Today Cisco posted their official announcement on the upcoming changes for CCIE Routing & Switching Version 5.  The majority of the announcement is along the same lines as previously rumored changes, except for the official launch date, which is now scheduled for June 4th 2014.  This should bring a great sigh of relief to you if you’re currently nearing the end of your CCIE R&S v4 preparation, as you now have a 6 month window to pass the v4 lab exam before the change to v5 occurs.

Specifically the announcement details changes to technical topics covered both in the written and lab exams, the equipment used, as well as the exam format, as follows:

Technical Topic Changes

New Lab Topics:

  • Interpreting Packet Captures
  • Bidirectional Forwarding Detection (BFD)
  • Multi Address Family (AF) EIGRP
  • Dynamic Multipoint VPN (DMVPN)
  • IPsec
  • IPv6 First Hop Security

Of the new topics announced, the big ones are DMVPN and IPsec.  These are specifically listed as DMVPN Single Hub and IPsec with Pre-Shared Keys, so the scope is not nearly as large as the CCIE Security.  If you don’t yet know what any of these terms mean, don’t worry, you soon will ;)

Topics moved from the Lab to the Written:

  • IPv6 Multicast
  • RIPng
  • IPv6 Tunneling
  • 802.1x
  • Layer 2 QoS
  • Performance Routing (PfR)

Topics completely removed:

  • Flexlinks
  • ISL
  • Layer 2 Protocol Tunneling
  • Frame-Relay
  • WCCP
  • IOS Firewall
  • RITE
  • RMON
  • RGMP
  • RSVP QoS

For topics removed, there are three killer areas here: Frame Relay, PfR, and Layer 2 QoS.  Frame Relay’s removal is no surprise, as Ethernet based last mile access solutions such as Metro Ethernet and Virtual Private LAN Services (VPLS) have exploded in the past few years and have eclipsed legacy methods such as DS3 Frame Relay.  From a technology design point of view though, a lot of the Frame Relay theory transfers directly over to DMVPN, as DMVPN could be thought of as a way to emulate legacy hub-and-spoke network designs over a public transport.

As for PfR’s removal, this one is a bit of a surprise, and I can already hear Brian Dennis’s screams of agony:

While the general idea of PfR is great, I’ve never seen it implemented other than in very small scale environments due to the management complexity.  You have to give Cisco credit though, as PfR is essentially SDN version 1.0, and now a very large portion of the industry is focused on this type of application.

The other large change here is the removal of Layer 2 QoS.  While this is still a very important topic, the problem with L2 QoS is that it is highly platform dependent, and the way that Catalyst 29xx/35xx/45xx/65xx implement L2 QoS is generally unique to each.  Therefore in the interest of platform independence and virtualization, L2 QoS gets the axe.  This brings us to our next topic, which is the hardware changes in the new blueprint.

Equipment Changes

As previously rumored, the new CCIE R&S v5 equipment is going all virtual.  As CCIE R&S v4 had already been using virtual IOS for the troubleshooting section of the exam, this should come as no surprise. The biggest implication of this change is that the size of the topology is now arbitrary.  I wouldn’t be surprised going into the exam and seeing a configuration section with 20+ routers in the topology.

The other implication of this change is that certain features can no longer be tested on, as they’re not supported in the virtual IOS.  Those topics that can’t be tested, such as Layer 2 QoS or Flexlinks, are now explicitly excluded from the topic scope of the exam.

Format Changes

Last but not least, a new testing section has been introduced into the R&S v5 lab exam format.  While the written exam format stays the same, the lab now includes a “diagnostic” section, which focuses on the diagnosis and resolution of network issues from a more high level point of view.

This new section won’t use equipment, but instead will present the candidate with information such as network diagrams, CLI outputs, log outputs, traffic captures, and email exchanges, based on which they will be expected to diagnose a presented network problem.  Based on the description in the announcement, I would assume that this format is going to be similar to the CCDE Practical Exam testing format, which tests analytical skills without the need of access to actual devices CLI.

