What is CHI-NOG (Chicago-NOG)

Over the last year, I haven’t been writing many new blog posts. I have been pretty busy with a new job, but also starting a new networking group called the Chicago Network Operators Group (CHI-NOG). The idea behind it is that there aren’t that many places where network engineers can meet to talk about technology, learn something new and network with each other. The communities are mostly virtual and that’s something I wanted to change by creating CHI-NOG.

Continue reading

Pseudowire FAT Interoperability

I usually don’t think much about Pseudowires Sub-TLV until I encountered two IOS-XR boxes that didn’t use the same value and didn’t forward any packets. There is a special corner case of pseudowires using Flow Labels Transport (FAT) that can cause unexpected behavior and if you don’t watch out you might drop traffic. In this post I’ll go over the details of using FAT with different IOS-XR versions and what can go wrong.

Continue reading

New GNS3 – Redesign changing networking again

GNS3 has been a crucial tool used by many network engineers to emulate computer networks.  It has proven to be fundamental  studying for all network certification levels such as CCNA, CCNP and CCIE. It has been crucial for network design validations within many companies.  With the news of Cisco’s VIRL, many said that GNS3 will disappear, but that doesn’t seem to be the case. GNS3 is going through a major redesign and needs the help of all the engineers that it helped over the years.

Continue reading

Anycast DNS with IP SLA DNS

Recently I came across an idea to implement anycast DNS within an enterprise environment. The concept is similar to Google’s public DNS, but at an enterprise level. Using IP SLA DNS, a static tracked route and some redistribution it makes it an easy solution. The biggest benefits is that all internal clients can use the same DNS IP address no matter what locations they reside in; additional benefit is distributing the load when DNS attacks occur.

Continue reading

RSVP Per Flow Limit and RSVP Call Rate

When configuring RSVP, the “ip rsvp bandwidth (bandwidth) [per flow limit]” command there is an optional parameter which limits the per flow bandwidth of individual RSVP reservation.  When using Call Admission Control for VoIP, that is the rate of an individual voice call in one direction, but the behavior is not as clear cut as it seems.

Continue reading

Making RSVP work over DVMPN

When using RSVP Call Admission Control (CAC) for VoIP, DMVPN and RSVP have limitations that prevent RSVP from working over DMVPN. If you have VoIP and you can’t use location based CAC, RSVP is the only answers. So what’s the problem with RSVP over DMVPN? The root of the problem is RSVP’s loop prevention mechanism. In this post I’ll describe an original solutions to make RSVP CAC work over DMVPN.

Continue reading

VIRL – Why you need to know about it!

At Cisco Live in Orlando I had the chance to demo the Virtual Internet Routing Lab (VIRL). It is Cisco’s answer to GNS3 or Junipers’ Junosphere using virtualization to create virtual network topologies. This tools will be as revolutionary as GNS3, but at a much larger scale. It is an awesome tool that can be used for certification studying but also to validate production designs. Everyone I spoke to couldn’t wait to get their hands on it, including me!

Continue reading

Which IPv6 source address to choose

In the good old days of IPv4, an interface on a host could have only one IPv4 IP address. Things were very simple, every IP host would use that one address as the source IP for all communication. When we get into IPv6, each interface can have multiple IPv6 addresses. These addresses have different scopes such as global, unique-local and link-local. If an IPv6 enabled host would like to send a packets to another host, which source IPv6 address does it choose? What if it has four addresses: 2001:10::3/64 (Global from ISP A), 2001:23::3/64 (Global from ISP B), fc00:23::3/64 (Unique-Local) and fe80:23::3 (Link-Local)?

Continue reading

EIGRP Filtering with Offset-list and Delay

EIGRP Offset-list is usually used to increase the metric of routes being advertised over a link, but can it be used to filter EIGRP prefixes?

I thought about using offset-list in RIP to filter specific routes and thought how about doing the same thing in EIGRP? I haven’t run into any examples or blog posts of using Offset-list in EIGRP to filter routes so I thought about labing it out to see if that’s possible. Continue reading

When NTP access-control needs ACL for

The very simple answer is when the local NTP master controller is synching to the IP address instead of Ok, I think I need to clarify few things.  In a number of CCIE workbooks, you’ll get a task to configure NTP access-control on the master NTP router to only peer with R1.  After trying for a long time, you lookup the solution guide and realize that you were missing an ACL entry for the local address Or you finished the task, everything works, you check the solution guide and ask yourself “why did they have an ACL for the IP address I did it without it and it worked.”

Continue reading

OSPF Area Range – Active vs Passive Advertisment

I was troubleshooting an OSPF area range summarization and came upon something I haven’t seen before called Passive Advertisement. There weren’t too many Cisco documents that explained it so I decided to post a really quick description explaining it in little detail and where you could see it . This could be useful for the CCIE troubleshooting section, when dealing with OSPF area summarization problems.

