New Service Provider v3 workbooks

Oh happy days. Not only has INE released new SPv3 workbooks, they also updated their site to a very improved dashboard. And to top it all off I get the upgraded workbooks even though it's been nearly 3 years since I bought v2 workbooks. Perfect!

All I need now is rack rentals..

Laser in ze eyes - EPI-LASIK

Here's description of my experience from yesterdays eye surgery. It's in swedish because right now I can't be ar*ed to rewrite it in english. Pardon my laziness as well as my inability stay on-topic in this blog ;)

Innan jag bestämde mig för att göra detta kollade jag runt bland vänner och bekanta. I efterhand upplever jag att jag inte riktigt fick en rättvisande beskrivning av hur det kunde vara så här kommer min beskrivning.

Summering: jobbigt så in i helvete i början men värt det i slutändan.

Ingreppet var inte alls farligt. Började med att jag fick bedövande droppar och en lugnande tablett. Det kändes ungefär som när man får bedövning hos tandläkaren. Sen fick jag lägga mig på en brits. De rengjorde med alkohol runt om ögonen och jag fick in lite sådant i vänster öga. Det sved som f*n men jag fick mer bedövande droppar så det gick över inom några sekunder. De snålade verkligen inte med bedövning! Jag gjorde den metod som inte innebär att de gör ett snitt i ögat. Vad de istället gör är att de löser upp den skyddande hinna man har på ögonen. Själva lasern är sedan en ytbehandling istället för innanför linsen som den gamla metoden är. När de löser upp hinnan måste de också skrapa bort den och det kändes lite märkligt. Gjorde inte ont eller något sådant utan mest bara konstigt att ligga med uppspärrat öga samtidigt som någon skrapar. Men som sagt, inte ont, inte obehagligt eller något sådant. Själva laseringreppet tog ca 20 sekunder per öga och det kändes inte alls. Man ska titta på en grön prick och det kunde iofs framåt slutet kännas lite stressande. Men samtidigt kände jag mig helt lugn för jag visste att om jag rör för mycket på ögat stängs den av. Det var lite läskigt att de gjorde ett öga i taget. Skrapade ena ögat och körde lasern och sen körde de det andra ögat från skrap och framåt. Jag hann känna viss oro för att det skulle vara jobbigt med andra ögat men det gick snarare fortare. Men jag tyckte det var svårare att fokusera på den gröna pricken så jag var lite mer stressad av det. Men som sagt, 20 sekunder laser och de säger hela tiden "25% klart, 50% klart, 75%klart" samt att en av dem höll försiktigt i huvudet och bara upprepade "titta på gröna pricken". Så det kändes lugnt och säkert.

Det jobbiga kom efteråt. jag var inte alls förberedd på att jag skulle vara så obscent ljuskänslig som jag var. De hade sagt att jag skulle kunna gå till väntande bil (men inte köra) men det kan jag säga att det kunde jag inte. Pappa hade parkerat på drottningatan, typ 30 meter från porten. Inte ett moln på himlen och solen stod rätt i ögonen. Det var lite halvjobbigt att hitta fram, om man säger så. Sen var det riktigt jävligt fram tills att solen gick ner. Tänk dig att någon sitter med en strålkastare in i ögonen hela tiden, även när du blundar. Jag låg i sängen under dubbla täcken men stördes ändå av det vita underlakanet som reflekterade för mycket ljus. Och ja, jag hade naturligtvis dragit för alla fönster och stängt dörr osv. När bedövningen släppte började det också göra väldigt ont i höger öga så jag var tvungen att ta de smärtstillande dropparna som jag hade fått förhållningsorder om att försöka undvika. Fast jag tror egentligen att det största problemet var ljuskänsligheten.

