Jul
14

Brian Dennis and I attended Cisco Live! - Networkers this week, and both enjoyed the privilege of sitting down to talk privately with Yusuf Bhaiji (Program Manager over the entire CCIE program) and Ben Ng (Program Manager over the CCIE Voice track) for roughly 45 minutes. It was quite an enjoyable and spirited talk, and I believe it benefited both sides - our side to gain a better understanding of why some of the choices have been made, and theirs possibly to see things a bit more 'through the eyes of the typical hard-studying student'. I would like to take a moment to jot down some of the highlights from our conversation, and then unpack them in a bit more detail, so that you may benefit from the open conversation.

Highlights

I'll jot down some very simple, high-level topics that were discussed during our conversation, and then unpack them in more detail in the following section.

  • Upcoming changes to every CCIE Lab Exam
    • Protecting the integrity of the CCIE certification
    • Robust, matured results-based grading engine
    • Heuristic logic embedded into task wording
    • Accuracy and detail of lab score reports
    • Cisco's CCIE Lab Delivery System and virtualization for mobile labs
    • No re-reads
  • CCIE Voice
    • Next blueprint version expectation
    • Topics for current and next blueprint versions
  • CCIE Data Center
    • CCIE Storage grows up
  • Reason behind Cisco.com CCIE Statistics web page being removed

Let's Unpack This a Bit More

Firstly, if I could sum up our entire conversation into one, clear theme, it would be "Protecting the Integrity of the CCIE Program". Indeed, both Yusuf and Ben clearly stated that central theme was the primary guiding principle behind every meeting they have regarding any aspect of the program, every planning session for the future of the program, and every decision made to add, remove and/or change anything in any of the tracks.

The main focus is to ensure that candidates who are attempting the lab exams are what Cisco is certifying them as: Experts. To ensure that no one is able to memorize any aspect of the exam, and to make sure that those of us that are teaching these potential candidates about the technologies involved, are in fact teaching our students everything they need to know about a given group of technologies necessary to become a true expert - something INE has always worked incredibly hard to do. This focus (and the changes it will affect) implicitly deals with the problems that have arisen in the past with a small minority of people who dishonestly try just to memorize parts of the exam, as well as companies who blatantly cater to that small minority by attempting to gain access to a given exam and publish entire exams, or even parts of them.

Now, this has always been a driving focus for the program, however they realized that while some of their efforts in the past to this end have been successful, that many also may not have succeeded in the manor in which they had intended for them to. Case in point: Core Knowledge/Open-Ended Questions (and their complete removal from all tracks). Another attempt at this from long ago -and still in place but soon to possibly change- was the 'detailed score report' (or shall I say 'lack' of detail in the score report). More on that last bit in a moment.

Upcoming Changes to Every Lab

So, onto the specifics of how they plan to accomplish this. With no definites given as to exactly how or when the implementation of any of these initiatives would be implemented, some things were quite frank and very clearly stated. They talked about how their lab grading engine has been in use for some time now, and has reached quite a mature level with it's results-based scoring (both terms of it's accuracy as well as it's modularity). Now would be remiss if I didn't take a quick aside to say when I mention that it has reached a high level of accuracy, some might immediately jump to the conclusion that it wasn't accurate before, and that might have been the reason for their failed attempt. Just to quell those fears, a (human) proctor has always, and will continue to look over and verify a candidate's lab and scripted grading results before issuing the final grade. Now with the fact that the engine grades based on results-based testing (and not on any specific commands input into the configuration), as well as the key point that it is extremely modular (due to it's structured XML nature), any given task can be tested in the same way, however worded in 10-15 different ways on different iterations of any given lab exam. This leads naturally to the ability for them to have upwards of 25 or 50 labs in rotation at any given time for any given CCIE track and blueprint, which makes it nearly imposible for anyone to actually memorize any/all of the questions or versions of lab exams. Thus making those that pass, truly validated as experts. They spoke of a sort-of heuristic logic woven into all of the task wording to accomplish this. Also talked a lot about was how troubleshooting was one of the best things that they added (added 'back' I should say, since it used to be there in the 2-day exam). So look for that to not only continue, but permeate its way through more exams in more ways. No mention was specifically made as to whether any other track outside of R/S would go to the same sort of segregated TS section that it utilizes - so it may happen, it may not. Just have to wait and see.

They have been developing towards this goal for some time now, they know exactly how they will carry it out (however to disseminate that specific knowledge would be completely counter-intuitive to the very idea of integrity protection - so anyone telling you they 'know' how it's being done clearly doesn't know what they are talking about). They mentioned that it will be occurring soon, though when exactly won't ever be known or disclosed, and it won't be necessary to 'announce' it per-se, since it won't require the upgrade/change of any hardware/software or technology-specific topics.

