Top 10 presents for the CCIE

Merry Christmas everyone! Alternatively, for those non-Christians - Happy Holidays!

With Christmas on the horizon, you may be looking for some ideas for presents for the CCIE student, or the network nerd in your life.

I have put together a small list of some ideas for suitable presents.

1. Noise cancelling headphones

Chances are, if your loved-one is studying towards their CCIE, then they will be watching a lot of training videos. A decent pair of noise-cancelling headphones serve two purposes. Firstly to allow the student to block intrusive noise and pay closer attention, secondly, so that you don't have to hear the noise from the training videos. Everyone is a winner!

These Sony MDR-V55 DJ headphones offer superb sound along with great noise reduction.

Available from Amazon.com for just $54.95 or from Amazon uk for just £34.55.

2. Improve their memory

Their is a lot of information to be learnt for the CCIE. Whilst having years and years of experience in al the topics is obviously the best way to be ready for the exam, most people don't get this kind of experience, so reading, practice and memorisation is the next best thing.

This book teaches memory techniques from a Grandmaster of Memory. If this cant help in remembering all the OSPF LSAs types and functions, I don't know what will! This great book is available for a stocking-filling $8.78 from Amazon.com or for £6.39 from Amazon.co.uk.

3. Take a break, you deserve it!

Everyone deserves a bit of relaxation. What better way to do this than with a superb box-set? Breaking Bad has been one of the most heralded series of all time, so grab the box set and put your feet up for a while! What better way to do this than to follow Walter White and family!

Breaking Bad is available on Amazon.com for $132.96 and from Amazon UK for £55.00

4. Study, study everywhere

Having physical books is great, but the entire 20-odd book CCIE reading list doesn't exactly make for portable reading. Invert in an iPad mini, which will easily hold all the PDFs for the reading list, run the kindle app (see item 9), hold all the training videos, and will work great with the noise cancelling headphones from item 1.

The iPad mini 3 will do all of the above and much much more. Available in 16GB, 64GB and 128GB versions , prices start from just $364.49 on amazon.com, or from £280 in the UK

5. No sleep till lab day

Coffee; it keeps us alert and awake. Kiss good bye to sleep with a 16oz bag of Death Wish ground coffee beans, the worlds strongest coffee!

Grab a bag for just $19.99 in the US, or £19.00 in the UK!

6. Play time!

Let's face it, you are buying presents for a geek. What could possibly be better than the combination of two of the greatest things in the world; Star Wars and Lego! The Lego Star Wars Death Star is huge! It has everything, so you can recreate all your favourite scenes!

Included in the box are Luke Skywalker, Han Solo, Obi-Wan Kenobi, C-3PO, R2-D2, Princess Leia, Chewbacca, Luke Skywalker (Jedi Knight), Darth Vader, Grand Moff Tarkin, Emperor Palpatine, 2 Stormtroopers, 2 Emperor's Royal Guards, R2-Q5, and mouse droid.

This will provide some much needed time away from studying!

Prices are from around £315 in the UK, and $399.95 in the USA.

7. Geek? Wear?

Geeks love t-shirt, so how about the evolution of the Geek t-shirt?

At just $14.99 in the US, or £11.99 in the UK it makes for a great socking filler!

8. Spend some quality time - in binary

Let them know that you'd like to spend some time with them, by spending on some time for them, and get them the Compasso Binary watch from Detomasso. This stylish watch tells the time in binary, which will also help them when doing subnetting! Stylish and functional!

Priced at $174.90 on Amazon.com, or £63.90 on Amazon.co.uk.

9. Some good study books

It would be remise of me not to pimp out my own books at all available opportunities, so get them MPLS For Cisco Networks available from Amazon.com for $12.91, and from amazon.co.uk for £9.82.

While you are there, grab BGP for Cisco Networks for just $12.28 or £8.42. Great value!

10. Celebrate in style

There is always time to celebrate, and always a reason. Celebrate Christmas. Celebrate the New Year. Celebrate passing the CCIE lab exam. Celebrate being together with family. Celebrate the weekend. Just celebrate.

How about a 2004 bottle of Dom Perignon, available for $175.00, or £114.95?

Cisco VIRL is out! It's not free!

Cisco VIRL has been released today.

After waiting for what seems like ages, since it was first mentioned, it is finally here.

You can get it from http://virl.cisco.com.

The rumours were that is would be free, and would run up to fifteen (15) nodes, that could be either IOSV, IOS XRv, NX-OSv, or the CSR1000v.

While the capabilities remain the same, it is not free. It costs $199.99 PER YEAR.

This does seem to be a bit of a kick to the groin, really. Whilst this is the true, Cisco virtual environment, with all the support and abilities needed (obviously barring a few layer 2 technologies), $200 a year is a little costly.

For a limited time you can get $50 off using the code "VIRL50" at checkout. Which still makes it $150. It's not a bad price I suppose, but many people did expect this to be released without an associated cost.

I think I will stick with IOU and GNS3 for the moment!

CCIE R&S Lab exam booked!

I have booked my CCIE Routing and Switching v5 lab exam. So, now, the real fun starts.

It is booked for July 10th at Feltham, in the UK. It is a mobile lab, so costs $1900, which equates to around £1200. There are hotels nearby, so I plan to get there the day before - after all, who wants to travel down on the morning and risk getting caught in traffic, or late/missed trains, and losing out on both the exam attempt and £1200!

