Passed v5 written - my thoughts
So I passed the written v5 today with a pretty good score but I would not say it was an easy exam. There were a lot of "trivial pursuit" style questions where you just simply had to recall some default settings in IOS (obviously can't say much more than that due to NDA) which I find is just silly on a CCIE exam. In the real world if I want to see some particular default value I will use a show command to find it out. And don't skimp out on studying the "written only" topics like PfR, GET VPN, etc, like I did because this could come back to bite you.
Oh well, I've got that over and done with now so it's onto the CCIE lab in about 8 weeks I guess
.
I really only used routing TCP/IP vol1 and vol2 and cisco.com. With the new exam objectives, it's really easy to work out what you need to study. I pretty much picked one or two topics to study a night after work, and labbed then documented my findings using IOU and Evernote. I probably studied for about 8 weeks for about 3 hours a night and maybe 15 hours over the weekends. When I labbed, I would pretty much try to tweak any settings I possibly could to see how that affected things using debug/show/pcaps.
Once I've had a few days to finish Watch Dogs on the PS4 I will get back into the swing of things and start going over Narbik's workbooks (all the way from fundamentals to the advanced technologies and troubleshooting ones) and then probably purchase a few full-scale test labs from 360 or whatever it's called now.
Happy to provide more info on how I prepared for the exam if anyone wants it.
Oh well, I've got that over and done with now so it's onto the CCIE lab in about 8 weeks I guess
.I really only used routing TCP/IP vol1 and vol2 and cisco.com. With the new exam objectives, it's really easy to work out what you need to study. I pretty much picked one or two topics to study a night after work, and labbed then documented my findings using IOU and Evernote. I probably studied for about 8 weeks for about 3 hours a night and maybe 15 hours over the weekends. When I labbed, I would pretty much try to tweak any settings I possibly could to see how that affected things using debug/show/pcaps.
Once I've had a few days to finish Watch Dogs on the PS4 I will get back into the swing of things and start going over Narbik's workbooks (all the way from fundamentals to the advanced technologies and troubleshooting ones) and then probably purchase a few full-scale test labs from 360 or whatever it's called now.
Happy to provide more info on how I prepared for the exam if anyone wants it.
Comments
"I really only used routing TCP/IP vol1 and vol2 and cisco.com. With the new exam objectives, it's really easy to work out what you need to study. "
I wish you the best of luck, I really do but there is a reason it seems nobody is sitting the v5 lab right now. I know of two lab attempts in the last 4 months and while there not one person was sitting R/S which is unheard of but it's due to the changes. I am anxious to hear what the new Diagnostics portion is like.
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it?
That's always welcome
As I said, after Cisco came out with their exam transparency initiative I think it's made studying for this a lot more clearer about what things they are looking to test on. I remember the old BSCI exam objectives were like "Configure, verify, and troubleshoot OSPF" and so you were always stuck trying to figure out where to focus most of your efforts on. At least with the new blueprint you can think "okay, they have clearly stated that they are testing on stubs, NSSA, transit capability, virtual link, LFA, etc". And with me personally, I don't remember things just from reading as I would if I started from the ground up on a topic and labbed it up and watched every single debug line and tried to figure out myself what was going on". But yes those three resources I mentioned were the only real ones I read, other than whatever links came out of googling e.g. NHRP shortcut and seeing reading some blogs or articles on whichever site I thought gave me the best info for something I was having trouble understanding.
But I'm 100% with you on being nervous about the lab horror stories that I've heard. I asked Bruno (CCIE R&S program manager) at Cisco Live this year if these were anything like the old OEQs and he said absolutely not. However, I don't want to get burned because my methodology for diagnosing a problem with the resources I have is different from Bruno's (and obviously all of the other people who work very hard on the CCIE program).
I should also mention my aggressive timeline is because I'm changing jobs in about 10 weeks to be a senior security engineer so my day-to-day at-work activities that contribute to my R&S study will pretty much stop for about a year while I'm on this project. For the last 6 months and the next 10 weeks I pretty much work solely with DMVPN, IPsec and MPLS for customers. Working with DMVPN for customers in Australia has actually made me appreciate RIP again
Good job!
I have seen a few v5 attempts on ieoc.com. All will be retaking it unfortunately.
Yes I have seen the same thing happening. I usually look at the "Success Stories" subforum and there haven't been any v5 passes (unless I missed them).
Jeff Kronlage's CCIE Study Blog: A different perspective on CIR, PIR, Tc, Bc & Be
ipv6 address autoconfig works however if I set the ipv6 nd other-config-flag command on the router to set the O bit but this doesn't solve my issue with trying to get stateful DHCPv6 to work.
I have done nothing but this stupid task for about the last 2 hours and I'm prepared to blame this on an IOU bug
So incase anyone doesn't want to become frustrated at DHCPv6 like me, if you want to configure IOS as a DHCPv6 client use the following commands.
When you guys have been doing mocks, what kind of drawings do you typically do at the start? IP addressing, layer 2, routing protocols?
1) Narbik's v4 workbook: OSPF filtering with prefix lists, summarizing with the no-advertise option, AD changes, LSA filtering, etc. Made a few errors with the Summary LSA filtering between areas in relation to the in and out keywords.
2) Some more IPsec/DMVPN practice with Phase 3 (shortcut/redirect)
3) Narbik's v4 workbook: OSPF NSSA suppress-FA, NSSA default routing, and OSPF over DMVPN
I used to draw just IP addressing and routing protocols real quick but I heard that in the V5 you don't even have time to do IP addressing so it is better just to sketch out the routers and routing protocol without interface and IP addresses.
Blog >> http://virtual10.com
Thanks mate!
Started tonight with some redistribution from Naribik's workbook. In an effort to make sure I know how to do things as well in named-mode EIGRP as I do classic EIGRP, I did the redistribution into EIGRP tasks with named-mode. However, don't fall into the habit I do with your defualt metrics.
Example:
Will result in other routers in the EIGRP AS with an inacessible distance to the redistributed network.
Anyway that's another 3 hours in the book tonight
For anyone who doesn't have a good process of which tags to use and knowing how to set up the filtering, I use something similar to this:
I set the tag to the default AD of the source routing protocol in the redistribution config. For example, when I'm redistributing RIP to OSPF, I set the tag to 120 and all other routers who are performing OSPF to RIP redistirbution are configured to deny routes with tag 120 because these routes are assumed to have been originated in the RIP domain.
Hopefully this should help with speed in a redistribution task on the lab
1) Completed nearly 200 pages of MPLS from Narbik's workbook (Basics, LDP, L3VPN, PE-CE routing); nothing too hard here except that if you are using the OSPF as the IGP within the SP network it is much easier to use the command prefix-suppression under the OSPF process rather than using conditional label advertisement in my opinion. If the routes aren't in the RIB, LDP can't create bindings for them!
2) Completed INE labs for PPP, CHAP/PAP, PPPoE, and MLPPP. Missed one command under the virtual-template interface which took me a while to find in the documentation
1) Shared services MPLS VPN, Internet in a VRF, mainly from Narbik's workbook again and INE
2) Went over all of the IPv6 sections in Narbiks workbook
3) IPv6 prefix suppression
4) BGP with IPv6 transport endpoints
IPv6 is probably my slowest area at the moment in terms of setting up IGPs, BGP, typing in the addresses, etc at the moment. I'm trying to move away from using IP version-dependent OSPF and starting to use multi-AF OSPF as much as possible. Hopefully this might save me some time on the lab if there are some routers which are needing to run both OSPFv2 and OSPFv3
E.g.
The verification commands are almost exactly the same too.
R1#show dmvpn Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete N - NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries with same NBMA peer NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting UpDn Time --> Up or Down Time for a Tunnel ========================================================================== Interface: Tunnel100, IPv6 NHRP Details Type:Hub, Total NBMA Peers (v4/v6): 2 1.Peer NBMA Address: 169.254.12.2 Tunnel IPv6 Address: 10:1:123::2 IPv6 Target Network: 10:1:123::2/128 # Ent: 1, Status: UP, UpDn Time: 00:04:57, Cache Attrib: D 2.Peer NBMA Address: 169.254.13.3 Tunnel IPv6 Address: 10:1:123::3 IPv6 Target Network: 10:1:123::3/128 # Ent: 1, Status: UP, UpDn Time: 00:02:09, Cache Attrib: DAlso, the NRHP network IDs do not have to match between spokes and a hub in a single-hub DMVPN design.
I set something similar to our setup in IOU and tested a ping from R1 to R5 (both CE routers; loopback 1.1.1.1/32 and 5.5.5.5/32 respectively. Here are my findings.
With propagate TTL on:
With propagate TTL off on both PE routers:
So how do you get rid of the label on the egress PE router? I looked in MPLS Fundamentals and noticed something interesting in the "Troubleshooting MPLS" chapter on page 502. The cliffs of this are that if the outgoing VPN label is for a BGP aggregate route, the egress PE router has to perform an extra loopkup for the more specific network in the VRF table for the customer and because of this, can send the time exceeded message to the originating router than having to forward it to the customer to then have it come straight back. Because of this, the egress PE router doesn't include the label stack in the time exceeded message because it can send the message back to the original router itself.
Configuration is as follows on the egress PE router (the one closest to the destination IP address in my traceroute commands)
And now looking in the LFIB you can see that the outgoing VPN label (20) is for a BGP aggregate.
As a result, the traceroute command now doesn't show any of the label stack.
Hope that helps anyone else who runs into the same issue as us.
1) IPv6 DMVPN
2) About half of the NAT questions in Narbik's workbook
3) Some random stuff tasks as the MPLS traceroute from above, banners, and SSH
4) BGP multipath, unequal-cost multipath with dmzlink-bw
5) Cost community for pre-bestpath calculations
I really wish INE would hurry up and get their CSRv rentals ready for the full-scale troubleshoot and config labs!
1) Completed all of the NAT labs in the INE v5 workbook. FWIW I find INEs NAT labs a lot easier to go through then Narbik's ones.
2) Stateful NAT with HSRP from Narbik's book
3) NSSA translator election and NSSA traffic engineering from INEs workbooks
I dunno if anyone has already done the INE v5 lab "OSPF NSSA Type-7 to Type-5 Translator Election" but from what I can tell a more elegant solution than the one in the solution is to use the following command:
Don't know if anyone else has an opinion on which one is better? Seems much less harfmul than having to set a new router ID and clear the OSPF instance