Sunday, November 29, 2009

INE Vol 1 Access Control and Configuring NAT Complete

Nothing too difficult here. I did run into a little bit of an issue getting DNS doctoring to work, but it was because my inspect dns was turned off. Once I got the inspect rules right, everything worked as it should.

Friday, November 27, 2009

INE Vol 1 labs underway

Over Thanksgiving I did 9 or 10 of INE's vol 1 labs. It's quite nice to have such a small topology for a change. My laptop has no problems running 3 routers and a Pix in Dynamips/pemu, which is plenty of devices for the first part of vol 1. With the SP laps I needed another dedicated box to get all 12 routers running smoothly.

I haven't really touched any security devices in a year and a half, although I did spend several years with Pix/ASAs, 3000 series vpn concentrators/clients, IDS, etc. For the most part Vol 1 is encompassing getting back in the groove on the old equipment, and is showing me how to do the CCIE level configs on these devices.

I'm really not in a rush at all. If I get Vol 1 done by the end of the year I'd be pretty happy with my progress.

Friday, November 20, 2009

And Away We Go

Two down, four to go. I don't know if I'll actually make it through all six, but continuing down the CCIE road still feels like the best road for me to follow. None of the alternatives are very appealing at this time: PhD, MBA, open source development, or CCDE. So I'll keep getting CCIEs until my priorities change.

I think I've learned a lot in the process of getting R&S and SP and can hopefully apply it to Security.

First, I tried to fly through SP way too fast. It still ended up taking about a year to complete. This is covered in rfc 1925: you can't make a baby in much less than 9 months.

Second, I should have begun labbing much sooner. Personally, I NEED experience before I get theory thrown at me. I'm not going to touch the class on demand, books, or written exam before I go through volume 1. Otherwise, the theory is over my head and I end up zoning out for much of it. I do better learning the how's first, and then getting to the why's after the fact.

Third, I need to do full scale labs from both IPX and INE before my first lab attempt. Last time I tried to just use INE first, and I had a lot of gaps going into my first attempt.

That being said, my rough schedule is something like this:
November 09 - March 10: INE Vol 1
April - May: Written
May - June: INE Vol 2
July - August: IPX Vol 2
September: Lab Attempt #1

Thursday, November 12, 2009

How to get from R&S to SP

From my experience, these are the most beneficial steps to pass the CCIE SP, assuming you already have R&S.

1. Don't believe the rumors you've heard that SP is easy once you have R&S. It's NOT true. While there are a few overlaps, about 60% of the SP exam is completely different. And that 60% is going to be tough. Don't go into this lightly.

2. There really isn't much benefit in getting the CCIP first. However, I would strongly recommend passing the BGP+MPLS exam. This covers the MPLS foundation and some of the BGP topics geared towards SP. If you can read some books and pass exams, do so. If you need more hands on, do some Vol 1 labs and come back to this before attempting the SP written.

3. Unlike R&S, there really isn't a single book that prepares you well. I didn't mind Configuring MPLS on Cisco IOS Software, but it wasn't nearly as good as the Doyle books for R&S were. I really felt pretty lost going after the written. But with R&S knowledge and passing BGP+MPLS, you'll be pretty close.

4. Just like R&S, the Internetwork Expert Videos are a must. Nearly everything you need to pass the lab are covered in these 40 hours. These videos give you a great foundation, you'll just need to remember it all and learn to apply it.

5. Go through all the Volume 1 labs from your provider of choice (in my case INE or IPX). These give you a great foundation for covering the full scale labs. Don't get lazy, do them all!

6. Focus on the Following labs, in order:
a. Start off with IPX Volume 3 labs 1-4. These are great for getting you ramped up to full scale labs. I didn't care for lab 5 much.
b. Do the INE Vol 2 labs. These are especially important for having interesting VPN topologies to configure. They are tough, but keep at it until you fully understand them.
c. Do IPX lab Vol 2 lab 1. If there is a reason to spend the money on the IPX workbook, this is it. INE teaches the toplogies well, but IPX teaches the knobs and question style well. Do this lab!
d. Attend the INE SP Bootcamp. Their labs 1 and 2 are great and cover some topics that aren't really covered well anywhere else.

7. Once again, don't think you can rush through this. It's going to take a lot of work. But, once you're finished you're going to have a real respect for MPLS and the things that can be accomplished with it.


I finally made it through!!! Whew, that was a challenge. I'm going to relax for a bit and then put together a guide for getting from R&S to SP. In the meantime, time to have some drinks and kill off some of those brain cells that have been tied up for the past year.

Waiting Again

Here we go again, I'm waiting for the score to post.

This time, I had an estimated 77 points before lunch, and had the entire lab completed in 5 hours. My max score was 97%. I went through a very detailed verification and found 9 points that I made stupid mistakes on--basically not reading the requirements properly.

I did run into one situation where I decided to proceed with one method instead of the other. On the drive home it occurred to me a possibility I didn't test for that might have required the other method. The most I could see that costing me is 6 points.

Also, there were another 6 points that I was pretty sure about, but may have been open to interpretation.

So, the absolute worst score I can see myself getting is 85%. This is a lot like when I passed the R&S lab. I better have passed this time!

Sunday, November 8, 2009

INE Bootcamp Lab 2 Complete

This lab wasn't too bad either. I did run into a few issues this time though. A few things I just need to pound into my head.

1. is-is knobs
2. vrf nat requires the global keyword on the ip route vrf
3. for mdt, make sure all of the intermediate interfaces have pim enabled
4. Peak rate vs average rate

I'd put my score as follows:
Layer 2: 7/7
IGP: 17/23
BGP: 7/7
MPLS: 14/14
VPN: 12/16
Multicast: 4/11
QoS: 3/6
Security: 6/6
Management: 7/7
IP Services: 3/3
Total: 80/100

Friday, November 6, 2009

INE Bootcamp Lab 1 Complete

I have 6 days left until my attempt, and I sure took my time getting back into studying.

I didn't run into any major issues at all with lab 1. I didn't have to look up anything and was able to get l2vpn, atm, pppoe, and l3vpn up and running. Final score was 96%. I lost 4 points because I couldn't find a netflow knob. I didn't spend too much time looking for it and would have probably come across it eventually.

On to lab 2...