I have seven full months to get prepared for it, which should be plenty of time.

My study plan, is a mix of learning and doing - after-all, there is no better method! So the plan (at the moment, but subject to change) is as follows:

Month	Learn	Do
December	DMVPN & NAT	DMVPN & NAT Labs
January	EIGRP	EIGRP Labs
February	OSPF	OSPF Labs
March	BGP & MPLS refresher	Revision & Labs
April	Multicast & QoS	Labs on both
May	VTP, STP, PPP	Small labs on weak areas
June	Services*	Medium scale labs
July 1st - 9th	Minor revision	Full scale labs
July 10th	Exam	Celebrate / commiserate
July 18th	Go on holiday	Have fun

*SSH, DHCP, NTP, NetFlow, SPAN/RSPAN
Most of my learning will be through reading, and by doing the Narbik labs.

The reading list is going to be:

Routing TCP/IP (volumes 1 & 2) by Jeff Doyle
Developing IP Multicast networks by Beau Williamson
Cisco QoS by Wendell Odom

This does mean that my planned books; Volume 3: DMVPN and NAT, and Volume 4: IGPs, will probably not be published until after the exam. Both are well under way, and will be added to as I go through, but writing a book is a long endeavour, and now I have a date for the exam I do need to work towards it, keeping my eyes on the prize, rather than letting the writing take all my time up. Besides, if I do pass then it will stop people leaving reviews saying "he's not even a CCIE" - which is true, but to me it's like saying "you can't teach me to swim, you are not a fish".

Anyway, I have a date, I have the books, I have plenty of time. Booking it has now lead to a slight increase in nerves, but also will help to focus me a lot more.

Onwards and upwards!

CCIE R&S written (400-101) passed

After months of cramming I finally got around to sitting the CCIE Routing and Switching written exam (400-101).

I got to the testing centre nice and early, and sat waiting to be taken through to the room. I wasn't feeling all that nervous, the only nerves were all around the cost of having to resit it if I failed.

Once in the room we go through all the usual identity checks, drivers license, something else with signature, do two more signatures and have my photo taken. Then we are in the room and I sit down.

The invigilator signs in and we wait for the system to start. It hangs, and they have to call up the support people. This is when I start to get nervous, well, more anxious than nervous. I really don't want to wait for another day of the system decides to muck about.

I am told that this happened a few days ago, and they had to wait twenty minutes for resolution. It's cold in the room, and I could do with a cup of coffee.

Thankfully they get through pretty quickly, and get the issue sorted.

The exam starts.

Obviously I can't say what was tested on the exam (I signed the NDA, so I won't discuss the questions), but just compare the written objectives to the lab objectives and you can get an idea of what's more likely to crop up on the written.

The format is nothing new, 100 or so questions, some single choice answers, some multiple choice answers, and a whole bunch of drag and drops.

I was finished in about half an hour.
I have had issues in the past where the score report is not shown on the screen when its all done, this has happened more than once, and quite frankly, is very annoying. This didn't happen this time, and my score, which was pretty good was shown on the screen.

I got up from my seat, ready to grab my things and get back to the office, forgetting that I needed to fill in the survey at the end of the quiz.

Survey done, sign out, grab stuff and head off.

Now it's on to studying for the lab.

I have just bought a 26GB 1U server to run ESXi and IOU on, which should serve nicely for when I do the CCIE Service Provider exams (which is my plan for after finishing the Routing and Switching).

One step closer!

Default routing with PPP

Creating a default route within a standard PPP link is not complex, but it is not obvious either. We are not running an IGP, so we cannot redistribute a static default route, nor can we do, say, "default-information originate". However, it is just a one-line command, you just need to know what you are looking for!

We start with a couple of routers.

The goal will be for R1 to have a default route in it's routing table, pointing to R2. We start with a basic config:

R1(config)#int s3/0
R1(config-if)#no shut
R1(config-if)#encapsulation ppp
R1(config-if)#ip add 10.1.1.1 255.255.255.0

R2(config)#int s3/0
R2(config-if)#encap ppp
R2(config-if)#ip add 20.1.1.1 255.255.255.0
R2(config-if)#no shut

Now we need R1 to have a default route. We do not have an IGP running between the two, so we cannot do any redistribution or anything like that. We need to look at R1 and see what options we have.

R1(config-if)#ppp ?
  accm              Set initial Async Control Character Map
  accounting        Set PPP network accounting method
  acfc              Options for HDLC Address & Control Field Compression
  authentication    Set PPP link authentication method
  authorization     Set PPP network authorization method
  bcp               Set BCP negotiation options
  bridge            Enable PPP bridge translation
  caller            Caller option when no CLID is available
  chap              Set CHAP authentication parameters
  direction         Override default PPP direction
  disconnect-cause  Set disconnect-cause code
  dnis              Authentication via DNIS before LCP
  eap               Set EAP authentication parameters
  encrypt           Enable PPP encryption
  ipcp              Set IPCP negotiation options
  iphc              Set IPCP Header Compression control options
  ipv6cp            Set IPV6CP negotiation options
  lcp               PPP LCP configuration
  link              Set miscellaneous link parameters
  loopback          PPP loopback options
  max-bad-auth      Allow multiple authentication failures
  max-configure     Number of conf-reqs sent before assuming peer is unable to

