This June is an interesting month for me since I have to finish 2 migration projects while doing another 3 projects in 5 different countries. Thanks God it's over. I mean finally I completed the 2 migration projects and handed over 1 project to my team mate after completing the initial phases. It was tough time, but it was fun too at the same time. And fortunately there was Euro 2008 on TV for almost 1 month. It has no relationship with my projects but it sure helped me to pass through the tough time. I tried to watch all the games even in the middle of my busy time. And sometime I even had to watch in the Airport during my transit from one country to another.
So here is the list of places where I watched Euro 2008:
Final - in Hotel, Kuala Lumpur
Semi Final - 1 in Changi Airport and 1 in Hotel, Taiwan
Quarter Final - 1 in Changi Airport, 1 in Customer site (during migration), 2 in Hotel, Saigon
Qualification - 4 in friend’s home, 4 in the office (Internet TV), 1 in Hard Rock Cafe KL, 3 in hotel in KL, 1 in Changi Airport, rest either at own home or didn’t watch
Just FYI, Euro 2008 game normally started around 1.45 or 2.45 am in South East Asia countries. So high pressure from projects combined with less sleep. Perfect.
Looking forward for new challenges (and new excitements) on July.
Monday, June 30, 2008
Friday, June 13, 2008
Inspired by Many
When I put on my suit, get on my bike and make my way to the start line, my brain is free of every single thought apart from those directly linked to my riding of the bike. I can isolate everything else, nerves don't bother me, I don't even think, once that visor comes down, that my reputation, or my title, or even my career might be at stake.That quote was taken from Valentino Rossi's autobiography. He's an Italian professional motorcycle racer and multiple MotoGP World Champion. He is one of the most successful motorcycle racers of all time, with 7 Grand Prix World Championships to his name.
Rossi’s record in the motorcycle road racing World Championship is supreme. First in the ultra-competitive 125 class starting in 1996; then in the 250 class only to graduate shortly thereafter to the big league of the 500s. In 2002 the premier class switched direction moving from 500 cc two-strokes to 990 cc four-strokes from then on to be known as MotoGP. Rossi rides for Honda and wins. He wins on a Honda the next year and then switches to Yamaha, to every race fans’ surprise, and wins against all odds. He wins again in 2005. No one is close. No one is faster. And all at speeds which approach 200 mph.
I like to read the story of people's life to know how they deal with challenges or make crucial decisions. It's best to try everything by ourselves but sometime it's wiser to learn from someone's experience. On that quote Rossi teaches us the true meaning of focus. There are always challenges and external factors that can disturb our mind, but when it is time to race, we should be able to isolate everything else. This is similar with the concept I ever mentioned before, in the moment, where we should focus on what we have in hand even we have so many options and plans for the future.
Taken from Kung Fu Panda: 'Yesterday is history. Tomorrow is a mystery. But today is a gift. That is why they call it a present.'
So for those who will take your CCIE lab, even you are not going to race beyond 200 mph but during the lab day you should forget all the pressures such as "company has paid for three times", "please pass this time or you need to find another job", "baby we have withdrawn all our savings for this attempt" "how come he's much younger and he passed in first attempt only" and so on. To be frank, I was in this situation once where I had to pass or the company may kick me out, or at least wouldn't give me another chance.
Thinking about those during the lab day won't help at all. It's better to put the visor down and just start racing.
And btw, Rossi's decision to move from Honda in the end of 2003, where he has won three world title with them, to Yamaha team is still considered as one of the most brave decision in history. He didn't like the fact people started thinking that to win the title you need to ride superior Honda, and he proved it by moving to a lame Yamaha team at that time and won another two world champions.
Now that's really inspiring.
I recommend to read his book even you don't know what the heck MotoGP is.
"Just think, what if I had never raced motorbikes. How things would have been so different. Just think, what if I had never tried it." - Valentino Rossi
Sunday, May 04, 2008
Enlightened Will
I was planning to write something technical in my blog. But I have been busy leading a migration project for one of the largest ISP in Vietnam since two weeks ago. So I thought I'd rather share some of my new thoughts as I gained the experience in Vietnam instead.
So the story began when my team was appointed to finish a migration project that has been delayed for quite some time by another team. At that time no one knew what the reason of the delay, nor the complexity of the project so two Consulting Engineers from my team was sent onsite to investigate and hopefully we can close the project once and for all. I was not involved, but I asked my boss to put me in. Perhaps it's because the advice I got recently to do something extra, even though I have already had four projects in hand in four different countries. Or perhaps I was just curious and want to know how come my company failed to complete the project so I decided to volunteer myself.
My involvement was unplanned so there was no budget for me. I accepted the condition to share a hotel room with one of my team mates. For me it's not a big deal since every time I do projects in any country I normally spend most of the time in customer site and go back to the hotel just to take shower and sleep. I feel like I have to help my team to finish this project at any cost, especially after my team mates told me the migration project is quite challenging. It involves three data center in three different cities in Vietnam. We have to migrate the infrastructure of the ISP's Next Generation Networks. We have to re-patch the cables, move EIGRP to OSPF, re-configure LDP, MP-BGP, Cache, BGP with complex policy and what makes it more challenging is we have only two hours downtime. Two hours downtime means my team has only one hour to do the job as we need spare time in case we must rollback the network to the previous state. And the previous migration plan from another team was far from complete and cannot be executed blindly.
To make the story short, it's been a damn good experience for the past two weeks. First, we had to analyze the network and build our new migration plan from the scratch. Then we had to move to three different sites every few days to migrate the network. Downtime means hell. There were just so many things to do within very short time. But we made it. We finally migrated the network even under the very high pressure and we need to open P2 TAC cases to help us in some hardware problems. Even with all those pressures, I won't forget some of the best moments in Vietnam when I had a chance to enjoy five-star resort next to the sea in Danang, or chill out in a bar that stands over the water in the middle of Hanoi West Lake.
It still left me a big question though, how come my company was not able to deliver in the first place? In other words, how come did we screw up before? I thought I'm in the best company that can deliver superb results every time.
My brain took me to my last few days before I left Dubai to join this company. At that time my best friend asked me why I was so keen to join the company and willing to leave everything I used to have in Dubai behind. Frankly speaking, to join the company I had to move my life to a completely new country and accept lower paycheck that I used to get. My friend even offered me a job with the salary that I could only dream of before if I decided to change my mind.
I remember what I told him as my reply: I need to join this company since they can teach me how to be a proper networking professional. This is the company that makes the products, and the very same company that can deliver superb services. They have already had everything in place: procedure, templates, process, tools, knowledge base etc. It's not about the money. It's about moving to a place where I can learn how to do things properly. I have been doing all my consulting works before based only on my own ideas and past experiences, and this is the place that can teach me how to do it better. I must join to be the best in network consulting.
Obviously I was mistaken.
Even in the big company as mine people can screw up. People inside the company can deliver superb result but on the other side the same group of people can make mistakes. I found that, just as any other fields in this world, it's not the company that matters. It's not the company who drives the changes. It's the people inside the company who matter. Those people who bring new values, new ideas, build new tools, and fix the process. It's the people who change the way the world works, lives, plays, and learns.
Suddenly I realized that I was so naive when I said those words to my best friend. The company can't teach me anything more. Everything that I need to know to become a top notch consultant I have learned it even before I joined the company. I'm the one who's supposed to bring the new ideas. I'm the one who should come up with new procedures, new templates, fix the process, and upgrade the tools. I'm the one who should teach others and share my experiences from the moment I joined.
Ho Chi Minh city, previously known as Saigon, was named after the founder of the country Ho Chi Minh that means "Enlightened Will". And I feel like in this city I have been enlightened.
So the story began when my team was appointed to finish a migration project that has been delayed for quite some time by another team. At that time no one knew what the reason of the delay, nor the complexity of the project so two Consulting Engineers from my team was sent onsite to investigate and hopefully we can close the project once and for all. I was not involved, but I asked my boss to put me in. Perhaps it's because the advice I got recently to do something extra, even though I have already had four projects in hand in four different countries. Or perhaps I was just curious and want to know how come my company failed to complete the project so I decided to volunteer myself.
My involvement was unplanned so there was no budget for me. I accepted the condition to share a hotel room with one of my team mates. For me it's not a big deal since every time I do projects in any country I normally spend most of the time in customer site and go back to the hotel just to take shower and sleep. I feel like I have to help my team to finish this project at any cost, especially after my team mates told me the migration project is quite challenging. It involves three data center in three different cities in Vietnam. We have to migrate the infrastructure of the ISP's Next Generation Networks. We have to re-patch the cables, move EIGRP to OSPF, re-configure LDP, MP-BGP, Cache, BGP with complex policy and what makes it more challenging is we have only two hours downtime. Two hours downtime means my team has only one hour to do the job as we need spare time in case we must rollback the network to the previous state. And the previous migration plan from another team was far from complete and cannot be executed blindly.
To make the story short, it's been a damn good experience for the past two weeks. First, we had to analyze the network and build our new migration plan from the scratch. Then we had to move to three different sites every few days to migrate the network. Downtime means hell. There were just so many things to do within very short time. But we made it. We finally migrated the network even under the very high pressure and we need to open P2 TAC cases to help us in some hardware problems. Even with all those pressures, I won't forget some of the best moments in Vietnam when I had a chance to enjoy five-star resort next to the sea in Danang, or chill out in a bar that stands over the water in the middle of Hanoi West Lake.
It still left me a big question though, how come my company was not able to deliver in the first place? In other words, how come did we screw up before? I thought I'm in the best company that can deliver superb results every time.
My brain took me to my last few days before I left Dubai to join this company. At that time my best friend asked me why I was so keen to join the company and willing to leave everything I used to have in Dubai behind. Frankly speaking, to join the company I had to move my life to a completely new country and accept lower paycheck that I used to get. My friend even offered me a job with the salary that I could only dream of before if I decided to change my mind.
