Archive for October, 2014

CCIE SP version 4 has been announced

October 28, 2014 Leave a comment

Cisco has been updating their certifications lately. The CCIE RS got bumped to version 5 and went all virtual. The CCNP RS was then also updated and now it’s time for the CCIE SP.

It seems that Cisco has done a better job lately of tying all the certifications together and providing a more unified exam format. At least this is the indications I’m getting for the CCIE track.

CCIE SP v4 will use the same exam format as the CCIE RS v5. This means that there will be a diagnostic (DIAG) and troubleshooting (TS) module at the CCIE SP lab. First let’s go over the exam domain.


My impression from this is that the v4 blueprint is a bit more generic. This makes it easier to develop the exam content and I also get the feeling that it’s getting more important to have a high level understanding of the different technologies and architecture.

The exam is designed to be dual stack, so you can’t afford to be weak on v6, you must master the v6 topics at the same level as v4. If you get certified you may use the IPv6 Forum Gold logo.

The following topics have been added to version SPv4 written:

• SP architecture concepts
• Virtualization concepts
• Mobility concepts
• Describe BGP path attributes
• Describe MPLS forwarding and control plane mechanisms
• Describe MPLS TE attributes
• Describe MPLS advanced features, for example, segment routing, G-MPLS, MPLS-TP, and MPLS TE Inter-AS
• Describe multicast P2MP TE
• Describe EVPN (EVPN-VPWS and PBB EVPN)
• Describe IEEE 802.1ad (Q-in-Q), IEEE 802.1ah (Mac-in-Mac), and ITU G.8032 (REP)
• Describe broadband forum TR-101, for example, trunk N:1 and trunk 1:1
• Describe QoS link fragmentation (LFI), cRTP, and RTP
• Describe multichassis/clustering high availability
• Describe Layer 1 failure detection
• Describe BGPsec
• Describe backscatter traceback
• Describe lawful-intercept
• Describe BGP Flowspec
• Describe DDoS mitigation techniques
• Describe network event and fault management
• Describe performance management and capacity procedures
• Describe maintenance and operational procedures
• Describe the network inventory management process
• Describe network change, implementation, and rollback
• Describe the incident management process based on the ITILv3 framework

There are some interesting topics here and it’s clear that the exam has been modernized. Virtualization is added which may relate to Network Function Virtualization (NFV) which is one of the buzzwords right now.

The MPLS focus is even stronger, many SPs have started or are in the process of starting with deploying MPLS to the access layer. Because these networks are so large and using the same IGP in the entire domain won’t scale, there are now solutions like seamless MPLS which uses BGP to carry link state information. They have also added P2MP LSPs which are used to transport multicast over MPLS.

Another interesting topic is segment routing which just came out in 5.2.0. With segment routing it’s possible to setup the path the traffic should take by labeling the packets. The labels are not derived from LDP. The labels are instead carried in the IGP, such as ISIS.

EVPN and PBB-EVPN are technologies that will likely replace VPLS in the future, maybe not in all deployments but in many. It has features to make multihoming and loop prevention easier, which is always a challenge when a customer is multihomed at layer 2.

DoS and DDoS is the reality of every major SP today. We can see this in the exam topics as well, BGP Flowspec has been added which is a new feature in 5.2.0 to be able to deploy ACLs and ratelimiters through the use of BGP.

The following topics have been added to both the lab and the written:

• Describe, implement, and troubleshoot advanced BGP features, for example, add-path and BGP LS
• Describe, implement, and troubleshoot mLDP (including mLDP profiles from 0 to 9)
• Describe and optimize multicast scale and performance
• Describe, implement, and troubleshoot MPLS QoS models (MAM, RDM, pipe, short pipe, and uniform)
• Describe, implement, and troubleshoot MPLS TE QoS mechanisms (CBTS, PBTS, and DS-TE)
• Describe, implement, and troubleshoot E-LAN and E-TREE, for example, VPLS and H-VPLS
• Describe, implement, and troubleshoot Unified MPLS and CSC
• Describe, implement, and troubleshoot LISP
• Describe, implement, and troubleshoot GRE- and mGRE-based VPN
• Describe, implement, and troubleshoot IPv6 transition mechanism, for example, NAT44, NAT64, 6RD, and
DS lite
• Describe, implement, and troubleshoot end-to-end fast convergence
• Describe, implement, and troubleshoot multi-VRF CE
• Describe, implement, and troubleshoot Layer 2 failure detection
• Describe, implement, and troubleshoot Layer 3 failure detection
• Describe, implement, and troubleshoot control plane protection techniques (LPTS and CoPP)
• Describe, implement, and troubleshoot logging and SNMP security
• Describe, implement, and troubleshoot timing, for example, NTP, 1588v2, and SyncE
• Describe, implement, and troubleshoot SNMP traps, RMON, EEM, and EPC
• Describe, implement, and troubleshoot port mirroring protocols, for example, SPAN, RSPAN, and ERSPAN
• Describe, implement, and troubleshoot NetFlow and IPFIX
• Describe, implement, and troubleshoot IP SLA
• Describe, implement, and troubleshoot MPLS OAM and Ethernet OAM

Add path is important to provide redundancy in RR deployments.

