CCIE round #2

lrblrb Posts: 526Member
After two weeks of partying like the Wolf of Wall Street (yeah right) I have decided to brush off the lab and return to studying for my second CCIE in SP. I plan to take the V4 written on the first day it is available (May 2015) and the lab soon after.

Similar to my R&S thread, I will use this to track my progress and general thoughts and I will use my blog to write up more details about some of the technologies on the SP blueprint and other networking related things. One thing I like about tracking progress in these types of threads as that it makes you somewhat accountable in progressing your learning.

My reading list for this will be:
  1. MPLS Fundamentals (already read many times)
  2. MPLS Traffic Engineering
  3. BGP Design and Implementation
  4. Routing TCP/IP Volume 1 (for IS-IS)
  5. QoS for MPLS
  6. MPLS VPN Architectures 1 and 2
  7. IOS XR Fundementals
I will also use my INE All Access Pass until it runs out to watch ATC videos and the SPv3 workbook.

I am going to stop using web-IOU and try to use unetlab exclusively because it is easy to create large routing topologies with a few XR instances and 10+ XE instances using CSR1KV. I will buy another box that I can run ESXi on which will be used exclusively for running the unetlab master, and still have enough memory to run several XRv's (3GB RAM minimum per instance).

Three hours of reading and labbing today:

1) MPLS Route Target Constraint - I really like this feature, especially when used with route reflection, to prevent RRs from sending VPNv4/v6 prefixes to PE routers who are just going to drop them anyway. If you have ever used question mark when writing address-family under BGP you may have seen rtfilter - this is what route target constraint uses.

2) Some IS-IS basics such as neighbour establishment, levels, default routing between levels when the L1/L2 router sets the ATT bit on the LSP

3) IS-IS route leaking from L2 to L1 and also from L1 to L2 (to prevent L1 routes from entering the L2)
«134

Comments

  • Alex90Alex90 Posts: 289Member
    You are a Ninja my friend! I look forward to seeing how you get one icon_thumright.gif
  • JoJoCal19JoJoCal19 California Kid Posts: 2,801Mod Mod
    Wow only a two week break huh, awesome motivation. Good luck in your pursuit of #2!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • joelsfoodjoelsfood Posts: 1,027Member ■■■■■■□□□□
    You are a glutton for punishment, my good man
  • fredrikjjfredrikjj Posts: 879Member
    Good luck!

    PS.
    I'm looking forward to using you for all MPLS questions :)
  • gorebrushgorebrush Posts: 2,741Member
    We are not worthy! Best of luck for #2.

    How good is the unetlab then?
  • jamesp1983jamesp1983 Posts: 2,475Member ■■■■□□□□□□
    Wow, you don't waste any time. Good luck.
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
  • RouteMyPacketRouteMyPacket Posts: 1,104Member
    See, the greed takes over...always has to be another. ha

    I have a big decision of my own to make soon, R&S or Security

    Good luck, once you get the SP, DE should be next since there is so much SP at play
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • broli720broli720 Posts: 394Member ■■■■□□□□□□
    See, the greed takes over...always has to be another. ha

    I have a big decision of my own to make soon, R&S or Security

    Good luck, once you get the SP, DE should be next since there is so much SP at play

    R&S would be my choice because I enjoy that material more, but that's my opinion. Good luck to the both you!
  • JeanMJeanM Posts: 1,117Member
    Nice job!
    2015 goals - ccna voice / vmware vcp.
  • gorebrushgorebrush Posts: 2,741Member
    See, the greed takes over...always has to be another. ha

    I have a big decision of my own to make soon, R&S or Security

    Good luck, once you get the SP, DE should be next since there is so much SP at play

    DC, right?
  • lrblrb Posts: 526Member
    Thanks guys!
    gorebrush wrote: »
    How good is the unetlab then?

    It's pretty good so far, I've done some pretty thorough XRv testing on it and it works very well. I will run it up on an AWS instance on the weekend and maybe open it up for people to have a play with it when I get it into a state I'm happy with.
    I have a big decision of my own to make soon, R&S or Security

    Good luck, once you get the SP, DE should be next since there is so much SP at play

    I would say R&S is a great choice because it has so much carry over to other tracks, which is th main reason I went with SP because the carry over is huge. I would say R&S also has the best materials out there from vendors, including workbooks, ATCs, books, and videos.
  • lrblrb Posts: 526Member
    2 hours tonight:

    1) Some more reading on how LSPs are updated in IS-IS including MaxAge, refresh intervals, etc

    2) Played around with various ways to set the OL bit in an LSP to create a similar affect to max-metric LSA from OSPF if you are waiting for BGP to converge or you want to do planned maintenance on a router.

    3) Did some labbing on excluding transit links in IS-IS which is functionally equivalent to OSPF's prefix suppression. The scaleable way in IS-IS is to run your loopback (that will be used as the BGP update source and MPLS router ID) as a passive interface and tell IS-IS to only advertise the prefixes of passive interfaces. Neat!
  • bharvey92bharvey92 Posts: 419Member
    One IE is not enough eh? :) Good luck my friend, I enjoyed your last thread I'm sure this one will be just as informative!
    2018 Goal: CCIE Written [ ]
  • EssendonEssendon Posts: 4,548Member ■■■■■■■■■■
    This is serious motivation Luke! Go for it mate!
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • lrblrb Posts: 526Member
    About 4 hours today:

    1) Went over a lot more IS-IS theory including fragmented LSPs, ATT and OL bit, difference between LSPs, CSNPs, and PSNPs, and all of the different TLVs supported by IOS

    2) Went over clear text and MD5 authentication. This took a lot longer than planned. If you specify IS-IS "new style" authentication isis authentication ... under the interface it authentications the Hello packets but nothing else, and if you configure the same authentication at the process level it authenticates every packet every packet except for the Hello. Nevertheless, it results in an situation where one side thinks that the adjacency up but then invalidates the incoming CSNPs, and the other end just keeps invalidating the hello packets.
  • lrblrb Posts: 526Member
    Decided to do another hour before I went out to watch the EPL tonight :). I've been doing some more labbing with MPLS with IS-IS as the IGP and it seems to be that the only way a SP would run it would be a completely flat level 2. Areas simply break the MPLS LSPs unless you leak the L2 routes to the BGP loopbacks into the L1. Actually it's made worse with IS-IS because the default is not advertised into L1, it is created by L1 routers when they see an L1/L2 router attached to another area. Therefore no label is created or advertised in LDP.

    Anyone have another perspective on why you wouldn't run just a flat level 2 in a SP network?
  • OfWolfAndManOfWolfAndMan Posts: 923Member ■■■□□□□□□□
    Congrats on the CCIE number Luke, and good luck to you on the SP side of things!
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • lrblrb Posts: 526Member
    Thanks mate! I see that you're reading CCIE OCG... do I sense a CCIE thread coming :winkicon_confused.gif
  • lrblrb Posts: 526Member
    I've posted the DMVPN solutions on my blog for anyone who was following my other thread :) DMVPN Troubleshooting Solutions | Internetworking blog by CCIE #45527

    The second part of the workbook I've tried to show my method for troubleshooting things. I've also updated some of the initial configs which had minor errors in them such as some interfaces not being brought up initially.

    On the SP side of things, I did watched two hours of INE ATC videos today on MPLS TE. In a week I'm on Narbik's SP bootcamp so I'm looking forward to another intense week!
  • NOC-NinjaNOC-Ninja Posts: 1,403Member
    Goodluck! Thats a lot of work!
  • lrblrb Posts: 526Member
    I had a day off of work today so I decided to hit the INE racks and the IS-IS portion of the SPv3 workbook. While at it, I renewed my AAP for another 2 hours for $1500, and got an extra 500 tokens! I have about 1300 tokens now so that is around 200 hours of SP rack rental (6 tokens/hr). I really like unetlab and web-IOU but there are some things I will need to do on real hardware such as VPLS. The SP workbook is nowhere near as comprehensive as the R&S one, but that's to be expected seeing as more people would do R&S first before SP rather than the other way around I would think.

    6 hours today:
    1) Read the AToM and VPLS chapters in MPLS Fundamentals

    2) Completed all of the IS-IS sections from the SPv3 workbook.

    3) Went through a bunch more examples on partial vs full SPF runs using my little unetlab topology and matching the debug output to my notes.
  • lrblrb Posts: 526Member
    After a few days off sick, it's now 4AM Australia time and I'm starting the SPv3 online bootcamp :) Paul Negron (the instructor) seems pretty awesome so far
  • lrblrb Posts: 526Member
    About 12 or so hours today I think.. I'm kind of tired right now from the early wakeup so my sense of time is pretty hazy :)

    1) Lectures on mostly IS-IS and BGP basics for about 7 or so hours.

    2) Did all of hte IS-IS sections in the workbook and most of OSPF (most of this was was covered in R&S anyway)

    The SP bootcamp is really good, Paul definitely knows his stuff
  • lrblrb Posts: 526Member
    I'm still getting used to the early starts but at least lectures finish around 11AM so the rest of the day is mostly homework. Each day I've probably done at least about 3-5 hours of homework too.

    A lot of stuff on the course has been a carryover from R&S and really the extra stuff so far has been inter-AS VPN and TE, which were covered pretty quickly.

    The following video has been pretty good to clear up some questions I had on TE:

    https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=5997&backBtn=true

    And this is also not a bad read for people studying for R&S or SP:

    Service Provider Security - Cisco Systems
  • lrblrb Posts: 526Member
    The bootcamp last week was really good and I definitely learned more about my weaker areas, namely some of the different inter-AS VPN options and TE. I'll write something more up about it later but for now that will be my last bit of SP study for the year as I will be working on a writing a tool to test different failure scenarios for a customer at work. I might make it available on my blog when its done too as some people might find a good use for it in their environments.

    Have a good Christmas and new years everybody :)
  • OfWolfAndManOfWolfAndMan Posts: 923Member ■■■□□□□□□□
    lrb wrote: »
    Thanks mate! I see that you're reading CCIE OCG... do I sense a CCIE thread coming :winkicon_confused.gif

    Haha. You know it! Lots of reading! Unfortunately, I have to justify a budget for some better switches first. The QoS material is killer though.
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • lrblrb Posts: 526Member
    Sometimes you don't realise how much you need a break until you actually take one. Nearly 2 weeks off of studying has made me feel much more refreshed and ready to get back on track. Hope everyone else enjoyed their breaks too!

    Started back with a relatively easy night tonight of reading Traffic Engineering with MPLS and doing some very small TE labs for maybe about an hour and a half.
  • Alex90Alex90 Posts: 289Member
    Out of interest, did you do CCNP SP or CCIP before you did the CCIE? I just wondered how the exam topics differ between CCNP, CCNP SP, CCIE and CCIE SP as it seems that order of exams is the natural progression.
  • lrblrb Posts: 526Member
    I did CCNP R&S, then CCIP, then they got rid of CCIP so I did the two-exam path to get the CCNP SP for current CCIP holders, then I did CCIE R&S.

    The CCNP SP is a good option after getting the CCNP R&S because it will give you a very good start on CCIE R&S topics such as multicast, MPLS, and BGP in a lot more detail. The only thing is you will need to know how to implement everything on both IOS and IOS-XR; not a big deal if you look at it in the grand scheme of things as you will have another desirable skill :) You can spin up a few instances of XRv (free!) for about 6GB of memory and connect it to your existing lab infra to get the practice in too.
  • gorebrushgorebrush Posts: 2,741Member
    I wish I'd had done CCIP when I had the chance, but never bothered. Would have been handy, but it's a bit moot with the IE lab coming at me fast :D
Sign In or Register to comment.