R1(config-if)#

We have one called "ipcp". This stands for Internet Protocol Control Protocol. IPCP looks after IP addressing on a PPP link. Within the options for "ppp ipcp" we have:

R1(config-if)#ppp ipcp ?
  accept-address      Accept any non zero IP address from our peer
  address             Additional ipcp address options
  dns                 Specify DNS negotiation options
  header-compression  IPCP header compression option
  ignore-map          Ignore dialer map when negotiating peer IP address
  mask                Specify subnet mask negotiation options
  no-renegotiation    Do not allow client to renegotiate IPCP
  predictive          Predict peers IPCP requests/replies
  route               Install default route thru negotiated peer IP address
  username            Configure how usernames are handled
  wins                Specify WINS negotiation options

R1(config-if)#

So, ppp ipcp route looks like a winner!

R1(config-if)#ppp ipcp route ?
  default  Install default route thru negotiated peer IP address

R1(config-if)#

So the complete command will be:

R1(config-if)#ppp ipcp route default

Let's see what this gets us!

R1(config-if)#do sh ip route | b Gateway
Gateway of last resort is 20.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 20.1.1.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.1.0/24 is directly connected, Serial3/0
L        10.1.1.1/32 is directly connected, Serial3/0
      20.0.0.0/32 is subnetted, 1 subnets
C        20.1.1.1 is directly connected, Serial3/0
R1(config-if)#

Let's add a loopback interface to R2 and check that we have connectivity:

R2(config-if)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#

R1(config-if)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/113/148 ms
R1(config-if)#

Nice. A little one-liner and we have a default route between two disparate networks.

Narbik's 10-day bootcamp

I have just finished Micronics Training ten day end-to-end "No excuses" bootcamp course. For those of you who don't know, the word bootcamp comes from the German "bootenkamp"*, meaning "kiss good bye to your family and all hope of a decent night sleep".

(* this translation might not be correct)

I was originally planning to do a day-by-day breakdown, but to be honest, I didn't keep the draft of this post updated, so things got a little hazy. But, hopefully, by the end of this post, you'll understand the haze.

Let's start at the beginning, the day before class starts.

Sunday started with a hangover. Way too much drink the night before had lead to spending several hours in the bathroom, sometimes being sick, mainly being asleep. Not a good way to prepare for a boot camp. I cooked dinner on Sunday, and we went to the fair that had come to town. One of my sons had complained about a poorly stomach before we left, and he highlighted the point by throwing up on the way to the fair, moments after we stepped out of the car. He then followed this up a while later, this time in the fun house and drenching his brother and my wife. We went home. Hardly the best start to the week. I had a relatively early night, feeling better, but also feeling a mixture of nervousness and gleeful anticipation for the next ten days.

Day one

I left early, not having done the relatively short drive from my house to Newport Pagnell in rush hour traffic before. I have driven there many times as I have a friend who lives there, but never during rush hour. The usual half hour drive takes over an hour today. For those who don't know the area, Newport Pagnell is just outside of Milton Keynes. Milton Keynes is famous for a couple of things, the MK Dons, a decent snowboard center, Pearl jam played there a few months ago, and having a road layout designed by someone with a an obsessive-compulsive disorder, its just full of straight roads and roundabouts. Newport Pagnell is a nice area though, its got some decent pubs and food places.

The bootcamp location is about ten minutes walk from town, its got a little shop opposite and a garage just up the road, so living on sandwiches is easy if you don't fancy a walk to get something else to eat (pizza, kebab, chinese, pub grub etc).

We start started at 9. We introduce ourselves, saying where we are in our journey to taking the lab exam, and highlighting all our weak points. Pretty much everyone says QoS and Multicast. We do a six hour Cisco 360 practice exam (from the Cisco Learning Network). The 360 assessments are pretty good, and if you have used IOU then it will be pretty familiar. This was followed by lectures on DMVPN and EIGRP, which started late in the evening.  Trying to do EIGRP metric calculations at midnight is harsh, I must say that I did kind of shut off before we got to that part of the talk, but from what I remember, it was very good. I just could not focus on the topic after being there for fifteen hours. We left about 12:30 am.

Day two

OSPF was the topic of the day, not one of my strongest subjects, but here is where Narbik's course really shines out. Narbik doesn't use overhead projectors, powerpoint, or anything like that. He is armed with a board and a pen. If he can't show us on the board, then he doesn't show us. Believe me, he can show you anything! Granted, he has been doing this for many years now, but to be able to formulate entire configurations just using a whiteboard, and as we follow on our routers (which all live in his basement), to find that this is all working exactly as he says it should, was pretty impressive. I got home by 10:15 pm

Day three

BGP and MPLS, Thankfully, these are my better subjects. It was still a long day, and we were still talking about MPLS at midnight, Someone from one of his previous classes came up with the mnemonic for remembering the BGP decision process as "Who Likes Narbiks Answers Over Mine, Everyone". It's very apt. He does have the answers. My wife was sick that day due to a dodgy batch of ginger beer she had bought. I got home around 1am. 

