Getting motivated

Sorry for not much posting lately.  Time has been getting away from me.  For some reason, I’m struggling a bit this week to stay motivated.  I actually tried to have a bit of a social life last weekend.  It was fun, but it definitely got me out of my routine.

During those times when you’d rather do most anything but study, how do you get back on track?  For me, I try and focus on the reasons why I started down this path in the first place.  Fortunately, I have a number of strong motivators.  Some are family related, and some are more selfish.  But they all push me towards the books and lab.

For those of you out there who are also on the CCIE path, I hope you have taken the time to define your reasons for wanting to do it.  If you haven’t already, write them down.  If you can, find some reasons beyond selfish ones.  Take a minute to read your list every so often to remind yourself of why you’re doing all of this.  It should help keep you motivated and on track.

Home lab setup

When I was studying for my CCNP, I had purchased a home lab to practice on.  Now that I’ve been working on my CCIE studies, I decided that I wanted to invest in upgrading my lab as opposed to relying on rack rentals or Dynamips as I use the vendor workbooks in my studies.  So last week, I ordered a whole bunch of routers to get my lab to a place where I could replicate both the Internetwork Expert and IP Expert lab setups.  It’s not quite where I want it to be in terms of the switches.  But it’s good enough for the time being until I can afford a few more layer 3 switches.

Here are a few photos of my lab.

I really should have taken a picture before I plugged in all of cables.  Maybe when my lab moves to its new home in the basement (once it’s finished) I can take a picture sans-cables.  Until then, here are the devices from top to bottom.

2- Catalyst 2950 switches with enhanced image (I eventually want to replace these with 3560s)
2- Catalyst 3550s w/ PoE
5- 2610XM routers
3- 3460 routers
1- 2522 router (frame relay switch)
3- 2501 routers (backbone routers)
1- 2511 router (access server)

For those that didn’t do the math, there are a total of 17 devices, which fills up my entire rack.  So I am at capacity in more ways than one (both in the rack and on the access server).  The happy sup rise was that all of this is able to run on a single 15 amp circuit.  I was half expecting to blow the circuit as I was powering on the final 3-5 devices.

Now the only hard part is going to be keeping myself from buying either RockBand2 or Guitar Hero: World Tour.  As long as I can do that, I should be able to get some good lab time in this winter.  Speaking of which, we got our first snowflakes in the Twin Cities are of Minnesota today.  Fall goes by way too fast.

The battle for CCIE training vendor supremacy

There seems to be a bit of marketing war going on with the CCIE training vendors lately.  CCBootcamp took a shot at Internetwork Expert in their blog last week.  IP Expert released a study that they commissioned by the Tolly Group comparing IP Expert and Internetwork Expert in terms of value (guess who won?).  Internetwork Expert also calculated some updated numbers to show that they are the industry leader.  Of course, this comes at a time when Cisco throws their hat into the CCIE training ring.  Plenty of shots have been fired at them as well.

Is it me, or does it almost feel like the political races?  Maybe everyone has caught the campaign fever .  Obviously, every company wants to feel that they are the best.  Or at least are the best in some facet of their business.  Outside of Cisco, who has yet to release their training program, all of these companies have had some pretty good success with helping people to earn their CCIE.  So they all must be doing something right in one respect or another.

Personally, I like it when the customers do the talking.  Their reviews are usually a bit less biased that what you’ll get from the vendors.  I think in the end, the “best vendor” is going to be different for different people.  It all depends on individual needs and how each company’s strengths meet those needs.

Rock the vote!

No, I’m not talking about the presidential election.  Although, it’s important to vote for that too.  I’m talking about voting for your favorite blogs on IP Expert’s new CCIE>Blog site.  It looks like they changed from a 5-star rating scale to a good/bad voting method.  I think that’s a good change, as most every site that was rated before was 5 stars.  Not much differentiation there.  Now, it makes it easier to see the more popular sites by number of votes instead of just a star rating.  Also, it prevents some brand new blog with a single 5-star vote from shooting to the top of the list.  I have already gone and voted for the sites that I visit on a daily basis.  I think I even got the first ever vote registered.

By the way, thanks to whoever rated my blog 5-stars.  That made my day

IP Expert launches their own blog

As a related post to my previous one, IP Expert has launched their own blog along with their CCIE>Blog site.  I think this is long overdue.  One of the bigger detractors to IP Expert in my eyes has been that I haven’t gotten a chance to know any of the people associated with it.

Maybe I just haven’t figured out where to look.  But when I go over to Internetwork Expert’s site, I see who the trainers are everywhere I look.  I have also been following their blog and forums for a while now.  It really allows you to get a feel for who the trainers are.  What their styles are, how helpful they are, etc.  As a result, I have been quite drawn to their company.  I can’t say that I’ve had the same draw to IP Expert.  Although, I did buy IP Expert’s Blended Learning Solution during it’s $1000 intro pricing period.  I didn’t want to pass up on a good deal

I’m really hoping that the trainers are active on their new blog, so I can get a feel for who they are.  The inital posts so far have really only been marketing advertisements.  But I have high hopes that it will become a great resource.

