Over the last couple of days I have been taking a look at some of the training materials offered by vendors for the CCIE lab. There appears to be 3 main vendors on the scene offering quality materials, Internetwork Expert, IP Expert, and Narbik.

IP Expert offer a blended learning solution which at the sale price is USD$1,499, which gets you;

• Volume 1 Workbook and Detailed Solution Guide: 34 Focus Labs
• Volume 2 Workbook and Detailed Solution Guide: 15 Multi-Protocol Labs
• Lab Mentoring Kit with Video Tutorials
• Video on Demand Lecture Series
• Audio Lecture on Demand Series

My initial thoughts on the product are that its a really good price and you get some nice materials for your money but there aren’t aren’t that many labs as Volume 1 are all focus labs eg mini labs to get exposure to most of the technology and there are 15 multi protocol labs in Volume 2. The material gets shipped on a 100GB hard drive which sounds appealing but I would be a bit concerned about it getting out of date.

EDIT: According to one of the comments below you are able to get updates to the product online

Internetwork Expert offer a roughly equivalent product called the CCIE 2.0 program which the cheapest electronic version is USD$2246 with the 25% discount on their site. For this you get ;

• Poly-Lab™ Assessments
• Core Knowledge Simulation – Online Simulation
• Lab Workbook Volume I PDF Version
• Lab Workbook Volume II PDF Version
• Lab Workbook Volume III PDF Version
• Lab Workbook Volume IV PDF Version
• Advanced Technologies Class-on-Demand Online Version
• Open Lecture Class-on-Demand Series Online Version
• Lab Meet-Ups Class-on-Demand Series Online Version
• Advanced Troubleshooting Bootcamp Class-on-Demand Pre-Order
• 5-Day Bootcamp Class-on-Demand Online Version
• Poly-Lab™ Mock Lab Exam
• Discounted Rack Rental Sessions

Initial thoughts are its a fair bit more money than the solution from IP Expert but you do get more for your money, but I wonder how much of the material I would actually use. Its not included in the cheapest CCIE 2.0 package but I really like the sound of the CCIE Routing & Switching Lab Meet Up Series, which is a Class on Demand or weekly meetup for a couple of hours to go over one of the labs in the workbooks. If money was no object I would go for the CCIE 2.0 program with the lab meet up series, but unfortunately it is.

Narbik also apparently has some good workbooks although he doesn’t appear to offer a package or any of the other features such as video or audio classes as his focus appears to be on bootcamps. Narbiks soup to nuts which seems equivalent to the focus labs is only USD$35!

I think my method of studying will start initially with focus labs and then move onto the multi protocol bigger labs accompanied by some form of video lectures or bootcamp depending on my budget. I don’t think I will go for a package deal purely as it is a big single expense which I just cant afford at the moment as much, therefore I plan on getting various items from multiple vendors when I feel ready and can budget for them.

Today I passed the 350-001 v3 exam today, which is one of the hurdles you have to cross before you can really consider taking the lab which is the real test.

My study technique did not focus on the configuration and was mostly theory, I did complete some small labs just to confirm my theory but I wasn’t powering up my entire rack and configuring each tiny detail. I mainly used the CCIE Routing and Switching Exam Certification Guide, my CCNP books and cisco.com, basically I would read, mini lab, read again and quiz myself.

I wont breach the NDA by discussing the contents of the exam except to say there were lots of questions about routing and switching but I will say;

+ The test was possibly one of the toughest exams I have taken, there were a fair few questions which asked really gritty details and you really need to know you stuff inside out.

+ A number of questions looking for what I would call the Cisco way,  when there are a couple of possibilities which could be right but one is more correct than the others. If you have sat a Cisco exam before you will know what I mean by this point.

+ There were some really simple questions which according to other sites were the CCNP level ones and fazed out soon

+ My weakest areas according to the test report were areas which I had not worked on professionally, I was really weak on multicast and QoS (I also didn’t enjoy learning about multicast or Qos)

+ Writing up a few notes on this site when I was struggling with topics really helped keep me motivated and on track

Right im off to start thinking about my schedule for lab preparation, and assessing how I am going to afford training materials and lab fees.

Traditionally in a hub and spoke environment, all IPsec tunnels from spoke routers would be connected to the central site. Consequentially if a spoke router wanted to reach another spoke router would have a greater burden in terms of CPU and memory utilisation. The hub router may also require a long and complex configuration depending on the number of spoke routers, as with a traditional hub and spoke VPN configuration each hub router will require separate isakmp peer statements, GRE tunnels, crypto ACLs and crypto maps.

