Coming June 7th, 2010 – CCIE Voice Deep Dive
May 14
Hi Everyone!
The Challenge
People tend to underestimate the important of IGP routing features in modern network. So here is a small challenge scenario for you to practice OSPF traffic engineering. Take a look at the diagram below for information on the topology and link bandwidth. You may assume that every router has a loopback interface for network testing and OSPF router-id selection.
There is a large cloud of media servers behind R4, and the users behind R1 need to use full 300Mbps of bandwidth when downloading files off the servers. The network is running single-area OSPF for IP routing. Ensure you can accomplish the above goal without using MPLS Traffic Engineering or Policy Based Routing. You are allowed to create additional logical interfaces, but the routing protocol, OSPF areas, physical links and their characteristics should remain unchanged. Keep the amount of changes to minimum and do not introduce new IP addresses.
The first person to provide a working solution will receive 100 rack rental tokens from our partner company GradedLabs. Please use your valid e-mail address when posting a comment, so we can locate your INE account.
UPD
OK I forgot to rule out the “route-via” option 
Try solving the task without relying on any “policy-based” routing decisions.
The winner is: Antonie Henning (http://21500.net). Ivan Pepelnjak helped finding a logical “loophole” in my scenario by pointing to the “route-via” option available with GRE tunnels and correctly stating there should be 6 end-to-end tunnels to implement proper load-balancing. Hans Verkerk was close in his idea, but used static routing which was slightly against the rules and not as elegant as Antonie’s solution. Chris Stos-Gale and Nitzan Tzelniker came with the correct solution as well, but Antonie completed the challenge ahead of them. Thanks to everyone for participating in the challenge, it’s been fun!
The Solution:
The problem is that there are three paths with varying minimum bandwidth values (50, 100 and 150, totaling to 300Mbps). Since OSPF does not support unequal-cost load-balancing, it is somewhat challenging to fully use the available bandwidth. There was a lot of ideas posted in the comments, and they mainly fall in three main categories:
1) Modify OSPF costs to create three equal cost paths from R4 to R1. This will result in slow (50Mbps) link oversaturation. Another variation was using three tunnel interfaces between R1/R4 with the same ECMP logic. This results in the same problem.
2) Create six tunnels between R4 and R1 and configure the network so that 3 tunnels go across the fastest path, 2 tunnels take the medium path and one tunnel take the slowest path. This is somewhat similar to MPLS TE. To steer the tunnels you may use either static routes or the “route-via” option (Thanks to Ivan Pepelnjak to pointing me that!!). This solution would work, but violate the “updated” requirement not to use any “policy-based” routing decision, relying purely on OSPF path selection.
3) The solution that I had on mind was splitting the links connecting R4 to it’s neighbors into “sub-channels” proportional to the bandwidth assigned to a given path:
The link labels represent OSPF costs. You only need to split the links at R4, as this is the “source” of the traffic flows. Link splitting could be done in two ways: using logical virtual circuits (e.g. FR PVCs or Ethernet VLANs/VCs) or by using IP tunnels. You will only need to run the IP tunnels between R4 and the directly attached routers, disabling OSPF on the physical link and enabling it on the tunnels. Sample output at R4 for R1’s prefix:
R4#show ip route 10.0.1.1
Routing entry for 10.0.1.1/32
Known via "ospf 1", distance 110, metric 4, type intra area
Last update from 10.0.3.3 on Tunnel341, 00:46:50 ago
Routing Descriptor Blocks:
* 10.0.45.5, from 10.0.1.1, 00:46:50 ago, via Serial0/0/0.45
Route metric is 4, traffic share count is 1
10.0.3.3, from 10.0.1.1, 00:46:50 ago, via Tunnel340
Route metric is 4, traffic share count is 1
10.0.3.3, from 10.0.1.1, 00:46:50 ago, via Tunnel341
Route metric is 4, traffic share count is 1
10.0.1.1, from 10.0.1.1, 00:46:50 ago, via Tunnel142
Route metric is 4, traffic share count is 1
10.0.1.1, from 10.0.1.1, 00:46:50 ago, via Tunnel140
Route metric is 4, traffic share count is 1
10.0.1.1, from 10.0.1.1, 00:46:50 ago, via Tunnel141
Route metric is 4, traffic share count is 1
Summary
I would like to thank everyone who participated in the “challenge”, I read all your responses but had to stop commenting when I found the right solution. I hope you enjoyed that little scenario as much as I did. Personally, I have some incline toward the “traditional” traffic engineering solutions based on pure IGP metric manipulation. Even though the solution presented does not scale in the real world, where you may resort to a different option (e.g. end-to-end route-via tunnels), it perfectly illustrates the little hacks you can do to a link-state IGP to break the default “ECMP paradigm”.
