CCIE SP v4.1 - Workbook
CCIE SP v4.1 - Workbook
$450.00
Minimum price
$450.00
Suggested price
CCIE SP v4.1 - Workbook

This book is 100% complete

Completed on 2019-10-12

About the Book

This CCIE SP workbook is an excellent preparation resource for anyone willing to either get acquainted with SP world or prepare for CCIE SP practical exam in its current revision. As it covers all blueprint, you can first go through it, and then get back and practice on your weak areas. Each chapter is accompanied by the initial configuration for both EVE-NG and VIRL platforms, to facilitate faster lab preparation and focusing on doing labs, not dealing with infrastructure.

About the Authors

Piotr Jablonski
Piotr Jablonski

A CTO and consultant. Designed, recommended and deployed Software-Defined Data Center solutions for the customers in Europe. Promoted SDN at Cisco and VMware. Working knowledge with hybrid cloud solutions based on Cisco, VMware and AWS. He contributed to new features in Unified MPLS, Adaptive Code Modulation, Autonomic Networking. A speaker at VMworld, VMUG, Cisco Live, PLNOG and other conferences. Launched the Cloud Infra meetup. An author of network design, IPv6, MPLS, Carrier Ethernet, Multicast and CCIE bootcamps. His certifications include CCDE 2012::7, CCIE SP, R&S #19476, VCIX-NV, AWS SAA. A certified Cisco and AWS instructor. Co-founder of a startup around networking and analytics. An expert in emulating L2/L3 loops.

Łukasz Bromirski
Łukasz Bromirski

Networking geek and engineer - currently Product Manager at Cisco Security Business Group. Begun his networking career in 1997 working with various telecommunication areas. In 2006 moved to Cisco, and while reaching for his double CCIE (Routing&Switching and Service Providers) and CCDE, was responsible for Partners and projects spanning various technologies and types of customers. Actively engaged in various networking projects outside of his work at Cisco, focused on education and best practices sharing. Creator of BGP Blackholing project; author of self-developed IPv6, MPLS, QoS, multicast, IGP and BGP, SP Security and CCIE bootcamp hands-on trainings; Co-creator of PLNOG and active speaker on other conferences, also leader of Cisco ISP SWAT team, coordinating efforts to help defend Service Provider networks under active attack around the world.