Det blev lite jobbigt när jag skulle ta dropparna första gången. Jag kunde inte öppna ögonen tillräckligt länge för att se vilka två av de fyra flaskorna jag fått som jag skulle börja med. Två ska jag ta första tio dagarna och sedan byter jag till en tredje. Den fjärde flaskan är "bara" ögonbalsam som jag kan ta när jag vill. Det tog ungefär 15-20 minuter att lista ut vilka två det var jag skulle börja med. Det var SJUKT frustrerande! Det underlättar förmodligen att inte vara singel ;)

Det bästa var nog att en kompis gjorde detta för 2-3 veckor sen. Han berättade att det hade varit riktigt jobbigt första tiden efteråt. Det var väldigt nyttigt att få höra det för jag hade inte hört någon säga något om att det skulle vara jobbigt. Det hade gått så bra så för alla så om jag inte hade hört den där "skräckhistorien" om hur det hade varit för honom så hade jag nog drabbats av panik över att det omöjligtvis kan ha gått rätt.

Idag är jag fortfarande ljuskänslig men inte alls som igår. Jag är glad för att det är molnigt just nu. Men det blir bättre och bättre hela tiden. Redan nu är det väsentligt bättre än vad det var när jag vaknade för ett par timmar sen. Så länge solen inte skiner in klarar jag mig egentligen utan solglasögon men det är skönare med så jag fortsätter iaf dagen ut.

Synen är märkbart bättre men det har inte stabiliserats än. Det tar väl någon dag eller två till. Ser också fram emot måndag då bandagelinsen tas bort..

Multicast PIM-DM Acrobatics

Imagine a network looking like this:

Green boxes symbolize a small portion of two different MANs under the same management. Each city is running PIM-SM with their own RP. The cities interconnect with BGP and MSDP.

City1-R1 is directly attached to an IP-TV Service Provider. There is no PIM neighborship, the SP is just flooding all their streams out the interface connected to City1-R1.

Everything is working just fine in City1. The streams are visible in the Multicast routing table and customers all over the city can view the different channels. The MAN operator now wants customers in City 2 to be able to watch the same channels. This should be possible since they have a working MSDP connection. But of course it doesn't work because that's how it is in our wonderful world. Things don't work(tm). City2-R1 (RP) lacks the SAs from the Service Provider. Looking at the mroute table on City1-R1 reveals the following sample

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

       L - Local, P - Pruned, R - RP-bit set, F - Register flag,

       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,

       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

       U - URD, I - Received Source Specific Host Report,

       Z - Multicast Tunnel, z - MDT-data group sender,

       Y - Joined MDT-data group, y - Sending to MDT-data group

       V - RD & Vector, v - Vector

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 233.x.y.z), 7w0d/00:02:34, RP 10.x.y.z, flags: SJC

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    Vlan42, Forward/Sparse, 00:41:21/00:02:30

    Port-channel70, Forward/Sparse, 11w0d/00:02:34

(a.valid.source.1.1.1.1, 233.x.y.z), 1w5d/00:03:27, flags: T

  Incoming interface: Vlan42, RPF nbr validNbr, RPF-MFD

  Outgoing interface list:

    Port-channel70, Forward/Sparse, 1w5d/00:02:40, 

Spot the flags for the S,G entry.  We are missing the A or M flags. This entry will not be propagated using MSDP. The first solution seems to be to just ask to get a MSDP connection with the Provider (will give the M-flag = propagation will occur) but this was not possible. The provider gave an explanation with some acceptable (..weeell..) arguments so we had to find a different solution.

This is when it becomes painfully obvious that Multicast is a bit of a black hole. There's not a lot of resources out there. Well that's not entirely true. There are resources but there's not a lot of real world examples. The solution finally seems to appear when an operator of the MAN remembers that he saw something about dense-mode during an Advanced Multicast session at CLEUR2012. After some digging we find that there's an add-on to ip pim dense-mode. Proxy register! From documentation:

Dense Mode with Proxy Registering
For a router in a PIM sparse mode (PIM-SM) domain configured to operate in sparse mode or sparse-dense mode, the ip pim dense-mode proxy-register command must be configured on the interface leading toward the bordering dense mode region. This configuration will enable the router to register traffic from the dense mode region with the rendezvous point (RP) in the sparse mode domain.

