Posts from ‘CCIE R&S’


As many of you hopefully already know, the CCIE Routing & Switching certification blueprint is changing from version 4 to version 5 on June 3rd 2014. As this date quickly approaches, and as the last of the v4 lab seats are fully booked, it’s time to start planning your attack on the RSv5 blueprint.

While Cisco’s official blueprint for v5 is now more detailed that it has ever been in the past, it still lacks some details in certain areas, for example “Implement, optimize and troubleshoot filtering with any routing protocol.” Additionally it would be difficult to use Cisco’s blueprint for a study plan as it stands in its current linear format. For example “Layer 3 multicast” is listed before “Fundamental routing concepts”, which from a learning perspective doesn’t make sense, because you must understand unicast routing fully before you learn multicast routing. To help remedy this we’ve re-ordered and expanded Cisco’s blueprint into INE’s RSv5 Expanded Blueprint, which you can find below after the jump.

Our CCIE RSv5 Expanded Blueprint is meant to be used as a checklist that you can use as you go through your preparation. This way when you’re finally ready to attempt the lab exam, you can be assured that you’ve at least heard of all the topics in the scope, regardless of how obscure some of them might be. Additionally note that some topics listed below might appear only on the written exam and not the lab exam, such as MPLS Layer 2 VPNs or RIPng, but are still included in our content and the outline below.

The below outline will continue to be updated, so check back periodically during your preparation to see changes, adds, and removes.  Good luck in your studies!

INE’s CCIE RSv5 Expanded Blueprint

Continue Reading

Tags: , ,


Next Tuesday, January 21st 2014, at 10:00 PST (GMT 18:00) I will be continuing our vSeminar series on new topics for the CCIE R&S v5 Blueprint, which will focus on IPv6 First Hop Security.  You can sign-up for this seminar here.  Additionally the link to attend is available at the top of the dashboard when you login to the INE Members Site.

The upcoming session will focus on security exploits and attack mitigation techniques that relate to IPv6 Neighbor Discovery, Stateless Address Autoconfiguration, and DHCPv6, just to name a few. This session will also include both theory and live implementation examples on the Cisco IOS CLI.  This session is expected to run approximately 2 – 3 hours in length.

Please feel free to submit topic requests for additional upcoming vSeminar sessions below.  I hope to see you in class!

Tags: ,


The recording of last week’s seminar on Introduction to DMVPN for CCIE R&S v5 Candidates is now available to view here.  This is the first of many new free seminars on new topics that have been added to the CCIE R&S version 5 blueprint.  New upcoming sessions will include IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few. Feel free to submit requests for additional topics in the comments below.


Good luck in your studies!

Tags: , , , ,


Tomorrow, December 6th 2013, at 10:00 PST (GMT 18:00) I will be running a free live online session on Introduction to DMVPN for CCIE R&S v5 Candidates.  You can sign-up for this seminar here.  Additionally the link to attend is available at the top of the dashboard when you login to the INE Members Site.

This session is the first of many to help candidates transition from the current CCIE R&S v4 Blueprint to the recently announced CCIE R&S v5 Blueprint that goes live on June 4th 2014. We will continue to run additional sessions in the future on new topics that have been added to the CCIE R&S v5 Blueprint, such as IPv6 First Hop Security, IPsec LAN-to-LAN tunnels, GET VPN, IGP Convergence & Scalability, and BGP Convergence & Scalability, just to name a few.  These sessions are not only applicable to CCIE R&S v5 candidates, but also to those pursuing the CCNA, CCNP, or CCIE Security tracks, as well as for everyday engineers looking to apply these technologies in their production environments.

Tomorrow’s session will focus on the theory of what Dynamic Multipoint VPN (DMVPN) is, what problems it was designed to solve, and where it fits in the overall network design as compared to other technologies such as MPLS Virtual Private LAN Service (VPLS) or MPLS Layer 3 VPNs.  The session will also include live implementation examples of DMVPN on the Cisco IOS CLI.  Expect this session to run somewhere around 2 – 3 hours in length.

I hope to see you there!

Tags: , , , ,


Today Cisco posted their official announcement on the upcoming changes for CCIE Routing & Switching Version 5.  The majority of the announcement is along the same lines as previously rumored changes, except for the official launch date, which is now scheduled for June 4th 2014.  This should bring a great sigh of relief to you if you’re currently nearing the end of your CCIE R&S v4 preparation, as you now have a 6 month window to pass the v4 lab exam before the change to v5 occurs.