All of what we've talked about up till this point, this obviously doesn't negatively impact any of our readers here, as you all are true learners, true knowledge-seekers - those who wish to not only know, but to truly understand (to paraphrase Einstein, if I may). However, it may have some positive implications that you have not yet considered. Aside from the obvious fact that it preserves the integrity of the prestigious certification that you have (and continue to) worked so diligently towards achieving, another possible benefit from this is that since the CCIE program has/will-have this new ability to have so many exams in rotation (and thus exponentially-if-not-entirely reducing the possibility of memorization of tasks), they can relax a bit on their very ambiguous failed score reports. For those of you who are not yet aware, while some candidates pass on their first attempt, most do not. In fact the average (very loose average) is roughly 2-3 attempts at any given CCIE lab before a 'Pass' is awarded, and you only receive a broken down score report if you fail - if you pass you simply receive a 'PASS' (and frankly, you don't care that you didn't receive a report). Now they didn't state for certain that this would in fact occur (more detailed reports), but they did indicate that it was being discussed internally as a strong possibility - since the grading engine obviously reports back in extreme detail - although he (Yusuf) said it would never include specifically which tasks you got right vs wrong. However, he did also mention that the purpose of the CCIE Program is not to train candidates or provide feedback - it is to test them. It is the responsibility of us, the CCIE training providers, to not only teach, but pre-test and provide accurate feedback to students before they make the actual journey to the Lab and truly become candidates for admission into the prestigious certification that is the CCIE. That by the way, is something that INE is committed to, and indeed already provides more than adequate resources for CCIE R/S, and will soon be adding for the CCIE Voice as well (more on that later).

Another one of the initiatives of the program is to make it much more widely accesible to everyone, everywhere. This was the impetus behind the original idea of having the lab able to be taken from any Prometric/Vue testing center. But Vue wasn't really ready to handle the stringent requirements, and thus the attempt didn't ultimately succeed. Then came the CCIE Mobile Testing Labs. Those worked. Well. Really well in fact. And now the push is to make every single track able to be tested in that same mobile fashion. However, there are a few challenges to overcome first, before that can become a reality. Take CCIE Voice for instance - in order for the Voice lab to become truly mobile, everything has to be ported to Cisco's CCIE Lab Delivery System (where everything: the tasks, the desktop for CLI/GUI, etc. are all completely virtualized). This means the phones themselves as well. Softphones won't do. They don't behave at all like hardware phones. So they are working on creating a completely virtualized hardware-like phone, that behaves exactly like a hardware phone (but doesn't remotely control one). When they get that completed, then you will begin to see the Voice lab become available in the mobile testing centers (along with every other lab once their similar challenges are met).

One last thing I asked Yusuf about regarding specifically the CCIE Voice lab exam, was why they hadn't yet allowed for re-reads (the ability that, if you fail an exam but think you should have passed, you can pay $300 USD to have your lab re-graded manually). He mentioned that since the overall percentage since they began offering that option was so extremely low of those who request a re-read actually results in a grade being overturned (we're talking like 1 out of every 5,000), not to mention that that number has dropped even more with results-based scripted grading, that the focus was not to add more of that unnecessary burden on the already taxed proctors, but to reduce it. So while he didn't provide any guidance on when (if ever) they will completely eliminate that practice from the other tracks (R/S, Sec, SP), he did say that the focus is on removing that option from those tracks vs. adding that option to other tracks (Voice, WiFi, Storage).

CCIE Voice

There was a very interesting breakout session this year entitled "CCIE Voice: Cryptography in Cisco Unified Communications", which inevitably led to the question by participants: "If this class is prefaced by the title 'CCIE Voice', does this mean that Cryptography/Security is going to begin being tested in the lab exam?". The answer to this when asked by the attendee and then later in a bit more detail by me was answered with the basic answer of (and I'll paraphrase): "This has been tested in the written exam for some time now, however there is absolutely nothing stopping us from testing this in the lab today with version 7 of the various UC platform servers, and obviously no problem testing it moving forward to UC version 8 (or 9, etc), as even more security has been added to the new version of UC platforms".

Of course, in the main CCIE Voice 8-hour Technical Seminar, the question was asked by some participants (as well as by me in more detail later in private) when we might anticipate the Voice lab being updated to UC platform version 8.x (or beyond, if FCS'd for better than 6 months by time of announcement), to which Ben gave no real guidance publicly, yet in private alluded to (reverting back to our previous mention in this blog post) the desire to virtualize the hardware phones and deliver the exam with the new virtual Lab Delivery System, so that they could support the mobile labs.

Now of course 8.x has been in production for well over a year now in many networks around the globe, but 9.x doesn't FCS (First Customer Ship) until April '12, meaning that they could possibly update the lab to UC platform version 8 anytime (with a standard 6-month pre-announcement of course), but to update to version 9 would mean that they couldn't even announce a new lab based on that version until Oct '12, with it going live around Apr '13 at the earliest. I have no idea at all which they will end up doing, and from talking with Ben, he made it seem like they hadn't reached an internal decision yet either. In fact it probably will largely depend on how quickly they get that virtualized hardware-like phone put into production in all reality.

Either way, it doesn't really matter. INE has you covered. The major new things in CUCM ver 8.x that can be tested are the following:

  • Call Control Discovery over the new Services Advertisement Framework (CCD / SAF) with RSVP SIP Preconditions
  • Extension Mobility Cross Cluster (EMCC)
  • SIP Normalization using the Lua scripting language

They can't really test the Intercompany Media Engine (IME) - it's just not technically possible. EMCC is easy, and within the day of them announcing this being tested I'll have a minimum 2-hour video ready. I already have over 4 hours recorded on every aspect of CCD over SAF and another half hour of the RSVP with SIP Preconditions in our new CCNP Voice product (which should be posted to our CDN in about a week). SIP Normalization with Lua -- eewww -- let's hope they don't test you on it - but either way, we'll have a video for you the week they announce it.