I remember what I told him as my reply: I need to join this company since they can teach me how to be a proper networking professional. This is the company that makes the products, and the very same company that can deliver superb services. They have already had everything in place: procedure, templates, process, tools, knowledge base etc. It's not about the money. It's about moving to a place where I can learn how to do things properly. I have been doing all my consulting works before based only on my own ideas and past experiences, and this is the place that can teach me how to do it better. I must join to be the best in network consulting.
Obviously I was mistaken.
Even in the big company as mine people can screw up. People inside the company can deliver superb result but on the other side the same group of people can make mistakes. I found that, just as any other fields in this world, it's not the company that matters. It's not the company who drives the changes. It's the people inside the company who matter. Those people who bring new values, new ideas, build new tools, and fix the process. It's the people who change the way the world works, lives, plays, and learns.
Suddenly I realized that I was so naive when I said those words to my best friend. The company can't teach me anything more. Everything that I need to know to become a top notch consultant I have learned it even before I joined the company. I'm the one who's supposed to bring the new ideas. I'm the one who should come up with new procedures, new templates, fix the process, and upgrade the tools. I'm the one who should teach others and share my experiences from the moment I joined.
Ho Chi Minh city, previously known as Saigon, was named after the founder of the country Ho Chi Minh that means "Enlightened Will". And I feel like in this city I have been enlightened.
Wednesday, April 16, 2008
Backpacker with Gold Privilige
"I'm not crazy, I'm just a little unwell,
I know right now you can't tell,
But stay awhile and maybe then you'll see,
A different side of me"
(Unwell - Matchbox 20)
Today is my last day in my apartment. I decided to go full mobile even in Singapore. I decided to abandon my apartment room instead of renewing the rent. Well, it's been a year and in average I sleep in that room maybe only 5-7 days a month. This month I slept there for about 2 weeks since I have a CRS migration project in Singapore but it's going to end in the next couple of days. And I'm flying to Vietnam today, I will stay for more than 2 weeks there and may fly to another country after that.
I decided to stay in the hotel everytime I need to be in my base station, most probably in a budget or backpacker hotel. According to my calculation if I need to spend only a week every month in Singapore it’s much cheaper to stay in the hotel that is closer to office than paying monthly room with taxi since my current room is on the far west side of the island. Obviously it will be more fun, and I need to keep myself busy so I can avoid my Crazy Thought to keep bugging and asking me the very same question.
Or I can just stay in the office everytime I'm in the country. This is not a new life style for me. When I started my career 8 years ago I used to sleep in the office. I did it for about 9 months. It was fun since my previous office had cable TV, air con, high speed internet, copy machine and printer that I used to abuse after midnight so nobody was there to watch, always-on coffee machine, and last but not least: live network that I could use to practice for my CCIE lab ;)
But even with my new backpacking way of life, I'm not in the bad shape since I always stay in 5-star hotel during any projects in neighboring countries, and I enjoy more privileges and benefits since I have Gold membership with the airline and hotels.
My traveling experience for the past 2 years:
Hotel: Shangri-La (80%), Hilton, Hyatt, Ritz Carlton, Intercontinental, Swissotel, Sheraton, Le Meridien, Four Season, Holiday Inn, Westin, Crown Plaza, Conrad, Sofitel, Excelsior
Airline: Singapore Air (90%), Malaysia Air, Thai Air, Air Asia, Garuda, Jet Star Asia/Valuair, Emirates Air, Vietnam Air
Membership: Singapore Air KrisFlyer/Star Alliance Elite Gold, Shangri-La Gold, Hyatt Gold, Starwood Preferred Guest
Privileges: Airport business lounge, priority check-in/luggage, upgraded hotel room, free staying in hotel, miles
Travel style: Light. First priority is for passport, wallet and mobile phone. Second priority is for Cisco badge, notebook, chargers, iPod. Third, my backpack where I keep all the rest. In fact, everything that I need for living outside the country I put it inside this backpack
Favorite airport: Changi International
Favorite cities: San Francisco, Amsterdam, Sydney, Dubai, Bangkok
Best flying experience: A380 to Sydney
Longest flying time: San Francisco - Sydney (via Hongkong and Singapore)
Longest stay in city during one visit: 3 weeks (Sydney)
I’m a traveler as well as a consulting engineer, a dreamer, a blogger, a backpacker. I'm a Triple CCIE and a storyteller too.
And this is my story.
I know right now you can't tell,
But stay awhile and maybe then you'll see,
A different side of me"
(Unwell - Matchbox 20)
Today is my last day in my apartment. I decided to go full mobile even in Singapore. I decided to abandon my apartment room instead of renewing the rent. Well, it's been a year and in average I sleep in that room maybe only 5-7 days a month. This month I slept there for about 2 weeks since I have a CRS migration project in Singapore but it's going to end in the next couple of days. And I'm flying to Vietnam today, I will stay for more than 2 weeks there and may fly to another country after that.
I decided to stay in the hotel everytime I need to be in my base station, most probably in a budget or backpacker hotel. According to my calculation if I need to spend only a week every month in Singapore it’s much cheaper to stay in the hotel that is closer to office than paying monthly room with taxi since my current room is on the far west side of the island. Obviously it will be more fun, and I need to keep myself busy so I can avoid my Crazy Thought to keep bugging and asking me the very same question.
Or I can just stay in the office everytime I'm in the country. This is not a new life style for me. When I started my career 8 years ago I used to sleep in the office. I did it for about 9 months. It was fun since my previous office had cable TV, air con, high speed internet, copy machine and printer that I used to abuse after midnight so nobody was there to watch, always-on coffee machine, and last but not least: live network that I could use to practice for my CCIE lab ;)
But even with my new backpacking way of life, I'm not in the bad shape since I always stay in 5-star hotel during any projects in neighboring countries, and I enjoy more privileges and benefits since I have Gold membership with the airline and hotels.
My traveling experience for the past 2 years:
Hotel: Shangri-La (80%), Hilton, Hyatt, Ritz Carlton, Intercontinental, Swissotel, Sheraton, Le Meridien, Four Season, Holiday Inn, Westin, Crown Plaza, Conrad, Sofitel, Excelsior
Airline: Singapore Air (90%), Malaysia Air, Thai Air, Air Asia, Garuda, Jet Star Asia/Valuair, Emirates Air, Vietnam Air
Membership: Singapore Air KrisFlyer/Star Alliance Elite Gold, Shangri-La Gold, Hyatt Gold, Starwood Preferred Guest
Privileges: Airport business lounge, priority check-in/luggage, upgraded hotel room, free staying in hotel, miles
Travel style: Light. First priority is for passport, wallet and mobile phone. Second priority is for Cisco badge, notebook, chargers, iPod. Third, my backpack where I keep all the rest. In fact, everything that I need for living outside the country I put it inside this backpack
Favorite airport: Changi International
Favorite cities: San Francisco, Amsterdam, Sydney, Dubai, Bangkok
Best flying experience: A380 to Sydney
Longest flying time: San Francisco - Sydney (via Hongkong and Singapore)
Longest stay in city during one visit: 3 weeks (Sydney)
I’m a traveler as well as a consulting engineer, a dreamer, a blogger, a backpacker. I'm a Triple CCIE and a storyteller too.
And this is my story.
Monday, March 31, 2008
What Would I Miss?
You wake up at Kuala Lumpur, Bangkok, Sydney. You wake up at Singapore, Bali, Hanoi. San Jose, Hongkong, Jakarta, Ho Chi Minh. Lose an hour, gain an hour. This is your life, and it's ending one minute at a time. You wake up at Changi International. If you wake up at a different time, in a different place, could you wake up as a different person?
(Fight Club, modified with the places I visited in the last few months)
I woke up this morning in Bangkok, and suddenly I had this crazy thought in mind. I travel quite often and keep changing my currency and timezone. But nope, I haven’t changed to a different person, I am still who I am. In fact, I feel like I haven’t changed at all. And that’s the problem.
I joined Cisco because I want to learn new things, I want to do something new, I want to be part of the company who are changing the way the world live, work, play and learn because I want to see from inside how they are doing it. But frankly speaking, so far I still do what I used to do. I still work to deliver projects. I still have to capture the customer requirements. I still spend time to find the solutions. I still must build the implementation and migration plan and sometime I even have to lead the migration by myself.
What’s the difference with before then? Number of customers. Project scale. High end products involved such as CRS-1. Customers in different country with different culture. More access to Cisco knowledge database. Meet well-known Cisco people. But I still do what I used to do. If in my previous work I had to present and convince the customer about my design or my plan, now with Cisco I still need to do the same thing. I still have to deliver the same type of work as before. And I don’t feel that I have made any improvements in doing it. Because I don’t have to. And I’m still survive, just as I have survived in the past.
This is not a good news. If you move to a new place, but you do exactly the same thing as what you used to do in the previous place and you still survive, it means either you have reached the highest level in whatever you do or you have entered a state of a very dangerous mindset that people call comfort zone. I don’t like to be in comfort zone as much as I don’t like to be in survival mode.
So I look back to see another reason why 1.5 years ago I decided to drop all my life in Dubai to move to Singapore, and in fact I was not moving to Singapore but to a new frequent flyer life style. I found out that among the reasons, one is because I was hoping someday I will get transferred to Cisco Business Unit in San Jose. Most probably I will work as a testing and deployment engineer there since my kungfu is not that good and I don’t speak C fluently. It’s a good reason to join Cisco, isn’t it? And as a US company Cisco can provide me L1 visa so I don’t have to compete to get H1b visa that is getting very difficult to get nowadays.
The crazy thought inside my head starts yelling: so what happen if you don’t get a chance to move to San Jose? Probably because of the current economy, or perhaps because your skillset doesn’t match what is required there. What would you miss if you fail your mission?
