CCIE RS Lab – Week 17

Hours studied: 11

Sunday

Read a little of mpls book

Monday

Took the night off

Tuesday

Labbed INE MPLS, I took my time to fully understand the commands and tracing out how to follow the label path.

Wednesday

I started with my own lab within VIRL, but used the INE ATC workbook for inspiration

OSPF authentication, played with interface level configuration and routing process to see the difference in show output

Database navigation practice

Prefix suppression – In a large OSPF environment where you may only need the loobacks you can suppress the transit links from reaching the routing table. The type 2 LSA still shows in the database for the transit links. Verify with the show ip ospf command

MPLS LDP from last night, working on speed and verification, seeing how previous settings such as prefix suppression could be another way to do LDP label filtering. I’m trying to get into the mind set of what are the many ways to get the final results incase there is a technology taken away from the requirements in the question.

Used templates when configuring MP-BGP for practice. It takes longer to configure this way, but makes you understand the difference between a session and policy configuration.

Thursday

Configured PPP with the different options to better understand the commands and debug output

Also worked on some more MPLS related topics, specifically EIGRP SOO, BGP SOO, Internet access and MPLS performance tuning.

Friday

Flash cards

INE atc videos

Saturday

INE atc mpls videos

CCIE RS Lab – Week 16

Hours studied: 16

Sunday

Built a new lab to start tackling the topics I stuggle with without a set lab guide. I practiced some OSPF and also watched a couple XtemeIE BGP videos.

Monday

I worked on going through my list of technologies that I need to study further and getting those topics into OneNote. I did a lot of reading of the docCD for building my notes and the configuration for each of those topics. This night was infrastructure security with a focus on L2 security.

Tuesday

Flashcards

Contiued with some further reading on Infrastructure Security specifically on the Management Plane Security and Control Plane Security. I also started onto Data Plane Security.

Wednesday

INE MPLS videos

Further notes on Infrastructure Security – The focus this day was on Data Plane security

INE Troubleshooting lab 1 – this is my 2nd time looking at this and a couple of the tickets were easier, but believe that was from memory. There were 3 that totally stumped me. First one had to do with MPLS, there were a lot of broken things on multiple devices. The multicast one I skipped and ran out of time on the last ticket. I’m working on my speed for troubleshooting by scheduling 2 hours for the rack time.

One thing I need to work on is not depending on looking at the running configuration for troubleshooting and finding the error. I also need to work on my typing accuracy. Some of my own typos created more things to fix than it solved.

Thursday

INE mpls videos

I would have done more. But Verizon went down and they won’t be out to fix it until Monday…

Friday

Read the multicast book and got virl working on my laptop. I setup a small 8 router lab and started building out the initial config and an mpls backbone

Saturday

Continued tinkering with the small lab I built. Rest of the day was spent taking care of some house work

CCIE RS Lab – Week 15

Hours studied

Sunday

Took the night off, full scale lab 3 had me thinking on some different strategy. I also worked on some “paper work” type things to clean up my notes

Monday

INE videos – DMVPN and IPSec

Continued on INE full scale lab 3 – multicast section, this also kicked me hard. This required using BSR (easy) and BGP to route the multicast (hard). I struggled with wrapping my head around what neighbors needed to be formed and which routes needed to be added into this table. As like other sections, the wording made it very hard to understand what was being asked. I’m going to table this section and dig deeper into the specifics on it’s own. The solution for this section is very long and has a lot of different verification steps.

I believe what tripped me up on this section was the use of the GRE tunnel and forgetting to check the RPF. If I looked at the unicast routing table I would have seen the route to the RP was through the wan interface instead of the GRE like I would need it to be for the pim enabled interfaces.

Even after getting everything configured and verified, I still could not get traffic to work, however I cannot tell if this is due to a misconfig or due to virtualization. All verification commands show a working data and control plane path. I’ll need to investigate this one further.

Tuesday

INE videos – IPSec

Continued with INE full scale lab 3 – IPv6

Was able to get ospfv3 routing working without an issue.

Learned a new command for IPv6 address autoconfig [default] – this automatically generates a default route towards the router that the IPv6 address was originiated from

The IPv6 routing wasn’t to difficult, just needing the figure out which which direction to tag the next hop address in as took a minute to think about. This was needed because I had to route IPv6 traffic over an IPv4 backbone.

The network security section had me configure AAA settings. I got most of this right, I did miss for configuring every vty line and missed the local-case part of the authentication command

The last section was QOS, however I did not get to it this night as my rack time expired. I could have extended this, but I’ll focus on it for the next session as QOS can be tricky due to wording and multple configuration steps that may be required

Wednesday

INE videos – IPSec and VTI

Completed the full scale lab 3 РQOS, this was involved and also made me use EEM scripts, which I am very rusty with.  After I finished this section and went through verification I turned up troubleshooting lab 1 to finish out the rack time.

Thursday

I spent some time going through the expanded blue print and filling in my confidence levels in the technologies. This was a good exercise as it exposed some things that I don’t remember as well as I think I do and also some things that I have forgotten about. I’m going to use this as a place to figure out where I need to focus more.