There are way too many small new features in UC 9.x to list here, -- I'll do a post covering those in the not-too-distant future, but needless to say, it won't be hard to add content to what we have to cover it. The best news is that everything you are studying today, is 100% completely relevant to any new version of the lab that could be announced, whenever they decide to do so -- so don't loose an moment of sleep over a possible upgrade -- you'll be 98% ready anyhow.

As for the possible testing of Cryptography/Security, I will be adding labs to our Volume II Workbook here in the upcoming month, with at least one of which will specifically address this topic. Our racks will allow you to test those features related to security to coincide with the release of that lab.

CCIE Data Center

Now, onto Data Center. Data Center was easily, hands-down, the single largest topic discussed at this year's Cisco Live! event. Not to mention that VMware timed the announcement of version 5 of their suite of virtualization products (including vSphere, vCenter Site Recovery Manager, vSphere Storage Appliance, and vCenter Heartbeat Center) to be exactly 1 hour prior to (and thus ending with the beginning of) John Chamber's Keynote address at Cisco Live!.

But here's how everything relates to the CCIE program. It was very clear that the CCIE Storage is going to become the CCIE Data Center. In fact, aside from that being very clearly stated, the breakout this year was entitled: "Cisco Data Center/Storage Certification". It was stated that the following would be what comprised the new CCIE DC.

Written exam will include (this is their wording copied verbatim):

 

  • Revised Smaller version of the existing SAN Track blueprint
    • MDS device operation, Advanced FC Features, SAN extension & switch Interop
    • SAN Management will be integrated in the new overall DC management
  • In addition to new topics to include:
    • Basic Data Center L3 topology
    • Data Center Access Layer deployment
      • L2, vPC, Fabric Multipathing, QoS
      • Virtualization
      • Unified I/O, FCoE , DCBX
    • Unified Computing System (UCS)
    • Load Balancing techniques and algorithms
    • Branch WAN Acceleration
    • Data Center Management

Lab exam will look like this (this is their wording copied verbatim):

  • MDS will remain in the lab as well as 3rd party FC switches
  • We will consider adding DC solutions and technologies that can be deployed on the following Cisco Products:
    • MDS SAN Switches
    • Nexus 7000, 5000 and 2000
    • Cisco Unified Computing Systems (UCS)
    • Application Control Engine (ACE)
    • Global Site Selector (GSS) in case of DR scenario
    • Wide Area Application Services (WAAS)
    • Data Center Management for both LAN & SAN
    • Virtualization with Nexus 1000v

Of all those things that can be tested, the most obvious ones that would almost have to be included are the Nexus line of DC switches and the UCS blade servers, complete with Fabric Interconnects and Virtual Interface Cards. So those are the things that INE will begin immediately to record video-based lessons on, adding them to our All Access Pass. Guidance wasn't provided on exactly when this track might go into live testing, though sources tell us that we may be less than 12 months away from it going live. Watch this blog for announcements soon on when you might expect the first of those Nexus and UCS training videos. Storage wasn't big. Data Center is already huge. The CCIE Data Center is going to be as well.

UPDATE

I mentioned above two things that I forgot to include, so I will add them in here.

First off I mentioned that we will be adding graded mock labs to the Voice track. Please email me directly if you would be interested in participating in a graded mock lab. It would involve using a dedicated rack for 8.5 hours (8 hours for config and .5 for lunch, just like the real lab) with basic minimal access to the proctor (myself) for basic question clarification, but no real assistance (again, just like the real lab).

Second thing was the reasoning behind the removal of the CCIE stats page from cisco.com. This might sound like a strange reason - I thought so, but after listening to Yusuf talk a bit more about it, it did make good sense in the end. The reason was completely centered around the fact that when one updates his/her cisco.com testing profile with the proper home mailing address, and most importantly home country, and then takes and passes any CCIE exam, his/her CCIE number is forever associated with that country. The problem was, people didn't always stay in that country. They sometimes moved, as is a reasonable assumption. However, the CCIE stats page wasn't designed as a synchronous page that would do a real-time DB lookup each time it was loaded, and so it would always report X number of CCIEs in X country. Yusuf used himself as an example. He's from Pakistan, and so his CCIE was basically 'registered' there (at least so far as that stats page went). Problem is, he moved to Australia for a number of years, but according to that stats page, his CCIE was still in Pakistan. Then he moved to Dubai in the UAE. CCIE? Still in Pakistan. So why should any of that matter? Well, to you and me - it might not. However, when a Cisco Partner in Pakistan (just continuing our example of Yusuf) is told by their Channels team: "You must have 4 CCIEs to become a Gold Partner" (or CCDE's, they count now too for that metric), and maybe the parter reports back: "But there aren't enough CCIEs in Pakistan to accomplish that!", the Cisco Channels team would just pull up that stats page, point to it and show the Partner and say: "Yes there are, see here?" (Again, Pakistan is just an example country, I have no idea how many CCIE/CCDEs there are there, so please don't think I'm being partial for/against that or any other country in any way - nothing is implied). It actually became a very, very big issue with Channels and Partner certifications. And Cisco is a large organization. If any of you have worked for one, you know that a team like the CCIE program has nothing to do with web page programming - that's a completely different part of the business. And to get something changed there requires a requisition to be submitted, go through various levels of approval, and finally implementation. And believe it or not, it took about 4 months for that process to occur, and by the time the implementation of it was being carried out (the removal of that page off of cisco.com), it truly just happened to coincide with a period just following a CCIE R/S change that was resulting in less people passing the lab at that specific point in time. Yusuf stated that it couldn't have been worse timing, however it truly was purely coincidental. He also mentioned that - yes, for a period of time after any type of a change to any lab track, there is always a fall-off in the number of CCIEs awarded for that track, but then it always picks back up. This is perfectly natural for any type of change for a number of reasons. 1) People stop booking a given lab en-masse right after a new version is announced - their basically afraid of what they don't know (aren't we all to some degree?). 2) If you sit a brand new lab version, and have no idea what to expect, you might be thrown for a bit of a loop, and therefore loose a bit of time you would expect to be productive during that lab attempt. By the way, this doesn't have to be. Take a bootcamp course from veterans of the lab such as Brian & Brian (and possibly counting myself as a veteran at this point, I guess I'm getting up there in years :-), my first lab attempt was in '02, so I'm going on 10 years next year .... wow -- although Brian Dennis has his 15 year anniversary coming up in just a few months!), and anyway, you'll be prepared no matter what they throw at you, and there will be no need for you to be counted in with the stats of people that 'don't know what to expect after a new version change'. Anyway, he finally mentioned that while Cisco doesn't (and won't) publish the exact statistics of CCIE Pass/Fail, if you look at the overall average number of passing scores over the life of any blueprint version, those numbers have always been, and will continue to keep trending upward.

