CCIE

In my continued quest through BGP i ran into a couple of things which i wanted to share my thoughts about.

All of them has to do with a non-direct peering between BGP peers.

Originally the BGP protocol was designed to be run between directly connected routers. Then came along these busy times where we might want to have two connections, for redundancy and load-balacing purposes. We also want to have a single peering only. These days we might even have non-BGP speakers in our core, such as with MPLS.

Im learning something new at work almost every day.

We do alot of voice installations, some directly for the customer, others we host.

Voice has always been a strange world to me, and it still is. Basically it boils down to the fact that it doesnt interest me what so ever.

I wanted to share a very interesting tidbit i figured out the hard way.

Again, its about NSSA areas in OSPF. When redistributing a route into an NSSA area, how is the forwarding address chosen?

Some say the lowest IP address of any loopback interfaces thats advertised into the NSSA area. Others say the highest. Which one is correct?

I havent been very good at updating my blog lately. The reason for this is that i have been really focused on doing labs. Im still doing Narbik’s labs. They are great! They really make you think about what you are doing and contains the nasty 007 tricks 🙂

I wanted to give a status update on my study progress as it stands on February 28th 2010.

At the moment im still hitting Narbik labs. There are alot of good ones, and i havent even hit the troubleshooting labs yet. This weekend has completely wasted though. Mainly because of my birthday this friday, and moving my girlfriend back in with me (we had two appartments for her to goto school in a different city). Now back to a single rent!! Put on top of that the fact that im still not over the flu by a longshot. Im coughing, my throat hurts and im constantly nauseaus.

I had a very long day at work yesterday, but still felt like doing a lab when i got home.

My next lab was about fallback-bridging. Yet another topic i know nothing about 🙂

So today/tonights plan calls for figuring this technology out. It doesnt seem overly complicated to configure, but its more of a task to understand the technology.

I was doing some lan QoS yesterday evening. Specifically i wanted to mark some packets.

As usual, i wanted to create a policy-map, referencing some class-map, and then set the IP precedence value.

I tried to get this working for like 3 hours. I was verifying the behavior using the “sh policy-map interface ” command,

I was just playing around with some switching labs.

As i was doing this, i ran into configuring SNMP, sending traps when mac-addresses was added/removed, and all sorts of other things. I could (as in the lab) just set the IP address of the NMS (Network Management System), but i wanted to actually make sure that these were being picked up correctly by an NMS.

I thought i would write a bit about my bootcamp last week. Here’s what I have come up with. I will update this as more thoughts flow into my head 🙂

Day one at Narbik’s bootcamp:

—————————–

What an eye opener. This guy has his stuff under control! We started out with switching topics. Configured all sorts of things. We were told that 60% would be configuration and hands on stuff, while the remaining 40% would be theory (chalk talk). This is a good balance if you ask me. Its not that theory is bad, its just that its so detailed, that you can only grasp so much of it.

Just wanted to let everyone know that im working on a post describing the Narbik bootcamp. Just concentrated on labs at the moment. It will arrive shortly 🙂

More Narbik Labs. I have arrived at the BGP section, and its very good. It touches on some more obscure features that are really useful.

One of the things i ran into was the use of advertise-maps, exist-maps and non-exist maps. I have used these before, but very briefly.

Making up a list of things i need to bring for the bootcamp. I finally want to try and be a bit more organized regarding this

on this trip. I thought id do that best by starting writing all the things i think i will need straight away, and then go back and forth on the list

Last night i was doing some Vol.2 Narbik Labs. I was supposed to filter some OSPF routes entering

the routing table on a certain router. I chose to use an extended access-list because, well, just because i could.

The command i wanted to use, was the router-config mode command “distribute-list”.

I just re-cabled my home lab and setup everything so i could work on Narbik’s foundation workbooks. You can check out more at:

[http://www.micronicstraining.com

]1

These are the workbooks that you get before the bootcamp, to get you up to speed with individual technologies. All in all theres about 600 pages (~300 pages in Vol1 and the same in Vol2).

