I am over the initial euphoria of passing the R/S lab and thinking about the future. I am getting married in March, so before that, I can muster up some time. And since last year studying was all I did, I don’t know what would I do for the next 5 months if not study . Browsing the web about the SP materials, I realized, service provider track is the most neglected of all by the vendors. And that only leads to confusion as I don’t know, which vendor to choose for SP prep, specially considering that 5 months is all I have to start and finish the prep and financial constraints make it impossible for me to gather all prep materials.
Lets Look at IPexpert. The offer Blended Learning Solutions for R/S, Voice and Security, and one track they ignore is…. Yes, the service provider track. According to support, it may take 3 months or more before BLS is out, time I don’t have. Let’s look at their free V-seminars. They offer 9 different seminars for Voice and R/S and only 1 for Service Provider.
InternetworkExpert was supposed to upgrade the SP workbook but that’s long overdue as well. Also, from what I’ve heard the workbook solutions offer NO explanation or verification whatsoever. I’ve heard that dynamips version of same workbook does offer some explanations, but for a guy like me, who is not great comfortable with MPLS at all, the topics that dynamips doesn’t cover will not be available in dynamips workbook and will be problematic. Also, priced at 395 apiece, I cannot afford to buy both dynamips and regular workbook, when they are 90% the same. Due to financial constraints, the COD is out of question for me already. In fact, before my company agreed to finance the bootcamp, all I could buy was first 10 IE labs only. Also their technology labs as I hear need upgrading as well. IE is upgrading R/S technology labs and doing a wonderful job, but again Service Provider track is neglected.
IEMentor earned a good reputation for Service Provider track 3 years back. But they were supposed to release an upgraded version in October 07 and one year after the due date, it’s still not released.
Narbik is making his SP workbooks but those won’t be ready till January next year anyway.
Also, I am unable to find good unbiased reviews of products on the blogsphere.
Anyway, I’d appreciate if anyone has good SP experience and can recommend a particular product.
I have to make a decision soon and start studying again. It almost feels weird when I return to home from office and have nothing to study, which basically means I am getting bored as hell?
Also, I have to ask Ethan if I can post topics regarding SP prep etc here or not. In any case, I write at http://ccie-chronicles.blogspot.com as well. And whatever I write here, is there as well. If Ethan allows me to continue writing here, I will be writing about my SP prep here as well. Until then, I am waiting to hear from readers about the SP prep.
Well this post will be in two parts. The smaller first part will detail what I did to prepare for the lab. And the in second part, I will detail what I think is the best way of preparing for the lab, based on personal experience and problems I had along the way. In short, if I had to prepare for the lab all over again, the path I’d take will be in the recommendations J
My preparation path:
Narbik Kocharian’s Advance Technology Workbook
IEWB Dynamips workbook vol 2 (First 10 labs)
I attended Narbik Kocharians bootcamp in April
I started my journey last year and started working on written and lab simultaneously.
I cleared the written exam in March, and then started concentrating on the lab.
Even before that my method was to read through DOC cd and make small labs to understand a technology and feature using dynamips. By the time I attended Narbik’s bootcamp in April, I had finished first 10 IEWB labs.
After the bootcamp I concentrated on Narbik’s workbook and completed it cover to cover and did some of the IEWB labs over and over again till the lab date.
I followed this path, but will I do the same if I have to do everything all over again? No, I will change the methodology and hence my recommended preparation method is as follows.
Assuming you have cleared your written exam what should be your next step.
Personally I think, you should start with focusing on individual technology.
For that I recommend Narbik’s Advance Technology Workbook. His philosophy is to take a technology, make small labs about every feature and then beat it to death. When you are finished with his workbook, you have typed in 95% of commands you need to know and practiced 95% of all features that can show up.
The figure 95% is estimation, and Narbik is continuously updating his workbooks J
Now, I am also very satisfied with IE workbooks, and IE is reshaping their Vol 1 technology labs according to same philosophy. Up till now, those are in Beta Phase. So at the moment, the only deep technology workbook that I know of is Narbik’s.