Table of Contents

Chapter 1: Workbook introduction / 11

Topology overview / 12

Chapter 2: Basic device configuration / 13

Task 1: Cisco IOS-XE connection / 14

Task 2: Cisco IOS XR connection / 15

Task 3: IOS-XE and IOS XR configuration capabilities / 17

Task 3.1: System archive (IOS-XE) / 17

Task 3.2: Configuration rollback (IOS XR) / 19

Task 4: IOS XR feature centric configuration / 23

Task 5: Other features of IOS XR CLI / 24

Task 5.1: Parser regexp matching for selecting interfaces / 24

Task 5.2: Configuration replace option / 25

Task 5.3: Filtering parser output / 26

Task 5.4: Configuration group policies / 28

Task 5.5: Commenting configuration / 31

Task 6: IOS XR RPL capabilities / 32

Task 6.1: Basic RPL interaction / 32

Task 6.2: Editing RPL policies / 33

Task 6.3: Checking other RPL options / 34

Task 6.4: RPL pass/set/done/drop options / 35

Task 6.5: Nested RPL policies / 36

Task 6.6: Using RPL parameters / 36

Task 6.7: Viewing RPL status / 37

Task 7: Traffic filtering and manipulation / 38

Task 7.1: Access-lists and object-groups / 38

Task 8: Basic IPv4 configuration / 39

Task 9: Basic IPv6 configuration / 41

Task 9.1: IPv6 address assignment in IOS-XE – EUI64 / 42

Task 9.2: IPv6 address assignment in IOS XR – EUI64 / 43

Task 9.3: IPv6 neighbors / 44

Task 9.4: IPv6 SLAAC / 47

Task 9.5: IPv6 DHCP / 48

Chapter 3: OSPF & ISIS / 50

Tricky OSPF / 50

Topology 1: AS3356 OSPF / 51

Task 1: Loopback interface prefix / 53

Task 2: Why do prefixes persist? / 57

Task 3: Why there is a loop? / 61

Task 4: Why ECMP is not equal? / 63

AS3356 OSPF / 64

Task 1: Migrate OSPF 1 to core / 64

Task 2: Inter-area communication / 67

Task 3: Scalability and path optimization / 71

Task 4: Secure the OSPF domain / 79

AS3356 OSPFv3 / 81

Task 1: Configure OSPFv3 areas / 81

Task 2: Secure the OSPFv3 domain / 86

AS1239 ISIS / 87

Topology 1: AS1239 ISIS / 87

Task 1: Configure ISIS Level-2 / 88

Task 2: Secure the ISIS domain / 95

AS1239 IP LFA / 98

Task 1: AS1239 IP LFA / 98

Chapter 4: Basic BGP / 104

Task 1: Basic BGP configuration / 105

Task 1.1: BGP in AS 100 / 105

Task 1.1.1: Simple iBGP session / 105

Task 1.1.2: BGP router-id selection / 107

Task 1.1.3: Advertise network in BGP using ‘network’ statement / 108

Task 1.1.4: Advertise network in BGP using ‘redistribute’ statement / 111

Task 1.1.5: Loopback peering in BGP / 113

Task 1.2: ASPLAIN and ASDOT notations in IOS/IOS-XE / 115

Task 1.2.1: eBGP session over loopbacks / 115

Task 1.2.2: Changing between ASPLAIN and ASDOT / 116

Task 1.3: Filtering advertisements in IOS and IOS-XE / 117

Task 1.3.1: Using route-maps to filter updates in BGP / 117

Task 1.3.2: Using filter-list to filter updates in BGP / 118

Task 1.3.3: Reconfigure AS100 back to original configuration / 119

Task 1.4: BGP Address Families in IOS and IOS-XE / 119

Task 1.4.1: IPv6 unicast session configuration in BGP / 120

Task 1.5: Configure routers in AS 3356 / 122

Task 1.5.1: Simple iBGP session between R1 and R2, R3 and R5 / 122

Task 1.5.2: BGP router-id selection / 124

Task 1.5.3: BGP neighbor status and session options in IOS XR / 125

Task 1.5.4: BGP route entry in IOS XR / 127

Task 1.5.5: Advertise network in BGP using ‘redistribute’ statement / 128

Task 1.6: ASPLAIN and ASDOT notations in IOS/IOS XR / 131

Task 1.6.1: Changing between ASPLAIN and ASDOT / 131

Task 1.7: Filtering advertisements in IOS XR – using RPL / 134

Task 1.7.1: Using RPL with ios-regexp to filter out the prefix while running asdot formatting / 135

