Quick update: The last ten days went by too quick. It is almost 10% of the total time left and it is as if no progress has been made. I am still busy with the AMsoares labs, it is taking much longer to complete than what I expected, but I am also using this time to read the relevant chapters from Mpls Fundamentals. Slow progress, but hopefully quality progress. The last ten days yielded only 40hours averaging 4 a day, which means 10 behind. Fighting a loosing battle with this schedule. Hope to finish the mini labs soon, where after I would have completed IPX vol1, read briefly INE vol1 (decided not the practice these labs) and the AMS mini labs. I will then work through (read) the INE Vol1 labs and then do the IPX vol1 labs thoroughly for the second time. I will probably work through the AMS labs one more time before the lab. Either before starting full labs or closer to the lab date, have not decided yet. Suggestions welcome?
May 27, 2009
May 20, 2009
Congrats to Rick Mur on his double
Rick is the first of the 2009 SP bloggers to get double gold. Congrats to Rick on an awesome achievement. This gives the rest of us a bit of motivation.
Update: Rick posted his preparation overview. This has made me think again about my preparation strategy. I will have to review my strategy and make some adjustments. I will probably move IPX vol3 earlier into prep and IPX Vol2 later into prep.
It appears Ed Balow has the same experience regarding IPX vol3: IPexpert SP volume 3 lab 1
May 19, 2009
Initial thoughts on AMSoares scenarios
I have started with the scenarios, so far so good. I would rather call them practical configuration examples and the best way to use them is probably debatable. Currently I load the configuration example, read the documentation, break it, fix it and then try alternative options.
Word of advice: The net files are setup for Windows, it will take a while to convert them to linux unless you don’t use something like perl or sed to run through and change the strings. Try to get the net files ready early in prep. I used the source of the mini scenario page to get a list of all the .zip files to download. Below is a script that might be useful in changing the .net files. Once the strings are changed, its a matter of point and shoot
#!/bin/bash
### Change directory to where you downloaded the net files
cd /dyn/ams/
### Create a list of net files
list=`find | grep .net | grep -v netflow`
for dir in $list
do
### Change the windows directory structure to linux
sed ’s/g:\\_CCIE\\Emulator\\Dynamips\\images\\c7200-p\.120-32\.S9\.bin/\/dyn\/images\/C7200-p-mz\.120-33\.S3\.bin/g’ < $dir > tmp.file### Change an idlepc value
# sed ’s/0×60a600a8/0×623bbedc/g’ < $dir > tmp.file### Move the temp file to the original
mv tmp.file $dir
done
May 17, 2009
120 Days to go – Lab prep strategy
30 days left before payment. Now is probably a good time for one last check whether the lab preparation strategy is all in order. Thus far the strategy was quite simple:
1. Begin with professional level theory via CCIP
2. Use professional level theory for preparation for the SP written
3. Pass the written
4. Book the lab
5. Practice individual technologies via focus/tech labs
6. Practice full scale labs
7. Attempt the Cisco lab
Well if only we lived in a stable perfect world. Since Cisco now introduced the core knowledge questions to the security lab and made it clear that they intend to introduce it to all tracks, it is obvious that SP or voice will be next. Speculation is worthless, but if the trend is something to go by, SP will be next. The trend being the most to least CCIE numbers: RS – Sec – SP – Voice. By the time I sit the lab almost a year would have passed since I started with the theory prep. It is unknown when Cisco will make the announcement but with only four months to go, the study schedule is quite tight. If I don’t prepare for the worst and Cisco make the announcement that core knowledge will be on the SP lab, I wont have enough time to recover. I would have to drop something in the lab preparation to make way to review the theory material. Therefor I am preparing for the worst and hoping for the best. I am considering to supplement practice labs with reading Cisco documentation in more depth or use two to three weeks before the lab to refresh on theory. I might have known the header fields and sizes for the written, but doubt whether I will still know them by September. I am hoping either strategy or a combination of both will work.
Gloomy figure: After making the adjustments to compensate for the theory, the hours scheduled for the last 120 days adds to 600 hours. This averages 5 hours a day. Somehow I know something will break. Me, the schedule or the lab.
May 12, 2009
Ipexpert SP Volume 1 Review
I managed to complete volume 1 of the Ipexpert SP series. The workbook consists of 25 sections of which I were able to do 24 on dynamips. The other section I could not do due to my dynamips labs still running the 16 port module at that point. It is a minor as it was basically some vlans, spanning tree and port channels.
My first impression was that the book will be full of mistakes and generally rough around the edges. After the first few labs it was not all that bad. To be honest the labs are quite good. What I like about these Volume 1 scenarios is that the ip addressing is the same throughout the workbook. This make it easier to get to the meat of the section without wasting too much time learning the topology. The proctor guide is really good as well. Some more verification and explanation wont hurt.
On the negative side the dynamips files supplied by IPexpert dont work for this workbook. A lot of time was spent creating a working dynagen .net file. There are also no initial configs for the dynamips topology meaning before every lab you have to create initial configs. This chews away at your quantity:quality ratio. I will explain: This workbook took 50hours to complete. Had the initial configs been available it would have taken 40hours.
To summarize: after the first two or three labs I had very low expectations, but later on the quality really improved and I plan to do this workbook again before starting full labs.
May 7, 2009
Dynamips to real switches with QinQ support
There is an unbelievable amount of junk on the net that can send one in all the wrong directions. When it comes to dynamips it is no different and it seems everyone has a different opinion on what works and what does not. It probably depends on the OS dynamips runs on and the alignment of the moon and the stars. For me the best solution thus far was to run Dynamips on Ubuntu Linux server edition. The reasons for this is due to the 100Mb memory Ubuntu server consumes to run the OS as well as the stability and responsiveness of Dynamips on linux. It has worked well.
