2009 January 27 « Stephen Bowes CCIE SP Lab Blog

Labbed up the IEWB-SP Vol2 Lab3 & Analysis

Guys, I attempted the IEWB-SP Lab 3 at the weekend using the InternetworkExpert Labs rack rentals. As the Rack Rental Slot is 5 1/2 hours I am judicious with what I test myself on.

Layer 2:- Switching/Frame-Relay & ATM – I skipped these sections from a time perspective – I walked the labs and the solutions the days before the rental slot and I was happy to pre-load the configurations from the solutions guide, nothing there that has not been met before. Time Taken = 15 Minutes.

IGP:-

OSPF – Ok, setup OSPF area 0 on selected routers, advertise loopbacks, none of the devices to be DR, Time = 7 minutes,

OSPF Security – Setup md5 authentication, do not use area 0 authentication command, Time = 5 minutes.

IS-IS: My 1st mistake [again!] – when configuring the NET addresses on the relevant routers in the format 49.000x.0000.0000.000y.00 where x=rack number and y=router number, don’t forget your frame relay map clns statements, after completing the configurations I got the following messages on ALL routers.

%CLNS-4-DUPSYSTEM: ISIS: possible duplicate system ID 0000.0000.0001 detected

The 0001 at the end changed to 0002 on R2 and so on. Following a walkthrough the router configurations I saw on R3….

router isis
net 40.0001.0000.0000.0003.00
is-type level-2-only

What initially confused me was that the message was on all routers not just on R3. So a typo was the problem – too many 0’s for my liking! Time taken = 25 minutes.

IS-IS Security – Setup key chain with specified value, authenticate with MD5 – Time Taken = 7 minutes

=> Time Checkpoint = 1 Hour Complete!

IGP Complete – Golden Moment – Check full connectivity!

Issues – No routes were traversing the ATM Network!

I checked the configurations – because I had pre-loaded them I assumed that all would be good – The configurations matched the solution guide! I then opened a ticket with IE and began debugging – Within seconds I copped on [Isn’t sh ip int bri a great command!] – I had loaded the provided initial configurations, then I loaded the configurations from the solutions guide – however the initial configurations had the ATM interfaces specified as shutdown. I then had to walk the entire configurations and sure enough a ton of interfaces set to shutdown and a ton of extra non-required configurations as well that I deleted. I raised a 2^nd ticket to IE stating all ok and to give credit to IE both the support engineer and Brian McGahan emailed me with confirmation that the ATM Switch was good – Thanks for that Guys!

EGP:-

Okay, so some time lost but okay, press on and grab the points.

BGP Peerings – Keeping track here is key – I find notepad indispensable both from a visual confirmation of the config and also from a verbose cut and paste perspective – after all, typing neighbor x.x.x.x update-source loopback 0 several times gets tedious!

No issues, setup peerings, use loopbacks as source ID’s, setup route reflector, configure address-families, etc.

Time Taken = 31 minutes.

BGP Security – My 1^st reference to the CCO – question regarding limiting the number of BGP Prefix’s a router should receive and corresponding actions to be taken – Time taken = 8 Minutes.

EGP Complete and all looked great!!!

Hang on I am ahead of schedule – What’s wrong? – I got hung up for a while and still ahead time wise.

MPLS: – Flew through this – enable MPLS on a number of routers and corresponding interfaces, that’s it! – Time Taken = 10 Minutes.

=> Time Checkpoint = 2 Hours Completed!

VPN:-

MPLS VPN: Create VRF’s as per the question; use specific RD’s and route-targets as specified. Again tracking is key and seeing the route as it traverses the inter-network is important – no issues this time enabling ip vrf forwarding unlike my last lab – Time Taken = 20 Minutes.

PE-CE Routing: EIGRP comes into play – advertise loopbacks, provide security, this took me a while and one of the reasons is my redistribution skills are not quite what they should be – I am aware of this and actively working on it but it’s slowing me down and I made a mistake mixing up the BGP AS assignments, right AS numbers on the wrong routers!!!! – Time Taken = 38 Minutes.

