Holidays

First of all, song of the year as chosen in the “A State of Trance” weekly show by Armin van Buuren. I can imagine trance is not everyone’s cup of tea but it’s a nice catchy tune: “Gaia – Tuvan” (click the Play icon to listen).

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

As most people this time of the year, I am in vacation but not much relaxation so far. First week we had a little special somebody visiting and among other things we visited “Sensapolis” and I got the do a bit of ice skating.

“Sensapolis” is an interior entertainment park in a huge building somewhere near Stuttgart. It’s a lot of fun for kids of all ages and it features things like a giant spaceship, climbing wall, science center, a Fairytale castle, a pirate ship, tree house and many more. The picture gallery shows you a bit of the place.

During this time we are also working (again) at the house, doing remodeling and other things in the kitchen and bathroom. Freya’s brother is visiting and since he knows a lot more than us at this kind of job (he does this for a living) we kinda “abuse” the poor guy. The kitchen is one of the things we inherited from the creatures who lived here before and it was in dire need of renovation. When it’s done, the ugly brown will be gone and it will look “really pretty”, as Freya puts it. And I completely agree, will post some “before/after” pictures once it’s done.

And of course I am still studying for my Cisco CCIP certification. I am supposed to take one of the exams on the 31st of December, I just hope I will be done by then.

In the meantime, Merry Christmas everyone and a Happy New Year!

Cisco CRS-1

This week, as a result of a software upgrade operation across the backbone routers, I had to do the procedure on one of the CRS-1 routers in Stuttgart, since I kinda live in the neighborhood. I have worked, configured and troubleshooted them since 2 years now but physically I only saw one a little in one of our labs. This time  I had the opportunity to work a bit more closely with it.

The Cisco CRS-1 Carrier Router System is, as the name suggests, a carrier-grade backbone router which is usually found in big ISP’s. In it’s full 16-slot configuration it can push data up to 92 Tbps (yes, that’s Tera) and the price of such a configuration can make lesser people faint. The CRS routers we’re using are the medium 8-slot version, which is slightly cheaper and it’s not completely packed with line-cards. Of course, this is not the “cheaper” definition we know, it’s still there in the stratosphere. It’s a monster of a router as well, just the chassis with the fans has about 150kg. The full configuration for the 8-slot version, together with the power shelves and line-cards can weight up to 250kg.

The CRS has a highly redundant design, it’s extremely scalable and it’s designed for an “always-on” operation. As software, it runs the IOS-XR which while it has the same look-and-feel as the normal IOS we know,  it’s based on Linux. The CRS routers we use form the core of our MPLS network, based on 10GB Ethernet.

The software upgrade was an interesting experience. The new version comes on two 4GB PCMCIA flash cards (one for each router processor) which you have to use to replace the existent flash cards. The procedure is quite different than the one for a normal router and it’s quite lengthy. It involves first rebooting the router which loads the new software on the route processors and then each individual line-card has to be upgraded as well. All-in-all I was in that data-center for two and a half hours.

This particular data-center belongs to KPN and, like almost all their sites in Germany, they are completely unmanned. You need to call first and they open the door for you all the way from Netherlands. Same when you get out, you’re stuck in there until they open the door for you.

It was nice experience. And even though it took a long time, at least I could kill time by reading a SciFi ebook (“Consider Phlebas” by Iain M. Banks) on my N85 and listening to music. Good book too, I like it so far. 

Cisco Borderless Network – ISR Generation 2

Last week I participated in a one-day workshop which took place at the Cisco office in München. The new Cisco vision of the borderless network was introduced and the main focus was on the new Integrated Services Router (ISR) Generation 2.

The whole idea of this vision is that the “borders” in the network will soon disappear and one will be able to connect to the network from anywhere, at any given time, from any device and to any resource. And all this will be done transparently and securely. One will no longer be limited by the device used (be it laptop, desktop, smartphone, etc) nor will he be limited by the type of connection (wired, wireless, mobile, etc). The network will be intelligent enough to adapt and provide a seamless experience.

What interested me the most was the new ISR G2 series, which is a key player in the borderless network concept. There are new versions to all the previous ISR routers and the upgrades are significant. I won’t bother you with too many details, but couple of things stand out:

• 3 new models of the small 800 series, new 1900, 2900 and 3000 series
• all of them run a universal IOS image, IOS 15.0 will be released.
• the image contains all features. The individual features are activated on-demand, as they are needed
• multi-core processors
• crypto engines are already onboard
• field-upgradeable mainboards (Service Performance Engine, SPE)
• Multi Gigabit Fabric (MGF): the individual modules will be internally directly connected at gigabit speeds

There are of course other changes but I think those are the most important.

After the ISR G2 presentation, a few more things were discussed about topics such as Security, WAAS (Wide area application services) and the ASR 1000 (Aggregation Services Router).

Otherwise things were nice, the presentation was good, no blue screens or anything. And the canteen over there makes really good food!

New week

Yeah, this is what the weather looks like these days. It’s rainy, not warm and not nice. Not much is happening otherwise, the weather kinda makes you lame and you have to force yourself to get something done. I feel like sleeping the whole day.

In the meantime I am still studying for my CCIP certification, I plan on taking the MPLS+BGP exam sometime at the end of the year. I set up some gns3/dynamips labs at home and it’s going well.

I want vacation

Summer is gone, life goes on

Unfortunately the warm days of the summer are gone. I still see sunny days every now and then but it’s cold and we’re starting here to have temperatures below 0 during the night. We didn’t even have much of an autumn, it kinda jumped directly to winter. Don’t know if I should be happy or not about that, I am not crazy about autumn either, at least not about the rainy part anyway.

At work it’s still kinda ok. Besides the fact that I  have to go back and forth each week, the project is interesting, challenging and gives me the chance to work with technologies not easily available in most other places. It’s a great place to learn things and I would say it’s the perfect working environment to be in if you’re studying for CCIE, the Holy Grail of Cisco Certifications (Service Provider part).

Which is exactly what a couple of my colleagues are doing but it’s not easy at all. This is one exam (a 8-hour lab actually) where it’s not enough to just know stuff, you have to know it perfectly and be able to work fast because you are constantly under time pressure. And trust me, it’s not cheap at all, you end up with thousands and thousands of euros invested in books, rack rentals, boot camps, the lab itself, etc.  Needless to say, this is hardly doable without the support of your company. And on top of that, the pass rate is very low. It is said that less than 10% of people taking the lab pass it the first time. On average, one needs 3-4 attempts to pass it. Kinda bad, eh ?

I am probably at the stage where I could attempt it but I really have no time for it, not when I am gone most of the time. Maybe later. I will just focus on other professional certification in the meanwhile.

Vacation is coming at the end of the year, which is something I am looking forward to. Probably we won’t go anywhere but some time at home is not bad either. Speaking of vacation, there is one thing that annoys me at my company. They ask us to give a vacation plan for the whole next year. I have 28 days of vacation and I have to plan them ALL one year in advance. I can understand their point of view in a way, that they need some kind of overview when people are gonna be gone, but I still think it’s very weird. How am I supposed to know what I will do in one year ? Something might come up and you might need to change the dates but you can be shit out of luck if someone else in your team has it planned in that time.

They say that this is just for “planning purposes” and that you can change it but we all know that once you turn it in, it’s pretty much fixed, there is no change because you most likely conflict with someone else. I didn’t use to have this in my former company but it was a bit easier there I guess, less people in our department so less chances of conflicts.

And at the end, something unrelated. I came upon a very interesting article from cracked.com: “7 Reasons the 21st Century is Making You Miserable” (via). It’s a bit long’ish but it’s well worth it.

Preparing for the CCSP Certification

In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.

1. CCNA Security – pre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.

   I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.

2. IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.

   I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).

3. SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.

   I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.

4. SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.

   For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.

   Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.

5. SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.

   I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.

   And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.

And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.

SNAA passed, Finally CCSP!

And after quite some time, I have finally finished my Cisco CCSP certification, just got out of the testing center 10 minutes ago When I get home  tonightI  will put together a post with some information about the whole process, what exams I took, what study materials I used and so on. Who knows, it might help someone out there.

Study week

This week I stayed home and I studied. I am going to take my last exam of the Cisco CCSP certification soon so I needed to do some practice.

The exam is all about the ASA Firewall and since I don’t have one at home and none available to me at work, I decided to get a one-week of SNAA remote lab from , a slovenian Cisco training partner. I guess I could’ve also taken a course for this exam but I think the remote lab is a better deal if the subject is not a complete mistery to you. It’s not sky-high expensive, you get exercises to practice all the items from the exam blueprint and you get to do this at your own pace, on real equipment.  Which worked perfectly, all from a browser. I was quite impressed.

Anyway, at least I get to stay home this week. Next one it’s Munich again which is gonna be real “fun” since it’s the last week of the . 6 million visitors come to  … get drunk Yeah, really great. But I guess each with his own.