One of the biggest issues I have seen time and again on projects is communications management or lack thereof. The Cisco Announcement or lack of, for the CCIE SP Lab is a prime example again of this. Many candidates have received the official email but there is no notice here => http://www.cisco.com/web/learning/le3/ccie/announcements/index.html

Putting my project manager hat on for a second and this causes confusion. The same can be said for ISP’s. On many occasions tickets would be raised with the ISP, say area office WAN performance issue for example. Ticket gets raised with the Customer Service Desk who subsequently log a ticket with their ISP counter parts, call gets passed onto the ISP line team, their job is looking after the circuits themselves, tail circuits, local loops, etc. They begin to look at the problem, meanwhile the support manager of the customer calls his CRM [Customer Relationship Manager] in the ISP looking for an update. The CRM gets in touch straight away with the lead engineer who knows the customer\site well and gets on the CE\PE’s looking at outputs. He diagnosis a QoS marking that has been completed incorrectly and makes the change required. The customer suddenly sees their backup\AV rollout\file transfer\application\whatever suddenly increase in speed. Case solved or is it? The customer service desk is sometimes unaware that the issue is resolved so they contact their counterparts in the ISP who contact the line team who are still trying to figure out the issue -> confusion.

My Solution? Single points of reference – owners if you will, both on the ISP and Customer Side. They own the call from it’s inception through to resolution and issue RFO [Reason for Outage] reports post call resolution. All communications such as verbals\mails\etc go through them or they are cc’d on them. This eliminates mis-communications\provides ownership\prevents confusion and finally inspires confidence especially on the customers side.

Cisco promote unified communications but perhaps a cohesive announcement of the above change through email\updated web pages and official announcements through the Cisco Learning Network would have been better that the current situation for SP candidates.

Core Knowledge Questions Now on All CCIE Labs

Effective January 4, 2010, the CCIE® Service Provider, Storage, and Wireless Lab Exams will add a new type of question format in a section called Core Knowledge. In this new section, candidates will be asked a series of four open-ended questions which require a short written response be entered into the computer–typically several words. The questions will be randomly drawn from a pool of questions on topics eligible for testing. Candidates can review the topics by visiting the CCIE track information on Cisco.com or Cisco Learning Network. No new topics are being added as a result of this change. Candidates will have up to 30 minutes to complete the Core Knowledge section and may not return to it once they have moved on. A passing score on the Core Knowledge section is required to achieve certification. Core Knowledge questions were implemented on Routing and Switching labs in February 2009, Security labs in June 2009, and Voice labs in July 2009, and allow Cisco to maintain strong exam security and ensure only qualified candidates are awarded CCIE certification. Candidates with exam dates January 4, 2010 or later should expect to see the new question format on their lab exam. To find out more information regarding updates to the CCIE Lab and scoring format, please click here to go to the CCIE Q&A section.

to all of you who have commented here and contacted my by mail – your comments have been great for me and it reminds me that all of us who study at our desks at night seamingly alone are not – that there are like minded people out there doing the same thing. I will be in touch shortly.

Also to two of our fraternity who are taking the SP Lab today and tomorrow – the very best of luck guys and let us know how you got on – we are all here to help and assist. I will relay your feedback in this blog if you so wish – let me know.

Steve.

that some things were not meant to be…

• Basic Configuration – 71%
• Core SP Routing – 73%
• BGP Routing – 75%
• MPLS – 73%
• etc, etc

Very disappointing and frustrating – the frustrating piece is that I had my complete core and MPLS up and running exactly as requested – in hindsight, 18 hours later I would not change anything – everything was up – exchanging information as requested. I had one Cat request which I knew how to do but that method was explicitly not allowed to be used which stumped me hence the dropped points in that section – but the ramifications were enormous as two double-point questions in MPLS VPN relied on that and thus 15 points were dropped 3 in Cat and 12 points [2x6] in MPLS VPN thus scuppering the attempt.