So we change from ip pim sparse-mode to ip pim dense-mode proxy-register on the interface facing the provider and whoop. A new show ip mroute:

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

       L - Local, P - Pruned, R - RP-bit set, F - Register flag,

       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,

       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

       U - URD, I - Received Source Specific Host Report,

       Z - Multicast Tunnel, z - MDT-data group sender,

       Y - Joined MDT-data group, y - Sending to MDT-data group

       V - RD & Vector, v - Vector

 

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 233.x.y.z), 7w0d/00:02:51, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Dense, 10:35:15/00:00:00
    Port-channel70, Forward/Sparse, 5w0d/00:02:51

(a.valid.source.1.1.1.1, 233.x.y.z), 5d23h/00:03:23, flags: TA  Incoming interface: Vlan42, RPF nbr validNbr, Mroute, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 5d23h/00:03:01, H

Spot the flags. We now have an A which means that it will be sent to MSDP peers and verification on City2-R1 shows:

#sh ip msdp sa-cache 233.x.y.zMSDP Source-Active Cache - 1 entries for 233.x.y.z(validsource.1.1.1, 233.x.y.z), RP 10.11.254.2, BGP/AS 65001, 00:01:40/00:05:16, Peer 10.x.y.z 

 
#sh ip mroute 233.x.y.z  

(*, 233.x.y.z), 00:02:53/00:02:36, RP 10.x.y.z, flags: S  Incoming interface: Null, RPF nbr 0.0.0.0  Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36
 

(validsource.1.1.1.1, 233.x.y.z), 00:02:53/00:03:21, flags: MT  Incoming interface: Vlan2002, RPF nbr validNbr, Mroute, RPF-MFD   

Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36, H

There we go. dense-mode proxy-register solved the issue and customers in City2 can now view the channels. Note that this is a workaround solution implemented while waiting for the provider to be able to setup MSDP connections.

Cisco Live Europe 2012

The Event

CLEUR 2012 was a LOT better than 2011. They had redone the entire venue from last year. Last year the venue felt extremely large (which it is) because there was so much walking about and while walking between different areas there were no real sense of continuity. For 2012 they had obviously given it more thought. Everything felt more like one (extremely) large area instead of several different islands who just happened to be in the same (extremely) large building.

CLEUR 2011 also left a lot of people hungry because quite frankly, the food was utterly worthless. I'm sorry England but you have no sense of taste what so ever. I'm guessing that quite a few people expressed this in the event review afterwards. This year they had given it more effort and I have to say that none of the lunches attached themselves in my memory. That might not sound good but remember that we're talking about lunch for oh I don't know how many, around 7k? It's impossible to serve something that anyone will remember as one of the top 5, 10 or even 100 experiences of their lives. Look at it from the other angle instead, if I don't remember the lunches they can't have been bad, right? Well done! 

But same as last year, there's just not enough coffee available. I realize that they don't want to serve coffee outside of the breakout rooms because they of course want the people to move down to the World of Solutions. They need to have people there or no one will pay for a booth next year. That's all understandable and acceptable. BUT! With only one escalator going each way to/from the breakouts and World of Solutions as well as a pretty damn long walk it takes better part of a 30 min break to just do a coffee raid. And what's with not even having coffee in the World of Solutions at the lunch break? Official response from @CiscoLiveEurope was that there would be Coffee at 3 pm. Guys, seriously. We swedes need our own coffee container!

Keynotes

I barely remember what Padmasree Warrior talked about. The entire speech felt more like something aimed at management and not the more technical types who I am sure makes up at least 98% of the attendees. We're not interested in fluff. Fluff is for those who don't understand what's really going on. Yes, I'm talking about management.

Dave Evans gave the second keynote. It was slightly more interesting but I think he left his charisma in some sort of jet lag or something. Don't look at the floor! Change your tone now and then! And be more prepared when you "interview" the guest speaker.

Richard Noble from Bloodhound Project was guest speaker during the second keynote. Excellent! He was way more charismatic than Dave and I would really have liked to hear more about the Bloodhound project!

So in summary: this years keynotes lands at the bottom in the list of Live's I've attended (only 3 so still Bronze, I guess).

