In a previous post I quoted the phrase ‘a journey of a thousand miles starts with a single step’. It also ends in a single step, in this case a single word: ‘PASS’. This calls for another quote ‘laus deo semper’. I will post some more details soon, first some quality family time and guilt-free call of duty 
June 6, 2010
SP done
May 14, 2010
INE ospf traffic engineering challenge
While browsing blogs, when I should be labbing, I came across INE’s OSPF Traffic Engineering challenge. I normally ignore these because I happen to see them when they usually already expired. Well this one somehow managed to pull me in. Petr has a very valid point, most often real network challenges are fixed with the first, quick and easy solution (or future problem). I know if this was a scenario in our network, static routes would definitely be the prime candidate.
My summarized version of the answer to Petr’s challenge is to use multiple ‘logical’ interfaces or in other words multiple subinterfaces, using only loopbacks for addressing or ip unnumbered loopback, since configuring additional ip addresses were not permitted. After the subinterfaces were configured all what was left to do is then manipulating the ospf cost on the R4-R1 link to 3 and set the maximum ospf paths. The net result: 6 paths to a subnet on R1, 3 going via R1, 2 paths via R3 and 1 path via R5:
Routing entry for 100.100.100.0/24
Known via “ospf 1″, distance 110, metric 4, type intra area
Last update from 3.3.3.3 on Serial1/0.1, 00:00:01 ago
Routing Descriptor Blocks:
* 5.5.5.5, from 1.1.1.1, 00:00:01 ago, via Serial1/3
Route metric is 4, traffic share count is 1
3.3.3.3, from 1.1.1.1, 00:00:01 ago, via Serial1/0.1
Route metric is 4, traffic share count is 1
3.3.3.3, from 1.1.1.1, 00:00:01 ago, via Serial1/0.2
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.2
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.1
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.3
Route metric is 4, traffic share count is 1
The topology from URL above:
I fumbled a quick dynamips config together.
autostart=false
####################
# http://21500.net #
####################[localhost:7200]
[[3725]]
image = /dyn/images/C3725-adv-ent-mz.124-23.BIN
ram = 160
mmap = true
idlepc = 0×60a8141c[[Router R1]]
model = 3725
console = 2001
S1/0 = R2 S1/0
S1/1 = R4 S1/1
S1/2 = R5 S1/2
F0/0 = LAN 1[[Router R2]]
model = 3725
console = 2002
S1/1 = R3 S1/1[[Router R3]]
model = 3725
console = 2003
S1/0 = R4 S1/0[[Router R4]]
model = 3725
console = 2004
S1/3 = R5 S1/3[[Router R5]]
model = 3725
console = 2005
Completed config files if you want to run this minilab and perhaps find some more ways to solve the riddle.
R1.txt
R2,txt
R3.txt
R4.txt
R5.txt
Update: And what do you know, the solution gets the prize
May 8, 2010
Dynamips/Dynagen NET files for IPX SP workbooks
Another item to scratch from my “to do” list. I built them before the Vol2 and Vol3 merge and not sure what changed to the topologies if any. If you are using the post-merge workbook I ‘assume’ that you will need to switch between the two .net files depending on the lab.
Here they are:
Dynamips / Dynagen NET file for IPexpert SP workbook vol1 and vol3
Dynamips / Dynagen NET file for IPexpert SP workbook vol2
Note they were built on linux, which gave me the best results, therefore to use them on MS, you’ll need to edit the file and change the directories e.g /dyn/images/ to c:\dyn\images\
Please leave a comment if you find a bug.
May 5, 2010
SP Content manager Vincent Zhou introduces himself
First, have a look at the post, some important leads are given towards future plans for the SP track, although we knew it has been coming for a long time:
https://learningnetwork.cisco.com/message/58601
The most important bit, at least for me is:
“CCIE SP will continue to develop in line of SP industry requirement, a new version is on the way to come out. SP exam will NOT disapper in future. In a new version, SP lab will test on both IOS-XR platform and IOS platform, features like IPv6, more TE, more L3VPN, more L2VPN, more Multicast VPN, Carrier Ethernet, etc will test in the exam, please pay attention on official annoucement for detail in later, thanks.”
And interesting recent posts by Vincent:
“Actually CCIE SP has completed new version design.”
“There will have an annoucement about new SP Version 3 soon. For coming version, blueprint, test equipment and operating system will have large update. So in current version there are no plan for 360 program. And in comping new version 3.0. we wish to release 360 learning program, thanks.”
Seems that I am starting to become an advocate of the cisco learning network. I just joined the CCIE SP Study Group. I missed quite a bit of news… Dubai SP seats, SP 360 program.