Overall it was a great attempt – my plan worked like a treat – I got through switching\frame-relay\ppp and ISIS within 1 hour, BGP was completed by 2 hours, basic MPLS and MPLS traffic Engineering by 3hrs 15m and I completed two sections of MPLS VPN and 2 Management questions by lunch. Great stuff – everything going really well.

After a nice lunch I completed the 4th part of MPLS VPN - 1st issues arose during the 5th part which relied on an the earlier section with the restriction – I completed all other parts and moved on, crap, another double points section with the same dependency – completed all other work involved in the question and moved on – Multicast up and running but although I completed all sections I could not get Inter-AS communications end-end even though I completed all configuration work as I knew it – putting a dirty solution in worked but not as required so I removed it. Security, QoS and Management\Features all integrated with previous work and I finished the lab with 50 minutes left.

So back to that section that everything relied on and do you know what, I couldn’t get it to work in the 50 minutes - even now the morning after I still cannot think how to get it to work with the restrictions that were put in place – I will have to deep dive the various locations such as IEOC, IPExpert, Cisco Press and Groupstudy to try to see who got this feature before and how they resolved it but that was that for me.

It also looks like an enforced rest anyhow as the next available date is June which I have booked. Just a side note – there were 6 candidates sitting the lab exam – when I was there in February there were 20 that day. Also two days this week Brussels had 0 R&S candidates – Draw your own conclusions with that nugget.

Finally a big thanks to you all for your encouragement and tips – you have been a great inspiration. I intend to return to smaller more technical blog entries from now on as I have more time to reflect and zero in the specifics of a feature rather than general details. It’s also family time for me as they have suffered most in this process and that is the heaviest price to pay, far more so than the financial one.

Steve.

I labbed for 4 hours this morning completing a lab from last night so latter MPLS VPN, QoS & Multicast. I hit a wall per se and it’s simply called tiredness. I have been on the routers 10 hours\day since Thursday and it takes its toll. Therefore I spent the rest of the afternoon and evening going through blog notes and crib sheets.

There are some great entries out there with both INE & IPExpert outputting top class SP tech-notes. Add these to Ivan Pepelnjak’s blog & MPLS VPN crib sheets, packetlife’s cheat-sheets [always hated that term!], Cisco Learning Network SP Notes and you have a great set of notes maybe 50-75 pages worth that cover the backbone [excuse the pun] of the SP Lab Exam.

Tomorrow is final prep day, some small labbing – going over concepts, reinforce my attack plan, pack the bag for Brussels – its an early flight – 0600 getting in at 0900 local time, a day in the hotel to chill out and get some sleep then report in for the Lab on Thursday morning.

My plan of attack? -> Fly out of the blocks and build up some real speed – I have been speed drilling for the last 2 weeks and its amazing how fast concepts such as MPLS & Multicast in particular can be typed. Obviously due care is required but I am determined to break the back of the MPLS VPN section by lunch time if at all possible. I cannot allow any IOS issues to stall this, there will be a 15 minute max limit placed on each section and I move on regardless. If the issues is core to the lab I move on anyway, perhaps to SP Management or QoS as I have proved that troubleshooting too long and you cannot see the wood for the trees – get away, do something else whilst rebooting the troublesome router should aid that process.

This is my final blog entry prior to the lab so I will be back on Friday with my results – positive or otherwise. Thanks for all the encouragement.

Steve.

Less blogging more labbing – completed INE Lab 4 and IPExpert Lab3 from the Lab Mentoring Kit – I use both vendors rack rentals as well and nothing but good things on that – So where am I at?

• I am getting faster – finished L2, L3 and MPLS in 2hs 10 minutes today.
• I am more confident in the MPLS VPN world
• I am still getting caught in the MPLS TE World – I honestly thought I had this subject nailed but I keep missing small things that cost time such as MPLS router-id on the transit routers, etc
• QoS is now my weakest section not MPLS VPN’s
• Oh and I still dislike Systems Management Questions – thats why we buy Solarwinds, etc.

