SP Lab Prep Annoyances & Passes.
When I feel a bit washed out with lab preparation I try to fill in the gap with scouring the web for additional resources, PDF’s, white papers, MP3’s, AVI’s, blog’s, etc. Anything that can expand my knowledge – I have blogged a lot of these links in previous entries - including NANOG, Blindhog, Packetlife, 7200emu.hacki.at, All the vendor’s support forums, etc.
In coming up with my assault plan with 85 days to go I began to feel annoyed at the lack or non-existance of CCIE SP Mock Labs – reading R&S Lab Candidates feedback post passing, it is obvious that a critical factor in succeeding is the use of mock labs to identify your weak areas. There are none available anywhere! I could take some RS Mock’s and simply not do IPv6, etc but that may break other sections and not give accurate feedback.
Nevertheless I am treating this like it was 2001 and there were no mock labs – candidates still managed to pass without them so that ’s the way it will have to be with SP.
Finally whilst scouring the web I came across the following SP Lab Pass Feedbacks, some are more useful than others.
http://ieoc.com/forums/t/2810.aspx
http://7200emu.hacki.at/viewtopic.php?t=5202
http://7200emu.hacki.at/viewtopic.php?t=5312
http://7200emu.hacki.at/viewtopic.php?t=5059
http://7200emu.hacki.at/viewtopic.php?t=4096
http://brokenpipes.blogspot.com/2007/08/triple-ccie.html
http://www.routerie.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=85;t=000123
http://www.routerie.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=85;t=000092
90 Days to go.
Well the bullet has been bitten – 7 years after passing my 1st CCIE Written Exam I have paid for my 1st attempt and am now into the 90 day window. My certification status states…
| Written Exam Attempts | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||
| Prior Lab Exam Attempts | ||||||||||||||||
* Score reports are available for graded lab attempts after 1-OCT-2001 only. |
||||||||||||||||
| Exam(s) Scheduled | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Time to book flights & a hotel, wish me luck.
Steve.
Updated: Flights booked – Staying at the NH Brussels on the 18th if anyone want’s to hook up for a non-alcoholic beverage ahead of time.
IEWB-SP Vol2 Lab1 Analysis Sections 1-4
Okay, my understanding is that Internetworkexpert are reviewing their SP offering as there are a number of issues with their SP Workbook but anyhow let’s get through their Vol2 Workbook Labs.
I am using their Dynamips Workbook Version and the first thing to note is that the initial configurations require adjusting. Firstly the intial configurations come as one notepad file so you have to cut and paste the relevant router sections to your routers, secondly there are no Backbone Router Configurations supplied so I have to use the original Backbone Configs from the Vol2 Wokbook and finally there is tweakling to be done from an interface level on a couple of routers [Ethernet v Fast Ethernet, Serial Numbering]. Just as a side note, IE recommend using the 3640 IOS for their labs which is fair enough but there is a lot of feedback from the dynamips community that the 3725 IOS is easier to configure idle-pc value wise so it’s up to you – of course those with actual routers disregard the above!
10 Sections – L2, IGP, EGP, MPLS, VPN, Multicast, QoS, Security, System Mgt, IP Services.
Section 1 Layer 2 Technologies – No issues here, the dynamips workbook is modified slightly to disable spanning tree and also redundant trunks. A point to note is to ensure full Layer 2 reachability here before moving to the next section so pings and “sh int stat” required. A security question brings in protected ports via the “switchport protected” command, the key to the question is the wording “cannot communicate directly with” leading you to the above command. As per CCO -> Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch. You can configure protected ports on a physical interface (for example, GigabitEthernet 0/1) or an EtherChannel group (for example, port-channel 5). When you enable protected port for a port channel, it is enabled for all ports in the port channel group.
-
Protected ports have these features: A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.
-
Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
The default is to have no protected ports defined. Verification involves the “sh int Fa1/24 switchport” command looking for the Port Protected: On Entry.
Note: I believe there is a typo in the provided solutions and Fa0/23 should be Fa1/23!
Frame-Relay: Basically setting up the various PVC’s as per the diagrams, nothing to report here, a couple of ways of doing it, specifically says “use point-to-point sub-interfaces” and “do not use inverse-arp or the frame-relay map command” so you are guided to “frame-relay interface dlci” and “interface serial 2/0.12 point-to-point”, etc. Key here is accuracy and speed!
