The old domain name for this blog was “ethanbanks.net”, and lots of folks still link to that. I will be killing that domain name in the next several hours. E-mail to that domain will still work, but HTTP requests will not. That means that you should update your links, blogrolls, and bookmarks to cciecandidate.com instead of ethanbanks.net.
Thanks for your help with this!
When I passed my CCIE R&S Lab Exam in 2001, I remember both the jubilation and exhaustion of the moment. Also the loneliness, after all, my wife and children had been without a functional partner and father for more than year, and they were not there with me at the final moment.
Let me explain.
I’ve opened up the comment function so that you no longer have to register & log in to comment. Let’s see how it goes. I have a feeling I may need to ratchet down the spam filters a bit tighter.
This article is a follow up to CCIE R&S Syllabus, Part 2…
Q: I’m ready to start preparing for the lab exam. Where do I begin?
A: To start preparing for the lab, you should have a good idea of what you’re up against. The CCIE lab exam isn’t merely a technical exam. The lab exam is also a test of your organizational skills, time management, and attention to detail.
Q: Okay, I understand what I’m up against. So now, how do I start learning the blueprint technologies?
A: In my opinion, the first thing you should do is get comfortable configuring the blueprint technologies individually. By working on individual technologies first (and NOT doing full-scale CCIE practice labs), you will gain the breadth and depth you need to be successful. Yes, it is possible to step right into full-scale practice labs and just “go for it”; in fact, I did exactly this. In hindsight, I believe the “go for it” approach is a mistake, considering there are vendors offering technology-specific CCIE-level practice labs.
Q: I’m ready to tackle full-scale practice labs. Now what?
A: Several vendors offer full-scale CCIE-level practice labs. Most of them offer a free sample lab you can actually do to give you an idea of their approach. The labs offered by these vendors are intended to teach you complicated technical issues that face CCIE’s, time management, and an organizational approach to the lab exam.
What you get out of these practice labs is largely up to you. The more time you spend understanding challenging scenarios and how to solve them, the better you will prepare yourself for the actual lab. Racing through these practice labs while relying heavily on the answer key to get the lab working will prove insufficient. Practice labs are tools that teach complex scenarios and resolutions, not simple questions and answers. The practice labs can also be used as exam simulations that you use to gauge your time as well as your overall attack strategy.
In general, all of the notable vendors offer practice labs that include topology diagrams, task lists organized by technology, and annotated answer keys that explain the solutions to the various tasks. In the series that I’ve seen, labs are not necessarily sorted by order of difficulty. You might assume that the first practice lab in a given series will be “easy”, with subsequent labs being more challenging. That’s not necessarily the case.
No doubt, there are other vendors that could be mentioned. I only mentioned the vendors I am most familiar with. Once you start poking around, you’ll find that practically every vendor offers some sort of “end to end” program, where they’ll take you from start to finish through the CCIE program using only their training materials. I did not use this approach, in part because of the expense of most of these programs. Many people prefer the “one vendor” approach, however.
Q: I’ve completed a ton of practice labs, but I don’t know if I’m ready for the actual lab exam just yet. What can I do to bolster my confidence?
A: If you think you’re about ready the take the lab, a good reality check is to take a mock lab. A mock lab is a timed, graded lab that is as close the real thing as you can get without making a trip to a Cisco campus. You will connect to a rack remotely via the Internet
The mock labs are nice in that they give you a good idea of where you’re really at. Beyond the technical challenge the mocks present, you are up against a hard deadline. Your rack is no longer accessible at the end of 8 hours. That brings a sense of reality to the mock lab exam that a practice lab doesn’t quite give you, even if you tie yourself to a clock.
In the next “syllabus” article, I plan to address how to obtain a practice rack, and how to juggle your work/family/etc. schedule to make room for CCIE preparation.
_
I’m looking for people to contribute to CCIECandidate.com. All of the following types of content are of interest to me:
If you are interested in contributing to CCIECandidate.com, unicast me with an example of your writing. If I like what I read, I’ll set you up as an author and send brief instructions explaining how to post articles.
I got this fascinating tidbit in my mailbox a little bit ago from InternetworkExpert.com:
Reno, Nevada, June 25, 2008 - Internetwork Expert, Inc., a pioneering leader in Cisco CCIE Lab Exam training, today announced that Scott Morris (CCIE #4713), a four-time CCIE, has joined the company as a CCIE Instructor.