I have no work until my Lab in Brussels on Thursday so one full lab a day until Tuesday, fly out Wednesday, Lab on Thursday, Result on Friday - Also I will bring my camera to Brussels and put up a journey blog entry for the trip there so prospective Lab Candidates can see the Cisco office, etc during my lab day.

Keep studying – Steve.

I am not a frequent poster but these articles really are excellent in demonstrating PPPoE configurations.

Brian Dennis => http://blog.internetworkexpert.com/2008/01/20/example-configurations-for-ppp-over-ethernet-pppoe/

Ivan PepelInjak => http://wiki.nil.com/PPPoE_testbed

Cisco => http://www.cisco.com/en/US/docs/ios/12_1t/12_1t2/feature/guide/dtpppofe.html

I have been  trying to master and speed up my approach to the MPLS VPN Section which I did not do my 1st time around – here is an abridged tasklist based on the relevant IOS Configuration Guides providing me with a roadmap to navigate through this crucial section. HTH.

Stephen Bowes – How to Configure MPLS Layer 3 VPNs:

Step 1: Configuring the Core Network (required)

            1a. Assessing the Needs of MPLS VPN Customers (not required in CCIE Lab as details provided)

• Identify the size of the network.
• Identify the routing protocols.
• Determine if you need MPLS High Availability support.
• Determine if you need BGP load sharing and redundant paths.

            1b. Configuring Routing Protocols in the Core (required – For SP Lab this will be OSPF or ISIS for scalability reasons)

            Configuring OSPF in the core:

• enable
• configure terminal
• router ospf process-id
• Router(config-router)# network ip-address wildcard-mask area area-id

            Configuring ISIS in the core:

• enable
• configure terminal
• router isis [area-tag]
• net network-entity-title
• end

            Enabling IS-IS as an IP Routing Protocol on the Interface (required)

• enable
• configure terminal
• interface type number
• ip address ip-address mask [secondary]
• ip router isis [area-tag]
• end

                        Monitoring IS-IS (optional)

                        Not listed here – various show commands

                        Shutting Down IS-IS to Make Changes to Your IS-IS Network (optional)

                        Not listed here

            1c. Configuring MPLS in the Core (required)

• enable
• configure terminal
• mpls ip
• mpls label protocol {ldp | tdp | both}
• interface type number
• mpls ip
• exit
• exit
• show mpls interfaces [interface] [detail]
• show mpls ldp discovery [all | vrf vpn-name] [detail]
• show mpls ldp neighbor [[vrf vpn-name] [address | interface] [detail] | [all]]

            LDP used as the example here – obviously could be TDP, etc.

            1d. Determining if CEF Is Enabled in the Core (required)

• sh run
• sh ip cef

            1e. Configuring Multiprotocol BGP on the PE Routers and Route Reflectors (required)

• enable
• configure terminal
• router bgp as-number
• no bgp default ipv4-unicast
• neighbor {ip-address | peer-group-name} remote-as as-number
• neighbor {ip-address | peer-group-name} activate
• address-family vpnv4 [unicast]
• neighbor {ip-address | peer-group-name} send-community extended
• neighbor {ip-address | peer-group-name} activate
• end

Step 2: Connecting the MPLS VPN Customers (required)

            2a. Defining VRFs on the PE Routers to Enable Customer Connectivity (required)

• enable
• configure terminal
• ip vrf vrf-name
• rd route-distinguisher
• route-target {import | export | both} route-target-ext-community
• import map route-map
• exit

            2b. Configuring VRF Interfaces on PE Routers for Each VPN Customer (required)

• enable
• configure terminal
• interface type number
• ip vrf forwarding vrf-name
• end

            2c. Configuring Routing Protocols Between the PE and CE Routers (required)

We can run BGP, RipV2, OSPF, Static Routes or EIGRP as the PE-CE Routing Protocol – here are the configuration tasks for all.

