I remember how challenging was to achieve my CCIE cert, and how much time I spent to study broad topics on a deep level, specially in terms of Implementation and Troubleshooting. Ultimately I have used this experience to move forward to Design and Architect space.
Of course there is also part of the CCIE preparation to practice a lot of Vendor specific commands, but let’s face it, if one not working in OPs, those commands will fade away quickly, but the concepts not, and you can still apply all the stuff, you just need more time, and get some refresh. On the long road, for me CCIE was never about CLI, but used those commands to understand the theories.
I’m big fan of Network Automation & Open technologies and used Linux before, and scripted stuff before. I think generally getting dev skills (Python) has real value.Ultimately we don’t like the boring stuff, so we try to solve interesting problems using creative ways.
Network Automation and development shall be the de facto way of working in the future,and an important skill but getting a CCIE is more about a personal & technical challenge, which is useful, and will be useful in the future also – in my view, although I agree that the exam shall include some aspects of network automation, and shall be updated to be more realistic.
So ultimately I would put an AND logic, and not an OR logic between getting Expert Level Certification & Network Automation. As the top engineers of the future will be expert in networking concepts, and effective in engineering and delivery, and will support the business using agile methods.
This was a hard and productive year, so will be 2015. But that’s okay, because challenges moves one towards his/her goals.
Let’s stop for a moment now in the Holiday seasons and enjoy it!
With greetings of peace and prosperity, I’m wishing the very best for you during this special time. May you enjoy all the best now and throughout the coming year.
On my #2 attempt, 5-6 days before the end of the V4 track, I passed my Routing & Switching CCIE lab Exam, and earn my number: #43897
I’m very very happy right now. This was a huge Mental and Technical challenge, and a very important step in my personal and professional development. I already received my CCIE plaque.
Personally I think it’s very nice, built from high quality materials. Couldn’t resist to do some photoshopping on the photo
What’s now? Well I already subscribed to Ivan Pepelnjak’s great webinars to study other technologies, and some real life design scenarios.
I’m planning to do a series of blog posts about the preparation, how I see it, but currently enjoying the summer.
However, if you are studying for the exam, check out the CCIE Mental Preparation LinkedIn group, where we are discussing about the Non-Technical part of the CCIE Journey.
First a quick update: I have 64 days, 8 hours and 3 minutes left until my #2 attempt. So everything goes according to the plan, and I’m happy, because I can allocate more than 50 hours / week nowadays for the preparation. But, there is an awful lot of things to do..
Today I discovered a small trick, which we can include in our HUGE CCIE Toolbox SET.
If you know a command, but, you don’t know the exact syntax (or parameter keywords), you can use either the command ref on the DocCD, or the show parser dump command. (The command is not available from 15.0(1)M, but it’s okay, we live in the 12.4T world).
Let’s try with my favorite command:
Rack1R3#show parser dump router | i 15.*bgp.*redist
15 bgp redistribute-internal
or another one:
Rack1R3#show parser dump interface | i 15.pim.nei
15 ip pim neighbor-filter
15 ip pim bidir-neighbor-filter
This feature can be very handy, if you write the config in notepad, and you don’t know the parameters exactly:
Rack1R3#show parser dump map-class | i 15.*frame.*
15 frame-relay mincir <1000-45000000>
15 frame-relay cir <1-45000000>
15 frame-relay bc <300-16000000>
15 frame-relay be <0-16000000>
15 frame-relay custom-queue-list <1-16>
15 frame-relay adaptive-shaping becn
15 frame-relay adaptive-shaping foresight
15 frame-relay adaptive-shaping interface-congestion
15 frame-relay traffic-rate <600-45000000> <0-45000000>
Check out this post also at the INE Blog.
I’m now revisiting the IOS Services as part of my CCIE study, so yesterday I discovered HSRP version 2. The default version is 1, and without the standby version 2 command, we can’t really see the new parameters using the “?”.
So, we have some exciting new features, as stated here:
- In HSRP version 1, millisecond timer values are not advertised or learned. HSRP version 2 advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases. – This means, we can archive sub sec. convergence:
003056: .Feb 13 09:58:24.623: HSRP: Fa0/0.146 Grp 1024 Hello out 18.104.22.168 Standby pri 110 vIP 22.214.171.124
003057: .Feb 13 09:58:24.815: HSRP: Fa0/0.146 Grp 1024 Hello in 126.96.36.199 Active pri 200 vIP 188.8.131.52
003058: .Feb 13 09:58:25.427: HSRP: Fa0/0.146 Grp 1024 Hello out 184.108.40.206 Standby pri 110 vIP 220.127.116.11
003059: .Feb 13 09:58:25.607: HSRP: Fa0/0.146 Grp 1024 Hello in 18.104.22.168 Active pri 200 vIP 22.214.171.124
- In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095. – I always wanted to map the VLAN IDs to the standby group IDs. Well, here we go.
- HSRP version 2 provides improved management and troubleshooting. With HSRP version 1, you cannot use HSRP active hello messages to identify which physical router sent the message because the source MAC address is the HSRP virtual MAC address. The HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field is populated with the interface MAC address.
- The multicast address 126.96.36.199 is used to send HSRP hello messages. This address can conflict with Cisco Group Management Protocol (CGMP) leave processing.
- There is also a cool feature regarding Router-on-the-stick implementations. With the HSRP follow feature we can configure groups to follow a master group. This sound great if you have a lot of sub interfaces on the upstream routers, operated in HA environment.
- An example configuration:
no ip address
encapsulation dot1Q 67
ip address 188.8.131.52 255.255.255.0
ntp multicast 184.108.40.206
standby version 2
standby 2048 ip 220.127.116.11
standby 2048 follow TEST
standby 2048 preempt
encapsulation dot1Q 146
ip address 18.104.22.168 255.255.255.0
standby version 2
standby 1024 ip 22.214.171.124
standby 1024 timers msec 800 3
standby 1024 priority 110
standby 1024 preempt
standby 1024 authentication md5 key-string CISCO123
standby 1024 name TEST
Rack1R6#sh standby fastEthernet 0/0.67 all
FastEthernet0/0.67 – Group 2048 (version 2)
State is Active (following "TEST")
4 state changes, last state change 00:13:02
Virtual IP address is 126.96.36.199
Active virtual MAC address is unknown
Local virtual MAC address is 0000.0c9f.f800 (v2 default)
MAC refresh 10 secs (next refresh 3.104 secs)
Active router is local
Standby router is unknown
Priority 100 (default 100)
Group name is "hsrp-Fa0/0.67-2048" (default)
Rack1R6#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0.146 1024 110 P Active local 188.8.131.52 184.108.40.206
As we expected, today Cisco announced the new version of the CCIE R&S Exam. The good news, is that Cisco provides us the six-month notice, so the last date for testing is June 3, 2014.
Now is the time to Schedule your last v4 Lab Exam
So what’s new in v5?
It’s awesome how easily you can reconstruct files from a dump ( wireshark / tcpdump / etc. ) file. We can use two methods.
Wireshark natively supports object extraction. This feature scans through HTTP streams in the currently open capture file or running capture and takes reassembled objects such as HTML documents, image files, executables and anything else that can be transferred over HTTP and lets you save them to disk.
Just go under File-> Export Objects –> HTTP, and save the files.
The feature also supports CIFS/SMB and DICOM data stream.
Another way is to use Tshark and foremost:
First extract the data from the capture file:
root@deepspace:/tmp# tshark -r test.pcap -T fields -e data -w test.raw
Use foremost to extract the files/data:
root@deepspace:/tmp# foremost -v -i test.raw
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Foremost started at Thu Nov 7 12:11:13 2013
Invocation: foremost -v -i test.raw
Output directory: /tmp/output
Configuration file: /etc/foremost.conf
Start: Thu Nov 7 12:11:13 2013
Length: 1 MB (1948323 bytes)
Num Name (bs=512) Size File Offset Comment
0: 00000175.jpg 4 KB 89809
1: 00003495.jpg 3 KB 1789881
2: 00000165.gif 42 B 84784 (1 x 1)
3: 00000352.gif 42 B 180499 (1 x 1)
4: 00000367.gif 42 B 188271 (1 x 1)
5: 00003026.gif 4 KB 1549677 (336 x 39)
6: 00003248.gif 35 B 1663451 (1 x 1)
7: 00003252.gif 35 B 1665185 (1 x 1)
8: 00003257.gif 35 B 1668021 (1 x 1)
9: 00003423.gif 42 B 1752940 (1 x 1)
10: 00003440.gif 42 B 1761706 (1 x 1)
11: 00000003.htm 44 KB 1847
12: 00000112.htm 22 KB 57821
13: 00000212.htm 40 KB 108754
14: 00000297.htm 21 KB 152265
15: 00000374.htm 190 KB 191511
16: 00003250.htm 64 B 1664225
17: 00003444.htm 314 B 1763629
18: 00000109.png 886 B 56122 (111 x 26)
19: 00000780.png 1 KB 399486 (24 x 24)
20: 00000817.png 889 B 418579 (24 x 24)
21: 00003452.pdf 175 KB 1767649
Finish: Thu Nov 7 12:11:13 2013
22 FILES EXTRACTED
Foremost finished at Thu Nov 7 12:11:13 2013
root@deepspace:/tmp cd output/
audit.txt gif/ htm/ jpg/ pdf/ png/
So another reason why everybody shall use secure connections (i.e.: IPSEC / TLS / etc.)
Well this was a rumor for a while, but it seems that it is here now. I currently scheduled my lab to 28 Feb, 2014, but I would like to postpone it to May. The question is now, should I?
According to the new INE post, it’s not a good idea.
There are others out there, who tell us not to Panic:
Just for the record. CCIE v5 is *not* out. It has not been announced. Don’t listen to the rumor-mill and sales pitches. Wait and see.
— Marko Milivojevic (@icemarkom) October 31, 2013
..and, Lindsay Hill create a nice summary post.
So, what the f…? I already contact with the Cert Support Team, and waiting for a specific answer: Should Cisco Systems announce the CCIE exam version change 6 months prior to the implementation of the new exam format, or not?
If the answer is yes, then we don’t need to panic, yet…
Officially Cisco is not obligated to give any notice when retiring an exam, as a courtesy Cisco tries to announce the retirement or change within 6 months of the actual change date.
CCIE Support Specails
The new Cisco Security Advisory Bundle is here:
- Network Address Translation
- Resource Reservation Protocol
- Internet Key Exchange
- IPv6 Virtual Fragmentation Reassembly
- Network Time Protocol
- T1/E1 Interface Module Signalization
- Zone-Based Firewall
The next publication is scheduled for March 26, 2014. Let’s put this date in to our calendars.