Stephen Bowes CCIE SP Lab Blog

CCIE Service Provider Study Plan

My Long Overdue CCIE SP Lab Checklist

Guys, Well take my advice and don’t book your lab for Jan/Feb as Christmas really messes up your study routine. In addition, do not play with your car’s ECU unless you have a handle on what you are doing – it took me days to resolve an issue with my BMW after I reset the airbag light and the Service Interval Display – Won’t go into details!!!!

I have finally completed my CCIE SP Lab Checklist – This is my personal plan of attack for the day itself – Please feel free to read, print out if it helps you and comment back to me with any errors/omissions, etc. This is my 1st Draft so be nice! I have also provided a download link at the bottom of the checklist to download a PDF Version of it.

 

Title:                CCIE SP Lab Checklist

Author:             Stephen Bowes

Version:           1.0

Date:                January 2009

                                                                                                                                               

Abstract:

This is a compilation of notes, gotcha’s, pointers, etc from my research in preparation for my upcoming CCIE SP Lab exam which I have acquired over many years. Please feel free to notify me of more improved ways to those listed below and or errata through my CCIE blog at cciesplab.wordpress.com or by email at cciesp@rocketmail.com.

 

Points Scoring and Timings:

I am conscious of the number of candidates who have failed due to running out of time. There are a number of reasons for this, here they are and proposed solutions.

 

Reasons for Failure:

Solutions:

Misinterpreting the questions

Read the question more slowly, read it again, do not over-engineer the solution, answer what is asked, confirm any doubts with proctor, if proctor answer unacceptable, ask the same question a different way again.

Typing in the right configuration on the wrong interface or router

Tread carefully, cross-check and reference, validate before moving on.

Tasks taking too long to configure in the time window available

Practise speed drills, type faster, use aliases, notepad for verbose configurations, and use the Doc CD less if possible. Configure technologies router by router rather than interface by interface [explained later]

 

To this end my timing plan is as follows -> Total Time = 8 hours = 480 Minutes. Lab Points Total = 100 Points, allowing 30 minutes for opening moves [see below] and 50 minutes for checking, validation and verification at the end, gives me 400 minutes for configuration => 4 Minutes/Point.

 

Pre-Lab Actions:

1 Month:

Adjust your body to performing 8 hour labs – Stamina will be key – you will be no use to anyone if you get tired after 5 hours of labbing. With 1 month to go ensure you are not doing 4 hour mini-labs rather the longer ones.

 

1 Week:

Adjust your body clock to the lab time. In my case I work 11am-7pm GMT whereas the Lab Exam in Brussels starts at 0745. This is 0645 GMT so with a week to go I will be up, showered, and had breakfast and sitting at my desk at 0730 to start an 8 hour lab with lunch at 12 for 30 minutes. I need to be fully alert at 0745 on Lab Day.

 

Lab Exam Day:

  • Get as much sleep as is feasible the night before, up, showered, breakfast complete and be at Cisco by 0730. I booked into the nearest hotel I could find 250m away so no reliance on transport, etc.
  • Bring a number of layers of clothes in case the room is cool, bring ear plugs so that the 11 guys/girls typing next to you and also so that the CCIE Voice candidates testing faxes will not interfere with your concentration levels.

 Lab Action Plan: [Note: All times below are estimates and dependent on points values as per timing plan noted above]

 

Opening Moves: [30 Minutes: 0800->0830]

  • After the proctor instructions, take a minute, calm yourself, open the booklet, read the exam end to end, visualise the Bridging/Switching, IGP, EGP, MPLS, etc.
  • Draw a personalised diagram of the topology – Note: This is a talking point, some do, some don’t, and I think it’s advantageous especially from an IP/Interface perspective.
  • Ignore the rush of the other candidates typing or the urge to get started.
  • Create a point checklist on the rough paper provided. Here is my example.

 

Example Point Checklist:

 

Task:

Section:

Points:

Time: [Mins]

Completed:

Total Points:

Comments:

Switching

1.1

3

15

Yes

3

Watch security requirement section 7.2

Switching

1.2

2

10

Yes

5

All ok

Switching

1.3

2

10

No, moved on

5

Look up DocCD to confirm solution.

 

Troubleshooting: [15 Minutes: 0830->0845]

A number of faults may have been entered into the pre-configured devices. Check your SecureCRT software – can you see each of the devices? Reload each device, look for any hardware errors on boot-up, now is the time to spot this, not 11am.

As any issues could have been introduced check everything, IP Addresses matching Interfaces, subnet masks, FR DLCI’s, FR Inverse-Arp, pre-defined VLAN’s, VTP Modes on 3550’s, watch any pre-defined configurations configured on correct interfaces, ATM configurations, NSAP, IP, etc, etc.

 

I am not an Alias guy but now would be the time to do this, type these into notepad and cut & paste onto the routers ‘show run | b Se’ – Remember for large or repetitive configurations such as BGP, use notepad and then copy and paste.