----------------------

Well, that's about all I can think of at the moment. I just finished a long flight from Las Vegas to Minneapolis sitting next to Louie Anderson, and to be honest, I'm not sure how I got any writing done. That guy's funny. I need to see him next time I hit the strip.

-Mark

Jan
31

Today's CCENT-level challenge involves the methods that are commonly used to describe and compare modern network infrastructures regarding such things as performance and structure.

ICND1-1: What common descriptive  characteristic for a modern network often encompasses a measure of the probability of a network failure called the Mean Time Between Failures or MTBF?

Answer: _________________

Jan
26

In our recent Implement Layer 2 Technologies series, we examined Q-in-Q tunneling in great detail. In this discussion, I mentioned a big caution about the Service Provider cloud with 802.1Q trunks in use for switch to switch trunking. This caution involved the use of an untagged native VLAN.

You see, this configuration could lead to what is known as the VLAN hopping attack. Here is how it works:

  1. A computer criminal at a customer site wants to send frames into a VLAN that they are not part of.
  2. The evil-doer double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.
  3. The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.
  4. The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly. Yikes!

Notice the nature of this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Admittedly, this is still NOT something we want taking place!

What are solutions for the Service Provider?

  1. Use ISL trunks in the cloud. Yuck.
  2. Use a Native VLAN that is outside of the range permitted for the customer. Yuck.
  3. Tag the native VLAN in the cloud. Awesome.
Jan
15

Beginning January 17th, 2011, Cisco will add Layer 2 Switch Troubleshooting to the 2 hour Troubleshooting section of the lab exam. Like the Layer 3 Troubleshooting that you will perform, these switches are emulated devices using Cisco's IOU product - that stands for IOS on UNIX and is a similar approach to the popular Dynamips platforms. Cisco calls the ability to emulate switches on UNIX - L2IOU.

As you know, INE has been addressing Layer 2 Troubleshooting in all of our CCIE R&S products for a long time - so there will be few modifications that need to be made. I realize that change does cause some level of fear among students studying hard for this exam. I will be sure to schedule a free vSeminar next week to chat about this latest exam format and answer your questions. Watch the blog for the date and time of that vSeminar.

By the way, Cisco announced this change on the Cisco Learning Network this week. Here is the original post.

Jan
13

Many times, students believe that they could use a bit of a boost when it comes to solving the very complex and difficult Practice Lab Exams featured in our famous Volume II workbook here at INE. To respond to this, Keith Barker and I came up with an idea for a new INE product unlike anything that had been created before.

We created a fully interactive video guide to lab exam strategy and actual solutions for the first five labs of the workbook. But we did not stop there. We also recorded bonus lessons on topic areas that students always seem to want extra guidance with. Such areas as:

  • Am I fast enough when it comes to making configurations?
  • What is the best way to master DOC-CD navigation?
  • What are appropriate strategies for Troubleshooting?
  • What should I do if I am struggling with Redistribution tasks?

Here are some sample lessons from the Interactive Video Companion for Volume II so you can see this remarkable product for yourself. I am also publishing the complete outline here so you can examine that as well.

