Back Online.
Thanks guys for the positive comments – very much appreciated – Blog will remain intact through the 2nd attempt and expect to see some technology focussed entries soon.
Regards, Steve.
SP Result is in, positive attempt but didn’t make it 1st time
Guys, the mail from Cisco arrived this morning which confirmed my own thoughts that I hadn’t made the grade this time around.
Thank you for taking the CCIE Service Provider Lab exam. We regret to inform you that your test performance did not meet certification standards. Although you did not pass on this attempt, take pride in being among the few Internetworking engineers who have qualified to take Cisco Systems’ CCIE Certification Lab examination. This in itself is an accomplishment and we hope that you will continue to pursue your certification goal.
Lab Experience:
Okay, I am writing this entry with the NDA in mind so all the technical terms here are from the blueprint with no specifics.
I feel good about the attempt. The SP exam is very doable and also very failable. I was happy that I had practised about 90% of the exam upon first reading. There were about three questions that I read and thought “don’t know that one” and about two others that I knew I would need the documentation for.
The SP Lab is pre-configured with some L2, L3, MPLS, MPLS VPN and Multicast configurations. Your are required to troubleshoot these pre-configurations and then proceed with the tasks. Frankly, it does not make it easier as you are constantly walking the configurations looking for errors – a blank canvas is easier as you know where you stand.
I did fine in Bridging\Switching, one 3 point section I could not get to work even though I had labbed something similar the previous week and got it working in the lab! I spent over 20 minutes attempting it and got SO close but ultimately I skipped it, IGP was fine, all talking, neighbors up, etc, EGP was okay, 3 out of 4 sections completed, made a note of the 4th part and moved on, Redistribution fine, all routes where they were supposed to be, got MPLS up and also some security done before lunch.
Brussels is a nice lab building, basic workstations, warm room, little noise, good lunch, excellent environment for passing the exam. Also right beside the airport.
Afternoon – snags! For MPLS VPN, 1st section complete then told to configure on the piece I could not get working earlier – spent another 30 minutes in that rat hole trying to get it working – no joy and it’s not documented in any one place in the documentation! Frustration, a lot of iterpretation required in this section, QoS was fine, Multicast good, all talking and seeing what they were supposed to see, Security okay and I have to say this, I do not like Systems Management – That is why we buy Solarwinds!!!!! – All told I ran out of time and can have no complaints.
At the airport on the way home I looked up the solution to the issue from earlier in the day and I missed 1 LINE from one of the routers!!! – Cost = 10%.
All in all I felt fine with the lab, no stress, no pressure, just me and a set of tasks to complete in a time frame. Now, I did say the exam is failable. Cisco have cleverly made a lot of the 3 point questions multi-tasked.
e.g. ISIS – 3 Points
- Set this up <—- This will be easy
- Then set this parameter <—This will also be fine
- Don’t let xxx happen <— A bit tricky but good lab practise covers it
- Ensure this yyy is the response <—- Difficult to get points, have to be exact!
And this occurs 33 times roughly – so even with top preparation, you need to bring your A game as your margin for error is no more than 6 wrong. Having said that it is a fair exam and I simply was not good enough on the day. I was in good company though, the two guys I buddied up with on the day were both there on the 2nd attempts, one for R&S and one for Voice, both felt afterwards they had also failed and in the Voice guys case he wants to get it done before the new version comes in in June/July!
So, what next – initally a time-out – family time to be had with my loved ones, get some home tasks completed that have been allowed to slide – fitness to be sorted out and guess what? The 2nd attempt has been scheduled for September! 
Going offline!
Guys,
Many thanks for the words of encouragement both via the comments section and via email. I feel a lot better for it and the two days of good old fashion studying have left me in a better place. My flight to Brussels is in the morning and I’m not bring my laptop so my next post will be my results one with a follow up ‘lessons learned’.
See you on the other side!!
Highs & Lows
Rollercoaster over the last few days – I think I may have burnt out slightly with the volume of hours I’m putting on the labs. The last three days I have completed three full scale labs and got my a$$ kicked three times!!!!
Last night after the 3rd kicking I felt down – It was like preparing to climb Everest and after months of training and then paying out literally thousands of euro in the worst economy in recent times, getting to the base camp, then looking up and thinking “what the hell was I thinking!!
These next 2/3 days I am not labbing, rather going over my notes, reviewing various ways to configure stuff, skimming the configuration guides, etc. I feel better today for it.