 

Frame-Relay: [15 Minutes: 0845->0900]

  • Use your diagram to draw out the FR Topology
  • Configure Router by router not interface by interface
  • Use [1] shut [2]enc frame-relay [3] no frame inverse-arp [4] no shut.
  • Decide to use either frame-relay map or use sub-interfaces
  • Ping from spoke to spoke if possible to validate.
  • If PPP over FR, then always create VT first, user/password
  • Save, reload, and then verify all working.
  • FRTS – Know your CIR=Bc x 1000\Tc; Be=(AR-CIR) x Tc/1000.

 => Golden Moment: Frame-Relay is the spinal cord of the inter-network, it must be 100% <=

 

Switching: [30 minutes: 0900->0930]

  • Create VLAN’s as per instruction
  • VTP Modes
  • Trunking
  • Access Ports
  • Security/Other Requirements
  • Ping vlan by vlan. Select only one device and ping all other on a specific vlan.
  • No need to ping from multiple interfaces on the same vlan.
  • Don’t wait for Arp resolution!
  • If naming something, type it exactly as specified – Ref: Narbik
  • Specify both Duplex and Speed as Auto-Sense can be troublesome – Ref: IEMentor & Gorito

 Cell-Mode MPLS: [20 Minutes: 0930->0950]

  • Configure any ATM interfaces required – PVC/SVC, NSAP Addressing,
  • Watch for tag-switching or label-switching.
  • Security authentication may be required
  • Use ping to verify

 PPP/Ethernet: [10 Minutes: 0950->1000]

  • Configure PPPoE as required, PPPoE enable, pppoe-client, interface dialer, etc.
  • Know security configurations, ping and validate.

 => Golden Moment – Bridging & Switching Complete – Total Estimated Time 2 Hours! <=

 

IGP:

 

OSPF: [30 Minutes: 1000->1030]]

  • While reading the task, use your master diagram to configure OSPF router by router not area by area. Look for the following OSPF characteristics.
  • Authentication, stub or nssa, virtual link
  • Refer again to your master diagram, colour in the OSPF areas.
  • Make a note on redistribution, summary, area-range, DR/BDR, OPSF network type.
  • Get Area 0 working 100% first.
  • Ensure Area 0 Contiguous, test, create GRE/Virtual-links, and test again.
  • Configure other areas.
  • Leave OSPF Security until last.
  • From a time perspective, router by router saves you revisiting router and typing in additional commands after the fact.
  • First Interface and then router ospf

Preferred sequence for configuring interface

1) OPSF network type based,

2) priority,

3) Authentication,

 

Preferred sequence for configuring OSPF process

1) router-id

2) area authentication,

3) area virtual link,

4) neighbor,

5) Network (copy paste from interface address)

  

  • Validate everything is working (show ip os ne, show ip os vir, show ip os interface, show ip route)
  • Do redistribute summary, area range, filtering [Be Careful!]
  • Avoid any engagement with giant beasts. But make a note.
  • Validate and verify prior to moving on.
  • Save Configurations,
  • Reload routers and final verification.         Note: Some candidates do not reload, some do – I will.

 IS-IS: [30 minutes: 1030-> 1100]

  • This has been noted by previous candidates and having quite a bit to do on the SP Exam! Refer again to your master diagram, colour in the ISIS areas.
  • Configure ISIS on relevant routers
  • Note what ISIS Levels are required – 1 or 2,
  • Assign appropriate NET addresses
  • Remember unlike other IGP’s, ISIS configured at Interface level and is essentially a L2 protocol.
  • Verify adjacencies
  • Due to ISIS only knowing two forms of media – LAN or point-to-point -> use the frame-relay map clns command to create maps for protocol to run.
  • Configure any ISIS filtering/redistribution
  • Configure Authentication if required.
  • Configure any additional ISIS nuances/parameters such as metrics/timers, etc we encounter.

 => Golden Moment – IGP Complete – IGP Time 1 hour – Total Time 3 Hours <=

 

 

EGP:

 

BGP: [60 Minutes: 1100-1200]

  • While reading task, draw BGP topology on master diagram, this is important.
  • Determine Route Reflector or confederation or both to do full-mesh iBGP.
  • See if neighbor peer-group is required,
  • Configure router by router not BGP session-by-session
  • Configure one AS then another – be AS focussed.
  • Always put no sync and no auto-summary if allowed.
  • Ensure reachability, one AS at a time.
  • Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filer), route-aggregate(w/ as-set, summary-only, supress-map, attribute-map, advertise-map), route-manipulation( w/as-prepending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc ) route-dampening, etc.
  • Resolve any next-hop-self issues which are easier to troubleshoot working one AS at a time.
  • Validate config. Use “clear ip bgp * soft “not”, clear ip bgp *.
  • Leave BGP Authentication until last.
  • Save, reload and test.

 => Golden Moment – EGP Complete – Ensure full Reachability Maintained, Save Configs <=

 

Reachability Test: [Before lunch if possible followed be reloading routers]

Test full reachability with TCL Script. Check you get an ICMP response from every router to every router. If ping has no response, write down IP address and troubleshoot.