Dynamic Multipoint Virtual Private Network (DMVPN) solves many of these problems by using existing technologies such as IPsec, GRE tunnels and NHRP. The hub router is configured with a single mGRE interface for all the connections, and one IPsec profile and no crypto ACLS, the best bit is that no additional work is required at the hub router when a spoke router is being deployed (as much as I love configuring routers, anything to make life easy is always welcome).

Spoke routers learn about other spoke routers through routing as such a dynamic routing protocol will be required for this to operate effectively. Additionally DMVPN supports multiple hub routers for redundancy and load balancing and the spoke routers can be either statically or dynamically addressed.

A simple example of DMVPN is below, where each of the spoke routers has a permanent IPSec tunnel to the hub router, but each spoke router will establish direct IPSec tunnel to other spoke routers as and when required.

Ive been skimming over IPv6 over the last couple of days, and my written date is imminent so I wont be blogging in huge detail just skimming over some weak spots in my knowledge.

IPv6 Address Types

Most of us are familiar with the fact that IPv6 supports Multicast, Unicast and Anycast. Just like in IPv4 we can tell alot from the destination IP address, some of this is summarised below;

Aggregatable Global Unicast addresses belong in the 200::/3 range and are globally routable addresses for host to host communication. While the first 3 bits are always 001, the next 45 bits are allocated by the RIR (IPv6 allocations are generally given a /48), the following 16 bits can be used to define the subnet or Site Level Aggregator (SLA) and the final 64 bits are used as the interface ID.

Multicast - As in IPv4 they are used for one to many, or many to many communication, all IPv6 multicast addresses belong in the FF00::/8 range

Link Local Unicast addresses types are used for communication on the local link and are in the FE80::/10 range.  While the first few bits are FE80, the next 54 bits are always set to 0 and the remaining 64 bits are the MAC address in an EUI-64 format. Remember an EUI-64 formatted address is simply the mac with FFFE placed directly in the middle!

Solicited-node Multicast addresses are used for querying of network nodes for address resolution, it fulfils a similar purpose to ARP but is not broadcast. The messages to sent to the address FF02::1:FF00:0/10 with the last 24 bits set to the IPv6 address it is trying to be resolved.

IPv6 Message Types

There are a variety of message types which fulfil different functions which I should be aware of these are;

Router Advertisement (RA) – these messages are sent by the routers link local address to FF02::1  and advertise the link prefixes, MTU and hop limits. They are sent periodically or in response to a host seeing a RS message

Router Solicitation (RS) – these message are sent by hosts to  FF02::2 to query for the presence of a router, an RA message will be sent by the router in response

Neighbour Solicitation (NS) - these messages are sent by hosts to the solicited node multicast address or if known the target nodes address to query the other  hosts link layer address.  An NS message will receive a NA response from the host and used to detect duplicate addresses and ensure network reachability.

Neighbour Advertisement (NA) – these messages are sent in response to NS messages via unicast or sent to the address FF02::1 as a periodic advertisement

Redirect - this message type is sent by routers to a the link local address to inform them of a better next hop router.

Im not particularly confident with multicast as its something I have not ye had to configure professionally, so these notes are a bit scatty as I try to get grips with some of it.

Finding the RP using Boost Strap Router (BSR) -
If multiple BSR configured routers exist in a network an election will take place and the one with the highest priority will win then the highest IP address used as a tie breaker. The winner is elected the preferred BSR, this is performed by each router advertising itself until a “better” BSR is discovered. Another election will also take place if a BSR does not receive a BSR message within 150 seconds. The preferred BSR will forward messages but BSRs which were not selected as the preferred BSR will monitor BSR messages but not originate them.

The BSR will be advertised in a BSR bootstrap messages which is forwarded out of all non-RPF interfaces by every router to the all PIM routers multicast group 224.0.0.13 with a TTL of 1, each router in turn resets the TTL to 1, thereby the messages should be received by every router on the network. This alleviates the chicken and egg issue with Auto RP in PIM-SM. Once candidate RPs are aware of the BSR they will announce themselves to the BSR via unicast, and then BSR will advertise this information of all the RPs bootstrap message to all PIM routers, it is then up to each router to decide which RP to use.