Another minor change to the exam is how the timing of sections works.  In the v4 format, candidates had a maximum of 2 hours to complete the troubleshooting section, and a minimum of 6 hours for the configuration section.  If the candidate used less than 2 hours in troubleshooting, the extra time rolled over to the configuration section.  In the v5 format this changes along with the addition of the diagnostic section.

In v5, candidates will have a maximum of 2.5 hours to complete troubleshooting, a fixed 30 minutes for the diagnostic section, and the rest to complete configuration.  Any time less than 2.5 hours used in troubleshooting will be credited towards configuration.  For example if a candidate uses only 1.5 hours in troubleshooting then the configuration section would be 6 hours, which along with the .5 hour of diagnostic adds up to a total of 8 hours for the exam.

How Does This Affect Me As An INE Customer?

The good news is that if you’ve purchased and of the R&S v4 products from INE, you’re covered for the v5 products.  You won’t have to pay anything to upgrade to the v5 products, including the Bootcamps.  If you already attended a v4 bootcamp and want to resit a v5 bootcamp, there’s no charge for it.

As it’s no secret that Cisco’s blueprint changes have been in the works for quite some time, as have INE’s plans for the v5 update.  We have a bunch of new exciting product updates and more importantly new product features that we’re going to be launching along with the v5 product updates.  More information will be available about these updates in the coming weeks.

In the short term I’m going to be running a free online class this Friday – December 6th 2013 – at 10:00 PST (GMT –8) on Introduction to DMVPN for CCIE R&S Candidates.  I’ll post another blog update tomorrow with more information on this.




Many students keep asking us - how do I get the most from IEWB-RS VOL1? This product is a Tier-1 solution, designed to teach students the fundamental technologies of the CCIE R&S lab. However, the workbook looks intimidating to many beginner students due to its huge volume. In short, the problems that many people have dealing with a large amount of knowledge covered in the workbook could be summarized as follows:

  1. Limited time – can’t go through all the labs.
  2. Memorization issues, tendency to forget things learned earlier.
  3. Time planning problems, cannot allocate time properly between the workbook sections to get the most use of it.

Resolving these issues is the best way of improving VOL1 effectiveness. Let’s see the ways to address the outlined issues.

Basic Planning

Start by figuring out how many hours you may spend practicing mini-labs. Normally, this should be around 60-70% of the total time you have allotted to prepare to the CCIE lab exam. Let’s say you have 6 months before your lab date. It’s about 180 days, so you can spend 60%*180=108 days on mini-labs. Now estimate the time you can spend a day preparing for your CCIE – let’s say it’s 2 hours in average (e.g. 1 hour today, 3 hours tomorrow, or just 2 hours every day). Take a realistic number, accounting for the time you need to spend on your job, family, etc. Now find the resulting amount of hours that you may spend on VOL1: 108*2=216 hours. Finally, gauge the time you need to complete a single VOL1 lab. Some of VOL1 labs might be harder than another, so try figuring an average number. Let’s say it’s about 40 minutes, where 30 minutes you spend actually working on the lab and 10 minutes repeating the information you have just learned. Based on the total amount of hours you have for VOL1 and the average time per lab you may find the approximate number of mini-labs that you may cover; using the example from above, it’s going to be 216/(4/6)=324. This number is significantly lower than the amount of scenarios in VOL1. So how should you divide your efforts among different sections of VOL1 to obtain maximum efficiency?

Allocating the time between VOL1 sections properly

In the previous blog post, an approach based on the utility function has been suggested. However, after some modeling I decided to revert back to a simpler approach, based on the concept of max min fairness. The reason is a well-known utilitarian paradox, which I yet need to address properly ;)

So what about this max-min fairness thing? You may already have known of it, if you studied QoS and resource sharing. In fact, this is an approach used to implement Fair Queueing – maximizing the “throughput” for the minimally demanding “flow”. In our scenario, a “flow” is a section, and “demand” is the amount of tasks you need to complete from this section. We implement section weighting, so that some topics are considered more important as another. In short, here is how the max/min fair approach works:

