Road to CCIE

Hello networking nerds!

After to think accurately concerning my road map I have decided to prepare the CCIE R&S. I think that will be good way to acquire more knowledge and extend my current netoworking concepts.

From now on, I will plublish my key methods that I am doing to achieve the theorical CCIE exam as easy as be possible.

  • Mnemonics for Memorizing

In order to pass the theorical par of CCIE you will need to memorize a lot of concepts and processes. In this section I will share the mnemonics made by me:

HSRP

Screen Shot 2017-11-26 at 18.47.50.png

The first mnemonic will be ILL + ASS 🙂 

BGP

Screen Shot 2017-09-24 at 17.15.03.png

Mnemonic: OKUN.

The next table summarize all possible BGP status:

Screen Shot 2017-09-25 at 00.17.53.png

Mnemonic: ICA O2E

The next table let you memorize the process to determine the best route in BGP.

Screen Shot 2017-09-25 at 00.06.20.png

Mnemonic:           N     WLLA   OMNI

Here you have the magic mnemonic to remember the 4 categories associated to BGP attributes:

Screen Shot 2018-04-07 at 19.33.24

OSPF

Screen Shot 2017-12-03 at 21.06.36

Mnemonic: HD-3L

Screen Shot 2017-12-03 at 21.04.20.png

Mnemonic: WIFE-DEA

Screen Shot 2017-12-12 at 00.11.43.png

Mnemonic: IIEENN

Screen Shot 2017-12-12 at 01.20.40.png

Mnemonic: TAMASA

EIGRP

Screen Shot 2018-02-17 at 18.57.30.png

The mnemonic will be SQUASH-R.

QoS Service Models

Screen Shot 2017-10-21 at 13.00.01

Mnemonic: DIE CDC.

Queuing Tools

Screen Shot 2017-11-18 at 14.17.53

Mnemonic: CLIP  +   W

Congestion Avoidance Methods

Screen Shot 2017-10-21 at 13.24.09

Multicast Routing Protocols

MulticastRoutingProtocols.JPG

Mnemonic: PIC MOD

L2 VPN

Screen Shot 2017-11-29 at 22.03.17.png

Mnemonic: GAVEE O

(L-point-to-point;LAN multipoint; V-multiple VLANs;)

IPv6 Tunneling

Screen Shot 2017-12-14 at 13.44.46.png

Mnemonic: MAGIC 🙂 6

PfR

Mode Active (Netflow)

Screen Shot 2018-05-29 at 00.00.51

Openstack

Screen Shot 2018-05-28 at 23.58.38.png

STOMaCH    HACKING

Netconf-layers

COM-T

Anuncios
Publicado en CCIE, Uncategorized | Etiquetado , , , , | Deja un comentario

EIGRP OTP

Today, studying the written CCIE R&S exam I have just found out the EIGRP Over The Top feature and I would like to share with you briefly.

Overview:

  • Let you avoid redistribution
  • You need IOS-XE OS
  • Control plane will be EIGRP
  • Data Plane will be LISP
  • Establish an EIGRP multihop adjacency using LISP as the encapsulation method for transport through the WAN network

Screen Shot 2018-02-24 at 22.18.21.png

As you can see, host machines with LISP have an Endpoint ID or EID, that identifies its identity which never changes.   This EID can be an IPv4 address an IPv6 address or any other address format as needed.  The outside address of  the edge router represents the location of the EID of the hosts, this is referred to as  the Routing Locator or RLOC.  Multiple EIDs can exist behind a single RLOC.

Basically is a L2TP protocol that let us to avoid the redistribution. In this way the troubleshooting will be more clear.

After sharing a brief nuthsell and explaining how works, we’ll use the next topology created on “draw.io”

EIGRP_OTP

The routers are CSR1000V with “csr1000v-universalk9.16.06.02” because older versions cannot let us to create EIGRP OTP.

As you can see all of these routers are running on ESXi Server.

