CCIE Study update (May 15)

Posted on by
Reply

Over the past couple of days I have reviewed the remainder of the INE Advanced Technology videos that I felt that I needed to brush up on.

I felt that before going onto the next stage that I needed to brush up on mostly some of the legacy QoS (FRTS included) and also the Catalyst QoS, I already felt pretty happy with it but as I don’t use it a whole lot day to day I felt it best to get it out of the way.

Starting tomorrow I am going to begin the Vol2 INE lab workbooks and go through them sequentially whilst also accompanying them with any Adv Tech or Vol1 scenarios as I see fit, hopefully as I get further through the 20 labs the use of the accompanying material should become less and less.

My only other material that I will be using for support is as per the lab in that I will be using the good old Doc-CD to try and get quicker at referencing some of the more obscure items that I could be quizzed on during the lab.

I’m hoping that if I start Lab 1 tomorrow night after work that it shouldn’t take me too long to work through it (working on 2-3 hours a night).

I’ll post on here afterwards with my thoughts on the experience, until then…

CCIE Distractions

Posted on by
2

Back when I passed my CCIE written last year I had the momentum behind me and felt that I would be able to study for and take my first attempt at the lab in only a few months.

Since then I have realised more than ever how much of a full-time commitment the lab can very quickly become.

Between work and personal commitments it soon became all to easy to just put the lab studies on the back burner for another day however we all no that tomorrow never really comes…

I’ve said it before but now more than ever I want to knuckle down and get through the studies.

A few weeks ago I took advantage of an offer over at Cisco Press that allowed me to get my CCIE reference library stocked up for less than half the price it would usually have cost which has been a big help. For those wanting to know the books that I bought on the offer were:

  • Routing TCP/IP Volume I, Second Edition
  • Routing TCP/IP Volume II
  • Troubleshooting IP routing protocols

I already had the first title in PDF format that I have been working through but sometimes felt that it was better to have a hard copy as well.

One other factor that I think has been holding me back is that I made the decision to go through all the INE Volume 1 labs one at a time and working my way through, for me personally this hasn’t really worked, I think mostly because you find yourself going through things time and time again that you consider very basic and that don’t really challenge you.
I realise that in the lab it’s not all going to be mind boggling challenges and that there are going to be plenty of sections that require the same mundane tasks that I am berating however at this point I think the better path for myself would be to dive into the Volume 2 labs and then come back to any Volume 1 labs that I feel I need to brush up on.

If anyone else has some other tips on how to stop yourself from getting distracted then please let me know, sometimes I wonder if I have a mild case of ADD when it comes to these things.

INE Vol1 – Bridging and switching – done

Posted on by
Reply

Before christmas I started my way through the INE Vol1 advanced tech labs and got through the first couple of books, I think I was at RIP.

Unfortunately because of a temporary resource issue with the CCIE rack I have use of combined with christmas, work being hectic due to a new DC rollout and my January holiday over to the USA the studies got put to one side.

Since then I’ve moved out from my parents house (yes, get all the living with your parents jokes out of the way now) into my own place. It’s take a few weeks to get settled but its starting to feel a little more like home now.

Last week (Friday) I started the INE labs over from scratch, whilst I probably could have gotten away with starting where I left off I didn’t want to and I wasn’t really that far through anyway.

Being in a place of my own is actually pretty conducive to studying as there are only distractions that you create which is always a good thing.

Back to topic and the B&S Vol1 book was pretty good and the only things I had to look up was PPPoE, mainly just for a CLI refresher though.

Next up is Frame Relay which I hope to get out of the way by Wednesday and then its on to Routing.

I’m hoping to put in a couple of hours every night, or if I miss a night then I will double up on another etc.

Anyway… back to the studies.

Tumble-weed post

Posted on by
Reply

Sorry for it being a bit quiet over here since the new year, I had a few weeks of on vacation in Disney in Florida and then shortly followed by me moving house so things have been a little hectic to say the least.

I have started to settle down again now however my internet connection is still a few weeks out so I am left with a dodgy 3G connection which seems to be up and down more times than a yo-yo!