            Configuring BGP as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router bgp as-number
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• neighbor {ip-address | peer-group-name} remote-as as-number
• neighbor {ip-address | peer-group-name} activate
• exit-address-family
• end

            Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router rip
• version {1 | 2}
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• network ip-address
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring Static Routes Between the PE and CE Routers

• enable
• configure terminal
• ip route vrf vrf-name
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring OSPF as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router ospf process-id [vrf vpn-name]
• network ip-address wildcard-mask area area-id
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring EIGRP as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router bgp as-number
• no synchronization
• neighbor ip-address remote-as as-number
• neighbor ip-address update-source loopback interface-number
• address-family vpnv4
• neighbor ip-address activate
• neighbor ip-address send-community extended
• exit-address-family
• address-family ipv4 vrf vrf-name
• redistribute eigrp as-number [metric metric-value][route-map map-name]
• no synchronization
• exit-address-family
• end

            Configuring EIGRP Redistribution in the MPLS VPN

• enable
• configure terminal
• router eigrp as-number
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• network ip-address wildcard-mask
• redistribute bgp {as-number} [metric bandwidth delay reliability load mtu] [route-map map-name]
• autonomous-system as-number
• exit-address-family
• end

Step 3: Verifying Connectivity between MPLS VPN Sites (optional)

            3a. Verifying the VPN Configuration

• show ip vrf

            3b. Verifying IP Connectivity from CE Router to CE Router Across the MPLS Core

• enable
• ping [protocol] {host-name | system-address}
• trace [protocol] [destination]
• show ip route [ip-address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number access list number
• disable

            3c. Verifying that the Local and Remote CE Routers are in the Routing Table

• enable
• show ip route vrf vrf-name [prefix]
• show ip cef vrf vrf-name [ip-prefix]
• exit

References:

Cisco IOS IP Routing: ISIS Configuration Guide, Release 12.4

Cisco IOS IP Routing: OSPF Configuration Guide, Release 12.4

Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4

I have re-compiled my v2 CCIE SP Checklist which I published here before my last attempt back in February. I have added in nuances, new tips and additional information I have come across in other forums which I hope can help not only you but also me!!

Here is the copy in blog format and I have also added a rapidshare link at the bottom of this blog entry for the PDF Version – let me know what you think.

Title:                 CCIE SP Lab Checklist

Author:             Stephen Bowes

Version:           3.0

Date:                November 2009

Abstract: 

This is a compilation of notes, gotcha’s, pointers, etc from my research in preparation for my upcoming CCIE SP Lab exam which I have acquired over many years. Please feel free to notify me of more improved ways to those listed below and or errata through my CCIE blog at cciesplab.wordpress.com or by email at cciesp@rocketmail.com.

Points Scoring and Timings:

I am conscious of the number of candidates who have failed due to running out of time. There are a number of reasons for this, here they are and proposed solutions. 

 To this end my timing plan is as follows -> Total Time = 8 hours = 480 Minutes. Lab Points Total = 100 Points, allowing 30 minutes for opening moves [see below] and 45 minutes for checking, validation and verification at the end, gives me 400 minutes for configuration

=> 4 Minutes/Point.

Pre-Lab Actions:

1 Month:

Adjust your body to performing 8 hour labs – Stamina will be key – you will be no use to anyone if you get tired after 5 hours of labbing. With 1 month to go ensure you are not doing 4 hour mini-labs rather the longer ones.

1 Week:

Adjust your body clock to the lab time. In my case I work 11am-7pm GMT whereas the Lab Exam in Brussels starts at 0745. This is 0645 GMT so with a week to go I will be up, showered, and had breakfast and sitting at my desk at 0730 to start an 8 hour lab with lunch at 12 for 30 minutes. I need to be fully alert at 0745 on Lab Day.