CSR_ESXi.JPG

CONFIGURATION

  1. Configure OSPF into CORE network
CSR_1#show running-config | section ospf
router ospf 10
network 10.2.11.0 0.0.0.255 area 0
network 10.3.11.0 0.0.0.255 area 0
CSR_2#show running-config | section ospf
router ospf 10
network 10.1.2.0 0.0.0.255 area 0
network 10.2.3.0 0.0.0.255 area 0
network 10.2.11.0 0.0.0.255 area 0
CSR_3#show running-config | section ospf
router ospf 10
network 10.2.3.0 0.0.0.255 area 0
network 10.3.4.0 0.0.0.255 area 0
network 10.3.11.0 0.0.0.255 area 0
CSR_4#show running-config | section ospf
router ospf 10
network 10.3.4.0 0.0.0.255 area 0
CSR_5#show running-config | section ospf
router ospf 10
network 10.1.2.0 0.0.0.255 area 0

2. Configure EIGRP OTP

CSR_4#
router eigrp CCIE
!
address-family ipv4 unicast autonomous-system 100
!
topology base
exit-af-topology
neighbor 10.1.2.5 GigabitEthernet2 remote 10 lisp-encap 1
network 10.3.4.0 0.0.0.255
network 44.0.0.0
exit-address-family2. Configure EIGRP Named
CSR_5#
router eigrp CCIE
!
address-family ipv4 unicast autonomous-system 100
!
topology base
exit-af-topology
neighbor 10.3.4.4 GigabitEthernet2 remote 10 lisp-encap 1
network 10.1.2.0 0.0.0.255
network 55.0.0.0
exit-address-family

 

Pay attention to “neighbor 10.1.2.5 GigabitEthernet2 remote 10 lisp-encap 1” here you are configuring EIGRP over LISP protocol.

 

3. TROUBLESHOOTING

CSR_4#show ip eigrp interfaces
EIGRP-IPv4 VR(CCIE) Address-Family Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo0 0 0/0 0/0 0 0/0 0 0
Gi2 1 0/0 0/0 37 0/0 100 0
CSR_5#show ip eigrp interfaces
EIGRP-IPv4 VR(CCIE) Address-Family Interfaces for AS(100)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo0 0 0/0 0/0 0 0/0 0 0
Gi2 1 0/0 0/0 10 0/0

CSR_4#ping 55.55.55.55
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.55.55.55, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

 

Publicado en Uncategorized | Deja un comentario

Written CCIE RS Passed

Hey mates!

Firstly just I wanted to say that I left the blog 6 months because I had to used my spare time to study so hard my Written CCIE R&S. And now I can say that I passed last monday my CCIE written exam and I am so proud. Was one of the best days of my live.

I would like to help to prepare the CCIE R&S exam and for that reason I’ll expose some big advices:

ADVICE 1:Firstly, read the CCIE R&S official book

ADVICE 2: SUBSCRIBE TO CCIE slack groups and NetworkLessons.

ADVICE 3: DOWNLOAD EVE-NG software to practise a lot one of the TOPICS of the exam.

http://www.eve-ng.net

ADVICE 4: MNEMONICS… Take into account that you’ll need to memorize a lot of new concepts and our capacity for that is limited. Use mnemonics!! Here you have my LIST.

ADVICE 4: BOOK!!! Remember to schedule your exam day in pearsonvue as soon as possible.

In my humble opinion, CCIE R&S written exam get us a lot of deep knowledge that let us to execute our network tasks better. After passing written CCIE you’ll inspect more deeply any issue. Furthermore the exam is focused in new technologies like DMVPN,  OTV, Cloud computing, IoT and SDN…For things like that I think that CCIE will be useful to do migrations and improve our network duties like to migrate from legacy to leaf&spine topologies.

 

Publicado en CCIE, Uncategorized | Deja un comentario

DMVPN

Currently I am working deploying & testing DMVPN tunnels and their features like IPSec or QoS and I hope to have a DMVPN environment working with certificates.

Furthermore, I can take the advantage of my CCIE notes about DMVPN that let me to understand deeply how works.

Now I’ll share my CCIE note, but in exchange of receiving your feedback.