Update:
“The main change are IPv6 and IOS-XR will start test in lab exam. All test equipment operating software will update to recent version, so recent SP technology will reflect in the exam. In version 3, there is no plan of seperate topology for troubleshooting section.”
Ok, from this it appears that the current hardware will still be there (“All test equipment operating software will update to recent version“). I ‘assume’ the 2600’s will move to pure CE devices where they belong and at least the bug issues (“traceback!”) will be reduced. Then it is not clear whether we will see XR hardware or emulation. Its probably more likely to be an emulator judging on the virtualization of the RS track. XR is lean on features and I dont think there is scope for big surprises :/ . There is also a possibility that XR will only be tested in OEQ, but I doubt this is the case. They want engineers to get accustomed to XR, because if you take the journey from IOS to XR, you might as well that the journey all the way to juniper. Maybe a bit harsh? Damage limitation strategy perhaps.
SP lab Switching vs Dynamips
Just a short post regarding the above, should have posted this long ago.
I often get the question or see someone asking this on the forums. “How much switching is required in the SP lab?” or “Can I prepare using only dynamips?”. The short answer is you can rely 100% on dynamips for SP preparation. If you are not comfortable with just using dynamips, you can use the breakout switch method. Although this is overkill for SP it is a nice setup for RS. I ditched the real switches in favor for the dynamips switch modules due to the noise factor.
Another thing to note is that L2 switching is pretty much completely preconfigured. See page 11 of the attached Preparing-SP-lab-part1 22Dec08 d-3927.pdf on the cisco learning network page https://learningnetwork.cisco.com/docs/DOC-3927 to get further details.
April 23, 2010
The best way to predict your future is to create it
Well, I have been away from studying for two and a half months. It is hard to believe that time went by so quick. Time is one of the most mysterious things, one day you are preparing for a lab the next two years have passed. The last two months have been hectic, both at work with projects and becoming a dad. That was and still is an awesome experience and would not have traded it for two ccie’s. The little one is a month old today, this earmarks a new era for us, no more extended quality dad time for hopefully only a few short months (see quote 6). Need to roll up the sleeves and ‘make’ time, this is not going to be easy. In fact this is going to be hard, I wont hold it against the family if I am not awarded dad of the year this year. This is where I really appreciate my supporting wife. I have a new found respect for CCIE’s that did the journey with little ones in the house.
When coming out of a study slump I often first need to get myself motivated. I actually enjoy this part. I usually start meditating about what I want to achieve and why, some music might be involved and would probably start with something depressing like Scorpions – ‘Winds of change’ and end up with Bon Jovi – ‘Its my life’, perhaps even proclaiming “Aint gonna be just a face in the crowd!”. Some motivational quotes work to get the meditation going and by the way motivational posters dont work
I made a list of some quotes I read tonight that struck a cord:
1. “The best way to predict your future is to create it.” Unknown
2. “Success doesn’t come to you, you go to it.” Marva Collins
3. “Motivation is a fire from within. If someone else tries to light that fire under you, chances are it will burn very briefly. ” Stephen R. Covey
4. “Where the heart is willing, it will find a thousand ways. Where it is unwilling, it will find a thousand excuses.” Arlen Price
5. “Motivation is what gets you started. Habit is what keeps you going.” Jim Ryun
6. “You will never find time for anything. If you want time you must make it. ” Charles Buxton
7. “Will you look back on life and say, “I wish I had,” or “I’m glad I did”?” Zig Ziglar
8. “The only goal you can’t accomplish is the one that you don’t go after!” Vilis Ozols
9. “When you shoot for the moon and you come up short, you still end up among the stars.” Les Brown
10. “What the mind can conceive and believe, it can achieve.” Napoleon Hill
11. “Luck favors momentum.” Unknown
12. “Success is not the key to happiness. Happiness is the key to success. If you love what you are doing, you will be successful.” Albert Schweitzer
13. “A journey of a thousand miles must begin with a single step.” Chinese Proverb
14. “The belief in a thing makes it happen.” Frank Lloyd Wright
15. “Enthusiasm spells the difference between mediocrity and accomplishment.” Norman Vincent Peale
16. “In the confrontation between the stream and the rock, the stream always wins not by strength but by perseverance.” H. Jackson Brown
17. “When a man is willing and eager, the gods join in.” Aeschylus
18. “Always make a total effort, even when the odds are against you.” Arnold Palmer
19. “Success isn’t how far you got, but the distance you traveled from where you started.” Proverb
20. “Keep away from people who try to belittle your ambitions. Small people always do that, but the really great make you feel that you, too, can become great,” Mark Twain
Next a strategy is needed on how much time to spend on labs and theory. I will probably spend more time reading than working through actual labs as I can cover more ground this way to refresh all the grey matter. A few days before the lab I will work through some full-scale labs and focus on speed. If the SP seats continue to be available as they are at the moment, I think this is a good season to put this one to bed.