Day four

This is the day most people are least looking forward to. We have a day of lectures (QoS), followed by a two hour Cisco 360 Troubleshooting mock exam, which started at 7pm. I did this bit in class, but left when it ended so I could go back home ready for the six hour configuration mock exam (again it's Cisco 360). I started this at ten. By about midnight all I can hear is the sound of one of my cats snoring, my typing and this really weird grinding noise. I know there isn't anything outside as the motion controlled security lights are not on. So, logic dictates, that the noise is somewhere in the house. Using the flashlight app on my iPhone I track it down to a slug hat has managed to get into the house. He had a stone chip attached to him, which accounts for the noise. He gets ejected from the house and I return to the assessment lab. By half past two my brain is not relaying information and I quit the assessment and go to bed.

Day five 

I am feeling wrecked, worse than I did on Sunday morning. The good news is that we are due to finish at noon. This actually ended up being about five-ish. I get back, put the kids to bed, have a glass of wine and a beer and went to bed. 

At this point I forgot to complete the day by day breakdown, but here is the gist of it:

Day six home by sixish 

Day seven home eleven. 

Day eight. Home by eleven. 

Day nine home by about ten. 

Day ten start at half seven (am), finished before lunch, leave feeling a little sad to be honest, as it's been a pleasure hanging out with a lovely bunch of guys for the last ten days.

The majority of the second week was spent doing troubleshooting and configuration labs. These are designed by Narbik, and we get the print out of the questions/scenarios, followed by the answer sheet being emailed to us by Janet. These are really good, and get progressively harder. Narbik has a scale, these start at about 2-3 and go up to 11. I havn't completed them all, but look forward to doing so. There are lectures during this time as well.

This is roughly 120-123 hours over the ten days.

Post course thoughts

So what have I taken away from the course?

Firstly the workbooks we get (two volumes of the Foundation to bridge the gap between CCNP and CCIE, and two volumes of the Advanced workbook) are really good. They are very clear and in full color, giving a step by step breakdown of everything. My plan is to work through these (and they run to about 4000 pages) after I do my written exam.

Secondly, it has changed the way I am going to approach my studies. As Narbik says, you should have a method for everything, such as DMVPN creation. It will make the exam easier and leave less room for error.

Thirdly, the people in the class were a great bunch, from all over the world and were a pleasure to be with.

Narbik himself is a great guy. He is funny. He has some of the best stories. He talks of the little green men at Cisco (the ones who make up all those funny little rules such as inverting bits in IPv6 addresses), he taught us the best way to open a banana, he made QoS less mystifying, he made us all laugh with a story about multicast, he bought us dinner. He is knowledgeable and approachable. He brought us together as a group and made ten days fly by. He even bought my BGP book from Amazon (I gave him a copy of the MPLS book). I would attend another of his bootcamps in a heartbeat. Whether I can get the pass from my wife is another matter, but we'll get to that in a moment.

The course is tiring, but its not called the "No Excuses" course for nothing. At one point in the second week my chair decided to start leaning back, and that was it, my eyes were closing and I could feel sleeps warm embrace. If you are used to a 40 hour week, then this is like working three full weeks all in the space of ten days. I did miss my family, I missed seeing my children, I missed seeing my wife, but she spurred me on (at one point telling me to "man-up" and get back to the course), and single handedly looked after our children for the duration. If you have a young child, or children then you know how demanding and tiring they can be. So I think my wife may have had a harder time during those ten days than I did. I can't reiterate enough how tiring the course is. But it is definitely worth it. Narbik isn't there to take your money and run, you can resit the course as many times as you want (spaces permitting) - you may have to rent the rack off him, or use your own (IOU is an option), and you will have to pay for the Cisco 360 stuff if you want to do that, but he will welcome you back.

I walked into the class with a pretty good idea of where I was in my journey to becoming a CCIE, and that was a far way away. I walked out closer to that goal, but still not planning to do the lab until March (if seats are available). I still have plenty of time to study, I have the materials in the form of his workbooks, and I have more confidence and better idea of what's ahead.

If you get the chance, and don't mind missing sleep for ten days, then definitely attend his course. I hope to see him again, preferably on his 5 day Service Provider bootcamp. If you are reading this, Narbik, then please can I have the ISBN numbers for the SP books you mentioned!

Poor ASA site to site VPN performance? It could be DNS!

I have been troubleshooting an interesting issue recently, with poor performance on a site to site (L2L) VPN between two sites. The sites are very close, say about 20 miles from each other, with a decent number of users in both sites. The VPNs are established, and encrypting and decrypting traffic ok.

The problem is that the performance is pretty bad. Site B cannot stream media from the Site A, accessing file shares is slow, and access to other things is also slow.

Naturally I looked at the VPN first, the flow of packets looked fine, not obvious lags there, and as the tunnels were up we could eliminate ISAKMP and IPSec from the list of possible issues.

No other sites are affected by this slowness, Site A is our main site with multiple VPNs coming into it.