First, I would miss my chance to be part of the team that develops and makes decision of the next Cisco products. [crazy thought: yeah rite, even you made it to SJ, with your skillset and background experience as consultant not developer you won’t become the lead architect for the product to make such decision]
Second, I would miss my chance to be in the middle of world’s center of excellence and I would not be able to make the next Google. [crazy thought: oh, come one now. You won’t be able to make the next Google even you are in SJ now, but the right term might be ‘miss my chance to join a company that will become the next Google’, and this is only if you quit from Cisco there and join the right start-up company]
Third, I would miss my chance to work in one of my favorite cities, work 9 to 5, spend more time with my family, and ride my Ducati Monster around the city. [crazy thought: as you said, SJ is one of your favorite cities. So there are other favorite places that you can choose and offer you the same type of life style]
But then this crazy thought doesn’t want to stop, it wants me to go even further: so what happen if one day you decide that chance to move to San Jose is not worth waiting anymore, and it means there will be no point for you to stay with Cisco? What would you miss if you leave Cisco?
Hmm, so far I can think only three things:
First, I would miss all the access to Cisco knowledge database, all my chance to meet and work with Ciscopress book authors and all famous people such as Distinguished Engineers. And as NCE I can even access the repository to read the source code. I would miss all of them. [crazy thought: yeah, when did the last time you use the chance with all those access to increase your knowledge dramatically or make you a better person? Any company that makes product can offer you the same type of access]
Second, I would miss my chance to get transferred by Cisco to a better place. [crazy thought: according to your objective, your main target is SJ. If they can’t give that to you, then any other companies can offer the same chance to move to the place you want. Even so far you have received many offers from other company to do exactly the same thing with what you have been doing, with the same frequent flyer life-style but wider coverage of countries, and obviously with more money]
Third, I would miss my privilege and all respect that I receive as being part of Cisco. [crazy thought: yes, some people respect you at the first sight since they know you work for Cisco. But in the end it’s your experience and what you can do that really make people give you respect. There is other way to earn respect during the first meeting, in some places people look at you from your appearance, what car you drive, and even how much money you make. But again, eventually you have to prove and show that you are capable to really gain the true respect]
The crazy thought now is whispering to me: soooo, if you will not have your chance to move to San Jose, and you have only those three reasons to stay in Cisco, would you consider another option that can provide you happiness in such a different way? The one that provides more adventurous life and chance to do something that you have never done before? Would you start looking for that option?
Ahh, my crazy thought. It’s so difficult to predict and control, but I just can’t imagine to live without it either.
This is my life and it's ending one minute at a time.
(Fight Club, modified with the places I visited in the last few months)
I woke up this morning in Bangkok, and suddenly I had this crazy thought in mind. I travel quite often and keep changing my currency and timezone. But nope, I haven’t changed to a different person, I am still who I am. In fact, I feel like I haven’t changed at all. And that’s the problem.
I joined Cisco because I want to learn new things, I want to do something new, I want to be part of the company who are changing the way the world live, work, play and learn because I want to see from inside how they are doing it. But frankly speaking, so far I still do what I used to do. I still work to deliver projects. I still have to capture the customer requirements. I still spend time to find the solutions. I still must build the implementation and migration plan and sometime I even have to lead the migration by myself.
What’s the difference with before then? Number of customers. Project scale. High end products involved such as CRS-1. Customers in different country with different culture. More access to Cisco knowledge database. Meet well-known Cisco people. But I still do what I used to do. If in my previous work I had to present and convince the customer about my design or my plan, now with Cisco I still need to do the same thing. I still have to deliver the same type of work as before. And I don’t feel that I have made any improvements in doing it. Because I don’t have to. And I’m still survive, just as I have survived in the past.
This is not a good news. If you move to a new place, but you do exactly the same thing as what you used to do in the previous place and you still survive, it means either you have reached the highest level in whatever you do or you have entered a state of a very dangerous mindset that people call comfort zone. I don’t like to be in comfort zone as much as I don’t like to be in survival mode.
So I look back to see another reason why 1.5 years ago I decided to drop all my life in Dubai to move to Singapore, and in fact I was not moving to Singapore but to a new frequent flyer life style. I found out that among the reasons, one is because I was hoping someday I will get transferred to Cisco Business Unit in San Jose. Most probably I will work as a testing and deployment engineer there since my kungfu is not that good and I don’t speak C fluently. It’s a good reason to join Cisco, isn’t it? And as a US company Cisco can provide me L1 visa so I don’t have to compete to get H1b visa that is getting very difficult to get nowadays.
The crazy thought inside my head starts yelling: so what happen if you don’t get a chance to move to San Jose? Probably because of the current economy, or perhaps because your skillset doesn’t match what is required there. What would you miss if you fail your mission?
First, I would miss my chance to be part of the team that develops and makes decision of the next Cisco products. [crazy thought: yeah rite, even you made it to SJ, with your skillset and background experience as consultant not developer you won’t become the lead architect for the product to make such decision]
Second, I would miss my chance to be in the middle of world’s center of excellence and I would not be able to make the next Google. [crazy thought: oh, come one now. You won’t be able to make the next Google even you are in SJ now, but the right term might be ‘miss my chance to join a company that will become the next Google’, and this is only if you quit from Cisco there and join the right start-up company]
Third, I would miss my chance to work in one of my favorite cities, work 9 to 5, spend more time with my family, and ride my Ducati Monster around the city. [crazy thought: as you said, SJ is one of your favorite cities. So there are other favorite places that you can choose and offer you the same type of life style]
But then this crazy thought doesn’t want to stop, it wants me to go even further: so what happen if one day you decide that chance to move to San Jose is not worth waiting anymore, and it means there will be no point for you to stay with Cisco? What would you miss if you leave Cisco?
Hmm, so far I can think only three things:
First, I would miss all the access to Cisco knowledge database, all my chance to meet and work with Ciscopress book authors and all famous people such as Distinguished Engineers. And as NCE I can even access the repository to read the source code. I would miss all of them. [crazy thought: yeah, when did the last time you use the chance with all those access to increase your knowledge dramatically or make you a better person? Any company that makes product can offer you the same type of access]
Second, I would miss my chance to get transferred by Cisco to a better place. [crazy thought: according to your objective, your main target is SJ. If they can’t give that to you, then any other companies can offer the same chance to move to the place you want. Even so far you have received many offers from other company to do exactly the same thing with what you have been doing, with the same frequent flyer life-style but wider coverage of countries, and obviously with more money]
Third, I would miss my privilege and all respect that I receive as being part of Cisco. [crazy thought: yes, some people respect you at the first sight since they know you work for Cisco. But in the end it’s your experience and what you can do that really make people give you respect. There is other way to earn respect during the first meeting, in some places people look at you from your appearance, what car you drive, and even how much money you make. But again, eventually you have to prove and show that you are capable to really gain the true respect]
The crazy thought now is whispering to me: soooo, if you will not have your chance to move to San Jose, and you have only those three reasons to stay in Cisco, would you consider another option that can provide you happiness in such a different way? The one that provides more adventurous life and chance to do something that you have never done before? Would you start looking for that option?
Ahh, my crazy thought. It’s so difficult to predict and control, but I just can’t imagine to live without it either.
This is my life and it's ending one minute at a time.
Sunday, March 09, 2008
Olive for JNCIE
After my first post about Olive, many people sent me email asking how to use it to set up the lab so they can study JNCIE. I need to explain in here that I haven't started the JNCIE journey yet. I have not even read any JNCIS or JNCIP books. I have been busy working on several migration projects in few different countries at a time and some of them have CRS (yes boys, CRS boxes are coming more and more to South East Asian countries!). So I thought I should focus on the first picture in my targets before I move to the next one.
But I remember when I met Olive the first time and played with it for a while, I told myself there should be several different ways in using this emulator to make me able to practice for JNCIE lab. So I'm sharing those here, and if you are in the middle of the journey, please provide your feedback whether all features required in lab can be tested with my ways.
This topology drawing is taken from JNCIE study guide.
As you can see, there are 7 core routers in the middle, 4 routers for external AS, and 1 router called Data Center. Most of the links are point-to-point. Knowing this fact, I believe we just need 1 ethernet interface (2 if you want OOB) for each router and we should be able to use logical interface with dot1q trunk and VLAN tagging to distinguish one point-to-point link with the others. So it will look like as the next drawing taken from the same book:
There won't be serial interfaces, and I don't think it will make any difference in the lab since we don't run Non Broadcast Multiple Access over serial such as frame-relay. I'm not sure if PPP features are part of the lab but in Cisco I can run PPP over Ethernet (PPPoE) and I can test the dial-on-demand or PPP authentication feature with it. So using a single dot1q trunk interface for each router and mark the same VLAN number on both routers that need the point-to-point connection should provide us the same output with one physical interface per router for each point-to-point link.
So here are the alternatives for setting up JNCIE Olive lab. I like to use the numbering similar with the options in MPLS inter-AS. And just like in inter-AS, option 3 below is the most interesting :))
JNCIE Lab Option 1: 1 PC for 1 router, multiple NICs
I have a friend who has passed JNCIE with this way. So he bought many used and obsolete PCs, it's old Pentium and but good enough to run FreeBSD with JunOS. Since it was cheap for him to purchase multiple NIC cards, he followed the topology by using direct ethernet point-to-point link even he must provide 6 ethernet ports for some of the PCs. He said all features required in the lab work when running JunOS directly on FreeBSD (no vmware or qemu). So this option is the most straight-fotward and proven to work (he passed, right?) and it doesn't require a switch since each PC will connect directly to each other (except for R1,R2 and P1 in the drawing above that can be connected using cheap hub).
JNCIE Lab Option 2: 1 PC for 1 router, 1 NIC
Similar with option 1 but using only 1 NIC for each PC. As I mentioned above, we should be able to use only a single NIC for each PC by make it as dot1q trunk and put the same VLAN ID on the logical interface for two routers that need to talk to each other. So we need to connect all the routers to a switch. You may want to use Cisco switch since Juniper has not shipped their switch yet heheh
JNCIE Lab Option 3a: 1 PC with Qemu, multiple instances
In this world, people always try to find the better way, and cheaper way, to achieve the goal. So why bother to buy multiple PCs if we can run JunOS using qemu with virtual Tap interfaces? So the idea is to run multiple Olive with qemu, and assign one Tap interface to each instance. Then we need to make sure all the interfaces are connected to one virtual switch, in Windows it's called Network Bridge.