Scott Morris has been in the Cisco networking industry for over 12 years and belongs to an elite group of engineers worldwide holding four CCIE certifications. Scott was one of the first individuals to pass the Cisco Design Specialist certification in 1998, and soon after passed the CCIE Lab Exam in Routing and Switching. He then went on to obtain CCIE certifications in ISP-Dial, Security, and Service Provider. Scott is currently preparing for the Voice CCIE, and the newly announced Cisco Certified Design Expert (CCDE).
Prior to joining Internetwork Expert, Scott was Vice President of Technical Training and an Instructor at IPExpert. While working at IPExpert, Scott developed and delivered CCIE classroom training, as well as initiated new product development. Scott is currently a regular columnist for the TCPMag Journal.
Scott can be reached at smorris@internetworkexpert.com.
From my perspective, this is a very big deal. It will be interesting to see the effect that Scott has on IE’s already reputable training material. There’s a lot of very good CCIE instructors out there, but when it comes to name recognition, IE now has “The Big Three.”
So since a couple of people have asked, I guess not everyone is reading the groupstudy mailing list. I passed the lab on my first shot last Thursday. It was just like everyone warned me it would be - tough, but fair. Also it was more straight-forward than most of the vendor labs, but that may be because they don’t want people to bug the proctors too much. The proctors were nice enough, one got grouchy with me so I switched to the other one (I tried to load-balance between the two but one didn’t show up until later).
Since I wrote a long-ass email to groupstudy, I’ll just cover what I think is newer ground - the few days before the test, and the few days since. A brief intro regarding the last month is in order too.
Leading up to the test I was fortunate enough to have a class about 7 weeks before my exam, and have a manager who understood the gravity of the situation and let me study for the last three weeks. On the other hand, studying full-time is actually much harder than working if you’re taking seriously, and I don’t think I’ve ever pushed it out like that in my life.
Since I’d worked through every technology individually via IE Volume 1 and Narbik’s material, I just needed about a month to pull it all together via labs. I finished the four IE Volume 2 labs, repeated two of the ones I had done previously, did both Cisco Mock Labs, and did the first seven of the IE Volume 3 labs. I was actually failing the labs most of the time. The Cisco ones I got creamed on, something like 46% and 52%. But I was nailing down my methodology and the remaining technology. The individual technology breakdowns are my preferred method of learning, but they don’t cover redistribution. So I needed work on that, and IE Volume 3 stepped up and tossed a few beatdowns on me there.
Just as important was the methodology. I drilled and drilled and drilled, until by the last 4-5 days I felt that if I had the opportunity to move my test up I could have done pretty much the same. By “methodology” I mean specifically:
All of this typically took me about 45 minutes, so when I got into the exam and hadn’t touched the keyboard almost an hour into the exam, I wasn’t panicked or upset. It was just another day in the lab.
Worth mentioning is sleeping pills. I used Unisom to sleep the night before the exam. It’s over the counter, and I took a couple (one at a time) a few times in the preceding weeks and made sure that if I took one at 8pm, I could perform at 8am the next day. Don’t go into the lab tired, but don’t leave that kind of thing to chance. I actually still had a little trouble sleeping, but managed to sock away about 6 hours.
I think the last week was the hardest. I had finished my preparations, but still felt compelled to cram and pound through everything possible. What if I stopped cramming too soon and missed that one little piece of the puzzle that would have allowed me to pass? That’s a crappy way to think; it’s illogical and counter-productive. You don’t pass or fail based on the last week of study, you pass or fail based on the previous 6+ months. As I said in an earlier post, fights are won in the gym. And not in the gym two days before go time.
So some advice and tips regarding the few weeks and days before the exam, which are increasingly stressful.
These are the most and least stressful. On one hand you aren’t under the gun pounding on labs, on the other hand you have this incredible weight just sitting on your chest. The idea is to forget entirely about anything CCIE-related unless you’re actually studying or doing some of the logistics around it (paying, making travel arrangements, etcetera). Every now and then you remember that you’re about to test and you heart thuds, but that’s fine, just start thinking about other things again.
My attitude changed a couple of days before the exam too, and it actually helped. I got pissed. Here I was killing myself for over six months, and I put in over a year of total study time, culminating in three weeks of what amounted to a self-driven boot camp.
