Cisco conducts certain Technical Webinars only for CCIE community, which proves to be the great source of knowledge and information. I had the privilege to attend couple of Technical Webinars, both of them were quite good.
The great thing about these technical webinars is they address the topics, which are quite trending; the webinar, which was on open stack really gave an over view of Open Stack, how Open Stack involved and the contribution of major technological players in Open Stack development.
On August 12,2015, Cisco is coming out with one more CCIE Community Technical Webinar, which will focus more about Fog Architecture. Those who are CCIE’s they should get an email from Learning@Cisco about this event, if not please do update your CCO profile and opt for updates from CCIE community.
When we look at the Blue Print of the Cisco Cloud Fundamentals (CLDFND) exam (210-451), it quite clear that Cisco is looking at NIST definition of cloud.
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.” (Source NIST)
Before the adoption of cloud if any consumer wants to provision any computing capabilities, such a Servers, Network devices, Storage or even software they have to go through the process of approvals, lots of human interaction and dependent on many third party vendors to delivered the required computing resources, this is often time consuming and most delayed the project deployments or testing certain features of the new releases etc.
With the advent of cloud, things have evolved. One could provision computing capabilities these days with the click of mouse with very less human interaction, provided they have a good cloud solution. This kind of provisioning is better known as “On-demand self service”.
“On-demand self service” is one of the common cloud characteristics and from Cisco Cloud Fundamentals (CLDFND) exam (210-451) perspective, its better we know what it does and why we need “On-demand self service”
With the emergence of Cisco ACI, VMware NSX, Open Stack and even Amazon Web Services most of Networking Engineers are asked to learn Python programming language. Python is considered to be one of the easiest languages to learn which can be used for Network Automation. Using Python one can SSH to Networking Devices, Can write scripts to do various day to day activities
In coming days things are going to be redefined and those who are ahead of game can certainly en cash their skills. When it comes Python there are many resources and most of them are freely available on the Internet. I would certainly recommend the following courses for those who don’t come from Programing background
- Programing for Everybody (Python)
It’s a great course offered by Coursera, and taught by Charles Severance in most simple way. The course focuses on basic of Python and a great introductory course with some good exercises and assignments.
- Learning Python: Email Course by Krik Byers
You can subscribe to Krik Byers ten-week email course on Python, this is a great course which touches some aspects of Networking automation as well. Krik is also offering a comprehensive paid course especially tailored for Network Engineer.
- Python Programming for Network Engineers.
An INE course which focuses on Introduction to Python and teaches you how to write a Python by developing a complete command-line application that will regularly retrieve device configurations, check code in to a version control system, and receive configuration policy violation reports via email
To conclude Python is a necessity for Network Engineers, its worth to spend some time mastering Python
When it comes to CCNA Routing & Switching or even CCNA Security Cisco Packet Tracer proves to be very handy. This tool is widely used by Cisco Networking Academy students. Packet Tracer provides simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching and learning of complex technology concepts.
The good news is now Packet Tracers is available on iPhone and iPad running iOS version 8 with the following features
- Simulation engine is based on Packet Tracer 6.2
- Allows users to build “.pkt” configuration files from scratch
- Supports both 32bit and 64bit devices
- Reference topologies included
- Tip of Day displayed when loading application
Features exclusive to NetAcad.com users:
- Open file from NetSpace class
- Share files via Email
- Share topology to Facebook
Cisco Packet Tracer can be downloaded from Apple store but use all its features one should have Cisco Networking Academy account. Without an account once can run a trial version with very limited functionality. A good initiative from Cisco, it’s going to help lot Networking professionals who are at their early stage of career and aiming for big in their life.
With the introduction of Aironet 1850 Series access points Cisco is offering Gigabit Wi-Fi for small and medium networks. The Aironet 1850 Series access points works on the latest Wi-Fi technology (802.11ac Wave 2). This access point can be integrated with Cisco Wireless controllers and most importantly the access points comes with dual Giga Ethernet card which are capable of supporting Link Aggregation Group (LAG).