BGP-LS is used for seamless MPLS.

MLDP is used for transporting multicast over MPLS.

There are different VPN technologies as expected and there is also a strong focus on security, how to defend the control plane of your routers and to mitigate DDoS.

QoS is always important and also relates a bit to the above topic.

IPv6 transition will be come more and more important as v4 addresses are now a scarce resource.

Monitoring becomes more important as well and topics like MPLS OAM and Ethernet OAM are therefore added.

The following topics have been removed from the CCIE SP v4 lab:

• Describe, implement, optimize, and troubleshoot packet over SONET
• Describe, implement, optimize, and troubleshoot IP over DWDM
• Describe, implement, optimize, and troubleshoot SP high-end products
• Describe, implement, optimize, and troubleshoot SONET/SDH connections
• Describe, implement, optimize, and troubleshoot T1/T3 and E1/E3 connections
• Describe, implement, optimize, and troubleshoot IP over DSL to the customer
• Describe, implement, optimize, and troubleshoot IP over wire line to the customer
• Describe, implement, optimize, and troubleshoot IP over cable to the customer

Technologies like SONET, E1/T1 are definitely on their way out. There is still a lot of DSL deployed but the future access technologies will likely be more focused on fibre and Ethernet.

These topics are removed from the v4 written:

• Describe, implement, optimize, and troubleshoot Frame Relay connections
• Describe, implement, optimize, and troubleshoot ATM connections
• Entire domain: describe, implement, optimize, and troubleshoot managed service traversing the core
• Entire domain: describe service provider network implementing principles

Frame relay and ATM should be pretty non existant now except for some areas of the world. It’s time to move on.

The exam number for the has changed from 350-029 to 400-201, the written format will still be very similar but the lab has changed a lot. The lab now consists of the following sections:

  • Troubleshoot
  • Diagnostic
  • Configuration

This is the same format as the CCIE RS v5. The day starts with TS which is alotted 2 hours. You can spend an extra 30 minutes on the TS which is deducted from the Configuration section if you wish to.


I won’t describe more of the format here. I will include links for more information at the end.

The important part is that there is a cut score per module and an overall passing score. The addition of the TS and diagnostic section makes sense. It’s desirable that candidates passing have experience and this usually shows more in these sections than in the configuration.

This picture sums up the different sections:


As mentioned earlier the entire lab has now been virtualized. The lab will be based on the following products and software versions:

• ASR 9000 Series running the Cisco IOS XR 5.2 release
• ASR 1000 Series running the Cisco IOS XE 3.13S.15.4(3)S release
• Cisco 7600 Series running the Cisco IOS 15.5(3)S release
• Cisco ME 3600 Series running the Cisco IOS 15.5(3)S release

What’s interesting here is that if Cisco is virtualizing the above platforms this should indicate that maybe there will be virtualized versions of these available in the future to buy or download.

There is already the CSR1000v which matches the ASR 1000, the XRv matches up with the ASR9k. So there must be images for Cisco 7600 and ME 3600 as well. Hopefully Cisco makes these available in some form in the future.

In this document, Cisco mentions that features from newer releases will not be tested and they provide more information on the equipment and what to replace it with if you don’t have a 7600 or ASR 9000.

Here is the document describing topics added and removed.

Finally, here is the landing page for the new CCIE SP v4.

My first impression is positive. Cisco is working on making the lab environment more unified. They have added new topics to update the exam such as network virtualization, EVPN, segment routing, BGP Flowspec. They have also removed legacy topics such as ATM and Frame Relay.

CCIE exams are more relevant than ever and the death of the CCIE is greatly exaggerated.

Categories: Announcement Tags: , ,

Checking community interest for a new kind of networking site

October 27, 2014 10 comments

A couple of days ago I got an idea for a new kind of networking site. The idea is to do something similar to but for network products.

I work a lot on network designs these days and part of the design is always what device to choose. Maybe I need a product that does NAT, IPSEC, 200 Mbit/s of throughput and has at least 4 ports. This is the kind of knowledge that you get from working on design and staying up to date with products from different vendors. There is not a community for people where they can find a broad range of products and get help choosing the right one based on different search criteria such as number of ports, features and the throughput.