The power issue that was affecting the rack I was using for my CCIE studies is now sorted out so I am going to start from the top again (I hadn’t got that far with the INE labs anyway) and continue reading through my pile of books and RFC’s.

At the moment I’m reading through ‘Routing TCP/IP Volume 1′ and whilst it is a bit repetitive in places due to it going over everything again there are definitely things that go more in-depth than other books I’ve read.

All quiet on the western front…

Posted on by
Reply

Well that one time a year that the entire world grinds to a halt is upon us, yes thats right its Christmas time.

Things have been unfortunately quiet on the studying front for the past couple of weeks, I had started going through the INE Vol1 labs however a temporary power issue has taken my CCIE rack offline and therefore things stopped just as I was getting to the end of the RIP labs.

In the meantime I have been slowly reading through ‘Routing TCP/IP Volume I’ which is a great book however SO much of it has already been covered that at some parts it feels a little like pulling teeth!

Work has been pretty quiet (as it always is around this time) so that is a little bonus, hopefully the power will be restored to the rack shortly so I can get some labbing in in between the christmas and new year break but I don’t know whether that would be a blessing or a curse!?

In other news I have just signed a lease for an apartment and will be moving in at the start of February so no doubt that will delay the studies some more.

On that note I will leave you all, have a Merry Christmas and a Happy New Year and I will see you all on the fresh end of 2012.

Happy Holidays!

CCIE Written done… now the work starts!

Posted on by
Reply

Well all that studying seems to have payed off a little, today I sat the CCIE R&S Written exam (350-001) and passed it!

Without going into any NDA-breaking territory the exam was actually pretty easy, partially caused I think by studying some topics at a much deeper level than I perhaps needed.

During my time studying for the written exam I mainly used the Cisco Press CCIE R&S OCG but also used the INE Adv Technologies videos for some of the topics that I felt I needed more details on.

At the moment I can’t decide whether to take a weekend off studying or whether to dive straight into the lab studies.

Doing what I do best I am setting myself a goal to have the lab ready for April ’12. Given my past record with meeting cert deadlines I’m guessing this might get pushed back, but not by too much hopefully.

Going forward from here I am going to try and stick to (more in content than time) the INE study plan as it seems pretty reasonable and I could do with some kind of structured plan, why create your own when someone has already gone to the trouble for you?

Security super notes – CCIE Written

Posted on by
Reply

My next topic for writing up my notes is the security section.

For this post and all posts following I will be using the CCIE blueprint from Cisco here (you may need CCO access to access that document but that is free).

My reasoning for structuring it like this is to make it easier both myself to reference and hopefully someone else will find it easier as well.

Some of the information is a little basic and will have been covered at CCNA and CCNP levels but seen as CCIE doesn’t actually have any pre-requisites I thought it best not to leave any stone unturned.

Security

Implement access lists

There are two types of access lists that can be used on Cisco platforms; the standard access list and the extended access list.

Standard access lists are a little basic in their use and can only match on the source address of the traffic you are matching.

Extended access lists differ from standard access lists in that they can not only match on both source and destination addresses but they can also match a whole plethora of other things such as L4 src/dst port number, DSCP marking, packet size etc.

Just like there are two different types of access list there are also two different methods of configuring them.

Firstly there is the numbered access-list method (which is the older method) where depending on what number you give to your ACL will depend on what type it is:

1-99        - Standard access list
100-199     - Extended access list
1300-1999   - Expanded standard access list (useful if you have >100 standard ACL's)
2000-2699   - Expanded extended access list (useful if you have >100 extended ACL's)

There is also the named access-list method in which the name that you give to the access list is completely agnostic to type of ACL it is. When you are using named access-lists you have to explicitly tell the CLI which type of access-list you are creating.

Things to remember about all ACL’s: - All ACL’s end with an implicit deny all - Order of statements in the ACL is critical (they match on a top down approach) Continue reading

Multicast mega notes – CCIE Written

Posted on by
Reply

With under a week to go until my CCIE written test it’s time to go over my notes and get some of them written up to get them fresh in my mind. Todays notes of choice are my multicast notes.

The notes may be a little sparse in places so if you can add anything or spot any mistakes please let me know.

