BRKCCIE-3003.ppt .ppt [Read-Only] · • The CCDE Is a certification with relevance to what I...
Transcript of BRKCCIE-3003.ppt .ppt [Read-Only] · • The CCDE Is a certification with relevance to what I...
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicSession_IDPresentation_ID 2
The CCDE
Session Number-1234
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3Session_IDPresentation_ID
The CCDE
• What is the CCDE?
• The Written Exam
• The Practical Exam
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4Session_IDPresentation_ID
The CCDE Logo
• This is not the CCDE Logo• There is no logo at this
point• We are waiting on the Cisco
Identity Team to come up with a logo for this certification
• They intend to have a logo ready by the time the certification launches
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5Session_IDPresentation_ID
What is the CCDE?
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6Session_IDPresentation_ID
What is the CCDE?
• Why Are We Doing This?
• Where Does the CCDE Fit?
• What the CCDE is Not
• How the CCDE Was Developed
• The Bottom Line
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7Session_IDPresentation_ID
Why Are We Doing This?
• To understand the CCDE, we need to start with the group building the CCDE
John Cavanaugh: TAC=>AS Global Services, 10+ years at CiscoKhalid Raza: TAC=>CA network design, 10+ years at CiscoBruce Pinsky: TAC=>CA network design, 10+ years at CiscoAlvaro Retana: TAC=>IOS RP/Architecture Team, 10+ years at Cisco
Russ White: TAC=>IOS RP/Architecture Team, 10+ years at CiscoMosaddaq Turabi: TAC=>CA network design, 10+ years at CiscoSteve Barnes: 7+ years at Cisco
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8Session_IDPresentation_ID
Why Are We Doing This?
• Notice the pattern?We all started in implementation and troubleshooting
We all moved into network and protocol design positions over our time at Cisco
We all learned how to design networks by seeing networks fail
• As we moved, our certifications didn’t (really) keep upThis is a microcosm of the industry as a whole
Where were you ten years ago?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9Session_IDPresentation_ID
Why Are We Doing This?
• The network engineering field has split into many pieces
• Implementation and design are almost completely different career paths
Operations and design are not normally both outsourced
Design is almost always global, while operations might be global or regional
Most people seem to move from operations to design work over time
Des
ign
Impl
emen
tatio
nV
oice
SA
N
Voi
ce
SA
N
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10Session_IDPresentation_ID
Why Are We Doing This?
• We seem to have lost our “roots”
We focus on specific technologiesVoiceWAN AccelerationSecurity....
We focus on “Places in the Network”
The data centerThe WANThe campus.... L3 Roots
Des
ign
Impl
emen
tatio
nV
oice
SA
N
Voi
ce
SA
N
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11Session_IDPresentation_ID
Why Are We Doing This?
• L3 design is no longer widely taught or practiced
Routing and L3 design are “easy,” in theory
And yet... A lot of L3 design problems seem to be cropping up
L3 Roots
Des
ign
Impl
emen
tatio
nV
oice
SA
N
Voi
ce
SA
N
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12Session_IDPresentation_ID
Why Are We Doing This?
• The CCDEIs a certification with relevance to what I actually do
Provides a target for those coming into design
Much like the original CCIE, this is a baselineYou build special skills on top of this, not in lieu of it
Provides a backfill for those already in design
A baseline of skills on which to build special skills
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13Session_IDPresentation_ID
Where Does the CCDE Fit?
• Certifications can be seen in two dimensions
What does it certify?ImplementationDesign
How does it relate to the business?
Tactically or StrategicallyVertically or Horizontally
Strategic
Tactical
Implementation Design
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14Session_IDPresentation_ID
Where Does the CCDE Fit?
• The CCDE is Strategically Oriented
Not the “tyranny of the immediate”
Long term problems are the focus
Where is this network now?Where will it be in five years?
How do I get it from here to there?
Strategic
Tactical
Implementation Design
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15Session_IDPresentation_ID
Where Does the CCDE Fit?
• The CCDE is Design OrientedWhat changes do I need to make to....