And I’m nervous?
F*&^ this lab! That’s right, right where it hurts. I decided that if the lab exam was a person I was going to do the equivalent of knocking its damned teeth into its face. The lab should be afraid of ME. Punk ass lab.
This helped tremendously, although your mileage may vary. When I’m scared of something I find the most effective tactic is often to blitz and attack it, which is how I got into computers in the first place. Since my really stressful past experiences revolved around fights, I just treated this like an opponent. I had done my job preparing, now I just had to go do my job in the ring/on the mat. There’s always the chance for a lucky punch, but I prepared thoroughly enough that I didn’t care. If I catch a KO shot on the jaw, I’m coming back, and back, and back again. That punk lab can’t get lucky over and over, and when that luck runs out and I get ahold of it, it’s a choke time.
So my overly aggressive, testosterone-driven fantasies of violence against a fictitious being named “lab” actually worked. I relaxed, up to and including the moment I walked in and sat down to start the exam.
At 3pm I had finished everything but about 3-4 skipped tasks. I stopped working on those, rebooted the whole lab while grabbing a chocolate break, then verified everything. Word for word verification. I caught two really dumb mistakes and fixed them, asked a couple of questions, tweaked a couple of things, and felt comfortable at the end that everything was as right as I was going to get it. Then I went after the skipped tasks. After finishing all of that I had another 30 minutes to fart around, so I re-verified things like neighbors, route tables, etcetera. I walked out of there cautiously optimistic, thinking I had passed, but knowing that the steps to CCIE status were littered with the broken spirits of those who found out they had failed and had no idea why. If I had failed, I would have had no idea why.
So after the exam I headed over to Micro Center nearby (after a pizza and beer) and messed around for hours. The place was pretty much empty so I got to play Call of Duty 4 on a huge LCD for about an hour, blowing off terrorist heads to my blackened heart’s content. The email came in at about 10pm, and I can tell you that hotel wireless was really pissing me off when I couldn’t get the whole CCO page to load (I have about 90% chance of horrid service when I use hotel wireless). After all the prep and psychology, my pulse started to pound and my breathing felt shallow and fast. I thought that passing scores were communicated in the email notification and only fails made you log in before giving you the status, but when I finally got in it was there - my new number. Dude … the “PASS” is really small. You get there and you’re all nervous, exhausted from the lab exam, and your eyes are skittering all over; we should petition Cisco to make it triple the size or something.
I triple checked the results, refreshing to make sure it wasn’t some typo that someone noticed and fixed a minute later. Then I called my wife back and we celebrated - me getting my life back, and her getting her husband back, minus all the snappy a-holeness that she’d increasingly dealt with over the last year. Then I started writing apology emails, announcing that I’d climbed the mountain and would start being a real friend/family member again, just give me a month or so to make the initial rounds.
I played video games Friday. Then again on Saturday. Oh yeah, and on Sunday too. I broke it up by hanging out with my mujercita doing things like eating chocolate crepes and drinking some nice loose-leaf Earl Grey at a relaxed pace. After all, suddenly I had nowhere to be! She wanted a cup of coffee after brunch, and when I waved my hand and said go for it, we’re in no rush, she said she liked the new me a lot better.
I also broke up the gaming by spending about $3,100 on a new gaming rig with a 30″ LCD, an Ubuntu book (so I can run Ubuntu natively and virtualize XP for gaming), and a pair of games.* My current monitor is the best one on the market … the 2000 market. My desktop is from 2002. So I got 8 years out of the monitor, and 6 years out of the computer. At this point my CPU is starting to peg for a few seconds when I open a crowded web page. So not only do I need something new - legitimately need, it’s starting to hurt - but I earned this.
I’ve also had great fun erasing all of the IE Class on Demand classes that I put into mp3 format to listen to in the car. I’ve erased most of the material like that that I either can’t share or realistically will never look at again. I brought 7 books into work that were strewn about my den floor, the thinnest one being about 600 pages. Today I brought Narbik’s books in for reference (I’m already sending the next candidates to him, so if they peek it’s not really a crime), and tomorrow I’ll bring in the IE and Unitek material for recycling at work. So I’m not only getting my life back, I’m reclaiming real estate. Just shutting the SSH windows into my lab was fun when I got home Friday morning. I had actually left them open before leaving for San Jose for the express purpose of savoring the “last closure” in case I passed. Man, that worked out well.