To break out to real switches I started with the multiple USB adapter approach. Basically you map each USB to Ethernet adapter to a router ethernet port in the dynagen net file. Sounds simple, and while it is, the USB approach for me turned out to be unreliable. It would work, then it would not. This plus the hassle with using USB adapters from different vendors and drivers just becomes messy.
After more research I tried the “switch in the middle” method. This is by far the easiest, quickest, cleanest and most reliable route:
Overview:
So you are probably already using dynamips to run the routers. To break out the first thing is to create a trunk between your linux server and a breakout switch. Then create a bunch of vlans on the linux server. One for every port that will connect to real switches e.g. if R2 needs to connect to the real switches with Fa0/0 and Fa0/1, create two vlans for this router. In the dynagen net file map each ethernet port to the vlan ’sub interfaces’ which were created when the vlans were created. Create the same vlans on the breakout switch that were created on the server. Assign each access port that will link to the real switches into a different vlan. Each access port on the breakout switch now represents a router port e.g. fa0/6 in vlan 106 on the breakout switch represents router R6 fa0/0 interface which connects to Sw2 fa0/6.
Requirements:
1) A second network card
2) The vconfig utility.
apt-get install vlan
3) Kernel that will support Dot1q
modprobe 8021q
4) A breakout switch. Try to stick with a Cisco switch.
5) If you want to support QinQ / dot1q-tunnel, the breakout switch needs to support QinQ tunneling
Steps:
1) Create a trunk between your linux server and another switch that will become the switch in the middle or breakout switch.
2) Create the required vlans on the server. Or use the following script to do steps 1 and 2.
#!/bin/bash
#############
# vlansetup.sh
# http://21500.net
################# Enable Dot1q support
modprobe 8021q#### Set the ethernet MTU
ifconfig eth1 mtu 1536#### Create the Vlans
vconfig add eth1 101
vconfig add eth1 102
vconfig add eth1 103
vconfig add eth1 104
vconfig add eth1 105
vconfig add eth1 106
vconfig add eth1 107
vconfig add eth1 108
vconfig add eth1 109
vconfig add eth1 110
vconfig add eth1 111
vconfig add eth1 112
vconfig add eth1 113
vconfig add eth1 114
vconfig add eth1 115
vconfig add eth1 116
vconfig add eth1 117
vconfig add eth1 118
vconfig add eth1 119
vconfig add eth1 120
vconfig add eth1 121
vconfig add eth1 122
vconfig add eth1 123#### Bounce the interface
ifconfig eth1 down
ifconfig eth1 up
3) Configure the trunk on the breakout switch
interface fastethernet 0/24
switchport trunk encapsulation dot1q
switchport mode trunk
4) Assign the Access ports their vlans
!
interface fastethernet 0/1
switchport access vlan 101
switchport mode access
!
interface fastethernet 0/2
switchport access vlan 102
switchport mode access
!
interface fastethernet 0/3
switchport access vlan 103
switchport mode access
!
interface fastethernet 0/4
switchport access vlan 104
switchport mode access
! …
! …
! …
interface fastethernet 0/23
switchport access vlan 123
switchport mode access
!
5) If you want to support QinQ and CDP between the virtual routers and the real switchs, your breakout switch needs to support QinQ. Enable a dot1q tunnel on each interface.
interface range fastethernet 0/1 – 23
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
6) Map the ports in the dynagen .net file
[[ROUTER R1]]
f0/0 = NIO_linux_eth:eth1.101
f0/1 = NIO_linux_eth:eth1.103
[[ROUTER R2]]
f1/0 = NIO_linux_eth:eth1.102
7) Connect the switches to the breakout switch with crossover cables. In this example Port fa0/1 on the breakout switch represents Fa0/0 on R1 and connects to Sw1 Fa0/1.
R1 Fa0/0 -> BSw Fa0/1 -> SW1 Fa0/1
R2 Fa1/0 -> BSw Fa0/2 -> SW1 Fa0/2
R1 Fa0/1 -> BSw Fa0/3 -> SW2 Fa0/1
Once I got this working I found that someone already did the hard work. Wish I saw this much earlier. The only difference between the two methods is that I used one breakout switch while MrPaul’s method uses the Dynamips switches and the breakout switch.
HOWTO Connect Real Switches Using One NIC & QinQ
This is the image MrPaul made:
May 5, 2009
Zay Phyoe – 10 Days to go
Zay’s blog is quite new and some SP blog followers might not have come across it yet. Zay will be sitting the SP lab in about 10 days. Zay’s strategy was to use both IPX and INE workbooks. Good luck to him.
May 4, 2009
Dynamips – Hint of a relationship
I am starting to realize why people are so passionate about dynamips. I have got up to section 10 of IPX vol1 on the dynamips topology. When everything starts to work, you get used to it and tend to forget that it is an emulator after all. The scenarios are relatively simple at this stage and not a challenge for dynamips. I suspect they will become more demanding further into prep. Slight annoyance: each initial config has to be edited to accommodate the dynamips topology as some interface numbers change. On average this takes 20 minutes to do, there are 25 sections and therefore a total of 8 hours for the workbook. This reminds me of rip, a protocol with high overhead. I will save all the dynamips initial configs, perhaps IPX will be interested?
With just a bit more than 4 months to go I really need to start focusing and get the workbooks done. I suspect that the 5 IPX vol2 labs and 5 IPX vol3 labs will not be sufficient practise for the lab. I will have to come up with a concrete plan to fill the gaps. Still a long road ahead.