Lab Prep Update
Just finished my 5th day of rack rental sessions in 6 days this evening. I have ebbed and flowed through them. Some of the Labs I have been okay and some, like tonight I got kicked in. I have finally conquered MPLS VPN but am struggling on QoS Traffic Policing, MPLS TE and Multicast Tunnels. For QoS its speed – I know the sequence -> ACL, class-map, policy-map, apply service policy to interface, but I seem to take an age to complete it. The same holds true for MPLS TE. On the Multicast tunneling I just cannot get it to work 100% – even putting in the solutions in some labs does not help!! e.g. IEWB-SP Vol II Lab 1. It turns out there are known issues with multipoint NBMA.
Other issues that have caught me out have included RIP split horizon which took some time to resolve but debug ip rip is a cool tool.
IP: sending v2 update to 224.0.0.9 via Ethernet0/0 (129.1.67.6)
RIP: build update entries – suppressing null update
Rack1R6(config-if)#no ip split-horizon
RIP: received v2 update from 129.1.67.7 on Ethernet0/0
129.1.7.0/24 via 0.0.0.0 in 1 hops
RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (129.1.67.6)
RIP: build update entries
129.1.7.0/24 via 129.1.67.7, metric 2, tag 0
129.1.67.0/24 via 0.0.0.0, metric 1, tag 0
Rack1R6#sh ip route vrf VPN_A
Routing Table: VPN_A
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
129.1.0.0/24 is subnetted, 2 subnets
R 129.1.7.0 [120/1] via 129.1.67.7, 00:00:08, Ethernet0/0
C 129.1.67.0 is directly connected, Ethernet0/0
Rack1R6#
Tomorrow is my last rack rental then we’re in the home straight – two days of general studying with notes & lectures, maybe some dynamips between 4 routers just fine-tuning some ideas, confirming notes, etc. I fly to Brussels on Wednesday, Lab on Thursday.
Regards, Steve
Labbing, Labbing, Labbing!!!
I got 5 minutes whilst my rack reloads for a quick update.
Head down, Rack Rentals each day, Video Lectures at night, reverse engineering some labs to go for advanced troubleshooting [I will go into detail on this after my Lab Exam], amending my check list plan slightly for the day so expect v3 on that soon. Trying to build up speed and confidence. From the activity over at the IE support forums [ieoc.com] about 7 guys have tried the lab since the start of the year, 3 passes 4 fails. I and 1 other are both in Brussels next week so hopefully the averages will improve.
6 Days to go!
Labbed up the IEWB-SP Vol2 Lab6 & Analysis
Folks,
I labbed up IEWB-SP Lab 6 yesterday evening using IE’s rack rentals. Again no issues with the kit so highly recommended for those using their workbooks for SP Prep.
My observations\analysis:
- Bridging & Switching – No issues – VTP, VLANs defined, ports assigned to VLANs.
Frame-Relay – Easy setup, three routers total, nothing to report.
Cell-Mode MPLS – I am getting to a point whereby if I get this in the lab to setup I might skip ahead and proceed with the MPLS Section for the ATM related routers to enable connectivity – Just a thought.
- IGP
OSPF – Configure Area 0 on a number of transit links, advertise the Loopback networks. Standard fare, router ospf 1, network x.x.x.x 0.0.0.0 area 0, don’t forget router-id’s for all IGPs.
OSPF Security – Use MD5 has value of CISCO - Interesting twist – do not configure under the routing process. If the routing process is ruled out then it has to be the interface -> ip ospf authentication message-digest & ip ospf message-digest-key 1 md5 CISCO under the relevant interfaces.
ISIS – Configure ISIS on two routers, NET address provided, Level 2 and advertise loopbacks. So
router isis
net 49.00AS.0000.xxxx.xxxx.00 – where AS no and xxxx.xxxx is routers loopback
!
Interface ATMx.y
Ip router isis
Isis circuit-type level-2-only
Remember NET value is in Hex so get that Scientific Calculator going!
- BGP – 5 Sections – Peerings, NLRI Advertisements & VPNv4 BGP Peerings.
Configure BGP on listed routers, setup peerings as specified, authenticate with MD5 has of CISCO.