* The monitor showed up this morning, it’s frickin’ huge. I can’t wait to march the armies of medieval Europe across it.
Finding myself in the spotlight over the past couple of weeks has given me pause for thought. Why was I lit up like I was? One important part of that answer is that I purposely made myself easy to find. My name isn’t that common, although googling my name comes up with an athlete (decidedly not me), a youngster living in the great state of Oklahoma (again, not me nor a relative), as well as me, myself, and I. But in the confines of the Cisco networking community, if you see my name in a comment on a blog or in a forum by my name, it’s probably me. Yes, it could be someone pretending to be me, I’ll grant you that, but how often does that happen, really?
I made a conscious effort to be accessible. I got involved with Facebook and LinkedIn, making sure my public profiles were searchable. My resume was online in several places, complete with a detailed work history. If you poked around whois or ARIN, you would have found me there (and still can on a few records). I used my real name when I commented on blogs. On all sites that supported a headshot via profile or gravatar, I used the same picture, an actual picture of me. I ain’t pretty, but the point of the headshot was to bring even more unity to my online presence. I cross-linked this site everywhere I could without being a jerk about it, in an act of “brand-awareness” to use marketing lingo.
When I found myself blinking in that excruciatingly bright spotlight, I was uncomfortable. I didn’t like being quite so accessible. I even found it scary/nauseating as I reflected on just how much information about myself that I’d made freely available. A little obfuscation can be a good thing, I’ve decided. So in the “for what it’s worth” department, here’s some things I’ve done to try to get back under the radar a bit. Most of you do some or all of these things already; I know that. I’m getting with the program a bit late.
I have a lot more work to do to further obfuscate my online presence. I’m addressing those things. There have been some immediate rewards in the actions I’ve already taken. My spam volume has gone down tremendously. Some of my time has freed up. You wouldn’t think Facebook or LinkedIn would take time, but they do - just more places to receive messages, more profiles to maintain.
What do you think about online privacy? How do you balance the desire to be accessible with the paranoia that someone might use that information against you? Has what happened to me freaked you out at all, assuming you participate in online communities?
I spoke with CertGuard yesterday, and we agreed that it would be appropriate to post this letter from Robert Williams on the CCIE Candidate blog. Several others received this letter via CC. The letter (in italics) follows.
Formulating an apology to such an important topic has not been a simple task; especially when I have been trying to take into account the opinions and concerns of not only Ethan himself, but every professional who has taken the time to show their support for him.
I felt that an apology of this caliber required something more than just an empty “I’m sorry” and for that reason I have taken the necessary time to reflect on all of your comments (and mine) numerous times. It is for this reason that I have taken so long in getting a public apology out to Ethan and to the public. I sincerely hope the apology provided below will satisfy everyone involved or affected by my actions.
For those of you who are not aware, NetworkWorld has pulled the blog and I have written Ethan a personal apology for my actions, but also feel that a public apology is necessary for the good of the community as a whole. My intentions were never to harm Ethan, the IT industry, or the certifications everyone of you is diligently working to earn. I made a mistake by publishing Ethan’s name and website in my blog. I’m human, I make mistakes. One of the great qualities of being human is that we have the ability to learn from the mistakes we, or others, make. I assure you that I have learned from this and promise that it will not happen again. My deepest and most sincere apologies go out to you and your family Ethan.
I would like to further apologize to those of you that I offended in my responses to your concerns. These responses were unwarranted an I deeply regret offending anyone. The only goal I have ever had is to help those individuals that aren’t aware of the dangers of braindumps. I agree, I went off the deep end when I saw the comment posted by someone purporting to be Ethan; and for that I apologize to everyone. I assure you it will never happen again.
I wish you all the best of luck on your certifications and your careers.
Best Regards,
Robert Williams
The outpouring of support I have received from the CCIE community has left me awestruck. I received e-mails, phone calls, and other messages of encouragement that helped keep my spirits up. Although the existence of this blog might imply otherwise, I’m not a person that craves attention. I’ve found all of this very embarrassing.