Samples:

Lab 1 - Layer 2 Private VLANs

Version 4 Challenge - Speed Drill

Version 4 Challenge – MPLS L3 VPN Troubleshooting

The Course Outline:

Lab 1 - Dos and Donts - 20 minutes
Lab 1 - Lab Strategy - 30 minutes
Lab 1 - Backup Link - 20 minutes
Lab 1 - Spanning Tree Manipulation - 10 minutes
Lab 1 - Spanning Tree Security - 15 minutes
Lab 1 - Private VLANs - 30 minutes
Lab 1 - Layer 2 Traffic Engineering - 20 minutes
Lab 1 - OSPF Prefix Adv - 10 minutes


Lab 1 - OSPF Broadcast-Nonbroadcast - 30 minutes
Lab 1 - Version 4 Challenge - Speed Drill - 30 minutes
Lab 1 - EIGRP Advertisements - 12 minutes
Lab 1 - EIGRP Authentication - 5 minutes
Lab 1 - RIP Authentication - 10 minutes
Lab 1 – Redistribution - 30 minutes
Lab 1 - BGP Bestpath Selection - 20 minutes
Lab 1 - IPv6 Addressing - 10 minutes
Lab 1 - IPv6 Tunneling - 10 minutes
Lab 1 - EIGRPv6 - 10 minutes
Lab 1 - IPv6 Multicast - 15 minutes
Lab 1 – LDP - 12 minutes
Lab 1 - L3 MPLS VPN - 20 minutes
Lab 1 - RP Assignment - 15 minutes
Lab 1 - Multicast Testing - 20 minutes
Lab 1 - ip igmp access-group - 10 minutes
Lab 1 - Ext ACL TCP Flags - 12 minutes
Lab 1 - Filtering with ACLs - 20 minutes
Lab 1 - Controlling ICMP - 20 minutes
Lab 1 - Adv ACL Features – TTL - 20 minutes
Lab 1 – RMON - 25 minutes
Lab 1 – NTP - 20 minutes
Lab 1 - NTP Authentication - 25 minutes
Lab 1 - IP Accounting - 10 minutes
Lab 1 – HSRP - 25 minutes
Lab 1 – NAT - 12 minutes
Lab 1 – EEM - 18 minutes
Lab 1 – FRTS - 25 minutes
Lab 1 - Version 4 Challenge – Troubleshooting - 10 minutes
Lab 1 - Rate Limiting - 10 minutes
Lab 1 – CBWFQ - 20 minutes
Lab 1 - Cat QoS - 15 minutes
Lab 4 - Traffic Control (VTP Pruning) - 15 minutes
Lab 4  - STP Manipulation - 16 minutes
Lab 4 – UDLD - 15 minutes
Lab 4 - STP Path Manipulation 2 - 10 minutes
Lab 4 - Storm Control - 10 minutes
Lab 4 - Version 4 Challenge - DOC-CD Speed Drill - 10 minutes
Lab 4 - IP Prec to DSCP Map - 10 minutes
Lab 4 - Version 4 Challenge - Speed Drill - 40 minutes
Lab 4 - Version 4 Challenge - MPLS L3 VPN TS - 60 minutes
Lab 4 - QoS Trust Boundaries - 10 minutes
Lab 4 - Virtual Link Alternatives - 10 minutes
Lab 4 - OSPF Area Types - 20 minutes
Lab 4 - OSPF Version 3 - 20 minutes
Lab 4 - OSPFv3 Summarization - 10 minutes
Lab 4 - PE-CE Routing – RIP - 10 minutes
Lab 4 - VPN Tunneling - 20 minutes
Lab 4 - PE-CE Routing – BGP - 15 minutes
Lab 4 - Auto RP - 25 minutes
Lab 4 - Multicast Testing - 30 minutes
Lab 4 - Multicast Rate Limiting - 10 minutes
Lab 4 - Zone Based Firewall - 30 minutes
Lab 4 - Unicast RPF - 15 minutes
Lab 4 - Control Plane Policing - 15 minutes
Version 4 Challenge - DOC-CD Speed Drill 2 - 5 minutes
Lab 4 – SNMP - 10 minutes
Lab 4 - IOS Menu - 10 minutes
Lab 4 - ip alias Command - 10 minutes
Lab 4 - Load Balancing HSRP - 10 minutes
Lab 4 - busy-message Command - 10 minutes
Lab 4 – WRED - 10 minutes
Lab 4 - CBWFQ with NBAR - 10 minutes
Lab 4 - Traffic Policing - 10 minutes
Lab 4 – Compression - 30 minutes
Version 4 Challenge – Layer  3 Speed Drill - 30 minutes
Version 4 Challenge - Troubleshooting Redistribution - 60 minutes
Lab 2 – EtherChannel - 25 minutes
Lab 2 - 802.1X - 30 minutes
Lab 2 – SDM - 15 minutes
Lab 1 - Troubleshooting - Trouble Tickets 1 Thru 5  - 50 minutes
Lab 1 - Troubleshooting - Trouble Tickets 6 through 10 - 50 minutes