Specifically the announcement details changes to technical topics covered both in the written and lab exams, the equipment used, as well as the exam format, as follows:

Technical Topic Changes

New Lab Topics:

  • Interpreting Packet Captures
  • Bidirectional Forwarding Detection (BFD)
  • Multi Address Family (AF) EIGRP
  • Dynamic Multipoint VPN (DMVPN)
  • IPsec
  • IPv6 First Hop Security

Of the new topics announced, the big ones are DMVPN and IPsec.  These are specifically listed as DMVPN Single Hub and IPsec with Pre-Shared Keys, so the scope is not nearly as large as the CCIE Security.  If you don’t yet know what any of these terms mean, don’t worry, you soon will ;)

Topics moved from the Lab to the Written:

  • IPv6 Multicast
  • RIPng
  • IPv6 Tunneling
  • 802.1x
  • Layer 2 QoS
  • Performance Routing (PfR)

Topics completely removed:

  • Flexlinks
  • ISL
  • Layer 2 Protocol Tunneling
  • Frame-Relay
  • WCCP
  • IOS Firewall
  • RITE
  • RMON
  • RGMP
  • RSVP QoS

For topics removed, there are three killer areas here: Frame Relay, PfR, and Layer 2 QoS.  Frame Relay’s removal is no surprise, as Ethernet based last mile access solutions such as Metro Ethernet and Virtual Private LAN Services (VPLS) have exploded in the past few years and have eclipsed legacy methods such as DS3 Frame Relay.  From a technology design point of view though, a lot of the Frame Relay theory transfers directly over to DMVPN, as DMVPN could be thought of as a way to emulate legacy hub-and-spoke network designs over a public transport.

As for PfR’s removal, this one is a bit of a surprise, and I can already hear Brian Dennis’s screams of agony:

While the general idea of PfR is great, I’ve never seen it implemented other than in very small scale environments due to the management complexity.  You have to give Cisco credit though, as PfR is essentially SDN version 1.0, and now a very large portion of the industry is focused on this type of application.

The other large change here is the removal of Layer 2 QoS.  While this is still a very important topic, the problem with L2 QoS is that it is highly platform dependent, and the way that Catalyst 29xx/35xx/45xx/65xx implement L2 QoS is generally unique to each.  Therefore in the interest of platform independence and virtualization, L2 QoS gets the axe.  This brings us to our next topic, which is the hardware changes in the new blueprint.

Equipment Changes

As previously rumored, the new CCIE R&S v5 equipment is going all virtual.  As CCIE R&S v4 had already been using virtual IOS for the troubleshooting section of the exam, this should come as no surprise. The biggest implication of this change is that the size of the topology is now arbitrary.  I wouldn’t be surprised going into the exam and seeing a configuration section with 20+ routers in the topology.

The other implication of this change is that certain features can no longer be tested on, as they’re not supported in the virtual IOS.  Those topics that can’t be tested, such as Layer 2 QoS or Flexlinks, are now explicitly excluded from the topic scope of the exam.

Format Changes

Last but not least, a new testing section has been introduced into the R&S v5 lab exam format.  While the written exam format stays the same, the lab now includes a “diagnostic” section, which focuses on the diagnosis and resolution of network issues from a more high level point of view.

This new section won’t use equipment, but instead will present the candidate with information such as network diagrams, CLI outputs, log outputs, traffic captures, and email exchanges, based on which they will be expected to diagnose a presented network problem.  Based on the description in the announcement, I would assume that this format is going to be similar to the CCDE Practical Exam testing format, which tests analytical skills without the need of access to actual devices CLI.

Another minor change to the exam is how the timing of sections works.  In the v4 format, candidates had a maximum of 2 hours to complete the troubleshooting section, and a minimum of 6 hours for the configuration section.  If the candidate used less than 2 hours in troubleshooting, the extra time rolled over to the configuration section.  In the v5 format this changes along with the addition of the diagnostic section.

In v5, candidates will have a maximum of 2.5 hours to complete troubleshooting, a fixed 30 minutes for the diagnostic section, and the rest to complete configuration.  Any time less than 2.5 hours used in troubleshooting will be credited towards configuration.  For example if a candidate uses only 1.5 hours in troubleshooting then the configuration section would be 6 hours, which along with the .5 hour of diagnostic adds up to a total of 8 hours for the exam.

How Does This Affect Me As An INE Customer?

The good news is that if you’ve purchased and of the R&S v4 products from INE, you’re covered for the v5 products.  You won’t have to pay anything to upgrade to the v5 products, including the Bootcamps.  If you already attended a v4 bootcamp and want to resit a v5 bootcamp, there’s no charge for it.

