I must admit that I had the worst night of my entire life before the lab day! I couldn´t sleep and I was thinking about the lab all the time. I think that at the end I slept 1 hour maybe and I woke hope at six O´clock. I went to the sauna to relax during 1 hour but I couldn´t stop thinking about the lab. I think this time I put too much pressure on myself like if I was not going to pass it will be the end of the world! I had some breakfast and than at 7.45 I walked to the lab location (Brussels). By the way, I am staying at the NH hotel which is a nice hotel but don´t expect to get a fast Internet connection. The internet is free but it is really slow and they are so clever to tell you that if you want a better Internet you have to purchase a premium account for 18 €!!! Basically they just rate limit at the maximum the free Internet. All about business;-)
So I walked to the Cisco lab location in Brussels which is at 5 min walking distance from the NH hotel, so it is nice. It was raining that day and the proctor arrived a bit late to pick us up. It was a nice guy with a British accent although he is from Belgium. He told me that he was a CCIE and that he was previously working at Cisco TAC here in Brussels. He explained us the different procedures regarding the lab and for lunch. And then we started with the TS section -> 2 hours. My heard started to beat quite a lot when I saw the topology but then after solving the first tickets I was getting confident. Actually I tried to do all the 2 points tickets first and left the 3 points for the end. I was going quite fast and everything was going really well until I had only 2 tickets and 40 min left. So I thought, ok cool if I solve one of them I can probably pass the TS section! Unfortunately even with plenty of time left I wasn´t able to solve any of them and it is hard feeling when you are so close. I was trying to troubleshoot but during the last 10 min I think I was not troubleshooting anymore as my concentration was gone and the pressure was getting higher and higher and the count down timer on the screen was decreasing so fast. Then you have to accept that you lost and it is really hard because you still have to go through the configuration section and you may think, what is the point anyway? Well I decided to fight to the end even if I knew that I had maybe failed by one ticket! When we went for lunch I was so disappointed, I was feeling horrible! I was so close but close it not enough.
I have spent so much time studying and training, used a lot´s of my holidays and I haven´t seen my family in a year now, that is just crazy!
I am completely exhausted and I need some rest. I will definitely have to learn how to manage the pressure during the TS and train a lot for this section.
I have got the results this morning and I pass the configuration section but as expected, fail the TS section by 2 tickets.
Thanks for reading,
I am studying hard for my next attempt! I am feeling that I am improving and I am getting closer. I also want to say that when I was in San Jose in November I attempted the INE CCIE R&S bootcamp taught by Brian Dennis and it was fantastic. I have learned so much from this bootcamp. I don´t want to make a review on the bootcamp as there are quite few on the Internet already but I just want to say that Brian Dennis is a really good teacher apart from being a 5xCCIE! He is a great person which loves what he is doing. Actually I was not expecting too much from the bootcamp because I have been disappointed in the past by many teachers but I have to admit that this time I have been amazingly surprised by the quality of the teaching. When I am studying I always remember some moments from the bootcamp where Brian was explaining how things work and why they work this way. Actually when I did my first attempt I used different techniques that I have learned during the bootcamp. For example, it may sounds really basic but you should always make sure to have IP connectivity before starting to configure any routing protocols by pinging 255.255.255.255 on all the devices and compare the results with your L3 diagram. It can save you some time later!
So thanks INE and Brian for delivering such a quality training 😉
In this post I would like to demonstrate how NAT works on Cisco IOS router and more particularly what is the order of operation process when using Domain-based NAT vs. Nat Virtual Interface (NVI). As usual, to highlight the different configuration examples throughout this post I will use the following topology:
Let´s imagine that R1 is simulating a virtual PBX (also known as Hosted PBX.) located in the Voice provider network. This VPBX needs access to R5 (which is simulating a Lotus Notes server) in order to synchronize the different information for calendar, contacts, etc. Here are the following requirements from the customer:
- The customer doesn´t want to run any dynamic routing protocols between its network and the Voice provider network
- The customer wants the implementation of the solution to be as transparent as possible.
