So, after 9 years of doing networking, I've finally decided to get serious and get that purple dot under my belt. I'll be a dad somewhere around january 1, so if I don't get it done before then, chances are that it just won't happen. That and a lot more pressure from management, now that I'm a tech lead.

So....

October 5 is D-Day, so I've got 4 months to become an expert in just about everything.

Switching --- check
RIP --- meh
EIGRP --- meh
OSPF --- I suck ass
BGP routing --- I suck ass
IP Multicast --- meh
QoS -- I suck ass
Frame Relay/WAN -- meh
IPv6 - I can spell IPv6

Action plan:

I've got a ton of practice labs from http://www.netmasterclass.net/ which I'll go through and begin by reverse engineering the solutions along with various Ciscopress books to learn enough to where I can attempt them without using the solution keys, and keep chucking at them until I can complete them without using them at all.

I've spent most of the last several hours working on frame-relay. I used to know it pretty well back in the day, but haven't had to do anything with it in years. It's coming back pretty quickly, although I keep making stupid mistakes: mismatched LMI types, typo'ed a DLCI mapping that took me over an hour to figure out, etc. but it's otherwise going pretty smoothly. FR traffic shaping is going to be a different story though....

Anyone else actively working towards this? I know that cdubya was before he went to Google, and I think robster was talking about it.

6/2/2007 1:51:41 PM

Not actively, but I'd be interested, time permitting.

6/2/2007 1:59:29 PM

Good luck man, kick its ass.

6/2/2007 2:04:25 PM

Nice Bobby ... My date is Sept 27th, and its already hard seeing as I will be the dad of my SECOND kid come around the first of January....

Congrats on both, BTW

Switching --- meh
RIP --- meh
EIGRP --- meh
OSPF --- Ok
BGP routing --- Ok
IP Multicast --- Ok
QoS -- Router side is great ... You got the switching qos down??
Frame Relay/WAN -- meh
IPv6 - I can spell IPv6 forwards and backwards

[Edited on June 2, 2007 at 5:52 PM. Reason : .]

6/2/2007 5:49:40 PM

did you guys take a class for your CCNA or just self pace with a lab at home?

6/2/2007 9:14:01 PM

I've got two coworkers who are working for the Security cert.

The thing I've gotten away from their efforts is that everything possible, no matter how arcane/dated/retarded can and will be asked.

6/3/2007 12:13:25 AM

Yup, the topologies you see are generally never going to be used in real life, but are setup to really stretch your ability to think through the principles and caveats of the protocols and router functionality.

6/3/2007 6:25:16 AM

laugh, im studying for ccnp, passed bcmsn, taking bsci in a bit

6/3/2007 2:40:26 PM

ha

6/3/2007 11:24:18 PM

got in at 4:30 this morning to study, planning on doing this for the next 4 months.

6/4/2007 5:14:44 AM

This is what I'm currently working on:



Got the frame relay done and the IRB done. IRB was a bitch, as I've really never worked with IRB before... nobody really uses that shit anymore unless they refuse to let go of shit like DECnet, Vines, and other shit that isn't easily routed.

Next up is getting OSPF running over the frame relay.

6/4/2007 7:54:01 AM

dont forget

6/4/2007 8:25:46 AM

I should have the 10 new CCIE pods up by next week sometime ...

They will have 4 3650s just like the real thing currently uses.

- Probably a bigger deal for me since I need the switching practice, but still nice that itll be easier to recreate the ipexpert/netmasters labs

6/4/2007 8:59:19 AM

yeah, i'm just using IOU so that I can do practice labs from anywhere, but I might want one of the pods eventually just to work at some of the weird MST crap they come up with...

6/4/2007 11:52:08 AM

<hand gesture><jedi mind trick>

IOU doesn't exist.

</hand gesture></jedi mind trick>

6/4/2007 12:55:01 PM

Quote :

"IPv6 "

what a crappy, slow protocol

6/4/2007 1:09:22 PM

yeah that huge color picture thats up there

i have no idea whats going on in that

6/4/2007 3:10:13 PM

should i understand that picture since i'm CCNA? because i don't

6/4/2007 3:11:47 PM

Good luck dude. From what I've read the lab they give you during the test has a very high percentage failure rate the first time around. It's definitely an elite IT cert to get, considering that what, like 15k people in the world have it?