Breakouts


It was much harder to schedule my breakouts this year. Probably because it was my third time in four years. I skipped a lot of sessions because they felt like something I've heard before. But as always there were a couple of good sessions. I especially liked the session about IPv6 security. I wish I hadn't changed form Advanced LISP to Carrier Ethernet as techtorial. I've been to three techtorials now and the best one was my first. It was about Datacenter and they did about 60 min (?) of talking followed by 15 min of demo about what they had just talked about and then on to the next subject. The other two were pretty much 98% talk and 2% demo. That's not a good setup for a 9 hour day. It needs to be more alive. I will have to think very hard about a techtorial next year. It's not worth the 500 extra quid for about as many extra slides.

Summary


All in all I'm happy with the week. 8.5 routers out of 10. I can't really think of anything they could do to make it better. At least not something that is likely. More escalators would be a nice surprise, I guess. I feel a bit Cisco-Live-saturated and as it is right now I don't feel like going next year. But I know that will change I will most likely be back in London this time next year.

So yeah, apart from not having coffee CLEUR 2012 was a VERY well planned and designed. Well done!

CCIE Security by the end of 2012?

Nah, not likely. I've bought workbooks and I'm actively following two co-workers who are both studying for their CCIE Sec. For now I'm mostly interested in the technology workbooks but who knows, maybe I'll go for an attempt at the lab myself.

I'd prefer Service Provider, though...

"What's your best advice for CCIE preparations?"

I get a lot of questions from co-workers and others regarding advice for the CCIE lab. Here are my own personal top two. The two things that I truly feel helped tipped the scale:

1) Take care of yourself. During those last months of serious labbing I still took the time to exercise. Go for a long walk, take a run. Go for a swim. Anything that gets you moving. Eat right. Take care of yourself! It really helps you to get the most out of a 12 hour lab session. 

2) Go for that first attempt even if you feel you're not ready. I've written about that before so go read that post as well.

Did you come here from Google looking for tech advice? I have a few of those as well but none of those made an impact as huge as the two above.

There is a post-CCIE life

The best thing about being DONE is that I can finally come home and sit down with something other than a Cisco Press book. I can actually do non-tech stuff without feeling that stab of guilt. I think I've forgotten how, though :o

Next on my tech-related schedule is:

• Develop a series of workshops for my colleagues going for their CCNA
• Develop a series of workshops for my (other) colleagues going for their CCNP
• Write an internal Best Practice document regarding Data Center networking

And I must not forget to have some fun so I'm also going back to my old CCIE SPv2 workbooks. No, not because I want the certification (which I do) but because SP is the most interesting part about networking (imho).

Clarifications about the reread

I've gotten a lot of "well don't forget undebug all"-comments. A couple of clarifications here:

1) The lab is very stressful. It's easy to not think straight when you're running out of time. For every device that I forgot to disable debug on there are 10 that I did NOT forget to disable debug on.

2) I'm not even sure if debug was the issue. It could have been anything.

I could have gotten new questions that they hadn't had the chance to perfect the grading scripts for yet. I can think of several technology specific issues that I will not say out loud due to NDA. I said "do not fear the reread" and what I meant was; When in doubt; ask for a reread. Do not fear the statistics that more or less tell you to fsck off.

JUST DO IT.

CCIE #30914 - Do Not Fear The Reread

(Update: also see the post following this one)

After my second attempt I went into a post-exam depression. I just couldn't for the life of me understand what went wrong. I went through everything in my head and apart from that one question that I probably failed but COULD have gotten correct I couldn't see what went wrong.

I started to consider a reread. I was a bit scared considering the very low chance of actually getting the results changed. I googled after the experience of others and yes, I did find a few who actually passed. I also found a lot of posts that claims that 0.3% of all rereads ends with a changed grade. I couldn't make up my mind.

I went back to analyzing what I might have done wrong. That was when it hit me. During one of the bootcamps one of the other students lost something like 40 points without understanding why. After some digging and troubleshooting the instructor figured that maybe it was because the student had forgotten to disable debug. They reloaded the configs, made sure debug was disabled and then regraded and WHOOP, there were the points! I searched my memory and there it was. I had forgotten to disable debug on at least 2-3 devices who were involved in two different tickets. Could those be the two tickets I missed? Could it be that debug output messed with the automatic grading scripts? If that broke the training lab in one of the Cisco 360 bootcamps, perhaps the same could happen in the lab itself?