I did attend Narbik’s bootcamp and I have only good things to say about it. I chose it because it was the cheapest, but the 5 day bootcamp was really informative and a great experience. Once again, I didn’t attend other vendors’ bootcamps so I cannot compare. But from what I heard, everyone praises both IE and IPexpert bootcamps as well. So I’ll also recommend Narbik’s bootcamp to all readers.
After that, you should start with full scale labs. I only tried IE first 10 labs and I was really happy with those. I didn’t try any other vendor for full scale labs so I cannot comment on those. I would recommend those to all readers as well.
In this way, by doing Narbik;s lab first, you learn to do almost everything you need to, independently. And with full scale labs, you improve your speed, stamina and learn how to approach a full scale lab and get a very good idea about how technologies interact with each other.
I hope this post is useful for readers of this blog.
Well About my experience of the lab, let’s start with basics.
Was the lab very difficult? No, to be true, I found it ridiculously easy. I was done in three and half hours, spent next three and half verifying more than a dozen times, and left an hour early. It may seems like my holier than thou attitude, but right after I reached hotel I had a chat with Daniel Hammerstein, who frequently comments on cciecandidate.com. And he can vouch that I said the same thing to him, even before my result came. That apart from one interpretation (silly language to blame here) and one corner case question, the lab was ridiculously easy. So 94 out of 100 marks were up for grabs for anyone who studied well enough.
So it was all that easy and no glitches?
That’s also not true. A particular question bugged the hell out of me. And guess what, it was an interpretation problem. And while leaving the lab, the only thing I was thinking was that if my interpretations were right, I couldn’t fail. But the uncertainty kept me on edge until I saw the result.
Was there any obscure technologies/out of the world questions? Yes … One question was something I couldn’t have dreamed about showing up. Luckily my practice of focusing on documentation as lab prep paid off and though it was a corner case (mind you a very easy one only if you know it), I didn’t even have to look at DOC CD.
How’d you rate the difficulty level of CCIE lab?
Compared with IEWB labs, I’d say a 5 or 6. Why I’d rate the lab like that. Well the breadth of technologies tested was broad, but IE labs generate problems within themselves, for example redistribution causes loops, preferring a path some time causes RFP failures in multicast, some security features break connectivity. Means a task, simple as maybe, often causes deep running problems. CCIE lab tested knowledge about everything and then some, but questions were fairly independent and they question didn’t cause hidden problems. That is why I think lab was easy.
Was DOC CD available and were there any broken links?
I only accessed 3560 configuration guide and that was accessible without a problem.
What about lab facility?
Well Dubai has a small room for CCIE lab, with 5 seats. We were four people in the same room. At least in Dubai, you are provided with different color highlighters and plethora of lead pencils.
A word about the Proctor?
Mr.Zia was an extremely nice guy. Not very helpful in my particular case though I bugged him throughout for the same question and he told me that I was over thinking the issue. To be fair, I was asking him the question in format of “Is it A or B?” and he couldn’t give away the answer But later I rephrased the question and he did his best to eliminate my confusion. Needless to say, in a high pressured environment like the lab, confusions don’t go away easy. He was also very friendly and not snobbish at all.
How I approached the Lab?
Well, I started of by drawing a L3 diagram. L2 diagrams were provided and were very clear, and so were L3 diagrams, but to be able to write on the paper, and avoid turning back the pages, I drew my own diagram. I spent the first 20 minutes reading the lab, drawing L3 diagram and creating aliases. By one and half hour I had completed the L2 section. By the way, my particular lab had a very heavy L2 section. I was done with IGP and verification by two and half hours and then everything flew by. I mean in an hour I was able to do security, BGP, multicast, Ip services and QOS with around 10 minute each on every section. Here the questions were straight forward without any ambiguities and often very very simple if you know what you are doing. I didn’t draw a bgp diagram, but I strongly recommend it. On my L3 (IGP) page; I used a different color maker to designate BGP.
