Whats Next !!
Its been a long time since my last post . Immediately after passing the Lab Exam I had loads of work waiting for my return to office. I have been working on an upgrade project for one of our customers which was consuming most of my time. And Finally I submitted the Design and BOQ and now waiting for the Customer to accept it so that I may go ahead on developing the Implementation and Migration Plans. I will be writing my experiences with Project in the next few months.
So the geekness inside of me is not letting me sit calm and I have decided to go after another CCIE. I first decided to go for Service Provider but my job role involves a lof of Cisco Security Related stuff as well so I changed my plan and now pursuing CCIE Security. As you know the new blueprint is very difficult and there have been only a few success stories since then so this one will be very challenging and I would love to tackle this beast.
I must thank Kady Heaton and all the INE Team for giving me the CCIE Security End-to-End Program as a part of Scholarship which I received for R&S earlier this year but could not attend the Onsite Bootcamp due to Visa issue. kady was nice to transfer that portion to Security Program.
Currently im studying MPLS VPN and Performance Routing for a Project and then I will move on to CCIE Security Studies. My strategy will remain the same as R&S. Pick each technology and beat it to death. I used INE Advance Technologies Class and Open Lecture Series as Class Based Trainings and Volume I Technologies Workbook as main training products, So same products for Security as well but unfortunately INE does not have OLS for Security till now so i will have to check for other VODs from CCBOOTCAMP or maybe IPEXPERT in addition to INE ATC
Stay tuned for some Technical Posts in near future
Goodbye For Now !
Journey to a 21 Year Old CCIE
Hey All !
Just Received my Report, I cannot tell you how happy I am. I have been dreaming of becoming a CCIE since I was 15. Now at 21 I have finally passed the CCIE R&S Lab Exam.
My Journey Started when I got my old 386 computer. I was quite young at that time but I as really fascinated by the little machine. In few years it was upgraded to Windows 95. I used to corrupt and fix everything on my own. In Grade Seven during school holidays I joined a local institute nearby my home for Web and Graphics Designing. My Teacher was preparing for MCSE and I used to ask him about what it was all about and then I finally decided to join the Networking field.
So at the age of 15 I passed the CCNA Exam, it was really difficult one for me at that time. Just after clearing I went ahead and joined CCNP Training. I passed BSCI and BCMSN and had to stop because my high school studies were being affected. After completing school I got job at a Cisco Premier Partner. I still work here as a Network Engineer working on R&S and Security Projects. Back in December 2007, I completed CCNP along with few other certifications from Cisco and Juniper.
Immediately I Started my preparations for CCIE. I passed the Written Exam but it took a lot of time around 8 months during which I was working on a major project. So I finally decided that it was now time to get my hands dirty. I scheduled the Lab but after every week I had to extend it because of Job load and other responsibilities.
A turning point in my preparations was when I received the Scholarship from Internetwork Expert. I really jumped out of my seat when I received the email saying I have been selected as the Sole International Recipient. Since then there was no stopping and I booked the seat at Aug 18 2009.
During the last month I had enormous distractions but I focused on my strategy. The Exam day has finally arrived and I was very afraid of the 4 Stupid questions that can cost you $1400.
So we started of with the Core Knowledge. The first one was really easy but the rest were confusing and I spent the whole 30 mins. I sticked to the first thoughts as many CCIEs told me that overthinking can cause you to fail.
Lab Portion was not as difficult as I was expecting, my time management was not good I spent too much time on 2 Tasks, one of them was very easy but my mind was not the working at its best. After 40 mins of thinking and trying different solutions I got one task done but I moved forward and left the other. I had complete reachability before proctor called for Lunch. After Lunch time I completed other tasks verified reachability. On whole I left two tasks and instead of working on them I re-checked every thing and found a couple of mistakes which could have cost me. After the Exam I knew I had great chance of passing the Lab, the only thing that was troubling me was the Core Knowledge Questions.
Thanks to ALLAH in helping me achieving this journey and many others who have helped me including my employer, manger, colleagues and my family.
As far as my Exam Strategy is concerned I used CCIE 2.0 Program by Internetwork Expert. Advance Technologies Class, Open Lecture Series and Volume I Workbook were the main products. I focused on individual technologies and did very few Full Scale Labs and never completed even a single of them because of various issues , power outages being the main cause. I would highly recommend the CCIE 2.0 Program to candidates and specially the Volume I Workbook and the Open Lecture Series. Both of them are my favorites and I still plan to use the OLS, it a great tool. For those who dont know about it its just an ongoing version of Advance Technologies Class. Each week Brain Mcgahan conducts two 1 hour each class and cover various technologies on the CCIE Blueprint. I would love to see it released for CCIE Security as well.