  1. Assume there are N sections, with the weights a1, a2,… aN and the amount of tasks T1,…,TN in respective sections.
  2. Suppose you may only complete M tasks, where M < T1+T2+…TN.
  3. Initially, we allocate the time between sections based on the formula: Xj=aj/(a1+a2+…aN)*M. This means that every section gets “fair” amount of resource, proportional to its weight.
  4. For every section that gets more than it needs, i.e. Xj > Tj, take the amount Xj-Tj and allocate is based on the weights a1, a2…aN as in step (2) among all remaining sections that still need the resource.
  5. Repeat the loop to (4) checking for the sections that got more than they needed and re-allocating this amount again.

This iterative algorithm could be quickly implemented using an Excel spreadsheet. Here is a simple spreadsheet with some of the basic constants (e.g. number of tasks per section) configured for you. All you need to enter is the following:

a) Total amount of hours you are going to spend on the workbook
b) Average amount of time per lab. This may change with your progress, so you may want to get back to the spreadsheet and edit some values.
c) The number of labs that you have already completed for every section. Like with (b), you may return to the spreadsheet and re-calculate the time allocation. Make sure you set these to zeroes if you truly dont know much about the technologies covered in the respective section.


Notice that the spreadsheet only performs two iterations of the weighted fair sharing algorithm, which should be enough in most cases, but may yield slightly inaccurate results in some situations. Also, pay attention to the “Weights” column. This is where you specify the relative “importance” of every section. In short, the idea is to prefer the core topics to non-core, thus allocating more time to spend on those. If you feel like you know what you’re doing, you may play with the weights. Just keep in minds that only their relative values do matter, i.e. 10 20 30 would yield the same weighting as 1:2:3.

Not just Learning, but Memorizing

We’ve been talking about memorization before in this blog post. One answer to better memorization was the process of optimally spaced repetitions. But those might look complicated if you follow any of the special algorithms. Is there a small and simple set of instructions that one can follow to improve the memorization process without the need of any software? In fact, there is. Here are the rules:

  1. Perform the first repetition immediately after you finished a set of mini-labs. What do we mean by a repetition? Typically, it’s a condensed review of the material you have just been working with. Read over the breakdowns; re-type the major commands in the notepad. Do not spend too much time reviewing and repeating, it should be kept up to 10% of the time you typically spend labbing up the scenarios. (e.g. if you spend 30 minutes on a mini-lab, allocate approximately 10 minutes to a single lab repetition).
  2. Take a 20 minutes break from studying; you may spend the break reading over and analyzing the tomorrow’s set of mini-labs, or just taking a cup of coffee or green tea. Both drinks contain caffeine, which in small amounts improve concentration and memorization processes.
  3. When you done with the labs for the day, schedule another repetition 8 hours after your initial repetition. Based on this 8-hour interval, it may be best to practice in the morning (so you may take a repetition in the evening) or in the evening, right before you go to sleep (so you may repeat everything early next morning). During that repetition, review the material for all mini-labs you practiced today. For example if you were doing 3 mini-labs it may take about 30 minutes to perform complete review.
  4. Schedule the last repetition of the today’s labst by 24 hours in the future counting from the initial (Step 1) repetition (e.g. tomorrow’s morning if you were practicing in the morning). Mark this on your calendar or any personal time-management tool. This is going to be the last review for the series of the mini-labs you have done today. Again, it should take no longer than 10-15% of the time you spend practicing the scenarios initially.

This repetition procedure adds over 30% overhead to your “bare” study time (you need to repeat the material 3 times during the first day). This is a significant increase in time, and you may want to account for it when calculating the average time to complete a single mini-lab and planning your time budget as shown previously.

How do I prioritize labs within VOL1 sections?

Like we said before, sections are weighted based on their relative importance. Core topics require more attention than non-core. What about the tasks within a single section? Typically, the workflow for VOL1 is linear: every next lab requires previous scenarios as “pre-configuration”; however, major “chains” are independent, and you may see the workbook asking you to perform configuration resets between the sub-sections. Commonly, more advanced scenarios follow the basic ones, so you progress naturally by doing them in sequence. However, in situations when you don’t have enough time, you may want to focus on the scenarios you are most unfamiliar with and skip some basic stuff.