We logged a call with the ISP for Site B and they reported no issues. So I widened the search. Watching the logs go past I could see a number of failed DNS queries to the root hints servers from the domain controller at Site B:

Dropped UDP DNS reply from OUTSIDE_PRIMARY:199.7.87.1/53 to INSIDE:x.x.x.x/63095; packet length 697 bytes exceeds configured limit of 512 bytes
Dropped UDP DNS reply from OUTSIDE_PRIMARY:125.19.40.90/53 to INSIDE:x.x.x.x/63095; packet length 697 bytes exceeds configured limit of 512 bytes
Dropped UDP DNS reply from OUTSIDE_PRIMARY:194.0.9.1/53 to INSIDE:x.x.x.x/62464; packet length 618 bytes exceeds configured limit of 512 bytes

This shouldn't directly affect site to site traffic, it would certainly affect external traffic (though no reports of slow external traffic were reported), but it certainly wouldn't hurt to fix this.
Under Configuration -> Firewall -> Objects -> Inspect maps is an entry for DNS. Highlighting this we can see that the default Message Length Maximum is set to 512. So I increased this to 1024 and the errors were not logged anymore.

For the CLI user this is set with:

policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 1024
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 

Immediately file access between sites was improved and video streaming was usable again.

So if you are having poor site to site VPN issues, this is worth checking out.

MPLS for Cisco Networks now available!

It's been a long ride. Finally, though, it's finished and being published.

MPLS for Cisco Networks is here!

So what has changed and what's stayed the same?

The format is the same. We have one main topology, it grows and changes as we cover all the topics on both the official CCIE v5 blueprint, and also the INE expanded blueprint. There are smaller, sub-contained, topologies where appropriate. We now have a longer troubleshooting section, with one topology and seven different tickets.

The biggest difference is that we have an editor for this one. Beau emailed me, asking would I like him to edit the second volume (after he read the first one). At first I was a little unsure. The BGP volume was my baby, in a way, and would you let a complete stranger look after your baby? Well, its not like handing over my children, and his credentials looked good (ex-Teacher, Network engineer - so what more could I want!). I do not regret taking the chance and asking him to join me. Together we have created, in my opinion, an excellent book. He's been juggling parenthood, work and being a husband, with hours and hours (and hours) of correcting my grammar, making sentences shorter and more concise. If I gave a penny to my children for every time he's had to add a comma, they'd be rich by now! Seriously, I cannot say enough how he turned the book around. It's far more readable. My sentences do have a tendency to be a little long, it's all to do with how it comes out of my head as I am working through it. So when you are reading it, and you pause for breath in a paragraph, you can thank him! It's not just the grammar though, he's been through the topology with such dedication. It's been excellent to have another pair of eyes on it. He must be a glutton for punishment though, as he's agreed to do number 3 as well!

We have more pictures. This does influence the size (for Kindle), and has meant that printing costs (as well as the fact that its much longer) have increased. It is slightly more expensive than the BGP book, but still very reasonable. I am not out to make a fortune from these, I am doing it because I enjoy it.

We are still using GNS3. It's probably the most familiar to people, but IOU topologies will follow in due course.
In all, I am more pleased with this one than the BGP book. In hind-sight I think I rushed the BGP book. I never expected it to ever be as popular as it has been. When I published on Kindle (not even thinking at that stage it would appear in printed format), I said to my wife that if a couple of people enjoyed it, then it would be worth it. I am still very proud of it, nonetheless. It's a learning process, not just in the material, but in how to write. It will become a more honed process as I write more. I hope I have listened to all of the requests that have come in (apart from one, which, I think, was just asking me to write it exactly like an O'Reilly book - still not sure of that conversation, I was very confused).

I hope you enjoy it.

Sneak peek at volume 2

It is not quite ready yet, it's still being proofed by my technical editor, but I thought I would get a proof copy or two so that I can make sure formatting is right  and that the pictures are coming out properly.

I must say I am pleased so far. So, want a sneak peak?

Here you go!

As you can see it has become a much longer book than the BGP volume! We have many more pictures for a start. 

It's still based around GNS3 and IOU topologies will follow. 

I am very excited by this latest volume. 

Work on volume 3 is already underway. 

Design the next cover, win an Amazon voucher and a free copy of the next book!

Volume 2 is nearly completed, I have ordered the first proof copy so I can check layout, image quality, and how things line up compared to the first one (purely from a layout perspective). Beau, my technical editor, is still going through it, but it should be coming soon.

So, what's next?

Originally I had planned to to the IGPs (RIP, OSPF, EIGRP and IS-IS) next, but instead I have chosen to do "VPNs and NAT for Cisco Networks" for volume 3. In this volume I'll cover GRE, DMVPN, GETVPN and NAT technologies for both IPv4 and IPv6, I think this follows the progression nicer as we have started off with the global view of BGP, the larger scale enterprise with MPLS, and not we can start to look at connecting smaller sites together using VPNs, and with that NAT technologies. I think it'll lead on to the IGPs for volume 4 better this way.

Now I need a new cover design, and this is where you come in.

Have a look at the existing covers:

BGP (in my view) looks like a very interconnected world, highlighting the importance of BGP in our global internet, and MPLS looks like fewer connections, for the company to company networks.

For the next volume I am looking for something similar, abstract, yet understandable within the context of the book. I would like to use the same colors to keep within the running theme, or as this is a steady progression as we move into the IGPs, then maybe green, I like green as well. We don't have to stick with the circular "globe".

So if you want to have a go, then hopefully you can see what I am looking for. I would need this in a Photoshop PSD file of 7.5 x 9.25 (inches), I can handle the text part.

The end date for this will be December 1st.

