Congratulations go out to Keith Humphreys who recently passed his CCIE Service Provider Lab Exam on his first attempt! Keith was a student in a recent CCIE SPv3 Bootcamp that I taught in London, and posted a very inspirational story about his road to CCIE success on INE’s Online Commmunity. It’s a long one, but is definitely worth the read.
Finally after years of preparation I have passed my 1st CCIE on my 1st attempt in Diegem, which is the party centre of the universe, isn’t it!? Below I will go through my preparation, what I did, when I did it and it’s probably all repetition of other peoples experiences but you only pass the CCIE for the 1st time once so I’m going to babble on cos this is my moment
I hope everyone enjoyed the IPv4 Route Redistribution session on Friday. The turnout was amazing to say the least. We got off to a late start due to needing to split the streams between servers as we had over 2000 people logged in accessing the session. Once we got rolling you can really see how excited I get working on routers In fact I’ll be doing a few of these R&S CCIE sessions a month going forward since the turnout is so good and I really enjoying do this. The flow for these new online sessions will be that I run every session twice to get enough video for a complete product. After that it’ll take about one or two weeks to get the final product through editing and into your members site depending on the length of the session. These videos will be free for any AAP member or R&S CCIE Bootcamp customer.
I’m going to be running the IPv4 Route Redistribution session again sometime after next week and span it over two days (6 hours each). I’ll publish labs for this next session so after you watch the videos you can go back and reinforce the concepts by doing the labs. Additionally I’ll publish the initial and final configurations for the video sessions along with the configurations I capture during each of the breaks. After that I’ll go through the videos and get the complete product released.
The next sessions will be MPLS L3 VPNs and IPv4 Multicast. Both of these will be ran twice with the first session being one day in length and the second two days. Also I’ll be fitting in a few smaller sessions in between covering other topics.
As a side note the R&S CCIE Version 5 update is just around the corner. The word is that we are looking at a April/May timeframe so I’ll try and get all of the R&S topics covered in these sessions by the end of January or mid-February. Most of the sessions will carry over to the R&S CCIE Version 5 blueprint if you aren’t planning on taking the R&S CCIE Version 4 lab.
Friday Oct 11th starting at 10am PDT I’m going to be holding an all day online R&S CCIE session covering IPv4 Route Redistribution Configuration and Troubleshooting. From the R&S CCIE Bootcamps I know that some of the more popular topics are IPv4 route redistribution, IPv4 multicast and MPLS L3 VPNs. I’m going to start with IPv4 route redistribution first since it can be covered in a single 5 to 6 hour session. I’ll cover the other two later this month as IPv4 multicast and MPLS L3 VPNs each needs to spanned over two days (two 6 or 7 hour sessions) to fully cover them. Let me know in the comments what other topics you would like to see done after. Please say SDN!
To sign up for the session click here. These sessions will be recorded and the configurations will be available so you can follow along with the recordings. I will be using the larger 32 device R&S topology which can be rented through your members site account.
INE’s new CCIE Security V4 Advanced Technologies Class continues this week, with a focus on ASA Firewall. This week’s classes will run Wednesday Oct 9th – Friday Oct 11th at 10:00 PDT (17:00 GMT) daily, with class days running typically about 4 hours each.
Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4.
Specifically this week’s classes will focus on the following topics:
- Security Levels
- Access Lists before and after 8.3
- Routed vs. Transparent Firewall
- Single vs. Multi Context Mode
- Active/Standby vs. Active/Active Failover Mode
- ASA Routing
- NAT before and after 8.3
- ASA Modular Policy Framework and Application Inspection
The R&S CCIE Volume 2 workbook has been ported to our new web format (see below). This format allows you to add bookmarks, add notes (both private and public notes) and ensures you always have the latest version. Additionally you can submit feedback directly to the Development and Editing teams from within workbook. We are also working on integrating our IEOC forum directly into the workbook and plan on having it available late October.