Peerings Example:
router bgp AS
neighbor x.x.x.x remote-as AS2
neighbor x.x.x.x password CISCO
NLRI = Network Layer Reachability Information Example
router bgp AS
network y.y.4.4 mask 255.255.255.255 Loopback of R4
network y.y.6.6 mask 255.255.255.255 Loopback of R6
VPNv4 BGP Peerings Example
router bgp AS
neighbor x.x.3.3 remote-as AS
neighbor x.x.3.3 update-source Loopback0
!
address-family ipv4
no neighbor x.x.3.3 activate
!
address-family vpnv4
neighbor x.x.3.3 activate
exit-address-family
- MPLS – I am growing really fond of MPLS – It is relatively quick to setup and is nice enough to tell you if it’s up or down.
Label Distribution – Configure MPLS as specified, do not use LDP on one of the routers.
So mpls label protocol ldp, followed by mpls ip under the interface, if you cannot use ldp then it’s tdp and finally remember it may present itself as tag-switching under the sh run so that’s okay!
Label Security – Authenticate with password CISCO where listed.
mpls ldp router-id Loopback0
mpls ldp neighbor x.x.2.2 password CISCO
- VPN – My favourite part – NOT!!!! – This took up 38% of the entire Lab.
MPLS VPN – Configure VRF to support detailed customers networks. RD and RT information provided.
ip vrf yyyy
rd xxx:yyyy
route-target export x.x.1.1:yyyy
!
interface FastEthernet123
ip vrf forwarding yyyy
ip address x.x.17.1 255.255.255.0
PE-CE Routing
Run OSPF as PE-CE routing protocol, configure OSPF as specified; advertise loopbacks, networks to appear as intra-area routes.
router ospf xxxx vrf yyyy
domain-id 0.0.0.1
network x.x.58.5 0.0.0.0 area yyyy
and
ip vrf zzz
route-target import x.x.1.1:yyyy
route-target import x.x.5.5:yyyy
!
router bgp xxx
address-family ipv4 vrf zzz
neighbor y.y.1.254 remote-as 254
neighbor y.y.1.254 password CISCO
neighbor y.y.1.254 activate
exit-address-family
Backup Routing – did not get to configure, I copied in the solutions to enable me to skip ahead.
Traffic Engineering – Configure a routing policy so traffic from one router goes to a specified router first, from there forwarded and if the link fails use another stated route.
R1
mpls traffic-eng tunnels
!
interface Tunnel0
ip unnumbered Loopback0
tunnel destination x.x.3.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name 2_3
!
interface FastEthernet1/0.12
mpls traffic-eng tunnels
ip rsvp bandwidth
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
ip explicit-path name 2_3 enable
next-address x.x.12.2
next-address x.x.23.3
next-address x.x.3.3
Note: Okay, got caught on this one – got the following error ->
TE label 0×1D (9)
tspvif_transport_sendnet: Sending on TE interface FastEthernet1/0.12 (9)
The resolution was
Rack1R3(config)#mpl ldp discovery targeted-hello accept
which resulted in …
Rack1R1# %OSPF-5-ADJCHG: Process 1001, Nbr 10.1.58.5 on OSPF_SL0 from LOADING to FULL, Loading Done
Internet Access – did not get to configure, I copied in the solutions to enable me to skip ahead.
Note: The IE Rack rentals are only 5 ½ hours long!
- Multicast: I like multicast – it makes sense!
Intra-AS – Configure PIM sparse-mode, configure a router as RP.
ip multicast-routing
!
interface Seriala/b
ip pim sparse-mode
!
ip pim rp-address x.x.2.2
Don’t Forget? – ip cef – enabled by default, but just make sure!
Inter-AS – Use MSDP to exchange multicast sender information between routers
interface FastEtherneta/b
ip pim sparse-mode
!
ip pim accept-rp x.x.2.2
ip msdp peer x.x.6.6 connect-source loopback 0
ip msdp default-peer x.x.6.6
Configure Multicast BGP Peering between two routers
router bgp xxx
!
address-family ipv4 multicast
neighbor x.x.26.2 activate
- QoS: FRTS – Given several figures, configure FRTS as specified.
map-class frame-relay shape
frame-relay cir <number>
frame-relay mincir <number>
frame-relay adaptive-shaping becn
frame-relay bc <number>
frame-relay be <number>
!
interface Serial0/0
frame-relay traffic-shaping
frame-relay class shape
Key here is to know your formulae:-
CIR = Bc X 1000/Tc
Bc = CIR X Tc/1000
Tc = Bc/CIR X 1000
MPLS Security - ensure two MPLS neighbors only accept ldp packets from each other. I skipped this section and when I looked at the solutions, phew what a configuration.