The Aironet 1850 Series access points works on both 5 GHz and 2.4 GHz range, but it worth to note for Network Architects and Network Designers that the Aironet 1850 Series access points offer Gig Speed only on 5 GHz range not on 2.4 GHz range.
Some of the specifications are as follows (Source Cisco)
|Wi-Fi Standard||802.11ac Wave 2|
|Radios||Dual 2.4 GHz and 5 GHz, up to 80 MHz maximum bandwidth|
|Maximum PHY data rate||Total aggregate maximum PHY rate = 2021 Mbps
· 5 GHz: 1733 Mbps
· 2.4 GHz: 288 Mbps
|MIMO radio design: spatial streams||2.4 GHz: 3×4:3SS SU-MIMO
5 GHz: 4×4:4SS SU-MIMO, 4×4:3SS MU-MIMO
|Max. associated clients||200 per radio, 400 maximum per access point|
|Interfaces||· Uplink: 1x 10/100/1000BASE-T Ethernet (RJ-45, PoE)
· 1x 10/100/1000BASE-T Ethernet (RJ-45) for Local or Uplink use (No PoE)
· USB 2.0
· Management console port (RJ-45)
It’s interesting to see how this AP is going to perform in real world Environment with RF interference. It’s a good move from Cisco and may add some value to mobile users.
When it comes for the VCP-NV certification preparations, one can certainly rely on VMware, as they have plenty of great resources. In may case I extensively used the following
VMware hands on Labs are really great asset one can have for the VCP-NV preparations, I would really like commend VMware efforts and commitment to provide these Hands on Lab that too for free. VMware offer four hours slot for HOL-SDC-1403 – VMware NSX Introduction hands on lab. These labs are designed well and helps anyone to understand the concepts well and also gives an opportunity to deploy various NSX components , try then and test them.
One greater asset I certainly recommend is the courses offered by PLURALSIGHTS by Jason Nash, I enjoyed watching Jason Nash and he really made things simpler and his videos are easy to understand. Since he comes from Cisco background he narrates the concepts, which any Network Engineer can understand.
I believe by using above mentioned resources once can easily pass the VPN-NV exam of course with dedication and hard work.
Recently I tested my skills and knowledge on VMware Certifications, VMware Certified Professional – Network Virtualization also known as VCP-NV, which focuses on NSX products. The VCP-NV certification validates ability to install, configure, and administer NSX virtual networking implementations, regardless of the underlying physical architecture
VMware wants the successful candidates to demonstrate core-networking skills such as
- Layer 2 switching and both static and dynamic Layer 3 routing Integration with virtual standard and distributed switches
- Management of networking policies for performance, scalability, and ease of administration
- Creating and administering NSX logical switches, Layer 2 bridges, routers, load balancers, VPNs, firewalls
- Creating and administering Edge services, such as DHCP, DNS, and NAT, configuring and managing High Availability
- Operational tasks, such as user permissions and roles, automation, monitoring, logging, auditing and compliance, backup and recovery
- Troubleshooting an Enterprise-class NSX networking implementation
The exam consists of 120 questions and its one of the challenging exam I took especially when I am coming from Networking background. Any network engineer can certainly relate himself/ herself to the topics covered in VPC-NV exam. I recommend reading exam blueprint for further details.
VMware does offer VCP-NV certification exam to any one who holds a valid CCNA Data Center or CCNA Routing & Switching or CCNP Data Center or CCNP Routing & Switching certification or CCIE Data Center or CCIE Routing & Switching.
In my next post I will discuss about the approach I took and the materials I referred for the preparation of the VCP-NV exam.
Cisco changes their CCIE retake policy, the new email I received from Cisco Learning states
“For a limited time, we will waive the current lab retake policy so that all lab candidates will be able to retest for their lab exam with only a 30-day wait period. We’re offering this opportunity in response to your feedback about the challenges faced with longer wait times and difficulty getting a lab seat for retesting. We hear you and we understand your concerns, so we would like to take time to look at the data and evaluate our lab retake policy.”