So after we create multiple Tap interfaces in Windows using Step 2 in my previous post, we need to put all of them into the bridge in Windows Networking Setup. Just right click the interface and select "Add to Bridge" you should see it will be moved under Network Bridge.
Then when we start qemu, or jqemu, assign the interface into a single VLAN ID. The idea is to have all interfaces in a single VLAN, then later on the separation between each point-to-point link is done in JunOS logical interface configuration with dot1q and unique VLAN ID per link.
Note: I found out that I'm not able to launch multiple qemu instances in Windows if I try to execute it from a single folder. So what I did I create multiple folders and launch Olive from each.
Example, Olive instance 1 is launched with this option:
C:\qemu> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1
Then the 2nd instance is launched from another folder with the next Tap interface but same VLAN option as previous:
C:\qemu2> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1002,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Two Qemu windows will pop up and obviously we need another 2 DOS prompts to telnet to localhost port 1001 and 1002 to access our Olives. Once we login to Olive, both will have interface fxp0 and let's say we configure 10.1.1.0/30 for both interfaces without logical interface first, just to test the connection:
[edit]
root# edit interfaces fxp0 unit 0 family inet address 10.1.1.1/30
After we commit the changes we should be able to ping each other:
[edit]
root# run ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=1.937 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.843 ms
This means the bridging between 2 Tap interfaces in Windows networking is working. Now we can create logical interface (unit) and assign different VLAN ID. We must enable vlan-tagging (dot1q) first then let's create VLAN 20 with 20.1.1.0/30 and VLAN 30 with 30.1.1.0/30. Remove the previously configured unit 0 logical interface since it's not tagged.
[edit]
root# delete interfaces fxp0 unit 0
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# run show configuration interfaces
fxp0 {
vlan-tagging;
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
Once we commit the changes, we should be able to ping both network address. So those are our 2 point-to-point links between 2 routers. Now, let's run OSPF routing area 0 between VLAN 20.
[edit]
root# set protocols ospf area 0.0.0.0 interface fxp0.20 interface-type p2p
root# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 20.1.1.2 128 32
Let's create loopback interface with 100.1.1.1/32 on the first router and 100.1.1.2/32 on the second router and advertise this into OSPF area 0 for testing.
[edit]
root# set interfaces lo0 unit 0 family inet address 100.1.1.1/32
[edit]
root# set protocols ospf area 0.0.0.0 interface lo0 passive
After commit, we should be able to see this route is learned as intra-area:
[edit]
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
We can even try to move the loopback interface to different area just to verify the OSPF:
[edit]
root@Jrocks# delete protocols ospf area 0 interface lo0.0
[edit]
root@Jrocks# set protocols ospf area 1 interface lo0.0 passive
You can see now the peer router loopback address is learned as inter-area:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Inter Network IP 1 fxp0.20 20.1.1.2
Now let's put the interface of VLAN 30 into OSPF area 1
[edit]
root# set protocols ospf area 1 interface fxp0.30 interface-type p2p
As you can see now we have established 2 OSPF neighbors:
[edit]
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
30.1.1.2 fxp0.30 Full 100.1.1.2 128 31
And if you check the routing table, obviously the 100.1.1.2/32 now is learned as intra-area route again:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.30 30.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
30.1.1.0/30 Intra Network IP 1 fxp0.30
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.30 30.1.1.2
Note: Some people sent me email saying they can't run multicast with qemu. I haven't tested PIM or other multicast protocols but when I changed the OSPF type in VLAN 30 to broadcast, by not using the point-to-point interface type option, I can form neighborship:
[edit]
root# run show ospf neighbor detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
Area 0.0.0.0, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:19:23, adjacent 00:19:23
30.1.1.2 fxp0.30 Full 100.1.1.2 128 39
Area 0.0.0.1, opt 0x42, DR 30.1.1.2, BDR 30.1.1.1
Up 00:01:25, adjacent 00:00:42
[edit]
root# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 BDR 0.0.0.1 100.1.1.2 100.1.1.1 1
Type: LAN, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 30.1.1.2, BDR addr: 30.1.1.1, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
I tried to configure RIP as well and it works too. So I guess multicast-based protocol should work, but please let me know if you find it otherwise.
JNCIE Lab Option 3b: 1 PC with Qemu, single instances
So you think making multiple folders is not good enough for you? You don't like the previous option since you must allocate memory for each instance? Alright, here is another option that I got from my Chinese friend who's been helping me setting this up: Running only a single Qemu instance but with logical router feature inside JunOS. And each logical router will take one fxp interface, or one Tap interface if you see it from Windows point of view.
So when we start Olive, assign multiple TAP interfaces into this instance. Each logical router will take one fxp interface.
C:\qemu>jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Once we are inside Olive, create logical router R1 and R2, then enable vlan-tagging on both fxp0 and fxp1 interfaces.
[edit]
root# set logical-routers R1
[edit]
root# set logical-routers R2
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp1 vlan-tagging
Assign IP address and VLAN ID just like how we did in Option 3a, but this time we have to specify the logical router name. Logical-router R1 will use fxp0 while logical-router R2 will use fxp1:
[edit]
root# set logical-router R1 interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set logical-router R1 interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 20 vlan-id 20 family inet address 20.1.1.2/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 30 vlan-id 30 family inet address 30.1.1.2/30
[edit]
root# run show configuration logical-routers R1
interfaces {
fxp0 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
}
[edit]
root# run show configuration logical-routers R2
interfaces {
fxp1 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.2/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.2/30;
}
}
}
}
When we want to run ping test, specify the logical router name as the source of the ping packet:
[edit]
root# run ping logical-router R1 20.1.1.2
PING 20.1.1.2 (20.1.1.2): 56 data bytes
64 bytes from 20.1.1.2: icmp_seq=0 ttl=64 time=3.010 ms
64 bytes from 20.1.1.2: icmp_seq=1 ttl=64 time=0.453 ms
Configure OSPF Area 0 for VLAN 20:
[edit]
root# set logical-routers R1 interfaces lo0.0 family inet address 100.1.1.1/32
[edit]
root# set logical-routers R2 interfaces lo0.1 family inet address 100.1.1.2/32
[edit]
root# set logical-routers R1 protocols ospf area 0 interface fxp0.20
[edit]
root# set logical-routers R2 protocols ospf area 0 interface fxp1.20
Check the OSPF status and routes:
[edit]
root# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 37
[edit]
root# run show ospf route logical-router R1
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
Ping R2 loopback address from R1:
root# run ping logical-router R1 100.1.1.2
PING 100.1.1.2 (100.1.1.2): 56 data bytes
64 bytes from 100.1.1.2: icmp_seq=0 ttl=64 time=0.725 ms
64 bytes from 100.1.1.2: icmp_seq=1 ttl=64 time=0.467 ms
Just for fun, put the other logical interface into OSPF Area 1:
[edit]
root# set logical-routers R1 protocols ospf area 1 interface fxp0.30 interface-type p2p
[edit]
root# set logical-routers R2 protocols ospf area 1 interface fxp1.30 interface-type p2p
[edit]
root# run show ospf neighbor logical-router R1 detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 35
Area 0.0.0.0, opt 0x42, DR 20.1.1.1, BDR 20.1.1.2
Up 00:01:54, adjacent 00:01:54
30.1.1.2 fxp0.30 Full 100.1.1.2 128 35
Area 0.0.0.1, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:05, adjacent 00:00:05
[edit]
root# run show ospf interface logical-router R1 detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 DR 0.0.0.0 100.1.1.1 100.1.1.2 1
Type: LAN, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 20.1.1.1, BDR addr: 20.1.1.2, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
As you can see, the way to configure Option 3b with logical router is the same with Option 3a except now for all configuration or show command we must specify the logical router name as well.
JNCIE Lab Option 3c: Combination
Option 3c is just combination of all previous options. Use your imagination! The following might give you some idea:
- 1 PC running Olive, without qemu, with multiple NICs to connect to a switch. Then run logical routers and assign 1 NIC to each logical router, and just as Option 3b enable dot1q and use logical interfaces on each logical router.
- 2 PCs or more running Olive, with multiple qemu instances and multiple NICs on each PC to connect to a switch. Then each qemu can take 1 NIC, use dot1q with logical interfaces but no logical router is required. This might be a good case if you have few PCs and each has multiple NICs and able to run only several qemu instances.
- 2 PCs or more running Olive with single qemu instance on each PC, and with single NIC on each PC to connect to a switch. Then in Olive on each PC create logical routers to share that single NIC. To make it easy make sure logical routers in the same Olive are not required to talk to each other, so only to another logical routers in different PC. Obviously that NIC must be configured as dot1q and each logical router will use logical interfaces.
To make it even more granular, we can combine real NICs with TAP interfaces! So if we have 2 PCs or more with single NIC on each PC, 1 PC can run multiple qemu instances, and within 1 PC they communicate each other using TAP interfaces but those qemu instances can connect to another qemu in different PC using real NIC.
And one more thing, actually we can setup point-to-point connection between 2 qemu instances, or between 2 logical routers within 1 Olive/qemu using socket or UDP port! So for UDP, for example, we need to specify the source and destination port in -net option when we define the interface:
C:\qemu> jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net udp,vlan=1,sport=10001,dport=10002,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net udp,vlan=1,sport=10002,dport=10001,daddr=127.0.0.1
Sky is the limit!
As I mentioned in the beginning, I haven't started the journey yet so I don't know if all features in the lab can be tested with Olive, especially the option to use qemu multiple instances or qemu single instance with logical routers. So appreciate if you have already tried those options to provide your feedback. Thanks.
Now it's time to go back to IOS XR ;)
But I remember when I met Olive the first time and played with it for a while, I told myself there should be several different ways in using this emulator to make me able to practice for JNCIE lab. So I'm sharing those here, and if you are in the middle of the journey, please provide your feedback whether all features required in lab can be tested with my ways.
This topology drawing is taken from JNCIE study guide.