Task 1.7.3: Rollback SP1R1 to original configuration / 138

Task 1.8: BGP Address Families in IOS XR / 139

Task 1.8.1: IPv6 unicast session configuration in BGP / 139

Task 1.8.2: iBGP full mesh in AS3356 / 141

Task 1.9: Configure SP1R4 and SP2R4 routers in AS 44.66 / 144

Task 1.10: Configure routers in AS 1239 / 146

Task 1.11: Configure routers in AS 200 / 151

Task 2: eBGP peering / 153

Task 2.1: Configure peering between AS100 and AS3356 / 153

Task 2.2: Configure peering between AS3356 and AS44.66 / 153

Task 2.3: Configure peering between AS3356 and AS1239 / 153

Task 2.4: Configure peering between AS1239 and AS44.66 / 153

Task 2.5: Configure peering between AS1239 and AS200 / 153

Task 3: Inter-AS Traffic engineering / 155

Task 3.1: AS100 Traffic Engineering / 155

Task 3.2: AS3356 to AS100 Traffic Engineering / 157

Task 3.3: Announcing aggregates in IOS XR and in IOS-XE / 163

Task 3.4: AS3356 to AS44.66 Traffic Engineering / 165

Task 3.5: AS3356 and AS1239 Traffic Engineering / 166

Task 3.6: AS1239 to AS200 Traffic Engineering / 167

Task 3.7: AS200 to AS1239 Traffic Engineering / 169

Task 4: Intra-AS Traffic engineering / 172

Task 4.1: AS3356 Traffic Engineering / 17

Task 4.2: AS1239 Traffic Engineering / 174

Task 5: Wrap-up / 176

Task 5.1: AS100 setup / 176

Task 5.2: AS3356 / 176

Task 5.3: AS1239 / 177

Task 5.4: AS200 / 177

Task 5.5: Inter-AS BGP peerings / 177

Chapter 5: Advanced BGP / 178

Task 1: Path selection in RR-driven BGP networks / 179

Task 1.1: BGP multipath / 179

Task 1.2: BGP DMZ link bandwidth on IOS-XE / 184

Task 1.3: BGP DMZ link bandwidth on IOS XR / 189

Task 1.4: BGP AddPath extension / 192

Task 1.5: BGP ORR: Optimal Route Reflection / 197

Task 2: Advanced manipulation of path attributes / 203

Task 2.1: Accumulated IGP cost attribute / 203

Task 2.2: Using local-as BGP feature / 205

Task 2.3: Using no-prepend BGP feature / 207

Task 2.4: Using replace-as BGP feature / 208

Task 2.5: Using dual-as BGP feature / 209

Task 2.6: Using allowas-in BGP feature / 211

Task 2.7: Using remove-private-as BGP feature / 213

Task 2.8: Manipulating communities / 216

Task 2.9: Attribute filtering / 217

Task 2.10: Selective BGP AD change for prefix / 219

Task 3: Real world BGP ISP challenges / 221

Task 3.1: BGP route dampening / 221

Task 3.2: Selective FIB download – IOS/IOS-XE / 223

Task 3.3: Selective FIB download – IOS XR / 224

Task 3.4: Multi-instance BGP / 225

Task 3.5: BGP multi-session capability / 229

Task 3.6: ORF: Optimal Route Filtering / 231

Chapter 6: MPLS Basics / 235

Task 1: Basic LDP configuration for label distribution / 235

Task 1.1: Manually configure LDP protocol on IOS-XE / 235

Task 1.2: LDP RID vs transport address / 237

Task 1.3: Using MPLS LDP autoconfig on IOS-XE / 240

Task 1.4: Manually configure LDP protocol on IOS XR / 241

Task 1.5: Using MPLS LDP autoconfig on IOS XR / 244

Task 1.6: Control label range for LDP / 245

Task 1.7: LDP sync / 246

Task 1.8: LDP session protection / 247

Task 1.9: LDPv6 or labels for IPv6 prefixes / 251

Task 2: Basic MPLS operations / 253

Task 2.1: Checking MPLS label forwarding for LDP bindings / 253

Task 2.2: Explicit NULL label / 256

Task 2.3: Configuring MPLS TTL propagation / 257

Task 2.4: Static binding of MPLS labels / 258

Task 2.5: LDP security – authentication / 262