6/4/2007 4:00:12 PM

^

Yeah, i think it's a 90something % failure rate for first time takers, and you're right, a little less than 15k CCIEs worldwide and less than 4500 in the US.

http://www.cisco.com/web/learning/le3/ccie/certified_ccies/worldwide.html

aight.. time to crash soon so I can get up at 4a.m. again....

Quote :

"what a crappy, slow protocol"

care to elaborate? I don't know much about IPv6, so I'm interested to know how a connectionless protocol is "slow."

[Edited on June 4, 2007 at 9:22 PM. Reason : asf]

6/4/2007 9:22:12 PM

im just about to start reading for the written.. Got to get a juniper cert for becuase work wants me to as well.. But I need to get serious about this pretty soon

6/4/2007 9:28:08 PM

I plan to start reading some more books first (routing tcp/ip vol 1&2, ccie switching, multicast book, ipv6), then take the written.

Im going to get a new computer to run dynamips/dynagen for simulating most of the labs then do some online rack rentals for switching parts.. Most people here have been recommending the internetworkexpert.com labs. Thats the plan atleast...

6/5/2007 7:24:30 AM

^ sounds like a good plan.

Really learning the material for the written will help you a lot when you're prepping for the lab. A lot of people use testking to pass the written with ease, but they don't learn shit, and then the lab exam seems insurmountable.

6/5/2007 8:29:43 AM

Yeah^

I recently encountered a person who was the company "CCIE" I was told. They had a setup of BGP out the WAN and EIGRP on the LAN. He kept complaining that BGP was "leaking" onto his LAN as he "proved" by showing a "show ip bgp" which showed LAN addresses as the next hop. I told him this was due to his redistribution of EIGRP. He refused to believe that and said we had to put "passive-interface" under router bgp or this would never work.

No way he had a #... I really think he test-king'd it up to pass the written and became the company CCIE

6/5/2007 8:50:47 AM

Sounds like you're kicking ass, dude!
Definitely keep us updated.

6/6/2007 12:35:36 AM

more like I'm getting my ass handed to me, but learning a shitload....

hopefully a few months from now I'll be rocking this shit.

6/6/2007 6:03:02 AM

I thought I knew a fair amount about computers, networking, and the internets, but those pictures you posted Bobby are complete gibberish to me, and that is scary

but good luck studying

6/6/2007 11:36:29 AM

yup ... ccie is no joke.

6/6/2007 12:22:22 PM

Good luck, man.

6/7/2007 8:18:39 PM

One of the important things in the CCIE lab is time management... there's a lot of shit to get done in the 8 hours that you have to complete it, so being efficient with time is absolutely critical.

I've spent the last few days with OSPF and of course every time I add something new like an OSPF virtual link, policy based route redistribution or whatever.. something would break, and i'd spend an hour trying to fix it.

R2 in the above diagram wasn't learning routes from R1, even though it was fully an OSPF neighbor. my R2 routing table looked like this:

     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.124.0 is directly connected, Serial1/0
C       172.16.102.0 is directly connected, Loopback102
R2#

Neighbor ID     Pri   State               Dead Time   Address         Interface
172.16.101.1      1   FULL/DROTHER         00:01:23    172.16.124.1    Serial1/0
R2#

R1#show ip ospf int ser1/0.1
Serial1/0.1 is up, line protocol is up 
  Internet Address 172.16.124.1/24, Area 0 
  Process ID 1, Router ID 172.16.101.1, Network Type NON_BROADCAST, Cost: 64
  Transmit Delay is 1 sec, State WAITING, Priority 1 
  No designated router on this network

interface Serial1/0.2 point-to-point
 ip address 172.16.13.1 255.255.255.0
 ip ospf network non-broadcast
 ip ospf priority 0

debug ip routing 

*Jun  8 12:40:33.987: RT: add 172.16.13.0/24 via 172.16.124.1, ospf metric [110/128]
*Jun  8 12:40:33.987: RT: NET-RED 172.16.13.0/24
*Jun  8 12:40:33.987: RT: NET-RED queued, Queue size 1
*Jun  8 12:40:33.987: RT: SET_LAST_RDB for 172.16.35.0/24
  NEW rdb: via 172.16.124.1

[snipped most of the output]

*Jun  8 12:40:33.987: RT: add 172.16.101.0/24 via 172.16.124.1, ospf metric [110/20]
*Jun  8 12:40:33.987: RT: NET-RED 172.16.101.0/24
*Jun  8 12:40:33.987: RT: NET-RED queued, Queue size 6