As you can see, there are 7 core routers in the middle, 4 routers for external AS, and 1 router called Data Center. Most of the links are point-to-point. Knowing this fact, I believe we just need 1 ethernet interface (2 if you want OOB) for each router and we should be able to use logical interface with dot1q trunk and VLAN tagging to distinguish one point-to-point link with the others. So it will look like as the next drawing taken from the same book:
There won't be serial interfaces, and I don't think it will make any difference in the lab since we don't run Non Broadcast Multiple Access over serial such as frame-relay. I'm not sure if PPP features are part of the lab but in Cisco I can run PPP over Ethernet (PPPoE) and I can test the dial-on-demand or PPP authentication feature with it. So using a single dot1q trunk interface for each router and mark the same VLAN number on both routers that need the point-to-point connection should provide us the same output with one physical interface per router for each point-to-point link.
So here are the alternatives for setting up JNCIE Olive lab. I like to use the numbering similar with the options in MPLS inter-AS. And just like in inter-AS, option 3 below is the most interesting :))
JNCIE Lab Option 1: 1 PC for 1 router, multiple NICs
I have a friend who has passed JNCIE with this way. So he bought many used and obsolete PCs, it's old Pentium and but good enough to run FreeBSD with JunOS. Since it was cheap for him to purchase multiple NIC cards, he followed the topology by using direct ethernet point-to-point link even he must provide 6 ethernet ports for some of the PCs. He said all features required in the lab work when running JunOS directly on FreeBSD (no vmware or qemu). So this option is the most straight-fotward and proven to work (he passed, right?) and it doesn't require a switch since each PC will connect directly to each other (except for R1,R2 and P1 in the drawing above that can be connected using cheap hub).
JNCIE Lab Option 2: 1 PC for 1 router, 1 NIC
Similar with option 1 but using only 1 NIC for each PC. As I mentioned above, we should be able to use only a single NIC for each PC by make it as dot1q trunk and put the same VLAN ID on the logical interface for two routers that need to talk to each other. So we need to connect all the routers to a switch. You may want to use Cisco switch since Juniper has not shipped their switch yet heheh
JNCIE Lab Option 3a: 1 PC with Qemu, multiple instances
In this world, people always try to find the better way, and cheaper way, to achieve the goal. So why bother to buy multiple PCs if we can run JunOS using qemu with virtual Tap interfaces? So the idea is to run multiple Olive with qemu, and assign one Tap interface to each instance. Then we need to make sure all the interfaces are connected to one virtual switch, in Windows it's called Network Bridge.
So after we create multiple Tap interfaces in Windows using Step 2 in my previous post, we need to put all of them into the bridge in Windows Networking Setup. Just right click the interface and select "Add to Bridge" you should see it will be moved under Network Bridge.
Then when we start qemu, or jqemu, assign the interface into a single VLAN ID. The idea is to have all interfaces in a single VLAN, then later on the separation between each point-to-point link is done in JunOS logical interface configuration with dot1q and unique VLAN ID per link.
Note: I found out that I'm not able to launch multiple qemu instances in Windows if I try to execute it from a single folder. So what I did I create multiple folders and launch Olive from each.
Example, Olive instance 1 is launched with this option:
C:\qemu> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1
Then the 2nd instance is launched from another folder with the next Tap interface but same VLAN option as previous:
C:\qemu2> jqemu.exe -L . -m 64 -hda Olive.img -serial telnet::1002,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Two Qemu windows will pop up and obviously we need another 2 DOS prompts to telnet to localhost port 1001 and 1002 to access our Olives. Once we login to Olive, both will have interface fxp0 and let's say we configure 10.1.1.0/30 for both interfaces without logical interface first, just to test the connection:
[edit]
root# edit interfaces fxp0 unit 0 family inet address 10.1.1.1/30
After we commit the changes we should be able to ping each other:
[edit]
root# run ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=1.937 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.843 ms
This means the bridging between 2 Tap interfaces in Windows networking is working. Now we can create logical interface (unit) and assign different VLAN ID. We must enable vlan-tagging (dot1q) first then let's create VLAN 20 with 20.1.1.0/30 and VLAN 30 with 30.1.1.0/30. Remove the previously configured unit 0 logical interface since it's not tagged.
[edit]
root# delete interfaces fxp0 unit 0
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# run show configuration interfaces
fxp0 {
vlan-tagging;
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
Once we commit the changes, we should be able to ping both network address. So those are our 2 point-to-point links between 2 routers. Now, let's run OSPF routing area 0 between VLAN 20.
[edit]
root# set protocols ospf area 0.0.0.0 interface fxp0.20 interface-type p2p
root# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 20.1.1.2 128 32
Let's create loopback interface with 100.1.1.1/32 on the first router and 100.1.1.2/32 on the second router and advertise this into OSPF area 0 for testing.
[edit]
root# set interfaces lo0 unit 0 family inet address 100.1.1.1/32
[edit]
root# set protocols ospf area 0.0.0.0 interface lo0 passive
After commit, we should be able to see this route is learned as intra-area:
[edit]
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
We can even try to move the loopback interface to different area just to verify the OSPF:
[edit]
root@Jrocks# delete protocols ospf area 0 interface lo0.0
[edit]
root@Jrocks# set protocols ospf area 1 interface lo0.0 passive
You can see now the peer router loopback address is learned as inter-area:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Inter Network IP 1 fxp0.20 20.1.1.2
Now let's put the interface of VLAN 30 into OSPF area 1
[edit]
root# set protocols ospf area 1 interface fxp0.30 interface-type p2p
As you can see now we have established 2 OSPF neighbors:
[edit]
root# run show ospf neighbor
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
30.1.1.2 fxp0.30 Full 100.1.1.2 128 31
And if you check the routing table, obviously the 100.1.1.2/32 now is learned as intra-area route again:
root# run show ospf route
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Area BR IP 1 fxp0.30 30.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
30.1.1.0/30 Intra Network IP 1 fxp0.30
100.1.1.1/32 Intra Network IP 0 lo0.0
100.1.1.2/32 Intra Network IP 1 fxp0.30 30.1.1.2
Note: Some people sent me email saying they can't run multicast with qemu. I haven't tested PIM or other multicast protocols but when I changed the OSPF type in VLAN 30 to broadcast, by not using the point-to-point interface type option, I can form neighborship:
[edit]
root# run show ospf neighbor detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 34
Area 0.0.0.0, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:19:23, adjacent 00:19:23
30.1.1.2 fxp0.30 Full 100.1.1.2 128 39
Area 0.0.0.1, opt 0x42, DR 30.1.1.2, BDR 30.1.1.1
Up 00:01:25, adjacent 00:00:42
[edit]
root# run show ospf interface detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 BDR 0.0.0.1 100.1.1.2 100.1.1.1 1
Type: LAN, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 30.1.1.2, BDR addr: 30.1.1.1, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
I tried to configure RIP as well and it works too. So I guess multicast-based protocol should work, but please let me know if you find it otherwise.
JNCIE Lab Option 3b: 1 PC with Qemu, single instances
So you think making multiple folders is not good enough for you? You don't like the previous option since you must allocate memory for each instance? Alright, here is another option that I got from my Chinese friend who's been helping me setting this up: Running only a single Qemu instance but with logical router feature inside JunOS. And each logical router will take one fxp interface, or one Tap interface if you see it from Windows point of view.
So when we start Olive, assign multiple TAP interfaces into this instance. Each logical router will take one fxp interface.
C:\qemu>jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net tap,vlan=1,ifname=Tap1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net tap,vlan=1,ifname=Tap2
Once we are inside Olive, create logical router R1 and R2, then enable vlan-tagging on both fxp0 and fxp1 interfaces.
[edit]
root# set logical-routers R1
[edit]
root# set logical-routers R2
[edit]
root# set interfaces fxp0 vlan-tagging
[edit]
root# set interfaces fxp1 vlan-tagging
Assign IP address and VLAN ID just like how we did in Option 3a, but this time we have to specify the logical router name. Logical-router R1 will use fxp0 while logical-router R2 will use fxp1:
[edit]
root# set logical-router R1 interfaces fxp0 unit 20 vlan-id 20 family inet address 20.1.1.1/30
[edit]
root# set logical-router R1 interfaces fxp0 unit 30 vlan-id 30 family inet address 30.1.1.1/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 20 vlan-id 20 family inet address 20.1.1.2/30
[edit]
root# set logical-router R2 interfaces fxp1 unit 30 vlan-id 30 family inet address 30.1.1.2/30
[edit]
root# run show configuration logical-routers R1
interfaces {
fxp0 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.1/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.1/30;
}
}
}
}
[edit]
root# run show configuration logical-routers R2
interfaces {
fxp1 {
unit 20 {
vlan-id 20;
family inet {
address 20.1.1.2/30;
}
}
unit 30 {
vlan-id 30;
family inet {
address 30.1.1.2/30;
}
}
}
}
When we want to run ping test, specify the logical router name as the source of the ping packet:
[edit]
root# run ping logical-router R1 20.1.1.2
PING 20.1.1.2 (20.1.1.2): 56 data bytes
64 bytes from 20.1.1.2: icmp_seq=0 ttl=64 time=3.010 ms
64 bytes from 20.1.1.2: icmp_seq=1 ttl=64 time=0.453 ms
Configure OSPF Area 0 for VLAN 20:
[edit]
root# set logical-routers R1 interfaces lo0.0 family inet address 100.1.1.1/32
[edit]
root# set logical-routers R2 interfaces lo0.1 family inet address 100.1.1.2/32
[edit]
root# set logical-routers R1 protocols ospf area 0 interface fxp0.20
[edit]
root# set logical-routers R2 protocols ospf area 0 interface fxp1.20
Check the OSPF status and routes:
[edit]
root# run show ospf neighbor logical-router R1
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 37
[edit]
root# run show ospf route logical-router R1
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface addr/label
100.1.1.2 Intra Router IP 1 fxp0.20 20.1.1.2
20.1.1.0/30 Intra Network IP 1 fxp0.20
100.1.1.2/32 Intra Network IP 1 fxp0.20 20.1.1.2
Ping R2 loopback address from R1:
root# run ping logical-router R1 100.1.1.2
PING 100.1.1.2 (100.1.1.2): 56 data bytes
64 bytes from 100.1.1.2: icmp_seq=0 ttl=64 time=0.725 ms
64 bytes from 100.1.1.2: icmp_seq=1 ttl=64 time=0.467 ms
Just for fun, put the other logical interface into OSPF Area 1:
[edit]
root# set logical-routers R1 protocols ospf area 1 interface fxp0.30 interface-type p2p
[edit]
root# set logical-routers R2 protocols ospf area 1 interface fxp1.30 interface-type p2p
[edit]
root# run show ospf neighbor logical-router R1 detail
Address Interface State ID Pri Dead
20.1.1.2 fxp0.20 Full 100.1.1.2 128 35
Area 0.0.0.0, opt 0x42, DR 20.1.1.1, BDR 20.1.1.2
Up 00:01:54, adjacent 00:01:54
30.1.1.2 fxp0.30 Full 100.1.1.2 128 35
Area 0.0.0.1, opt 0x42, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:05, adjacent 00:00:05
[edit]
root# run show ospf interface logical-router R1 detail
Interface State Area DR ID BDR ID Nbrs
fxp0.20 DR 0.0.0.0 100.1.1.1 100.1.1.2 1
Type: LAN, Address: 20.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
DR addr: 20.1.1.1, BDR addr: 20.1.1.2, Adj count: 1, Priority: 128
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
fxp0.30 PtToPt 0.0.0.1 0.0.0.0 0.0.0.0 1
Type: P2P, Address: 30.1.1.1, Mask: 255.255.255.252, MTU: 1496, Cost: 1
Adj count: 1
Hello: 10, Dead: 40, ReXmit: 5, Not Stub
Auth type: None
As you can see, the way to configure Option 3b with logical router is the same with Option 3a except now for all configuration or show command we must specify the logical router name as well.