Frequently Asked Questions About the CCIE Lab Exam Retake Policy Waiver
Q: Does this mean that between now and December 31, I can take the lab every 30 days?
Q: Is the original policy back in place after December 31?
A: What happens after December 31 is dependent on the results of our research from now until that date.
Q: What does this mean if my current wait period is 90 days and I’m in the middle of the waiting period? Can I sign up now or do I have to continue to wait?
A: Yes, you can sign up now. You do not have to wait. The policy that is active at the time you schedule your lab will determine the time you have to wait. If you are beyond the 30-day wait period, you can book the earliest available seat you find.
Q: What if I’m already scheduled for a lab that I had to schedule out 90 days because of the original policy?
A: You will have the option to reschedule your lab attempt to an earlier date through the system.
I hope this will certainly create a huge demand for the seats as we can expect more and more unsuccessful candidates try to reappear for the lab after the 30 days gap.
Personally I feel the old approach was better and it gives ample time for unsuccessful candidates to prepare well and give their best try in the next attempt.
Palo Alto Networks one of the leaders in Gartner’s Magic Quadrant for next generation firewall released their new version of PAN-OS 7.0 trail.
Currently PAN-OS is available to Palo Alto customers who possess a valid support contract.
Some of the key new advancements include:
- A new Automated Correlation Engine that identifies and prevents compromised hosts in an organization’s network by correlating patterns to pinpoint malicious activity.
- WildFire threat intelligence enhancements that enable automated analysis of files against multiple versions of applications to identify malware specifically targeting legacy versions; the enhancements also classify malware by threat level, so teams can better prioritize their threat response for quick preventative action when needed.
- A new high-capacity Network Processing Card for the PA-7050 that provides prevention at scale for data center environments with higher 10G port density and new 40G ports.
- Advanced policy management capabilities within Panorama that make it even easier to create security policies and device configurations that can be easily and appropriately applied to many next-generation firewall instances, physical or virtual, reducing the chances for human error and gaps in the policy or configuration.
Looking forward to see the new PAN-OS and I hope they will incorporate their CNSE certification with new trail of PAN-OS.
In this post lets configure uRPF in Strict mode, I have created the below topology using Cisco VIRL, a great tool to test many things.
As you can see this topology comprises of three routers, R1 & R2 are directly connected using interfaces G0/1 and configured with an IP address 192.168.1.1/24 and 192.168.1.2/24 respectively.Where as R1 and R3 are directly connected using interface G0/2 at R1 and G0/1 at R3.
There are two loopbacks configured in R1 and R2 called loopback 0 with an IP 188.8.131.52/21 and 184.108.40.206/32
In R1 we will configure a static route for R2 as shown below
This ensures that R1 has a static route for 220.127.116.11 and can reach it successfully.
What happens when an intruder sitting in R3 creates a loopback interface and assign the same IP address used in R2 i.e. 18.104.22.168/32 and tries to spoofs the R1 network. Exactly in this scenario uRPF comes into picture.
We need to ensure that CEF is enabled on the router as uRPF relies on CEF, so make sure it’s enabled by default if not then enable it using the following IOS command
Lets configure uRPF in strict mode using the Cisco IOS command
“ip verify unicast source reachable-via rx”
Remember these two interfaces are directly connected towards Router R2 and R3.
Lets see whether uRPF is enabled on those interfaces using the Cisco IOS Command
show ip interface g 0/1 | include verify
Lets try to ping R1 G0/1 IP address from R2 sourcing loopback 0, we could see R2 can ping R1 G0/1 IP address 192.168.1.1
Now imagine there is an intruder trying to Ping R1 G0/2 interface IP 192.168.3.1 from R3 using the loopback 0 with an IP address 22.214.171.124/32, lets see what the router does and lets verify the
The packets will make it to R1 but they will be dropped at R1 G0/2 interface, we can verify this as using an IOS command “show ip interface (respective interface) | include verify” as shown below
This example demonstrates that by using uRPF in strict mode one ensure the packets received are verified and action is taken if it doesn’t matches the required criteria.