In addition to this, some sections, especially the non-core ones (e.g. QoS or IP Services), may not follow the linear logical structure perfectly. For example, if you take “IP Services” you may see scenarios being grouped by technology: e.g. DHCP, NAT, WCCP and so on. For the QoS, you may group scenarios in sub-sections such as MQC, Catalyst QoS, Legacy FRTS and so on. In this case, you may want to apply the same fair scheduling logic to these sections. In the same XLS file we referred to before, there is an additional sheet (named “QoS”) to help you splitting the time “inside” a large, non-linear section. I’m planning to add similar breakdowns to other “non-linear” sections, such as “IP Services”, “System Management” and “Security”. Here is a sample screenshot of this page:


It works in the same way as the main planning page. However, you don’t have to edit the total amount of labs for the QoS section – it is copied from the previous sheet. You may only want to edit the “Labs Completed” column, to reflect the amount of scenarios you came through already.


The above-described techniques should help you get more organized and proactive with your time management as well as improve content retention. Keep in mind those are just tools, and it’s up to you to do all work! And stay tuned for more updates to the XLS file and the methodology. Following our Tier-based logical approach, the next step after VOL1 should be IEWB-RS VOL2 full-scale labs practicing, which is to be covered next.


Hi everyone,

we have just uploaded the initial update of IEWB-SC VOL1 "VPN" section to all subscribed accounts. The update contains 15 new labs listed below:

LAN-to-LAN VPN between IOS and ASA
IPsec and NAT Interaction in ASA Firewall
Peer Authentication using Digital Signatures
ASA Tunnel Group Names
ASA Certificate Mapping Rules
Filtering traffic inside LAN-to-LAN tunnels
LAN-to-LAN tunnel between IOS Routers
IOS IPsec NAT Traversal
IOS IKE Aggressive Mode
VPN between Overlapping Subnets
IOS VPN with Digital Signatures Authentication
IOS Certificate Access Lists
Virtual Tunnel Interfaces
GRE over IPsec

The following labs are in process of being developed should be available soon. Notice that there might be more labs than currently are on the list.

IOS ezVPN Server
IOS ezVPN Server with RADIUS
IOS ezVPN Server with Digital Certificates
IOS ezVPN Remote
ASA ezVPN Server
ASA ezVPN Server with RADIUS
ASA ezVPN Server with Digital Certificates
IOS Clientless SSL VPN
ASA Clientless SSL VPN
ASA L2TP over IPsec
IPSec High Availability

The next thing you guys would see updated is the long-awaited IEWB-RS VOL1 v5.0 "BGP" section :)

Have fun!


Hi everyone,

as promised before, updated Security VOL2 Lab1 has been posted to all subscribed members accounts. The new lab features completely new diagram (I hope you guys like it ;) and significants updates to its contents. Alongside with removing the PIX and VPN3k sections we've added tasks covering such topics as IPsec VTI, Zone-Based Firewall, IPS virtual sensors/VLAN groups, ASA reliable static routes, 802.1x authorization and a few more goodies to this lab. The updated content should be less "crazy hard" than its v3.0 predecessor and better mimic the difficulty of the real exam. Still, it was designed to be *harder* than the real stuff, just to make sure you don't relax too much and don't let your guards down ;) Anyways, enjoy the first update in the series! We plan to post updates periodically and finish the whole process in June.

For you CCIE-RS folks waiting for the BGP section to be posted. Our apologies for the delay, we're working to get it done ASAP. The section appears to be bigger than we estimated before, and it may take an extra week to finish it. We'll try to make an intermittent update by the end of this week, covering at least some of BGP Section tasks. Thank you for your patience!