Lunch was after 5 hours in my case. By Lunch time I had gone over the verification at least four times and was still worried about my interpretation of a particular question. I didn’t eat anything during lunch, so cannot comment on quality of food.
After the lunch break, I started verification again. This time around, I’d sh runn before running the verification commands and went over each question 6 or 7 time again. Around 7 hours into lab, I’ve had enough and couldn’t stand to sit there anymore, so I left sweating and hoping.
I couldn’t sleep and kept on checking t email 10 times an hour. Around 2 AM I received the email that my score report is available, and between the time I clicked on the link and saw the report, I kept trembling and all my confidence went down the drain :P Its been around 24 hours and I am still high like I am on speed: D and loving the feeling. What Next?
Haven’t thought about it, and will not at least during September again
I will write another post in coming days on my views on preparation and advice for CCIE candidates. So keep checking the pages.
While reviewing IEWB VOL 1 VER 5 labs, I discovered a new feature: EIGRP Stub with Leak Map. I spent some time researching the topic and found out a variation of the feature which is not explored in the workbook. Here I’ll try to demonstrate EIGRP stub routing with leak map as well as what is called strictly controlled Leak Maps.
Our topology is shown in the figure.
The basic routing configuration on the routers is as follows. R4 and R5 are running rip.
R4: router rip version 2 passive-interface default no passive-interface Serial1/0 network 184.108.40.206 no auto-summary
R5: router rip version 2 network 220.127.116.11 network 18.104.22.168 no auto-summary
The rip table of R4 is as follows.
R4#sh ip route rip 22.214.171.124/24 is subnetted, 4 subnets R 126.96.36.199 [120/1] via 188.8.131.52, 00:00:22, Serial1/0 R 184.108.40.206 [120/1] via 220.127.116.11, 00:00:22, Serial1/0 R 18.104.22.168 [120/1] via 22.214.171.124, 00:00:22, Serial1/0 R 126.96.36.199 [120/1] via 188.8.131.52, 00:00:22, Serial1/0
R4: router eigrp 10 network 184.108.40.206 0.0.0.0 no auto-summary
Also at R4 we have mutual distribution between Rip and EIGRP.
R4 router eigrp 10 redistribute rip met 1 1 1 1 1 router rip redistribute eigrp 10 met 1
Now we examine the routing tables on R2 and R3. We notice that all eigrp routes, including the external RIP routes are in routing table.
R2#sh ip route eigrp 220.127.116.11/24 is subnetted, 4 subnets D EX 18.104.22.168 [170/2560537856] via 22.214.171.124, 00:00:18, Serial1/0 D EX 126.96.36.199 [170/2560537856] via 188.8.131.52, 00:00:18, Serial1/0 D EX 184.108.40.206 [170/2560537856] via 220.127.116.11, 00:00:18, Serial1/0 D EX 18.104.22.168 [170/2560537856] via 22.214.171.124, 00:00:18, Serial1/0 126.96.36.199/24 is subnetted, 4 subnets D 188.8.131.52 [90/2195456] via 184.108.40.206, 00:03:54, Serial1/0 D 220.127.116.11 [90/2195456] via 18.104.22.168, 00:03:54, Serial1/0 D EX 22.214.171.124 [170/2560537856] via 126.96.36.199, 00:00:18, Serial1/0
R3#sh ip route eigrp 188.8.131.52/24 is subnetted, 4 subnets D EX 184.108.40.206 [170/2560051456] via 220.127.116.11, 00:00:40, Ethernet0/0 D EX 18.104.22.168 [170/2560051456] via 22.214.171.124, 00:00:40, Ethernet0/0 D EX 126.96.36.199 [170/2560051456] via 188.8.131.52, 00:00:40, Ethernet0/0 D EX 184.108.40.206 [170/2560051456] via 220.127.116.11, 00:00:40, Ethernet0/0 18.104.22.168/24 is subnetted, 4 subnets D 22.214.171.124 [90/307200] via 126.96.36.199, 00:03:50, Ethernet0/0 D 188.8.131.52 [90/2195456] via 184.108.40.206, 00:03:50, Ethernet0/0 D EX 220.127.116.11 [170/2560051456] via 18.104.22.168, 00:00:40, Ethernet0/0
Now we’ll configure R1 as stub. As a result all external routes should disappear from R2 and R3.