The winner will receive a copy of the next book, and a £50 Amazon voucher (or equivalent in your local currency, i.e. $80 USD).

Email me: stu @ 802101 .com (remove the spaces...)

What do people use the most for their CCIE studies?

I have been running a poll on the site for a while now, to get a feel for what people are using for the practical part of their CCIE studies. The results are in, and thank you to those who have taken part in the poll.

Here are the results in reverse order, and if you don't want to do the reading then skip to the end where there is a pie chart.

CCIE on VMWare

1% of respondents are using VMWare. VMWare is a great platform, but, historically, not ideally suited to the CCIE. This has started to change somewhat, as the CSR 1000v router works well on it, but, then there is the costs associated with using this platform, if you are running 10 routers then you are going to need 32GB of ram, running 20 you'll need 64GB ram, and this is all on the basis that you have a machine to hand that can run VMWare. Not a surprising result.

CCIE on Real Hardware

8% of you have either a very accommodating employer, or a lot of cash to drop. I did go down this route, and got all the hardware a couple of weeks before the V5 was announced and all my routers (barring the 18xx series) became pretty much obsolete. But there are a number of you lucky enough to have the full hardware based experience! Lucky you, really there is nothing like the real thing.

CCIE on IOU

25% of people are using IOU. IOU is great for many reasons, firstly the version level supported is much closer to the one used in the exam, it's free (yay!), and you can run a large topology inside a VM with very little memory overhead. The downside is that it is harder to get into, those without any Linux experience may be put off, and designing your own topologies does take some getting used to, It works great, but isn't for the faint-hearted.

Real switches + IOU or GNS3 or VMWare

25% have opted to use real switches and a virtualised environment. This setup does make the most sense, as all the virtualised environments have issues when it comes to layer 2 technologies. The switches can be bought (on eBay) for a few hundred (pounds), and as the routing functions work great in virtual environments it eliminates the chances of errors due to a layer 2 feature not being supported, or, if supported, not working as it should (I am looking at you HSRP!). There are some downsides to this setup, mainly the cost, portability and space concerns, but it does offer the best of both worlds.

CCIE on GNS3

36% of people are using GNS3. It has been around for years, and it making huge waves as it progresses from the 0.8 version that we have known and loved for ages to this all-encompassing vital tool, allowing you to run VirtualBox VMs, connect to IOU and to real hardware, if you don't want to do that then it runs 7200 series routers (which support IOS 15) very well. It is of no surprise then, that GNS3 is the tool of choice for the aspiring CCIE. The downsides of GNS3? Not many really, it does have a propensity to make your CPU run hot, but playing around with idle PC values can mitigate that, and you are limited by the amount of memory you have if you are running native GNS3 routers.

Final thoughts

The lines in this poll are slightly blurred though as some may be using real hardware and GNS3, or real hardware and IOU, for instance, which really does push their numbers up, but it does give a good indication as to what people are using.

Whatever platform you choose, I wish you all the very best in your studies.

BGP for Cisco Networks for IOU!

Hot on the heels of releasing the topology for BGP for Cisco Networks for GNS3 1.0 Beta comes the topology for IOU-WEB.

Firstly I must say that I did not create this, not that this is any form of get-out-clause, but because all the thanks go to a great guy, who has done a GREAT job on it, it really does look fantastic!

I mean check this out, how good does this look?

That's one lovely diagram there.  I wish my Visio diagrams looked that good!

Along with the IOU topology is a Visio drawing of the topology.
I have updated the downloads section for the book with the links to the files. Now it's just waiting for ViRL to be released and we have every platform covered!

I am very thankful to the guy who has done this, and he's offered to do the IOU typologies for the MPLS volume as well. If they look anything like the ones that he's done for the BGP book then they will be great as well!

Either way I will be sending him a free copy of the MPLS book when it's published. I have just completed a couple of chapters this week, and this weekend should finish another, then it's just one last chapter to do, which is all planned out, then ready for proofing and publishing!

BGP book topology updated for GNS3 1.0! MPLS book coming soon!

BGP for Cisco Networks & GNS3 1.0

I had a request hit my inbox last month for the topology for my book "BGP for Cisco Networks" to be updated for GNS3 1.0.

I must confess that with trying to finish off "MPLS for Cisco Networks", which is looking great and should be out soon(ish), I didn't do this very quickly.

But thanks to a great guy called Dan over at GNS3 and his nifty python based converter I have been able to do this in under half an hour.

So thanks Dan!

If you are currently using GNS3 1.0 and want to load up the topology, its available in the Downloads section.

MPLS for Cisco Networks

The MPLS book is taking a lot longer than the first, for a number of reasons.

I had a pretty good grounding in BGP when I started, but not so much with MPLS, and MPLS feels like such a bigger subject, the book is certainly longer if that's anything to go by!

I have learnt some things from the first book, mainly due to the comments made by my readers, so there will be more diagrams, more configurations, and hopefully a sense of being part of the book, rather than just a reader... That last bit should make more sense when you read it.

I am just finishing off a couple of bits; VPLS, OTV, IPv6 for VRF-Lite, and need to do the troubleshooting chapter - which is all planned out, and then its a matter of proofing, sending over to my technical ed, and then publishing!

Again topologies will be available in GNS3 0.8 first, with GNS31.0 and ViRL (whenever that eventually turns up) at a later stage.