Thank you Internetworkexpert , you guys have been a crucial part of my success specially Kady and Brain and I look forward to choose you for the Next Track which I have yet to decide , per my job role CCIE Security looks the best and I have heard that the new exam is very difficult and only 1 guy has passed since the Blueprint changed so I would love to tackle this beast. CCIE Service Provider also looks very promising and for the next 2-3 years because of IPv6 and MPLS its worth will increase.
Thank you all
Muhammad Zeeshan Sanaullah
CCIE # 25196
Internetwork Expert – Open Lecture Series
Hello Everyone !!!
So this post will be dedicated to one of the finest CCIE Preparation Products that I have ever seen. Yup it is the Open Lecture Series.
It is a part of CCIE 2.0 Program by Internetwork Expert which focuses on
dynamic learning content. In simple words it is a dynamic version of Advance Technologies Class. Here is a little excerpt from INE website
” Internetwork Expert’s CCIE Routing & Switching Open Lecture Series is an ongoing online course – keeping in line with our revolutionary CCIE 2.0 Program model – which provides candidates continuing live interaction with the industry’s most experienced CCIE authors and instructors. The dynamic format of this series ensures that candidates always have an outlet for getting their questions answered in real-time throughout the lifetime of their preparation. “
The Product comes in two versions Live and Class on demand
Well, my scholarship didnt include the live version where you can interact with the Instructor but still the Class on-demand version rocks.
Every week or so there are some classes that cover technologies in detail which were neglected by the ATC. You can see a sample list of lectures
below to get an idea of what im talking about.
– OSPF – 11/18/2008 Part 1 ( OSPF Intra-Area Routing )
– OSPF – 11/18/2008 Part 2 ( OSPF Inter-Area Routing )
– OSPF – 11/18/2008 Part 3 ( OSPF Inter-Area Routing with Multiple ABRs )
– OSPF – 11/18/2008 Part 4 ( OSPF External Routing )
– OSPF – 11/20/2008 Part 1 ( OSPF Virtual Links )
– OSPF – 11/20/2008 Part 2 ( Traffic Engineering with Virtual-Links )
– BGP – 11/26/2008 ( BGP Traffic Engineering with Aggregation )
– NAT – 01/14/2009 ( Advanced NAT Design )
etc etc
I guess uptill now there are approx 40 lectures. One of the things that I noticed recently was that you can even request the INE guys to have some classes on topics of your choice that you may find difficult.
Usually Brain Mcgahan is the instructor for these classes but I also would like to see Scott and Petr do some classes as well.
For those who are following INETraining on Twitter. There is a great weekend deal for the Open Lecture series. so hurry up now and grab this product.
Zeeshan
My First Real World Encounter with BGP !
Hello !!!
So .. I have been busy for the past few weeks in a BGP Project, and for my faithful blog readers I want to share my experience.
Basically the project was a BGP Multihoming Scenario with policy routing.
The customer has its own AS Number and /22 Pool of IP Addresses assigned by the RIR
For Explanation I will use Private AS Numbers and IP Pool from the Private Range
So Lets say the customer is Assigned an AS Number 65503 and an IP Pool – 192.168.128.0 /22
It peers with two ISPs , ISP A and ISP B with AS Numbers 65501 and 65502 respectively.
You can see the Diagram Here ..
Now … Here comes the pain … the traffic load share that the customer want is mentioned below.
- / 22 Pool is subnetted into 4 / 24 pools.
- Two / 24 pools are used through one ISP both for one incoming and outgoing traffic and other two / 24 are used through another.
- For Example 192.168.130.0 / 24 and 192.168.131.0 / 24 pools are used through ISP B. The traffic sourced from and destined to these pools must use ISP B.
- If a link to any ISP goes down the traffic must be re-routed through the other ISP.
To apply policies to BGP updates you have to first categorize them into Inbound BGP Policy ( affects outbound traffic flow ) and Outbound BGP Policy
( affects Inbound Traffic Flow )
Now before I mention the policies i must tell you that when the / 22 pool is advertised from both ISPs without any policies applied or modifications
The routing chips usually prefer ISP A. Thus ISP A is considered a better ISP to reach the /22 pool.
We will first consider Outbound BGP Policy that affects our Incoming traffic.
Here is the configuration of both routers to get the desired ingress traffic share.