R1 router eigrp 10 eigrp stub connected
R2#sh ip route eigrp 22.214.171.124/24 is subnetted, 3 subnets D 126.96.36.199 [90/2195456] via 188.8.131.52, 00:00:23, Serial1/0 D 184.108.40.206 [90/2195456] via 220.127.116.11, 00:00:23, Serial1/0
R3#sh ip route eigrp 18.104.22.168/24 is subnetted, 3 subnets D 22.214.171.124 [90/307200] via 126.96.36.199, 00:01:15, Ethernet0/0 D 188.8.131.52 [90/2195456] via 184.108.40.206, 00:01:15, Ethernet0/0
Now we’ll discover different options for leak maps by implementing different routing policies.
Configure R1 such that R2 and R3 have reach ability to 220.127.116.11 and 18.104.22.168 networks.
For this we’ll match the desired networks in an access-list and then implement EIGRP stub Leak Map.
R2#sh ip route eigrp 22.214.171.124/24 is subnetted, 2 subnets D EX 126.96.36.199 [170/2560537856] via 188.8.131.52, 00:00:28, Serial1/0 D EX 184.108.40.206 [170/2560537856] via 220.127.116.11, 00:00:28, Serial1/0 18.104.22.168/24 is subnetted, 3 subnets D 22.214.171.124 [90/2195456] via 126.96.36.199, 00:00:28, Serial1/0 D 188.8.131.52 [90/2195456] via 184.108.40.206, 00:00:28, Serial1/0 R2#
R3#sh ip route eigrp 220.127.116.11/24 is subnetted, 2 subnets D EX 18.104.22.168 [170/2560051456] via 22.214.171.124, 00:00:20, Ethernet0/0 D EX 126.96.36.199 [170/2560051456] via 188.8.131.52, 00:00:20, Ethernet0/0 184.108.40.206/24 is subnetted, 3 subnets D 220.127.116.11 [90/307200] via 18.104.22.168, 00:00:20, Ethernet0/0 D 22.214.171.124 [90/2195456] via 126.96.36.199, 00:00:20, Ethernet0/0 R3#
Policy 2: Configure R1 such as R3 sees both 188.8.131.52 and 184.108.40.206 networks but R2 cannot.
Here we can use ‘match interface’ option in the route-map. This is called strictly controlled Leak map. The login is as follows
1. If “match interface” options is not used, routes are leaked on all interfaces. 2. If “match interface” option is used, routes are ONLY leaked on the interface matched.
So we’ll use match interface argument in the route-map and only match interface Ethernet 0/0, which is connected to R3.
route-map EIGRP_LEAK permit 10 match ip address 1 match interface e0/0
R1#sh route-map route-map EIGRP_LEAK, permit, sequence 10 Match clauses: ip address (access-lists): 1 interface Ethernet0/0 Set clauses: Policy routing matches: 0 packets, 0 bytes
Now we examine the routing tables.
R2#sh ip route eigrp 220.127.116.11/24 is subnetted, 3 subnets D 18.104.22.168 [90/2195456] via 22.214.171.124, 00:02:42, Serial1/0 D 126.96.36.199 [90/2195456] via 188.8.131.52, 00:02:42, Serial1/0
R3#sh ip route eigrp 184.108.40.206/24 is subnetted, 2 subnets D EX 220.127.116.11 [170/2560051456] via 18.104.22.168, 00:03:55, Ethernet0/0 D EX 22.214.171.124 [170/2560051456] via 126.96.36.199, 00:03:55, Ethernet0/0 188.8.131.52/24 is subnetted, 3 subnets D 184.108.40.206 [90/307200] via 220.127.116.11, 00:03:55, Ethernet0/0 D 18.104.22.168 [90/2195456] via 22.214.171.124, 00:03:55, Ethernet0/0
So, only R3 is seeing the leaked networks now, and R2 hasn’t.
