Well August has come and gone but there wasn’t any announcements from Cisco in regards to CCIE lab changes for January 2009.  This means that we “should” be clear until June/July 2009.  Now it’s possible that they announce in October or November as opposed to the traditional month of August.

The only possible big changes were in regards to the Security lab equipment which we blogged about earlier this year and some minor changes to the Service Provider lab in regards to IPv6.  The Voice lab is planning to change around the June/July 2009 time frame.

So what does this mean by Cisco not making any lab announcements?  It doesn’t mean that they aren’t changing the labs.  We could see changes to the tasks presented in the labs but within the current blueprint and hardware specifications.  This can be done by putting less emphasis on a traditionally important topic (e.g. Frame Relay) and more emphasis on other topics (e.g. QoS, IP Services, etc).   Changes like this (less Frame Relay and more QoS) would be in line with what we are seeing in the real world.

On a personal note I should have done the Storage Lab before they updated the Storage Lab Hardware in July as now it’s really expensive.  I’m not sure of the exact list price but it’s somewhere in the 6 figures.   I have to get it out of the way before the Wireless Lab comes out

<quote>

Policy Change to Payment for CCIE Labs

In effort to improve the availability of CCIE lab exams Cisco has updated the CCIE lab payment process.

On September 6, 2008 the payment policy for CCIE labs will be as follows:

Payment in full is due 90 days (calendar) prior to your lab date. Payment must be received to confirm your date. After 90 days refunds will not be available for canceled lab dates.

The change in this policy will allow for lab seats to be open in a timely manner and create more desirable time frames.

If you have questions or want to confirm you are within the 90+ day window please contact customer support.

</quote>

This is good news as it should open up more lab dates 90 days out as opposed to 30 days out.

I ran across this email on a mailing list today in regards to Cisco interviewing candidates before allowing them to take the exam.  It’s unconfirmed as to it’s authenticity but there have been stories of problems with certain CCIE lab locations (e.g. someone taking the lab for 4 or 5 other people, someone else with a very good memory but no Cisco networking skills taking the exam to just brain dump it, etc).

Dear Candidate:

On August 27, Cisco will introduce a pilot for the CCIE Routing and
Switching lab exam in Beijing, China. The pilot will add a 10-minute
interview that will assess the candidate's ability to apply expert-level
networking skills and knowledge to networking problems that are encountered
on the job. After the lab orientation, a panel of three experts will conduct
a verbal interview with each candidate, asking a series of expert-level
networking questions (questions and answers will be in English). The ability
to correctly answer these questions will affect the exam score. After
completing the interview, the candidate will have the entire 8 hours to
complete the lab portion of the exam.  These scores will then be
calculated and then combined for a total score which will decide a pass
or a fail.

Our goal with this email is to let you know that your day will extend beyond
the normal testing day by approximately one hour.  The additional hour will
be at the end of the day. We hope you find this interview process
enlightening and helpful as we continue to strive for the standard the world
has come to expect from CCIE.

Today my routers finally passed the point of no return. Negotiations between R4 and SW4 broke down, and the course of action we were all trying to avoid was now inevitable… all out war.

R4#
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 204.12.1.0 type-5 adv-rtr 223.255.255.255 in area 0
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 31.2.0.0 type-5 adv-rtr 223.255.255.255 in area 0
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 31.3.0.0 type-5 adv-rtr 223.255.255.255 in area 0
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 204.12.1.0 type-5 adv-rtr 223.255.255.255 in area 0
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 31.2.0.0 type-5 adv-rtr 223.255.255.255 in area 0
%OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 31.3.0.0 type-5 adv-rtr 223.255.255.255 in area 0

Who will be the winner? Only time will tell. What sent them over the edge though? Did the diplomat in charge of DTP negotiation fail?

Be the first person to tell me why R4 and SW4 declared all out WAR on each other and win a $50 amazon gift card! Post your comments now!

Update:

Congratulations to Patrik Berglund, winner of a $50 amazon gift card!

