Archive for May, 2013

Sigh. You know, these past 5 or so years, I’ve been meandering around so many different aspects of IT…such a huge array of infrastructure technologies, all in order to meet the demands placed on me out in the battlefield. Either being the primary infrastructure architect, designing & operating a data center, and now finally as director of IT at my current job, I’ve needed to be highly competent in multiple disciplines in order to keep my head afloat in the tirade of shit-storms that incessantly barrage every network I’ve managed.

And let me tell you, it has NOT been easy. My list of certs is just ridiculous, but honestly these came out of an effort to simply understand…TRULY understand…all these various, complex technologies.

I was never fortunate enough to have guidance. While I certainly had colleagues in the field, they were in the same position I was– lacking a deep enough, master-level of understanding.

I desperately wanted a mentor, but after numerous failed attempts from IRC and 2600, my impatience finally won out. So throwing my arms up in frustration, I simply resigned myself to the DIY state of mind; left the world of ATI vs Nvidia T&L anisotropy Direct 3D super-mega online PC gaming behind…and took the first real step of my IT career to find those answers on my own.

I certified myself in various disciplines from active directory to information security to service provider networks to virtualization, and yes, it certainly paid off. If I had to, I could run a company’s entire IT department myself (assuming they kept me pumped full of intravenous amphetamines, since nothing interferes with productivity quite like “biology”). I was adaptable enough to work in multiple spaces from collocated data centers, service providers, and of course good old fashioned enterprise.

“Jack of all trades.” Master of some.

And by the way, by “ridiculous” list of certs, I mean freaking RIDICULOUS:

  • TippingPoint Certified Security Expert #2370
  • Information Systems Security (INFOSEC) Professional, NSTISSI 4011
  • VMware Certified Professional vSphere 5
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Network Associate: Voice (CCNA: VOICE)
  • Cisco Certified Network Associate: Security (CCNA: SECURITY)
  • Cisco Certified Network Professional (CCNP)
  • Cisco SMB Engineer
  • Cisco SMB Account Manager
  • Microsoft Certified Systems Administrator 2000
  • Microsoft Certified Systems Administrator 2003 / Security
  • Microsoft Certified Technology Specialist: Windows Server 2008 R2, Server Virtualization
  • CompTIA A+ Certification
  • CompTIA Network+ Certification
  • CompTIA iNet+ Certification
  • CompTIA Security+ Certification

Again, all because I was sick and tired of being blind; no experience and certainly no one around who could offer any guidance:

“Hey is a Pentium Pro or Pentium MMX better?” No one knew, so thus came the A+

“Hey how do you control Active Directory replication between forests?” No one new, so thus came the MCSA

“Hey, whats the difference between SRR and WRR queuing on the 3550’s vs the 3560’s?” No one knew, thus came 75% of my CCIP, which I would have completed if the butt-faces @ Cisco Learning hadn’t decommissioned the cert when I was 3/4 of the way through!


You get the idea. But now the time has come to stop spreading myself so wide, and to focus now on my core competency: networking.

The time has come for this jedi to step up and fight for his CCIE.

No more netapp, no more juniper, no more Microsoft: the path I have chosen is the only one that is right for me. I’m sorry Brocade; I’m sorry ISC2. EMC, you’ll just have to wait in line with all your friends.

I want that CCIE and those who oppose me will be cut down into bite-size pieces and fed to my mutant, ill-tempered sea bass.

So, now that I’ve made my decision, how do I proceed? I’ve decided to fork out $500 for a starter study package. It is a lot of money, but it won’t kill me. I was going to do all of this 100% on my own; download PDFs from Cisco, buy a bunch of books off Amazon. But no, that path is too unfocused. I’ve attempted that before, and you end up burning half your energy searching through multiple sources of documentation, and even at times finding the information self-conflicting, if not confusing.

This time, I am going to seek the guidance I’ve been denied in the past; its finally available and certainly within reach. If I am to do this most monstrous of achievements, its time to change old habits and old ways of thinking.

Now then, the first step is the reality check: where am I at in respect to the CCIE requirements?