Policy 3: Allow R3 access to 126.96.36.199/24 and 188.8.131.52/24 networks only. Allow R4 access to 184.108.40.206/24 and 220.127.116.11/24 only.
So we’ll match the other two routes in another access-list and match that and Interface S1/0
On R1: route-map EIGRP_LEAK permit 20 match ip address 2 match interface s1/0
R1#sh route-map route-map EIGRP_LEAK, permit, sequence 10 Match clauses: ip address (access-lists): 1 interface Ethernet0/0 Set clauses: Policy routing matches: 0 packets, 0 bytes route-map EIGRP_LEAK, permit, sequence 20 Match clauses: ip address (access-lists): 2 interface Serial1/0 Set clauses: Policy routing matches: 0 packets, 0 bytes
Now we examine the routing tables.
R3#sh ip route eigrp 18.104.22.168/24 is subnetted, 2 subnets D EX 22.214.171.124 [170/2560051456] via 126.96.36.199, 00:05:48, Ethernet0/0 D EX 188.8.131.52 [170/2560051456] via 184.108.40.206, 00:05:48, Ethernet0/0 220.127.116.11/24 is subnetted, 3 subnets D 18.104.22.168 [90/307200] via 22.214.171.124, 00:05:48, Ethernet0/0 D 126.96.36.199 [90/2195456] via 188.8.131.52, 00:05:48, Ethernet0/0
R2#sh ip route eigrp 184.108.40.206/24 is subnetted, 2 subnets D EX 220.127.116.11 [170/2560537856] via 18.104.22.168, 00:00:25, Serial1/0 D EX 22.214.171.124 [170/2560537856] via 126.96.36.199, 00:00:25, Serial1/0 188.8.131.52/24 is subnetted, 3 subnets D 184.108.40.206 [90/2195456] via 220.127.116.11, 00:05:08, Serial1/0 D 18.104.22.168 [90/2195456] via 22.214.171.124, 00:05:08, Serial1/0
Lets test connectivity
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 126.96.36.199, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/58/80 ms R3#ping 188.8.131.52
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 184.108.40.206, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/60/84 ms
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 220.127.116.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/68/96 ms R2#ping 18.104.22.168
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 22.214.171.124, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/58/80 ms
Policy 4: Add a loopback0 126.96.36.199/24 on R3. Allow R3 to reach RIP networks when sourced from Loopback 0.
Well this is to emphasize the point that we need to consider all implications of the configuration we make. Since R1 is a stub connected router, towards R4 it is advertising 188.8.131.52/24 and 184.108.40.206/24 networks which are directly connected, which are then redistributed into RIP and hence R3 and R1 can ping R5’s loopbacks. But R3’s loopback won’t be advertised to R4 and until we add another route-map entry leaking this network to R4, we won’t be able to reach to R5’s loopback networks from R3’s loopback network.
Lets see this
R3: int lo 0 ip add 220.127.116.11 255.255.255.0 router eigrp 10 net 18.104.22.168 0.0.0.0
R3#ping 22.214.171.124 source lo 0
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 126.96.36.199, timeout is 2 seconds: Packet sent with a source address of 188.8.131.52 .....
Success rate is 0 percent (0/5)
Now we add another route-map Entry to allow 184.108.40.206/24 network to leak to R4.
R1: access-list 3 permit 220.127.116.11 0.0.0.255 route-map EIGRP_LEAK permit 30 match ip address 3 match interface e0/1
R4#sh ip route eigrp 18.104.22.168/24 is subnetted, 1 subnets D 22.214.171.124 [90/435200] via 126.96.36.199, 00:00:28, Ethernet0/0 188.8.131.52/24 is subnetted, 4 subnets D 184.108.40.206 [90/307200] via 220.127.116.11, 00:01:39, Ethernet0/0 D 18.104.22.168 [90/2195456] via 22.214.171.124, 00:01:39, Ethernet0/0
Now this network will be redistributed into rip and we’ll have connectivity.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 126.96.36.199, timeout is 2 seconds: Packet sent with a source address of 188.8.131.52 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/54/68 ms
Well that’s about it for EIGRP stub Leak Maps. Please let me know if you find any ambiguity.