May 07
Thank you to all those who have submitted questions and comments to our blog and our CCIE Instructors. If you have a question, please email them to blog@ine.com.
Question 1:
Can anyone explain what is VPN intercept?
–
Bhavik Joshi
VPN Intercept can mean a few different things, depending on the specific context.
One interpretation is from a driver perspective, where a VPN connection breaks the binding between TCP/IP and the physical interface, acting as a shim. See also:
http://www.informit.com/articles/article.aspx?p=25042
Another meaning can be in regards to intercepting SSL traffic.
See also:
http://www.howtoforge.com/ssl_vpn_one_time_passcodes_mutual_authentication
PPTP attacks:
http://www.sans.org/security-resources/malwarefaq/pptp-vpn.php
Cisco – VPN-based IPv4 Lawful Intercept Taps -
https://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/lawful_intercept/76LIch2.html#wp1058552
Answered by: Marvin Greenlee, CCIE #12237
Question 2:
Dear Valuable Technical Teachers and Friends,
First of all , i wish and thank you for your great support to those who are
all preparing Network studies. I’ve completed my CCNA two years back.Now am
preparing for next step. At this point, i have bit confusion of deciding
whether can i do CCNP or CCIE(R&S). I would like to reach a top level in
Cisco Networking technology.So am requesting your suggestions, which is best
for me.Also can you suggest any good simulators to improve my practical skills.
–
Thanks,
K.Saleem Jaffer
Thanks for the question. Having the CCIE certification makes for an excellent stepping stone in a technical career. An important aspect to successfully passing the CCIE lab exam, is a very solid understanding of all the technologies involved. A great way to prepare for this is through the CCNP level of studies. If a person chooses that path, they would do well to take time to learn the technologies while studying CCNP, and not have the feeling of just learning enough to pass a CCNP written exam. By truly learning the core technologies in CCNP, it will serve as a springboard into the CCIE studies. Many candidates waste large amounts of time in complex configurations, because they are lacking the basic understanding of the protocols and technologies that make up the scenario. I would recommend a 1-2 yr plan, that begins with CCNP, carries into CCIE studies, and end with you attaining your CCIE. Best wishes in your studies and journey.
Keith
Answered by: Keith Barker, CCIE #6783
Question 3:
Hi.
would u mind please, explaining the benefit of command “area x nssa default-information-originate” ? i know how we use it but i don’t know its benefit? and do we use this command on ALL of the routers or just ABR? when we don’t use this what will happen?
thanks a lot
timaz mohsenzadeh
The benefit of having a default route is that you have somewhere to send traffic when you don’t have more specific information.
One point of using stub areas in OSPF is to minimize the information in the OSPF database.
With a stub area, you will have some OSPF routes, but not external routes (E1/E2) in the stub area. So, if somewhere else across the topology, there is redistribution happening, the device in the stub area won’t know about the redistributed networks. Having a default route out to the ABR can be all that a stub area needs, if the ABR has the routing information to send the traffic forward to the destination.
The R&S Advanced Technologies Class section on OSPF area types shows the difference of not having this command, as well as looking at the contents of the OSPF database.