I will use R3 to demonstrate. This router is connected to area 0 and area 1 which makes it the only ABR connecting the two areas. R3 should be sending a summary route for the two component routes and Looks pretty simple. To verify, I check the output of show ip ospf to make sure the area 0 range command is configured:

Continue reading

Can’t remember the IPv6 6to4 conversion?

What is IPv6 6to4 tunnel address? 2022::/16 or 2002::/16? How do you convert the IPv4 address into IPv6 6to4 tunnel address? Well there is the long way, which you should understand and then there is the easy way in case you need to configure it really quickly. I found this nice method where you can use the IPv6 General Prefix feature to automatically calculate the conversion. Originally this feature was used to create a variable for IPv6 network, the “general-prefix”, to easily change all IPv6 addresses in case reassignment of IP subnets.

Continue reading

IPv6 ACL Explicit vs Implicit Deny Any Any

Reading the IPv6 Configuration Guide (Implementing Traffic Filters and Firewalls for IPv6 Security), I came across a little known fact that seems to be very important when configuring  IPv6 access-lists on IOS.

Usually when I configured an IPv4 ACL, I explicitly defined a deny ip any any at the end, which seems like the best practice.  But what happens when you do that same thing with IPv6 ACLs.

Continue reading


The CCIE certification is a very honored and respected industry certification, but it comes at a high cost of time and money.  When I started studying for the certification, I couldn’t find a lot of details on its expense, so I decided to keep a running total.  I wouldn’t say that these numbers are representative of all cases, but only one CCIE.  Knowing these figures helps in terms of budgeting especially when comparing individual financing  versus expensing it from a company training budget.

Continue reading

CCIE Workbooks

Understanding the theory of each protocol is one thing, but being able to configure it is another thing.  After reading a number of books, I purchased a collection of CCIE R&S practice workbooks.  The first set that I purchased was Internetwork Expert’s workbooks (Vol1, Vol2 and Vol3)  to get my hands on experience with each CCIE topic.  Once I was finished the majority of INE workbooks, I bought  IP Expert Volume 2 and Volume 3.

Continue reading

CCIE Troubleshooting Lab Tips

Troubleshooting lab is designed for a CCIE candidate to fix an issues of a pre-configured network.  Tickets are very well defined as well as the expected behavior.  There are about 10 tickets presented, some are worth 2 points and some 3 points.  The troubleshooting lab has an automatic cutoff time after 120 minutes.  All devices are virtualized using Cisco’s IOU (IOS on Unix).

The way I approached the troubleshooting section is by reading all of the tickets first.  Yes, that will eat up about 10 minutes of your allocated 120 minutes, but it is well worth it.  During the initial read, I created a table which tracked:

Continue reading

CCIE Configuration Lab Tips

The CCIE configuration is a 6 hour test.  The main goal of this section is to test you knowledge in building a network from scratch.  All devices are real physical routers and switches, no Cisco IOU.

Similarly to the troubleshooting lab, I read the whole lab from start to finish.  Just as the troubleshooting section I created a table to help me track of all the tasks and its requirements (see below for a sample and explanation).
Continue reading

CCIE Documentation

The CCIE Routing and Switching test deals with a vast number of technologies.  Remembering everything is rather difficult throughout the preparation process.  Each CCIE will tell you that you need to have some sort of a method of documenting all of this new knowledge.  During my studies I mainly used three types of documentation: mind maps, personal wiki and flashcards.  One other very important aspect of CCIE documentation is the navigation of the DocCD.

Continue reading

CCIE Written

Before anyone is allowed to schedule the CCIE Lab test, they have to pass the CCIE Written exam 350-001, which is a 120 minute test consisting of 90-110 question (see the link for official blueprint). CCIE candidates usually do either one of these two: take the CCIE written test before doing any workbooks/labs or take the exam before they are ready to schedule the lab test.  I did the latter.  To me it made more sense to configure each topic and have hands on experience, before taking the written test.  I finished the technology based labs and scheduled my written test.  As my main preparation, I used Bosom Exam Environment and utilizing the CCIE written question.  I think Boson has a very useful study tool to review content and fill in any new gaps for their written exam questions.  I passed it on my first attempt.


CCIE#36159 – Lab Day Experience

Thursday July 27th was was quite a day for me, full of ups and downs at RTP  Cisco building  number 3.  I arrived 10 minutes before 7 AM.  Slowly other candidates arrived.  Everyone was returning at least for the second time including me.  Since the last time I attempted the lab in January, Cisco moved their testing room to a smaller room on the left side of the building.  I had the same proctor as before, David Blair.
Continue reading