Lab Exam Day:

• Get as much sleep as is feasible the night before, up, showered, breakfast complete and be at Cisco by 0730. I booked into the nearest hotel I could find 250m away so no reliance on transport, etc.
• Bring a number of layers of clothes in case the room is cool, bring ear plugs so that the 11 guys/girls typing next to you and also so that the CCIE Voice candidates testing faxes will not interfere with your concentration levels.
• Documentation Location is http://www.cisco.com/web/psa/products/index.html

15 Minute Immediate Action: Anyone who has served in the military knows what an Immediate Action is – when something goes wrong a backup plan – in this case I’m going to move on if I cannot get any 3 pointer completed within 15 minutes ensuring I finish the lab!

Lab Action Plan: [Note: All times below are estimates and dependent on points values as per timing plan noted above]

Opening Moves: [30 Minutes: 0800->0830]

• After the proctor instructions, take a minute, calm yourself, open the booklet, read the exam end to end, visualise the Bridging/Switching, IGP, EGP, MPLS, etc.
• Draw a personalised diagram of the topology – Note: This is a talking point, some do, some don’t, and I think it’s advantageous especially from an IP/Interface perspective.
• Ignore the rush of the other candidates typing or the urge to get started.
• Create a point checklist on the rough paper provided. Here is my example.

Example Point Checklist:

Troubleshooting: [15 Minutes: 0830->0845]

A number of faults may have been entered into the pre-configured devices. Check your SecureCRT software – can you see each of the devices? Reload each device, look for any hardware errors on boot-up, now is the time to spot this, not 11am.

As any issues could have been introduced check everything, IP Addresses matching Interfaces, subnet masks, FR DLCI’s, FR Inverse-Arp, pre-defined VLAN’s, VTP Modes on 3550’s, watch any pre-defined configurations configured on correct interfaces, ATM configurations, NSAP, IP, IP CEF, etc. 

I am not an Alias guy but now would be the time to do this, type these into notepad and cut & paste onto the routers ‘show run | b Se’ – Remember for large or repetitive configurations such as BGP, use notepad and then copy and paste but be aware of changing values such as IP’s, subnets, etc as you copy and paste.

 Bridging & Switching:

Frame-Relay: [15 Minutes: 0845->0900]

• Use your diagram to draw out the FR Topology
• A lot of this may be pre-configured so verification doubly important
• Use [1] shut [2] enc frame-relay [3] no frame inverse-arp [4] no shut.
• Decide to use either frame-relay map or use sub-interfaces
• Ping from spoke to spoke if possible to validate.
• Extra mapping required if required to ping your own interface
• If PPP over FR, then always create VT first, user/password
• Save, reload, and then verify all working.
• FRTS – Know your CIR=Bc x 1000\Tc; Be=(AR-CIR) x Tc/1000.
• DocCD Location => Main URL = http://www.cisco.com/web/psa/products/index.html

– Cisco IOS SW Release 12.4 Family – 12.4 Mainline – Configuration Guides – Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4.

• Verification Tools – ping, show frame-relay map, show int virtual-template, show int virtual-access, show traffic-shape, show interfaces serial, show frame-relay lmi, show frame-relay pvc, clear frame-relay inarp, clear interface, debug serial interface, debug frame-relay lmi, debug frame-delay events, debug frame-relay packets

=> Golden Moment: Frame-Relay is the spinal cord of the inter-network, it must be 100% <=

Switching: [15 minutes: 0900->0915]

• Check VLAN’s as per instruction
• Check VTP Modes
• Check Trunking & Access Ports
• A lot of pre-configuration completed so use the verification commands below.
• Ping vlan by vlan. Select only one device and ping all other on a specific vlan.
• If naming something, type it exactly as specified – Ref: Narbik
• Specify both Duplex and Speed as Auto-Sense can be troublesome – Ref: IEMentor & Gorito
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS LAN Switching Configuration Guide, Release 12.4
• Verification Tools => show interfaces, show interfaces trunk, show vlan brief, show vtp status, clear interface

 Cell-Mode MPLS: [15 Minutes: 0915->0930]