R4 and SW4 declared war on each other because they had duplicate OSPF Router-IDs. When R4 redistributed routes into OSPF, it generated LSA Type-5 routes tagged with its own Router-ID, 223.255.255.255. Per RFC 2328, OSPFv2:

    13.4.  Receiving self-originated LSAs

        It is a common occurrence for a router to receive self-
        originated LSAs via the flooding procedure. A self-originated
        LSA is detected when either 1) the LSA's Advertising Router is
        equal to the router's own Router ID or 2) the LSA is a network-
        LSA and its Link State ID is equal to one of the router's own IP
        interface addresses.

        However, if the received self-originated LSA is newer than the
        last instance that the router actually originated, the router
        must take special action.  The reception of such an LSA
        indicates that there are LSAs in the routing domain that were
        originated by the router before the last time it was restarted.
        In most cases, the router must then advance the LSA's LS
        sequence number one past the received LS sequence number, and
        originate a new instance of the LSA.

        It may be the case the router no longer wishes to originate the
        received LSA. Possible examples include: 1) the LSA is a
        summary-LSA or AS-external-LSA and the router no longer has an
        (advertisable) route to the destination, 2) the LSA is a
        network-LSA but the router is no longer Designated Router for
        the network or 3) the LSA is a network-LSA whose Link State ID
        is one of the router's own IP interface addresses but whose
        Advertising Router is not equal to the router's own Router ID
        (this latter case should be rare, and it indicates that the
        router's Router ID has changed since originating the LSA).  In
        all these cases, instead of updating the LSA, the LSA should be
        flushed from the routing domain by incrementing the received
        LSA's LS age to MaxAge and reflooding (see Section 14.1).

In this case, SW4 received an external LSA with its own Router-ID (223.255.255.255) as the originator ID. Since SW4 didn’t have a route to the destination that it was originating, it thought that it had previously originated the route, lost the route to the destination, and now received an old LSA which was aging out throughout the topology. In response to this SW4 incremented the age of the LSA to MaxAge, effectively poisoning it. When R4 received this back, it thought that its own LSA was somehow aged out, but since it had a route to the destination itself locally still it re-originated the LSA again. The fight between the legitimate route and the MaxAge route continues over and over, resulting in the FLOOD_WAR message on the command line.

For more detailed information and lab scenarios like this check out the new IEWB-RS Volume 1 Version 5.0!

There is an interesting article regarding CCIEs on www.pbs.org.   Here is an excerpt from it:

Leading indicators are measurements that change over time and suggest future trends for important second-order results like population growth and economic development. Economists in particular are often looking for indicators that have been known historically to lead the overall economy. If unemployment goes down, for example, it is a good bet that shortly thereafter income will rise and the economy will improve. It’s for this very reason, then, that economists and Wall Street fund managers are always looking for newer and better leading indicators. But such indicators needn’t be limited to the economy: they can apply to technology and technical culture, too, which has its own feedback loop to economic development. My friend George Morton, who figured this all out, says that by knowing the right numbers to look at we can have a good idea what countries will be leading in technology — and presumably in economic development and power — in the years ahead. The measure George likes is the number of Cisco Certified Internetwork Experts or CCIEs.

You can read the rest of the article at:

http://www.pbs.org/cringely/pulpit/2008/pulpit_20080822_005393.html

From Cisco:

<Quote>

CCIE labs changing from UniversCD to Cisco Documentation

On Sept 24 2008 CCIE labs will no longer support using the UniversCD documentation for the lab exam.

All labs are migrating to Cisco Documentation only. For those scheduled to take the CCIE lab prior to Sept 24 access will still be available for UniversCD.

The Cisco Documentation pages have the same information that currently resides on UniversCD, please refer to the links on the CCIE web pages to view these pages and become familiar with the new format.

After Sept 24 2008 only the Cisco Documentation web pages will be available for CCIE labs.