February 9, 2010
Thank you for coming, please come again – Bangalore
About an hour after the lab, while still researching my OEQ answers the results arrived. By this time I already knew that I got one completely wrong because I did not have an idea what the abbreviation stood for and the second question I could only remember two of the required four answers. So it was game over in the first 1.5 questions. The rest of the lab went humorlessly without incident.
Three of the open ended questions I would rate fair and acceptable, but only if there were four of them. All three I encountered somewhere along the Cisco studies. Only one was related to lab preparation. The list of four of which I could only remember 2 of was way back for CCNP/IP and the RS/SP written. I have memorized these a few times, but four was just too much to remember from a year+ back. The very first question was just insane, I bet none of the proctors knew what it was or that it existed before adding it in the OEQ. I doubt Russ White or Narbik’s gran knows. Forget about 4 questions, there are only three possible questions of which all three are required to be answered correctly. They might be a short answer, an explanation or a list of answers.
Apparently the OEQ are not repeated. Not sure how sustainable that is but since the introduction of OEQ the proctors have much more time on their hands as they dont have to manually grade the lab after the script. What they used to do and do when the OEQ are passed was to check the questions the script has marked incorrect. Since there are multiple ways to do the same thing, the proctor could reverse the mark. They dont have to do this anymore, since the OEQ’s are a sure thing, which gives them more time to develop more OEQ’s and most importantly, more time to develop more labs. This also means the results in case of a fail arrive very soon, 30 minutes to 1 hour after the lab.
The lab portion went well. I managed to complete the lab with 1.5 hours left. During verification I found some errors, like referencing an acl 101 while I configured acl 107. The time was much more manageable than the lab I had in Brussels where it was a complete race against time. There were about three questions where I had to look up in the documentation but could not find any related docs. During lunch I thought about the questions, figured it out and made it work after lunch. By the end of the lab all I thought about were the OEQ’s, the list of four of which I tried my best to come up with two more possible correct answers. I was unsure about one lab question but according to the lovely score report I got all the points for the section.
The proctor Mahesh, didnt seem too bad. After reading swapnedu’s feedback I had low expectations. In the brief before the lab I asked for a 5 minute warning which he reluctantly agreed to but executed well. This is quite important at Bangalore as the time on the workstation was incorrect so I was never sure what the correct time was or how much time was left. The lab started very late at 9:40. If I ever have to come here again, I will definitely not be there at 8am.
The venue was good, I think it is on par with Brussels, except that at Brussels its the only place to get a decent lunch. The screens were about 21″ lcd’s. The commute from the airport to the Unwind Islands where I ended up staying is about an hour. Apparently this could be worse. Traffic is hectic so try to avoid it if possible. Cisco is within 10minutes walking distance, but think about walking once you are here. The area might be considered rough around the edges if you are not from this part of the world and therefore not everybody’s cup of tea. If you dont walk, the hotel will arrange drop off. I opted for a drop off in the morning and a walk back.
Overall I dont think the OEQ’s, besides the one below the belt, were too bad. The mistake I made was to do labs and read that specific portion from the documentation, anticipating that the OEQ’s will test core topics and concepts. Next time I will be better prepared on a pure theory level. I still think OEQ is a good addition to the lab that just needs to be refined and executed/implemented better on SP. If the OEQ release the proctors to spend more time developing fresh content then I am all for it. This is still early days and I think the SP proctors are still finding their feet regarding OEQ. I am sure this will improve as they get more experienced at developing content that test candidates accurately.
February 1, 2010
BGP fast-external-fallover – Common confusion
Most will know the feature and what it does, but to recap the process level command:
R5(config-router)#bgp fast-external-fallover
R5(config-router)#no bgp fast-external-fallover
This feature will enable fast fallover in the event of a link failure for all neighbors peers. In layman terms shutdown the bgp neighbor as soon as the interface reset is detected and not wait for the holddown timer to expire.
Then the interface command:
R5(config-if)#ip bgp fast-external-fallover permit
R5(config-if)#ip bgp fast-external-fallover deny
This is used to overwrite the process level command. Therefore if the feature is enabled under the bgp process, which is on by default, and a specific client interface is flapping frequently, the interface level command can be used to keep the client peer from flapping due to the fast-fallover and prevent upstream peers from dampening the client routes. Fast-fallover is important in multihomed scenarios where it is useful to shut the neighbor as soon as possible in order to avoid packet drops.