  • Layer 2 technologies. I’m fairly strong here; certainly in Ethernet, but I also have had a good amount of experience with PPP. I’ve optimized data center cores, so I’ve setup MST a few times, usually though RPVST has been sufficient in the field. Frame Relay on the other hand, not so recent. Last time I configured a frame relay circuit was probably 2006. I’ll give myself 7/10.
  • Implement IPv4. Not too bad here either. Of course I’m sure there is a ridiculous amount of minutia surrounding OSPF and EIGRP, but I’m solid on the fundamentals. Same with BGP; I’ve worked in service provider environments, so I have had practical experience in the real-world. In fact I also took & passed the former CCIP’s BGP exam, so focus on the minutia and more exotic configs. PFR on the other hand, completely ignorant. In fact I had never even heard of this until today. I’ll give myself 8/10.
  • Implement IPv6. Oh god this is the most ANNOYING one. Certainly studied it for my CCNP, but never used in real-world setting, and extremely rusty. Not to mention I personally don’t buy into this “we’re all switching to IPv6 because the world is ending” drama. Maybe if you’re Verizon or AT&T, but I seriously doubt any enterprises or data centers making use of RFC1918 addresses will have a need. Sigh, probably 2/10.
  • Implement MPLS Layer 3 VPN. Did study a little bit of the theory for CCNP, and I can’t speak reasonably intelligently about LDP, LFIB, etc. but unfortunately this was the 1/4 that I didn’t take for the CCIP. I have done a single implementation of this at a data center core to separate customer networks, but I’m sure I have a long way to go in terms of practical implementation. Here I’m a 3/10.
  • Implement IP Multicast. Again, some theory from CCNP, and about 3 real-world implementations for VoIP music on hold & paging. However when I look at a show mroute, I feel the neural synapses in my brain being sucked up into space as I stare dumbfounded at terminal outputs. Because I know the basic steps to setup sparse mode and dense mode, I’d day 5/10.
  • Implement IOS Security. Here I’m ready to rock. I got my CCNA-Security and just loved learning about all the inherent security features on routers & switches. Only because I’m unfamiliar with the new v5 of IOS IPS signatures (back in my day we just had 128MB.SDF and 256MB.SDF) and because I’ve never implemented 802.1x at the switch level, I’m giving myself a 8/10.
  • Implement Network Services. Another strong section. I’ve setup SNMP, NTP, DHCP, and HSRP many times. WCCP not so much, so we’ll go with another 8/10.
  • Implement QoS. I did take the QoS exam, and I have implemented this many times for VoIP implementations. So configuring the policies and working with NBAR, I’m pretty solid. However, the queuing specifics of catalyst switches is something I’m rusty on. Let’s be honest, on 10/100 switches QoS isn’t a life or death thing (certainly not like it is on the WAN side) and usually autoqos voip trust is sufficient. Plus QoS for Frame Relay is a topic here, so I’ll give myself 6/10.
  • Troubleshoot a Network. Oh god. How can I even guess? I’ve certainly been doing this for a while, but this is the CCIE exam. God knows what crazy bullshit they’ll throw in front of me. Plus, when I’m troubleshooting a network, I have the luxury of dual 21” monitors, with all my templates at my disposal on the desktop, as well as all my favorite tools (nmap, tcpdump, etc.) I’ll stay on the conservative side and give myself a 6/10 here.
  • Optimize a Network. I think this section should be renamed to “monitor” a network. Well, I’ve worked with SNMP, FTP/TFTP, HTTP/HTTPS, NetFlow, and syslogging. I’ve setup my share of SPAN/RSPANs for IPS devices. Never really used RMON, and no clue what EEM is. And again, I have dual 21” monitors and historical reports on my solarwinds server to really study & monitor traffic patterns. In the CCIE I’ll have what…90 seconds maybe, to quickly read through several pages of text/CLI outputs on a 15” monitor. I think I’ll give myself another 6/10

So there it is. Now how shall I conquer this mountain?


My tentative battle plan is to focus on Layer 2 and IPv4 routing first, advancing my skills on these as much as possible; after all it is CCIE “Routing & Switching.” After than I’m going to skip over IPv6, which I plan on saving for last, since I feel that is by far my weakest topic, and move onto Multicast. Since Multicast is dependent on existing routing & switching to function, this seems like a natural progression, esp since I’ll need to understand it better in the context of Ethernet and IPv4. Because these topics define the foundation of “Routing & Switching” I will probably focus on these 3 areas exclusively until I can comfortably perform any of their respective “foundation-level” labs.

The concern here is getting “rusty” on these topics if I migrate away to ancillary topics too soon. I’m sure this will happen to a certain extent, but to minimize it as much as possible, I want to reach a state of total comprehension, so any refreshing is just that…refreshing not relearning


Next I will focus on MPLS and QoS. These orbit a little closer than the remain topics, and given their importance to the sister track “Service Provider” I would say this is good focal point for stage 2 of my CCIE journey


Between everything so far, its time to focus on troubleshooting these core milestones, not only as unique technologies, but how they interoperate with each other. And even at this stage, the focus is enormous: OSPF, EIGRP, BGP, Route-Maps, Redistribution, Frame-Relay, Spanning-Tree, PIM-DM, PIM-SM, MPLS, WRED, NBAR, Queuing, Policing, IGMPv2/v3, and THEN troubleshooting the interop between them. This is the core of the CCIE exam. If we were building a person, this is the heart, mind, muscle, and bone of that body


Services, Security & Optimization. In terms of the test, I see these as tasks that will complicate or interfere with a properly working network. So now that I have the intermediate fundamentals down, I can now explore making it work in a more efficient and secure manner


Adding in a single NAT statement, much less IPSec, DAI, DHCP Snooping and ZBFW can bring that happy network to its knees. Clearly troubleshooting complexity increases exponentially. Being able to identify the culprit as a misconfiguration; or is it instead the normal operation of a security mechanism? Understanding the behavior of these competing technologies will be the next major undertaking.


This is where I’ll probably want to drive my car off the freeway and end the misery. Honestly I hate IPv6. Did you have to build it using 128 bit hex addresses IEEE? Really? Did you really have to do that?

“Hey Glen, can you ping the router for me?”

“Sure, what’s the IP?”



I mean really. Why not build off of IPX/SPX? Simply a DECIMAL network number to the card’s MAC address? How much freakin easier would it be?


Well, that is the battle plan for now. Will it change? Maybe…probably. I’m sure I’ll need to adapt. And god forbid Cisco update’s the exam AGAIN while I’m in the middle of studying for it!

Anyway, I’ll keep you updated and document my progress here. Time is a bit tight, but I’m aiming for 1, possibly 2 posts a month.

Til then my padawans, give my best to your wife…and my kid