interface Ethernet0/0
mpls ldp discovery transport-address x.x.4.4
ip access-group LDP in
!
ip access-list extended LDP
permit udp host x.x.46.6 eq 646 host 224.0.0.2 eq 646
permit tcp host x.x.6.6 host x.x.4.4 eq 646
permit tcp host x.x.6.6 eq 646 host x.x.4.4
deny udp any eq 646 host 224.0.0.2 eq 646
deny tcp any any eq 646
deny tcp any eq 646 any
permit ip any any
- Systems Management
Logging – All denied TDP/LDP packets logged to syslog servers.
no ip access-list extended LDP
ip access-list extended LDP
permit udp host x.x.46.6 eq 646 host 224.0.0.2 eq 646
permit tcp host x.x.6.6 host x.x.4.4 eq 646
permit tcp host x.x.6.6 eq 646 host x.x.4.4
deny udp any eq 646 host 224.0.0.2 eq 646 log
deny tcp any any eq 646 log
deny tcp any eq 646 any log
permit ip any any
!
logging x.x.46.100
You should then receive the message
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 20.1.46.100 started – CLI initiated[OK]
Rate-Limiting – Configure routers to wait until xx packets are denied before generating a log packet & these messages should not be generated more frequently than every 2 seconds.
ip access-list logging interval 2
ip access-list log-update threshold 10
Conclusion: This was tough and is rated an 8 with IE – the MPLS VPN was unreal – incredible configurations which can leave my head spinning – However this is an expert exam and I expect no less – I am quickening up on the core so that is positive and the additional areas such as Multicast, QoS and Systems Management are okay for me. The key to my passing is four-fold.
- speed up
- less mistakes
- interpret corrrectly what is being asked
- MPLS VPN.
Thank You.
I would like to thank everyone who has visited this blog since August last when I started it. Since I started prepping for the CCIE Lab exam in 2001 I have always been a silent observer of various forums such as GroupStudy, IPExpert Support Forums followed by IE’s forums when they came on the scene. I have never been one for long emails/conversations or blog entries so this has been quite a departure for me.
Well today, this blog exceeded the 10000 hits milestone mark which is amazing. Having passed the CCIE RS Written Exam 3 times [2001, 2003 & 2005] and passed the CCIE SP Written Exam last year I am 10 days away from finally realising a long held ambition and to think that this many people would have an interest in my journey is great.
Thanks again, Steve.
CCIE SP Lab Nuggets Links
No, these are not CBT Nuggets, rather some gems I discovered on the cisco.com website & discussion forums – Great Reads, Regards Steve.
Note: The CCIE SP Discussions may require a login.
| TITLE: | Preparing for the CCIE Service Provider Lab Exam – Part I of III |
| AUTHOR: | Vincent Jun Ling Zhou |
| DATE: | Dec 2008 |
| DESCRIPTION: | This presentation is the first of a three-part series on how to Prepare for the Cisco CCIE® Service Provider Lab Exam. |
Link => https://cisco.hosted.jivesoftware.com/docs/DOC-3927
| TITLE: | CCIE Service Provider Lab Exam Tips – Importance of reload |
| AUTHOR: | Vincent Jun Ling Zhou |
| DATE: | September 2008 |
| DESCRIPTION: | This article focuses on the importance of reload of your configuration to make it operational during the CCIE SP Lab Exam. |
Link => https://cisco.hosted.jivesoftware.com/docs/DOC-3282
| TITLE: | CCIE Service Provider Lab Exam Tips – MPLS and VPN Common Mistakes to Avoid |
| AUTHOR: | Vincent Jun Ling Zhou |
| DATE: | September 2008 |
| DESCRIPTION: | Useful tips to review before taking the CCIE SP Lab Exam. Tips include the common mistakes made with MPLS and VPN. |
Link => https://cisco.hosted.jivesoftware.com/docs/DOC-3281
| TITLE: | How to pass CCIE Lab – Insiders Tips |
| AUTHOR: | Himawan Nugroho |
| DATE: | 2008 |
| DESCRIPTION: | Shares personal experience and extensive CCIE SP Lab Tips. |
http://www.cisco.com/web/ID/learning/cnsf2008/files/How_to_Pass_CCIE_Lab_Insider_Tips.pdf