• Configure any ATM interfaces required – PVC/SVC, NSAP Addressing,
• Watch for tag-switching or label-switching.
• Security authentication may be required
• Use ping to verify
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS Asynchronous Transfer Mode Configuration Guide, Release 12.4
• Verification Tools => show interfaces, show atm pvc, show atm svc, show atm map, show atm traffic,

 PPP/Ethernet: [15 Minutes: 0930->0945]

• Configure PPP/PPPoE as required, PPPoE enable, pppoe-client, interface dialer, etc.
• Know security configurations, ping and validate.
• Be aware of IOS nuances with these types of features.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS VPDN Configuration Guide, Release 12.4 & Cisco IOS Broadband Access Aggregation and DSL Configuration Guide, Release 12.4
• Verification Tools => show pppoe session

 => Golden Moment – Bridging & Switching Complete – Total Time 1 Hour 45Mins <=

IGP: [Note that probably only one of these will be the core IGP] 

OSPF: [30 Minutes: 0945->1015]

• While reading the task, use your master diagram to configure OSPF router by router not area by area. Look for the following OSPF characteristics.
• Authentication, stub or nssa, virtual link
• Refer again to your master diagram, colour in the OSPF areas.
• Make a note on redistribution, summary, area-range, DR/BDR, OPSF network type.
• Get Area 0 working 100% first.
• Ensure Area 0 Contiguous, test, create GRE/Virtual-links, and test again.
• Configure other areas.
• Leave OSPF Security until last.
• From a time perspective, router by router saves you revisiting router and typing in additional commands after the fact.
• First Interface and then router ospf

Preferred sequence for configuring interface

1) OPSF network type based,

2) priority,

3) Authentication,

Preferred sequence for configuring OSPF process

1) router-id

2) area authentication,

3) neighbor,

4) Network (copy paste from interface address)

• Validate everything is working (show ip os ne, show ip os vir, show ip os interface, show ip route)
• Do redistribute summary, area range, filtering [Be Careful!]
• Validate and verify prior to moving on.
• Save Configurations,
• Reload routers and final verification.        

Note: Some candidates do not reload, some do – I will.

• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4
• Verification Tools => show ip ospf, show ip ospf interfaces, show ip ospf neighbor, show ip ospf database, show ip ospf virtual-links, debug ip ospf events, debug ip ospf hello, debug ip ospf packet

IS-IS: [30 Minutes: 1015->1030] – Same as OSPF – Allowing additional 15 minutes in case both are present.

• This has been noted by previous candidates and having quite a bit to do on the SP Exam! Refer again to your master diagram, colour in the ISIS areas.
• Configure ISIS on relevant routers
• Note what ISIS Levels are required – 1 or 2,

• Assign appropriate NET addresses
• Remember unlike other IGP’s, ISIS configured at Interface level and is essentially a L2 protocol.
• Verify adjacencies
• Due to ISIS only knowing two forms of media – LAN or point-to-point -> use the frame-relay map clns command to create maps for protocol to run.
• Configure any ISIS filtering/redistribution
• Configure Authentication if required.
• Configure any additional ISIS nuances/parameters such as metrics/timers, etc we encounter.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4
• Verification Tools => show isis database, show isis topology, show clns protocol, show clns interface, show clns neighbors.

=> Golden Moment – IGP Complete – IGP Time 1 hour – Total Time 3 Hours <=

BGP: [60 Minutes: 1030-1130 – dependent on points] 