CCIE v5 Official Certification guide delayed, AGAIN!

After the fucking shambles that is Secret Cinema's Back to the Future shows in London I got this email from Amazon:

Unfortunately, the release date for the item(s) listed below was changed by the supplier, and we need to provide you with a new estimated delivery date based on the new release date:

  Kocharians, Narbik "CCIE Routing and Switching V5.0 Official Cert Guide Library: 1 - 2"
    Estimated arrival date: October 06 2014

I know that the two have no relation to each other, but I need to vent.

So it looks unlikely that I'll be able to get Narbik to sign mine when I go to his class.

It really does feel like Cisco pushed the v5 release too early. The official training material isnt released yet and keep getting pushed back further and further. They might as well retitle it v6 and have done with it...

You can still order it from Amazon, and if you pre-order now you might just get it by Christmas!

(ok ranting over)

Cisco CSR1000v - Part 2: Connecting to GNS3

Following on from part one where we downloaded and installed the CSR1000v router in VirtualBox, it would be great if we can use it in GNS3. We can do thanks to GNS3s integration with VirtualBox.

 I have switched from my 4GB Windows laptop to my 32GB Mac now (we'll see why later on), but the steps are all the same.

Fire up GNS3 and head into the preferences. Firstly make sure that GNS3 can talk to VirtualBox, the details should already be configured for you, so click on "Test Settings", and hopefully you should get the green OK message as shown below:

If thats all good then head into the VirtualBox Guest tab. Click on "Refresh VM List", and then hopefully you'll be able to select your VirtualBox VM from the VM List above:

Give it a name and click on "Save"

Then click on OK to return to the main screen.

Click on the "End Devices" icon on the left hand side, it looks like a PC. In there will be a VirtualBox guest icon, which you can drag onto your topology, and you'll see a prompt to select a VirtualBox guest to use:

Once you select the CSR1000v VM and press OK you'll see it on the topology. Personally I like to change the icon to something more router looking. Before we fire it up we need to make a couple of minor edits. Firstly right click on the router and select "Configure", then select the router.

If "Reserve first NIC for VirtualBox NAT to host OS" is ticked, then untick it, and make sure that "Enable console support" is ticked:

Click ok, and now switch it on. The router light in the topology window should turn green. Give it a few moments and you should be ready to rock:

You can connect the CSR1000v to native GNS3 routers, and the two will communicate happily:

If you try an add another CSR1000v router though you will find that you cant. You can only have as many instances from VirtualBox running as there are instances, so in order to have two CSR1000v routers running in GNS3, we'll need to have two CSR1000v VMs in VirtualBox.

Shut down your existing router for the moment, and back over in VirtualBox, select the CSR1000v VM and right click on it, and then select "Clone".

A new window should pop up, and you can give it a new name, and reinitialize the MAC addresses of the cards (if you want).

Choose "Full Clone", and then click on "Clone".

Repeat this as many times as you want to have as many routers as you need. Remember though that each router takes about 2.5GB of memory, so memory can be used up pretty quickly running CSR1000v routers! This is why I switched to a more powerful machine!

Once you have created as many VMs as you need head back into GNS3. We'll need to rescan the VirtualBox VM list for it to be picked up, but this is just the same as following the first couple of steps we did to get the first CSR into GNS3. You can also choose to untick the "reserve" button here and tick the console button, then save the VM:

You can then add it to GNS3 and start connecting your topology up:

At the moment with a few normal apps running and the above routers memory and CPU usage is quite low:

With enough memory you could run a whole stack of CSR1000v routers and have them play happily together. Fun, fun, fun!

GNS3 1.0 goes beta

GNS3 1.0 is now in beta. It's been fun watching the alpha, which was a complete redesign from the ground up, grow and expand, and now we have hit the beta stages.

So what's the difference in the beta, vs the alpha?

Initially it doesn't look like much has changed on the interface front since the initial alpha, so let's dig a little deeper.

The change log shows the following:

Change Log for Beta 1 of V1.0

The GNS3 all-in-one installer automatically installs a 32-bit or 64-bit version of GNS3.
Base VirtualBox support (still some issues, most of them on Linux and Mac OS X).
Prevent users to set the port and VLAN settings to 0 on Ethernet swithes.
Fixed issue when spaces are in capture file paths.
Fixed bug with live capture on Windows.
Work around for the c7200 reload bug in Dynamips <= 0.2.13.
Fixed some inconsistencies when exporting configs.
The early release dialog is gone! 

What's on the menu?

The menu has some cool new things on it, such as "Cloud" and "VirtualBox"

Its all about the Cloud these days

We have an option for "Cloud". But if you try and copy the link for "Create Cloud Account" you'll find that it doesn't go anywhere just yet. The only provider listed is Rackspace and they are pretty solid so it should be interesting.

Woo hoo VirtualBox!

