Cisco Borderless Network – ISR Generation 2

Last week I participated in a one-day workshop which took place at the Cisco office in München. The new Cisco vision of the borderless network was introduced and the main focus was on the new Integrated Services Router (ISR) Generation 2.

The whole idea of this vision is that the “borders” in the network will soon disappear and one will be able to connect to the network from anywhere, at any given time, from any device and to any resource. And all this will be done transparently and securely. One will no longer be limited by the device used (be it laptop, desktop, smartphone, etc) nor will he be limited by the type of connection (wired, wireless, mobile, etc). The network will be intelligent enough to adapt and provide a seamless experience.

What interested me the most was the new ISR G2 series, which is a key player in the borderless network concept. There are new versions to all the previous ISR routers and the upgrades are significant. I won’t bother you with too many details, but couple of things stand out:

• 3 new models of the small 800 series, new 1900, 2900 and 3000 series
• all of them run a universal IOS image, IOS 15.0 will be released.
• the image contains all features. The individual features are activated on-demand, as they are needed
• multi-core processors
• crypto engines are already onboard
• field-upgradeable mainboards (Service Performance Engine, SPE)
• Multi Gigabit Fabric (MGF): the individual modules will be internally directly connected at gigabit speeds

There are of course other changes but I think those are the most important.

After the ISR G2 presentation, a few more things were discussed about topics such as Security, WAAS (Wide area application services) and the ASR 1000 (Aggregation Services Router).

Otherwise things were nice, the presentation was good, no blue screens or anything. And the canteen over there makes really good food! ;-)

New week

Yeah, this is what the weather looks like these days. It’s rainy, not warm and not nice. Not much is happening otherwise, the weather kinda makes you lame and you have to force yourself to get something done. I feel like sleeping the whole day.

In the meantime I am still studying for my CCIP certification, I plan on taking the MPLS+BGP exam sometime at the end of the year. I set up some gns3/dynamips labs at home and it’s going well.

I want vacation ;-)

Summer is gone, life goes on

Unfortunately the warm days of the summer are gone. I still see sunny days every now and then but it’s cold and we’re starting here to have temperatures below 0 during the night. We didn’t even have much of an autumn, it kinda jumped directly to winter. Don’t know if I should be happy or not about that, I am not crazy about autumn either, at least not about the rainy part anyway.

At work it’s still kinda ok. Besides the fact that I  have to go back and forth each week, the project is interesting, challenging and gives me the chance to work with technologies not easily available in most other places. It’s a great place to learn things and I would say it’s the perfect working environment to be in if you’re studying for CCIE, the Holy Grail of Cisco Certifications (Service Provider part).

Which is exactly what a couple of my colleagues are doing but it’s not easy at all. This is one exam (a 8-hour lab actually) where it’s not enough to just know stuff, you have to know it perfectly and be able to work fast because you are constantly under time pressure. And trust me, it’s not cheap at all, you end up with thousands and thousands of euros invested in books, rack rentals, boot camps, the lab itself, etc.  Needless to say, this is hardly doable without the support of your company. And on top of that, the pass rate is very low. It is said that less than 10% of people taking the lab pass it the first time. On average, one needs 3-4 attempts to pass it. Kinda bad, eh ?

I am probably at the stage where I could attempt it but I really have no time for it, not when I am gone most of the time. Maybe later. I will just focus on other professional certification in the meanwhile.

Vacation is coming at the end of the year, which is something I am looking forward to. Probably we won’t go anywhere but some time at home is not bad either. Speaking of vacation, there is one thing that annoys me at my company. They ask us to give a vacation plan for the whole next year. I have 28 days of vacation and I have to plan them ALL one year in advance. I can understand their point of view in a way, that they need some kind of overview when people are gonna be gone, but I still think it’s very weird. How am I supposed to know what I will do in one year ? Something might come up and you might need to change the dates but you can be shit out of luck if someone else in your team has it planned in that time.

They say that this is just for “planning purposes” and that you can change it but we all know that once you turn it in, it’s pretty much fixed, there is no change because you most likely conflict with someone else. I didn’t use to have this in my former company but it was a bit easier there I guess, less people in our department so less chances of conflicts.

And at the end, something unrelated. I came upon a very interesting article from cracked.com: “7 Reasons the 21st Century is Making You Miserable” (via). It’s a bit long’ish but it’s well worth it.

Preparing for the CCSP Certification

In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.

1. CCNA Security – pre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.

   I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.

2. IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.

   I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).

3. SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.

   I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.

4. SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.

   For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.

   Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.

5. SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.

   I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.

   And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.

And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.