Marvin
Answered by: Marvin Greenlee, CCIE #12237
Question 4:
Hi everybody
I have a question regarding ISDN Backup. I have two cisco routers 800 (IOS 12.4(15)T5) and 1600 (IOS 12.1(4)).
The 800 router is the primary link with SHDSL and the backup router is the 1600 with ISDN.
I have OSPF running between these two routers and HSRP. Now when the primary link (SHDSL) fails,
the Backup router (1600) should take over. How can I solve this problem. Or what is a suitable solution.
I have searched various forums and cisco, but I can’t find any sample according my example.
I am going to be an CCNA. But I guess there is much left to learn.Thanks for your help.
Regards Alen
Firstly, you dont need OSPF unless you have IGP requirements for other routers behind the border rouers (the 800 and the 1600). You only need HSRP running between the routers and static reliable route on the primary gateway (SHDSL). Next, configure HSRP to track the static route object in the primary router, and lower the priority when the static route fails. Your Cisco 800 should support this functionaly, and the 1600 only needs to know if the active router changes. So here are the steps
1) Create an IP SLA object in the 800 router, pinging your provider’s IP (”ip sla” commad)
2) Create an object tracking the state of IP SLA ping object (”track” commad)
3) Create a static default route in the 800 pointing to you ISP and tracking the object above
4) Configure static default route in the 1600
5) Configure HSRP so that 800 is the primary gateway
6) Configure the HSRP to track the object you created before (”standby XX track” command)
7) Ensure HSRP is configured to preempt so primary router may kick back in when the link recovers
This will ensure automatic switchover upon the lost of primary connection and automatic retun back to normal. You may want to read
http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
for more information on reliable static routes.
Answered by: Petr Lapukhov’s, CCIE #16379
May 06
As a follow up to today’s Cisco announcement, removing the Core Knowledge section from both CCIE Routing & Switching and CCIE Voice exams, INE is offering all our customers a $99 credit that can be applied to any purchase over $500. Since the Core Knowledge section of the CCIE Exam was announced, we worked hard to deliver you a simulation that would give you the confidence to pass. We would like to thank all those who used the Core Knowledge Simulator and we were thrilled to hear how it helped you pass. With the Core Knowledge section being removed from the exam, we would like to use this time to give back to you. Please, take this $99 credit as our way to say thank-you, and to celebrate this portion of the exam getting removed. To redeem this credit, simply use promo code INE-OEQ . Remember, INE’s got you covered. Act now, this offer expires soon.
Browse CCIE Tracks:
- CCIE Routing & Switching Training Solutions
- CCIE Voice Training Solutions
- CCIE Security Training Solutions
- CCIE Service Provider
May 06
News that everyone has been expecting eagerly: Effective May 10th Cisco is taking the core knowledge section off the CCIE R&S and Voice lab exams! Over a year of existence, this part of the exam received most controversy of all. There has been a lot of things said about how flawed the idea of core knowledge testing was. Firstly, a test of four questions could never properly assess anyone’s knowledge. Secondly, error margin was unacceptable high due to vaguely presented questions and unclear grading procedure. Lastly, some recent promo actions that Cisco ran created a lot of controversy in the CCIE community. However, good or bad, it’s all gone now, and this fact should be a huge relief for many CCIE candidates. The time that has been previosly allocated to OEQs is now reallocated to the Configuration section, so you now have extra 30 minutes of configuration time.
What next? Hopefully, Cisco has a plan to deal with those who failed Core Knowledge before that change, but passed the Configuration section. Also, we sincerely hope Cisco would introduce more “fine-grained” procedures to thwart brain-dumpers and preserve the exam integrity. Plus, we still have to see Troubleshooting added to SP and Security tracks and OEQ eliminated there as well. We shall see!
UPDATE
The official information could be found at the CCIE page: http://www.cisco.com/ccie
Apr 28
Thank you to all those who have submitted questions and comments to our blog and our CCIE Instructors. If you have a question, please email them to blog@ine.com.
