More details are now available on INE’s CCIE R&S v5 Hardware Topology here.

Join our discussion on IEOC on the CCIE RSv5 Equipment Build here.

Questions and comments are welcome.

About Brian McGahan, CCIE #8593, CCDE #2013::13:

Brian McGahan was one of the youngest engineers in the world to obtain the CCIE, having achieved his first CCIE in Routing & Switching at the age of 20 in 2002. Brian has been teaching and developing CCIE training courses for over 10 years, and has assisted thousands of engineers in obtaining their CCIE certification. When not teaching or developing new products Brian consults with large ISPs and enterprise customers in the midwest region of the United States.

Find all posts by Brian McGahan, CCIE #8593, CCDE #2013::13 | Visit Website

You can leave a response, or trackback from your own site.

32 Responses to “INE’s CCIE R&S v5 Hardware Topology”

  1. mohammed says:

    so by virtual routers you mean we install CSR 1000v as vmware machines, and have one link from the physical server goes to SW1 ?

  2. rene says:

    Hi Brian,

    Regarding the IOS for ISR GI (1800/2800/3800), what will you recommend, for example 2800:



    After the class, where you install 1841-153-3.XB12, can you say that ios is stable.

  3. Andrea says:

    Let’s say I’m going 100% virtual.

    How does it work in this case?

    I have 4 virtual switches connected like in the picture, than what? should i use a 5th virtual switch as shown in the picture and do q-in-q (assuming the virtual switch supports the features)…?

    Or should I connect the 20 routers directly to SW1? (being virtual, I don’t really care about port density and cabling)

    • If it’s 100% virtual then just connect the routers to SW1.

      • Andrea says:

        Thanks Brian, thanks a lot

      • Andrea says:

        Hello Brian,

        here is what i managed to obtain, your insight would be interesting here. virtual switches (L2 IOU in my case) do not support SPAN

        1st option:
        connect all routers + link to wireshark on a dedicated port on SW1

        Plus: it works like a charm!

        Minus: even if i set the interface where wireshark is connected, the switch will not forward to that link any interesting traffic (is how switches work) … and SPAN is not an option … to make it simple .. i cannot capture anything really

        2nd option:
        connect all routers + link to wireshark to an hub, and connect the hub to SW1

        plus : i can capture all traffic

        Minus: is an hub, you cna make 1+1 .. everyone is everyone else cdp neighbor, a lot of collisions, half duplex ecc .. this might impact routing protocols and performances.

        what do you think ?

        i belive that option 1 is the best, the cases when i “really really” need wireshark are limited and i might use 2nd topology.

        or, other options can be.

        3 – push gns3 guys to implement capturing in the new gns3 asap (this will take loooong)

        4 – use iousniffer ( it works great, i have tested ) , but as downside, i will not be able to read the captue live .. i’ll have to download the pcap and read what was captured.

        thinking :) .

  4. Driton says:

    Is ine rack rental going to be virtual or physical?

  5. hashim says:

    dear brain,
    I can arrange the switches (physical), but I am looking for a used server to run all the 20+ routers,
    do you know a good used server to buy it either from ebay or amazon ?

    thank you

  6. John Orr says:

    Brian, I have a mix bag of ISR G1s and older hardware (qty 12) and three ISR G2s – 1941s. In order to follow the INE v5 workbooks is there a minimum number of ISR G2s to configure v5 topics?
    Also, if I’m short the theoretical minimum number of ISR G2s to follow the v5 topics with INE workbooks, where is the most optimal placement of my three ISR? R1 – R3 or something else?
    Thanks for your time.

    • I don’t know what the best placement would be offhand, since the features are mixed throughout the topology. Since the topology is dynamic though with using just dot1q subinterfaces the router numbers don’t matter anymore. This means your ISR G2′s could be R1 – R3 for one lab, and R4 – R6 for another lab, etc.

  7. Lucas says:

    Brian, I see on the topology that you are using virtual routers and physical switches with the breakout switch in between. does that mean we create connections from any (ethernet) ports on the routers to any ports on the switches?

    • The routers connect to the switches through a single trunk port.

      • Jason Laidler says:

        Hi Brian,

        Do each virtual routers gig 0/0 connect to a physical switchport on SW1. eg R1 to SW1 F0/1 , R2 to SW1 F0/2 and so on? So each port on the real SW1 is just an regular access port.

        • They connect to SW1 via a trunk port. The vSwitch is just like a regular switch, where the VMs are access ports on the vSwitch. The vSwitch then has a physical link to the real world (SW1 in the diagram) that is an 802.1q trunk. The only difference is that you don’t configure the vSwitch, it basically just acts like a hub, meaning it’s completely transparent. It doesn’t run STP or other control plane protocols.

          • Ishanha says:

            HI Brian ,
            thank you for your enormous contribution to the community. I just need to clarify V5 Lab set up . where i connected 6 CDR100o routers to vSwitch ( VDS in EXSI) and integrated it to four switches in IOU. set up sees to be ok with the connectivity.
            1)AS per my understanding , when Routers are conencted to to vSwitch via trunk port( virtual port group ) , traffic between routers will route via vSwitch itself , no of traffic will reach to physical Switches or Switchs in IOU.
            have you define separate vSwitches per router or all routers connected to one vSwitch ??

            2) could you elaborate on the DMVPN set up physically , is all Switches in the domain or all routers connected to one switch.

            Thank you and best regards,


          • Hi Ishantha,

            Yes, all routers are connected to the same vSwitch. This means that traffic does not reach physical switches first before passing between the routers. Traffic to a physical switch is only sent when the packet is destined to the physical uplink of the server, which is covered in certain videos and labs in our topology.

            For DMVPN there is no change in the physical setup. Connectivity between routers is always via an 802.1Q trunk link to the vswitch, which separates traffic based on the VLAN tag. The result is virtual broadcast domains, which are essentially logical separations of traffic within the CPU of the underlying hypervisor.

  8. Nabeel says:

    Brian -

    I may be missing something here as I haven’t begun to lab yet with the new topology, but with the new setup are there no routers directly connected to the switches as access or routed ports anymore? So there will be no layer 3 segments spanning the switches? I haven’t had a chance to look through the labs yet, so apologies in advance if this is laid out already.


  9. Alexander says:

    Why is there a requirement for 20 Routers when the topologys show 10 Routers?

  10. Kamil says:

    Dear Brian, could you tell me please which exact CSR 1000V ios version appropriate for us? In fact I tried the latest one it does not support DMVPN.

  11. Ishanha says:

    Hi Brian,

    I couldn’t seed debug IP packets incoming or outgoing in cSR1000v routes when debug enabled

    is it usual condition or if there any specific commands to activate ??



Leave a Reply


CCIE Bloggers