Multicast notes

Common Multicast addresses

Multicast AddressDescription
224.0.0.1All host group which contains all devices on the same network
224.0.0.2All routers group which contains all routers on the same network
224.0.0.13PIM Version 2
224.0.0.22IGMP Version 3
224.0.1.39Cisco Auto-RP-Announce address
224.0.1.40Cisco Auto-RP-Discovery address

Multicast address types and ranges

  • Local network – Addresses in the 224.0.0.0 – 224.0.0.255 are assigned by IANA and are designated for applications that are to be used in the local network only and are to not be routed on the internet.
  • Internetwork control block – Addresses in the range 224.0.1.0 – 224.0.1.255 are assigned by IANA and are designated for the use of applications that should be routed over the internet (such as NTP, 224.0.1.1).
  • SSM address block – Addresses in the range 232.0.0.0/8 are reserved for the use by source-specific multicast applications.
  • GLOP addresses – Addresses in the range 233.0.0.0/8 are reserved for use by organizations who have been allocated an AS number, the second and third octets of the address are made from the 16-bits of the AS number.
  • Admin scoped addresses – The 239.0.0.0/8 range is considered private (much like the RFC1918 unicast address ranges) and therefore should NOT be see routing on the internet.

PIM (Protocol Independent Multicast)

  • Protocol independent means that it doesn’t matter which type of unicast routing protocol you use underneath.
  • There are other multicast routing protocols that do rely on particular routing protocols like M-OSPF (multicast OSPF).
  • There are 3 different types of PIM that are used, these are: Sparse mode, dense mode and sparse-dense mode.
  • Sparse mode supports two types of trees, the (*,G) tree and the (S,G) tree. The latter is more efficient as the traffic travels along the shortest path (also known as the SPT) whereas the shared tree can travel along a less than ideal route to the destination.
  • Dense mode as default runs in a (S,G) mode as it floods all traffic throughout the domain however this is less than ideal as it means that traffic can be flooded to places that do not need it. Dense mode does allow for traffic to be pruned however this is only a temporary action and therefore needs to be constantly refreshed.

  • On a shared LAN segment if there a multiple PIM routers then only one of them will forward the join/prune messages towards the RP, this role is called the ‘Designated Router’ and is elected by virtue of whoever has the highest IP is the DR.

    Continue reading

Snippet – SDM templates, they kill kittens…

Posted on by
Reply

Earlier today there was an issue raised on one of our new(ish) ME3400 switches that we have started to deploy to customer sites.

We started getting SNMP traps from it complaining that its CPU was maxing out, not something that we would expect to see from a switch, let alone a switch that was WELL within its operating limits.

After jumping on sure enough the switch was showing a pretty high utilization on the CPU with regular spikes up to the mid 90% range.

After some regular diagnostics by the second line guys it got passed over and it was then that we saw the issue.

The ME3400 has two possible SDM templates, those being ‘Layer-2′ and ‘Default’ and it seems that this switch either came out of the box with ‘Layer-2′ enabled or someone enabled it during deployment (for some reason!?).

Usually having the wrong SDM template on a switch may just vary the amount of a particular amount of ‘things’ that you are allowed, for instance you may be allowed 2k route entries on a certain template but 8k on another etc.

With the ‘Layer-2′ template on the ME3400 however you get (amongst other things) NO space for IPv4 unicast routes which means that the TCAM has no space allocated for it, this is what was causing those horrible CPU spikes!

The ‘Default’ template that we later switched to has room enough for 8,000 route entries which is more than adequate!

For more information on the SDM templates on the ME3400 check out the Cisco page here (you will need a valid CCO login for it though).

IPv6 MLD Snooping

Posted on by
Reply

I have finally finished my first read through of the CCIE R&S Written OCG and now is time to lab out some of my weaker points, read through a pile of RFC’s and then eventually book and take the exam.

I thought today I would do a post on MLD snooping on Cisco switches.

If you have ever configured IGMP snooping for IPv4 then this is pretty much identical!

For this test I used the below topology which comprises of 4 routers (7206VXR’s in this case on Dynagen) and 1 switch (Catalyst 3560). Continue reading