Question 1:
Hi,
Is it possible to recommend the Cisco press books to read when preparing for the Cisco SP Written exam.
Kind Rages
For the written exam, you should make sure you have reviewed the items in the online resources General, Metro Ethernet, and Service Provider sections for the Written Exam Blueprint preparation material.
http://www.cisco.com/web/learning/le3/ccie/sp/online_resources.html
As far as additional books, I recommend reviewing the books in the following sections of the book list: Cisco Press Titles, MPLS, Service Provider.
http://www.cisco.com/web/learning/le3/ccie/sp/book_list.html
I would also recommend the Cisco Press book titled “MPLS Configuration on Cisco IOS”.
Other than books, there are a number of RFCs and other related resources which can be found online.
Answer by: Marvin Greenlee, CCIE #12237
Question 2:
I would very much appreciate if someone could cover this issue for me. I have asked a few times now but never seen anything back on it?
It’s regarding MTU:
I would like to know:
How can you tell if you have an MTU Issue
Normally you see your TCP based application getting “stuck” on large transfers. Essentially, the problem only affects transfers that are over MTU size. Most TCP implementations have Path MTU discovery procedure, which uses cetain ICMP message types. Often, these messages are blocked by firewalls (corporate or personal) which breaks Path MTU discover process.
What is the full impact of an MTU Issue as experienced by end users?
TCP based applications that involve bulk transfers stop working. For example, you would be able to establish an FTP connection but the file transfer will be stalled.
How should the network devices be configured and tested to see that all is ok (Marvin touched on it in a video and that was great – but if we could have a little more detail please)
You normally having problems if you are using any sort of tunneling in your network (e.g. MPLS, GRE, QinQ etc). They all reduce maximum MTU and may cause the problems. Use any command line tools to discover the MTU end-to-end, e.g. tracepath command on Linux: http://linux.die.net/man/8/tracepath . Normally, if you are using any tunneling in your routers, make sure you apply the “ip tcp adjust-mss” command. This will resolve practically all problems, though at the expense of some CPU cycles. In many cases it’s easier then going around and fixing interface MTU settings, especially if you have to call your ISP for that
Isn’t there a lot of different MTU settings i.e. Global, TCP, Interface, L2/L3 etc?? What is the differences?
In general, MTU applies to L2 and L3 protocols, as those are normally frame/packet oriented.
For Ethernet switches, it’s normally a global setting that applies to all Gigabit Interfaces (100Mbps Ethernet does not support large MTUs with some exceptions). For routers, you normally have basic interace MTU settings (L2, mtu command) and IP MTU (ip mtu). It’s like a russian-doll model, lower level MTU should be larger than higher-level one. TCP has the notion of MSS, but this is slightly different from MTU – it’s and end-to-end characteristic, negotiated by TCP at the start of the connection.
I noticed that if you have MTU set correctly end-to-end you should be able to ping with any packet size (within reason) and it works fine, but if there is a slight mismatch anywhere your ping packets will fail at a certain size! Why is this happening, and why does it work fine then when they match up, is this to do with Fragmentation or something similar???
Right, the router that has lower MTU would drop the exceeding ICMP packets if they have DF bit set. Your best tool for end-to-end MTU discovery would be tracepath utility. Also, just keep in mind that as soon as you are using any tunneling technique in your network you are most likely to run in the problem
Would very much appreciate any help with this issue…
Best Regards,
Ian.
I would very much appreciate if someone could cover this issue for me. I have asked a few times now but never seen anything back on it?
Ir’s regarding MTU:
I would like to know:
> . How can you tell if you have an MTU Issue
Normally you see your TCP based application getting “stuck” on large transfers. Essentially, the problem only affects transfers that are over MTU size. Most TCP implementations have Path MTU discovery procedure, which uses cetain ICMP message types. Often, these messages are blocked by firewalls (corporate or personal) which breaks Path MTU discover process.