I took this site down as a direct result of the article; it was a knee-jerk reaction. With that article in print, I didn’t want to think about this stuff anymore. By blogging about the CCIE candidate experience, I made myself a target. I felt like I’d killed myself for 16 months to finally pass the lab, only to have that effort desecrated because of an ignorant couple of comments I made. The feeling I had about the article was sickening, as I’m sure you can imagine; the only way I could avoid that sickening feeling in my gut was to just not think about CCIE-related things.
The last few days have been amazing to watch. As the CCIE community got wind of the article, bloggers started posting about what was going on. The next thing I knew, there was this attitude of collective outrage against CertGuard. You folks are calling for CertGuard to make a public apology to me. I even read tonight that there’s a petition going around to get Robert Williams banned from posting on NetworkWorld. This thing took on a life of its own; I didn’t ask for anyone to go after CertGuard. In all fairness, I know this wasn’t about me, not exactly - it was more about how the article attacked someone, and how folks sensed the injustice of it and reacted. And wow - what a reaction!
So where do things stand now?
I want everyone to know that I have no angst or bitterness towards CertGuard about any of this. The soap opera ends here, as far as I’m concerned. I hope we can all get back to writing and studying now. 
Again, thanks to all of you that helped bring about this outcome.
I am hoping that the server stability problems I was having a week or so ago have been resolved. I re-imaged the server from scratch, so the memory leak should be a thing of the past.
But the server stability wasn’t why the site was down for a week. I took the site down on purpose for other reasons I think most of you are aware of. More on that in a bit.
Today’s lesson - on multiple points of mutual redistribution, always use tags. Even if you think you can do it without them, just use them.
When I finished reading the lab through and updating my diagrams, I looked at my IGP redistribution requirements and knew I was going to take a beating. I think I actually caught the diagram giving me the finger when it thought I wasn’t looking.
Taking too long on a single, unskippable task is one surefire way to fail the lab. It has a ripple effect on every other task you perform after it. IE Volume 2, lab 7 has one of the more brutal redistribution sections, and it took me 2.5 hours to get it working right. The technology is hard enough to deal with, but after about the 5th tweak, you’re also fighting yourself as time ticks away, you start to get flustered, and you start making silly mistakes.
What’s worse is that when you finally finish, you’ve wasted so much time that you have to rush through the rest of the tasks. Not only do you end up skipping things you know you can do but just take a while (for me that’s IPv6 with its wonky, typo-inducing addresses), but you start making dumb mistakes because you’re now in a hurry. When you make dumb mistakes, things don’t work even though you know you’re doing it right, and now you get even more flustered.
Perhaps the most frustrating part is leaving tasks undone that you know you could have done if the 2-hour nightmare task had taken 30-40 minutes. I stopped at 8 hours last night and had skipped 22 points of tasks I couldn’t make it back to. I went back this morning and did all but 6 points worth of them in less than an hour, only skipping two stupid L2 QoS tasks regarding the Cisco IP Phone, and an IP Mobility task. To try and cherry-pick my post-reachability points I skipped all IPv6 and QoS - two areas I’m decent enough at, but take some time.
I blame heavy metal.
In an effort to avoid smashing my monitor with a hammer, I’m going to find some silver lining right now. I was pretty happy with my ability to do several things that I had no idea how to do a year ago, and do them quickly, accurately, and with a minimum of looking things up.
- Endpoint #1
- It’s uplink port that needs to be in tunnel mode
- Any trunks in the middle, so I know where the transit VLAN needs to traverse
- The other end’s uplink port
- Endpoint #2
Far and away my biggest obstacle right now, IGP summarization is really kicking my butt. Or is it? I don’t know, every time I get a wacked out scenario like this one I take forever. Every time I get anything with a difficulty rating of less than “insane” I actually do ok. The problem is of course I have no idea how hard the IGP redistribution will punch on the exam.
This time I thought I’d figured out the “distance” approach well enough to not even use tags at all, which was pretty stupid. An interesting experiment, but in the end really stupid. Did I mention stupid? When I look back at what they asked me to do and think about how long it took me I get the shivers. It wasn’t that bad; I should have had it in 1 hour tops. The good news is the Volume 3 labs are all IGP heavy and the ones I’ve looked at all have redistribution, so I’ll be getting a lot of practice this week.