As it’s no secret that Cisco’s blueprint changes have been in the works for quite some time, as have INE’s plans for the v5 update.  We have a bunch of new exciting product updates and more importantly new product features that we’re going to be launching along with the v5 product updates.  More information will be available about these updates in the coming weeks.

In the short term I’m going to be running a free online class this Friday – December 6th 2013 – at 10:00 PST (GMT –8) on Introduction to DMVPN for CCIE R&S Candidates.  I’ll post another blog update tomorrow with more information on this.



Tags: , , ,


It’s rumored that the announcement for the R&S CCIE v5 update should be coming soon (November timeframe) and the switch over for the lab sometime around March 2014. Cisco Live Europe has a R&S v5 Technical Breakout scheduled for anyone attending. The update to version 5 is rumored to be a 100% virtual lab environment similar to how the troubleshooting section of the lab is done now. The major benefit of the lab going virtual is that the topics covered will be platform independent. You will not need to buy 2911′s or 3750x’s to prepare and can use any relatively newer router or switch to prepare or use a virtualized environment (IOL/IOU/VIRL, GNS3, CSR). The goal of the v5 appears to be to focus on the technologies themselves and less on the hardware and a specific topology. This is the best move Cisco has made for the R&S CCIE program in years as candidates will need to focus more on the technologies themselves and not worry about IOS versions, hardware platforms, physical topologies, etc.

Allegedly the R&S CCIE v5 blueprint will see legacy topics like Frame-Relay removed. Additionally it’s possible some of the more lesser used features of the IOS like Zone-Based Firewall, WCCP, IPv6 multicast, and PfR could be removed from the lab. A few of the topics we could see added are IPSec, DMVPN, and Embedded Packet Capture. We may see ISIS added to the written at least if not the lab. This could be the last version of the R&S lab that isn’t IOS XE based so we could see it added to the written.

Currently the lab has a 2 hour troubleshooting section and a 6 hour configuration section. The new lab may contain, in addition to the troubleshooting section, a new diagnostic section. This means the lab could have a troubleshooting, diagnostic and configuration section. I would assume the points for this new section would come from the configuration section and the troubleshooting section would remain the same or possibly even slightly higher in points.

So what does this mean for someone currently preparing for the R&S v4 blueprint? If you feel you are close to taking the lab but do not have to scheduled, you should schedule a date ASAP. Once the official v5 announcement comes out from Cisco, it will be hard to schedule a lab date. If you have a date scheduled before March 2014 then you should be fine. If your date is after February 2014 then I would recommend you move it up ASAP. The longer we go into November the more likely the new blueprint date has been pushed back by Cisco.

Additional v4 bootcamps will be added to the schedule before the March 2014 changeover. We will start transitioning the current bootcamps over to version 5 around the first of the year. For the self-paced products we will start releasing labs and videos covering the new blueprint in November. 90% of the material from the version 4 blueprint will carry over to the version 5 lab blueprint. Topics you can skip for the routers will be Frame-Relay, PfR, WCCP, Zone-Based Firewall along with technologies that are not supported in IOU L2/IOL L2. Here is a list of features we may not see for the layer 2 section since the switches will be virtual.

1) QinQ Tunneling
2) ISL trunks
3) DHCP Snooping
4) Layer 3 Port Channel
5) Private VLANs

Post any questions you have about the new blueprint changes and I’ll start creating a FAQ below:

Q) I purchased the version 4 self-paced material so will I be covered for the version 5 products?
A) Yes.

Q) Will I have to pay anything for get the new version 5 material?
A) No.

Q) I attended an R&S CCIE v4 bootcamp so can I resit a v5 bootcamp for free?
A) Yes.

Q) Will INE offer racks for the new blueprint?
A) Yes. Although the lab is virtual it is still good to spend part of your preparation using real hardware as that is what you use in your day-to-day job. Towards the end of your preparation you can hone your skills using virtualized environment. We will be using the CSR along with real switches for the virtualized environments.

Q) What about my tokens?
A) Your tokens will carry over.

Q) I’m currently schedule for the lab after the v5 update. Can I still take the v4 lab?
A) No.

Q) Do you feel strongly that the announcement will come out in November?
A) I do feel confident that the announcement will be in November but it could slip since they are trying to align the Cisco 360 update to the lab release.