Lab 2 - Troubleshooting - Tickets 1 – 5 - 45 minutes
Lab 2 - Troubleshooting - Tickets 6 – 10 - 45 minutes
Lab 2 - OSPF Network Types and OSPF Authentication - 30 minutes
Lab 2 - EIGRP Features - 20 minutes
Lab 2 - RIP Filtering - 20 minutes
Lab 2 - IGP Redistribution - 20 minutes
Lab 2 - BGP Peering - 15 minutes
Lab 2 - BGP Filtering - 20 minutes
Lab 2 - BGP Summarization - 20 minutes
Lab 2 - BGP Tuning - 5 minutes
Lab 2 - IPv6 and Frame Relay - 20 minutes
Lab 2 - L2 MPLS VPNs - 10 minutes
Lab 2 - Static RP - 20 minutes
Lab 2 - PIM NBMA Mode - 10 minutes
Lab 2 - Router Hardening - 10 minutes
Lab 2 - Zone-Based Firewall - 20 minutes
Lab 2 - SNMP Version 2 - 10 minutes
Lab 2 - Reflexive Access Lists - 10 minutes
Lab 2 – RMON - 10 minutes
Lab 2 - Terminal Line Settings - 10 minutes
Lab 2 - IOS Password Encryption - 10 minutes
Lab 2 – Syslog - 10 minutes
Lab 2 - System Management - 10 minutes
Lab 2 – CBWFQ - 10 minutes
Lab 2 - Policy Routing - 10 minutes
Lab 2 – FRTS - 10 minutes
Lab 2 - Congestion Management - 10 minutes
Lab 3 - Troubleshooting - Tickets 1-5 - 45 minutes
Lab 3 - Troubleshooting - Tickets 6-10 - 45 minutes
Lab 3 - Integrated Routing and Bridging - 20 minutes
Lab 3 - L2 Path Manipulation-STP - 20 minutes
Lab 3 - OSPF Features and Redistribution - 40 minutes
Lab 3 - OSPF Virtual Links - 30 minutes
Lab 3 - BGP Path Manipulation - 30 minutes
Lab 3 - BGP Advertise Maps - 30 minutes
Lab 3 - IPv6 Addressing and Tunnels - 15 minutes
Lab 3 - OSPFv3 - 10 minutes
Lab 3 - MPLS Fundamentals - 10 minutes
Lab 3 - Creating VRFs - 30 minutes
Lab 3 -  PE to CE Routing OSPF - 30 minutes
Lab 3 - Muticast IGMP - 10 minutes
Lab 3 - IGMP Multicast Filtering - 5 minutes
Lab 3 - Multicast TTL-Threshold - 10 minutes
Lab 3 -  Reflexive Access Lists - 15 minutes
Lab 3 - TCP Intercept - 10 minutes
Lab 3 - DHCP Server - 30 minutes
Lab 3 - HTTP Access Control - 10 minutes
Lab 3 - IOS TFTP Server - 10 minutes
Lab 3 - Auto-Install - 15 minutes
Lab 3 - Command Privilege Levels - 15 minutes
Lab 3 - Debug at Privilege Level 1 - 10 minutes
Lab 3 - SNMP on Catalyst - 10 minutes
Lab 3 – GLBP - 20 minutes
Lab 3 - Frame Relay Traffic Shaping - 15 minutes
Lab 3 - MQC Policing - 20 minutes
Lab 3 – RSVP - 20 minutes
Lab 4 - Troubleshooting - Tickets 1-5 - 50 minutes
Lab 4 - Troubleshooting - Tickets 6-10 Part 1 - 45 minutes
Lab 4 - Troubleshooting - Tickets 6-10 Part 2 - 45 minutes
Lab 5 - L2 EtherChannel - 15 minutes
Lab 5 - Port-Channel Load Balancing - 15 minutes
Lab 5 - IGP Configuration - 35 minutes
Lab 5 – Redistribution - 35 minutes
Lab 5 - BGP Features - 35 minutes
Lab 5 - IPv6 Frame Mappings - 25 minutes
Lab 5 - IPv6 BGP Features - 15 minutes
Lab 5 - AutoRP Configuration - 25 minutes
Lab 5 - Multicast Features - 25 minutes
Lab 5 - Reflexive Access-lists - 15 minutes
Lab 5 - VLAN ACLs - 25 minutes
Lab 5 - Policy Based Routing - 25 minutes
Lab 5 – SNMP - 10 minutes
Lab 5 - Syslog Server - 10 minutes
Lab 5 – DNS - 10 minutes
Lab 5 - Privilege Levels - 12 minutes
Lab 5 – WCCP - 15 minutes
Lab 5 – EEM - 12 minutes
Lab 5 - MQC QoS - 10 minutes
Lab 5 - RTP Header Compression - 10 minutes
Lab 5 - MQC Bandwidth Limiting - 12 minutes
Lab 5 - Catalyst Nested QoS - 12 minutes
Lab 5 - Troubleshooting - Tickets 1-5 - 45 minutes
Lab 5 - Troubleshooting - Tickets 6-10 - 50 minutes