Merge these Networks?Implement this Application?Provide this Level of Security?Prepare this Network for the Next Five Years?
How do I transition the network?Business hurdles?Technical hurdles?People hurdles?
Strategic
Tactical
Implementation Design
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16Session_IDPresentation_ID
Where Does the CCDE Fit?
Senior Network DesignerDesigns large scale networks in a variety of business environmentsTroubleshoot and resolve design level issues
Network DesignerDesigns moderate scale networks in a narrow set of business environmentsDesign components of larger networks
Network DesignerUnderstands the fundamentals of network designDesigns components of medium and large scale networks
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17Session_IDPresentation_ID
Where Does the CCDE Fit?
• The CCDE is more horizontal to the business
Interacts with the business, rather than following the business Technical
specifications
Tech
nica
l re
quire
men
ts
Implementation plans
Implementation
plans
Impl
emen
tatio
n pl
ans
Functional
SpecificationsTechnica
l
requirements
Implementation
plans and Designs
Tech
nica
l re
quire
men
ts
Business
requirements
Implementation
plans and Designs
Functional
requirements
Implementation
plans and Designs
Functional
requirements
Implem
entation
plans and Designs
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18Session_IDPresentation_ID
What the CCDE is Not
• This is not a business testThere is no “budget” for any given problem
• But—there are business problems on the testBusiness problems provide the primary structure
Business problems provide the primary driver towards specific technology solutions
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19Session_IDPresentation_ID
What the CCDE is Not
• You do not “go forth and configure”This is higher level than the “?”
• This is not about choosing the right equipment in the right place
Hardware limitations only come in at a high level
Hardware changes occur on a daily basis
• The skills you demonstrate for this certification should be timeless
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20Session_IDPresentation_ID
How the CCDE Was Developed
• Start with a team of old timers
10+ years at CiscoPrior CCIE program involvement
Current CCIECurrently doing designMust wear old folk’s glassesGray hair a plusYou get the idea....
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21Session_IDPresentation_ID
• Walk through a group of typical customer engagementsBetter known as “tell war stories”How did you get involved?What information were you given?What else did you ask for?What sorts of documentation did you provide?What process did you use to design the solution?How did you present the design?What changes were made during the presentation phase?Did it work?
How the CCDE Was Developed
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22Session_IDPresentation_ID
How the CCDE Was Developed
• Build a set of claims from the Engagement Structure• Classify each claim based on the type of task
Does the candidate need to know a piece of knowledge, know how to do something, or be able to analyze something?
• Set the weight for each claimHow important is it for a qualified candidate to know this?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23Session_IDPresentation_ID
How the CCDE Was Developed
• Determine how to ask the questionCan the context for the question be contained in the stem of a single question?
Are there analytical skills involved?Can the question be formed so it can be answered with a multiple choice response?
• The answers to these questions determine if the skill can be tested on the written, or they must be tested on the practical
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24Session_IDPresentation_ID
How the CCDE Was Developed
• Write a bunch of questionsCover the claims determined to be suitable for the written examination
Cover the claims in the weightings determined
• Review a bunch of questionsDoes the question actually test the claimed knowledge or skill?Is the question psychometrically sound?Do we care?
Will knowing this specific bit of knowledge or having this specific skill actually impact someone’s ability to design well?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25Session_IDPresentation_ID
How the CCDE Was Developed
• Throw out a bunch of questionsFor every question on the beta examination, three were written
• Run the beta examDo a bunch of psychometric magicI’m a routing geek, not a psychometric geek, so don’t ask
• Throw out a bunch of questionsDidn’t we just do this?Three out of every four questions written were discarded
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26Session_IDPresentation_ID
How the CCDE Was Developed
• How long did this take?Two and a half years
More than 100 years of “man hours”
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27Session_IDPresentation_ID
The Cisco Certified Design Expert
• The CCDE is an expert level network design certification
• Comparable to the CCIE in difficulty, depth, and breadth
• Focusing on Layer 3 network design
• Includes the touch points between layer 3 and the layers above and below
• Includes the touch points between layers 3 and 9, but does not focus on business aspects
• Is generally vendor neutral—technology, not features
The Bottom Line
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28Session_IDPresentation_ID
The Written Exam
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29Session_IDPresentation_ID
The Written Exam
• The Purpose of the Written• Written Outline
DesignRoutingTunnelingQoSManagementSecurity
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30Session_IDPresentation_ID
The Purpose of the Written
• Test Knowledge of Design ConceptsTheoretical Knowledge of Network Design Principles
• Test Technology KnowledgeNo “Bit Level” QuestionsNo ConfigurationsFocused on Design Implications
• Show Qualification for the PracticalIf you don’t know this stuff, you don’t have any hope of passing the practical....