</Quote>

So what does this mean for people taking the lab after Sept 24th?  It means you will still have access to everything needed in relation to the documentation but you will need to access it using the link below:

http://cisco.com/web/psa/products/tsd_products_support_configure.html

For the sake of simplicity and enabling a wider audience we decided to post our regular CCIE brainteasers to the blog.  The winner will get a coupon worth 10% off the price of any of our training packages for R&S, Security, Voice or Service Provider or a $250 Amazon.com gift card! Note that the 10% off discount can not be used with any other discount code you may already have. Please post your solution under the comments for this blog entry - the first person to post the correct solution is the winner. Make sure you provide the correct email address in your response so we can contact you in the event you won.  On Tuesday (August 12th) we will post the solution and announce the winner.

For today the task is an easy one or at least appears to be Imagine a simple topology made of 3 switches:

All switches are running STP for VLAN123 with SW3 being the root.  Your task is to configure the network in such a way so that SW1 port fa0/13 is the root port and SW1 port fa0/16 is the alternate port for VLAN 123.  Sound easy?  Here are the requirements:

1) Do not change any STP link cost

2) SW3 must remain the root for VLAN 123

3) The port types must be access

4) Do not use the switchport backup interface command

5) Do not try to use SPAN or RSPAN

6) Do not disable STP

Good luck!

The correct solution is:

1) Configure SW2 to tunnel STP BPDUs between SW1 and SW3. This will make SW1 thinking that that SW3 is directly connected with cost 19. STP is still active on SW2, but SW2 considers itself the root.

SW2:
interface FastEthernet 0/13
l2protocol-tunnel stp
!
interface FastEthernet 0/16
l2protocol-tunnel stp

2) Configure SW3 port Fa0/16 with lower STP priority than SW3 Fa 0/13. This will make SW1 select its connection to SW2 as the root port and the other uplink is alternate: both uplinks have equal costs, the upstream port priority is the tiebreaker.

SW3:
interface FastEthernet 0/16
spanning-tree port-priority 64

Below is a summarization of some of the close but not quite correct approaches people submitted:

1) Change interface bandwidth/speeds. This is not allowed, since the requirement was not to change spanning-tree costs.

2) Use dot1q tunnel on SW2 – this was prohibited by requirement to set port modes to access

3) Filter spanning-tree BPDUs coming to SW1 from SW3. This would break the requirement for Fa 0/16 port to be alternate path to root. Aside from that, that would result in STP loop, since this is a circular topology.

4) Disabling STP in SW2 explicitly which is prohibited by the requirements

5) Incorrectly assuming that port-priority on SW1 may influence root port selection

6) One complicated MSTP solution submitted by two people actually works but was submitted after the above solution was posted.  The solution is based on differentiation between regional root and CIST root.  Not the simplest solution but it works.  The two people that posted this solution also deserve credit for their MSTP knowledge.  We’ll do a post on MSTP inter-region operations here on the blog in the next few days.

The winner is: “Roman”
 roman.aprias@[snip].com

In order to provide the best possible service to our customers, and to the CCIE community as a whole, we have implemented a new combination web forum / mailing list server as a free service. Internetwork Expert’s Online Community (http://www.IEOC.com) officially replaces our previous Discussion Forum as a place where you can discuss both general CCIE topics for all tracks as well as Internetwork Expert specific products.

IEOC allows you to create new posts and reply to other posts like a normal web forum, but you can also read and submit posts via email! For example if you email ccie-rs@ieoc.com your message will be sent out to all users subscribed to the “CCIE Routing & Switching Technical” email feed, plus posted on the web forum as viewable and searchable content. Personally this is my favorite feature of the new server, as I dread checking web forums daily, but I am completely obsessed with checking my email every five minutes.

Also keep in mind that this new service is not designed to be just for product specific support. All users, customers and guests alike, are welcome to join and participate. Simply visit http://www.IEOC.com, sign up for an account with a valid email address, then click on the Forum Subscriptions link from the main page. Forums are organized per topic basis for CCIE tracks, and per product basis for IE specific support. On this page you’ll see the unique email address that is used to post or reply to that forum, and a yes/no selection under Subscribe to add yourself to the email feed.