What I would like to do as well is to have people write about the products. The product page said 200 Mbit/s but I got 500 Mbit/s with IMIX traffic. After enabling IPSEC I only got 80 Mbit/s. These kind of figures are very difficult to find. There could then be some kind of rating or voting system to rate if the post is helpful to sort out if people are posting misleading information.

I would also like to build a community where we exchange experiences on the products. Are the buffers too small? Can we alter QoS settings to help with the small buffers?

There would be a page linking to data sheets, presentations from conferences or other useful links on the products and also probably some kind of forums.

People could contribute with articles on Netflow, performance testing, how to setup a Netflow collector, how to use Spirent or other equivalent products. A lot of this relates to network performance but that would not be the only use for such a networking site.

I think we have a possibility to build something great but the problem is I have no experience with web design and to build an appropriate platform for this. I’m not sure what it could be based on? WordPress? Drupal? Wiki?

Either I need to find someone with web design and coding skills (and time) to help with this or try to crowd fund it in some way to pay a company to help with the design and development of the site.

Maybe I’m the only one wanting this? Maybe I’m crazy? 🙂 Please give me feedback if you want to see this happen and how you could contribute to it through either putting in your time and/or money into it.

Appreciate any feedback you guys have for me!

Cisco Adds New Routers In the ISR 4000 Family

October 4, 2014 8 comments

The Cisco ISR G2 routers have been around for a while now. Roughly a year ago, Cisco released the Cisco 4451-X router which was the first ISR running IOS-XE. Cisco has now added new routers to the 4000 family, which means that the ISR G2 family will eventually go away. Don’t panic though! That will not happen for a while but if you are looking to buy new ISR routers, then take a look at the new 4000 family.


One great thing about the new ISR 4000 routers is that they support upgrading of the bandwidth capacity by buying a license. That means that you can keep the same router for a longer time and grow into it, rather than doing a complete replacement as your demand for bandwidth increases. The new models are ISR 4321, 4331, 4351 and 4431.


If you need a router that does 10 Mbit/s, then you can get the 4321 and you can keep using it until you reach 100 Mbit/s. The 4331 will get you from 100-300 Mbit/s which would cover a lot of customers that I currently have.

The next slide shows some of the new features of the ISR 4000:ISR4000-architecture

The ISR 4000 runs IOS-XE which means that IOSd is running on Linux kernel. There is also the possibility of running virtualized applications on this kernel which was not available on ISR G2 routers. You also have the possibility of adding UCS to make the offering more complete.

The migration path from ISR G2 to ISR 4000 is shown below. With the ISR 4000 they have tried to keep the units smaller in size so that the number of RU is less than with the ISR G2. This is welcomed if you have racks with little space in them.


The EHWIC of the ISR G2 has been replaced by Network Interface Modules (NIM). The NIM can also be used for service containers running applications on them. The Enhanced Service Module is compatible with the ISR G2, the NIM is not compatible with EHWIC.ISR4000-IO

The ISR 4000 uses multiple cores and as mentioned earlier the IOSd runs on a kernel. Other services such as WAAS can be hosted as well.


The next slide shows the packet flow of the ISR 4000.


The ISR 4000 now can run VMs. Apps like WAAS, Energywise and future apps can then be hosted on the ISR 4000.



With the ISR 4000, HDs can be added and these are hot swappable. Even SSD can be added which is always nice.


Most modules are not backwards compatible. It’s always a challenge to be backwards compatible and innovative at the same time.


The ISR 4000 has plenty of connectivity options to make it fit for many WAN scenarios. It has Ethernet, T1/E1, T3/E3, and 3G/4G on the roadmap.


Like the ISR G2, there is a switch module available and it has PoE if you have a need for that. It has an optional license to enable L3 features on the switch module.


Additional routed ports can be added and for the first time, ISR will support 10GE! You can switch between 4x 1GE or 1x 10GE from the software. All GE ports are dual phy which makes it easy to use both copper and fibre and to protect your investment.


Voice modules are available, I don’t know much about voice but every card will have its own DSP. No DSP on the motherboard!


UCS E-Series blade can be hosted. This makes the ISR 4000 attractive for branches where you can put a router and also host VMs to make it an all in one type of offering.


There is also a double wide blade that has room for more RAM and for more cores on the CPU.


The modules are also Vmware, Hyper-V and Citrix certified.


The ISR 4000 looks like a nice addition to the Cisco family. I personally like the pay as you grow feature and the addition of dual phy and 10GE ports. You can find more information about the ISR 4000 here.

Categories: Announcement Tags: , , , ,