But the real reason for this post is that I have seen this a couple of times configured in both (RS) INE and (SP) IPX workbooks with the incorrect interface level command:
R5(config-if)#no ip bgp fast-external-fallover
This will have no effect, except removing previous fast-fallover config. Beware of this common confusion between the two syntaxes. The correct interface level configuration is to use permit or deny.
January 30, 2010
Old habits: Soft-Reconfiguration
While on the subject of old habits, I had to mention this one. I remember back when studying for CCNA and maybe even CCNP that it was always recommended to configure soft-reconfiguration in order to propagate route policy updates/changes without hard resetting the bgp neighbor. This is one of those things that sometimes just becomes routine, a habit, something that is just pasted into new configs and forgotten about. Well it might be time to shake this one off as well.
In brief terms the soft-reconfiguration command will allow a ’soft’ reset. The tcp session between the two bgp peers will not be reset but new policy changes will take effect. E.g, a new route-map filter is applied. Therefore a way to cause minimal damage to overall stability of the network.
A decade or so ago RFC 2918 Route Refresh for BGP-4 September 2000 was published which made the soft-reconfiguration redundant. Two bgp peers that support the route refresh capability can implement a soft reset without any preconfiguration. In order to determine whether a peer support this capability:
show ip bgp nei 11.11.7.11
BGP neighbor is 11.11.7.11, remote AS 11, external link
BGP version 4, remote router ID 150.140.130.120
BGP state = Established, up for 00:03:27
Last read 00:00:27, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
Extract from: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html#wp1001128
To use soft reset without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session. Routers running Cisco IOS software releases prior to Release 12.1 do not support the route refresh capability and must clear the BGP session using the neighbor soft-reconfiguration router configuration command. Clearing the BGP session in this way will have a negative impact upon network operations and should only be used as a last resort.
| Type of Reset | Advantages | Disadvantages |
|---|---|---|
| Hard reset | No memory overhead. | The prefixes in the BGP, IP, and Forwarding Information Base (FIB) tables provided by the neighbor are lost. Not recommended. |
| Outbound soft reset | No configuration, no storing of routing table updates. | Does not reset inbound routing table updates. |
| Dynamic inbound soft reset | Does not clear the BGP session and cache.
Does not require storing of routing table updates, and has no memory overhead. |
Both BGP routers must support the route refresh capability (in Cisco IOS Release 12.1 and later releases). |
| Configured inbound soft reset (uses theneighbor soft-reconfiguration router configuration command) | Can be used when both BGP routers do not support the automatic route refresh capability. | Requires preconfiguration.
Stores all received (inbound) routing policy updates without modification; is memory-intensive. Recommended only when absolutely necessary, such as when both BGP routers do not support the automatic route refresh capability. |
Now what does this really mean to you and me? The memory consumption used by soft-reconfiguration since all routes from a neighbor with soft-reconfig configured will be stored in memory. For example a peer might send a full table but the router is filtering all neighbor AS and neighbor client AS’s. Although only a few thousand routes might be inserted into the bgp table from this neighbor, the router still has to keep the remaining 200k+ routes in memory. If the router has a couple on these peers, it will probably not scale well. By relying only on the route refresh feature, the router will be able to scale to far more peers.
In an enterprise environment with less routes, an old 3600 might still be active in the BGP routing domain and become unstable due to running out of memory. Removing the legacy “soft-reconfiguration” configuration might be the healing touch it needs.
January 25, 2010
Another day, another CCIE track – SP Operations
I initially started with this post and thought hard about whether this post is a knee jerk reaction to another SP track. A couple days later and nothing has changes. CCIE SP Ops is still not a winner.
Sometimes when news is made you either get a positive or negative vibe. When the rumors surfaced about CCIE Data Center, I had a positive vibe about it, from the speculation it just seems the right fit. A track that is needed by industry demand. A year ago when Cisco released CCIE Wireless, I had the same thoughts: ‘This is exactly what the industry needs’. Today Cisco announce CCIE SP Operations and my first impression is that this is going to be another CCIE Design or Storage. Is Cisco expanding with too many tracks too soon?
SP Operations will cover Cisco’s IP NGN which I have said on a couple of occasions should be on the SP track. Cisco IP Next Generation Network buzz is largely based on Carrier Ethernet. In very compact form, a mass migration from proprietary SONET/SDH/ATM onto Cisco Metro Ethernet and EoMPLS. I say Cisco Metro because it is an all Cisco or no Cisco affair since Cisco Metro Ethernet does not play ball with others well. This is largely due to not supporting standards QinQ 802.1ad on the Metro switches. From what I read in ‘future’ releases they would, but read between the lines, once they have the monopoly on Carrier Ethernet.