Cell-Mode MPLS: Ok, Cell Mode MPLS indicates of course ATM – the question is longer than the solution and I do think this catches people out – lab candidates might get a 3 pointer and it requires 5 lines of configuration that takes two minutes to configure and they think that can’t be right, they must want more than that? No, configure what is requested, in this case go to the router, go to the ATM interface, assign the IP Address, enable “mpls ip” and configure the VPI/VC as the control VC thus creating an MPLS sub-interface. Verification includes pings and “sh atm vc”. Nice blog entry on cell-mode MPLS from IE here -> http://blog.internetworkexpert.com/category/ccie-service-provider/mpls/
Layer 2 Complete – 15% Done.
Golden Moment: Full IP Reachability.
IGP – OSPF:Configure OSPF on a number of routers, Area 0, R3 to be the DR, do not use neighbor command. Ok, this is standard, OSPF using 2 network types – Broadcast/non-broadcast, broadcast is the way to go here. How to ensure a particular router is the DR? Configure the “ip ospf priority” on the other routers setting their vaules to 0. Use the loopback address as the OSP router-id’s, why? To enable tracking in the OSPF domain and to avoid IP duplication. Use the “ip ospf network broadcast” command, why? Because the use of the neighbor statement is explicitly not allowed and we need to define the network type as broadcast. One point to note we will not see the OSPF adjancency for R1/R9 at this time as MPLS has not been configured yet on the ATM network. Verification “sh ip ospf nei” and “sh ip route ospf”. A security question added regarding securing OSPF on a particular VLAN with an MD5 hash. Use of the “ip ospf authentication message-digest” and “ip ospf message-digest-key 1 md5″ commands required on the two routers in question. Watch for typos especially spaces when typing in the key values which must match on each neighbor. Verification is “sh ip ospf int e0/1″, watch for the message digest authentication enabled entry in output.
IGP Complete – 8%.
Golden Moment: Ensure full reachability, watch for loopbacks being advertised into OSPF.
EGP: Configure BGP on various routers as per diagram, configure the appropriate peering relationships, use loopbacks for the peering sessions, enable community tagging, use of BGP bestpath selection.
As per IE recommendations ensure full IP reachability for the underlying transit path before beginning to configure BGP – there is one exception, the ATM link which requires MPLS.
An importnant consideration is the location of the route reflector and looking at the BGP diagram it becomes obvious that in this case R1 will take up this role. The configuration is standard, enable BGP routing process, define the AS number as designated, specify your neighbors with the remote-as statement, to ensure the clients reflect the unicast address prefixes to and from other clients configure the “route-reflector-client” statement on the route reflector, in this case R1. Specifying that the loopback0 interface be used for the peering sessions requires using the “update-source loopback0″ command. This basically designates that iBGP use any operational interface for TCP connections which is the basis of BGP adjacency formation. The use of the “next-hop-self” on R4 is there to overcome any reachability issues. Verification is the “sh ip bgp summ” command and seeing the neighbors listed.
The next section involves the “ip bgp-community new-format” command to ensure BGP updates are tagged with a community value in the format 100:ASN where ASN is the BGP AS number of the EBGP neighbor. This sounds new but was introduced back in IOS 12.0 to conform with RFC 1997. Once set then a route-map is created where you set your value then apply the route-map inbound on the appropriate neighbor statement. Verification is “sh ip bgp” and look for the community value.
For BGP bestpath selection, tracing the path is important and getting the direction correct in your mind is critical. Identify your exit point router, remember that outbound traffic flow can be influenced by changing inbound BGP attributes, in this case local preference. So for this lab R6 is the exit router so we manually specify the local preference value within a route-map statement to a value greater than 100 [which is the default] hence it will be preferred, verification is again “sh ip bgp” and look at the locprf values against the routes.
EGP Complete: 12%
Part 2 to follow with MPLS, VPN, Multicast, QoS, Security, IP Services, Systems Management.
.
2nd Quick Update
Folks,
I have had a week off work labbing up various scenarios – However I had had terrible Internet Connection issues with my ISP all week and thus unable to post. I am blogging to notepad and will post ASAP – PS: I had rack rental time with Internetworkexpert SP Labs and no joy in using them due to the Web Outages – Real Crap & a waste of money!