JNCIE Lab Option 3c: Combination
Option 3c is just combination of all previous options. Use your imagination! The following might give you some idea:
- 1 PC running Olive, without qemu, with multiple NICs to connect to a switch. Then run logical routers and assign 1 NIC to each logical router, and just as Option 3b enable dot1q and use logical interfaces on each logical router.
- 2 PCs or more running Olive, with multiple qemu instances and multiple NICs on each PC to connect to a switch. Then each qemu can take 1 NIC, use dot1q with logical interfaces but no logical router is required. This might be a good case if you have few PCs and each has multiple NICs and able to run only several qemu instances.
- 2 PCs or more running Olive with single qemu instance on each PC, and with single NIC on each PC to connect to a switch. Then in Olive on each PC create logical routers to share that single NIC. To make it easy make sure logical routers in the same Olive are not required to talk to each other, so only to another logical routers in different PC. Obviously that NIC must be configured as dot1q and each logical router will use logical interfaces.
To make it even more granular, we can combine real NICs with TAP interfaces! So if we have 2 PCs or more with single NIC on each PC, 1 PC can run multiple qemu instances, and within 1 PC they communicate each other using TAP interfaces but those qemu instances can connect to another qemu in different PC using real NIC.
And one more thing, actually we can setup point-to-point connection between 2 qemu instances, or between 2 logical routers within 1 Olive/qemu using socket or UDP port! So for UDP, for example, we need to specify the source and destination port in -net option when we define the interface:
C:\qemu> jqemu.exe -L . -m 192 -hda Olive.img -serial telnet::1001,server -kernel-kqemu -localtime -net nic,vlan=1,macaddr=00:aa:00:00:01:01,model=i82559er -net udp,vlan=1,sport=10001,dport=10002,daddr=127.0.0.1 -net nic,vlan=1,macaddr=00:aa:00:00:02:02,model=i82559er -net udp,vlan=1,sport=10002,dport=10001,daddr=127.0.0.1
Sky is the limit!
As I mentioned in the beginning, I haven't started the journey yet so I don't know if all features in the lab can be tested with Olive, especially the option to use qemu multiple instances or qemu single instance with logical routers. So appreciate if you have already tried those options to provide your feedback. Thanks.
Now it's time to go back to IOS XR ;)
Friday, March 07, 2008
How to Become a CCIE v2
Passing the elite level and world's toughest certification from Cisco Systems, tips from someone who has done it three times
By Himawan Nugroho, CCIE#8171 (R&S, Security, SP)
I was digging through my own blog archive and found that my first post about How to Become a CCIE is quite old and need to get updated. In fact, I'm thinking to modify it in such a way so the same principle should be applied to any CCIE tracks, and even to any top level certification from other vendor. Without any intention to re-invent my own writing, I just put the updates and I tried to make it short this time. So if you'd like to read more about my experience taking the lab 3 times, I suggest you to read the original version and all related posts, starting with the summary of my journey.
Btw, in case you haven't noticed I'm trying to learn how to sell by using marketing hypes, hence the words "elite level", "world's toughest" and "from someone who has done it three times" yeah, right :)
1. You still need to ask yourself "what's the point?"
It's still a very tough challenge. It's still a long and tiring process. You will spend lots of efforts and money to get it. You still need to sacrifice your spare time and social life. So you should have at least one good reason why you want to do CCIE. And don't try to fake the reason. No one can give you the answer and I bet no one other than you really cares what it is. But it's important for you because this might be the only thing that can keep you going, that can wake you up from your laziness, that can make you come out from your frustration in the middle of your journey.
Once you know and believe in your reason, then decide which track you want to pursuit. Follow your heart, do only the track you like. Continue with collecting the information about that specific track: read the CCIE blueprint for both written and lab exam. Read Networkers slides to get a brief picture about the exam format and sample of the question (Yes they have a session for this, I remember I read and listened to the presentation conducted by CCIE SP proctors).
2. Use the mid-level certification
Now the step for all CCIE tracks are very clear and they all have mid-level certification (except CCIE storage). So if you want to take CCIE in Routing & Swithing you should learn CCNP. For CCIE Service Provider you should start with CCIP. For Voice it's CCVP. And for Security it's CCSP (the new Security lab doesn't require extensive knowledge of routing & switching anymore, you may check its blueprint v2). Remember, using this mid-level certification doesn't mean you have to pass it.
If you are one of the guys who wrote me email to say that certification is useless, want to take CCIE just to prove how good you are, doesn't want to waste time with CCNA, CCNP/IP/SP/VP then it's fine. Don't take the exam but you can still utilize the resources to plan your study. The base knowledge for CCIE is already covered in the mid-level certification. So do the obvious and follow the flow: read the books for the mid-level of track you want to pursuit even you don't have to take the exam. Passing the mid-level exam is important just as a review to ensure you have really understood the material covered by the certification. And you may want to get your knowledge to some extend to be certified by Cisco that can be considered a reward in your journey even you haven't completed it.
3. A new way to build your home lab
Practice extensively in the lab is still the key to pass CCIE. But for certain tracks, R&S and SP, you can practice CCIE lab without having any real equipments. I have built a step-by-step guidance to do this with dynamips. Dynamips is a very popular emulator for Cisco IOS and now some people have released several front-end interface such as dynagen or GNS3 to make it easier to setup and build the topology. It's an emulator to provide real router environment that can trick the real Cisco IOS so it will boot in normal PC. So it's still need the real Cisco IOS software, and please don't ask me to send you this.
Many people still wrote me email asking this question: is it possible to pass CCIE only with dynamips? Yes, it is. I have seen some of my friends did this. In fact, I did all my practice for CCIE SP only with (censored), something similar as dynamips. Censored = internal info to Cisco employees heheh. I'm planning to take the top level certification from other vendor (guess who :)) using a similar emulator only. I want to do it just to utilize my spare time, to prove my point here, and obviously for fun.
You may still require to build home lab, or rent it online, for other CCIE tracks.
4. Passing written test still doesn't prove anything
This is still the same point as my original post. You can read the written exam blueprint and compare it with the lab. Take the written test and feel its coverage. Then setup your lab after that, start doing the workbook, and feel the difference. For some tracks, studying for written test doesn't add any value for the lab preparation.
For me, I don't count the step to pass written test as part of my checklist to pass the lab. After you pass written exam, you are eligible to register for the lab. And that's what it's all about. Passing written test doesn't mean you are half-CCIE. It doesn't mean you are 20% or even 10% ready to take the lab. I count it as Step 0. From the written test you should start practicing in the lab and build the percentage of your progress. Use the lab blueprint as your guidance. Once you cover 100% in the list then you may be ready for your first attempt. Well, this is not always the case. I covered only 80% and passed in my first attempt. But don't count on my experience!
So my point here is: never count passing written test as part of your CCIE lab preparation. Just look at it as administrative step required to register for the lab.
5. Read, read and read, then practice
I won't list all the books that I read to prepare for all my CCIE labs. They are just so many of them! And sometime you just need to read few chapters from one book. The must-read book list is different for every track and may not updated. But you can start by checking on the book list from CCIE website. If you think it's still too much, then I suggest you to again use the Lab Exam Blueprint as your guidance. Read about one scope of technology at a time. Read from CCO, since this is Cisco certification so it always makes sense to check the configuration guide and technical tips from their website. Material from Networkers (slides with sound) is still a good resource, and I think you can get this from Networkers Online.
Google is always our best friend. And you may be interested to subscribe for online books library such as Safari Books online. Check the list of their books first before you pay! The benefit of reading from a website like Safari is they provide a google-seach to find specific topic you want to read from several books.
6. Fast and Furious may not the trend anymore
Indeed you still need the speed in typing. I guess it will be difficult to pass CCIE if you still use only two fingers to type and always look at your keyboard when you do so. There is just not enough time! But it was a different experience when I did my R&S and Security with my SP lab. In the first two, there are many independent technology that I can skip to come back later on if I don't know the answer. So my strategy at that time was to answer all questions that I know the obvious answers first. Then I went back to answer some of the questions that I'm not too sure about it. And the rest of the time was to answer all questions that I have no clue, and I used to depend on Documentation CD or restricted CCO documentation websites to find the answers. So normally I tried to complete 70-80% of the lab before lunch, since I know I need to spend many hours to read from documentation CD.