Welcome back to the 2nd post about OSPF and external routes.

Last time we spoke of OSPF and how it behaves in regard of external routes in a single “normal” area.

By normal, it implies an area that accepts all types of LSA’s.

I want to create some posts about the actual behavior of OSPF in regards to external routes in different areas and how everything behaves. It might take more than a few posts, but I hope you’ll keep reading them 🙂

The first one, is about redistributing external routes into a normal OSPF area. A “normal” OSPF area is an area which allows all kinds of LSA’s. This means we can have an external source in this area. In a “normal” external routes will be present as a type 5 LSA. This type 5, will either be an E1 or an E2 route. The difference being that the metric associated with the LSA will increase with an E1 and it will not with an E2 route. The default is an E2 route and the default metric is 20.

I have been working on some OSPF scenarios lately. These was sparked by a post by Joe Astorino @ IPexpert. They are about the use of the forwarding address in Type 5 LSA’s generated by an ABR because of a Type 7 LSA in an NSSA area.

The link below is an excellent read from INE that you should really take the time to read.

I am working on a post about the OSPF forwarding address, as well as some MPLS stuff. Stay tuned 🙂

I just wanted to get the link out there.

This small post will be about a little feature called “views”.

This feature is used to create a sort of profile, for which you could have a certain user do certain things. As you might know, the only way to do this previously was to use the priviledge level command. This command would in effect set the command to be available at a certain priviledge level. This can be very cumbersome to maintain, especially if you work in a large enterprise environment or a service provider.

I have just landed a new job. It is a networking company, doing alot of security, ip telephony and general network consulting. The company can be found here. It is called NetIP. The company is located about 30km from where I live, so a little drive in each direction is nessecary. I will start Thursday the 1st of October. I am looking forward to it. My last day at the previous job was yesterday, and it went by okay. Ofcourse its sad to loose some coworkers, some of which i have been working with for close to 9 years. But life goes on.

Its been a while, and for that im sorry.

I have been very busy watching VOD (Video On Demand) classes from IPexpert. Scott Morris has done these videos, and he is pretty good at it in my opinion. There are alot of new stuff as well. Things such as Multilink Frame-relay (FRF.16) and PPP over frame-relay. IRB (Integrated Routing and Bridging) was also new for me. Basically you can extend your L2 over a L3 ip routed network. All very interesting stuff.

So a simple concept right?

Tunnel your L2 protocols through a switched network? I agree, but as usual, i put more complication into it. Basically a VOD from IPexpert on L2protoco-tunnel used to create a trunk connection. In the video it is shown that you can create a trunk by using a l2protocol-tunnel (STP in particular). Through extensive testing and discussion on OSL, this is possible, but you will only get the native-vlan traffic through.

The lack of posts recently has its cause.

I have been playing around with a screencast. The problem boils down to compressing the video somehow. I made a recording, and unfortunally it was recorded in a too good of a quality, resulting in a pretty big filesize (~300Mb). I then tried several (read: ALOT) of different tools to somehow compress it. I have still to figure it out. But anyways, I uploaded it to youtube because i didnt know where else to put it. If anyone has any ideas for doing a better job, please let me know.

Here is the brainstorm about the preparation on the CCIE lab I have come up with so far. Remember that this is no final list or any “magic pill” of any sorts, it is just some thoughts I have been having.

Intro:

Authentication is a critical part of administrating your network devices. For the longest time, i know for a fact that alot of companies use a simple authentication mechanism. Namely a either a line password, or at best local user database authentication. The inherent problem of these is that they are static entries, and on top of that, you have to manually do it on all the devices in your network. If a change need to occur, it requires logging in to all of the devices and changing the password (and or username).

I have mentioned it before, and i’ll do it again. Flash cards are great for remembering those pesky little details.

I wanted to share the flashcards I have created so far:

http://flashcarddb.com/cardset/24460-cisco-flashcards

Hopefully you can get some use out of them. Ofcourse they are some of the details I have a hard time remembering, but maybe you’ll have some use for them as well.