=> Time Checkpoint = 3 Hours Completed!

MPLS VPN’s – Similar to previous question setup peering between two sets of routers using required VRF/RD and route-target information – I believe a MPLS VPN diagram is essential going forward as trying to distinguish your VRF path whilst looking at the mix of IGP/EGP colours on the provided diagrams whilst great is too difficult.

Back-Back VRF: This was difficult and time consuming – RIP and BGP redistribution required, get it right on one router and copy and paste to the 2^nd router is the key.

=> Time Checkpoint = 4 Hours Completed!

Central Services VPN: Skipped due to time constraints – inputted the solutions guide configuration.

Multicast:

PIM: Setup PIM adjacencies as described, do not use ATM network ergo use tunnel interfaces. Watch for RPF failures, solution = use ip mroute…, Time = 15 minutes.

RP Assignment: Identify and configure the mapping agent and candidate RP based on the descriptions provided. Again watch for RFP failures. The key here being the identification. Time = 20 Minutes

PIM: Basic PIM setup on 2 devices – Time = 5 Minutes.

Intra-AS Multicast VPN Support – Okay this absorbed both me and my time – create MDT [Multicast Distribution Tree], enable multicast routing for the VRF, I will be quicker the next time – Time = 30 Minutes

=> Time Checkpoint = 5 Hours Completed!

Inter-AS Multicast: Solutions Guide has a typo – should be 227.7.7.7 not 224.7.7.7 apart from that use IGMP with filtering via an ACL. Time = 7 minutes.

Multicast Testing – Again use IGMP and test via ping across the inter-network – did I get an ICMP echo reply – Like Hell began to troubleshoot when – Session Finished!!

A little digging around on IEOC indicated I was in good company with this little problem.

Summary: Okay – I am too slow – that is official – however it is mostly on the MPLS VPN area that this is the case and there is a lot of repetitive configuration. I need to get a good handle on that and speed up. This lab caught me cold insofar as I flew through IGP/EGP & MPLS but the later sections were pretty big – Well done to the Brian’s for that!

Redistribution needs to be worked on and finally not for the 1^st time I skipped QoS. With that in mind I spent 3 hours last night working solely on QoS, this blog entry aside I will be working Tuesday/Wednesday on it.

This Saturday I will be attempting IEWB-SP Lab 4!

January 27, 2009 Posted by cciesplab | SP Labs | | No Comments Yet

CCIE SP Calendar

January 2009

M T W T F S S

« Dec Feb »

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31
CCIE SP Blog Stats
- 42,935 Hits
Latest CCIE SP Comments
- Srinivas pv on INE SP & RS CoD Reviews – Day 1
- Zey on PPPoE Examples by the experts.
- cciesplab on MPLS VPN Tasklist – 14 days to go.
- Zey on MPLS VPN Tasklist – 14 days to go.
- cciesplab on MPLS VPN Tasklist – 14 days to go.
- mpls-te on MPLS VPN Tasklist – 14 days to go.
- kalsaria on SP L2/L3 VPN – Part I
- kalsaria on SP Verification Notes
- cciesplab on Another SP Mock Lab Completed & Lessons Learned
- noob on Another SP Mock Lab Completed & Lessons Learned
- that_dude on New CCIE SP Lab Checklist v3 Edition – Nov 2009
- cciesplab on Another SP Mock Lab Completed & Lessons Learned
- Vignesh on Another SP Mock Lab Completed & Lessons Learned
- cciesplab on Another SP Mock Lab Completed & Lessons Learned
- Zey on Another SP Mock Lab Completed & Lessons Learned
Meta

Stephen Bowes CCIE SP Lab Blog

CCIE Service Provider Study Plan

Labbed up the IEWB-SP Vol2 Lab3 & Analysis

CCIE SP Calendar

CCIE SP Blog Stats

Latest CCIE SP Comments

Meta

CCIE SP Blog Archives

CCIE SP Categories

CCIE SP Latest Posts

Site info

M	T	W	T	F	S	S
« Dec				Feb »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31