Hi Everyone,

Per our release schedule, the "Multicast" section of IEWB-RS VOL1 has been posted on the members site. IEWB-RS VOL1 is a collection of advanced technology-focused labs with detailed breakdowns and verifications, aimed to provide you with in-depth understanding of every networking technology needed to pass the CCIE lab. The new section is more than 150 pages in size. Here is the list of the topics covered:

PIM Dense Mode
Multicast RPF Failure
PIM Sparse Mode
PIM Sparse-Dense Mode
PIM Assert
PIM Accept RP
PIM DR Election
PIM Accept Register
Multicast Tunneling
Auto-RP - Multiple Candidate RPs
Auto-RP - Filtering Candidate RPs
Auto-RP Listener
Auto-RP and RP/MA Placement
Filtering Auto-RP Messages
Multicast Boundary
PIM Bootstrap Router
BSR - Multiple RP Candidates
Filtering BSR Messages
Stub Multicast Routing & IGMP Helper
IGMP Filtering
IGMP Timers
Multicast Helper Map
Multicast Rate Limiting
Bidirectional PIM
Source Specific Multicast
DVMRP Interoperability
Multicast BGP Extension
Anycast RP
Catalyst IGMP Snooping
Catalyst Multicast VLAN Registration
Catalyst IGMP Profiles

You may find a sample lab from the section posted on this blog at Understanding BSR Protocol. The remaining "BGP" section of IEWB-RS VOL1 in being updated and should be posted soon as well.


Hello everybody,

as promised before, we posted the initial update to our Security Workbook VOL1 matching new new CCIE Security v3.0 blueprint. It covers the "ASA Firewall" section of the lab exam blueprint and contains 50 technology focused mini-scenarios. All customers with active subscription to the existing version of IEWB-SC VOL1 should see the new material under their members site accounts. The new content has been rewritten from scratch, with the task wording changed along with breakdowns, comments and explanatins added. You will see the mini-labs presented in "challenging" format, matching our new philosophy for the updated line of CCIE products. Of course, there are new scenarios covering the updated CCIE Security lab blueprint. If you are wondering why we jumped from version 3.2 to v5.0, there are few good reasons. Firstly, it symbolizes the unified design philosophy of our RS and SC products as the most recent version of RS products is v5.0. Secondly, you should remember how they jumped to IPv6 from IPv4. We thought that's a good idea too. And last, but not least - Cisco did the same trick to their line of unified communication products! ;)

Finally, Here is the list of topics covered in this update. The highlighted topics correspond to the completely new scenarios added to the section. Notice however, that all other tasks have been completely updated as well! Happy studying!

ASA Firewall
VLANs and IP Addressing
Advanced Routing
IP Access-Lists
Object Groups
Administrative Access
ICMP Traffic
URL Filtering
Dynamic NAT and PAT
Static NAT and PAT
Dynamic Policy NAT
Static Policy NAT and PAT
Identity NAT and NAT Exemption
Outside Dynamic NAT
DNS Doctoring using “Alias”
DNS Doctoring using “Static”
Fragmented Traffic
IDENT Issues
BGP across the Firewall
Stub Multicast Routing
PIM Multicast Routing
Network Time Protocol
System Logging
Filtering System Logs
SNMP Monitoring
DHCP Server
HTTP Traffic Inspection
FTP Traffic Inspection
SMTP Traffic Inspection
TCP Inspection
Management Traffic Inspection
ICMP Traffic Inspection
Threat Detection
Un-Stealthing the Firewall
Traffic Policing
Low Latency Queuing
Traffic Shaping
Hierarchical Queuing
Transparent Firewall
ARP Inspection
Ethertype Access-Lists
Transparent Firewall NAT
Firewall Contexts
Firewall Contexts Routing
Firewall Contexts Classification
Resource Management
Active/Standby Failover
Active/Active Failover


Labs 4 and 5 in the CCIE Routing & Switching Lab Workbook Volume 2 Version 5.0 is now posted on the members site. More labs in this series will be posted shortly, along with more updates to Volume 1.

Happy Labbing!