Lately I havent been keeping up my chores on the blog. Theres a good reason for this.

I have really been studying hard to do the written exam again. Done lots of practice tests, a lot of technology focused labs on especially some edge areas where I wasnt 100% sure of things. And especially a lot of Cisco documentation. Every time I reached a snag I looked up the documentation from Cisco and read through what it was supposed to do and how.

This is the 2nd post about 802.1D, also known as spanning-tree. In the previous post, I explained alot of functionality behind the selection of ports on both root bridges as well as non-root bridges. (Remember a switch is a bridge).

Ive spent the last couple of days playing around with the traditional Spanning-tree protocol (802.1D), which has been used for many years, but is pretty slow to converge.

As most of you know, Spanning-tree protocol (STP), is used to build a loop-free L2 topology. This is done to avoid bridging loops, where your frames gets sent around and around endlessly.

I failed my first attempt at the CCIE written exam this thursday… It really sucks.

I was very close to passing it, but unfortunally it didnt happen. I need alot more practice questions to get a “feel” of whats being asked. Also, protocol mechanics need to be practiced some more.

So I have started my review process. I have some things on my list that I need an in-depth look into.

Among these are:

• IPv6 tunneling types.
• Web Cache Communication Protocol (WCCP).
• Some Frame-Relay workings, like FRF.12 and FRF.9.
• Switching section in BCMSN, particularly MST.
• Frame-relay traffic shaping.

These are the big ones I need to tackle. On top of this I need to review the entire exam certification guide. If I have time, I will also try to define all the terms, which is one of the tasks they (exam cert. guide) suggests that you do.

Been spending the last few days doing some leg-work on understanding different ACL’s to match different networks most effeciently.

Alot of posting on Online-Study List on how to do this, all very valuable. Tyson Scott from IPexpert created a PDF file that was posted, and will also be made available from IPexpert.com in the member section. It gives some good examples of the binary math behind it all.

Great news for all you europeans!

It would seem that IPexpert is looking into creating classes on european soil. This would be really great to cut down on costs and travel time to attend IPexpert led instructor training. I hope we can get together about 10-ish people that wish to attend these classes. I for one would be one of them.

So this is the 2nd part on how PIM-SM operates. Last time I showed how the initial RPT (shared tree) was constructed, and how data would flow from the source to the receiver.

This time, I want to show you how the optimization technique in SM actually works.

I knew it would be tricky before I even started with the multicast section, but not this hard 🙂

So I wrote about PIM-DM and its flooding behavior, and how it would make sure data was flowing from the source to the receivers. I will try to give some information about PIM-SM and also some further information on IGMP.

So Brandon Carroll’s quest to do the Routing and Switching certification is scheduled to take 90’s days. I think he is very gifted and got the right stuff to do it (he’s a security CCIE). What came to mind, was this hypothesis:

Ive started on the Developing IP Multicast Networks book from Beau Williamson. This book is apparently “the” book on multicasting, so I hope it will help me out with this weak area of mine. So far ive read about DVMRP which is not on the blueprint, but it sounded like it would be a good help to understanding PIM modes, which are on the blueprint, so I decided to go through it anyways. So far its a good read, however you can tell that its dated a bit. The overview of the applications running on the MBone is from Windows 95 🙂 quite a few years ago.

I am almost done with the Internet Routing Architectures book, and its a great book!! You really get to understand why BGP is the way it is.

Where IGP’s as we know them concentrate on fast convergence, BGP is all about 2 things: stability and policies.

So even though im looking over my journal, and i am doing about 1,5 – 2 hours studying each day, I feel like im lacking the discipline to really make a dent in the thing called CCIE Written. I have not been using google calendar like i should, and it is really bumming me out. I would like to have two 50 mins reading sessions a day, and time to write down my notes at the end of the day.

So after learning that im not employed after september, I am on the market for a new laptop.

This new laptop will be my primary machine, as I very rarely boot up my stationary computer. It should be able to handle quite alot. Right now I have two candidates which are very appealing in their own way: