You wake up at Kuala Lumpur, Bangkok, Sydney. You wake up at Singapore, Bali, Hanoi. San Jose, Hongkong, Jakarta, Ho Chi Minh. Lose an hour, gain an hour. This is your life, and it's ending one minute at a time. You wake up at Changi International. If you wake up at a different time, in a different place, could you wake up as a different person?
(Fight Club, modified with the places I visited in the last few months)
I woke up this morning in Bangkok, and suddenly I had this crazy thought in mind. I travel quite often and keep changing my currency and timezone. But nope, I haven’t changed to a different person, I am still who I am. In fact, I feel like I haven’t changed at all. And that’s the problem.
I joined Cisco because I want to learn new things, I want to do something new, I want to be part of the company who are changing the way the world live, work, play and learn because I want to see from inside how they are doing it. But frankly speaking, so far I still do what I used to do. I still work to deliver projects. I still have to capture the customer requirements. I still spend time to find the solutions. I still must build the implementation and migration plan and sometime I even have to lead the migration by myself.
What’s the difference with before then? Number of customers. Project scale. High end products involved such as CRS-1. Customers in different country with different culture. More access to Cisco knowledge database. Meet well-known Cisco people. But I still do what I used to do. If in my previous work I had to present and convince the customer about my design or my plan, now with Cisco I still need to do the same thing. I still have to deliver the same type of work as before. And I don’t feel that I have made any improvements in doing it. Because I don’t have to. And I’m still survive, just as I have survived in the past.
This is not a good news. If you move to a new place, but you do exactly the same thing as what you used to do in the previous place and you still survive, it means either you have reached the highest level in whatever you do or you have entered a state of a very dangerous mindset that people call comfort zone. I don’t like to be in comfort zone as much as I don’t like to be in survival mode.
So I look back to see another reason why 1.5 years ago I decided to drop all my life in Dubai to move to Singapore, and in fact I was not moving to Singapore but to a new frequent flyer life style. I found out that among the reasons, one is because I was hoping someday I will get transferred to Cisco Business Unit in San Jose. Most probably I will work as a testing and deployment engineer there since my kungfu is not that good and I don’t speak C fluently. It’s a good reason to join Cisco, isn’t it? And as a US company Cisco can provide me L1 visa so I don’t have to compete to get H1b visa that is getting very difficult to get nowadays.
The crazy thought inside my head starts yelling: so what happen if you don’t get a chance to move to San Jose? Probably because of the current economy, or perhaps because your skillset doesn’t match what is required there. What would you miss if you fail your mission?
First, I would miss my chance to be part of the team that develops and makes decision of the next Cisco products. [crazy thought: yeah rite, even you made it to SJ, with your skillset and background experience as consultant not developer you won’t become the lead architect for the product to make such decision]
Second, I would miss my chance to be in the middle of world’s center of excellence and I would not be able to make the next Google. [crazy thought: oh, come one now. You won’t be able to make the next Google even you are in SJ now, but the right term might be ‘miss my chance to join a company that will become the next Google’, and this is only if you quit from Cisco there and join the right start-up company]
Third, I would miss my chance to work in one of my favorite cities, work 9 to 5, spend more time with my family, and ride my Ducati Monster around the city. [crazy thought: as you said, SJ is one of your favorite cities. So there are other favorite places that you can choose and offer you the same type of life style]
But then this crazy thought doesn’t want to stop, it wants me to go even further: so what happen if one day you decide that chance to move to San Jose is not worth waiting anymore, and it means there will be no point for you to stay with Cisco? What would you miss if you leave Cisco?
Hmm, so far I can think only three things:
First, I would miss all the access to Cisco knowledge database, all my chance to meet and work with Ciscopress book authors and all famous people such as Distinguished Engineers. And as NCE I can even access the repository to read the source code. I would miss all of them. [crazy thought: yeah, when did the last time you use the chance with all those access to increase your knowledge dramatically or make you a better person? Any company that makes product can offer you the same type of access]
Second, I would miss my chance to get transferred by Cisco to a better place. [crazy thought: according to your objective, your main target is SJ. If they can’t give that to you, then any other companies can offer the same chance to move to the place you want. Even so far you have received many offers from other company to do exactly the same thing with what you have been doing, with the same frequent flyer life-style but wider coverage of countries, and obviously with more money]
Third, I would miss my privilege and all respect that I receive as being part of Cisco. [crazy thought: yes, some people respect you at the first sight since they know you work for Cisco. But in the end it’s your experience and what you can do that really make people give you respect. There is other way to earn respect during the first meeting, in some places people look at you from your appearance, what car you drive, and even how much money you make. But again, eventually you have to prove and show that you are capable to really gain the true respect]
The crazy thought now is whispering to me: soooo, if you will not have your chance to move to San Jose, and you have only those three reasons to stay in Cisco, would you consider another option that can provide you happiness in such a different way? The one that provides more adventurous life and chance to do something that you have never done before? Would you start looking for that option?
Ahh, my crazy thought. It’s so difficult to predict and control, but I just can’t imagine to live without it either.
This is my life and it's ending one minute at a time.
Monday, March 31, 2008
Sunday, March 09, 2008
Olive for JNCIE
After my first post about Olive, many people sent me email asking how to use it to set up the lab so they can study JNCIE. I need to explain in here that I haven't started the JNCIE journey yet. I have not even read any JNCIS or JNCIP books. I have been busy working on several migration projects in few different countries at a time and some of them have CRS (yes boys, CRS boxes are coming more and more to South East Asian countries!). So I thought I should focus on the first picture in my targets before I move to the next one.
But I remember when I met Olive the first time and played with it for a while, I told myself there should be several different ways in using this emulator to make me able to practice for JNCIE lab. So I'm sharing those here, and if you are in the middle of the journey, please provide your feedback whether all features required in lab can be tested with my ways.
This topology drawing is taken from JNCIE study guide.
As you can see, there are 7 core routers in the middle, 4 routers for external AS, and 1 router called Data Center. Most of the links are point-to-point. Knowing this fact, I believe we just need 1 ethernet interface (2 if you want OOB) for each router and we should be able to use logical interface with dot1q trunk and VLAN tagging to distinguish one point-to-point link with the others. So it will look like as the next drawing taken from the same book:
There won't be serial interfaces, and I don't think it will make any difference in the lab since we don't run Non Broadcast Multiple Access over serial such as frame-relay. I'm not sure if PPP features are part of the lab but in Cisco I can run PPP over Ethernet (PPPoE) and I can test the dial-on-demand or PPP authentication feature with it. So using a single dot1q trunk interface for each router and mark the same VLAN number on both routers that need the point-to-point connection should provide us the same output with one physical interface per router for each point-to-point link.
So here are the alternatives for setting up JNCIE Olive lab. I like to use the numbering similar with the options in MPLS inter-AS. And just like in inter-AS, option 3 below is the most interesting :))
JNCIE Lab Option 1: 1 PC for 1 router, multiple NICs
I have a friend who has passed JNCIE with this way. So he bought many used and obsolete PCs, it's old Pentium and but good enough to run FreeBSD with JunOS. Since it was cheap for him to purchase multiple NIC cards, he followed the topology by using direct ethernet point-to-point link even he must provide 6 ethernet ports for some of the PCs. He said all features required in the lab work when running JunOS directly on FreeBSD (no vmware or qemu). So this option is the most straight-fotward and proven to work (he passed, right?) and it doesn't require a switch since each PC will connect directly to each other (except for R1,R2 and P1 in the drawing above that can be connected using cheap hub).
JNCIE Lab Option 2: 1 PC for 1 router, 1 NIC
Similar with option 1 but using only 1 NIC for each PC. As I mentioned above, we should be able to use only a single NIC for each PC by make it as dot1q trunk and put the same VLAN ID on the logical interface for two routers that need to talk to each other. So we need to connect all the routers to a switch. You may want to use Cisco switch since Juniper has not shipped their switch yet heheh
JNCIE Lab Option 3a: 1 PC with Qemu, multiple instances
In this world, people always try to find the better way, and cheaper way, to achieve the goal. So why bother to buy multiple PCs if we can run JunOS using qemu with virtual Tap interfaces? So the idea is to run multiple Olive with qemu, and assign one Tap interface to each instance. Then we need to make sure all the interfaces are connected to one virtual switch, in Windows it's called Network Bridge.
So after we create multiple Tap interfaces in Windows using Step 2 in my previous post, we need to put all of them into the bridge in Windows Networking Setup. Just right click the interface and select "Add to Bridge" you should see it will be moved under Network Bridge.
Then when we start qemu, or jqemu, assign the interface into a single VLAN ID. The idea is to have all interfaces in a single VLAN, then later on the separation between each point-to-point link is done in JunOS logical interface configuration with dot1q and unique VLAN ID per link.
Note: I found out that I'm not able to launch multiple qemu instances in Windows if I try to execute it from a single folder. So what I did I create multiple folders and launch Olive from each.
Example, Olive instance 1 is launched with this option:
C:\qemu> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1
Then the 2nd instance is launched from another folder with the next Tap interface but same VLAN option as previous:
C:\qemu2> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1002,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Two Qemu windows will pop up and obviously we need another 2 DOS prompts to telnet to localhost port 1001 and 1002 to access our Olives. Once we login to Olive, both will have interface fxp0 and let's say we configure 10.1.1.0/30 for both interfaces without logical interface first, just to test the connection:
[edit]
root# edit interfaces fxp0 unit 0 family inet address 10.1.1.1/30
After we commit the changes we should be able to ping each other:
[edit]
root# run ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=1.937 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.843 ms
This means the bridging between 2 Tap interfaces in Windows networking is working. Now we can create logical interface (unit) and assign different VLAN ID. We must enable vlan-tagging (dot1q) first then let's create VLAN 20 with 20.1.1.0/30 and VLAN 30 with 30.1.1.0/30. Remove the previously configured unit 0 logical interface since it's not tagged.
[edit]
root# delete interfaces fxp0 unit 0
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# run show configuration interfaces
fxp0 {
vlan-tagging;
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
Once we commit the changes, we should be able to ping both network address. So those are our 2 point-to-point links between 2 routers. Now, let's run OSPF routing area 0 between VLAN 20.
[edit]
root# set protocols ospf area 0.0.0.0 interface fxp0.20 interface-type p2p
root# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 20.1.1.2 128 32
Let's create loopback interface with 100.1.1.1/32 on the first router and 100.1.1.2/32 on the second router and advertise this into OSPF area 0 for testing.
[edit]
root# set interfaces lo0 unit 0 family inet address 100.1.1.1/32
[edit]
root# set protocols ospf area 0.0.0.0 interface lo0 passive
After commit, we should be able to see this route is learned as intra-area:
[edit]
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
We can even try to move the loopback interface to different area just to verify the OSPF:
[edit]
root@Jrocks# delete protocols ospf area 0 interface lo0.0
[edit]
root@Jrocks# set protocols ospf area 1 interface lo0.0 passive
You can see now the peer router loopback address is learned as inter-area:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Inter Network IP 1 fxp0.20 20.1.1.2
Now let's put the interface of VLAN 30 into OSPF area 1
[edit]
root# set protocols ospf area 1 interface fxp0.30 interface-type p2p
As you can see now we have established 2 OSPF neighbors:
[edit]
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
30.1.1.2 fxp0.30 Full 100.1.1.2 128 31
And if you check the routing table, obviously the 100.1.1.2/32 now is learned as intra-area route again:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.30 30.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
30.1.1.0/30 Intra Network IP 1 fxp0.30
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.30 30.1.1.2
Note: Some people sent me email saying they can't run multicast with qemu. I haven't tested PIM or other multicast protocols but when I changed the OSPF type in VLAN 30 to broadcast, by not using the point-to-point interface type option, I can form neighborship:
[edit]
root# run show ospf neighbor detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
Area 0.0.0.0, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:19:23, adjacent 00:19:23
30.1.1.2 fxp0.30 Full 100.1.1.2 128 39
Area 0.0.0.1, opt 0x42, DR 30.1.1.2, BDR 30.1.1.1
Up 00:01:25, adjacent 00:00:42
[edit]
root# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 BDR 0.0.0.1 100.1.1.2 100.1.1.1 1
Type: LAN, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 30.1.1.2, BDR addr: 30.1.1.1, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
I tried to configure RIP as well and it works too. So I guess multicast-based protocol should work, but please let me know if you find it otherwise.
JNCIE Lab Option 3b: 1 PC with Qemu, single instances
So you think making multiple folders is not good enough for you? You don't like the previous option since you must allocate memory for each instance? Alright, here is another option that I got from my Chinese friend who's been helping me setting this up: Running only a single Qemu instance but with logical router feature inside JunOS. And each logical router will take one fxp interface, or one Tap interface if you see it from Windows point of view.
So when we start Olive, assign multiple TAP interfaces into this instance. Each logical router will take one fxp interface.
C:\qemu>jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Once we are inside Olive, create logical router R1 and R2, then enable vlan-tagging on both fxp0 and fxp1 interfaces.
[edit]
root# set logical-routers R1
[edit]
root# set logical-routers R2
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp1 vlan-tagging
Assign IP address and VLAN ID just like how we did in Option 3a, but this time we have to specify the logical router name. Logical-router R1 will use fxp0 while logical-router R2 will use fxp1:
[edit]
root# set logical-router R1 interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set logical-router R1 interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 20 vlan-id 20 family inet address 20.1.1.2/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 30 vlan-id 30 family inet address 30.1.1.2/30
[edit]
root# run show configuration logical-routers R1
interfaces {
fxp0 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
}
[edit]
root# run show configuration logical-routers R2
interfaces {
fxp1 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.2/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.2/30;
}
}
}
}
When we want to run ping test, specify the logical router name as the source of the ping packet:
[edit]
root# run ping logical-router R1 20.1.1.2
PING 20.1.1.2 (20.1.1.2): 56 data bytes
64 bytes from 20.1.1.2: icmp_seq=0 ttl=64 time=3.010 ms
64 bytes from 20.1.1.2: icmp_seq=1 ttl=64 time=0.453 ms
Configure OSPF Area 0 for VLAN 20:
[edit]
root# set logical-routers R1 interfaces lo0.0 family inet address 100.1.1.1/32
[edit]
root# set logical-routers R2 interfaces lo0.1 family inet address 100.1.1.2/32
[edit]
root# set logical-routers R1 protocols ospf area 0 interface fxp0.20
[edit]
root# set logical-routers R2 protocols ospf area 0 interface fxp1.20
Check the OSPF status and routes:
[edit]
root# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 37
[edit]
root# run show ospf route logical-router R1
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
Ping R2 loopback address from R1:
root# run ping logical-router R1 100.1.1.2
PING 100.1.1.2 (100.1.1.2): 56 data bytes
64 bytes from 100.1.1.2: icmp_seq=0 ttl=64 time=0.725 ms
64 bytes from 100.1.1.2: icmp_seq=1 ttl=64 time=0.467 ms
Just for fun, put the other logical interface into OSPF Area 1:
[edit]
root# set logical-routers R1 protocols ospf area 1 interface fxp0.30 interface-type p2p
[edit]
root# set logical-routers R2 protocols ospf area 1 interface fxp1.30 interface-type p2p
[edit]
root# run show ospf neighbor logical-router R1 detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 35
Area 0.0.0.0, opt 0x42, DR 20.1.1.1, BDR 20.1.1.2
Up 00:01:54, adjacent 00:01:54
30.1.1.2 fxp0.30 Full 100.1.1.2 128 35
Area 0.0.0.1, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:05, adjacent 00:00:05
[edit]
root# run show ospf interface logical-router R1 detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 DR 0.0.0.0 100.1.1.1 100.1.1.2 1
Type: LAN, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 20.1.1.1, BDR addr: 20.1.1.2, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
As you can see, the way to configure Option 3b with logical router is the same with Option 3a except now for all configuration or show command we must specify the logical router name as well.
JNCIE Lab Option 3c: Combination
Option 3c is just combination of all previous options. Use your imagination! The following might give you some idea:
- 1 PC running Olive, without qemu, with multiple NICs to connect to a switch. Then run logical routers and assign 1 NIC to each logical router, and just as Option 3b enable dot1q and use logical interfaces on each logical router.
- 2 PCs or more running Olive, with multiple qemu instances and multiple NICs on each PC to connect to a switch. Then each qemu can take 1 NIC, use dot1q with logical interfaces but no logical router is required. This might be a good case if you have few PCs and each has multiple NICs and able to run only several qemu instances.
- 2 PCs or more running Olive with single qemu instance on each PC, and with single NIC on each PC to connect to a switch. Then in Olive on each PC create logical routers to share that single NIC. To make it easy make sure logical routers in the same Olive are not required to talk to each other, so only to another logical routers in different PC. Obviously that NIC must be configured as dot1q and each logical router will use logical interfaces.
To make it even more granular, we can combine real NICs with TAP interfaces! So if we have 2 PCs or more with single NIC on each PC, 1 PC can run multiple qemu instances, and within 1 PC they communicate each other using TAP interfaces but those qemu instances can connect to another qemu in different PC using real NIC.
And one more thing, actually we can setup point-to-point connection between 2 qemu instances, or between 2 logical routers within 1 Olive/qemu using socket or UDP port! So for UDP, for example, we need to specify the source and destination port in -net option when we define the interface:
C:\qemu> jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net udp,vlan=1,sport=10001,dport=10002,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net udp,vlan=1,sport=10002,dport=10001,daddr=127.0.0.1
Sky is the limit!
As I mentioned in the beginning, I haven't started the journey yet so I don't know if all features in the lab can be tested with Olive, especially the option to use qemu multiple instances or qemu single instance with logical routers. So appreciate if you have already tried those options to provide your feedback. Thanks.
Now it's time to go back to IOS XR ;)
But I remember when I met Olive the first time and played with it for a while, I told myself there should be several different ways in using this emulator to make me able to practice for JNCIE lab. So I'm sharing those here, and if you are in the middle of the journey, please provide your feedback whether all features required in lab can be tested with my ways.
This topology drawing is taken from JNCIE study guide.
As you can see, there are 7 core routers in the middle, 4 routers for external AS, and 1 router called Data Center. Most of the links are point-to-point. Knowing this fact, I believe we just need 1 ethernet interface (2 if you want OOB) for each router and we should be able to use logical interface with dot1q trunk and VLAN tagging to distinguish one point-to-point link with the others. So it will look like as the next drawing taken from the same book:
There won't be serial interfaces, and I don't think it will make any difference in the lab since we don't run Non Broadcast Multiple Access over serial such as frame-relay. I'm not sure if PPP features are part of the lab but in Cisco I can run PPP over Ethernet (PPPoE) and I can test the dial-on-demand or PPP authentication feature with it. So using a single dot1q trunk interface for each router and mark the same VLAN number on both routers that need the point-to-point connection should provide us the same output with one physical interface per router for each point-to-point link.
So here are the alternatives for setting up JNCIE Olive lab. I like to use the numbering similar with the options in MPLS inter-AS. And just like in inter-AS, option 3 below is the most interesting :))
JNCIE Lab Option 1: 1 PC for 1 router, multiple NICs
I have a friend who has passed JNCIE with this way. So he bought many used and obsolete PCs, it's old Pentium and but good enough to run FreeBSD with JunOS. Since it was cheap for him to purchase multiple NIC cards, he followed the topology by using direct ethernet point-to-point link even he must provide 6 ethernet ports for some of the PCs. He said all features required in the lab work when running JunOS directly on FreeBSD (no vmware or qemu). So this option is the most straight-fotward and proven to work (he passed, right?) and it doesn't require a switch since each PC will connect directly to each other (except for R1,R2 and P1 in the drawing above that can be connected using cheap hub).
JNCIE Lab Option 2: 1 PC for 1 router, 1 NIC
Similar with option 1 but using only 1 NIC for each PC. As I mentioned above, we should be able to use only a single NIC for each PC by make it as dot1q trunk and put the same VLAN ID on the logical interface for two routers that need to talk to each other. So we need to connect all the routers to a switch. You may want to use Cisco switch since Juniper has not shipped their switch yet heheh
JNCIE Lab Option 3a: 1 PC with Qemu, multiple instances
In this world, people always try to find the better way, and cheaper way, to achieve the goal. So why bother to buy multiple PCs if we can run JunOS using qemu with virtual Tap interfaces? So the idea is to run multiple Olive with qemu, and assign one Tap interface to each instance. Then we need to make sure all the interfaces are connected to one virtual switch, in Windows it's called Network Bridge.
So after we create multiple Tap interfaces in Windows using Step 2 in my previous post, we need to put all of them into the bridge in Windows Networking Setup. Just right click the interface and select "Add to Bridge" you should see it will be moved under Network Bridge.
Then when we start qemu, or jqemu, assign the interface into a single VLAN ID. The idea is to have all interfaces in a single VLAN, then later on the separation between each point-to-point link is done in JunOS logical interface configuration with dot1q and unique VLAN ID per link.
Note: I found out that I'm not able to launch multiple qemu instances in Windows if I try to execute it from a single folder. So what I did I create multiple folders and launch Olive from each.
Example, Olive instance 1 is launched with this option:
C:\qemu> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1
Then the 2nd instance is launched from another folder with the next Tap interface but same VLAN option as previous:
C:\qemu2> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1002,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Two Qemu windows will pop up and obviously we need another 2 DOS prompts to telnet to localhost port 1001 and 1002 to access our Olives. Once we login to Olive, both will have interface fxp0 and let's say we configure 10.1.1.0/30 for both interfaces without logical interface first, just to test the connection:
[edit]
root# edit interfaces fxp0 unit 0 family inet address 10.1.1.1/30
After we commit the changes we should be able to ping each other:
[edit]
root# run ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=1.937 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.843 ms
This means the bridging between 2 Tap interfaces in Windows networking is working. Now we can create logical interface (unit) and assign different VLAN ID. We must enable vlan-tagging (dot1q) first then let's create VLAN 20 with 20.1.1.0/30 and VLAN 30 with 30.1.1.0/30. Remove the previously configured unit 0 logical interface since it's not tagged.
[edit]
root# delete interfaces fxp0 unit 0
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# run show configuration interfaces
fxp0 {
vlan-tagging;
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
Once we commit the changes, we should be able to ping both network address. So those are our 2 point-to-point links between 2 routers. Now, let's run OSPF routing area 0 between VLAN 20.
[edit]
root# set protocols ospf area 0.0.0.0 interface fxp0.20 interface-type p2p
root# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 20.1.1.2 128 32
Let's create loopback interface with 100.1.1.1/32 on the first router and 100.1.1.2/32 on the second router and advertise this into OSPF area 0 for testing.
[edit]
root# set interfaces lo0 unit 0 family inet address 100.1.1.1/32
[edit]
root# set protocols ospf area 0.0.0.0 interface lo0 passive
After commit, we should be able to see this route is learned as intra-area:
[edit]
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
We can even try to move the loopback interface to different area just to verify the OSPF:
[edit]
root@Jrocks# delete protocols ospf area 0 interface lo0.0
[edit]
root@Jrocks# set protocols ospf area 1 interface lo0.0 passive
You can see now the peer router loopback address is learned as inter-area:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Inter Network IP 1 fxp0.20 20.1.1.2
Now let's put the interface of VLAN 30 into OSPF area 1
[edit]
root# set protocols ospf area 1 interface fxp0.30 interface-type p2p
As you can see now we have established 2 OSPF neighbors:
[edit]
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
30.1.1.2 fxp0.30 Full 100.1.1.2 128 31
And if you check the routing table, obviously the 100.1.1.2/32 now is learned as intra-area route again:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.30 30.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
30.1.1.0/30 Intra Network IP 1 fxp0.30
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.30 30.1.1.2
Note: Some people sent me email saying they can't run multicast with qemu. I haven't tested PIM or other multicast protocols but when I changed the OSPF type in VLAN 30 to broadcast, by not using the point-to-point interface type option, I can form neighborship:
[edit]
root# run show ospf neighbor detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
Area 0.0.0.0, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:19:23, adjacent 00:19:23
30.1.1.2 fxp0.30 Full 100.1.1.2 128 39
Area 0.0.0.1, opt 0x42, DR 30.1.1.2, BDR 30.1.1.1
Up 00:01:25, adjacent 00:00:42
[edit]
root# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 BDR 0.0.0.1 100.1.1.2 100.1.1.1 1
Type: LAN, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 30.1.1.2, BDR addr: 30.1.1.1, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
I tried to configure RIP as well and it works too. So I guess multicast-based protocol should work, but please let me know if you find it otherwise.
JNCIE Lab Option 3b: 1 PC with Qemu, single instances
So you think making multiple folders is not good enough for you? You don't like the previous option since you must allocate memory for each instance? Alright, here is another option that I got from my Chinese friend who's been helping me setting this up: Running only a single Qemu instance but with logical router feature inside JunOS. And each logical router will take one fxp interface, or one Tap interface if you see it from Windows point of view.
So when we start Olive, assign multiple TAP interfaces into this instance. Each logical router will take one fxp interface.
C:\qemu>jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Once we are inside Olive, create logical router R1 and R2, then enable vlan-tagging on both fxp0 and fxp1 interfaces.
[edit]
root# set logical-routers R1
[edit]
root# set logical-routers R2
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp1 vlan-tagging
Assign IP address and VLAN ID just like how we did in Option 3a, but this time we have to specify the logical router name. Logical-router R1 will use fxp0 while logical-router R2 will use fxp1:
[edit]
root# set logical-router R1 interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set logical-router R1 interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 20 vlan-id 20 family inet address 20.1.1.2/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 30 vlan-id 30 family inet address 30.1.1.2/30
[edit]
root# run show configuration logical-routers R1
interfaces {
fxp0 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
}
[edit]
root# run show configuration logical-routers R2
interfaces {
fxp1 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.2/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.2/30;
}
}
}
}
When we want to run ping test, specify the logical router name as the source of the ping packet:
[edit]
root# run ping logical-router R1 20.1.1.2
PING 20.1.1.2 (20.1.1.2): 56 data bytes
64 bytes from 20.1.1.2: icmp_seq=0 ttl=64 time=3.010 ms
64 bytes from 20.1.1.2: icmp_seq=1 ttl=64 time=0.453 ms
Configure OSPF Area 0 for VLAN 20:
[edit]
root# set logical-routers R1 interfaces lo0.0 family inet address 100.1.1.1/32
[edit]
root# set logical-routers R2 interfaces lo0.1 family inet address 100.1.1.2/32
[edit]
root# set logical-routers R1 protocols ospf area 0 interface fxp0.20
[edit]
root# set logical-routers R2 protocols ospf area 0 interface fxp1.20
Check the OSPF status and routes:
[edit]
root# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 37
[edit]
root# run show ospf route logical-router R1
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
Ping R2 loopback address from R1:
root# run ping logical-router R1 100.1.1.2
PING 100.1.1.2 (100.1.1.2): 56 data bytes
64 bytes from 100.1.1.2: icmp_seq=0 ttl=64 time=0.725 ms
64 bytes from 100.1.1.2: icmp_seq=1 ttl=64 time=0.467 ms
Just for fun, put the other logical interface into OSPF Area 1:
[edit]
root# set logical-routers R1 protocols ospf area 1 interface fxp0.30 interface-type p2p
[edit]
root# set logical-routers R2 protocols ospf area 1 interface fxp1.30 interface-type p2p
[edit]
root# run show ospf neighbor logical-router R1 detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 35
Area 0.0.0.0, opt 0x42, DR 20.1.1.1, BDR 20.1.1.2
Up 00:01:54, adjacent 00:01:54
30.1.1.2 fxp0.30 Full 100.1.1.2 128 35
Area 0.0.0.1, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:05, adjacent 00:00:05
[edit]
root# run show ospf interface logical-router R1 detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 DR 0.0.0.0 100.1.1.1 100.1.1.2 1
Type: LAN, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 20.1.1.1, BDR addr: 20.1.1.2, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
As you can see, the way to configure Option 3b with logical router is the same with Option 3a except now for all configuration or show command we must specify the logical router name as well.
JNCIE Lab Option 3c: Combination
Option 3c is just combination of all previous options. Use your imagination! The following might give you some idea:
- 1 PC running Olive, without qemu, with multiple NICs to connect to a switch. Then run logical routers and assign 1 NIC to each logical router, and just as Option 3b enable dot1q and use logical interfaces on each logical router.
- 2 PCs or more running Olive, with multiple qemu instances and multiple NICs on each PC to connect to a switch. Then each qemu can take 1 NIC, use dot1q with logical interfaces but no logical router is required. This might be a good case if you have few PCs and each has multiple NICs and able to run only several qemu instances.
- 2 PCs or more running Olive with single qemu instance on each PC, and with single NIC on each PC to connect to a switch. Then in Olive on each PC create logical routers to share that single NIC. To make it easy make sure logical routers in the same Olive are not required to talk to each other, so only to another logical routers in different PC. Obviously that NIC must be configured as dot1q and each logical router will use logical interfaces.
To make it even more granular, we can combine real NICs with TAP interfaces! So if we have 2 PCs or more with single NIC on each PC, 1 PC can run multiple qemu instances, and within 1 PC they communicate each other using TAP interfaces but those qemu instances can connect to another qemu in different PC using real NIC.
And one more thing, actually we can setup point-to-point connection between 2 qemu instances, or between 2 logical routers within 1 Olive/qemu using socket or UDP port! So for UDP, for example, we need to specify the source and destination port in -net option when we define the interface:
C:\qemu> jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net udp,vlan=1,sport=10001,dport=10002,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net udp,vlan=1,sport=10002,dport=10001,daddr=127.0.0.1
Sky is the limit!
As I mentioned in the beginning, I haven't started the journey yet so I don't know if all features in the lab can be tested with Olive, especially the option to use qemu multiple instances or qemu single instance with logical routers. So appreciate if you have already tried those options to provide your feedback. Thanks.
Now it's time to go back to IOS XR ;)
Friday, March 07, 2008
How to Become a CCIE v2
Passing the elite level and world's toughest certification from Cisco Systems, tips from someone who has done it three times
By Himawan Nugroho, CCIE#8171 (R&S, Security, SP)
I was digging through my own blog archive and found that my first post about How to Become a CCIE is quite old and need to get updated. In fact, I'm thinking to modify it in such a way so the same principle should be applied to any CCIE tracks, and even to any top level certification from other vendor. Without any intention to re-invent my own writing, I just put the updates and I tried to make it short this time. So if you'd like to read more about my experience taking the lab 3 times, I suggest you to read the original version and all related posts, starting with the summary of my journey.
Btw, in case you haven't noticed I'm trying to learn how to sell by using marketing hypes, hence the words "elite level", "world's toughest" and "from someone who has done it three times" yeah, right :)
1. You still need to ask yourself "what's the point?"
It's still a very tough challenge. It's still a long and tiring process. You will spend lots of efforts and money to get it. You still need to sacrifice your spare time and social life. So you should have at least one good reason why you want to do CCIE. And don't try to fake the reason. No one can give you the answer and I bet no one other than you really cares what it is. But it's important for you because this might be the only thing that can keep you going, that can wake you up from your laziness, that can make you come out from your frustration in the middle of your journey.
Once you know and believe in your reason, then decide which track you want to pursuit. Follow your heart, do only the track you like. Continue with collecting the information about that specific track: read the CCIE blueprint for both written and lab exam. Read Networkers slides to get a brief picture about the exam format and sample of the question (Yes they have a session for this, I remember I read and listened to the presentation conducted by CCIE SP proctors).
2. Use the mid-level certification
Now the step for all CCIE tracks are very clear and they all have mid-level certification (except CCIE storage). So if you want to take CCIE in Routing & Swithing you should learn CCNP. For CCIE Service Provider you should start with CCIP. For Voice it's CCVP. And for Security it's CCSP (the new Security lab doesn't require extensive knowledge of routing & switching anymore, you may check its blueprint v2). Remember, using this mid-level certification doesn't mean you have to pass it.
If you are one of the guys who wrote me email to say that certification is useless, want to take CCIE just to prove how good you are, doesn't want to waste time with CCNA, CCNP/IP/SP/VP then it's fine. Don't take the exam but you can still utilize the resources to plan your study. The base knowledge for CCIE is already covered in the mid-level certification. So do the obvious and follow the flow: read the books for the mid-level of track you want to pursuit even you don't have to take the exam. Passing the mid-level exam is important just as a review to ensure you have really understood the material covered by the certification. And you may want to get your knowledge to some extend to be certified by Cisco that can be considered a reward in your journey even you haven't completed it.
3. A new way to build your home lab
Practice extensively in the lab is still the key to pass CCIE. But for certain tracks, R&S and SP, you can practice CCIE lab without having any real equipments. I have built a step-by-step guidance to do this with dynamips. Dynamips is a very popular emulator for Cisco IOS and now some people have released several front-end interface such as dynagen or GNS3 to make it easier to setup and build the topology. It's an emulator to provide real router environment that can trick the real Cisco IOS so it will boot in normal PC. So it's still need the real Cisco IOS software, and please don't ask me to send you this.
Many people still wrote me email asking this question: is it possible to pass CCIE only with dynamips? Yes, it is. I have seen some of my friends did this. In fact, I did all my practice for CCIE SP only with (censored), something similar as dynamips. Censored = internal info to Cisco employees heheh. I'm planning to take the top level certification from other vendor (guess who :)) using a similar emulator only. I want to do it just to utilize my spare time, to prove my point here, and obviously for fun.
You may still require to build home lab, or rent it online, for other CCIE tracks.
4. Passing written test still doesn't prove anything
This is still the same point as my original post. You can read the written exam blueprint and compare it with the lab. Take the written test and feel its coverage. Then setup your lab after that, start doing the workbook, and feel the difference. For some tracks, studying for written test doesn't add any value for the lab preparation.
For me, I don't count the step to pass written test as part of my checklist to pass the lab. After you pass written exam, you are eligible to register for the lab. And that's what it's all about. Passing written test doesn't mean you are half-CCIE. It doesn't mean you are 20% or even 10% ready to take the lab. I count it as Step 0. From the written test you should start practicing in the lab and build the percentage of your progress. Use the lab blueprint as your guidance. Once you cover 100% in the list then you may be ready for your first attempt. Well, this is not always the case. I covered only 80% and passed in my first attempt. But don't count on my experience!
So my point here is: never count passing written test as part of your CCIE lab preparation. Just look at it as administrative step required to register for the lab.
5. Read, read and read, then practice
I won't list all the books that I read to prepare for all my CCIE labs. They are just so many of them! And sometime you just need to read few chapters from one book. The must-read book list is different for every track and may not updated. But you can start by checking on the book list from CCIE website. If you think it's still too much, then I suggest you to again use the Lab Exam Blueprint as your guidance. Read about one scope of technology at a time. Read from CCO, since this is Cisco certification so it always makes sense to check the configuration guide and technical tips from their website. Material from Networkers (slides with sound) is still a good resource, and I think you can get this from Networkers Online.
Google is always our best friend. And you may be interested to subscribe for online books library such as Safari Books online. Check the list of their books first before you pay! The benefit of reading from a website like Safari is they provide a google-seach to find specific topic you want to read from several books.
6. Fast and Furious may not the trend anymore
Indeed you still need the speed in typing. I guess it will be difficult to pass CCIE if you still use only two fingers to type and always look at your keyboard when you do so. There is just not enough time! But it was a different experience when I did my R&S and Security with my SP lab. In the first two, there are many independent technology that I can skip to come back later on if I don't know the answer. So my strategy at that time was to answer all questions that I know the obvious answers first. Then I went back to answer some of the questions that I'm not too sure about it. And the rest of the time was to answer all questions that I have no clue, and I used to depend on Documentation CD or restricted CCO documentation websites to find the answers. So normally I tried to complete 70-80% of the lab before lunch, since I know I need to spend many hours to read from documentation CD.
But in SP, it was a different story. Many topics are connected to another topics, many topics are built based on another topics as underlying protocol, and all decision we make to answer one topic may affect our answer for the topic we build on top of it. So the strategy that works for me at that time was "do it once, and do it right". I needed to make sure I had answered the question correctly before I moved to the next question (unless it's independent feature that I can skip). Even I can type IOS command quite fast but at that time I had only 1 hour left to re-check my work. And documentation CD is not our best friend anymore in SP lab. There is no time to read it and actually to be able to build a working topology all topics covered in the lab must be understood thoroughly, unless it's related to features or enhancements.
7. Join the community
There is no doubt about this. Learn from others' experience and share your own experience. Check the archive for all previous discussions. Answer the questions in the forum in order to get the answers for your questions to the forum. Build a healthy discussion forum! Respect each other and always think those people who are willing to answer are not getting paid for that so don't be rude and push to get answers (unless you join a commercial forum or the forum that is created by vendor to answer your questions related to the product/workbook you purchase from them).
Same as what I wrote in my original post, it would be good if you can build a small discussion forum in your area that can meet offline. It's always better to have someone to share your frustration or listening for someone's experience to boost the spirit while having coffee together. CCIE is a one-man-journey type of experience but as I said in the original post, I was happy just to know there were others out there who might be doing the same thing and facing the same challenges. You are not the only one, even you are alone who must open the door, Neo.
8. Asking the right question is an art
Try to ask some silly questions or obvious questions that any CCIE lab proctors are not allowed to answer are not recommended. They are there in the lab to clarify the question, and sometime they can provide you hints to the answer. So use this chance wisely because you don't want the proctors mark your face in his brain as someone who asks him the answer for CCIE lab.
More into that, I think it's really good to build a culture on how to ask a question effectively. I received many emails asked me how to become a CCIE even now still working on CCNA? That's easy, pass your CCNA first! Or I have seen some people throw one line question to the forum: how can I configure MPLS VPN? Why don't you spend a little bit of your time to read the website, use google, RTFM, try it in your lab and when you are really stuck you can send your specific question with all required information such as the config and topology.
Learn how to ask effectively.
We all definitely need this even for the life outside CCIE lab.
9. Understand the lab question
I was not born in english-speaking country. And even I have spent 6 years working overseas, with English as daily business language, it was still difficult for me to understand some of the lab question. For my CCIE SP lab all the questions were straight forward. I went to the proctor only because I found some vague words and since I know how to ask I could even get the hints after I clarified the words with the proctor. So they are there in the lab to help you to clarify the questions. But that's all.
And I found out when some lab questions are so confusing, it's better to sit back and look at the topology as a whole and a unit. So try to understand what we are trying to build in the lab from helicopter view, not from the device or configuration perspective. For example, when I did my SP lab I looked at the drawing, read the questions, tried to understand what kind of network I have to build with all traffic flow and policy then it became easier for me when I worked on each question to put the configuration.
10. Skeptical attitude might the one you need the most
Trust no one, trust no solution. Don't trust the configuration guide in Cisco website. Don't believe what people say or write in the forum. Don't trust the configuration and solution written in Ciscopress books. Don't even trust the solution from the vendor for those CCIE workbooks that you must pay for it!
I'm not saying that all those resources are bad and should not be trusted. What I'm trying to say here is you should not trust any solution unless you prove it in your lab. It may work in the book but not in your case because you use different IOS. You may read it and think you have already understood the technology but then when it doesn't work in the lab only you realize there is a missing part that you need to discover. And some people either make a typo in their solution or answer it with one way because of some consideration that you may not able to see.
So never stop asking: Why? How come it's possible? Why the solution use that way? What if I answer it with this way? How to prove the concept really works? What if I add this on top of that? How to answer this question if I modify or add with that requirement? And so on.
11. CCIE is nothing but a mind game
You still need to read lots of books. You still need to practice extensively. You still need to make the strategy and plan your study accordingly. But on top of that, you really need the right mindset and attitude to pass. Other than being skeptical and consistently test the solution in the lab, you must be positive most of the time. You should believe you can achieve your target if you really spend efforts in doing so. Avoid unnecessary discussion and long debate about why you need to become a CCIE (you should do that in Step 1 above). Leave your discussion group if they keep telling you it's very difficult to pass CCIE and you won't be able to make it because you don't have what it takes to pass. Or they say you don't have same opportunity as the others who can pass. Everyone has the same chance to pass. During my journey I have proved that it's not a matter of time, nor it's a matter of support from the company or how many resources you have. It's all about the mindset.
And other than being positive, you should develop ability to be adaptable as well, to make you ready for any surprises in the lab. You should know how to analyze a problem and use the right approach to solve it. This is required to ensure you can understand the requirements in the lab and choose the right method to answer. You need to be able to make decision and handle situation under pressure within limited amount of time. And you don't risk your life in taking this CCIE anyway! So relax, try your best to be prepared, extremely prepared, but in the end if you make mistakes and fail, you lose nothing but the cost to take the lab. On the other side you will definitely learn something from your failure and gain more than what you lose.
So again, Everyone has the same chance to pass.
If someone tells you the otherwise, ask him to talk to me ;)
12. Enjoy every moment of it
What's the point to do something if you don't enjoy it? Again, this is the reason why Step 1 is very crucial. It's very important to follow your heart. Because pursuing CCIE requires you to be focus and consistent, so it will be difficult if you don't know why you want to do this in the first place. You must sacrifice your spare time and social life so it's really important for those around who care to you to be part of the game. Discuss your plan with them and try to still make some contact with other human beings when you are not geeking out in the lab.
I remember when I did my security I still spent some time with my family to go to the beach, even my mind was in Firewall-ACL-to-allow-BGP-traffic-with-NAT and IDS-fine-tuning-to-send-alert-only-after-certain-hits. I sacrificed my sleep to gain extra time to study. I sacrificed my lunch. I sacrificed my time that I normally used to chit chat with colleagues. But I still had fun doing my lab since at the same time I played the Matrix or the Simpsons next to my hyperterminal. And not to mention all those Linkin Park songs that I used to play over and over continuously.