Outside of the redistribution and some oddball non-core tasks, I could actually do everything fairly quickly in a lab that I remember as being a nightmare. Most of my mistakes were dumb ones that I think I would have caught (at least a good number of them) if I hadn’t wasted 25% of my lab time on one task. One bullet point of one task to be more precise.
So I don’t know what to make of all this. What would old Jack Burton do at a time like this?
Keep on truckin’ I guess.
Just thought I’d stick another song in everyone’s head. At any rate, after moping around this weekend I realized that I wasn’t bored, and I sure as hell wasn’t overconfident or finished preparing - I was burnt out. I had been drilling for something like 9 days straight and just ran out of gas. So yesterday I spent the day dodging yet another gay pride parade*, eating crepes, refreshing the mohawk, and building massive castles (my desktop is 6+ years old, no new toys until after the digits).
I then spent all day today receiving a sound drubbing from IE Volume 2, lab 7. This is one that I specifically told Ethan to stay away from when he asked for referrals for the last week or so of study. This lab and lab 14 stuck in my mind as particularly painful, and now I remember why. I’ll go into obscene detail tomorrow, today I have a bridging post I wrote last week and never published because I suck.
I also started trying to get in bed by 8pm to acclimate to the 8:15am start time. I can get up in plenty of time to start a lab at 8:15, but I realized I have another problem this morning - tea. If I get up at 6am and drink a cup or two of tea as per the norm, I have to use the restroom about 10 times, starting at about … 8:15. Damn, there’s one out of left field. Whatever, let’s start the show.
I have never been able to wrap my mind fully around Concurrent Routing and Bridging, and Integrated Routing and Bridging. They aren’t very difficult topics, but when I was trying to learn via mock labs some months back, I would start learning about CRB/IRB, then after I figured out the task I moved on. Since it’s not a very common task, I pretty much had to relearn it every time, and neither IE Volume 1 nor Narbik’s workbooks hit on it (or if one did I missed it somehow); I never really sat and plunked at this technology.
I was actually aware of this hole in my armor and was still on the fence as to whether I would spend the time to learn IRB or just gamble that I didn’t get it. After all, it’s got to be a low percentage right? Well, the problem is that it’s a requirement for general connectivity. I can cheese my way around it, but as in the case of IE Volume 2, lab 20, to do so I would have to violate the rules of the lab in several ways - add at least one IP, use one multi-point FR subinterface instead of the two on the diagram, change the subnet mask of the existing IPs on the bridged subnet, etcetera. That cheesing alone might annoy Cisco into failing me, and I can’t skip it since that would break connectivity to two devices entirely. So I hopped into my Dolorian and went back to the time when people argued about Token Ring being faster than Ethernet, especially at high rates of utilization (it was, you could run it really hot), and FDDI was so hardcore it was just for NAPs.
To learn about this technology, I had to hit the IBM section of the configuration guide, which was somehow covered in dust, and the IRB/CRB documentation is lumped in under the transparent bridging, which makes it pretty tough to find if you haven’t already found it. Hmmm.
One of the problems with using the DocCD to feel your way through an IRB/CRB section is that the examples, which in other sections you can almost copy/paste, all have weird crap in them like IPX and Appletalk. So if you aren’t comfortable with bridging (and if you’re looking there, you’re not) it’s difficult to figure out which lines are not applicable to IP/IPv6.
Just turn off IP routing globally on the router and put each interface into a bridge group. What you’re actually accomplishing is to put both subnets/vlans in the same broadcast domain.
no ip routing
int e0/0
bridge 1
int e0/1
bridge 1
bridge protocol ieee
That’s pretty much it. You got your connectivity, and all you had to do was kill >90% of the functionality of your router. Really, your boss will thank you. Especially if you use the word “hub” when you explain what you did.
This is the next step, where you can bridge two broadcast domains like in transparent bridging, but without disabling IP routing globally. You’re effectively turning the router into a router and a switch, like the old Catalysts where you had two different CLIs - one for the switch, and then another one on the router-processor that you had to open a session to. So you have to pick whether a router will route or switch on a given interface.
bridge crb
ip routing (don’t disable)
int s0/0
no ip address
frame-relay map bridge [DLCI] broadcast
bridge 1
int e0/1
no ip address
bridge 1
I made the first interface a serial to show off my fancy frame-relay map statement. In case you get bridging and can’t remember exactly what you have to do to make it work over FR, search for “frame-relay” in the configuration guide, it lands you on the actual command. You can’t move packets between a routed interface and a bridged interface without having an interface route between them.