To configure BSR, first setup one or more candidate BSRs with the command;

Router(config)#ip pim bsr-candidate {interface} [Hash Mask 0-32] [Priority 0-255]

As with Auto RP you will also need to configure candidate RPs with the command

Router(config)#ip pim rp-candidate [interface] [group-list] [interval] [priority]

Anycast RP with Multicast Source Discovery Protocol (MSDP) – This approach to assisting routers finding the RP is not an independent protocol and can be used with, Auto RP or BSR. Anycast RP Its a relatively simple, firstly Anycast RP need to be configured, this is where multiple mapping Agents or BSRs in the network uses the same IP address. Eg if 3 Auto RP mapping agents were configured with the address 10.0.0.1 and this was advertised into the IGP each router would take the shortest path to get to its nearest Auto RP mapping agent as determined by the IGP. This has the nice benefits of failover in the time it takes for the IGP to reconverge and load balancing.

But there is a problem with Anycast RP a source may register with one RP and its receivers may join a separate RP, so MSDP was developed to allow RPs to exchange information about active sources with each other. MSDP routers are configured as peers and communicate with each other when a source sends a SA message for a multicast group, thereby every MSDP peer will becomes aware of the sources for each multicast group in other areas of the network where they are not the nearest RP. In case of failure the IGP will handle putting the receivers in contact with another Auto RP mapping agent or BSR in the convergence time for the IGP.

Please report any glaring mistakes in the above if you spot any, cheers!

Multicast traffic in PIM-SM gets sent to the RP and receivers request the traffic from the RP as such multicast networks operating in PIM-SM require an Rendezvous Point (RP) to operate. Section 2.4 of RFC2362 discusses how after a certain number of packets the shared tree using an RP can stop being used and a shortest path tree originating from the source router should be used, the RFC does not explicitly state the exactly when the switchover from a shared tree to a shortest path tree should take place. The time when the switchover takes place can be modified with this command;

Router(config)#ip pim spt-threshold ?
<0-4294967>  Traffic rate in kilobits per second
infinity     Never switch to source-tree

Manual selection of the RP – Manually selecting the RP is a drag as it does not scale to large networks as selecting the RP for each multicast group will be tedious and it is difficult to have any real redundancy if a manually selected RP happened to fail. Manual selection of an RP is configured with the following command;

Router(config)#ip pim rp-address ?
A.B.C.D  IP address of Rendezvous-point for group

Auto RP – One solution to this issue is automatically selecting the RP in a multicast tree using a Cisco proprietary protocol called Auto RP.

When using Auto RP an RP will send out an RP-Announce message every minute to the address 224.0.1.39 saying something like “Hey mapping agent(s), I’m 10.0.0.1, use me as the RP for all the multicast group 239.0.0.50!”. A Router(s) which is configured as the mapping-agent (often the same router) collates call of the RP information and sends out messages to the multicast group 224.0.1.40 stating which RPs should be used for which multicast groups. All routers using Auto RP and PIM-SM listen to 224.0.1.40 and use the information to find RPs.

If there are multiple RPs for a multicast group the RP will tiebreak with the highest RP address winning.

A router can be configured to send RP-Announce messages with the following commands;

Router(config)#access-list 10 permit 239.0.0.0 0.255.255.255
Router(config)#ip pim send-rp-announce loopback 0 scope 32 group-list 10

And a mapping agent configured with the command;

Router(config)#ip pim send-rp-announce loopback 0 scope 32

Simple!

There is a chicken and egg scenario with using PIM-SM with Auto RP where the Auto RP messages are sent to the multicast groups 224.0.1.39 and 224.0.1.40 but if a router does not know where to send the join messages for that group it cant participate. This is one of the reasons why the PIM the variation sparse-dense mode was developed to allow the routers to operate in dense mode until they learn the RP mappings of where to get the RP-Discovery or RP-Announce message.

Sparse-Dense mode is configured with the command;

Router(config-if)#ip pim sparse-dense-mode

Posts will be made tomorrow on finding the RP using BSR and Anycast RP with Multicast Source Discovery Protocol (MSDP)

IP packets are classified for QoS in the Type of Service (ToS) byte, the original method of marking was with IP Precedence (IPP), its defined in the early RFC791. The 3 high order bits were used to define the precedence and their meanings are summarized in the table below;

The next 3 bits after the precedence were flags in bit order for Delay, throughput, and reliability, where if they were set to 1 would request either low delay, low throughput or low reliability. The final 2 low order bits were reserved.

Then along came Differentiated Services (DiffServ) with RFC2475, which needed more than 3 bits to correctly classify the information so the upper 6 bits in the ToS byte were replaced with Differentiated Services Code Point (DSCP), and the lower 2 bits used for QoS Explicit Congestion Notification (ECN). The DSCP and associated actions are termed Per Hop Behavior (PHB).

There are 4 main types of PHB, ill go through each one in turn.

Default PHB – This is for traffic that does not meet the other criterion and is essentially a best effort method of forwarding. The DSCP value to request this is 000000.

