Posts Tagged ‘challenge’


Edit: Thanks for playing! You can find the official answer and explanation here.

I had an interesting question come across my desk today which involved a very common area of confusion in OSPF routing logic, and now I’m posing this question to you as a challenge!

The first person to answer correctly will get free attendance to our upcoming CCIE Routing & Switching Lab Cram Session, which runs the week of June 1st 2015, as well as a free copy of the class in download format after it is complete.  The question is as follows:

Given the below topology, where R4 mutually redistributes between EIGRP and OSPF, which path(s) will R1 choose to reach the network, and why?

Bonus Questions:

  • What will R2′s path selection to be, and why?
  • What will R3′s path selection to be, and why?
  • Assume R3′s link to R1 is lost.  Does this affect R1′s path selection to If so, how?

Tomorrow I’ll be post topology and config files for CSR1000v, VIRL, GNS3, etc. so you can try this out yourself, but first answer the question without seeing the result and see if your expected result matches the actual result!


Good luck everyone!

Tags: , ,


UPDATE: I have received numerous submissions and currently in the process of reviewing them. I’m going to extend the deadline until Wednesday (2012-01-18). At that time all people who submitted working solutions will be awarded 100 tokens!

Recently I have been working with a large enterprise customer that is looking to implement a new change control policy. The main goal of the policy is to be able to track who is making changes to devices in the network, and specifically what those changes are. As opposed to using a full blown network management suite to do this for them, I suggested a simple solution of using TACACS for exec and command accounting (all devices are Cisco), and EEM scripting along with a TFTP server for tracking the actual configuration changes in case they need to roll back to a well-known good working config. The final result worked out very well, and I thought it would make a good CCIE level challenge as well.
Continue Reading

Tags: , , ,


Hi Everyone!

The Challenge
People tend to underestimate the important of IGP routing features in modern network. So here is a small challenge scenario for you to practice OSPF traffic engineering. Take a look at the diagram below for information on the topology and link bandwidth. You may assume that every router has a loopback interface for network testing and OSPF router-id selection.


There is a large cloud of media servers behind R4, and the users behind R1 need to use full 300Mbps of bandwidth when downloading files off the servers. The network is running single-area OSPF for IP routing. Ensure you can accomplish the above goal without using MPLS Traffic Engineering or Policy Based Routing. You are allowed to create additional logical interfaces, but the routing protocol, OSPF areas, physical links and their characteristics should remain unchanged. Keep the amount of changes to minimum and do not introduce new IP addresses.

The first person to provide a working solution will receive 100 rack rental tokens from our partner company GradedLabs. Please use your valid e-mail address when posting a comment, so we can locate your INE account.

OK I forgot to rule out the “route-via” option :) Try solving the task without relying on any “policy-based” routing decisions.

The winner is: Antonie Henning ( Ivan Pepelnjak helped finding a logical “loophole” in my scenario by pointing to the “route-via” option available with GRE tunnels and correctly stating there should be 6 end-to-end tunnels to implement proper load-balancing. Hans Verkerk was close in his idea, but used static routing which was slightly against the rules and not as elegant as Antonie’s solution. Chris Stos-Gale and Nitzan Tzelniker came with the correct solution as well, but Antonie completed the challenge ahead of them. Thanks to everyone for participating in the challenge, it’s been fun!

The Solution:
Continue Reading

Tags: , ,


This is the follow up discussion for the post titled, “Have you seen my Router ID?”

The underlying issue here was trying to get OSPF to bypass the usual selection process for Router ID. The normal selection order is:

Manual router ID configured under ospf process
Highest IP address of a loopback in the up state in the respective routing table
Highest IP address of an interface of an up state in the respective routing table

If there are no up interfaces and you have not manually configured a router ID, you will get an error when you try to configure an OSPF process.

In general, most solutions focused around either using the OSPF selection process to one’s advantage, or trying to “hide” the loopback from OSPF, so that it would select something else.