VirtualBox is back, kind of. The menu items are all there:

But it doesn't work just yet:

I couldn't find any vboxwrapper files in the GNS3.app, so I thought I would give it a go myself:

I started by doing a git clone of the vboxwrapper files (you'll need xcode installed to run git):

Stuarts-MacBook-Air:~ stu$ sudo git clone https://github.com/GNS3/vboxwrapper
Cloning into 'vboxwrapper'...
remote: Reusing existing pack: 15, done.
remote: Total 15 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (15/15), done.
Checking connectivity... done.
Stuarts-MacBook-Air:~ stu$ cd vboxwrapper/

Next we need to run the setup:

Stuarts-MacBook-Air:vboxwrapper stu$ sudo python setup.py install
running install
running bdist_egg
running egg_info
creating vboxwrapper.egg-info
writing vboxwrapper.egg-info/PKG-INFO
writing top-level names to vboxwrapper.egg-info/top_level.txt
writing dependency_links to vboxwrapper.egg-info/dependency_links.txt
writing entry points to vboxwrapper.egg-info/entry_points.txt
writing manifest file 'vboxwrapper.egg-info/SOURCES.txt'
reading manifest file 'vboxwrapper.egg-info/SOURCES.txt'
writing manifest file 'vboxwrapper.egg-info/SOURCES.txt'
installing library code to build/bdist.macosx-10.9-intel/egg
running install_lib
warning: install_lib: 'build/lib' does not exist -- no Python modules to install

creating build
creating build/bdist.macosx-10.9-intel
creating build/bdist.macosx-10.9-intel/egg
creating build/bdist.macosx-10.9-intel/egg/EGG-INFO
copying vboxwrapper.egg-info/PKG-INFO -> build/bdist.macosx-10.9-intel/egg/EGG-INFO
copying vboxwrapper.egg-info/SOURCES.txt -> build/bdist.macosx-10.9-intel/egg/EGG-INFO
copying vboxwrapper.egg-info/dependency_links.txt -> build/bdist.macosx-10.9-intel/egg/EGG-INFO
copying vboxwrapper.egg-info/entry_points.txt -> build/bdist.macosx-10.9-intel/egg/EGG-INFO
copying vboxwrapper.egg-info/top_level.txt -> build/bdist.macosx-10.9-intel/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/vboxwrapper-0.9-py2.7.egg' and adding 'build/bdist.macosx-10.9-intel/egg' to it
removing 'build/bdist.macosx-10.9-intel/egg' (and everything under it)
Processing vboxwrapper-0.9-py2.7.egg
Removing /Library/Python/2.7/site-packages/vboxwrapper-0.9-py2.7.egg
Copying vboxwrapper-0.9-py2.7.egg to /Library/Python/2.7/site-packages
vboxwrapper 0.9 is already the active version in easy-install.pth
Installing vboxwrapper script to /usr/local/bin

Installed /Library/Python/2.7/site-packages/vboxwrapper-0.9-py2.7.egg
Processing dependencies for vboxwrapper==0.9
Finished processing dependencies for vboxwrapper==0.9

So can we now run the finished file?

Stuarts-MacBook-Air:vboxwrapper stu$ python /usr/local/bin/vboxwrapper 
Traceback (most recent call last):
  File "/usr/local/bin/vboxwrapper", line 8, in 
    load_entry_point('vboxwrapper==0.9', 'console_scripts', 'vboxwrapper')()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 318, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 2221, in load_entry_point
    return ep.load()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 1954, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
ImportError: No module named vboxwrapper

Nope, so let's make sure that things are installed properly:

Stuarts-MacBook-Air:vboxwrapper stu$ python
Python 2.7.5 (default, Mar  9 2014, 22:15:05) 
[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.0.68)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from vboxapi import VirtualBoxManager
>>> g_vboxManager = VirtualBoxManager(None, None)
>>> print g_vboxManager.vbox.revision
91406
>>> exit()

At this stage I found the link that's mentioned below, so started to try those steps out:

Stuarts-MacBook-Air:vboxwrapper stu$ cd ~/Downloads/
Stuarts-MacBook-Air:Downloads stu$ cd vboxwrapper/
Stuarts-MacBook-Air:vboxwrapper stu$ ls
LICENSE   build   setup.py  vboxcontroller_4_3.py vboxwrapper.py
README.md  dist   tcp_pipe_proxy.py vboxwrapper.egg-info
Stuarts-MacBook-Air:vboxwrapper stu$ sudo cp vboxwrapper.py tcp_pipe_proxy.py vboxcontroller_4_3.py /Library/Python/2.7/site-packages/
Password:

So can we start the wrapper now?

Stuarts-MacBook-Air:vboxwrapper stu$ python vboxwrapper.py 
VirtualBox Wrapper (version 0.9)
Copyright (c) 2007-2014
Jeremy Grossmann and Alexey Eromenko
Using VirtualBox 4.3.6 r91406
VBoxWrapper TCP control server started (port 11525).
Listening on all network interfaces

Yes! We can! Let's try setting the vboxwrapper location to the new file and see what happens:

Balls, I still get the same error:

So with the new beta we can see a lot of features on the horizon, every so slightly out of reach, but hopefully, and given the speed at which the GNS3 guys are pushing out the updates, it won't take long for VirtualBox to be working again. I'd love to connect up some CSR1000v routers to some IOU routers and I am sure that this is just around the corner, yet in some ways though it's also very frustrating to be teased like this.

It's important to remember that this is still beta, so things may be limited in functionality, or missing completely. There are reports of getting virtualbox running on the new beta over on the forums, but that looks to be for Linux, and probably done by someone who has more of a clue about python than I do!