Jan
03

Continuing my review of titles from Petr’s excellent CCDE reading list for his upcoming LIVE and ONLINE CCDE Bootcamps, here are further notes to keep in mind regarding EIGRP.

About the Protocol

  • The algorithm used for this advanced Distance Vector protocol is the Diffusing Update Algorithm.
  • As we discussed at length in this post, the metric is based upon Bandwidth and Delay values.
  • For updates, EIGRP uses Update and Query packets that are sent to a multicast address.
  • Split horizon and DUAL form the basis of loop prevention for EIGRP.
  • EIGRP is a classless routing protocol that is capable of Variable Length Subnet Masking.
  • Automatic summarization is on by default, but summarization and filtering can be accomplished anywhere inside the network.

Neighbor Adjacencies

EIGRP forms "neighbor relationships" as a key part of its operation. Hello packets are used to help maintain the relationship. A hold time dictates the assumption that a neighbor is no longer accessible and causes the removal of topology information learned from that neighbor. This hold timer value is reset when any packet is received from the neighbor, not just a Hello packet.

EIGRP uses the network type in order to dictate default Hello and Hold Time values:

  • For all point-to-point types - the default Hello is 5 seconds and the default Hold is 15
  • For all links with a bandwidth over 1 MB - the default is also 5 and 15 seconds respectively
  • For all multi-point links with a bandwidth less than 1 MB - the default Hello is 60 seconds and the default Hold is 180 seconds

Interestingly, these values are carried in the Hello packets themselves and do not need to match in order for an adjacency to form (unlike OSPF).

Reliable Transport

By default, EIGRP sends updates and other information to multicast 224.0.0.10 and the associated multicast MAC address of 01-00-5E-00-00-0A.

For multicast packets that need to be reliably delivered, EIGRP waits until a RTO (retransmission timeout) before beginning a recovery action. This RTO value is based off of the SRTT (smooth round-trip time) for the neighbor. These values can be seen in the show ip eigrp neighbor command.

If the router sends out a reliable packet and does not receive an Acknowledgement from a neighbor, the router informs that neighbor to no longer listen to multicast until it is told to once again. The local router then begins unicasting the update information. Once the router begins unicasting, it will try for 16 times or the expiration of the Hold timer, whichever is greater. It will then reset the neighbor and declare a Retransmission Limit Exceeded error.

Note that not all EIGRP packets follow this reliable routine - just Updates and Queries. Hellos and acknowledgements are examples of packets that are not sent reliably.

Dec
28

INE is happy to announce a new class dedicated to the recently introduced Cisco Certified Design Expert (CCDE) certification. The first CCDE Practical Bootcamp is to be run on May 1-5th in Chicago, right before the actual CCDE practical exam that is scheduled on May 6th. Our goal was designing a "last-week" refresher and booster class to finalize your CCDE exam preparation. Students are assumed to have solid theoretical knowledge of the exam's technology base prior to attending. This blog posts gives you a quick overview of the class structure and pre-requisites you should meet in order to benefit the most from this training offer.

Technologies You need to Know.

Firstly, here is a short list of the topics you need to master before enrolling into the bootcamp. In essence, this is a condensed version of the CCDE Written exam blueprint. It is highly recommended that you pass the CCDE Written test prior to attending the CCDE Practical bootcamp. We schedule classes right before the actual exam date and it gives you perfect chance to take the exam right after the bootcamp.

  • Routing
    • OSPF
    • EIGRP
    • ISIS
    • BGP
    • Traffic Engineering
    • Scalability Features for IGPs and BGP
    • Convergence Tuning
    • Redundancy and Resilience
    • Multicast Routing
    • L3 and L2 interaction
  • Tunneling
    • IP Tunneling: P2P and MP
    • MPLS TE
    • Control and Data Plane Separation
    • VPNs: L3 and L2, P2P and MP
  • Security
    • Security Policy Requirements
    • Policy Enforcement Points
    • Access Control: Firewalls and Authentication/Authorization
    • Confidentiality: Encryption and Compartmentization
    • Well-known attacks and countermeasures
  • QoS
    • Applications and their requirements
    • Diff-Serv QoS Model and Tools
    • Int-Serv QoS Model
    • Capacity Planning and Over-provisioning
  • Management
    • Network Monitoring Tools: SNMP, Netflow, RMON, Counters, ACLs etc
    • Monitoring Tools Placement and their impact
    • Information Aggregation
    • OOB and IB management

Recommended Reading

We already published a very detailed reading list for CCDE Practical preparation previously, in the publication titled CCDE Practical Exam Recommended Reading. Here is the list of the books you probably want to brush upon before the class:
Definitive MPLS Network Designs by Jim Guichard et al. Your primary handbook when preparing to the practical exam.
IS-IS: Deployment in IP Networks by Russ White and Alvaro Retana. Good reading on ISIS, provides some design ideas and covers advanced topics.
EIGRP for IP: Basic Operation and Configuration by Russ White and Alvaro Retana. Good reading on EIGRP network designs.
BGP Design and Implementation by Randy Zhang Excellent Reading on BGP, missing some “new” features such as BGP next-hop tracking, but perfect for advanced BGP understanding.
OSPF and ISIS: Choosing an IGP for Large Scale Network by Jeff Doyle. Optional. Excellent additional reading on OSPF and ISIS and routed network design.
Routing TCP/IP Volume II by Jeff Doyle (Multicast sections). This book provides excellent Multicast routing overview. Read over Chapters 5-7, and possibly Chapter 4 (NAT). Multicast is not a huge part of CCDE, but you definitely need to know it.
Optimum Routing Designs by Russ White and Alvaro Retana. You may mainly concentrate on IGP protocols designs and IGP-specific appendices (Part I, Part II and Appendix A-E). I recommend reading this book after you have completed the previous ones on the list.

Class Structure

The class is designed as a series of mock scenarios, mimicking the real exam structure as closely as possible, without using the actual exam software. Every class day is built around a practical case study, presented as series of initial documents and followed by additional information as the scenario evolves. The following are the main logical steps followed in every scenario. Notice that every scenario involved technologies from the main technology domains listed above.