For the notes, we are currently implementing a rating system that will allow you to rate a public note posted by someone else. This will allow you to filter public notes that are not above a certain rating if desired. This new public notes feature will be really popular based on the feedback we have received from the beta testers. The R&S Volume 2 in the new web format will be released next week.
R&S Volume 3 workbook has been updated. This updated version will be available later this week in your members site account. This is the last major update to Volume 3 before it is retired and integrated into the new single R&Sv5 blueprint based workbook we are already developing.
Q – Will I automatically get the new workbook when its released next week if I have the current workbook?
A – Yes. The workbook will automatically show up in your members site account next week.
Q – Will I be able to view it offline?
A – Yes. A PDF version will automatically be generated when a change is made to the workbook.
Q – Can I view it on my tablet?
A – Yes the new format is pure HTML5 which is support by all modern tablet web browsers. This is the first step before we release it as an iPad/iPhone app and Android app. The tablet app will allow you to take the workbooks “offline” and still make notes, bookmarks, etc that will sync up when you get back online.
Q – Does this include new material?
A – We had to freeze any development while the workbook was ported to the web. Now that the workbook is up we’ll start adding new content. We have 3 additional labs to add to the workbook now.
Lastly Volume I is currently being ported to the web and I’ll release it in chunks as each section is finished. Currently the IP Routing section has been ported. I’m reviewing it before release and adding more PfR/OER labs.
Below is a good write-up by now dual CCIE 35565 IEOC user ndiayemalick after passing the SP lab:
I have passed the CCIE SP Lab yesterday at Brussels. The results came in pretty fast around 10 PM. I will share my experience here. I will only share things pertaining to the SP lab. There are many other posts about the lab in general, preparations, what to expect, the proctors, etc…. Here we go:
- Don’t forget to commit your changes
- Don’t forget to create the BGP_PASS RPL to allow eBGP routes to pass
- Check each and every step on the way. You do not want to be troubleshooting CSC problem because one of your LDP session was not up.
- Logging is disabled on all the IOS devices with “no logging on / no logging console”. I enable it but checked with the proctor who told me to make sure to put disabled it back at the end of my lab, which I did. Do not assume anything, you have a doubt, ask the proctor.
- Keep track of :
BGP peerings (Route reflector for IPv4/IPv6 VPNv4/VPNv6)
RPs per site
- Use the command ‘ip route profile’ to make sure that your routing is stable.
- There’s a lot of reverse engineering in the lab. Many things are pre build for you with many many faults in IPv4 and IPv6 for all address families so know even worst get acquainted your protocols (BGP, OSPF, IS-IS,EIGRP, RIP, PIM) for both address families
- Verify all your neighboring as you go. OSPF, IS-IS, BGP, LDP, RSVP, PIM,etc… You do not want to troubleshooting OSPF neighboring because your MPLS TE is not working. You can waste a lot of time. Things build up as go. The further you go in the lab, the harder it will become to see small details.
- Besides the DOC-CD, Notepad is your next best friend. Many configurations are repetitive. You will gain time and reduce the chance of making a mistake by using it. I had 3 notepad widows one for TCL scripts, another one called “AT THE END” to put back the configurations I changed like logging, and another one for copy/paste configs to save time.
- Read the lab end to end before starting type. Every word is important. The lab is pretty self explanatory but you have to know your stuff hence you need speed and accuracy.
- It’s harder than the R&S lab but easier because to study because of less topic to focus on.
- Sent private emails to Brian and he helps out a lot. Even Mark Snow was available to meet me personally in Columbus, Ohio. How cool is that ?
- I was tested on all possible PE-CE Routing protocols, filtering and loop avoidance techniques.
- Use TCL scripts to check reachability for all address families. It’s crucial. SP is all about reachability and doing the way they wanted it.