Task 2.6: LDP security – label filtering. 263

Task 2.7: Turning on MPLS in AS1239 and AS200 / 265

Task 3: Basic MPLS OAM / 266

Task 3.1: Turning on MPLS OAM for IOS XR / 266

Task 3.2: Turning on MPLS OAM for IOS XE / 266

Task 3.3: Using MPLS ping and traceroute on IOS XE / 267

Task 3.4. Using MPLS ping and traceroute on IOS XR / 268

Chapter 7: MPLS Intra-AS L3VPN / 270

Task 1: L3VPN in AS 3356 / 271

Task 1.1: Enable VPNv4 and connect Customer1 in Site A / 271

Task 1.2: Add R1, R3 and R4 to L3VPN / 277

Task 1.3: Additional paths with Unique RD / 278

Task 1.4: Provide redundancy to site A / 281

Task 1.5: Add two additional VRF sites / 284

Task 1.6: Shared services / 290

Task 2: MPLS transport for IPv6 / 293

Task 2.1: 6VPE Service / 293

Task 2.2: 6PE Service / 297

Task 3: L3VPN in AS 1239 / 300

Task 3.1: Enable L3VPN / 301

Task 3.2: Configure Site D prefixes / 301

Task 3.3: Connect VRF cust1 Site D / 301

Task 3.4: Connect VRF sitee / 301

Task 3.5: Verify prefix advertisement / 302

Chapter 8: MPLS Inter-AS L3VPN / 305

Task 1: Inter-AS option A / 305

Task 1.1: Build inter-AS connectivity / 305

Task 1.2: Verification / 306

Task 2: Inter-AS option B / 309

Task 2.1: Build inter-AS connectivity / 309

Task 2.2: Prefix advertisement verification / 309

Task 2.3: Traffic engineering / 313

Task 3: Inter-AS option C / 316

Task 3.1: Build Inter-AS connectivity / 316

Task 3.2: Traffic-engineering / 318

Task 3.3: The correct BGP next-hop / 321

Task 3.4: Continuous LSP / 326

Task 4: CSC / 331

Task 4.1: New subinterfaces and VRF / 332

Task 4.2: End to end LSP / 334

Task 4.3: Enable the L3VPN service in AS 100/200 / 336

Task 5: OSPF as PE-CE protocol / 338

Task 5.1: Deploy OSPF / 338

Task 5.2: LSA Type manipulation / 342

Task 6: EIGRP as PE-CE protocol / 346

Task 6.1: Deploy EIGRP / 346

Task 6.2: Loop prevention / 349

Chapter 9: MPLS L2VPN: E-LINE / 352

Task 0: Lab preparations / 353

Task 0.1: Continuous LSP / 353

Task 1: VPWS / 355

Task 1.1: PW with .1Q / 355

Task 1.2: PW with QinQ + local bridging / 360

Task 1.3: Multisegment PW with a VLAN tag translation / 364

Task 1.4: H-VPLS for E-LINE / 369

Task 1.5: Point to point EVPN / 372

Task 1.6: L2TPv3 / 376

Chapter 10: MPLS L2VPN: E-LAN, E-TREE / 379

Task 1: VPLS / 380

Task 1.1: E-LAN BGP signalled VPLS / 380

Task 1.2: E-TREE BGP signalled VPLS / 385

Task 2: PBB-EVPN / 389

Task 2.1: E-LAN BGP signalled PBB-EVPN / 389

MPLS L2VPN: all services listed together (verification) / 392

Chapter 11: MPLS Traffic Engineering / 395

Task 1: Basic MPLS TE configuration / 396

Task 1.1: Enabling RSVP on interfaces / 397

Task 1.2: Interface parameters from RSVP-TE point of view / 398

Task 1.3: Building dynamic tunnel / 399

Task 1.3.1: Enabling RSVP on all core interfaces / 399

Task 1.3.2: Enabling IGP for MPLS Traffic Engineering / 399

Task 1.3.3: Enabling MPLS Traffic Engineering on IOS-XE devices / 400

Task 1.3.4: Configuring dynamic MPLS TE tunnel / 400

Task 1.3.5: IGP cost vs TE cost / 405

Task 1.3.6: Announcing TE tunnel via forwarding adjacency / 407

Task 1.4: Building static tunnel / 409

Task 2: Running MPLS TE in OSPF (AS 3356 / 410

Task 2.1: Basic IGP and MPLS TE configuration / 410

Task 2.2: Inter-AS MPLS TE Tunnel / 411

Task 3: Other MPLS TE features / 419

Task 3.1: MPLS TE setup and holding priority / 419