> . What is the full impact of an MTU Issue as experienced by end users?
TCP based applications that involve bulk transfers stop working. For example, you would be able to establish an FTP connection but the file transfer will be stalled.
> . How should the network devices be configured and tested to see that all is ok (Marvin touched on it in a video and that was great – but if we could have a little more detail please)
You normally having problems if you are using any sort of tunneling in your network (e.g. MPLS, GRE, QinQ etc). They all reduce maximum MTU and may cause the problems. Use any command line tools to discover the MTU end-to-end, e.g. tracepath command on Linux: http://linux.die.net/man/8/tracepath . Normally, if you are using any tunneling in your routers, make sure you apply the “ip tcp adjust-mss” command. This will resolve practically all problems, though at the expense of some CPU cycles. In many cases it’s easier then going around and fixing interface MTU settings, especially if you have to call your ISP for that
> . Isn’t there a lot of different MTU settings i.e. Global, TCP, Interface, L2/L3 etc?? What is the differences?
In general, MTU applies to L2 and L3 protocols, as those are normally frame/packet oriented.
For Ethernet switches, it’s normally a global setting that applies to all Gigabit Interfaces (100Mbps Ethernet does not support large MTUs with some exceptions). For routers, you normally have basic interace MTU settings (L2, mtu command) and IP MTU (ip mtu). It’s like a russian-doll model, lower level MTU should be larger than higher-level one. TCP has the notion of MSS, but this is slightly different from MTU – it’s and end-to-end characteristic, negotiated by TCP at the start of the connection.
> . I noticed that if you have MTU set correctly end-to-end you should be able to ping with any packet size (within reason) and it works fine, but
> if there is a slight mismatch anywhere your ping packets will fail at a certain size!
> Why is this happening, and why does it work fine then when they match up, is this to do with Fragmentation or something similar???
Right, the router that has lower MTU would drop the exceeding ICMP packets if they have DF bit set. Your best tool for end-to-end MTU discovery would be tracepath utility. Also, just keep in mind that as soon as you are using any tunneling technique in your network you are most likely to run in the problem
Would very much appreciate any help with this issue…
Best Regards,
Ian.
Answer by: Petr Lapukhov, CCIE #16379
Question 3:
Hi,
I have a question which is troubling me a lot these days during my work.. 1)
What is the difference between Process Switching, Fast Switching and CEF (
have browsed the whole internet but not getting in my head
)
2) How does the bandwidth statement work in WRED. Please please please
reply…
Warm Regards,
Khan
Hello Khan and thank you so much for actively participating in our Blog site!
1) Let’s walk through the technologies of Process Switching, Fast Switching, and Cisco Express Forwarding as well as Distributed CEF in plain English! Once you go through this material, I recommend you read this document from Cisco that I used as a basis for my response. This article should make perfect sense to you following our discussion here:
(http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfovips.html)
In order to move traffic from network to network in your infrastructure, a router or multilayer switch engages in two overall, inter-related functions – routing and switching. I am sure you understand the routing piece very well…this is where we typically have a dynamic routing protocol at work (such as OSPF), and this protocol helps build a routing table that is consulted to determine the best path to reach a prefix through the network. In the case of OSPF, this best path determination defaults to using bandwidth as the ultimate determining factor in best pathing.
Where students tend to get confused is in the many flavors of switching that are possible on the device:
- Process switching
- Fast switching
- CEF
- dCEF (Distrbuted CEF)
First of all, switching on the device involves taking the frame and moving it as quickly as possible from the input interface to the output interface. The switching process also needs to worry about the layer 2 addressing. We will focus here on Ethernet, so the switching process is concerned with addressing the frame with the correct MAC address. As you know, the switching process relies on ARP and the ARP cache to obtain this information.