     172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks
O IA    172.16.60.0/28 [110/129] via 172.16.124.1, 00:36:06, Serial1/0
O E1    172.16.50.0/24 [110/148] via 172.16.124.1, 00:36:06, Serial1/0
O IA    172.16.35.0/24 [110/138] via 172.16.124.1, 00:36:06, Serial1/0
O E2    172.16.31.0/24 [110/20] via 172.16.124.1, 00:01:23, Serial1/0
O IA    172.16.13.0/24 [110/128] via 172.16.124.1, 00:15:09, Serial1/0
O E2    172.16.1.0/24 [110/20] via 172.16.124.1, 00:36:06, Serial1/0
C       172.16.124.0/24 is directly connected, Serial1/0
O E2    172.16.101.0/24 [110/20] via 172.16.124.1, 00:36:06, Serial1/0
C       172.16.102.0/24 is directly connected, Loopback102
O E2    172.16.103.0/24 [110/20] via 172.16.124.1, 00:01:23, Serial1/0

debug ip routing

6/8/2007 9:29:01 AM

BobbyD - "HURRY THE FUCK UP"
OSPF - "WAIT, MOTHERFUCKER"

6/8/2007 11:51:53 AM

lol

6/8/2007 12:01:06 PM

I also LOL'd. You'd think computers would be faster than this...
"5 trillion calculations per second, and you still aren't done by the time I go get a cup of coffee?!"

6/9/2007 2:30:07 AM

hahaha

6/9/2007 8:58:48 AM

rofl.

i'm a CCNA. thought about taking the CCNP, and eventually getting my CCIE (i just wanted a number), but then i realized that i didn't want to work in anything IT-related.

oh well.

IRB sucks, too. i've never seen anyone ACTUALLY use it.

6/9/2007 12:03:51 PM

yeah it's pretty rare, mostly for companies that still run OLD shit like DECnet, Vines, etc.

6/9/2007 12:36:29 PM

OSPF can be a bitch, I've been learning it as I recently implemented it on our network. I had two routers with a direct ethernet connection (R1 and R2). I put each ethernet interface into a /30 subnet and couldn't for the life of me figure out why only one router would send hello packets. changed the interfaces to a /29 subnet and boom it came right up (well after about 1 minute since ospf is kinda slow)

6/9/2007 12:38:43 PM

^That doesn't really make any sense. /30s are used very frequently for addressing with two hosts, so are /31s.

Does Cisco support rfc 3031, Bobby?

6/9/2007 1:35:01 PM

if your company is still using shit from banyan like vines, it's time to get rid of some legacy systems, bitches.

6/9/2007 2:44:00 PM

^^ yep... hell, we co-wrote it.

6/10/2007 10:25:03 AM

Yeah so that was definitely a fat-finger- rfc 3021, regarding 31bit subnet mask addressing.

Obviously cisco supports mpls

6/10/2007 2:15:50 PM

ah now it makes sense, i was scratching my head on that one

but yep, we do support it (also co-written by a couple of Cisco RTP folks -- Russ White and Alvaro Retana).. see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ft31addr.htm

6/10/2007 8:18:25 PM

Interesting problem: From the above diagram, I need to redistribute RIP in to OSPF and OSPF into RIP on routers R2 and R4. Sounds pretty simple, right?

Wrong.

If I simply do a wholesale redistribution on both routers, we gonna have a loop. R2 will take RIP routes and inject them into the OSPF network, as will R4. These routes will be propagated everywhere else, and there'll be two routes for each prefix, which isn't really a big problem in and of itself, as each router will determine which route according to its calculated metric is better, and install that one into its routing table.

The problem is that R2 and R4 will learn each other's RIP routes, or _former_ RIP routes via OSPF from each other, as well as via RIP internal to the RIP network. OSPF has a better administrative distance than RIP, so the OSPF routes to the 106.0, 26.0, and 20.0 prefixes will be installed rather than the RIP routes, and ultimately result in black-holing traffic destined to these networks.

On the other side of the coin, what happens if on the RIP network we get OSPF routes injected into RIP from R2 and R4? Not much, really.

So, from the perspective of R6, which depends on R2 and R4 for routing information to the rest of the network, we're going to get routing information for the same prefixes that are injected into RIP from OSPF from R2 and R4, but we can only install one route to a given prefix, so which do we choose?

