Well, its late March 2024 and I have a little under 2 months left to prepare for my attempt #2 at the CCIE Security Lab exam. I dont have much confidence yet, but I do hope I have improved in certain areas of the exam.

Happy February - 2024 everybody. I wanted to take a moment to express my thoughts on why I have such a difficulty with the CCIE Security program as compared to the other certifications I have taken. First and foremost, it deals with a lot of different technologies within the security realm.

I am currently deep diving into the whole TrustSec architecture. It has quickly become apparent to me, that i need to lab alot of this out in detail. That means upgrading my homelab with a 3650 switch as well as a refurbished laptop for acting as the supplicant for Dot1x operations.

So a couple of days ago I was going through the CCIE Security training videos on Cisco Learning Network and I noticed a golden nugget. It was mentioned that Cisco was on track, to release some learning labs for practice use for the CCIE Security lab exam!

Its been almost a year since my last post. Wow, do I feel bad about that! :( Anyways, ive been studying on and off for the last year and I was scheduled to have my first lab attempt this coming thursday.

So I have had some time to put everything together in my small CCIE Security V6 lab. I want to spend a few moments explaining how everything is put together so others can benefit from it. At the core of the whole thing is my new server, which is running great!

The Concept: In legacy site to site (S2S) VPN’s we are used to defining crypto maps and applying them to a physical interface. However, since these does not utilize GRE, you have no way of supporting multicast and routing protocols.

I am catching up on my RSS feeds and fell upon Ivan’s post on “Hard Work”. The article references Seth Godins post Hard Work, which examines 3 types of work being carried out. In summary we have the following types:

In this post I will go through an example of setting up redundancy between a pair of ASA’s using one of the two methods of accomplishing this. The 2 methods are: Failover Clustering This post is exclusively about the failover option.

So I have further evidence that I might be crazy: I have decided to abandon any and all CCIE DC studies. Why you might ask? Simple: I dont have access to the required equipment continually so I can practice and reinforce any knowledge.

I decided a while back I would spend a bit of time learning about the Cisco ASA firewall. This is the first post surrounding some technologies I have explored during that time. For some of you it might be easy stuff, but for others, including myself, might find it interesting for reference.

Practical OTV ————- This post is all about OTV (Overlay Transport Virtualization) on the CSR1000v. I wanted to create the post because there are alot of acronyms and terminology involved. A secondary objective was to have a “real” multicast network in the middle, as the examples I have seen around the web, have used a direct P2P network for the DCI.

By now, VxLAN is becoming the standard way of tunneling in the Datacenter. Using VxLAN, i will show how to use the CSR1Kv to extend your Datacenter L2 reach between sites as well. First off, what is VxLAN? It stands for Virtual Extensible LAN.

In this post i would like to highlight a couple of “features” of ISIS. More specifically the authentication mechanism used and how it looks in the data plane. I will do this by configuring a couple of routers and configure the 2 authentication types available.

Hello folks, Im currently going through the INE DC videos and learning a lot about fabrics and how they work along with a fair bit of UCS information on top of that! Im spending an average of 2.5 hours on weekdays for study and a bit more in the weekends when time permits.

In this post I would like to give a demonstration of using the Auto-Tunnel Mesh group feature. As you may know, manual MPLS-TE tunnels are first and foremost unidirectional, meaning that if you do them between two PE nodes, you have to do a tunnel in each direction with the local PE node being the headend.

In this post, I will put together a variety of different technologies involved in a real-life DMVPN deployment. This includes things such as the correct tunnel configuration, routing-configuration using BGP as the protocol of choice, as well as NAT toward an upstream provider and front-door VRF’s in order to implement a default-route on both the Hub and the Spokes and last, but not least a newer feature, namely Per-Tunnel QoS using NHRP.

A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp. It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.

This blog post outlines what “MPLS VPNs over mGRE” is all about as well as provide an example of such a configuration. So what is “MPLS VPNs over mGRE”? – Well, basically its taking regular MPLS VPN’s and using it over an IP only core network.

In this post I would like to highlight a relative new (to me) application of MPLS called Unified MPLS. The goal of Unified MPLS is to separate your network into individual segments of IGP’s in order to keep your core network as simple as possible while still maintaining an end-to-end LSP for regular MPLS applications such as L3 VPN’s.

In this post id like to provide an example of a fairly new development to EIGRP which is called EIGRP Over The Top (OTP). In all its simplicity it establish an EIGRP multihop adjacency using LISP as the encapsulation method for transport through the WAN network.

In this post i will show how and why to use a feature called IPv6 Prefix Delegation (PD). IPv6 prefix delegation is a feature that provides the capability to delegate or hand out IPv6 prefixes to other routers without the need to hardcode these prefixes into the routers.

In this post I will be showing you how its possible to use different paths between your PE routers on a per VRF basis. This is very useful if you have customers you want to “steer” away from your normal traffic flow between PE routers.

In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.

Well, a short update. I managed to pass the CCIE Service Provider lab exam on March 14th.

I am quite exhausted from the experience, but very happy 🙂

Its been a long time since my last update. I apologise for this. It wasnt my intention, it just sort of happened. In the meantime I have tried the CCIE SP lab and didnt pass it, so I am still studying for my next attempt which is comming up shortly.

The CSNP on multiaccess networks The CSNP (Complete Sequence Number PDU) on multi-access networks is being sent out on behalf of the DIS (Designated Intermediate System), which acts as the pseudonode representing the multi-access network. Its being used as ISIS’s way of making sure everybody on the multi-access network is up to date.

In this short post i want to try and shed some light on a couple of ISIS timers that had me confused at first. I think i got them down now, but please let me know if i have misunderstood them.

In this post i would like to explain how you can fix a multicast RPF failure using BGP. If you take a look at the topology in figure 1, we have a network running EIGRP as the IGP and where R1 advertises its loopback 0 (1.

This morning I booked my first go with the CCIE Service Provider lab exam. The battle is in mid November, so I have some time to study. That also means that alot of forthcomming blog posts will be about CCIE SP material.

In this post i would like to explain the usage of the “MPLS VPN Per VRF Label” feature. By default, in each VRF, prefixes are assigned a VPN label, used to identify the route within the VRF itself. This label is the only label that is being looked at by the receiving PE router.

“All that matters, is where you are going” is a favorite quote of mine. With that an update as well as a plan to move forward. I have now finished Narbik’s Volume 2 Service Provider workbook. It took a little while longer than I had planned.

I have now finished the Narbik Volume 1 labs. It took about 2,5 weeks to do. Im planning on spending a bit more time on the Volume 2 labs. Maybe about 3-4 weeks. I want to make sure i got all the foundational stuff down before advancing to some more complex labs.

In this short piece i would like to show how Frame-Relay PVC bundles work. A PVC bundle is exactly what the name says. Its a bundle of PVC’s, with each PVC handling a certain Precedence, MPLS EXP or DSCP. A requirement for the PVC bundle is that all IP Precedence or DSCP values will be handled by one of the PVC’s, so you need to set the “default” PVC unless

Just wanted to let you know of a good place to go for some IOS-XR training.

Head on over to FryGuy’s place:

http://www.fryguy.net/2012/11/06/ios-xr-cisco-videos-and-training/

I have recertified by doing the SP written exam. Took me a while, but now its done. My plan is to hit the labs, starting with Narbik’s SP workbook, working my way through that one. That should keep me occupied for quite a while.

In this post i would like to demonstrate the Class-Based Tunnel Selection feature. In class-based tunnel selection, we will select an MPLS TE tunnel based on the incomming Precedence bit in the data. For example, IP Prec 5 goes to TE Tunnel 1, whereas IP Prec 3 goes to TE Tunnel 2.

In this post i would like to demonstrate the concept of a well known MPLS TE (Traffic Engineering) feature, known as Fast Reroute. Fast Reroute, as the name implies, is used to create an MPLS network, that has similar convergence properties of SONET/SDH APS of about 50 ms.

One of the cool things about MPLS is its versatility. In this post i will show how its possible for a service provider to support legacy frame-relay installations without actually having any frame-relay switches. I will establish an MPLS core and show how a customer with three sites, one hub site and two spoke sites, will never even know that the core is running MPLS and not end-to-end frame-relay.

I have ordered the first batch of books for the CCIE SP track. They are: Traffic Engineering with MPLS Cisco IOS-XR Fundamentals MPLS-Enabled Applications: Emerging Developments and New Technologies MPLS Configuration on Cisco IOS Software I was hoping that you could get them all as eBooks, but as it turns out, i can get some of them as eBooks through Kindle and some through Cisco Press PDF’s and others i could only get as hard copies.