But still the horrible stats held me back. 0.3%! But then, on the 10th day after my second attempt I thought to myself, "to hell with it, it's only 300 dollars and I've (read: work) spent a LOT more than that. I'll give it a try". I applied for a re-read on September 29th.

Since then I've been logging into the portal and checked at least 5 times every day. Nothing happened until 2 days ago. 2 days ago the "FAIL" mark and the score report link disappeared. They weren't replaced by anything, just blank fields. I started to freak out and tried to find something online that could tell me what that might mean. The only thing I found was a forum thread where someone had seen the exact same thing. After a while he had gotten his exam changed to a PASS. Someone else posted in that same thread and said that he hadn't seen anything like that but he also said that he didn't get his score changed.

So now I'm starting to feel really hopeful (ask my nerdy-cisco-coworkers ;) ). I only found one single site that described the exact same thing but it sure was enough to get me going. I was hoping that the site would be updated the next day but NOTHING happened! So now the "fear" creeps back in. I'm beginning to think that it doesn't mean anything. It will end with a confirmation of the fail. It's been a month (kinda) since the attempt and I haven't studied anything. I'm preparing for the inevitable decision: I'm giving up. I can't do it again. At least not now. Maybe if I wait six months...

But then I wake up today to find this in my inbox:

Dear Magnus Pahlsson ,

Regarding the re-read request of your CCIE Lab exam was taken  September 19 2011

We are glad to inform you that your re-read request has been completed and uploaded to your CCIE CCO Account. 

The CCIE lab exam re-read result status has been changed from FAIL TO PASS. We are processing your re-read exam fee waiver. 

Congratulations!!!!

Regards

Mahesh.K

CCIE Program

They don't say anything about my new result. I haven't even gotten a new percentage so I don't know how much the manual grading changed my score. But to be honest I don't care.

I'm a single parent with 2 kids. I work full time. I've been studying nights. I've had pretty close to no social life for the last two years.

Today I am CCIE #30914 and damn, it feels good.

CCIE Attempt #2

I bummed around for 1.5 week after the first failure. I was upset but not suicidal (those who have ever attempted CCIE knows what I mean). I finally pulled myself together and booked a new seat September 19th. That was the first possible date considering the 30 day waiting time. I felt that since I was so close it would be stupid to wait too long. So back to brussels I go.

The first time I was rather stressed in the beginning. Without going into too much detail due to NDA; let's just say that the first question I was working on on my first attempt was something that I can normally do in my sleep. But this time it took 15 minutes to fix it. I have no way to explain it other than I was stressed. As I said in the previous post I broke requirements on two different questions. I  blame this on stress as well. But the good thing about the attempt #1 was that I knew where I failed and I knew what I had to work on. But hey, that was actually the entire point of the first attempt. See my previous post about not pushing the date forward.

So there I am. Second attempt. I'm very familiar with everything and I can sense that I'm a lot more focused this time. Since I know that I broke requirements the first time I was VERY careful not to do it again. I made sure to read the questions at least 2 times before typing in a single character (yes, two times before starting each individual ticket).  Once again I finish the lab knowing that I probably missed one question but this time I'm 100% certain that I got the other 9 correct.

I felt extremely confident moving on to the configuration part. Again, due to NDA I can't give any details. Let's just say that I with very good reason felt very confident as soon as I started the lab and saw the topology and questions. I finished in 4 hours and spent an hour verifying. I left an hour early. I felt so good. I was very certain that I'd pass.

So waiting begins again. This time I knew that it would probably take a while so I wasn't freaking out when I still hadn't gotten the mail by the time I woke up the next day. At 8:45 (or so) I got the notification. I logged on and see that ugly word.. FAIL. Really, must they type it in upper case? Isn't it bad enough as it is? Must they throw it in our faces like that? I have never been so close to actually throwing my computer against the wall. The first time I was disappointed but not surprised but this time I just couldn't understand what went wrong.