Process switching is considered the least efficient method of switching on the device. And to think that there was a time where this was all we had! With process switching, the device copies the packet into a system buffer, the route processor then looks up the IP address in the routing table. The frame is then rewritten with the correct destination MAC address and switched to the correct outgoing interface. It is the job of the route processor to calculate the cyclical redundancy check to make sure the frame was not damaged in this procedure.
With Fast Switching, the information required to route and switch the traffic is all stored in a fast-switching cache. In addition to this faster approach, the interface’s processor is able to calculate the CRC, which adds even more to the efficiency of the procedure.
With Cisco Express Forwarding, we have even more efficiency! Now the route processor is building everything it needs to handle the routing and switching of traffic right in memory. The routing table is parsed and stored in memory as something called the Forwarding Information Base (FIB) and the ARP Cache information is stored in what is called the Adjacency Table.
Stepping up the efficiency one more notch – some devices are capable of dCEF. With this approach, the line cards installed in the multilayer switch are capable of doing the CEF right there at the line card level! Wow – more speed.
As you might guess, all devices from Cisco now are defaulting to the CEF mode of operation to provide the greatest performance levels possible right “out of the box”.
2) Hmmm – there is no bandwidth command in WRED that I am aware of…I think you might be confusing two different QoS features here. And both can be used in conjunction with each other…that is probably what you have seen. The bandwidth command is used in the configuration of Class-Based Weighted Fair Queuing to guarantee a minimum amount of bandwidth during times of congestion. While this is cool, the default Congestion Avoidance approach in the queue is Tail Drop. This can be changed by adding WRED (with the random-detect command) to the CBWFQ configuration.
Answered by: Anthony Sequeira, CCIE #15626
Apr 25
Here ye, here ye, VTP experts. (We are not referring to the Vandenberg Test Program, although they are very likely experts in their field as well. )
Can you predict the results of a 3 switch VTP client/server scenario?
SW1-3, are connected, as shown in the diagram.
Here is the initial output of show VTP status, and show VLAN brief on each. Note that SW1 and SW3 are servers, while SW2 is a client. We will be adding a failure to the network in just a moment.
SW1#show vtp status
VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : INE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x2C 0x04 0x21 0x2B 0x10 0xFE 0x03 0x50
Configuration last modified by 0.0.0.0 at 3-1-93 00:05:40
Local updater ID is 0.0.0.0 (no valid interface found)
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gig0/1
Gig0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#
SW2#show vtp status
VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : INE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x2C 0x04 0x21 0x2B 0x10 0xFE 0x03 0x50
Configuration last modified by 0.0.0.0 at 3-1-93 00:05:40
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Gig0/1, Gig0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#
SW3#show vtp status
VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 1005
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : INE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x2C 0x04 0x21 0x2B 0x10 0xFE 0x03 0x50
Configuration last modified by 0.0.0.0 at 3-1-93 00:05:40
Local updater ID is 0.0.0.0 (no valid interface found)
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/1
Gig0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW3#
So here is the scenario for the question. The Fa0/24 connection is suddenly broken between SW1 and SW2, and while that is down, a new VLAN (we will use 999) is created on SW3 like this:
SW3(config)#vlan 999
And then, a few minutes later, SW3 is completely powered off, shipped to another city, and removed completely from this network forever.
If we then restore the Fa0/24 connection between SW1 (the server) and SW2 (the client) what will happen to the VTP/VLAN information on the two switches? Will there be an update on either switch, will SW1 wait for a Server advertisement or will something else happen all together?
Take a moment, and let us know what you think.
Best wishes,
Keith
PS We’ll post the results as a after you have had some time to consider the results.
A few hours have passed, and we have had over 50 comments , ideas and theories.
I appreciate you taking the time to work through this. May your hard work pay off with a successful lab.
And the correct answer is:
SW1, will see that its configuration revision number is lower than SW2, and even though SW2 is a “client” SW1 will use the updated information in the VTP advertisement from SW2 to update to its VLAN database, and get in “sync” with the rest of the VTP domain, including knowing about VLAN 999. The configuration revision number would also move to 4.