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31Session_IDPresentation_ID
Routing
• If Host A sends a packet to Host F, what will happen?
The packet will be discarded at BThe packet will be discarded at CThe packet will be received by DThe packet will be discarded at EThe packet will be received by F
Aggregation
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32Session_IDPresentation_ID
Routing
• The packet is discarded at CThe destination address is 10.1.1.48This falls within 10.1.1.0/25So the traffic is routed to CBut C doesn’t have an ARP entry for this destination
So it ARPs and drops the packet
• Why do we care?Overlapping destinations are a fact of life when you aggregate
You need to understand how they interact
Aggregation
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33Session_IDPresentation_ID
Routing
• What justification would you give for configuring Router A as an ABR, with the Hub and Spoke area as an OSPF stub area, without route summarization?
To reduce the routing table size at Router B
To reduce the complexity of the full mesh in OSPF
To reduce the impact of Router B failing at Router C
To reduce SPF run time at Router A
Aggregation
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34Session_IDPresentation_ID
Routing
• To reduce the impact of Router B failing at Router C
Router B failing would normally cause a full SPF run on all routers
If the Hub and Spoke area is a stub, routers within the area would not run SPF for a failure at B
• Why do we care?Failure domains are intrinsically related to flooding domains in link state protocols
Failure domains are important in network design
Aggregation
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35Session_IDPresentation_ID
Routing
• If the link between A and B fails, when will EIGRP on C discover the failure?
Immediately
The next time B transmits a CDP status packet to C
When the B takes the link to C down
When the routing protocol adjacency fails
Layer 2 Interaction
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36Session_IDPresentation_ID
Routing
• When the routing protocol adjacency failsCDP doesn’t have status packetsB has no reason to take the B to C link down when the A to B link fails
As long as the link status is up, EIGRP on C has no reason to remove A from its neighbor table
• Why do we care?Because this layer 2 behavior impacts network convergence at layer 3
When considering fast convergence to support an application, you need to take layer 2 links into account
Layer 2 Interaction
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37Session_IDPresentation_ID
Routing
• Traffic Flow vs RP Metric Tuning• Routing Protocol Operation
Adjacency FormationLoop Free Paths
• Address Allocation• Multicast Operation
Multicast Routing
• Operational Costs of ConfigurationConfiguring with Intent
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38Session_IDPresentation_ID
Tunneling
• A company wants carry credit card transactions between Host A and Host B. What tunneling mechanism should they consider?
L2TPv3IPsec tunnels using AHAn L3VPN using MPLSIPsec runnels using ESP
End Services
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39Session_IDPresentation_ID
Tunneling
• IPsec runnels using ESPFirst, what sort of protection do we need for this application?
Prevent outsiders from seeing it altogetherL2TPv2: Provides layer 2 transport (not layer 3)IPsec using AH does not prevent from snoopingL3VPNs using MPLS do not encrypt dataIPsec using ESP encrypts the data
• Why do we care?Because of the layer 3 interaction with the applicationWhat does the application need?What is the best layer 3 mechanism for providing it?
End Services
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40Session_IDPresentation_ID
Tunneling
• What tunneling mechanism would you consider for connecting 1000 remote sites which need to be fully meshed, have layer 3 transport requirements only, and use OSPF routing?