IP Expert’s CCIE>Blog goes live

Well, I’ve seen the “coming soon” sign on this for a while now, and it’s finally here.  It looks like there are quite a few people already signing up on it.  For those of you who don’t know about it yet, it’s a community site from IP Expert that is a collecting spot for CCIE related blogging.  People can either start their own blogs there or include their own blogs written outside of the site.  You can check it out here.

I do like the idea that there is a directory of CCIE blogs that people can check out.  It makes them easier to find.  They also have a ratings system to allow the user base to signify those blogs that are more helpful or useful to them.  Personally, I’m looking forward to finding some new blogs that I haven’t been aware of so far.

I do wonder if that fact that this was created by a CCIE vendor will deter any bloggers that don’t use their products.  Some people can get pretty attached to their vendor of choice, and subsequently avoid other vendor offerings.  But I think that IP Expert has a pretty good reputation in the community.  And I also think that most bloggers see the benefit of a community like this.  So I sure hope we see all of the CCIE bloggers out there joining.  From what I’ve seen so far, most of the blogs I read on a daily basis are already there.

EIGRP Neighbor Establishment and Load Balancing

EIGRP is Cisco’s own proprietary routing protocol.  That being said, it’s pretty much a guarantee that you’ll see it in any certification test that deals with routing.  Fortunately, it’s a pretty simple protocol to set up for the most part.  This article will talk about some of the topics that are more unique to EIGRP.

Neighbor Establishment

Like most modern routing protocols, EIGRP requires neighbor establishment in order for routes to be exchanged.  EIGRP has its own rules for two routers to following in order to establish a neighborship.  These rules are…

• Authentication process must pass
• AS numbers have to match.
• K values need to match.
• The source IP of the other router’s packets needs to be in the receiving router’s interface primary subnet.

There are a few things that don’t have to match that people sometimes think are requirements.  Some of these things are…

• Hello and hold timers
• Neighboring interface subnets

Some routing protocols do require timers to match.  EIGRP is not one of them.  Also, in terms of timers, here is something to keep in mind.  Hello timers for neighbors are locally set.  Hold timers are set by the neighboring router for that neighborship.

Also, the subnets not having to match is a common detail that people don’t always know.  The requirement says that the source IP of the neighbor’s packets are in the local router interface’s primary subnet.  So let’s say router A’s interface has a primary IP and mask of 10.1.1.1/24 and router B’s interface has a primary IP and mask of 10.1.1.10/28.  Since 10.1.1.1 is in router B’s 10.1.1.0/28 network, and 10.1.1.10 is in Router A’s 10.1.1.0/24 network, everything is good.  But if we changed router B’s IP to 10.1.1.35/28, then router A’s IP of 10.1.1.1 would not be in Router B’s primary 10.1.1.32/28 subnet.  So a full neighbor relationship would not be established.  The other item of note here is that secondary IPs cannot be used to establish neighborships.

Load Balancing

One of the unique aspects of EIGRP over other common IGPs is unequal cost load balancing.  So that will probably be a topic of note on certifications (as well as in production networks).  Just to review, EIGRP does equal cost load balancing by default.  Using the variance command under the EIGRP routing configuration, you can configure unequal cost load balancing.  The biggest requirement here is that only the primary route and other feasible successors can participate in load balancing (to prevent the possibility of routing loops).

So what are some of the methods that can be used to manipulate load balancing?  Well, the biggest ones will be controlling route metrics and how many paths will participate.

I terms of controlling route metrics, the best options are controlling the interface bandwidth, delay, and also controlling route offsets.  Now controlling interface bandwidth and delay will work just fine.  But it’s a little tricky.  First, if you are looking to get a route metric to a specific value, it can be tough using this method.  Also, changing the bandwidth of the interface can have collateral implications to other things (such as QoS).

Probably the safest method (and arguably easiest) would be to use route offsets.  An offset will add a specific number to the metric of a route (or multiple routes).  This will allow you to easily get a metric to a certain value.  With offsets, you can add metrics on the way in or the way out.  You can apply them to everything, or just specific routes using an access list, or by specifying a certain interface.  Really, your only limitation is that offsets can only add to the metric, never subtract from it.  So if your only option is decreasing the metric, you will need to use the bandwidth/delay manipulations.

The other aspect of load balancing that you may want to be aware of is manipulating how many paths take part in load balancing.  Let’s use an example with simple metrics.  Say a router has 4 paths to a given network with values of 100, 200, 250, and 300.  With the default settings EIGRP will use only a single path, since it only does equal cost load balancing by default.  Say you want to load balance over 2 paths.  Well, that’s an easy one.  Just use the “variance 2” command under the routing configuration, and you’re good to go.  Now let’s say that you want to balance over 3 paths.  A variance of 2 will include 2 paths, and a variance of 3 would include 4 paths.  There are a couple of options here.  One would be to increase the metric of the 300 path to something larger.  But what if you were prohibited from doing that?  Well, then you would want to use the maximum-paths command under the routing configuration.  Set a “maximum-paths 3” command, and EIGRP will use the 3 lowest metric paths for load balancing.  So even though the variance command includes 4 paths, maximum-paths limits it to using 3.