Here is SW1, after the connection to SW2 is restored:
SW1#show vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : INE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x1D 0x6E 0xF0 0xB7 0xC2 0x84 0xFA
Configuration last modified by 0.0.0.0 at 3-1-93 00:11:43
Local updater ID is 0.0.0.0 (no valid interface found)
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gig0/1
Gig0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
999 VLAN0999 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#
Here is SW2:
SW2#show vtp status
VTP Version : 2
Configuration Revision : 4
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Client
VTP Domain Name : INE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x1D 0x6E 0xF0 0xB7 0xC2 0x84 0xFA
Configuration last modified by 0.0.0.0 at 3-1-93 00:11:43
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Gig0/1
Gig0/2
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
999 VLAN0999 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#
Thanks again everyone, and happy studies!
Keith
Apr 20
INE is excited to announce the next free vSeminars for R&S. vSeminars are live online instructor-led seminars focused around a specific topic or technology. The next Routing & Switching vSeminar will be held on Wednesday, April 21, 2010 at 3:00 PM PDT and led by Anthony Sequeira, CCIE #15626.
Anthony will be lecturing on the IPv6 Multicast. This vSeminar is scheduled for 60 minutes, with a 45 minute seminar followed by a 15 minute question and answer session. This seminar is intended for CCIE Routing & Switching candidates. If you would like to prepare for this vSeminar, you can find more information on IPv6 Multicast in the CCIE Routing & Switching Workbook Volume 1.
While there is no registration required to attend, the live vSeminar will be limited to 50 participants on a first come first serve basis.
Wednesday, April 21 at 3:00 PM PDT this vSeminar will be live here.
Apr 19
Thank you for all the great feedback on the vSeminars. We have released the following vSeminars as free videos on demand.
- Recorded April 12, 2010
- Instructor: Josh Finke, CCIE #25707
- Topic: CUCM – Getting Started, Registering Phones, and Testing
- Target Audience: CCIE Voice and CCVP Candidates
- Duration: 45 Minutes
- Recording: Watch Now
- Recorded April 14, 2010
- Instructor: Anthony Sequeria, CCIE #15626
- Topic: “Secrets” to Version 4 Routing & Switching Success
- Target Audience: CCIE Routing & Switching Candidates
- Duration: 1 Hour
- Recording: Watch Now
- Recorded April 16, 2010
Apr 16
Thank you to all those who have submitted questions and comments to our blog. We will be taking time each week to post answers to your questions and to post some of these comments. If you have a question for one of our CCIE Instructors please email them to blog@ine.com.
Question #1
Can anyone please advise what is the recommended laptop hardware configuration for CCIE R&S Lab prep. I have read many blogs, posts and advices but unable to figure out the appropriate answer. While advising,please consider the GNS3 is the only option I have.
Many thanks in advance,
Asif Irfan
If you are looking for an appropriate hardware to run complete IEWB-RS topology (6 routers, 4 switches, 3 backbone routers) than your minimum would be Core 2 Duo 2,5Ghz with 2 Gb of RAM. That the bare minimum, and you should look toward expanding memory at least to 3-4Gb to have more room for other applications (if you have any). The largest benefit of this solution is it’s low cost, as Core 2 Duo processors are now “past generation”. If you could, you may get two Core 2 Duo laptops, each with 2Gb of RAM and run Dynamips on both systems in distributed fashion. This is still a budget solution.
If you are not restrictred by your budget, look for quad-core processors, such as I7 and memory base of at least 4Gb. This is enough to run the whole IEWB-RS topology, provided that you are using optimal IdlePC values.
Here are some hints to improve Dynamips performace (aside from tuning IdlePC)
1) Shutdown all currently unused routers, e.g. backbones, if you are working through IGP. Only bring them up for testing temporarily.