But in SP, it was a different story. Many topics are connected to another topics, many topics are built based on another topics as underlying protocol, and all decision we make to answer one topic may affect our answer for the topic we build on top of it. So the strategy that works for me at that time was "do it once, and do it right". I needed to make sure I had answered the question correctly before I moved to the next question (unless it's independent feature that I can skip). Even I can type IOS command quite fast but at that time I had only 1 hour left to re-check my work. And documentation CD is not our best friend anymore in SP lab. There is no time to read it and actually to be able to build a working topology all topics covered in the lab must be understood thoroughly, unless it's related to features or enhancements.
7. Join the community
There is no doubt about this. Learn from others' experience and share your own experience. Check the archive for all previous discussions. Answer the questions in the forum in order to get the answers for your questions to the forum. Build a healthy discussion forum! Respect each other and always think those people who are willing to answer are not getting paid for that so don't be rude and push to get answers (unless you join a commercial forum or the forum that is created by vendor to answer your questions related to the product/workbook you purchase from them).
Same as what I wrote in my original post, it would be good if you can build a small discussion forum in your area that can meet offline. It's always better to have someone to share your frustration or listening for someone's experience to boost the spirit while having coffee together. CCIE is a one-man-journey type of experience but as I said in the original post, I was happy just to know there were others out there who might be doing the same thing and facing the same challenges. You are not the only one, even you are alone who must open the door, Neo.
8. Asking the right question is an art
Try to ask some silly questions or obvious questions that any CCIE lab proctors are not allowed to answer are not recommended. They are there in the lab to clarify the question, and sometime they can provide you hints to the answer. So use this chance wisely because you don't want the proctors mark your face in his brain as someone who asks him the answer for CCIE lab.
More into that, I think it's really good to build a culture on how to ask a question effectively. I received many emails asked me how to become a CCIE even now still working on CCNA? That's easy, pass your CCNA first! Or I have seen some people throw one line question to the forum: how can I configure MPLS VPN? Why don't you spend a little bit of your time to read the website, use google, RTFM, try it in your lab and when you are really stuck you can send your specific question with all required information such as the config and topology.
Learn how to ask effectively.
We all definitely need this even for the life outside CCIE lab.
9. Understand the lab question
I was not born in english-speaking country. And even I have spent 6 years working overseas, with English as daily business language, it was still difficult for me to understand some of the lab question. For my CCIE SP lab all the questions were straight forward. I went to the proctor only because I found some vague words and since I know how to ask I could even get the hints after I clarified the words with the proctor. So they are there in the lab to help you to clarify the questions. But that's all.
And I found out when some lab questions are so confusing, it's better to sit back and look at the topology as a whole and a unit. So try to understand what we are trying to build in the lab from helicopter view, not from the device or configuration perspective. For example, when I did my SP lab I looked at the drawing, read the questions, tried to understand what kind of network I have to build with all traffic flow and policy then it became easier for me when I worked on each question to put the configuration.
10. Skeptical attitude might the one you need the most
Trust no one, trust no solution. Don't trust the configuration guide in Cisco website. Don't believe what people say or write in the forum. Don't trust the configuration and solution written in Ciscopress books. Don't even trust the solution from the vendor for those CCIE workbooks that you must pay for it!
I'm not saying that all those resources are bad and should not be trusted. What I'm trying to say here is you should not trust any solution unless you prove it in your lab. It may work in the book but not in your case because you use different IOS. You may read it and think you have already understood the technology but then when it doesn't work in the lab only you realize there is a missing part that you need to discover. And some people either make a typo in their solution or answer it with one way because of some consideration that you may not able to see.
So never stop asking: Why? How come it's possible? Why the solution use that way? What if I answer it with this way? How to prove the concept really works? What if I add this on top of that? How to answer this question if I modify or add with that requirement? And so on.
11. CCIE is nothing but a mind game
You still need to read lots of books. You still need to practice extensively. You still need to make the strategy and plan your study accordingly. But on top of that, you really need the right mindset and attitude to pass. Other than being skeptical and consistently test the solution in the lab, you must be positive most of the time. You should believe you can achieve your target if you really spend efforts in doing so. Avoid unnecessary discussion and long debate about why you need to become a CCIE (you should do that in Step 1 above). Leave your discussion group if they keep telling you it's very difficult to pass CCIE and you won't be able to make it because you don't have what it takes to pass. Or they say you don't have same opportunity as the others who can pass. Everyone has the same chance to pass. During my journey I have proved that it's not a matter of time, nor it's a matter of support from the company or how many resources you have. It's all about the mindset.
And other than being positive, you should develop ability to be adaptable as well, to make you ready for any surprises in the lab. You should know how to analyze a problem and use the right approach to solve it. This is required to ensure you can understand the requirements in the lab and choose the right method to answer. You need to be able to make decision and handle situation under pressure within limited amount of time. And you don't risk your life in taking this CCIE anyway! So relax, try your best to be prepared, extremely prepared, but in the end if you make mistakes and fail, you lose nothing but the cost to take the lab. On the other side you will definitely learn something from your failure and gain more than what you lose.
So again, Everyone has the same chance to pass.
If someone tells you the otherwise, ask him to talk to me ;)
12. Enjoy every moment of it
What's the point to do something if you don't enjoy it? Again, this is the reason why Step 1 is very crucial. It's very important to follow your heart. Because pursuing CCIE requires you to be focus and consistent, so it will be difficult if you don't know why you want to do this in the first place. You must sacrifice your spare time and social life so it's really important for those around who care to you to be part of the game. Discuss your plan with them and try to still make some contact with other human beings when you are not geeking out in the lab.
I remember when I did my security I still spent some time with my family to go to the beach, even my mind was in Firewall-ACL-to-allow-BGP-traffic-with-NAT and IDS-fine-tuning-to-send-alert-only-after-certain-hits. I sacrificed my sleep to gain extra time to study. I sacrificed my lunch. I sacrificed my time that I normally used to chit chat with colleagues. But I still had fun doing my lab since at the same time I played the Matrix or the Simpsons next to my hyperterminal. And not to mention all those Linkin Park songs that I used to play over and over continuously.
And when you are preparing for CCIE, be in the moment. Make a 6-months study plan but do one thing at the time. If you haven't passed the written then do this as Step 0. If you haven't setup the lab then start reading documentation about the emulator or search for the hardware on ebay. If you must deal with busy schedule at work, try to have fun by read CCIE material in between your busy time or steal some time by locking yourself inside the toilet and read in there (I'm still doing this until now!). Feel every aspect of the journey. Be grateful when you have even a very short time to make progress in your study. And always try to enjoy every moment of it.
Okay, let's say you pass. You may ask: now what?
Don't ask me. Ask yourself.
CCIE is just the beginning of a bigger journey. There are several other CCIE tracks to chase or other exciting things to do in life such as working in large scale project where you have to use all your technical skills along with your ability to handle much complex situation. But frankly speaking, until now I still haven't found another journey that could offer such tense atmosphere, learning experience, wide coverage of technology within short time, and fun all together outside CCIE. All the time was just for me and my lab.
As I wrote in my own post after I passed my 3rd lab:
CCIE was the only time when the world makes sense.
Have fun, everyone.
By Himawan Nugroho, CCIE#8171 (R&S, Security, SP)
I was digging through my own blog archive and found that my first post about How to Become a CCIE is quite old and need to get updated. In fact, I'm thinking to modify it in such a way so the same principle should be applied to any CCIE tracks, and even to any top level certification from other vendor. Without any intention to re-invent my own writing, I just put the updates and I tried to make it short this time. So if you'd like to read more about my experience taking the lab 3 times, I suggest you to read the original version and all related posts, starting with the summary of my journey.
Btw, in case you haven't noticed I'm trying to learn how to sell by using marketing hypes, hence the words "elite level", "world's toughest" and "from someone who has done it three times" yeah, right :)
1. You still need to ask yourself "what's the point?"
It's still a very tough challenge. It's still a long and tiring process. You will spend lots of efforts and money to get it. You still need to sacrifice your spare time and social life. So you should have at least one good reason why you want to do CCIE. And don't try to fake the reason. No one can give you the answer and I bet no one other than you really cares what it is. But it's important for you because this might be the only thing that can keep you going, that can wake you up from your laziness, that can make you come out from your frustration in the middle of your journey.
Once you know and believe in your reason, then decide which track you want to pursuit. Follow your heart, do only the track you like. Continue with collecting the information about that specific track: read the CCIE blueprint for both written and lab exam. Read Networkers slides to get a brief picture about the exam format and sample of the question (Yes they have a session for this, I remember I read and listened to the presentation conducted by CCIE SP proctors).
2. Use the mid-level certification
Now the step for all CCIE tracks are very clear and they all have mid-level certification (except CCIE storage). So if you want to take CCIE in Routing & Swithing you should learn CCNP. For CCIE Service Provider you should start with CCIP. For Voice it's CCVP. And for Security it's CCSP (the new Security lab doesn't require extensive knowledge of routing & switching anymore, you may check its blueprint v2). Remember, using this mid-level certification doesn't mean you have to pass it.
If you are one of the guys who wrote me email to say that certification is useless, want to take CCIE just to prove how good you are, doesn't want to waste time with CCNA, CCNP/IP/SP/VP then it's fine. Don't take the exam but you can still utilize the resources to plan your study. The base knowledge for CCIE is already covered in the mid-level certification. So do the obvious and follow the flow: read the books for the mid-level of track you want to pursuit even you don't have to take the exam. Passing the mid-level exam is important just as a review to ensure you have really understood the material covered by the certification. And you may want to get your knowledge to some extend to be certified by Cisco that can be considered a reward in your journey even you haven't completed it.
3. A new way to build your home lab
Practice extensively in the lab is still the key to pass CCIE. But for certain tracks, R&S and SP, you can practice CCIE lab without having any real equipments. I have built a step-by-step guidance to do this with dynamips. Dynamips is a very popular emulator for Cisco IOS and now some people have released several front-end interface such as dynagen or GNS3 to make it easier to setup and build the topology. It's an emulator to provide real router environment that can trick the real Cisco IOS so it will boot in normal PC. So it's still need the real Cisco IOS software, and please don't ask me to send you this.