Lab 3 for our CCIE Routing & Switching Lab Workbook Volume 2 Version 5.0 is now posted on the members site.  A Lab Meet-Up for this scenario is scheduled today at 10:00 Pacific time (GMT -8).  The Class-on-Demand version will be posted shortly afterwards.  More labs in this series will begin posting next week, which will give people more time to actually configure the scnearios before attending the Lab Meet-Ups.

Also, Lab Meet-Ups will resume running on a weekly basis (starting today).  More detailed scheduling information will be available on this shortly.  Hope to see you there!


The IPv6 section for IEWB-RS Volume 1 Version 5.0 is now posted on the members site. This leaves only BGP and Multicast left for completion, which are both currently in development. More information will be posted on those shortly. The following sections are available for IPv6:

  • IPv6 Link-Local Addressing
  • IPv6 Unique Local Addressing
  • IPv6 Global Aggregatable Addressing
  • IPv6 EUI-64 Addressing
  • IPv6 Auto-Configuration
  • RIPng
  • RIPng over NBMA
  • RIPng Summarization
  • RIPng Prefix Filtering
  • RIPng Metric Manipulation
  • RIPng Default Routing
  • OSPFv3
  • OSPFv3 over NBMA
  • OSPFv3 Virtual Links
  • OSPFv3 Summarization
  • IPv6 Redistribution
  • IPv6 Filtering
  • IPv6 NAT-PT
  • IPv6 MP-BGP
  • IPv6 Tunneling
  • Automatic 6to4 Tunnels
  • ISATAP Tunnels

The OSPF section of Internetwork Expert's CCIE Routing & Switching Lab Workbook Volume 1 Version 5.0 is completed and available on the members site.  The final release contains around 50 lab scenarios in approximately 250 pages, and covers all relevant aspects of OSPFv2 routing, with extra detail focused on understanding how OSPF path selection occurs, and reading the OSPF database.  The final release consists of the following sections:

  • OSPF over Broadcast Media
  • OSPF over Non-Broadcast Media
  • OSPF DR/BDR Election Manipulation
  • OSPF Network Point-to-Point
  • OSPF Network Point-to-Multipoint
  • OSPF Network Point-to-Multipoint Non-Broadcast
  • OSPF Network Loopback
  • OSPF Path Selection with Auto-Cost
  • OSPF Path Selection with Cost
  • OSPF Path Selection with Bandwidth
  • OSPF Path Selection with Per-Neighbor Cost
  • Repairing Discontiguous OSPF Areas with Virtual-Links
  • OSPF Path Selection with Non-Backbone Transit Areas
  • OSPF Path Selection with Virtual-Links
  • OSPF Demand Circuit
  • OSPF Flooding Reduction
  • OSPF Clear Text Authentication
  • OSPF MD5 Authentication
  • OSPF Null Authentication
  • OSPF MD5 Authentication with Multiple Keys
  • OSPF Internal Summarization
  • OSPF Path Selection with Summarization
  • OSPF External Summarization
  • OSPF Stub Areas
  • OSPF Totally Stubby Areas
  • OSPF Not-So-Stubby Areas
  • OSPF Not-So-Stubby Areas and Default Routing
  • OSPF Not-So-Totally-Stubby Areas
  • OSPF Stub Areas with Multiple Exit Points
  • OSPF NSSA Type-7 to Type-5 Translator Election
  • OSPF NSSA Redistribution Filtering
  • OSPF LSA Type-3 Filtering
  • OSPF Forwarding Address Suppression
  • OSPF Default Routing
  • OSPF Conditional Default Routing
  • OSPF Reliable Conditional Default Routing
  • OSPF Filtering with Distribute-Lists
  • OSPF Summarization and Discard Routes
  • OSPF Filtering with Administrative Distance
  • OSPF Filtering with Route-Maps
  • OSPF NSSA ABR External Prefix Filtering
  • OSPF Database Filtering
  • OSPF Stub Router Advertisement
  • OSPF Interface Timers
  • OSPF Global Timers
  • OSPF Resource Limiting
  • Miscellaneous OSPF Features

Stay tuned as more sections for the volume 1 workbook will start posting next week.

Happy labbing!

Subscribe to INE Blog Updates