VPLS
IPsec using AH
L3VPNs
GRE tunnels
Scalability
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41Session_IDPresentation_ID
Tunneling
• L3VPNsVPLS would require a full mesh of 1000 OSPF adjacenciesIPsec would require a full mesh of 1000 tunnels, and wouldn’t support OSPF (no multicast support)
GRE would require a full mesh of 1000 tunnels and OSPF adjacenciesL3VPNs allow you to carry routing information through the tunnelinfrastructure without forming adjacencies through the tunnels
• Why do we care?The tunnel infrastructure directly impacts the layer 3 and routing scalabilityWe need to choose the tunnel mechanisms we use with this in mind
Scalability
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42Session_IDPresentation_ID
Tunneling
• When using any form of IPsec over GRE tunneling (for instance, DMVPNs) over a public or private network, how many routing instances will you need to provide full reachability?
One
Two
Three
Four
L3 Routing Interaction
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43Session_IDPresentation_ID
Tunneling
• TwoOne to provide reachability between the tunnel endpoints
One to provide reachability between the destinations reachable through the tunnels
• Why do we care?The tunnel mechanism directly impacts the routing design
We need to design the routing around the tunneling mechanism chosen
L3 Routing Interaction
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44Session_IDPresentation_ID
Tunneling
• TopologyUnderstand the impact of logical and physical topologies
• Inter-ProviderUnderstand the mechanisms available for carrying tunnels throughservice provider boundaries
• Path SelectionUnderstand steering traffic with and into tunnels
• FailoverUnderstand mechanisms for providing fast failover in tunnel environments
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45Session_IDPresentation_ID
Quality of Service
• Which of the following would you deploy to control delay along the path from A to B?
Head of queue dropping
Traffic policing
Tail of queue dropping
Traffic shaping
Performance Metrics
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46Session_IDPresentation_ID
Quality of Service
• Traffic policingHead of queue and tail of queue drops will drop random packets, so the delay will be random
Traffic shaping will try to keep the traffic in line, but will really tail drop in this case
Traffic policing will drop traffic which is out of policy, keeping the delay consistent
• Why do we care?This is an interaction between layer 3 and transport behavior required by specific applications
Performance Metrics
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47Session_IDPresentation_ID
Quality of Service
• Which would you deploy to increase the throughput of multiple TCP traffic flows on a single link?
Head of queue dropping
Traffic Policing
Weighted RED
Traffic Shaping
Differentiated Services
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48Session_IDPresentation_ID
Quality of Service
• Weighted REDHead of queue dropping will allow the TCP flows to synchronizeTraffic policing and shaping will not balance between the flows to increase overall throughput
Only WRED is specifically designed to prevent TCP flows from consuming all available queue resources, and leave room for other flows
WRED reduces the “sawtooth” effect and synchronization of multiple TCP flows
• Why do we care?This is an interaction between layer 3 and transport behavior required by specific applications
Differentiated Services
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49Session_IDPresentation_ID
Quality of Service
• Integrated ServicesRSVP Operations
• Application RequirementsGeneral requirements presented by common applications
• Class Starvation• Interaction with Other Technologies
DSCP bits in Ethernet, ATM, Frame Relay, etc.
• Policy Based Routing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50Session_IDPresentation_ID
Network Management
• Which of the following is true of SNMP and Syslog?Syslog always provides a wider variety of information than SNMP traps
Syslog is more reliable than SNMP traps, since it is carried over TCP
Syslog may lose information because of logging buffer overflows,but SNMP will not
Syslog information is always available as SNMP traps
Analyze Network Conditions
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51Session_IDPresentation_ID
Network Management
• Syslog is more reliable than SNMP traps, since it is carried over TCP
Whether Syslog or SNMP provides more information in a specific case depends on the information provided by the device
SNMP traps can be dropped because of buffer overflowsSyslog information may overlap with SNMP traps, but not always
• Why do we care?A network design engineer must know when to specify and use the various management tools available
A network design engineer must know what sorts of information toexpect from each tool when looking at a design or problem
Analyze Network Conditions
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52Session_IDPresentation_ID
Network Management
• If you wanted to determine the servers which transmit the most traffic to an external destination, which tool would be the most appropriate?