Router A
router bgp 65503
neighbor 10.1.1.1 remote-as 65501
no auto-summary
no synchronization
network 192.168.128.0 mask 255.255.252.0
ip route 192.168.128.0 255.255.252.0 Null0
Router B
router bgp 65503
neighbor 172.16.1.1 remote-as 65502
neighbor 172.16.1.1 prefix-list subblocks out
neighbor 172.16.1.1 route-map prepend out
no auto-summary
no synchronization
network 192.168.128.0 mask 255.255.252.0
network 192.168.130.0 mask 255.255.255.0
network 192.168.131.0 mask 255.255.255.0
ip route 192.168.128.0 255.255.252.0 Null0
ip prefix-list aggregate seq 5 permit 192.168.128.0/22
ip prefix-list subblocks seq 5 permit 192.168.130.0/24
ip prefix-list subblocks seq 10 permit 192.168.131.0/24
ip prefix-list subblocks seq 20 permit 192.168.128.0/22
route-map prepend permit 10
match ip address prefix-list aggregate
set as-path prepend 65503 65503 65503
route-map prepend permit 20
As you can see .. Router A only advertises the / 22 pool while Router B advertises three prefixes , two / 24 pools and a / 22 prefix with AS_PATH attribute prepended to it.
This fulfills the requirement as the pools 192.168.130.0 /24 and 192.168.131.0/24 are always reached through ISP B due longer match prefix matching while the other pools are reached through ISP A.
Incase ISP A goes down the the whole / 22 pool can now be reached through ISP B which was previously not the case as ISP B was advertising a the prefix with a longer AS_PATH attribute then ISP A.
If ISP B goes down the /22 pool and the specific subnets can be reached through ISP A as ISP B withdraws its two /24 prefix advertisement to its peers. Thus the match is made on / 22 route that includes ISP A in the path in the global BGP Table.
——————————————————————————————————————————————————
This task was not much difficult but the Outgoing traffic requirement really got me into thinking.
To prevent asymmetric routing the traffic flow that uses an ISP as ingress must also use it as the exit.
So traffic sourced from and destined to 192.168.130.0 /24 and 192.168.131.0 /24 pools must use ISP B. While other traffic must use ISP A.
I really did not want to make the routing table dirty with over 200K routes, and infact after reading Nanog and Sanog presentations from Phillip Smith
this scenario really didn’t require us to do so.
So we are only accepting the default from the providers
Here are the Respective configurations added to the devices.
Router A
router ospf 100
log-adjacency-changes
network 192.168.128.1 0.0.0.0 area 0
network 192.168.128.5 0.0.0.0 area 0
default-information originate metric 20 metric-type 1
router bgp 65503
neighbor 10.1.1.1 prefix-list defaultonly in
ip prefix-list defaultonly seq 5 permit 0.0.0.0/0
Router B
router ospf 100
log-adjacency-changes
network 192.168.128.6 0.0.0.0 area 0
network 192.168.128.9 0.0.0.0 area 0
default-information originate metric 30 metric-type 1
router bgp 65503
neighbor 172.16.1.1 prefix-list defaultonly in
ip prefix-list defaultonly seq 5 permit 0.0.0.0/0
Switch
ip access-list extended ISPB-prefix
permit ip 192.168.130.0 0.0.0.255 any
permit ip 192.168.131.0 0.0.0.255 any
route-map ISPB-policy permit 10
match ip address ISPB-prefix
set ip next-hop 192.168.128.9
router ospf 100
network 192.168.128.2 0.0.0.0 area 0
network 192.168.128.10 0.0.0.0 area 0
interface Vlan200
ip address 192.168.128.33 255.255.255.240
ip policy route-map ISPB-policy
OSPF is enabled on interfaces connecting RA-RB , RA-SW and RB-SW
Note – All interface connecting these links are L3 Routed Interfaces while the link to the Server farm has an SVI where the policy is applied.
Both Routers advertise a default into the OSPF domain which they get from BGP.
Router A advertises a default with metric of 20 while Router B advertises a Default with Mertic of 30.
A policy is applied on the switch to send the traffic with a source address from the pools 192.168.130.0/ 24 and 192.168.131.0/24 to Router B.
So far the routing is simple , any traffic that matches the ISPB-policy on switch is sent to Router B which has BGP route 0.0.0.0/0 pointing to ISP B router.
the traffic that doesnot match the policy on the switch is matched by OSPF default route pointing to Router A and sent to Router A which itself has a BGP
route 0.0.0.0/0 pointing to ISP A router.
If the Connection to ISP A goes down, Router A withdraws its default route that it is injecting into the OSPF domain, the switch then Installs the route via Router B and sends all traffic to router B.
If the connection to ISP B goes down Router B withdraws its default route that it is injecting into the OSPF domain. But the problem is that Switch is still sending
the traffic to Router B that is matched through the policy. …
Not a big deal as Router B installs a OSPF default route learned on RA-RB link from Router A and sends this traffic to router A.
So finally all the traffic share requirements are met and failover implementation is acheived.
My first BGP implementation .. really enjoyed it … im really loving this protocol ..
Next Step — Migrate OSPF to BGP as the Enterprise Core Routing Protocol for another client Network ; ) ….. just joking , need a lot of guts to do so ..
hmm.. Not a bad option though, Check this article on Scalable Policy routing by Ivan Pepelnjak
Zeeshan
OSPF Forward Metric
This Post will help you understand the role of OSPF Forward Metric in route selection
To make it simple , lets start with OSPF External Routing. As we all know that there are two types of metric-types associated with OSPF External Routes. Metric Type-1 (E1) and Metric Type-2 (E2).
E1 considers the cost advertised by the ASBR for the particular route plus the cost to reach the ASBR.
While E2 considers only the cost advertised by the ASBR and neglects the cost to reach the ASBR.
We will refer to the following diagram to understand the usage of forward metric in ospf
Note – OSPF is enabled on Fast Ethernet Interfaces of R1, R2 and R3. And Serial Interfaces of R1, R2 and R4
– The ospf cost values are 1 for Fastethernet interfaces and 64 for serial interfaces
If we redistribute the Loopback 0 interface in OSPF at R4 . By default R3 will receive an E2 route with the cost of 20. Changing the Metric-Type to E1 the cost will be 85 ( 1+ 64 + 20 ) provided that the default bandwidth values
are used throughout the network.
As you can see from the output of show ip route 100.100.100.100 from R3 both with E1 and E2 metric-types
With Metric-Type – 1 (E1)
R3#sh ip route 100.100.100.100
Routing entry for 100.100.100.100/32
Known via “ospf 100”, distance 110, metric 85, type extern 1
Last update from 10.100.123.2 on FastEthernet1/0, 00:00:09 ago
Routing Descriptor Blocks:
10.100.123.2, from 4.4.4.4, 00:00:09 ago, via FastEthernet1/0
Route metric is 85, traffic share count is 1
* 10.100.123.1, from 4.4.4.4, 00:00:09 ago, via FastEthernet1/0
Route metric is 85, traffic share count is 1
With Metric-Type – 2 (E2)
R3#sh ip route 100.100.100.100
Routing entry for 100.100.100.100/32
Known via “ospf 100”, distance 110, metric 20, type extern 2, forward metric 65
Last update from 10.100.123.2 on FastEthernet1/0, 00:00:13 ago
Routing Descriptor Blocks:
10.100.123.2, from 4.4.4.4, 00:00:13 ago, via FastEthernet1/0
Route metric is 20, traffic share count is 1
* 10.100.123.1, from 4.4.4.4, 00:00:13 ago, via FastEthernet1/0
Route metric is 20, traffic share count is 1
R3 is doing equal cost loadbalancing in both cases.
Notice the forward metric 65 in the output above. It is only used in Metric-Type 2 (E2).
Forward Metric is actually the cost to reach the ASBR.
So it doesn’t make sense to show it the first output as Metric-Type-1 already uses it in the calculation.
Now what makes this interesting is that when we have multiple ABRs with each having different costs to the ASBR.
In case of Metric-Type-1 (E1) simply the router will choose the one with lowest commulative cost (which includes
external metric + the cost to reach the ASBR)
But when Metric-Type-2 (E2) , which is the default , is used the the results are a bit different.
Let us see how ,
First we change the cost of Interface on R2 connecting to R4 to 100.
R2(config)#interface serial 0/0
R2(config-if)#ip ospf cost 100
we now check the routing table on R3
R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 1 subnets
O E2 100.100.100.100 [110/20] via 10.100.123.1, 00:02:36, FastEthernet1/0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.0.14.0 [110/65] via 10.100.123.1, 00:02:41, FastEthernet1/0
O IA 10.0.24.0 [110/101] via 10.100.123.2, 00:02:41, FastEthernet1/0
C 10.100.123.0 is directly connected, FastEthernet1/0
As E2 only considers the external cost, we see only 20 as the cost, neglecting the cost to reach the ASBR.
But wait previously we had two exit points through R1 and R2
Why in this case we only see the route through R1.
Does the route through R2 has a higher cost … umm let us check .
We shut the Interface on R1 connecting to R4
R1(config)#interface serial 0/0
R1(config-if)#shut
and then check the routing table on R3
R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 1 subnets
O E2 100.100.100.100 [110/20] via 10.100.123.2, 00:00:01, FastEthernet1/0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.0.14.0 [110/165] via 10.100.123.2, 00:00:01, FastEthernet1/0
O IA 10.0.24.0 [110/101] via 10.100.123.2, 00:00:01, FastEthernet1/0
C 10.100.123.0 is directly connected, FastEthernet1/0
No. It also has the same metric. Then why does we not see both in the routing table with R3 doing equal cost loadbalancing.
Let us check the route
R3#sh ip route 100.100.100.100
Routing entry for 100.100.100.100/32
Known via “ospf 100”, distance 110, metric 20, type extern 2, forward metric 101
Last update from 10.100.123.2 on FastEthernet1/0, 00:01:35 ago
Routing Descriptor Blocks:
* 10.100.123.2, from 4.4.4.4, 00:01:35 ago, via FastEthernet1/0
Route metric is 20, traffic share count is 1
Okk.. so I think you got the answer. It is the forward metric.
R3 calculates route to the destination 100.100.100.100/32 with a cost 20 through R1 and R2. But it installs only the one through R1
as it has lower forward metric. We can see that
R1(config)#interface serial 0/0
R1(config-if)#no shut
R3#sh ip route 100.100.100.100
Routing entry for 100.100.100.100/32
Known via “ospf 100”, distance 110, metric 20, type extern 2, forward metric 65
Last update from 10.100.123.1 on FastEthernet1/0, 00:00:09 ago
Routing Descriptor Blocks:
* 10.100.123.1, from 4.4.4.4, 00:00:09 ago, via FastEthernet1/0
Route metric is 20, traffic share count is 1
So what we conclude is that although the metric will be 20 ( only external metric ). But the route with lower forward metric
will be installed in the routing table. But remember this is only for Metric-Type-2 (E2)
Happy Labbing
ccie@21 ..
CCIE Scholarship By Internetwork Expert
I have been extremely lucky to be chosen as single International Recipient of the Real CCIE’s, Real People 2008 Scholarship by Internetwork Expert.
As the scholarship winner below is the List of what I have received.
- Internetwork Expert CCIE 2.0 Program
- CCIE Rack Rental package compliments of Graded Labs
- Onsite Bootcamp
I have checked out some Products and believe me these are the must not only for CCIE preparation but for gaining knowledge of individual technologies as well.
As I have been working on individual technologies first as a part of my preparation strategy. I used Volume I version 5 OSPF Section along with OSPF Lectures in Open-Lecture Series.
I strongly recommend the Open-Lecture Series , these are very different than Advance Technologies Class. For Example the Open-Lecture Series contain 6 OSPF Clasess that Include Advanced OSPF Design , OSPF Inter-Area Routing with Multiple ABRs, Traffic Engineering with Virtual-Links and etc .
I also used the Graded Labs Rack Rental to practice OSPF section of workbook I and did not find any issues with the setup.
I would like to end this post with Thanks to the whole Internetwork Expert team for choosing me as the scholarship winner. And a very special thanks to River Hopkins (Customer Success Manager) for her help and support.
Zeeshan
About Me
I am Zeeshan Sanaullah from Karachi, Pakistan. I ‘ll be writing about my LAB preparation in search of getting the digits. I work for a Cisco Premier Partner. My Journey started off in the Tech World when I got my 386 computer when I was class 5 and since then computers have become an essential part of my life.
Initially I Started with Web-Development and Graphics but eventually landed in the Networking field.
I was a CCNA at 15 and now at 21 Im CCDA, CCNP, CIPTD , CSSDS, JNCIA-ER, and JNCIA-EX .
I passed CCIE R&S Written Exam in September last year.
This Blog will focus on CCIE Lab Preparation and I will also write about the day – to – day stuff that I face in my Job as a Network Engineer
Hope the journey goes well….
Zeeshan
Welcome !!!
Helloo !!!
Finally I have my own CCIE Blog. Though I cant match the likes of cciepursuit, ethan or arden, I’ll try to write some good posts. Stay tuned for the next post I’ll post some words about my myself.
Internetwork Expert Blog
- An error has occurred; the feed is probably down. Try again later.
Ccie@21's Weblog 