And when you are preparing for CCIE, be in the moment. Make a 6-months study plan but do one thing at the time. If you haven't passed the written then do this as Step 0. If you haven't setup the lab then start reading documentation about the emulator or search for the hardware on ebay. If you must deal with busy schedule at work, try to have fun by read CCIE material in between your busy time or steal some time by locking yourself inside the toilet and read in there (I'm still doing this until now!). Feel every aspect of the journey. Be grateful when you have even a very short time to make progress in your study. And always try to enjoy every moment of it.
Okay, let's say you pass. You may ask: now what?
Don't ask me. Ask yourself.
CCIE is just the beginning of a bigger journey. There are several other CCIE tracks to chase or other exciting things to do in life such as working in large scale project where you have to use all your technical skills along with your ability to handle much complex situation. But frankly speaking, until now I still haven't found another journey that could offer such tense atmosphere, learning experience, wide coverage of technology within short time, and fun all together outside CCIE. All the time was just for me and my lab.
As I wrote in my own post after I passed my 3rd lab:
CCIE was the only time when the world makes sense.
Have fun, everyone.
By Himawan Nugroho, CCIE#8171 (R&S, Security, SP)
I was digging through my own blog archive and found that my first post about How to Become a CCIE is quite old and need to get updated. In fact, I'm thinking to modify it in such a way so the same principle should be applied to any CCIE tracks, and even to any top level certification from other vendor. Without any intention to re-invent my own writing, I just put the updates and I tried to make it short this time. So if you'd like to read more about my experience taking the lab 3 times, I suggest you to read the original version and all related posts, starting with the summary of my journey.
Btw, in case you haven't noticed I'm trying to learn how to sell by using marketing hypes, hence the words "elite level", "world's toughest" and "from someone who has done it three times" yeah, right :)
1. You still need to ask yourself "what's the point?"
It's still a very tough challenge. It's still a long and tiring process. You will spend lots of efforts and money to get it. You still need to sacrifice your spare time and social life. So you should have at least one good reason why you want to do CCIE. And don't try to fake the reason. No one can give you the answer and I bet no one other than you really cares what it is. But it's important for you because this might be the only thing that can keep you going, that can wake you up from your laziness, that can make you come out from your frustration in the middle of your journey.
Once you know and believe in your reason, then decide which track you want to pursuit. Follow your heart, do only the track you like. Continue with collecting the information about that specific track: read the CCIE blueprint for both written and lab exam. Read Networkers slides to get a brief picture about the exam format and sample of the question (Yes they have a session for this, I remember I read and listened to the presentation conducted by CCIE SP proctors).
2. Use the mid-level certification
Now the step for all CCIE tracks are very clear and they all have mid-level certification (except CCIE storage). So if you want to take CCIE in Routing & Swithing you should learn CCNP. For CCIE Service Provider you should start with CCIP. For Voice it's CCVP. And for Security it's CCSP (the new Security lab doesn't require extensive knowledge of routing & switching anymore, you may check its blueprint v2). Remember, using this mid-level certification doesn't mean you have to pass it.
If you are one of the guys who wrote me email to say that certification is useless, want to take CCIE just to prove how good you are, doesn't want to waste time with CCNA, CCNP/IP/SP/VP then it's fine. Don't take the exam but you can still utilize the resources to plan your study. The base knowledge for CCIE is already covered in the mid-level certification. So do the obvious and follow the flow: read the books for the mid-level of track you want to pursuit even you don't have to take the exam. Passing the mid-level exam is important just as a review to ensure you have really understood the material covered by the certification. And you may want to get your knowledge to some extend to be certified by Cisco that can be considered a reward in your journey even you haven't completed it.
3. A new way to build your home lab
Practice extensively in the lab is still the key to pass CCIE. But for certain tracks, R&S and SP, you can practice CCIE lab without having any real equipments. I have built a step-by-step guidance to do this with dynamips. Dynamips is a very popular emulator for Cisco IOS and now some people have released several front-end interface such as dynagen or GNS3 to make it easier to setup and build the topology. It's an emulator to provide real router environment that can trick the real Cisco IOS so it will boot in normal PC. So it's still need the real Cisco IOS software, and please don't ask me to send you this.
Many people still wrote me email asking this question: is it possible to pass CCIE only with dynamips? Yes, it is. I have seen some of my friends did this. In fact, I did all my practice for CCIE SP only with (censored), something similar as dynamips. Censored = internal info to Cisco employees heheh. I'm planning to take the top level certification from other vendor (guess who :)) using a similar emulator only. I want to do it just to utilize my spare time, to prove my point here, and obviously for fun.
You may still require to build home lab, or rent it online, for other CCIE tracks.
4. Passing written test still doesn't prove anything
This is still the same point as my original post. You can read the written exam blueprint and compare it with the lab. Take the written test and feel its coverage. Then setup your lab after that, start doing the workbook, and feel the difference. For some tracks, studying for written test doesn't add any value for the lab preparation.
For me, I don't count the step to pass written test as part of my checklist to pass the lab. After you pass written exam, you are eligible to register for the lab. And that's what it's all about. Passing written test doesn't mean you are half-CCIE. It doesn't mean you are 20% or even 10% ready to take the lab. I count it as Step 0. From the written test you should start practicing in the lab and build the percentage of your progress. Use the lab blueprint as your guidance. Once you cover 100% in the list then you may be ready for your first attempt. Well, this is not always the case. I covered only 80% and passed in my first attempt. But don't count on my experience!
So my point here is: never count passing written test as part of your CCIE lab preparation. Just look at it as administrative step required to register for the lab.
5. Read, read and read, then practice
I won't list all the books that I read to prepare for all my CCIE labs. They are just so many of them! And sometime you just need to read few chapters from one book. The must-read book list is different for every track and may not updated. But you can start by checking on the book list from CCIE website. If you think it's still too much, then I suggest you to again use the Lab Exam Blueprint as your guidance. Read about one scope of technology at a time. Read from CCO, since this is Cisco certification so it always makes sense to check the configuration guide and technical tips from their website. Material from Networkers (slides with sound) is still a good resource, and I think you can get this from Networkers Online.
Google is always our best friend. And you may be interested to subscribe for online books library such as Safari Books online. Check the list of their books first before you pay! The benefit of reading from a website like Safari is they provide a google-seach to find specific topic you want to read from several books.
6. Fast and Furious may not the trend anymore
Indeed you still need the speed in typing. I guess it will be difficult to pass CCIE if you still use only two fingers to type and always look at your keyboard when you do so. There is just not enough time! But it was a different experience when I did my R&S and Security with my SP lab. In the first two, there are many independent technology that I can skip to come back later on if I don't know the answer. So my strategy at that time was to answer all questions that I know the obvious answers first. Then I went back to answer some of the questions that I'm not too sure about it. And the rest of the time was to answer all questions that I have no clue, and I used to depend on Documentation CD or restricted CCO documentation websites to find the answers. So normally I tried to complete 70-80% of the lab before lunch, since I know I need to spend many hours to read from documentation CD.