Task 3.2: RSVP authentication / 423

Task 3.3: Naming MPLS-TE tunnels / 424

Task 3.4: Named MPLS-TE tunnels / 425

Task 3.5: FlexLSP – bidirectional tunnels / 426

Task 3.5.1: Co-routed bidirectional tunnels: autoroute / 429

Task 3.5.2: Co-routed bidirectional tunnels: forwarding adjacency / 430

Task 4: MPLS TE path protection / 431

Task 4.1: Building protected path from SP2R2 to SP2R5 / 431

Task 5: MPLS TE link protection / 435

Task 5.1: Configuring MPLS TE link protection (NHOP / 435

Task 6: MPLS TE node protection / 441

Task 6.1: Configuring MPLS TE node protection (NNHOP / 441

Task 7: MPLS TE advanced path selection / 447

Task 7.1: Link affinity with new configuration style - IOS XR / 447

Task 7.2: Link affinity with old configuration style - IOS XR / 451

Task 7.3: Link affinity with IOS-XE / 452

Task 7.4: Shared risk link groups (SRLG) / 454

Task 8: MPLS TE auto mesh / 461

Task 8.1: Configuring MPLS TE auto-tunnel mesh / 461

Task 9: Configuring PE-P MPLS TE tunnels / 466

Task 10: MPLS TE load balancing / 471

Task 10.1: Configuring MPLS TE load balancing with IOS XE / 471

Task 10.2: Configuring MPLS TE load balancing with IOS XR / 475

Chapter 12: MPLS Quality of Service / 477

Task 1: MPLS QoS DS-TE / 478

Task 1.1: DS-TE configuration – RDM model / 478

Task 1.2: DS-TE configuration – MAM model / 483

Task 1.3: CBTS – IOS only / 486

Task 1.4: PBTS - IOS XR only / 488

Task 2: Service provider MPLS QoS basics / 493

Task 2.1: Simple MQC operations on EXP/TC / 493

Task 2.2: Policing of traffic with specific EXP/TC value / 495

Task 3: Implementing uniform MPLS QoS model / 497

Task 3.1: Checking probes on AS 100 and AS 200 / 498

Task 3.2: Configuring PE SP1R8 router / 500

Task 4: Implementing pipe MPLS QoS model / 502

Task 4.1: Configuring PE routers – SP1R7 and SP1R8 / 502

Task 4.1.1: Explicit null signalling from SP1R7 / 502

Task 4.1.2: Modifying the EXP values on SP1R7 and SP1R8 / 503

Task 4.1.3: Queueing on SP1R7 and SP1R8 / 505

Task 5: Implementing short pipe MPLS QoS model / 508

Task 5.1: Configuring PE routers – SP1R7 and SP1R8 / 508

Chapter 13: Segment Routing / 510

Task 1: Segment Routing in OSPF / 510

Task 1.1: Configure Segment Routing for OSPF AS3356 / 510

Task 2: Migrating AS3356 from LDP to SR / 513

Task 2.1: Making SR preferred over LDP / 513

Task 2.2: Verification / 513

Task 2.3: Turning off LDP in AS 3356 / 515

Task 2.4: Rollback AS3356 back to LDP-based forwarding / 515

Task 3: Segment Routing TE / 516

Task 3.1: Configuring TE in SR domain for MPLS data plane / 516

Task 4: Segment Routing in ISIS / 519

Task 4.1: Configuring SR for AS1239 on IOS XR / 519

Task 4.2: Configuring SR for AS1239 on IOS-XE / 519

Task 4.3: Verification / 519

Chapter 14: IPv6 transition / 522

Task 1: Tunnelling and translation / 523

Task 1.1: VRF-aware NAT44 / 523

Task 1.2: 6rd / 529

Task 1.3: Pseudo DS-Lite / 534

Task 1.4: Stateful NAT64 / 538

Task 1.5: Stateless NAT64 / 542

Task 1.6: MAP-T / 546

Task 1.7: LISP / 550

Chapter 15: IP Multicast / 558

Task 1: Native Multicast / 559

Task 1.1: PIM ASM Static RP / 559

Task 1.2: PIM ASM with Static Anycast RP / 562

Task 1.3: PIM ASM with Static RP and static IGMP Join / 568

Task 1.4: PIM ASM with Auto RP / 570

Task 2: mVPN Multicast / 572

Task 2.1: Profile 0 - Default MDT, GRE, PIM C-mcast Signaling / 572

Task 2.2: Profile 6 - MLDP, In-Band Signaling / 581

Task 2.3: Profile 12 - MLDP, P2MP, BGP AD + C-mcast Signaling / 587

Task 2.4: Inter-AS mVPN / 593

Chapter 16: System management tasks / 597

Task 1: Logging functions / 598

Task 1.1: Turning on logging / 598

Task 1.1.1: Local buffered logging / 599

Task 1.1.2: Terminal (monitor) logging / 600

Task 1.1.3: Console logging / 601

Task 1.1.4: Logging filters / 601

Task 1.1.5: Supressing duplicate messages – IOS XR only / 602

Task 1.2: Logging to external syslog server / 603

Task 1.2.1: Assigning specific prefix/name for logging host / 603

Task 1.3: Logging security / 604

Task 1.4: SNMP configuration / 605

Task 1.4.1: Basic SNMPv2c configuration / 605

Task 1.5: RMON configuration / 607

Task 2: Debugging network traffic using captures / 609

Task 2.1: EPC – IOS-XE / 609

Task 3: Network telemetry / 613

Task 3.1: Configuring NetFlow in IOS/IOS-XE / 613

Task 3.1.1: Defining flow key records / 613

Task 3.1.2: Defining flow monitor / 614

Task 3.1.3: Defining flow exporter / 614

Task 3.1.4: Attaching NetFlow feature to interfaces / 615

Task 3.2: BGP policy accounting in IOS/IOS-XE / 617

Task 3.3: BGP policy accounting in IOS XR / 619

Task 3.4: CEF traffic accounting / 621

Task 4: Monitoring network conditions and acting on results / 622

Task 4.1: IP SLA in IOS-XE / 622

Task 4.2: IP SLA in IOS XR / 624

Task 4.3: EEM / 624

Task 4.2.1: Basic EEM script / 625

Task 4.2.2: More advanced example – network interfaces / 625

Task 4.2.3: Building script to bring Lo0 back up again once Track 10 is up / 626

Chapter 17: System and network security / 627

Task 1: Securing control plane / 627

Task 1.1: CoPP / 627

Task 1.2: LPTS / 630

Task 1.3: BGP security / 632

Task 1.3.1: BGP maximum prefix feature on IOS XE / 632

Task 1.3.2: BGP VRF route limit on IOS XE / 633

Task 1.3.3: BGP maximum prefix feature on IOS XR / 634

Task 1.3.4: BGP VRF route limit on IOS XR / 635

Task 1.3.5: BGP attribute limits / 636

Task 2: Securing management plane 637

Task 2.1: MPP / 637

Task 2.1.1: MPP on IOS-XE / 637

Task 2.1.2: MPP on IOS XR / 637

Task 2.2: Telnet and SSH / 639

Task 2.2.1: Telnet and SSH on IOS-XE / 639

Task 2.2.2: Telnet and SSH on IOS XR / 639

Task 3: Securing forwarding plane / 641

Task 3.1: uRPF / 641

Task 3.1.1: uRPF on IOS XR / 641

Task 3.1.2: uRPF on IOS/IOS-XE / 642

Task 3.2: BGP RPKI / 643

Task 3.2.1: Configuring RPKI session / 643

Task 4: Deploying SP-wide protection mechanisms / 647

Task 4.1: BGP blackholing / 647

Task 4.1.1: Configuring trigger router / 647

Task 4.1.2: Configuring edge router / 649

Task 4.1.3: “Starting the DDoS” / 650

Task 4.2: BGP FlowSpec / 651

Task 4.2.1: Configuring trigger router (FlowSpec server) / 651

Task 4.2.1: Configuring edge router (FlowSpec client) / 652

Task 4.3: QoS Policy Propagation via BGP (QPPB) / 653

Task 4.3.1: Configuring trigger router / 653

Task 5: Other system-related options / 657

Task 5.1: Benchmarking/testing link between routers / 657

Authors have earned$8,182,613writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. Free App. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets), MOBI (for Kindle) and in the free Leanpub App (for Mac, Windows, iOS and Android). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub