It's my time: Mrock's CCIE thread

spiderjericho · July 2013

vinbuck wrote: »

Come on Gunny, E-7 ain't lowly...at least in my book BTW Happy 4th of July and thanks to you and Mrock for your service

Thanks. And Mrock will tell you, where I'm at there are 4 big organizations on the base ranging from 4-star generals to 2-star (along with a large assortment of general to line officers plus a crap load of GS and contractors), so if it were a lieutenant colonel asking for the training, they wouldn't bat an eye.

Hopefully, it goes through. So far my senior enlisted and the money people are on board, just need the other non tech types to grasp it.

And Mrock getting it in on a holiday. I think your persistence will pay off. Happy 4th to you and your family.

Mrock4 · July 2013

Thanks man! You'll get your digits too! And yeah, it's funny..over there a captain (Army Captain, O-3) is a dime a dozen, let alone all of the enlisted ranks. It's definitely a unique place!

Finished Vol III Lab 1. The Vol III labs are a bit different, the tasks are extremely straightforward and they basically tell you EXACTLY what to do..so it's just a test of speed. Each section has an allotted time limit to it, I managed to configure all of the sections completely correct, and finished in this manner:

-Finished layer 2 about 10 minutes early
-Finished IGP about 35 minutes early (1 hr 35 minutes allowed)
-Finished BGP about 8 minutes early (35 minutes allowed..killed a lot of time here jumping around checking BGP peerings. It was a lot of busy work)

Going to watch the IPv6 Multicast video from INE now then call it a day so we can enjoy the rest of the 4th with our family. IPv6 multicast is now my weakest area, so I'm going to push hard to get better at it in the next few days. I'm now thinking I might attempt a full lab Saturday (since I'd like to hit IPV6 labs again tomorrow if possible). We'll see.

Mrock4 · July 2013

Getting ready to start Lab 9. Also woke up late today because I'm sick, but I should be able to get a good 6 hours in today, so hopefully I'll have the lab nearly finished by the end of the day. We'll see!

vinbuck · July 2013

Haha....two star generals were about the most exciting thing I ever saw, but the guard isn't chock full of 4 star billets. Glad you're getting Uncle Sam to foot the bill. At least I can see my tax dollars going towards something worthwhile instead of IRS movie shoots

I got a little time in yesterday and then took the day off. Will probably lab a bit later today - right now i'm off to find heavily discounted fireworks to add to the arsenal!

Mrock4 · July 2013

Nice! I am thinking about putting on a nice show for the neighborhood next year..once this silly exam is out of the way!

Doing well with Lab 9. Decided to emphasize doing it RIGHT on this lab and not rush it. My goal is to PASS Lab 9 (difficulty of 8, so it's "supposed" to be harder than the actual lab)..granted it might take me 9,10 hours, but I want to make sure my verification is solid. So far it's going very well. Back to labbing!

Mrock4 · July 2013

Lab 9 has dragged on. It's full of things I rarely configure, such as VRF lite (easy to configure, but the scenario it's implemented in caught me off guard), IPV6 6to4 tunnels, and some tricky as-path filtering. That being said I put in 5 hours today and only ended up getting halfway through the lab. Going to put in a couple of hours tomorrow and hopefully I can either finish it or get close.

It seems the consistent theme here is I need to review IPV6 in general- multicast, IP services (IPV6 netflow always gets me), tunneling, etc.

Good news is once Lab 9 is done I planned on getting back to IPV6 anyway.

jamesp1983 · July 2013

Great progress. Keep it up.

Mrock4 · July 2013

Thanks James.

Getting light study today and tomorrow. Whatever I got (seems like the flu) has been really stubborn and has actually gotten worse. Going to take today and tomorrow to get a couple of hours in, and get back to it on Monday hopefully.

down77 · July 2013

Hope you feel better soon. Don't study too hard while you are sick. Take the time to rest up and feel better!

Mrock4 · July 2013

Feeling better now for the most part. Had 3 days off of study- it feels like it's been FOREVER! Going to get some misc labs in tonight since I had a late day at work. I have 6 hours of rack time scheduled tomorrow so I can finish lab 9. On the bright side, today at work was centered around OSPF, so although not technically studying, it has to help toward the lab, right?

Mrock4 · July 2013

Did some pretty interesting multicast labs tonight. Multicast has been a long battle for me- I'm much better than I was, but now I am working on my ability to quickly troubleshoot multicast issues.

Tomorrow I'm going to get back to Lab 9 as I mentioned. Still haven't got back to IPV6 multicast as I intended to. Sounds bad, but it's not terribly high on my priorities list. Right now I am really pushing to get better with troubleshooting and various other non-core topics.

Going to also dedicate some time this week (hopefully) to BGP. I feel really good on BGP right now, but I need to work on the oddball BGP features..I think one evening worth of labs would help a lot here, nothing too intensive.

Mrock4 · July 2013

Busy day today. Getting ready to kick off Lab 9. Not sure if I'm going to finish it this evening but it's all good. Trying to focus on the correct solutions.

Mrock4 · July 2013

Got through a bit of Lab 9, but not nearly as much as I'd hoped..was drained after work so it took a while for me to get started. Will work on it a bit tomorrow but my next large block of study time is Thursday, so it'll likely be Thursday when I completely finish the lab and grade it.

Mrock4 · July 2013

Finishing Lab 9 tonight no matter what! Got 5 1/2 hours reserved this evening so that should be more than enough time. Just realized yesterday that my lab is in just over a month...that means it really is crunch time!

Mrock4 · July 2013

Scheduled a graded TS lab for tomorrow evening since I think that's my biggest threat to failing the exam. I feel confident I can resolve most issues on the actual lab, but I'm just not sure I can resolve them within 2 hours. We'll see!

Back to labbing today.

Mrock4 · July 2013

Finished TS Lab 1. Wow. Let me start off by saying I knew I missed 3 tickets. They go like this:

1) Multicast ticket. After reading the solution I had the right idea, I just wasn't looking in the right place.
2) Telnet ticket ( I had 5 minutes to troubleshoot it, and ran out of time)
3) Misc ticket ( can't remember right now )

Well, after grading was complete, I found that I missed those 3 and a whole lot more! The grading script gave me a 9/22, but said I did better than 64% of people who attempted it (really?!). After looking at the solutions I realized I was actually not in bad shape, but made some minor errors:

-Solved a ticket that wanted you to basically filter out redistributed routes in an NSSA area- I ended up using 2x distribute-lists to do it. I completed the ticket, but not by the solution guides method.

-Solved a ticket that had CoPP host configured- and caused the router to only accept telnet on one interface. I removed it to resolve the ticket, but the solution was to re-route traffic around the issue.

-Made misc other stupid mistakes

So in the end I had the ability to solve every ticket, but just overlooked what was often the simpler approach. I'm not too discouraged, because from a technical standpoint all of the tickets I fully attempted were solved- I just need to pay more attention to the restrictions and be more creative when solving tickets.

Unfortunately it appears there's only 3 graded TS labs, so I'm thinking I'll do another next week, and another the following week. I may retry the lab I did tonight a week before my attempt or so. We'll see.

Anyway, my countdown app shows 42 days till my attempt, so I'd better get to labbing.

NetworkVeteran · July 2013

mrock wrote:

I did better than 64% of people who attempted it (really?!).

Not bad for your first graded TS lab! It must be exciting knowing your but a month away from journey's end!

Mrock4 · July 2013

Thanks man! It's a little nerve wrecking. I'm in a bit of a panic mode as I've realized there's particular topics which I am not nearly where I'd like to be. The good news, is I've embraced the idea of the CCIE (including lab attempts) as a journey..meaning if I fail, I wasn't prepared..I get back to labbing, and re-attempt. Ideally I'd pass the first time, but the only thing that'll come out of a fail is I'll be forced to learn more things..so I'm trying to keep that in mind.

Zartanasaurus · July 2013

9/22 is what I got on my first INE TS lab. Glad to know that was a GOOD score.

Mrock4 · July 2013

Thanks for that Zartan, makes me feel like I'm not in TOO bad of shape. I still am in an uphill battle with the time I have left- but I'm working hard at getting ready.

Labbed IPV6 redistribution/tunneling earlier. Now labbing some multicast scenarios (implementing odd scenarios w/ AutoRP/BSR, as well as MSDP..testing, troubleshooting, etc). This is an area I need a lot of work on from a troubleshooting standpoint, so I'm hoping it'll help my TS skills.

Mrock4 · July 2013

Got some really solid MSDP config/TS labbing in tonight. Configured a network from scratch, setup MSDP, and played with SA filters as well as misc MSDP commands I found in the configuration guide. Ran into a problem that was driving me nuts- MSDP RP #1 (connected to the active source) was operating fine, and MSDP RP #2 was receiving the SA messages, but wasn't receiving the PIM Join on it's RPF interface. Then I realized I forgot to configure PIM on the inter-AS connections (kind of a major part!). Good practice though.

Going to go through some CoPP and various management control labs in the INE Vol II labs (picking out individual tasks to work on). I understand how CoPP works and can configure it, but I tend to miss details in my config, so I need to work on getting it perfect.

Mrock4 · July 2013

Getting some multicast in today. Haven't updated this thing much, been either studying or spending time with the family. Gotta get some serious hours in the next 30 days!

Mrock4 · July 2013

Doing some security labs today. Primarily Zone-based firewall. I keep circling around to these topics (multicast, ZBF, IPv6) in hopes I'll be able to fly through them on the lab. We'll see! Feeling better with ZBF. I think overall ZBF is really easy, it's just a matter of remembering the various steps (off the top of my head):

-defining security zones (zone security ZONE_A, zone-security ZONE_B)
-defining zone-pairs (zone-pair security A->B source ZONE_A destination ZONE_B)
-configure matching criteria with class-maps (class-map type inspect TELNET, match access-group 100/match protocol, etc)
-configure actions via policy-maps (policy-map type inspect POLICY, class TELNET, inspect/drop/pass)
-assign interfaces to zones (zone-member security ZONE_NAME)

Then verify with "show zone security" and "show zone-pair"

Mrock4 · July 2013

Played with using ZBF to police traffic- too cool! I think it's awesome to add another tool to the arsenal. If I was told now to police traffic but use the interface level "service-policy" command I could use the ZBF!

Mrock4 · July 2013

On an unrelated note, finally decided what TCLSH script I'm going with for the lab. I have a hard time memorizing some of the methods, so I like this one..it's simple, and works:

tclsh
foreach address {
x.x.x.x
x.x.x.x
} { ping $address }

That's it!

jamesp1983 · July 2013

Mrock4 wrote: »

On an unrelated note, finally decided what TCLSH script I'm going with for the lab. I have a hard time memorizing some of the methods, so I like this one..it's simple, and works:

tclsh
foreach address {
x.x.x.x
x.x.x.x
} { ping $address }

That's it!

That is the script I used as well. You can do a sh ip alias on your devices and then copy them into notepad to make a complete script.

Mrock4 · July 2013

Out of habit (for work) I'm hooked on using "show ip int br | excl una" to capture all active IP addresses on a box. I actually use it all the time to check interface statuses..just to filter out the non-L3 interfaces and quickly check to make sure relevant L3 interfaces are up/up.

vinbuck · July 2013

Glad i'm not the only one who does this! I use that command string more than I use sh run

I typically type it as

"show ip int br | e un"

Mrock4 · July 2013

Funny thing is I rarely see anyone use that command (filtered IP interface brief command), oh well..their loss

Labbing tonight. Doing some really slick stuff- to be specific, I implemented reflexive ACLs in conjunction with dynamic (lock and key) functionality...so this is how I set it up:

R1

R2

R3

R1 can reach out to R3 on any protocol (and it can return, due to the reflexive ACL). BUT, R3 cannot initiate any telnet connections..UNLESS R3 telnets to R2, in that case, a dynamic ACL entry is added to the inbound ACL, and then R3 CAN initiate telnet connections.

Pretty cool- I have used both reflexive ACLs and dynamic ACLs in labs before, but never together. It helps my understanding of them by seeing them used in conjunction somehow. Always a good thing!

Back to labbing!

Mrock4 · July 2013

Well, as soon as I posted the last post, I tried to repeat the same results, but using ZBF and dynamic ACLs. No go! I ran into an issue because the inbound ACL is processed before the inspect/CBAC engine- so even though I've set all traffic from R1 to be inspected, the inbound ACL gets processed (which has a "Deny all except lock and key entry" in it- so that's not going to work. Oh well!

Trying to focus on the security topics at the moment because I think these will be hit without doubt in the TS section.

It's my time: Mrock's CCIE thread

Comments