Packet level debugs filtered through an access list
SNMP traps set for traffic flows
Buffered Syslog based on packet event information
Netflow traffic flow statistics
Management Tools
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53Session_IDPresentation_ID
Network Management
• Netflow traffic flow statisticsPacket level debugs? Right!SNMP wouldn’t be able to keep up with traffic flow informationSyslog would depend on debugs or some other information
• What other options are there here?IP Accounting?ACLs with logging?
• Why do we care?A network design engineer must know when to specify and use the various
management tools availableA network design engineer must know what sorts of information to expect from
each tool when looking at a design or problem
Management Tools
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54Session_IDPresentation_ID
Network Management
• In-band verses Out-of-Band Management
• SNMP Concepts and Operation
• Auditable Factors in Network Management
• Traffic Management Concepts
• Change Management Concepts
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55Session_IDPresentation_ID
Security
• What would the result of configuring two synchronized servers with the same IP address, as shown, be?
A could split inbound sessions with B, causing difficult to troubleshoot problems
A could overlap transactions with B, violating various regulations
A could provide access to the service while B is under a DoS attack
Availability
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56Session_IDPresentation_ID
Security
• A could provide access to the service while B is under a DoS attack
We don’t know enough about the configurations of these servers or their services to determine if the other options are correct
But, we do know anycast is a common technique to provide resiliency during DoS attacks
• Why do we care?A design engineer must be able to plan in mitigations against various attacks
Availability
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57Session_IDPresentation_ID
Security
• What attacks would configuring unicast RPF at A and B prevent?
False routing protocol adjacencies from B, C, D, and E
DoS attacks against A and B from B, C, D, and E
Attacks from spoofed sources originating from B, C, D, and E
Layer 2 based attacks against A and B sourced from B, C, D and E
Control Plane Protection
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58Session_IDPresentation_ID
Security
• Attacks from spoofed sources originating from B, C, D, and E
uRPF would prevent spoofed packets from entering the network
uRPF does not manage routing adjacencies
uRPF does not block DoS attacksuRPF does not operate at layer 2
• Why do we care?A design engineer must be able to plan in mitigations against various attacks
Control Plane Protection
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59Session_IDPresentation_ID
Security
• Identity and TrustRouter access mechanisms
802.1x and other identity mechanisms
• Data Plane ProtectionInfrastructure protection
• Incident Planning and Preparation
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60Session_IDPresentation_ID
The Written Exam
• Layer 3 FocusedWhile we’ve seen questions which are not layer 3, they relate to some interaction with layer 3
Application reliance on layer 3Layer 2 impact on layer 3
• No Configurations• No Bit Level Questions
Some detail, but not to the depth of bits, etc
• Broad Array of Technical AreasLayer 3 Design, Routing, Tunneling, QoS, Management, and Security
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61Session_IDPresentation_ID
The Practical Exam
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62Session_IDPresentation_ID
The Practical Exam
• An Overview• High Level Skills
AnalysisDesignImplementationJustification(Abstraction)
• The Practical Format• A Short Practical Example
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63Session_IDPresentation_ID
An Overview
• The Purpose of the PracticalTest application of knowledge to real problemsIntegrate smaller bits of knowledge into a useful wholeIntegrate business problems into technical design
• The Structure of the PracticalComputer based; no lab environmentNo configuration of real devicesScenario basedTightly scripted
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64Session_IDPresentation_ID
An Overview
• What about multiple good solutions?Aren’t there bound to be a bunch of good solutions for any given problem?
• Two SolutionsThe scenarios are tightly scripted
Business and technical requirements strongly bound the solution setIn some places, there are multiple right answers
When the requirements leave multiple solutions open, provisions are made to account for all right solutionsSome right solutions might be worth more points than other rightsolutions, however
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65Session_IDPresentation_ID
Analysis
• Determine Network ExpectationsExamine and understand business goals
Examine and understand application requirements
Examine and understand the implications of network failures
• Gather and Validate InformationDetermine missing information
Determine additional required tests
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66Session_IDPresentation_ID
Design
• Focus on TechnologyUnderstand technical/functional tradeoffs between solutions
• Reduce or Eliminate the Impact on Existing Services• Focus on Scalability• Common Cases verses the Worst Case
Determine what is likely, and plan for that, rather than for the worse case
• Focus on Elegance and SupportabilityKnow what’s necessary and what’s unnecessaryConsider operational expenses (OPEX)
• Minimize Impact of Network Failures
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67Session_IDPresentation_ID
Implementation
• Develop an Implementation PlanConsider interactions between the phases of implementation
Minimize impact on services during implementation
• Develop a Contingency Plan
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68Session_IDPresentation_ID
Justification
• Justify Technologies Chosen
• Justify Changes in the DesignBased on functional requirements
Based on technical requirements
• Consider Alternate OptionsJustify moving or not moving to an alternate
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69Session_IDPresentation_ID
Abstraction
• Underlies Many of the ConceptsAnalysis, Scalability, Elegance, Supportability, Resiliency, etc.
• Deploy a New Data CenterThe Data Center as a Network
Capacity, Addressing, etc.
The Data Center as an ObjectPlacement, Capacity, etc.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70Session_IDPresentation_ID
The Practical Format
• You Begin with a Set of DocumentsBackground documentsNetwork diagramsEmail threads
• You then get a Set of QuestionsNetwork diagram drag and drop/modify attributesMultiple choiceOrdering a listMatch two lists
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71Session_IDPresentation_ID
The Practical Format
• As You Complete Questions You Gain Access to More Information
Decisions made in the design process
New information about the network
Changes in the network state
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72Session_IDPresentation_ID
A Short Practical Example
• We need to install a new credit card processing application between Host A and Host K
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73Session_IDPresentation_ID
A Short Practical Example
• What do we need to know to solve this problem?
What other applications are A and K running?For simplicity, none
What QoS expectations does this new application have?
Session resets in outage of longer than 1 second
What are the security requirements for this new application?
Must be confidential through the public parts of the network
Why is there a firewall between Router F and Router B?
To protect K from attacks
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74Session_IDPresentation_ID
A Short Practical Example
• Encrypt from A to B?This doesn’t solve confidentiality in the public part of the network
Doesn’t meet business requirements
Encryption
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75Session_IDPresentation_ID
A Short Practical Example
• Secure Tunnel from A to K?This bypasses the firewall, allowing A to attack K
Doesn’t meet business requirements
Encrypted Tunnel
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76Session_IDPresentation_ID
A Short Practical Example
• Secure Tunnel from A to G?
Provides confidentiality through the public parts of the network
Does not bypass the firewall
Appears to meet the requirements....
Encrypted Tunnel
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77Session_IDPresentation_ID
A Short Practical Example
• What sort of tunnel should we use?
MPLS?GRE?IPsec AH?IPsec ESP?L2TPv3?
• Which one meets the business requirements?
Encrypted Tunnel
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78Session_IDPresentation_ID
A Short Practical Example
• How do we handle the convergence requirement?
Less than 1 second of failure time
What are our considerations here?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79Session_IDPresentation_ID
A Short Practical Example
• What problems might we have with these two switches?
How does B find out if E fails?
How long does this detection take?
How long does convergence take once the failure is detected?
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80Session_IDPresentation_ID
A Short Practical Example
• You need to think through each aspect of the problem
• Consider how the pieces will interact
• Consider how to solve each specific problem presented
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81Session_IDPresentation_ID
Q and A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82Session_IDPresentation_ID
Recommended Reading
Available Onsite at the Cisco Company Store
Continue your learning experience with further reading from Cisco Press
Optimal Routing Design, ISBN 1-58705-187-7
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83Session_IDPresentation_ID
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84Session_IDPresentation_ID