Many people still wrote me email asking this question: is it possible to pass CCIE only with dynamips? Yes, it is. I have seen some of my friends did this. In fact, I did all my practice for CCIE SP only with (censored), something similar as dynamips. Censored = internal info to Cisco employees heheh. I'm planning to take the top level certification from other vendor (guess who :)) using a similar emulator only. I want to do it just to utilize my spare time, to prove my point here, and obviously for fun.
You may still require to build home lab, or rent it online, for other CCIE tracks.
4. Passing written test still doesn't prove anything
This is still the same point as my original post. You can read the written exam blueprint and compare it with the lab. Take the written test and feel its coverage. Then setup your lab after that, start doing the workbook, and feel the difference. For some tracks, studying for written test doesn't add any value for the lab preparation.
For me, I don't count the step to pass written test as part of my checklist to pass the lab. After you pass written exam, you are eligible to register for the lab. And that's what it's all about. Passing written test doesn't mean you are half-CCIE. It doesn't mean you are 20% or even 10% ready to take the lab. I count it as Step 0. From the written test you should start practicing in the lab and build the percentage of your progress. Use the lab blueprint as your guidance. Once you cover 100% in the list then you may be ready for your first attempt. Well, this is not always the case. I covered only 80% and passed in my first attempt. But don't count on my experience!
So my point here is: never count passing written test as part of your CCIE lab preparation. Just look at it as administrative step required to register for the lab.
5. Read, read and read, then practice
I won't list all the books that I read to prepare for all my CCIE labs. They are just so many of them! And sometime you just need to read few chapters from one book. The must-read book list is different for every track and may not updated. But you can start by checking on the book list from CCIE website. If you think it's still too much, then I suggest you to again use the Lab Exam Blueprint as your guidance. Read about one scope of technology at a time. Read from CCO, since this is Cisco certification so it always makes sense to check the configuration guide and technical tips from their website. Material from Networkers (slides with sound) is still a good resource, and I think you can get this from Networkers Online.
Google is always our best friend. And you may be interested to subscribe for online books library such as Safari Books online. Check the list of their books first before you pay! The benefit of reading from a website like Safari is they provide a google-seach to find specific topic you want to read from several books.
6. Fast and Furious may not the trend anymore
Indeed you still need the speed in typing. I guess it will be difficult to pass CCIE if you still use only two fingers to type and always look at your keyboard when you do so. There is just not enough time! But it was a different experience when I did my R&S and Security with my SP lab. In the first two, there are many independent technology that I can skip to come back later on if I don't know the answer. So my strategy at that time was to answer all questions that I know the obvious answers first. Then I went back to answer some of the questions that I'm not too sure about it. And the rest of the time was to answer all questions that I have no clue, and I used to depend on Documentation CD or restricted CCO documentation websites to find the answers. So normally I tried to complete 70-80% of the lab before lunch, since I know I need to spend many hours to read from documentation CD.
But in SP, it was a different story. Many topics are connected to another topics, many topics are built based on another topics as underlying protocol, and all decision we make to answer one topic may affect our answer for the topic we build on top of it. So the strategy that works for me at that time was "do it once, and do it right". I needed to make sure I had answered the question correctly before I moved to the next question (unless it's independent feature that I can skip). Even I can type IOS command quite fast but at that time I had only 1 hour left to re-check my work. And documentation CD is not our best friend anymore in SP lab. There is no time to read it and actually to be able to build a working topology all topics covered in the lab must be understood thoroughly, unless it's related to features or enhancements.
7. Join the community
There is no doubt about this. Learn from others' experience and share your own experience. Check the archive for all previous discussions. Answer the questions in the forum in order to get the answers for your questions to the forum. Build a healthy discussion forum! Respect each other and always think those people who are willing to answer are not getting paid for that so don't be rude and push to get answers (unless you join a commercial forum or the forum that is created by vendor to answer your questions related to the product/workbook you purchase from them).
Same as what I wrote in my original post, it would be good if you can build a small discussion forum in your area that can meet offline. It's always better to have someone to share your frustration or listening for someone's experience to boost the spirit while having coffee together. CCIE is a one-man-journey type of experience but as I said in the original post, I was happy just to know there were others out there who might be doing the same thing and facing the same challenges. You are not the only one, even you are alone who must open the door, Neo.
8. Asking the right question is an art
Try to ask some silly questions or obvious questions that any CCIE lab proctors are not allowed to answer are not recommended. They are there in the lab to clarify the question, and sometime they can provide you hints to the answer. So use this chance wisely because you don't want the proctors mark your face in his brain as someone who asks him the answer for CCIE lab.
More into that, I think it's really good to build a culture on how to ask a question effectively. I received many emails asked me how to become a CCIE even now still working on CCNA? That's easy, pass your CCNA first! Or I have seen some people throw one line question to the forum: how can I configure MPLS VPN? Why don't you spend a little bit of your time to read the website, use google, RTFM, try it in your lab and when you are really stuck you can send your specific question with all required information such as the config and topology.
Learn how to ask effectively.
We all definitely need this even for the life outside CCIE lab.
9. Understand the lab question
I was not born in english-speaking country. And even I have spent 6 years working overseas, with English as daily business language, it was still difficult for me to understand some of the lab question. For my CCIE SP lab all the questions were straight forward. I went to the proctor only because I found some vague words and since I know how to ask I could even get the hints after I clarified the words with the proctor. So they are there in the lab to help you to clarify the questions. But that's all.
And I found out when some lab questions are so confusing, it's better to sit back and look at the topology as a whole and a unit. So try to understand what we are trying to build in the lab from helicopter view, not from the device or configuration perspective. For example, when I did my SP lab I looked at the drawing, read the questions, tried to understand what kind of network I have to build with all traffic flow and policy then it became easier for me when I worked on each question to put the configuration.
10. Skeptical attitude might the one you need the most
Trust no one, trust no solution. Don't trust the configuration guide in Cisco website. Don't believe what people say or write in the forum. Don't trust the configuration and solution written in Ciscopress books. Don't even trust the solution from the vendor for those CCIE workbooks that you must pay for it!
I'm not saying that all those resources are bad and should not be trusted. What I'm trying to say here is you should not trust any solution unless you prove it in your lab. It may work in the book but not in your case because you use different IOS. You may read it and think you have already understood the technology but then when it doesn't work in the lab only you realize there is a missing part that you need to discover. And some people either make a typo in their solution or answer it with one way because of some consideration that you may not able to see.
So never stop asking: Why? How come it's possible? Why the solution use that way? What if I answer it with this way? How to prove the concept really works? What if I add this on top of that? How to answer this question if I modify or add with that requirement? And so on.
11. CCIE is nothing but a mind game
You still need to read lots of books. You still need to practice extensively. You still need to make the strategy and plan your study accordingly. But on top of that, you really need the right mindset and attitude to pass. Other than being skeptical and consistently test the solution in the lab, you must be positive most of the time. You should believe you can achieve your target if you really spend efforts in doing so. Avoid unnecessary discussion and long debate about why you need to become a CCIE (you should do that in Step 1 above). Leave your discussion group if they keep telling you it's very difficult to pass CCIE and you won't be able to make it because you don't have what it takes to pass. Or they say you don't have same opportunity as the others who can pass. Everyone has the same chance to pass. During my journey I have proved that it's not a matter of time, nor it's a matter of support from the company or how many resources you have. It's all about the mindset.
And other than being positive, you should develop ability to be adaptable as well, to make you ready for any surprises in the lab. You should know how to analyze a problem and use the right approach to solve it. This is required to ensure you can understand the requirements in the lab and choose the right method to answer. You need to be able to make decision and handle situation under pressure within limited amount of time. And you don't risk your life in taking this CCIE anyway! So relax, try your best to be prepared, extremely prepared, but in the end if you make mistakes and fail, you lose nothing but the cost to take the lab. On the other side you will definitely learn something from your failure and gain more than what you lose.
So again, Everyone has the same chance to pass.
If someone tells you the otherwise, ask him to talk to me ;)
12. Enjoy every moment of it
What's the point to do something if you don't enjoy it? Again, this is the reason why Step 1 is very crucial. It's very important to follow your heart. Because pursuing CCIE requires you to be focus and consistent, so it will be difficult if you don't know why you want to do this in the first place. You must sacrifice your spare time and social life so it's really important for those around who care to you to be part of the game. Discuss your plan with them and try to still make some contact with other human beings when you are not geeking out in the lab.
I remember when I did my security I still spent some time with my family to go to the beach, even my mind was in Firewall-ACL-to-allow-BGP-traffic-with-NAT and IDS-fine-tuning-to-send-alert-only-after-certain-hits. I sacrificed my sleep to gain extra time to study. I sacrificed my lunch. I sacrificed my time that I normally used to chit chat with colleagues. But I still had fun doing my lab since at the same time I played the Matrix or the Simpsons next to my hyperterminal. And not to mention all those Linkin Park songs that I used to play over and over continuously.
And when you are preparing for CCIE, be in the moment. Make a 6-months study plan but do one thing at the time. If you haven't passed the written then do this as Step 0. If you haven't setup the lab then start reading documentation about the emulator or search for the hardware on ebay. If you must deal with busy schedule at work, try to have fun by read CCIE material in between your busy time or steal some time by locking yourself inside the toilet and read in there (I'm still doing this until now!). Feel every aspect of the journey. Be grateful when you have even a very short time to make progress in your study. And always try to enjoy every moment of it.
Okay, let's say you pass. You may ask: now what?
Don't ask me. Ask yourself.
CCIE is just the beginning of a bigger journey. There are several other CCIE tracks to chase or other exciting things to do in life such as working in large scale project where you have to use all your technical skills along with your ability to handle much complex situation. But frankly speaking, until now I still haven't found another journey that could offer such tense atmosphere, learning experience, wide coverage of technology within short time, and fun all together outside CCIE. All the time was just for me and my lab.
As I wrote in my own post after I passed my 3rd lab:
CCIE was the only time when the world makes sense.
Have fun, everyone.
Subscribe to:
Posts (Atom)