IRB lets us set up a “BVI” (Bridged Virtual Interface) and uses it to move traffic back and forth between the bridged and routed networks. A BVI seems to work just like an SVI, and once I made that connection it made much more sense. Then I went back and listened to the Bridging part of the IE Class-on-Demand, which I apparently shouldn’t have skipped, and they went into that angle in more detail.
bridge irb
bridge 1 protocol ieee
bridge 1 bridge ip
bridge 1 route ip
interface bvi 1
description Put all layer 3 options here
ip add 1.1.1.1 255.255.255.0
ip access-group 10 in
Finally, you can bridge non-routable protocols between SVIs and native L3 interfaces on Catalyst switches. Why would you want to do that? Well, if you need to justify CapEx for the new fiscal quarter you could bridge some legacy M$ networks running NetKablooie and make sure the interfaces are graphed in MRTG for management. Another reason is the 3550s can’t route ipv6, so it’s bridged.
You can’t enable ieee as the protocol to be bridge on a Catalyst because they are already running STP, instead you use “vlan-bridge”, which makes sense if you think that the original transparent bridging feature allowed us to merge subnets and vlans into a single broadcast domain. Only two commands:
bridge 1 protocol vlan-bridge
int vlan 567
bridge-group 1
int fa0/4
bridge-group 1
The syntax is simple, but obviously if you never use it you’re just going to forget it. But fortunately the DocCD has it under “Configuring Fallback Bridging” in the 3560 configuration guide, so it should be an easy win.
* Seriously - the friggin’ cop cars in West Hollywood have rainbows on them. The fight’s over - you won. We’re all cool here, all buddies. Can we stop blocking traffic now? No one has to shut down one of the busiest streets in the city to make a point, we get it.
Random tip of the day - When you’re at a restaurant with your wife and she asks you if there’s anything on her face, “nothing worth mentioning” is not the right answer.
I seem to be going through phases. Last week I oscillated between panic and calm, now I’ve moved into boredom. I just wish this stupid test was over. I remember this feeling from college; I would always prepare responsibly for finals, and the last few days were just annoying since I’d gotten as prepared as I could be. I’m not quite as prepared as I can be, but I’m almost there.
I did IE Volume 2 Lab 4 on Friday. It had a couple of interesting looking things when I skimmed it, and I figured I’d see how I fared on a level 6 difficulty lab. I guess it’s good news that I was bored. I finished in about 6.25 hours, but I could tell I was going really slowly the entire way. I just couldn’t muster the energy to care. It was interesting to see that some things I was scared of before (like mutation maps) were just something I looked up to be sure, but did 90% from memory.
I still missed a couple things, and there were three tasks I didn’t know how to do.
This is a dangerous time for me. I’ve lost the bulk of my fear of the lab because outside of some really weird situations I’m not having much trouble anymore. The problem is that this isn’t some Micro$oft test where if I fail I just shell out another 300 clams and drive back to the local junior college to take it again. I’ve been studying for 13 frickin’ months now and I’m in danger of blowing it because I can’t find the drive in the last 10 days. I even had another one of those nasty multi-protocol redistribution scenarios last night in IE Volume 3, lab 4, and I nailed it. It took me about 1.5 hours, but about half of that time was me piddling about looking for the problem, which turned out to be my clumsy self putting the correct distance-adjusting command on the wrong IGP, but only on one of the two core routers.
I know I’m still weak in a couple of areas, like NAT and bridging, and I could use a full-scale review of my notes to clean up some things I learned and promptly forgot; this is exactly the wrong time to sit around navel-gazing. So I’m going to get my hair cut today and try and get my edge back.
“Peace you wolf of hell! Choke back on your bile and let its venom blister your throat!”
Virgil, The Inferno
So we all grow up redistributing between two routers running different protocols, typically some combination of RIP/OSPF/EIGRP. The easiest and surest way to avoid looping is to tag the routes before they get redistributed, then deny routes with that tag from being redistributed in the other direction on the other router. You can use distance, but I never really bothered boiling that down to a science beyond dropping the distance of RIP on an isolated router. This really left me exposed when I suddenly had to redistribute three protocols in all sorts of directions on multiple routers.