Continue Reading

Tags: , , ,


There is more than one possible solution for this challenge. Feel free to post your proposed answer in the comments section. We will try to keep comments hidden from public view, so that the fun isn’t spoiled for others. Also, don’t feel bad if the answer(s) aren’t immediately apparent. A number of very bright people have been puzzled by this scenario.  Answers will be posted on Friday, September 18th.


R1 and R2 are configured with their FastEthernet interfaces on the same subnet. R1 will be forming an OSPF neighbor adjacency to R2 over the FastEthernet interface, and will also be advertising some loopback networks into OSPF.


R1′s Relevant Configuration:

interface Loopback1
 ip address

interface Loopback11
 ip address

interface Loopback111
 ip address

interface FastEthernet0/0
 ip address
 no shut

R2′s Relevant Configuration:

interface FastEthernet0/0
 ip address
 no shut

router ospf 1
 network area 0


Your task is to configure R1 while meeting all of the following criteria for requirements and restrictions:

  • R2 should see the networks,, and as OSPF routes in R2′s routing table, but they should not appear as IA, E2, or E1.
  • The output of “show ip ospf neighbor” on R2 should show as the Neighbor ID for the adjacency to R1, even if R1 is reloaded.  No other Neighbor IDs should show up on R2.
  • You are not allowed to use the “router-id” command on R1.
  • You are not permitted to shut down any interfaces on R1, or remove any of the existing configuration on R1.
  • No additional configuration may be added to R2, all configuration for this challenge is done on R1.

Tags: , , ,


For the sake of simplicity and enabling a wider audience we decided to post our regular CCIE brainteasers to the blog.  The winner will get a coupon worth 10% off the price of any of our training packages for R&S, Security, Voice or Service Provider or a $250 gift card! Note that the 10% off discount can not be used with any other discount code you may already have. Please post your solution under the comments for this blog entry – the first person to post the correct solution is the winner. Make sure you provide the correct email address in your response so we can contact you in the event you won.  On Tuesday (August 12th) we will post the solution and announce the winner.

For today the task is an easy one or at least appears to be ;-) Imagine a simple topology made of 3 switches:

STP topology

All switches are running STP for VLAN123 with SW3 being the root.  Your task is to configure the network in such a way so that SW1 port fa0/13 is the root port and SW1 port fa0/16 is the alternate port for VLAN 123.  Sound easy?  Here are the requirements:

1) Do not change any STP link cost

2) SW3 must remain the root for VLAN 123

3) The port types must be access

4) Do not use the switchport backup interface command

5) Do not try to use SPAN or RSPAN

6) Do not disable STP

Good luck!

The correct solution is:

1) Configure SW2 to tunnel STP BPDUs between SW1 and SW3. This will make SW1 thinking that that SW3 is directly connected with cost 19. STP is still active on SW2, but SW2 considers itself the root.

interface FastEthernet 0/13
l2protocol-tunnel stp
interface FastEthernet 0/16
l2protocol-tunnel stp

2) Configure SW3 port Fa0/16 with lower STP priority than SW3 Fa 0/13. This will make SW1 select its connection to SW2 as the root port and the other uplink is alternate: both uplinks have equal costs, the upstream port priority is the tiebreaker.

interface FastEthernet 0/16
spanning-tree port-priority 64

Below is a summarization of some of the close but not quite correct approaches people submitted:

1) Change interface bandwidth/speeds. This is not allowed, since the requirement was not to change spanning-tree costs.

2) Use dot1q tunnel on SW2 – this was prohibited by requirement to set port modes to access

3) Filter spanning-tree BPDUs coming to SW1 from SW3. This would break the requirement for Fa 0/16 port to be alternate path to root. Aside from that, that would result in STP loop, since this is a circular topology.

4) Disabling STP in SW2 explicitly which is prohibited by the requirements

5) Incorrectly assuming that port-priority on SW1 may influence root port selection

6) One complicated MSTP solution submitted by two people actually works but was submitted after the above solution was posted.  The solution is based on differentiation between regional root and CIST root.  Not the simplest solution but it works.  The two people that posted this solution also deserve credit for their MSTP knowledge.  We’ll do a post on MSTP inter-region operations here on the blog in the next few days.

The winner is: “Roman”

Tags: , , ,


CCIE Bloggers