• While reading task, draw BGP topology on master diagram, this is important.
• Determine Route Reflector or confederation or both to do full-mesh iBGP.
• See if neighbor peer-group is required,
• Configure router by router not BGP session-by-session
• Configure one AS then another – be AS focussed.
• Ascertain required address families & configure – ipv4, vpnv4, ipv4 vrf, etc
• Ensure reachability, one AS at a time.
• Spend enough time to be absolutely correct on route-filtering (ACL, prefix-list, as-path filer), route-aggregate(w/ as-set, summary-only, supress-map, attribute-map, advertise-map), route-manipulation( w/as-prepending, med, local-pref, weight, next-hop, advertise-map/non/existing-map, origin, community, etc ) route-dampening, etc.
• Resolve any next-hop-self issues which are easier to troubleshoot working one AS at a time.
• Validate config. Use “clear ip bgp * soft “not”, clear ip bgp *.
• Leave BGP Authentication until last.
• Save, reload and test.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4
• Verification Tools => show ip bgp, show ip bgp summary, show ip route bgp, show ip bgp neighbors, show ip bgp neighbors neighbor-ip-address, debug ip bgp

=> Golden Moment – EGP Complete – Ensure full Reachability Maintained, Save Configs <=

Reachability Test: [Before lunch if possible followed by reloading routers]

Test full reachability with TCL Script. Check you get an ICMP response from every router to every router. If ping has no response, write down IP address and troubleshoot.

The master diagram will help here. Method involves – show ip alias, Copy to Notepad, Search and Replace to “Massage the Data and toss in the PING Command), Wrap what’s left in a TCL or Macro, Copy and Paste into a Router.

  Run tclsh script

  “foreach addr {

  1.1.1.1 <http://1.1.1.1

  …

  } { ping $ addr}” Just copy past after tclsh – To quit, just type ” tclq”. Also to quote Scott Morris -> I’d leave “debug ip routing” turned on through the rest of the day. It can be a quick indicator to things getting messed up (like when you add ACL’s or play with NAT!)

MPLS: [30 Minutes: 1130->1200] 

• Tag Switching v Label Switching, when to use which ones – Watch for IOS Bugs here!
• Watch any integration with EGP
• MPLS might be the final piece of the jigsaw for full lab reachability.
• Cell Mode v Frame Mode
• MPLS Traffic Engineering – Levels, metric-style wide, ip explicit config, RSVP? etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4
• Verification Tools => show mpls forwarding-table, show mpls interfaces, show mpls ldp neighbor, show mpls ldp parameters, show mpls traffic-eng autoroute

Golden Moment – Lunch – Reachability, Save Configurations & Reload.

Afternoon Session:

SP Management: [15 Minutes: 1230->1245] 

• Know SNMP, setting up community strings, traps, RMON, pointing at various devices, etc
• Netflow, destination address, port no, version, etc
• NTP, master, server, source, etc.
• Know about various IP Services available in the IOS
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS NetFlow Configuration Guide, Release 12.4 & Cisco IOS Network Management Configuration Guide, Release 12.4 & Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
• Verification Tools => Multiple Commands.

SP Security: [30 Minutes: 1245->1315]

Be careful not to block or drop any IGP updates; Draw a flow on paper if required

• Consider all options for classification – std/ext/reflexive/dynamic ACL, IP Prefix List, IP inspect, tcp intercept, Unicast RFP, ip accounting output packet /access-violation/precedence.
• Be aware of various ways to configure MD5 for IGP, some of this may be completed via the IGP\EGP sections, ensure you have read ahead at the start of the lab.
• When configuring Switchport port-security mac-address, be careful to include virtual and physical mac if HSRP is running
• Know response planning to common security attacks such as DOS, Smurf, etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS Security Configuration Guide, Release 12.4
• Verification Tools => Multiple Commands.

MPLS VPN: [75 Minutes: 1315->1445]

So much here: VRF, VRF-Lite, MP-iBGP, MP-eBGP, Important to map out on your master diagram, the flow/direction of the VPN Traffic so that the correct configuration can be applied to the correct interface on the correct router in the correct direction!