 

4.1.d (i) NHRP Packets

Packets:
  • Registration Request
  • Resolution Request
  • Redirect (Traffic indication message)

3.1.d (ii) DMVPN Phases

Phase1

Phase2

Phase3

NO spoke-to-spoke

Spoke-to-spoke

Spoke to-spoke

Support Summarization

No support summarization

support summarization

No Support default routing

support Default routing

next-hop can’t be modified

Next-hop are always modified

Spokes must always maintains next-hop reachability

Require: ip nhrp redirect

Require: ip nhrp shortcut

ip nhrp redirect   Will notify the sender of a packet that the packet that the path is suboptimal.

ip nhrp shortcut(tras recibir NHRP Traffic indication, el Spoke manda NHRP Resolution request al destino e instala la ruta con spoke como next-hop en la local RIB).

Configuration

HUB

SPOKE

inte tunnel 0

ip nhrp authentication <key>

ip nhrp map multicast dynamic

ip nhpr network-id <ID>

Tunnel source interface<Gi1/0>

Tunnel mode gre multipoint

Tunnel key<key_number>

Ip Mtu 1400

Ip tcp mtu adjunt mss

Ip nhr redirect

int tunnel 0

Ip nhrp authentication <key>

Ip nhrp nhs <overlay_IP>

Ip nhrp map multicast underlay_IP //send only multicast traffic to HUB.

Ip nhrp map <overlay_IP> <underlay_IP>

ip nhrp network-id 1

Tunnel source interface Gi1/0

Tunnel mode gre multipoint

Tunnel key <key_number>

Ip nhrp shortcut

Ip nhr redirect

Ip Mtu 1400

Ip tcp adjust mss 1360

 

3.1.d (iii) DMVPN Flags

  • Authoritative: mapping was obtained directly from next-hop router. Mapping ws obtained from registration request.
  • Implicit: mapping was obtained from NHRP resolution request.
  • Local: mapping local.
  • Negative: mapping could not be obtained
  • Registered: mapping was created in response to an NHRP registration
  • Unique: mapping cannot be overwritten
  • Temporary: spoke create a temporary map for the other spokes (after 15.0 OS)

3.1.d (vi) DMVPN Authentication

FIRST thing that happens is Authentication; after occur NHRP.

  • IPSEC

Used: Transport mode

  • Phase1

crypto isakmp key password address 0.0.0.0 //wildcard o indicar dir Spokes

crypto iakmp policy 10

Hash SHA

Encr AES

Group 5

*ISAKMP preshared key encryption can be used to encrypt and store keys in type 6 format.

Key config-key password-encryption master-key

Password encryption aes

  • Phase2

Crypto ipsec transform-set

crypto ipsec profile name

           set security-association lifetime seconds seconds (86400)

           set transform-set set-name

  • Apply

Tunnel protection ipsec profile NAME

Publicado en CCIE, Uncategorized | Deja un comentario

MPLS VPN & Extended Community

Here are the weekly challenge from CCIE R&S. One of the hardest tips of CCIE is to understand so clear how works the attribute Cost Community.

During this week we’ll focus on this lab:

Extended Community.JPG

Cost Community: The idea behind the Cost community is having so me additive metric, similar to IGP’s costs, that could be accounted in BGP best-path selection process. This community also specifies the POI – point of insertion in the BGP best-path selection procedure. Thus, theoretically a BGP speaker may be instructed to compare cost communities say before the AS_PATH comparison or even before the weights are  considered.

As good network engineer you need break down in small pieces. I recommend you to begin creating the MPLS VPN and after that create the EIGRP as backdoor between both customers.

 

 

 

 

Publicado en CCIE, Uncategorized | Deja un comentario

OSPF LAB EVE-NG

Hello folks,

I beign the EVE-NG section with a big&awesome topology where you will check all feature that brings us OSPF like:

  • LSA Throttling
  • LSA Types: Router LSA, Network LSA, Net Summary, ASBR Summary, External, NSSA…
  • LSA filter
  • tweaking timers
  • OSPF authentication
  • Virtual-link
  • Differents types of network
  • Fast Reroute
  • OSPFv3 capabilities

OSPF_EVE-NG.JPG

I have uploaded the topology and all running-config in order to run in your laptop and share your doubts and suggestions.

https://drive.google.com/file/d/14P3gA4cge52ITHsIrIXqcAmVhEWoh0LS/view?usp=sharing

I hope you are enjoying our lab.