Tags: , , , ,


I hope everyone enjoyed the IPv4 Route Redistribution session on Friday. The turnout was amazing to say the least. We got off to a late start due to needing to split the streams between servers as we had over 2000 people logged in accessing the session. Once we got rolling you can really see how excited I get working on routers ;-) In fact I’ll be doing a few of these R&S CCIE sessions a month going forward since the turnout is so good and I really enjoying do this. The flow for these new online sessions will be that I run every session twice to get enough video for a complete product. After that it’ll take about one or two weeks to get the final product through editing and into your members site depending on the length of the session. These videos will be free for any AAP member or R&S CCIE Bootcamp customer.

I’m going to be running the IPv4 Route Redistribution session again sometime after next week and span it over two days (6 hours each). I’ll publish labs for this next session so after you watch the videos you can go back and reinforce the concepts by doing the labs. Additionally I’ll publish the initial and final configurations for the video sessions along with the configurations I capture during each of the breaks. After that I’ll go through the videos and get the complete product released.

The next sessions will be MPLS L3 VPNs and IPv4 Multicast. Both of these will be ran twice with the first session being one day in length and the second two days. Also I’ll be fitting in a few smaller sessions in between covering other topics.

As a side note the R&S CCIE Version 5 update is just around the corner. The word is that we are looking at a April/May timeframe so I’ll try and get all of the R&S topics covered in these sessions by the end of January or mid-February. Most of the sessions will carry over to the R&S CCIE Version 5 blueprint if you aren’t planning on taking the R&S CCIE Version 4 lab.

Tags: , ,


Friday Oct 11th starting at 10am PDT I’m going to be holding an all day online R&S CCIE session covering IPv4 Route Redistribution Configuration and Troubleshooting. From the R&S CCIE Bootcamps I know that some of the more popular topics are IPv4 route redistribution, IPv4 multicast and MPLS L3 VPNs. I’m going to start with IPv4 route redistribution first since it can be covered in a single 5 to 6 hour session. I’ll cover the other two later this month as IPv4 multicast and MPLS L3 VPNs each needs to spanned over two days (two 6 or 7 hour sessions) to fully cover them. Let me know in the comments what other topics you would like to see done after. Please say SDN! ;-)

To sign up for the session click here. These sessions will be recorded and the configurations will be available so you can follow along with the recordings. I will be using the larger 32 device R&S topology which can be rented through your members site account.

Tags: , ,


The R&S CCIE Volume 2 workbook has been ported to our new web format (see below). This format allows you to add bookmarks, add notes (both private and public notes) and ensures you always have the latest version. Additionally you can submit feedback directly to the Development and Editing teams from within workbook. We are also working on integrating our IEOC forum directly into the workbook and plan on having it available late October.

For the notes, we are currently implementing a rating system that will allow you to rate a public note posted by someone else. This will allow you to filter public notes that are not above a certain rating if desired. This new public notes feature will be really popular based on the feedback we have received from the beta testers. The R&S Volume 2 in the new web format will be released next week.

R&S Volume 3 workbook has been updated. This updated version will be available later this week in your members site account. This is the last major update to Volume 3 before it is retired and integrated into the new single R&Sv5 blueprint based workbook we are already developing.

Q – Will I automatically get the new workbook when its released next week if I have the current workbook?
A – Yes. The workbook will automatically show up in your members site account next week.

Q – Will I be able to view it offline?
A – Yes. A PDF version will automatically be generated when a change is made to the workbook.

Q – Can I view it on my tablet?
A – Yes the new format is pure HTML5 which is support by all modern tablet web browsers. This is the first step before we release it as an iPad/iPhone app and Android app. The tablet app will allow you to take the workbooks “offline” and still make notes, bookmarks, etc that will sync up when you get back online.

Q – Does this include new material?
A – We had to freeze any development while the workbook was ported to the web. Now that the workbook is up we’ll start adding new content. We have 3 additional labs to add to the workbook now.

Lastly Volume I is currently being ported to the web and I’ll release it in chunks as each section is finished. Currently the IP Routing section has been ported. I’m reviewing it before release and adding more PfR/OER labs.

R&S Online Workbook

Tags: , , ,


In this post we get back to basics, and the roots of the CCIE lab exam – stupid router tricks. :)   Recently I was posed the following question:

Can I force my router to reply to a traceroute with the IP of a certain interface, meaning not the usual that reply to the traceroute with the IP address of the ingress interface?

The short answer: yes.  The slightly longer answer: yes, but not the way you probably think you can.  To understand how and why you can do this, first let’s review how a traceroute works.

Continue Reading


CCIE Bloggers