A lot of people work differently, and when it comes to preparing for CCIE lab everyone has a different strategy.
Me, I am more of a reader than a handyman :) that is to say, I spend most of the time reading and far less time labbing. Even in the time I lab, I spend most of time making short labs, testing technologies than doing full scale labs. One reason is that I only have 10 dynamips IEWB full scale labs and I already did them twice anyway.
Recently I requested Brian Mcghann and Petr from InternetworkExpert to allow me access to their Vol 1 Beta labs and very generously they did. I am a customer of IE but due to financial constraints, I bought only first 10 dynamips labs and so the vol 1 beta access wasn’t automatically there for me. While I am going through the labs, I must say I am impressed and there is also a feeling of déjà vu. My company financed Narbik’ bootcamp and hence I received his advance technologies workbook. I loved that. Basically Narbik took a technology and beat that to death. Quite similar approach of these Beta labs. When it comes to me, I’d prefer such approach above all other that is to learn everything about a technology rather than doing 40 full scale labs. Even before I went to Narbik’s bootcamp, my method of preparation was to read say 15 pages of documentation a day, and lab them up in small labs on dynamips. Narbik’s labs saved time I spent for cooking up a topology to test a feature.
I have not seen existing versions of Vol 1, but from what I heard those were very basic. These beta labs are not.
Though I am waiting for OSPF, security and QOS Vol 1 labs, and only after that I can rate these VOL 1 labs completely, I have to admit, I really liked these labs up till now. I even learned one new feature of EIGRP which is EIGRP stub routing with leak maps. If I were to advise anyone on how to prepare, my advice would be to go through Narbik’s Advance Technologies Workbook or( if by that time these VOL 1 labs are out) these VOL 1 beta labs, very slowly.
Do each technology in a week, and not only do the labs, read documentation about every feature and learn it properly. And at the end, do 10-20 full scale labs.
Anyway here are my initial impressions of the labs.
Bridging and Switching:
As I mentioned, my idea of technology labs is to cover all about a technology.
I feel bridging and switching sections should include small labs on following topics
IRB (Integrated Routing and Bridging). Of course, we’ll use routers for this J but technology wise the feature should be here DAI (Dynamic Arp Inspection) (Though this topic can be potentially included in security. As I mentioned I need to see the security and QOS, before having a complete idea, as many feature I’d like to see can fall under switching as well as under these two topics. For me, DAI is more of a switching topic.) MVR (Multicast VLAN Registration) And IGMP snooping, IGMP Profile commands etc. But then again, these features may have been covered in Multicast sections. Also IGMP snooping and DAI are inter-related, so for me these should be a part of switching. SDM Templates More explanation in lab 1.18. Trunk ether channel over DOT 1 Q tunnel can cause a lot of problems, if we are not sure of STP and VTP paths throughout our network. Instead of shutting down the links that can cause problems, these problems should be explored. Port Security. ( Again, can be covered in security beta labs)
I again learned a new feature, bridging over frame relay and I thought I knew everything about frame relay.
Covering all the topics I think are necessary to learn RIP.
I learned a new feature here. I can’t make it work though on dynamics unless I add the match interface option in Eigrp Stub Leak Route map.
This needs more research on my part though.
I’ll lab this up over the weekend, and maybe right a tutorial after understanding the feature completely.
Also, I believe strategy wise, IE is on right track.
I’ve known people going through full scale labs rigorously. This approach of learning everything, before doing full scale labs is what I’d recommend and I’ve followed.
I am really looking forward to QOS section, especially Catalyst QOS.