 

Publicado en Uncategorized | Deja un comentario

OSPF Sham-Link

After being puzzled over the OSPF Sham-link issue I thought that would be interesting share my knowledge acquired:

Goals:

  • Used when same customer has MPLS & backdoor link between a couple of offices.
  • Remember the types of OSPF routes:
    • Intra-area (O)
    • Inter-area (O IA)
    • External Type 1 (E1)
    • NSSA type 1 (N1)
    • External Type 2 (E2)
    • NSSA type 2 (N2)

 

Publicado en Uncategorized | Deja un comentario

PIM-BiDir

Today we’ll share how works PIM-BiDir.

Nutshell

  • PIM BiDir is used when exists a couple of sources and many receivers.
  • Only support Shared Path Tree (*,G)
  • Instead of using RPF check it will use Designated Forwarder to avoid loops.
  • There is one DF per each segment

 

To help you to understand fully we have built this lab multicast:

PIM-BiDir

Previous Tasks

  • Configure OSPF as IGP routing protocol
  • Enable ip multicast routing

PIM Tasks

  • Enable PIM-SM in each interfaces on R1,R2 & R3.
R1#show running-config interface fa0/0
interface FastEthernet0/0
description R2
ip address 192.168.12.1 255.255.255.0
ip pim sparse-mode
duplex full
end
!
interface FastEthernet1/0
description R3
ip address 192.168.13.1 255.255.255.0
ip pim sparse-mode
duplex full
end
  • Configure the RP on loopback interface on R1
interface Loopback0
description RP
ip address 1.1.1.1 255.255.255.0
ip pim sparse-mode
end
  • Enable PIM BiDir and select the RP globally on R1,R2&R3
ip pim bidir-enable
ip pim rp-address 1.1.1.1 bidir

Now we can verify that PM-BiDir is working that we expected.

R1#show ip pim neighbor
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
      P – Proxy Capable, S – State Refresh Capable, G – GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
192.168.12.2      FastEthernet0/0          00:03:29/00:01:17 v2    1 / DR B S P G
192.168.13.3      FastEthernet1/0          00:03:29/00:01:17 v2    1 / DR B S P G
R2#show ip pim neighbor
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
      P – Proxy Capable, S – State Refresh Capable, G – GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
192.168.12.1      FastEthernet0/0          00:03:14/00:01:31 v2    1 / B S P G
R3#show ip pim neighbor
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
      P – Proxy Capable, S – State Refresh Capable, G – GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
192.168.13.1      FastEthernet0/0          00:03:42/00:01:26 v2    1 / B S P G

As you can see only support Shared Path Tree SPT

R1#show ip mroute 239.1.1.1
Outgoing interface flags: H – Hardware switched, A – Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:06:17/00:03:19, RP 1.1.1.1, flags: B
  Bidir-Upstream: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet1/0, Forward/Sparse, 00:06:17/00:03:19

PIM-BiDir is the only one that use DF-Designated Forwarder.

R1#show ip pim interface df
* implies this system is the DF
Interface RP DF Winner Metric Uptime
Loopback0 1.1.1.1 *1.1.1.1 0 00:27:53
FastEthernet0/0 1.1.1.1 *192.168.12.1 0 00:27:14
FastEthernet1/0 1.1.1.1 *192.168.13.1 0 00:15:58
R2#show ip pim interface df
* implies this system is the DF
Interface RP DF Winner Metric Uptime
FastEthernet0/0 1.1.1.1 192.168.12.1 0 00:24:35
FastEthernet1/0 1.1.1.1 *192.168.24.2 2 00:24:35

Take into account that the DF election depends on how close is from the RP.

Publicado en CCIE, Uncategorized | Deja un comentario