  • Extract and Analyze Design Requirements
    • Identify key components of existing network design
    • Identify the set of requirements presented in the initial documents
    • Gather additional information as you deem necessary to clarify requirements
    • Classify type of design problem and apply solution templates
  • Translate Functional Specification into Network Design
    • Choose the correct technology to resolve a specific network design problem
    • List alternate options and describe how they fit the particular problem
    • Balance scalability, resilience and supportability with your solution
  • Create an Implementation plan
    • Evaluate the impact of implementation options.
    • Develop step-by-step plan for implementing your design
  • Explain and Justify your design choices
    • Explain how network design choices match functional specifications.
    • Justify technology choices based on technical requirements.

Students will participate into "interactive" exam solution process, discussing various technology options and reasoning for using one over another. As mentioned, there are going to be five different design scenarios: two centered around Enterprise networks, two dedicated to SP networks and one scenarios discussing generic protocol design issues. Every scenario is centered around a different type of design problem: e.g. new application, network growth, design problem etc. By the end of the class, students will receive the slide decks used for class presentation as well as scenarios and their condensed solution guides.

Summary

There are no official CCDE Practical training programs designed by Cisco Systems. The class we are offering is not intended to be all-in-one solution for preparing you to the practical exam, but rather a strong refresher of your design skills, a session that summarizes the body of knowledge you need to pass the exam and gives you some look and feel of the real thing. The class does not cover theoretical aspects of networking technologies, so you are assumed to posses knowledge equivalent to the one found in CCDE Written blueprint. A typical class candidate is someone who already holds CCIE title and have passed the CCDE Written test.

Dec
24

We'd like to send a huge congratulations out to Steven Glowacki who just emailed to thank us for helping him pass his CCIE Voice exam and get the newest number - 27831!

Congratulations Steven!

Nov
28

Just as with the CCDP, Cisco has delayed the release of the new DESGN exam. The DESGN exam (640-864) is expected to be available on December 16, 2010.

Here are the topics promised fro the new exam:

Describe the Methodology used to design a network
Describe developing business trends
Identify Network Requirements to Support the Organization
Describe the tools/process to characterize an existing network
Describe the top down approach to network design
Describe Network Management Protocols and Features
Describe network structure and modularity
Describe the Network Hierarchy
Describe the Modular Approach in Network Design
Describe network architecture for the enterprise
Design Basic Enterprise Campus Networks
Describe Campus Design considerations
Design the Enterprise Campus Network
Design the enterprise data center
Describe enterprise network virtualization tools
Design Enterprise Edge and Remote Network Modules
Describe the Enterprise Edge, branch, and Teleworker design characteristics
Describe physical and logical WAN connectivity
Design the branch office WAN solutions
Describe Access Network solutions for a remote worker
Design the WAN to support selected redundancy methodologies
Identify Design Considerations for a Remote Data Center
Design IP Addressing and Routing Protocols
Describe IPv4 Addressing
Describe IPv6 Addressing
Identify Routing Protocol Considerations in an Enterprise Network
Design a Routing Protocol Deployment
Design network services
Describe the security lifecycle
Identify Cisco technologies to mitigate security vulnerabilities
Select appropriate Cisco security solutions and deployment placement
Describe high level voice and video architectures
Identify the design considerations for voice/video services
Describe Cisco Unified Wireless Network Architectures and Features
Design wireless network using controllers

Describe the Methodology used to design a network

  • Describe developing business trends
  • Identify Network Requirements to Support the Organization
  • Describe the tools/process to characterize an existing network
  • Describe the top down approach to network design
  • Describe Network Management Protocols and Features

Describe network structure and modularity

  • Describe the Network Hierarchy
  • Describe the Modular Approach in Network Design
  • Describe network architecture for the enterprise

Design Basic Enterprise Campus Networks

  • Describe Campus Design considerations
  • Design the Enterprise Campus Network
  • Design the enterprise data center
  • Describe enterprise network virtualization tools

Design Enterprise Edge and Remote Network Modules

  • Describe the Enterprise Edge, branch, and Teleworker design characteristics
  • Describe physical and logical WAN connectivity
  • Design the branch office WAN solutions
  • Describe Access Network solutions for a remote worker
  • Design the WAN to support selected redundancy methodologies
  • Identify Design Considerations for a Remote Data Center

Design IP Addressing and Routing Protocols

  • Describe IPv4 Addressing
  • Describe IPv6 Addressing
  • Identify Routing Protocol Considerations in an Enterprise Network
  • Design a Routing Protocol Deployment

Design network services

  • Describe the security lifecycle
  • Identify Cisco technologies to mitigate security vulnerabilities
  • Select appropriate Cisco security solutions and deployment placement
  • Describe high level voice and video architectures
  • Identify the design considerations for voice/video services
  • Describe Cisco Unified Wireless Network Architectures and Features
  • Design wireless network using controllers
Nov
27

Worried about topics like EEM, OER, IP SLA, SNMP and the seemingly endless list of Network Services that might appear in your CCIE R&S (or related track) Lab or Written Exam? The latest of the 3 Day Technology Bootcamps arrives just in time for the new year.

The 3-Day Network Services bootcamp will be help Live Online on Dec 27-29, 2010. Class will run each day from 11 AM EST US to approximately 6 PM EST US. We hope to see you in the Live Event, but a Class-On-Demand version will be available the week following.

Subscribe to INE Blog Updates