- Found 2 typos in the lab: OPSF instead of OSPF and PIM-SW instead of PIM-SM. I was kind enough to send a feedback
- during the end, my Internet Explorer froze. After killing the process in the Task Manager, I was not able to log back in the lab to display the tasks. I still had access to the devices. After multiple attemps with the proctor, we decided to save my configs and logg off. By doing that, I lost all my TCL scripts and notepad notes. Lesson: do not open multiple IE windows even when going for the documentation.
- Request for reread after passing the lab ?????: You can request a reread even when you pass the lab. How stupid is that?????
- Now INE owes me 2 CCIE shirts
Do not hesitate if you have questions, I will help out as much as I can without breaking NDA of course
Read the replies to this post on IEOC here :
Yesterday marked the kickoff of the new CCIE Security v4 Advanced Technologies Class. In our first session we discussed the scope of the new CCIE Security Version 4.0 blueprint, recommended readings (which can be found at the bottom of this post), the new format of class, and technical topics that included stateless traffic filters on IOS with standard ACLs, extended ACLs, time-based ACLs, and dynamic ACLs.
Going forward the SCv4 ATC will be delivered over the next 4 – 6 weeks as shorter, more spread out class days, typically of about 4 hours apiece. The specific class schedule will be posted here on the blog at least a week in advance so you can plan which sessions you want to attend live. Anyone with an active All Access Pass subscription or that has previously purchased the download version of the SCv3 ATC can attend the live sessions. The link to join class can be found at the top of the Members Site dashboard, or direct at http://ine.co/scv4. In the short-term the next upcoming class sessions are as follows:
- 2013-09-26 10:00 PDT (17:00 GMT) – Reflexive ACLs, CBAC, & ZBPF
- 2013-09-30 10:00 PDT (17:00 GMT) – Advanced ZBPF
A longer-term schedule will be posted after the weekend. In general, the class flow will follow the below outline. If you have specific topics requests for class please feel free to post a comment below and I will take it into account.
Starting tomorrow, September 24th 2013 at 10:00 PDT (17:00 GMT), I will begin the running the new CCIE Security Advanced Technologies Class for the newest version 4.0 blueprint. Online streaming of tomorrow’s class is free for anyone to attend. Simply login to http://members.ine.com and then browse to the streaming url of http://ine.co/scv4. A link to the streaming page is also located in the members dashboard.
Tomorrow’s class will start with an introduction about the scope of the CCIE Security v4 blueprint, including the hardware and software versions, as well as the specific technologies within the scope, and then will continue with the technical topics of IOS Firewall, including stateless ACL filtering and stateful filtering with both CBAC and ZBPF.
The format of this class will be a little different than previous iterations of ATCs for Security, R&S, SP, etc. Instead of running a 5-day class with 8 – 10 hours per day, the class will be spread out over the next 4 – 6 weeks in smaller increments. This will allow you to plan your study schedule more accordingly, and ideally not have to take a full week or more of vacation time or PTO in order to attend the sessions. More details of the specific class schedule will be discussed during the class intro tomorrow.
Beyond tomorrow’s class, anyone with a currently active All Access Pass subscription or that has previously purchased the CCIE Security ATC Download will be able to attend the live streaming sessions. Streaming and download versions of the class recordings will be available sometime around November, but more updates will be posted as the live class progresses.
I hope to see you in class tomorrow!
Cisco hasn’t exactly changed their minds, but has made some – ahem – slight adjustments for those current CCIE Voice holders and how they may transition to the new CCIE Collaboration. Three options are laid out quite clearly here on Cisco’s Learning Network page. Note that option 2 (what most previously thought was the only designated path) does expire on Feb 13, although that’s Feb 13, 2016, so there is plenty of time to make your decision.
In this post we get back to basics, and the roots of the CCIE lab exam – stupid router tricks. Recently I was posed the following question:
Can I force my router to reply to a traceroute with the IP of a certain interface, meaning not the usual that reply to the traceroute with the IP address of the ingress interface?
The short answer: yes. The slightly longer answer: yes, but not the way you probably think you can. To understand how and why you can do this, first let’s review how a traceroute works.