All CCIE tracks are also broken down into separate “General” and “Technical” forums, so if you want to spend endless hours debating the merits of CCIE vs. PhD, please feel free to do so in the “General” forum.

A good starting place for most candidates would be the CCIE Routing & Switching Technical forum (ccie-rs@ieoc.com). This forum, amongst the others, is going to be actively monitored by not only myself, but also Brian Dennis, Scott Morris, and Petr Lapukhov.

If you are interested in any custom forums or mailing lists please feel free to contact me directly.

Thanks!

Recently a marketing release by a competing CCIE vendor was brought to my attention. One section that caught my eye in particular in the release asked “Which Vendor has the MOST Successful Students to Its Credit?”. Immediately I thought, well Internetwork Expert obviously! However, the release went on to say that “[vendor] is proud to have helped more engineers become CCIEs than any other vendor. While others may claim this honor, [vendor] backs it up… the published numbers speak for themselves.”

This started me thinking… had Internetwork Expert really been passed up as the industry leader in CCIE preparation? Did we not have the most successful customers in the world? I decided to find out for sure for myself based on an easily and publicly available metric that most vendors post, the list of customers that used the vendor’s products to pass the CCIE lab exam.

Now before I jump into the statistical analysis, let’s look at the raw data. The numbers used here are based on the publicly available data from different vendors websites as of July 4^th 2008. Specifically the vendors compared here are Internetwork Expert, IPexpert, and CCBootcamp, as these three have the most CCIEs on their lists. You can view this data for yourself from the following links.

Internetwork Expert: http://www.internetworkexpert.com
IPexpert: http://www.ipexpert.com/index.cfm/Success
CCBootcamp: http://www.ccbootcamp.com/halloffame.html

Now the numbers for total number of CCIEs:

1. Internetwork Expert - 784
2. IPexpert - 729
3. CCBootcamp - 719

Like I had thought, the numbers don’t lie, Internetwork Expert certifies more CCIEs than any of our competition. However looking at this overall total still doesn’t give us an accurate view of how these numbers are dispersed. After all, we at Internetwork Expert are about to celebrate our 5th anniversary this summer, but these other vendors have been in business much longer than we have. Therefore, I broke down the numbers into different tiers based on how many candidates passed versus when they passed. Since Cisco doesn’t publish the exact dates of when people passed, I used the CCIE numbers to gauge this. The results are as follows:

Based on this we can see that Internetwork Expert leads not only in the total number of CCIEs, but also in the growth rate at which people are passing. For example, graphed out the total number of CCIEs per vendor are as follows:

However, if we look at just the recent CCIEs over number 20,000, the gap widens:

This gap is almost three times our nearest competitor. This illustrates that for the current revision of the CCIE R&S Lab Exam, not the lab exam from 10 years ago, Internetwork Expert customers are more successful than our competition. The same is true if we look at recent CCIEs with numbers over 15,000:

Or if we look at CCIEs with numbers just between 15,000 and 20,000:

Even if we look at CCIEs with numbers 10,000 to present:

As we get further back the only two categories that we do not come in first for are the growth rate from 10,000 to 15,000, and CCIEs with numbers below 10,000. This is expected, because Internetwork Expert had not been in business much sooner before this.

In this case we can see that the published numbers do actually speak for themselves!

Good luck in your preparation and Happy 4th of July!

If you are like me, you get network withdrawal if you’re away from the Internet for more than a few minutes at a time. Now thanks to the iWPhone WordPress Plugin you can read our CCIE Blog in an optimized formfor your iPhone or iPod Touch. Simply browse to http://blog.internetworkexpert.com from either of those devices and it will automatically be detected and reformatted.

Also for those of you that didn’t get a chance to join us in Orlando for Cisco Live 2008, the keynote address by John Chambers included a demo of Cisco’s new WebEx Connect, which, through the Unified Communication suite, is highly integrated with Apple’s iPhone now. You can take an IP call from WebEx, send it to your iPhone, and then “throw” the call to another user’s iPhone in the vicinity. You can view the video here of the demonstration.