Expedited Forwarding (EF) – Expedited forwarding if a fancy term for getting that packet across the network as quickly as possible, the EF queue is usually policed to ensure that the queue does not utilize to much bandwidth and starve other queues.

Assured Forwarding (AF) – Assured forwarding has 4 classes of of queuing priority and 3 drop priorities, AF classes are represented in the format AF(1-4)(1-3) eg AF41 represents a class with a high priority and a low drop probability.

This table is from Page 410, of CCIE Routing & Switching 3rd Edition from Cisco Press;

Class Selector PHBs – This is for backwards compatibility with IPP, each Class Selector is equivalent to the binary value of the 3 precedence bits eg CS0 is 000, and CS7 is 111

Over time I have collected a little Cisco home lab mostly from Ebay, a few trades and a few items saved from the scrap heap, I currently have;

• 7 Routers, (2 x 3640, 2 x 3620, and 3 x 2611)
• 3 Switches (1 x 24 port 3550, 1 x 12 port 3500, 1 x 48 port 3500)
• A couple of servers for end hosts, syslog, SNMP, and other network management they are particularly I need to test some configuration
• Lots of modules, cable tidy, PDU all nicely fitted into a 1/2 size rack
• And an aironet 1200 AP I use to remotely connect to the rack

Its not big enough for my CCIE studies so I am planning to buy some new higher end routers, a console server and another 3550 or 3560 once the written is out of the way and I can focus on lab exercises.

Looking into CEF there are 3 main methods of load balancing per destination, per packet, and per port.

Per Destination – The original algorithm creates a 4 bit hash of the source and destination IP address and load balances based on this 16 value hash, an issue with this is that every router in the routing domain uses the same algorithm and this can cause something called CEF polarisation.

CEF polarisation occurs when traffic uses per destination load balancing and the same algorithm is used throughout the network which causes traffic to not be load balanced after the first distribution. In the example below if 100Mbs of traffic was coming into R1, it would be load balanced 50/50, with 50Mbs to R2 and 50Mbs to R3, but as R2 & R3 will use the same algorithm to determine which path the traffic will take, but as the algorithim is idential it will be a 100/0 split, with 50Mbs going to R4 and R7 and no data going to R5 or R6.

       R4-
     /
   R2
  /  \
 /    R5-
R1
 \     R6-
  \   /
    R3
      \
       R7-

To counter this issue a newer algorithm called the universal algorithm was developed where a 32 bit value is added to the algorithm, this value can be manually set but defaults to the highest loopback IP on the router. Per destination load balancing with the universal algorithm is the current default method of load balancing.

If there are a number of tunnels such as L2TP, GRE, MPLS etc operating through the router this could also cause route polarisation due to the low number of sessions, as such the tunnel algorithm was developed to solve this issue. It appears to be a pretty undocumented feature, so any more information on the algorithm would be appreciated.

The algorithm can be changed as required with the following command;

Router(config)#ip cef load-sharing algorithm ?
  include-ports  Algorithm that includes Layer 4 ports
  original       Original algorithm
  tunnel         Algorithm for use in tunnel only environments
  universal      Algorithm for use in most environments

Per Packet – In this mode packets are load shared in a round robin way, it can result in increased jitter due to multiple paths and as such generally not advisable.

Per Port – This is suitable for heavily NATed networks with a low number of hosts, and utilises a hashing function based on the layer 4 port numbers. As NATed hosts have a distributed range of source port numbers this allows for efficient load balancing in such situations.

Note:  Some more configuration examples to follower later

External routes are propagated through an OSPF area as a type 5 from an ASBR,  or type 7 LSA from an ASBR in an NSSA. These routes from outside the OSPF domain are can either be E1 or E2 routes and they are treated in slightly different ways.

E1 or External Type Routes - The cost of E1 routes is the cost of the external metric with the additional of the internal cost within OSPF to reach that network.

E2 or External Type2 Routes – The cost of E2 routes will always be the external metric, the metric will takes no notice of the internal cost to reach that network.

If 2 external type 2 routes exist with the same metric to the same destination the route with the lowest metric to the ASBR will be used. Also if an E1 and and E2 route exist to the same destination the E1 route will always be preferred irrespective of the metric.

Cisco’s excellent reference on the topic is http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#t33

Off Topic – The weather in the UK for some reason is always exceptional as its an island nation. For the last 5 or so days we have had an exception heatwave and it has been 30°C+ which were just not used to, and I have been surprised how much it has affected my ability to study, I just haven’t been able to concentrate for anywhere near as long as I can in the cold.