But in SP, it was a different story. Many topics are connected to another topics, many topics are built based on another topics as underlying protocol, and all decision we make to answer one topic may affect our answer for the topic we build on top of it. So the strategy that works for me at that time was "do it once, and do it right". I needed to make sure I had answered the question correctly before I moved to the next question (unless it's independent feature that I can skip). Even I can type IOS command quite fast but at that time I had only 1 hour left to re-check my work. And documentation CD is not our best friend anymore in SP lab. There is no time to read it and actually to be able to build a working topology all topics covered in the lab must be understood thoroughly, unless it's related to features or enhancements.
7. Join the community
There is no doubt about this. Learn from others' experience and share your own experience. Check the archive for all previous discussions. Answer the questions in the forum in order to get the answers for your questions to the forum. Build a healthy discussion forum! Respect each other and always think those people who are willing to answer are not getting paid for that so don't be rude and push to get answers (unless you join a commercial forum or the forum that is created by vendor to answer your questions related to the product/workbook you purchase from them).
Same as what I wrote in my original post, it would be good if you can build a small discussion forum in your area that can meet offline. It's always better to have someone to share your frustration or listening for someone's experience to boost the spirit while having coffee together. CCIE is a one-man-journey type of experience but as I said in the original post, I was happy just to know there were others out there who might be doing the same thing and facing the same challenges. You are not the only one, even you are alone who must open the door, Neo.
8. Asking the right question is an art
Try to ask some silly questions or obvious questions that any CCIE lab proctors are not allowed to answer are not recommended. They are there in the lab to clarify the question, and sometime they can provide you hints to the answer. So use this chance wisely because you don't want the proctors mark your face in his brain as someone who asks him the answer for CCIE lab.
More into that, I think it's really good to build a culture on how to ask a question effectively. I received many emails asked me how to become a CCIE even now still working on CCNA? That's easy, pass your CCNA first! Or I have seen some people throw one line question to the forum: how can I configure MPLS VPN? Why don't you spend a little bit of your time to read the website, use google, RTFM, try it in your lab and when you are really stuck you can send your specific question with all required information such as the config and topology.
Learn how to ask effectively.
We all definitely need this even for the life outside CCIE lab.
9. Understand the lab question
I was not born in english-speaking country. And even I have spent 6 years working overseas, with English as daily business language, it was still difficult for me to understand some of the lab question. For my CCIE SP lab all the questions were straight forward. I went to the proctor only because I found some vague words and since I know how to ask I could even get the hints after I clarified the words with the proctor. So they are there in the lab to help you to clarify the questions. But that's all.
And I found out when some lab questions are so confusing, it's better to sit back and look at the topology as a whole and a unit. So try to understand what we are trying to build in the lab from helicopter view, not from the device or configuration perspective. For example, when I did my SP lab I looked at the drawing, read the questions, tried to understand what kind of network I have to build with all traffic flow and policy then it became easier for me when I worked on each question to put the configuration.
10. Skeptical attitude might the one you need the most
Trust no one, trust no solution. Don't trust the configuration guide in Cisco website. Don't believe what people say or write in the forum. Don't trust the configuration and solution written in Ciscopress books. Don't even trust the solution from the vendor for those CCIE workbooks that you must pay for it!
I'm not saying that all those resources are bad and should not be trusted. What I'm trying to say here is you should not trust any solution unless you prove it in your lab. It may work in the book but not in your case because you use different IOS. You may read it and think you have already understood the technology but then when it doesn't work in the lab only you realize there is a missing part that you need to discover. And some people either make a typo in their solution or answer it with one way because of some consideration that you may not able to see.
So never stop asking: Why? How come it's possible? Why the solution use that way? What if I answer it with this way? How to prove the concept really works? What if I add this on top of that? How to answer this question if I modify or add with that requirement? And so on.
11. CCIE is nothing but a mind game
You still need to read lots of books. You still need to practice extensively. You still need to make the strategy and plan your study accordingly. But on top of that, you really need the right mindset and attitude to pass. Other than being skeptical and consistently test the solution in the lab, you must be positive most of the time. You should believe you can achieve your target if you really spend efforts in doing so. Avoid unnecessary discussion and long debate about why you need to become a CCIE (you should do that in Step 1 above). Leave your discussion group if they keep telling you it's very difficult to pass CCIE and you won't be able to make it because you don't have what it takes to pass. Or they say you don't have same opportunity as the others who can pass. Everyone has the same chance to pass. During my journey I have proved that it's not a matter of time, nor it's a matter of support from the company or how many resources you have. It's all about the mindset.
And other than being positive, you should develop ability to be adaptable as well, to make you ready for any surprises in the lab. You should know how to analyze a problem and use the right approach to solve it. This is required to ensure you can understand the requirements in the lab and choose the right method to answer. You need to be able to make decision and handle situation under pressure within limited amount of time. And you don't risk your life in taking this CCIE anyway! So relax, try your best to be prepared, extremely prepared, but in the end if you make mistakes and fail, you lose nothing but the cost to take the lab. On the other side you will definitely learn something from your failure and gain more than what you lose.
So again, Everyone has the same chance to pass.
If someone tells you the otherwise, ask him to talk to me ;)
12. Enjoy every moment of it
What's the point to do something if you don't enjoy it? Again, this is the reason why Step 1 is very crucial. It's very important to follow your heart. Because pursuing CCIE requires you to be focus and consistent, so it will be difficult if you don't know why you want to do this in the first place. You must sacrifice your spare time and social life so it's really important for those around who care to you to be part of the game. Discuss your plan with them and try to still make some contact with other human beings when you are not geeking out in the lab.
I remember when I did my security I still spent some time with my family to go to the beach, even my mind was in Firewall-ACL-to-allow-BGP-traffic-with-NAT and IDS-fine-tuning-to-send-alert-only-after-certain-hits. I sacrificed my sleep to gain extra time to study. I sacrificed my lunch. I sacrificed my time that I normally used to chit chat with colleagues. But I still had fun doing my lab since at the same time I played the Matrix or the Simpsons next to my hyperterminal. And not to mention all those Linkin Park songs that I used to play over and over continuously.
And when you are preparing for CCIE, be in the moment. Make a 6-months study plan but do one thing at the time. If you haven't passed the written then do this as Step 0. If you haven't setup the lab then start reading documentation about the emulator or search for the hardware on ebay. If you must deal with busy schedule at work, try to have fun by read CCIE material in between your busy time or steal some time by locking yourself inside the toilet and read in there (I'm still doing this until now!). Feel every aspect of the journey. Be grateful when you have even a very short time to make progress in your study. And always try to enjoy every moment of it.
Okay, let's say you pass. You may ask: now what?
Don't ask me. Ask yourself.
CCIE is just the beginning of a bigger journey. There are several other CCIE tracks to chase or other exciting things to do in life such as working in large scale project where you have to use all your technical skills along with your ability to handle much complex situation. But frankly speaking, until now I still haven't found another journey that could offer such tense atmosphere, learning experience, wide coverage of technology within short time, and fun all together outside CCIE. All the time was just for me and my lab.
As I wrote in my own post after I passed my 3rd lab:
CCIE was the only time when the world makes sense.
Have fun, everyone.
Subscribe to:
Posts (Atom)