Based off the exercise there was a common theme, summarization. I decided to revisit OSPF summarization and stub areas as pointed labs and go through verifications and revise my notes to fill in any gaps I may have missed the first time. I also tried to work on the speed of my typing and typing more accuratly.

The thing that slowed me down was doing the math for subnetting. I need to figure out a better and faster method, but for now. Making sure I get the right subnet mask is more important.

Friday

I spent more time going through the expanded blueprint and entering my understanding level and configuration confidence in an excel doc. With this info I was able to conditionally mark the rows with red or yellow to help see where I need to spend more time. Going through this I can see I need to spend more time on systems management, network services, security, QoS and multicast.

This looks daunting, but I need to keep reminding myself this is a marathon… This was a good level set and will help me redirect where I need to practice. Also, in talking with a friend, I am going to integrate spaced repetition. This is not new to me as it’s what the flashcard app Anki uses and I’ve heard about it many times from the podcast College Info geek, however I’m not sure why I never implemented it into my lab studies.

Saturday

Took the day off for family time

CCIE RS Lab – Week 14

Hours studied: 11.5

Took family to Story Land so only did some light studying for the long weekend. I’m been struggling with focus and motivation lately. Getting back into the studying groove is difficult, need to get my routine back.

Sunday

Flashcards

Family time

Monday

Flashcards

Family time

Tuesday

INE Multicast videos

Started INE Full Scale Lab 3 – got to section 2.1

Spent my time working on verification and interupting what was being asked. A few simple things tripped me up

  • How to set the the age time for storing the most recent BPDU
    • spanning-tree vlan # max-age (sec)
  • Not being as specific as possible in some of my configuration
  • Need to remember to account for every switch when told not to configure a switch for root placement. This comes to the interuptation that I need to account for the non-root switches and set their configuration even though they are not being selected root at that time
  • PPPOE configuration
    • I read this as using ip unnumbered on the dialer interfaces and virtual-templates, but the solution guide showed moving the ip address off the physical port and onto the virtual port. After I did this config I did see the duplicate IP address which made me re-think, but I need to practice this more

Wednesday

INE multicast videos

Thursday

INE multicast and DMVPN videos

Friday

INE DMVPN videos

INE Full Scale Lab 3 – I’ve been breaking this lab into chunks instead of tackling it in one sitting. For this sitting, I was able to get through most of the IGP setup. There wasn’t anything particularly difficult, but I still got tripped up on some simple things such as:

  • route-tag notation dotted-decimal
    • global config
  • eigrp default-route-tag
    • Couldn’t remember where this command was applied in the named configuration mode

The thing that did get me was the OSPF multi-area that’s done under the interface configuration

The solution guide pointed out that this is referenced in RFC 5185, which I need to read and understand fully

Saturday

I continued with INE full scale lab 3 – I took my time again to go through verifications and try to better understand. The major take away from this was READ THE REQUIREMENTS CAREFULLY. The tasks were worded with double negatives or backwards from how I interupted from a first read. My errors were only found though when I was checking my work against the solution guide to find that I did things backwards.

These tasks were also very time consuming. The BGP configuration made me use peer-session and peer-policy which added a lot of typing and made the hierarchy of the BGP configuration more confusing. This along with typo’s slowed me down a lot.

I was able to complete all the BGP and MPLS configuration during this 6 hours of rack time. Some of my lessons learned are listed below:

  • Practice BGP configuration with templates
    • Fully understand what goes under session and what goes under policy and where each gets applied
  • Hidden command – bgp best-path as-path multipath-relax
    • Use this for BGP load balancing / multi-path
    • Maximum-path #
  • BGP auto-summary
    • This came from understanding the requirements more clearly. I first read this as using an aggregate address, but after re-reading the requirements (after I already configured everything) I found that no additional prefixes should show up in the bgp table.
    • Using auto-summary along with redistribution meet this requirement, but something I need to get better at seeing before I waste time on a configuration
  • DMVPN gave me problems when I went to enable MLPS across it, OSPF neighbors formed, IPSec SA’s were right, but MPLS neighbors wouldn’t work. Rebooting the hub routers fixed this, believe it was an order of operations problem. I also needed to bounce the spoke tunnels multiple times to get the results
  • MPLS routes did not work until I enabled next-hop-self on the route reflectors, believe this is because labels were not getting applied for the for the 2 PE routers that needed to communicate.
    • Control plane looked like it worked, but data plane was broken because of the missing label
    • Using Nick’s MPLS verification method helped me track this down. I need to revisit this though as I couldn’t remember everything I needed to check from the top of my head
  • 2547oDMVPN – this came up in the solution guide. Need to research this further

I decided after going through all this to stop at the multicast section as that is a weak area for me and I want to be able to take my time with this. My thoughts around this lab it that it’s very difficult and is testing my knowledge. This will be a good one to revisit in a month after some more practice of what I have found so far.

Next Actions

I need to start tackling my list of things to reseatch further. It is getting overwhelming from how much I added because I have not gone through it for over a month.