Study Update

I have officially completed my first month of CCIE preparation and also hit my first 100 hours of study.  So up to this point, I’m staying on schedule.  I do have to say, that there are definitely days when I’m less than excited to crack a book.  But I have been able to push through most of those times so far.

I’m am quite fortunate to have a supportive wife who has been picking up the slack from me not being able to do all of the chores that I used to.  I have a feeling that if I was single, my place would be falling apart and my diet would consist mainly of pizza and spaghetti-os.  So Honey, if you’re reading this, thanks for all that you do!

It’s kind of interesting how trivial your previous certifications seem as you start studying for the next level.  When I was originally studying for my CCNA, it seemed like there were so many things to keep straight.  Then when I was working on my CCNP, the CCNA seemed so basic.  Now, the same thing is happening with the CCIE.

If I keep to my schedule, I should be about 2 months out for taking my written exam.  I’m trying to keep a good pace, but not just cram everything in.  I’m just hoping that I can keep everything in my head from leaking out.

Cisco unveils their own CCIE training program

This seems to be the big news of the week.  I caught wind of this over at CCIE Pursuit yesterday and checked it out at Network World today.  If you haven’t already heard the announcement, Cisco is unveiling their own authorized CCIE training program through select learning partners.  You can check out some of the early details at Network World.  But here are a few things that I found interesting.

First, they said that 3rd party boot camps to prepare people for the exams are not always up to par.  I suppose this is true.  But if you look at the program that Cisco is implementing, it is “composed of more than 400 hours of instruction over six months”.  So it’s not really fair to compare what Cisco is doing to a boot camp that lasts 5-12 days.  A more proper comparison would be Cisco’s program to Internetwork Expert’s end-to-end solution, or a package including IP Experts Blended Learning Solution and some additional classes.

For a training package, it does sound pretty intense.  400 hours over 6 months comes out to a little over 15 hours of instruction per week.  It will be interesting to find out how that is laid out.  I don’t know of anyone else offering a training program with that many hours of instruction.  In all honesty, it seems a bit overkill.  What takes 400 hours to teach?  Maybe they are counting the hours that you are spending labbing up their scenarios and other things that might count as learning activities.  If they are, can you count that as instruction time?  I suppose as more details come out, we will know. Now I’m not saying that the CCIE shouldn’t take less than 400 hours of preparation.  I plan on spending over 1000 hours of study time in my quest.  But maybe up to 200 of those hours will be instruction time where I’m viewing lectures.  The rest will be personal study and practice time.

Probably the worst comment I read in the article on Network World is that “It’s not to train to the test.  It’s training to become an expert.”  So is Cisco saying that their test doesn’t adequately determine if someone is an expert?

This definitely comes with a hefty price tag.  $5000 on through $20,000 depending if you get into a lot of personal mentorship.  I have a feeling those of us who are investing in our preparation out of our own pocket book will stick with the other vendors out there for the most part.  But I wouldn’t doubt that companies would prefer the Cisco approved training over other proven 3rd parties.  It’ll be interesting to see what sort of success Cisco has with their program.

Administrator Tip- Kicking computers off of your network

Have you ever wanted to get a computer off of your network?  Most of us probably have at one time or another.  Maybe the PC was identified as being infected with a virus.  Or maybe it’s just being naughty.  Whatever the reason, you do have a number of choices.

Originally, when I wanted to kick a user off of the network, I would find what port they were connected to using CAM table lookups and shut down the port.  That was a somewhat effective method.  It certainly kicked the computer off of the network.  But it has a number of shortcomings.  Such as…

• If the computer is a laptop, it has the nasty tendency of switching from wired to wireless connectivity.
• Users have the uncanny habit of not calling the helpdesk to figure out why they lost connectivity, and instead just plug into a different network port.
• If there were other devices on the same port (like an IP phone maybe), they lose connectivity as well.

So what other options do we have built into our switches that we can use to kick the user off of the network?  Well, the one that I like is setting up a static CAM entry that drops traffic to/from a specific MAC address.  The command for that would be “mac address-table static mac_address vlan vlan_ID drop” or “mac-address-table static mac_address vlan vlan_ID drop” (depending on your IOS rev).

So why is this better than just shutting down the port?  Well, it provides the following benefits.

• The computer never actually loses link on the wired connection, so laptops may never switch over to wireless.
• The command applies across the entire switch, so users who try and plug into another nearby network port will still be blocked (assuming they still plug into the same switch).
• Other devices on the same network port as the blocked computer can still access the network just fine

As you can see, it avoids many of the negatives and limitations that just shutting down the port incurs.  The last thing to consider with this is what switch is the best place to apply the command.  Well, that depends on your network.  If you know the user will pretty much be limited to a single switch in their immediate area, the access layer switch is a good choice.  If you aren’t using chassis or stacking switches, then you may want to apply the command at the distribution layer switches.  The distribution layer is also a good choice if the user is already connected wirelessly, as the laptop can roam to distant APs.  The only negative of applying the command at the distribution layer is that the computer can still communicate with other computers on the same access switch in the same VLAN.