2) When you’re done with layer 2 scenarios, reconfigure your switched in a hub-and-spoke topology (start) say with SW1 being the center switch. After this, disable STP for all VLANs. This will save you a lot of CPU cycles “wasted” on Spanning-Tree processing.
3) Linke I said before, try using distributed systems, running dynamips on multiple “less powerfule” laptops.
Answered by: Petr Lapukhov CCIE #16379
Question #2
Hi,
I would like to know the difference between maximum-path ibgp and maximum-path ibgp import command under a address-family.
Thanks
naman
Hello Naman.
Both commands are used for equal or unequal cost load sharing for iBGP sessions.
The import keyword is used when you are configuring the command under a VRF. Here are examples of usage from the Cisco Command Reference.
The following example configuration installs three parallel iBGP paths in a non-MPLS topology:
Router(config)# router bgp 100
Router(config-router)# maximum-paths ibgp 3
The following example configuration installs two parallel routes in the VRF table:
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 vrf vrf-B
Router(config-router-af)# maximum-paths ibgp 2 import 2
Router(config-router-af)# end
Thanks so much for using blog.ine.com!
Answered by: Anthony Sequeira CCIE #15626
Question #3
Dear Valuable Technical Teachers and Friends,
First of all , i wish and thank you for your great support to those who are
all preparing Network studies. I’ve completed my CCNA two years back.Now am
preparing for next step. At this point, i have bit confusion of deciding
whether can i do CCNP or CCIE(R&S). I would like to reach a top level in
Cisco Networking technology.So am requesting your suggestions, which is best
for me.Also can you suggest any good simulators to improve my practical skills.
–
Thanks,
K.Saleem Jaffer
Thanks for the question. Having the CCIE certification makes for an excellent stepping stone in a technical career. An important aspect to successfully passing the CCIE lab exam, is a very solid understanding of all the technologies involved. A great way to prepare for this is through the CCNP level of studies. If a person chooses that path, they would do well to take time to learn the technologies while studying CCNP, and not have the feeling of just learning enough to pass a CCNP written exam. By truly learning the core technologies in CCNP, it will serve as a springboard into the CCIE studies. Many candidates waste large amounts of time in complex configurations, because they are lacking the basic understanding of the protocols and technologies that make up the scenario. I would recommend a 1-2 yr plan, that begins with CCNP, carries into CCIE studies, and end with you attaining your CCIE. Best wishes in your studies and journey.
Keith Barker CCIE #6783
Comment:
INE,
I absolutely love your version 4 COD videos for the R&S track. I love them
so much that I am dying to get more. When do you believe the videos will
get posted. Been stuck at EIGRP for over 2 weeks now. Would like to see
these added at a quicker pace.My current study plan is to read about a technology, watch the videos for
that technology and then do the volume 1 labs for that technology. This is
working very well for me and want to continue without having to watch
previous versions of the COD.The reason I like the version 4 COD classes is they seem more scripted. I
am watching the MPLS videos from the 10 day bootcamp and I see the
instructor looking around for the right command to show something. I find
this confusing and distracting from learning the material. The scriptedness
and complete mastery of what we are doing and what you are trying to show in
version 4 is great and want more of it.Also, from a technology viewpoint I find it much easier to pause the v4
videos and write down the configurations or configure the dynamips session I
am using to follow along, than with the v3 technology. The v4 seems like it
downloads the entire video and you can pause, move forwards and backwards
and the screen doesn’t “refresh”. The v3 technology blanks the screen and
then kind of fastforwards the screen for a little bit while the audio is
normal pace when you move around. Another reason I want more v4!Also, one tiny suggestion. I like being able to forecast how much time I
need to spend watching the vidoes. I don’t see any time counter on the v4
or listing of how long the video is. Would love to see a time value in
parentheses after the title of each video to be able to know how much time
to allot to each video.Keep up the good work, my CCIE journey would be perilous without you guys.
Thanks,
Thomas Holincheck
Keep submitting your questions and comments!