- The voice provider must only have access to the lotus notes (represented by R5 in this scenario).
- The voice provider must not be aware of any internal networks located at the customer site.
- The Voice provider has installed a tiny software client on each PC located at the customer site on the 192.168.100.0/24 network in order to send information to the VPBX. This software should be able to reach the VPBX (simulated by R1 in this scenario) without having any routing information regarding the Voice provider network.
Continuing with Multicast topics I will talk this time about Anycast RP. Anycast RP is used for RP redundancy. As I explained in my previous posts on multicast it is possible to have RP redundancy with Auto-RP by defining multiple RP servicing the same multicast groups (the RP with the highest IP will be selected as the active RP for a specific group by the MA). PIM BSR can also be used for RP redundancy and the process is the same as with Auto-RP apart from the fact that the BSR router doesn´t elect which RP is active for a specific group. In both cases the failover delay is based on the RP/BSR/MA advertisement intervals which are not fast by default (up to 60 seconds). So the whole point with Anycast RP is that the failover is based on the IGP running in the multicast domain which can be really fast (especially when using Bidirectional Forwarding Detection).
For this post I will use the same topology as the other multicast posts:
Scenario: R4 and R2 will be configured as static RPs sharing the same IP address. An MSDP session will be established between R4 and R2 in order to synchronize source IP information
RPs: R4 and R2 with IP 22.214.171.124
IGP: EIGRP AS 100
Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services
All the routers in the PIM SM topology are configured with PIM SM. For this post I will only use static RP assignment as it is the most commonly used method for group-to-RP mapping due to its deterministic nature. Auto-RP or PIM BSR could also have been used.
Continuing with Multicast topic I will talk this time about PIM SSM (Source Specific Multicast RFC 3569) and SSM mapping. In my previous posts on Multicast I demonstrated how to configure PIM DM/SM which uses IGMPv2 for host to router signaling. PIM DM and SM are known as “Any Source Multicast” or ASM. The receivers are willing to receive multicast from any source which is why a RP is needed in order to allow the receivers to discover new sources. With PIM SSM the concept is different as the receivers signal which source they want receive multicast traffic from by using IGMPv3 which means that RPs are not needed and the multicast routers in the multicast domain will only build shortest-path trees (SPT).
For this post I will use the same topology as the other multicast posts:
Scenario: The Multicast source will send two streams, one for the multicast group 126.96.36.199 and one for the multicast group 188.8.131.52. The first group (184.108.40.206) will be running PIM SM and R4 will be the RP for this group. The second multicast group (220.127.116.11) will be running PIM SSM. The receiver will act as an IGMPv2/v3 receiver. In the second part of this post I will demonstrate how to configure SSM mapping where the receiver will not be IGMPv3 capable.
I failed my first lab attempt in San Jose the 19th of November. I did this attempt just after the INE R&S bootcamp. It is a hard feeling to know that you have failed but I knew that it was going to be tough. The troubleshooting section killed me. I usually enjoy the TS section when doing mock labs but in the real lab it is a ~28 routers topology instead of 6 (with INE topology). Actually I did 2 of the new TS labs from INE and they are really well done and there are automatically graded (Presentation Video).
In this post I will talk about Cisco Zone Based Firewall (ZBF) which is a new approach to configure access control in the IOS firewall. I will first make an introduction to ZBF and then I will demonstrate how to configure it.
To illustrate the different examples in this post I will use the following topology:
IGP: EIGRP AS 10
Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services.
Side note: As I am using IOS 12.4(15)T I will only talk about ZBF rules for this IOS release. Some improvements and rules changes have been made in the last IOS releases (IOS 15.X).
IP addressing: All routers in the topology are configured with loopback IP in the format X.X.X.X /32 where X is the router number.