying access to the user...or the thousands of other ways packet captures can help pinpoint the problem.

My second choice would be the same as yours...the various stages of negotiation while creating an IPSec tunnel, and what the end devices are supposed to be sending/looking for at that stage can definitely save you a lot of time and headaches if you know them.

For other people...I really wish I could pound the importance and use of the OSI model into my Airmen's heads while troubleshooting. I just have to shake my head every time I see one of them start at layer 3 without verifying layers 1&2. 9 times out of 10 it's a physical issue.

January 22, 2013 at 1:23 p.m. UTC

MSS vs MTU and why

January 22, 2013 at 1:24 p.m. UTC

I agree on Bill's comment, there is too much time spend on explaining OSI model in early network education. I think it is confusing, and not practical. My experience with learning was that I was taught tons of details about OSPF/EIGRP, but for long time thought 'network' statement under 'router' is to advertise networks (even not knowing BGP at that time)

January 22, 2013 at 2:56 p.m. UTC

How about a demonstration of the interactive flow of data from physical through application layer to include a visual flow of frames into packets of various protocols and how they coexist. Even include spoofed, forged and oversized packets, what they look like and where they go or get dropped. Warriors of the net is an all time favorite, but its time for the next generation that digs a little deeper. I am not convinced that many, even certified, folks have a fluid grasp of this, self included, and yet its a core foundation to what we do everyday. Just a thought, thanks!

January 22, 2013 at 3:53 p.m. UTC

I find that one thing brand new IT folks have trouble with are sifting through log files and being confident with any and all CLIs. I have more recently gotten better with each and have gotten significantly better an all angles of IT as a result.

January 22, 2013 at 7:27 p.m. UTC
A guest
January 23, 2013 at 3:01 a.m. UTC

Eigrp delay - using delay manipulation as a best practice to influence metric as bandwidth command is used for QoS policies and could cause issues if you manipulate the bandwidth statement.

Cisco router config where the network command does not mean +network+ will the routing protocol run on, but rather what +interface+ it will run on.

router ospf 1

Will turn on ospf routing process for the following interfaces:

int lo 1
ip address
int lo 2
ip address
int lo 3
ip address


router ospf 1

Will tunr on the OSPF routing process for:

int lo 1
ip address

January 23, 2013 at 5:15 p.m. UTC

For me it was MPLS. I knew how to use it and how to configure it, but it was years before I actually grasped it well.

Also, Layer 3 Switching vs Switching/Routing. It's not a difficult concept once it is explained. It just seemed to be so hard to find anyone who actually knew and could/would explain it.

January 23, 2013 at 6:30 p.m. UTC

In my profession I am constantly met with the challange of re-training so called "trained" network technicians. Obviously the first issue I see a lot of is IP addressing in IPv4. It isn't that complicated, but it is the foundation for everything is this career. I have a strong basic electronics background so it is easy for me to understand why each device listens for broadcast packets. It's all about the bits! The next area is routing vs. switching. A phrase I use over and over while training is "Routers connect networks to networks and limit broadcast domains.....andd then they route stuff". If you were to ask any of my trainees what a router does that is the response you will get. When I was new to networking this phrase was extremely helpful in troubleshooting routing issues. I would also ask "What does a router know about by default?" And the response should always be "They only know about their directly connected networks!" Another question "What do routing protocols do?" Answer "They are like gossipers...gossiping about networks to other routers." The above are basic fundamental networking subjects where I constantly see a lack of knowledge.

January 24, 2013 at 8:07 p.m. UTC

What takes a while to get to grips with is the difference between physical/L2 and logical topology in a network. Without this understanding it can make visualising networks very difficult.

This problem is exacerbated by network diagrams that are neither physical or logical but a Frankenstein mix of the two!

January 27, 2013 at 11:50 a.m. UTC

multicast or as you said IPSEC.

January 29, 2013 at 12:35 p.m. UTC

I never had issue with technical concepts or mechanisms. It has always been clear (I probably had only good teachers :-) )

But what I wish I had learned before is that, without a strong argumentation and fighting, most executives (directors and project leaders) like the quick and dirty solution instead of a resilient, well-planed one.

February 4, 2013 at 7:53 p.m. UTC

TCAM. Frankly anything related to hardware architecture of network gear. ASICs, FPGAs, crossbar fabrics, etc. Still feel like I only have superficial understanding.

February 6, 2013 at 1:45 a.m. UTC

LoL the difference between layer 2 and layer 3 - Specifically the difference between a frame and packet. Unfortunately I run across engineers who interchange these terms and really don't understand L2 vs L3...Seems like a good time for

February 6, 2013 at 7:47 a.m. UTC

For me it is multicast

February 6, 2013 at 2:25 p.m. UTC

This dates me a little bit, but when I first started I remember having a tough time wrapping my head around Frame-relay, ATM, FR-ATM, and ATM-IMA. . Also CIR/PIR leaky bucket token stuff was a head scratcher.

February 6, 2013 at 10:47 p.m. UTC

Hey and don't forget about QoS. The sheer amount of acronyms can scare the bravest engineer : HQF, MQC, MLS, WFQ, SRR, LQ. And then you get queueing, policing, shaping, tail-drop methods. And if that wasn't enough you get different configuration practically on every switch model which of course differ from router configuration.

February 7, 2013 at 6:17 p.m. UTC


February 24, 2013 at 4:51 p.m. UTC

I'd go back and explain the politics in IT and the importance of strong IT leadership. For example, many times the IT team may have several methods to resolve an issue or accomodate a request, but I have found that many of those solutions should not be recommended because as someone else mentioned, the cheapest and/or fastest is often the one chosen by business management.

I wish I had learned earlier on that it is up to the technical team leadership to inform the business decision makers of their options, AFTER filtering the less desirable ones and to hold fast to their recommendations. I would have saved myself countless nights and weekends fixing issues caused by business decision to go with the cheapest/fastest solution.

February 24, 2013 at 8:41 p.m. UTC

Any and all things IPSec related. DMVPN tunnels are killing me right now.

Matt Sunderland
February 26, 2013 at 2:38 a.m. UTC

This is a great post, and one I have thought about a lot.

1) The difference between switching and a switch, and routing and a router. The fact the routers do switching, and switches do routing is pretty crazy as a new network engineer.

2) The difference between the internet and the world wide web. You surf the web. Surfing the internet would be like trace-routing or jumping from AS to AS. And that as a network engineer you are doing so so much more than giving some computer somewhere just access to the internet/web.

February 26, 2013 at 1:33 p.m. UTC

IPSEC just always seems much more complicated than needed.

I learned BGP first, I had a harder time understanding protocols like OSPF because of it. I've read that learning these two in reverse order isn't easier either.

Somehow people get a mental model of one and which makes it harder to learn the other.

And DNSSEC isn't particularly complicated if you already understand encryption, but deploying DNSSEC scares me because of the failure modes (there is mostly just one failure mode: complete failure).

February 27, 2013 at 6:50 a.m. UTC

I have a list,
1. IP Subnetting
2. Multicasting
3. IPSec

February 28, 2013 at 2:22 p.m. UTC

Maybe too obvious, but it would have been useful to say that routers have 2 tasks: routing IP packets & participating to a dynamic routing protocol.

March 5, 2013 at 2:25 a.m. UTC

Frame relay evaded me for awhile. But the hardest things to grasp for me was iPV6 & multicasting

March 10, 2013 at 3:05 a.m. UTC

First-- Hello Jeremy. I work for a cisco partner 2 hours east of you in Wilmington, NC. All my engineers read your site! Your flashcards helped me pass my CCNP last year, working on my CCIE R&S now.. will lab it up at RTP end of year.

Topics difficult for me to get at first:

VLANs (of all things I find so simple now) OSPF different types Using Tunnel interfaces - VTIs or GRE instead of crypto maps

Stuff i'm struggling with now (taking the CCIE written next month) Multicast! MPLS IPv6 (basically everything I never use on the job)

March 12, 2013 at 8:15 a.m. UTC

Don't read this... it is long and boring :)

I'm CCSI and I began my studies as a "Cisco Networking Academy Student" +-10years ago.
Truth is I self-studied almost all concepts... Things that was most hard to learn by self are easier to catch if you know the background. And now when I teach, more then my students, I realize if you introduce a problem and think about possible solutions, technologies are just more precise in definition then common sense.

From my beginning i remember
STP, then
Frame-relay, then
MPLS and
were hard to learn (not mentioning DUAL, because I was not thinking about it too much over noFS=>send Query :D). Now I realize that technology was not a problem, but
- realize background (historical),
- it is more about knowing what the problem IS, and how to solve IT (STP, Frame-relay), or just about
- splitting a problem to parts (problems) and solve them one by one (MPLS, IPsec)
(DUAL was little more complicated, after few iteration of not caching it and lacking more useful information, i had to go into original Garcia-Lunes-Aceves paper to finally understand)

Problem is that networking technologies are more and more compound (not complicated, but made of more and more pieces of small things). For example IPv6 compared to IPv4...Many people think that it is just a new header... ok it is... but if you try to understand IPv6 this way, it is like seeing a wheel(IPv4), and think that a car is just more complicated wheel, but it is not... a car is bunch of many technologies, easy study one by one (evolution of car) but impossible to compare pure IPv4 and bunch of thinks in IPv6. So going into new technology is more and more demanding. Let take multicast, i studied that problem splitting it (how to send, how to receive, how to route...). and now it is in IPv6 basics... so going into the same detail level just to understand a portion of IPv6 is ...

March 13, 2013 at 10:54 a.m. UTC

1.Interaction with the end-user (since no school ever taught me that)
2.NAT; so many confusing terminologies (static identity, dynamic identity, outside nat, inside nat)
3.Multicast (Never used it)
4.OSPF on a frame-relay network

All i can remember for now

March 22, 2013 at 9:28 p.m. UTC

Getting my head around acl direction in a asa, for some reason that seemed to baffle me.

April 18, 2013 at 11:59 a.m. UTC

The politics of it; Re:
"I'd go back and explain the politics in IT and the importance of strong IT leadership. For example, many times the IT team may have several methods to resolve an issue or accomodate a request, but I have found that many of those solutions should not be recommended because as someone else mentioned, the cheapest and/or fastest is often the one chosen by business management"

Except that also this does not work long term - you and your team become the enemy - since your are deemed a power center, that has all the answers that seem to cost more.
In my last job i came in when they were dismantling a group of entrenched architects.
the politics - the bad blood -toxic - before long we all left - with this phrase in my head - explain it to me like in Ben and Jerry and all i only is need good enough.

April 18, 2013 at 12:03 p.m. UTC

Virtual switch module and virtual ports and virtual port grps and policies attached to them.
in data center networking when virtualization is rampant - it works but defies the idea i have of STP domains

April 24, 2013 at 5:20 p.m. UTC

d'oh: static routing and default routes, but all the above is good!

Sherief El Hamalawy
June 22, 2013 at 9:57 a.m. UTC

This is absolutely right, that's why i decided to make a campaign after 2 and a half years of networking and i called it "Back to Basics". I decided to do several things that makes me understand the concept more than the operation of of protocols and networking

  1. Read the first RFCs for TCP/IP and learn the evolution of the network
  2. READ RFCs first then read Vendors implementation. (Refer to point 1)
  3. Use packet dissection tools like Wireshark for every packet that passes by ( very time consuming, but very rewarding )
  4. Listen to people like Ivan pepelnjak and Greg Ferro podcasts and video casts and follow blogs like yours ;)
  5. Document everything that I tend to forget about concepts and even operations in a Blog, it makes you obligated to understand so that you can type it out on the Internet

August 27, 2013 at 11:58 p.m. UTC

Few on top of my mind are :

1) Various WAN types such as EoSDH , STM1 , Channelized E1/T1 , POS , DWDM etc . Over period of time you start getting better understanding of these things.

2) IPSec...ofcourse.

3) UNIX... :-(

October 11, 2013 at 7:54 p.m. UTC

I think the whole Windows name resolution system (NetBIOS names, WINS, etc) was the hardest for me when I moved from a UNIX world to a Windows world. As far as networking ? Would have to be switching versus routing.

June 16, 2016 at 10:10 p.m. UTC

I AM a newb...I'm attending the Rackspace Open Cloud Academy to get my Network + Certification, then move on to either NetOps or Linux (Redhat)... I'm absorbing a goodly amount of information, and all while having no practical IT experience. So far, I'm absorbing most of the concepts. I will say subnetting has given me the biggest headaches. The OSI Model is not too tough. I'm still committing to memory the layers--which have a sensible order. Acronyms--outside of the military, I have never seen so many acronyms! I'm glad to have found your site...Thanks.

Comments have closed for this article due to its age.