I have no doubt Cisco has put a lot of research into this track, but I think they overlooked the most important aspect. CCIE SP has been neglected for years and has been begging for an upgrade. People have been talking about the outdated ATM/Frame and no relevant Layer2 VPN for ages. This is a personal opinion but I don’t believe IP NGN warrants a CCIE track on its own and again a personal opinion I don’t believe MPLS L3VPN does either. A mixture of the two however makes a lethal combination.
Another aspect of a new qualification is the time and numbers it takes in order to get market recognition. SP is only at a very late stage maturing into a track that is generally known and accepted in the industry. Will Cisco dumb down the SP Operations track in order to get the numbers out which will ensure engineers build another proprietary carrier network empire? Yes, sounds like a brilliant business plan. The second part will be the cost in preparing for XR, this one is not going to be cheap. Perhaps Cisco will sponsor (read: leak) a simulator?
It is still early days and not much about CCIE SP operations is known to make a informed judgement, but I get the gut feeling this is a track developed by Business/Sales in order to push a revenue stream rather than demand from the industry. While a lot is still unknown, this is my initial conclusion: SP operations has all the right ingredients for another epic fail.
From the general outline of the SP Operations written:
1.0 Manage the network fault management system
1.1 Develop a fault management process for a managed network environment collaboratively with the tools team
1.2 Determine the interaction between the fault management system and the ticketing system in collaboration with the tools team
1.3 Determine the method to gather appropriate metrics for an established fault management process
2.0 Manage performance and capacity
2.1 Identify spikes and potential trouble spots based on syslog and/or Network Management System (NMS) output
2.2 Develop a plan to solve a particular performance issue based on syslog and/or Network Management System (NMS) output
2.3 Identify the Network Management System (NMS) metrics and SLA metrics that will be needed in order to further troubleshoot a specific problem communicated orally, written, etc.
2.4 Develop a plan to establish a baseline and monitor the network in conjunction with the tools and performance groups
2.5 Create baseline network performance in conjunction with engineering and architecture teams
2.6 Monitor the network to look for variances against the baseline
2.7 Edit existing scripts which enable a network baseline management plan in conjunction with the tools and performance groups
3.0 Manage operations processes
3.1 Collaborate with the process team and NOC management on process development to meet a desired network operational objective
3.2 Develop a specific prototype and test plan for a particular planned network change, working collaboratively with the engineering and design groups
3.3 Develop, for a particular network, a list of needed tools working collaboratively with the tools team
3.4 Develop a detailed operations plan including metrics and reporting functions for a particular network working collaboratively with the process team
3.5 Develop a process change action plan based on the results of a network audit
3.6 Develop and maintain a spares plan for a particular network
4.0 Troubleshoot and fix reachability and transport problems within the network
4.1 Identify predecessor steps that have not been executed based on an escalation ticket dealing with reachability
4.2 Determine whether to fix or escalate a ticket dealing with reachability
4.3 Identify the area(s) causing a complex reachability problem of unknown origin
4.4 Troubleshoot a complex routing problem and, considering the technical aspects, determine the risks and fix it
4.5 Troubleshoot a complex security problem and, considering the technical aspects, determine the risks and fix it
5.0 Identify problems in implementation plans
5.1 Find issues of a rollout plan received from engineering before deployment
5.2 Identify hardware which is not backwards compatible on a new service rollout plan
5.3 Find hardware that needs operating system upgrades on a new service rollout plan
5.4 Review and provide recommendations on areas in which NOC support plans will not be sufficient on a new service rollout plan
6.0 Troubleshoot and fix network performance problems
6.1 Identify predecessor steps that have not been executed based on an escalation ticket dealing with network performance
6.2 Determine whether to fix or escalate a ticket dealing with network performance
6.3 Determine whether to fix or where to escalate a core network fault
6.4 Identify the source of a complex network performance problem
6.5 Troubleshoot a complex network performance problem and, considering the technical aspects, determine the risks and fix it
6.6 Identify a complex application performance problem and isolate it
6.7 Identify a complex computing device (server, call manager, etc – not the network or application) performance problem and isolate it
6.8 Troubleshoot a complex traffic pattern problem and, considering the technical aspects, determine the risks and fix it
6.9 Troubleshoot a complex, chronic performance problem and, considering the technical aspects, determine the risks and fix it
Identify spikes and escalate tickets? My word, what is Cisco doing? Sounds more like a CCNA blueprint. Perhaps just trust and put faith in the network giant? Hope this does not destroy the CCIE reputation.