The first criteria we look at is Administrative Distance. Since the OSPF routes are redistributed into RIP at R2 and R4, by the time we get them at R6, they will appear to be RIP routes, and both sets of routes have the same Admin Distance of 120. The next criteria to be compared is the metric, and RIP uses hop count.

We could set the metric differently on R2 and R4 such that one has a higher metric, but that's not a very good design, as we want to keep dynamic routing dynamic. So if we redistribute the routes with an equal metric, what then?

There's a third criteria in route selection, which is prefix length, and with VLSM, we'll install the route with the longest match. Now RIP is a classful protocol, so we're going to look at these routes as 172.16.0.0 routes.

Paraphrased from:
http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094823.shtml

Ok so what now? I'm not entirely sure, and need to read a little more.

After reading just a little bit more, we'll install the route from which the next hop has the highest IP address, which in this case will be R4. But in trying to figure that out, I think i found a better way to do this -- Route Tagging.

6/11/2007 7:58:18 AM

^ I assume you are planning on setting a tag on R2 and R4 instead of matching on the default external ospf tag 777. If you did that it could cause problems later on.. Why not just block learning the 26.0 network from OSPF in the redistribution into RIP via a distribute-list? Then only allow the 26.0 (and other local rip networks) to be redistributed from rip back to ospf..(maybe i missed something)

6/11/2007 9:26:20 AM

it's too fucking early.

6/13/2007 5:04:52 AM

^^

Yeah, If I just used route tagging on R2 and R4, it will certainly cause problems elsewhere. The ultimate idea is to use them at every redistribution point in the overall network. This way, I don't have to keep track of every single subnet for each routing protocol.

Basically, I'll tag the routes at their ingress points to each routing protocol domain with a tag that is unique to each domain. At the egress points, the routes can be redistributed by their tags instead of by specific subnets. The routing protocol of the transit network does not necessarily use the tag, but merely conveys it to and from its external networks.

In this case, there are several different ways to accomplish the same thing, and I went and tried each method, just for my own learning.


One other thing I ran into was that R2 and R4 would learn redistributed RIP routes via OSPF and OSPF would wind up pushing RIP routes to the same prefix out of the routing table, so I needed to set the admin distance for native RIP routes on R2 and R4 to 109... winding up with this:

router ospf 1
 log-adjacency-changes
 redistribute rip metric 1 subnets route-map RIP->OSPF
 network 172.16.124.0 0.0.0.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 1 route-map OSPF->RIP
 passive-interface default
 network 172.16.0.0
 neighbor 172.16.26.2
 neighbor 172.16.26.6
 distance 109 0.0.0.0 255.255.255.255 RIP-networks
 no auto-summary
!
ip access-list standard RIP->OSPF
 permit 172.16.30.0
 permit 172.16.26.0
 permit 172.16.104.0
 permit 172.16.106.0
 permit 172.16.102.0
ip access-list standard RIP-networks
 permit 172.16.30.0
 permit 172.16.104.0
 permit 172.16.106.0
 permit 172.16.102.0
!
route-map RIP->OSPF permit 10
 match ip address RIP->OSPF
!
route-map OSPF->RIP deny 10
 match ip address RIP->OSPF
!
route-map OSPF->RIP permit 20

passive-interface default

6/13/2007 6:25:32 AM

^ makes sense. I wasnt familiar with the passive-interface default.. I guess Ive never seen an app. of statically defined rip neighbors.

6/13/2007 11:32:42 AM

in practice there would be no reason to do it... but the lab exam will ask for shit like that to test depth of knowledge of the protocol.

In this practice lab, it simply asks that RIP updates not be broadcast or multicast, which are the defaults for RIPv1 and RIPv2 respectively. So unless you know the one situation in which RIP sends unicast updates, you're hosed on that one.

6/13/2007 11:41:39 AM

1. what in the immortal fuck are you doing up that early in the morning?
2. what in the immortal fuck are you doing up that early in the morning and thinking about this kind of shit?

i have a hard time breaking this sort of thing down at 2 in the afternoon, let alone the 5 am hour.

6/13/2007 12:35:27 PM

Bobby means business.




Out of curiosity, does a CCIE mean a significant pay raise for you? What bracket are you in right now?

6/13/2007 12:37:07 PM