• MP-BGP filtering, specifying route-targets, etc
• PE-CE Routing, RIP – Watch Split-Horizon is off on physical FR and ATM, authentication, version, auto-summary, etc; Other IGP/EGP considerations configure router-by-router, Advanced Options-CSC, Internet Access, Central Services, etc.
• Be aware of various backup routes for the VPN traffic in the event of line/router failure, redistribution of PE-CE to Core and vice versa.
• Be aware of VPN and Frame Relay specific limitations
• GRE/mGRE tunnels, when to use, how to configure.
• Be able to provide Internet Access from one portion of the inter-network to another.
• Be able to exchange EGP traffic across AS’s, watch next-hop, watch multi-hop, etc
• QinQ/PPoE – benefits = reduce no of VLANs, scalability, encap dot1q, pppoe enabled, etc.
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4

Verification Tools => show ip vrf, show ip route, show ip route vrf vrf-name [prefix], show ip cef vrf vrf-name [ip-prefix], ping vrf, show ip bgp vpn all summary, show ip vrf detail, ping vrf <vrf> <ip address> source <source ip>, sh ip bgp vpn all summary, sh ip bgp vpn all, sh ip bgp vpn vrf <vrf> summary, sh ip bgp vpn vrf <vrf>, sh ip bgp vpn vrf <vrf> labels, sh mpls forwarding, sh mpls forwarding | inc <prefix>, sh mpls forwarding vrf <vrf> <prefix>, sh mpls forwarding label <label>.

SP Multicast: [30 Minutes: 1445->1515]

• Setup PIM Mode as required – Sparse/Sparse-Dense – Use address-family ipv4 multicast were required
• Identify PIM RP or Bootstrap requirements
• Don’t forget ip multicast-routing and/or ip multicast-routing vrf <VRF>
• Be aware of route filtering
• Join any IGMP Groups if required, check with pings,
• Check Unicast and multicast traffic work across different AS.
• Multicast VPN, default MDT, data MDT, MDT Group Addresses, MSDP, etc
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS IP Multicast Configuration Guide, Release 12.4
• Verification Tools =>   show ip igmp groups, show ip pim rp mapping, show ip mroute, show ip interfaces.

SP QoS: [30 Minutes: 1515->1545] 

• Be careful not to block or drop any IGP updates
• Draw a flow on paper
• Interpretation of what is required & which QoS Method to use is Key!!
• Determine classification method (ACL, NBAR) and direction.
• Determine Shaping v Policing
• Consider all options for queuing (legacy custom/priority, bandwidth/priority, shape average/peak, FRTS/GTS) – Always Outbound.
• Consider all options for policing ( police, rate-limit, ip multicast rate-limit, aggregate police( 3550))
• If frame-relay, don’t forget adaptive-shaping.( becn, fecn, foresight)
• Consider all dropping mode (random detect, ecn, tail drop, marking, etc)
• DocCD Location => Main URL, Cisco IOS SW Release 12.4 Family, 12.4 Mainline, Configuration Guides, Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
• Verification Tools => show ip rsvp, show class-map, show ip rsvp reservation, show mls qos, show policy-map, show queueing, show traffic-shape, etc.

Timings & Tips:

• According to this schedule this allows me 45 minutes for checking, saving, reloading, troubleshooting, going back to skipped sections, etc.
• Remember the pass mark is 80% not 100% – we can allow for 6 sections worth 3 points each not to work out and still pass!!!!
• Route Filtering – Know this cold, affects several areas, pass or fail the lab on this alone IMO!

• Skipping Difficult Sections – This is a dangerous but potentially rewarding path up the mountain but slippery and easy to fall down on – Risky Approach.
• Redistribution – Say no more, need to pass routes, this is it – potential failure point.
• Strategy has to be flexible depending on the progress through the day.
• Ensure the “gimme” questions are answered 100% – These are key to success.
• Ongoing Validation, via show commands and TCL Script, saving and reloading at least twice I believe is essential.
• Speed accessing resources on the DOCCD is essential – should be less than 90 seconds lookup per topic.

Authors Note: Please feel free to contact me if you can add value to this 3^rd Edition as I would like to think this can help other SP candidates with a lab structure going forward.

PDF Upload Location => http://rapidshare.com/files/304716095/CCIE_SP_Lab_Checklist_v3.pdf