The master diagram will help here. Method involves – show ip alias, Copy to Notepad, Search and Replace to “Massage the Data and toss in the PING Command), Wrap what’s left in a TCL or Macro, Copy and Paste into a Router.

 

  Run tclsh script

  “foreach addr {

  1.1.1.1 <http://1.1.1.1

 

  } { ping $ addr}”

 

Just copy past after tclsh – To quit, just type ” tclq”.

Also to quote Scott Morris -> I’d leave “debug ip routing” turned on through the rest of the day.  It can be a quick indicator to things getting messed up (like when you add ACLs!)

 

MPLS: [30-45 Minutes: 1245->1330]

  • Tag Switching v Label Switching, when to use which ones – Watch for IOS Bugs here!
  • Watch any integration with EGP
  • MPLS might be the final piece of the jigsaw for full lab reachability.
  • Cell Mode v Frame Mode
  • MPLS traffic Engineering – level,

 SP Multicast: [30-45 Minutes: 1330->1415]

  • Setup PIM Mode as required – Sparse/Sparse-Dense – Use address-family ipv4 multicast were required
  • Identify PIM RP or Bootstrap requirements
  • Don’t forget ip multicast-routing
  • Be aware of route filtering
  • Join any IGMP Groups if required
  • Check Unicast and multicast traffic work across different AS.

 SP QoS: [30 Minutes: 1415->1445]

  • Be careful not to block or drop any IGP updates
  • Draw a flow on paper
  • Interpretation of what is required & which QoS Method to use is Key!!
  • Determine classification method (ACL, NBAR) and direction.
  • Determine Shaping v Policing
  • Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS) – Always Outbound.
  • Consider all options for policing ( police, rate-limit, ip multicast rate-limit, aggregate police( 3550))
  • If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
  • Consider all dropping mode (random detect, ecn, tail drop, marking, etc)

L3/L2 VPN: [45 Minutes: 1445->1530]

  • Configure Multicast MPLS VPN if required, VRF Mapping, default MDT, data MDT, MDT Group Addresses
  • Important to map out on your master diagram, the flow/direction of the VPN Traffic so that the correct configuration can be applied to the correct interface on the correct router in the correct direction!
  • MP-BGP filtering, specifying route-targets, etc
  • PE-CE Routing, RIP – Watch Split-Horizon is off on physical FR and ATM, authentication, version, auto-summary, etc; Other IGP/EGP considerations, configure router-by-router, CSC, etc.
  • Be aware of various backup routes for the VPN traffic in the event of line/router failure,
  • Be aware of VPN and Frame Relay specific limitations
  • GRE/mGRE tunnels, when to use, how to configure.
  • Be able to provide Internet Access from one portion of the inter-network to another.
  • Be able to exchange EGP traffic across AS’s.
  • QinQ/PPoE – benefits = reduce no of VLANs, scalability, encap dot1q, pppoe enabled, etc.

SP Security: [20 Minutes: 1530->1550]

  • Be careful not to block or drop any IGP updates
  • Draw a flow on paper if required
  • Consider all options for classification – std/ext/reflexive/dynamic ACL, IP Prefix List, IP inspect, tcp intercept, Unicast RFP, ip accounting output packet /access-violation/precedence.
  • Be aware of various ways to configure MD5 for IGP
  • When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running
  • Know response planning to common security attacks such as DOS, Smurf, etc.

SP Management: [15 Minutes: 1550->1605]

  • Know SNMP, setting up community strings, traps, RMON, pointing at various devices, etc
  • Netflow, destination address, port no, version, etc
  • NTP, master, server, source, etc.
  • Know about various IP Services available in the IOS

Timing Note: According to this schedule this only allows me 25 minutes for checking, saving, reloading, troubleshooting, etc. However I have taken the outer marking for Multicast & MPLS which may or may not give me back up to 30 minutes additional time thus leaving 55 Minutes.

 

Other Gotcha’s/Tips:

  • Route Filtering – Know this cold, affects several areas, pass or fail the lab on this alone IMO!
  • Skipping Difficult Sections – This is a dangerous but potentially rewarding path up the mountain but slippery and easy to fall down on – Risky Approach.
  • Redistribution – Say no more, need to pass routes, this is it – potential failure point.
  • Strategy has to be flexible depending on the progress through the day.
  • Ensure the “gimme” questions are answered 100% – These are key to success.
  • Ongoing Validation, via show commands and TCL Script, saving and reloading at least twice I believe is essential.
  • Speed accessing resources on the DOCCD is essential – should be less than 90 seconds lookup per topic.

 

Authors Note: Please feel free to contact me if you can add value to this initial draft as I would like to think this can help other SP candidates with a lab structure going forward.

 

Download Link:

http://rapidshare.com/files/180524993/CCIE_SP_Lab_Checklist.pdf

January 7, 2009 Posted by cciesplab | SP Labs | | 4 Comments