Being stuck on something core that has no workaround (beyond static routing…yeesh) really made me nervous, so I asked the two R&S CCIEs I work with. It turns out one of them had developed his own methodology for exactly this mess. It’s not a shortcut. It’s not easy. It’s not fast. There’s really nothing for it I’m afraid. This is a crap situation that takes time to unravel. There are three basic steps:
In the case of IE’s Volume 3, lab 3, I was looking at:
I won’t bore you by typing out the directions, because here’s the picture.
And here is the chart for the redistribution points
Finally, here are the routes (they include the routes I was learning via IGP from the backbone routers)
RIP1 nets
30.0.0.0/14
31.0.0.0/14
190.1.4.0/24
204.12.1.0/24
10.4.4.0/24
10.4.4.4/32
10.5.5.0/24
10.5.5.5/32O nets
190.1.34.0/24
150.1.3.0/24
190.1.135.0/24
190.1.17.0/24
150.1.7.0/24
150.1.1.0/24
150.1.5.0/24RIP2 nets
190.1.3.0/24
192.10.1.0/24
205.90.31.0/24
222.22.2.0/24
220.20.3.0/24E nets
190.1.0.0/24
190.1.5.0/24
200.0.0.0/22
150.1.2.0/23
150.1.6.0/23
150.1.8.0/23
54.1.1.0/24
After applying this methodology I figured that all I had to do to protect routes from other protocols was change the distance on some RIP routes on each redistribution point. I ended up having to filter some routes in a couple of places also, but that was pretty obvious by looking at the diagram.
The result was successful end-to-end IP reachability, but it took me just shy of 2 hours to do it, test it, and fix little odds and ends where necessary. There were two spots where I had to redistribute connected, and two spots that needed tags. So this methodology gets you 95% of the way there, just like the guy who showed it to me told me it would.
So what’s so good about a plan that takes 2 hours and still leaves something hiding in the closet? Well, prior to this, the redistribution in this lab took me 3.5 hours, and I *think* it was correct. Here I have a list of exactly which routes need to be seen where, so I know if it’s right or not. No more icy trepidation when I launch that post-redistribution ping script. No more beerbuzz from all the circular logic of tags, and by using bidirectional tags in this case, the logic was extraordinarily hard to keep track of. No more “spray and pray” troubleshooting, because now if something fails I have a really solid starting point for troubleshooting.
Also, it took me almost 2 hours because it was the first time I used this method. Unless you’re some kind of idiot savant, the first time you do anything you’re going to suck at it. After a couple more scenarios like this I’ll be at under an hour, and that’s just for the crazy complicated redistributions like this one. A normal one I can already bang out in under 15 minutes most of the time.
“Whip that cream baby till the butter comes…”
The Cramps, Cornfed Dames
I can’t claim to have come up with this methodology, but I can say I pounded it into my head and have obsessed over this for the last few days until I finally got it. Since I already copped to being a grappler, I can draw another parallel. I was never very strong for my weight, more lean and lanky. I wasn’t slow, but certainly wasn’t the fastest guy around. A lot of guys have better technique, or are more experienced. The way I won (which by no means is to say I always, or even usually, won) was typically by never ever giving up. If you flat-out lose, then you lose. But until that moment, attack, attack, attack; weather what storms you must, but never give up. If you reach down inside, there’s always something more of yourself to give, and I think that’s what the CCIE is about. When everyone in the room wants to quit, and no one would think ill of anyone who did, the guy who doesn’t is the one who takes home the gold.
Also, thanks to my co-worker Yue Min for explaining this garbage to me. It actually helped him keep things straight when IS-IS was on the R&S, so it worked for four IGPs. He said he wanted to share it back when he was studying, but he’s Chinese, which means that aside from making us all laugh when he says the letter “L”, he didn’t think he could really explain the idea. Yue is hilarious, a true engineer in most annoying sense of the word. I like to sick him on vendors when they show up with pre-sales engineers, because he’s so damned detail-oriented and nit-picky that by the end of the meeting at least one person on the vendor team is trying to figure out how to run away from him without being too obvious. He’s not even trying to be a pain, he just notices all the nuances and implications so quickly that he nails people on precisely what they’re trying to steer the conversation away from.
Here’s to Yue!
