Cisco has been updating their certifications lately. The CCIE RS got bumped to version 5 and went all virtual. The CCNP RS was then also updated and now it’s time for the CCIE SP.
It seems that Cisco has done a better job lately of tying all the certifications together and providing a more unified exam format. At least this is the indications I’m getting for the CCIE track.
CCIE SP v4 will use the same exam format as the CCIE RS v5. This means that there will be a diagnostic (DIAG) and troubleshooting (TS) module at the CCIE SP lab. First let’s go over the exam domain.
My impression from this is that the v4 blueprint is a bit more generic. This makes it easier to develop the exam content and I also get the feeling that it’s getting more important to have a high level understanding of the different technologies and architecture.
The exam is designed to be dual stack, so you can’t afford to be weak on v6, you must master the v6 topics at the same level as v4. If you get certified you may use the IPv6 Forum Gold logo.
The following topics have been added to version SPv4 written:
• SP architecture concepts
• Virtualization concepts
• Mobility concepts
• Describe BGP path attributes
• Describe MPLS forwarding and control plane mechanisms
• Describe MPLS TE attributes
• Describe MPLS advanced features, for example, segment routing, G-MPLS, MPLS-TP, and MPLS TE Inter-AS
• Describe multicast P2MP TE
• Describe EVPN (EVPN-VPWS and PBB EVPN)
• Describe IEEE 802.1ad (Q-in-Q), IEEE 802.1ah (Mac-in-Mac), and ITU G.8032 (REP)
• Describe broadband forum TR-101, for example, trunk N:1 and trunk 1:1
• Describe QoS link fragmentation (LFI), cRTP, and RTP
• Describe multichassis/clustering high availability
• Describe Layer 1 failure detection
• Describe BGPsec
• Describe backscatter traceback
• Describe lawful-intercept
• Describe BGP Flowspec
• Describe DDoS mitigation techniques
• Describe network event and fault management
• Describe performance management and capacity procedures
• Describe maintenance and operational procedures
• Describe the network inventory management process
• Describe network change, implementation, and rollback
• Describe the incident management process based on the ITILv3 framework
There are some interesting topics here and it’s clear that the exam has been modernized. Virtualization is added which may relate to Network Function Virtualization (NFV) which is one of the buzzwords right now.
The MPLS focus is even stronger, many SPs have started or are in the process of starting with deploying MPLS to the access layer. Because these networks are so large and using the same IGP in the entire domain won’t scale, there are now solutions like seamless MPLS which uses BGP to carry link state information. They have also added P2MP LSPs which are used to transport multicast over MPLS.
Another interesting topic is segment routing which just came out in 5.2.0. With segment routing it’s possible to setup the path the traffic should take by labeling the packets. The labels are not derived from LDP. The labels are instead carried in the IGP, such as ISIS.
EVPN and PBB-EVPN are technologies that will likely replace VPLS in the future, maybe not in all deployments but in many. It has features to make multihoming and loop prevention easier, which is always a challenge when a customer is multihomed at layer 2.
DoS and DDoS is the reality of every major SP today. We can see this in the exam topics as well, BGP Flowspec has been added which is a new feature in 5.2.0 to be able to deploy ACLs and ratelimiters through the use of BGP.
The following topics have been added to both the lab and the written:
• Describe, implement, and troubleshoot advanced BGP features, for example, add-path and BGP LS
• Describe, implement, and troubleshoot mLDP (including mLDP profiles from 0 to 9)
• Describe and optimize multicast scale and performance
• Describe, implement, and troubleshoot MPLS QoS models (MAM, RDM, pipe, short pipe, and uniform)
• Describe, implement, and troubleshoot MPLS TE QoS mechanisms (CBTS, PBTS, and DS-TE)
• Describe, implement, and troubleshoot E-LAN and E-TREE, for example, VPLS and H-VPLS
• Describe, implement, and troubleshoot Unified MPLS and CSC
• Describe, implement, and troubleshoot LISP
• Describe, implement, and troubleshoot GRE- and mGRE-based VPN
• Describe, implement, and troubleshoot IPv6 transition mechanism, for example, NAT44, NAT64, 6RD, and
DS lite
• Describe, implement, and troubleshoot end-to-end fast convergence
• Describe, implement, and troubleshoot multi-VRF CE
• Describe, implement, and troubleshoot Layer 2 failure detection
• Describe, implement, and troubleshoot Layer 3 failure detection
• Describe, implement, and troubleshoot control plane protection techniques (LPTS and CoPP)
• Describe, implement, and troubleshoot logging and SNMP security
• Describe, implement, and troubleshoot timing, for example, NTP, 1588v2, and SyncE
• Describe, implement, and troubleshoot SNMP traps, RMON, EEM, and EPC
• Describe, implement, and troubleshoot port mirroring protocols, for example, SPAN, RSPAN, and ERSPAN
• Describe, implement, and troubleshoot NetFlow and IPFIX
• Describe, implement, and troubleshoot IP SLA
• Describe, implement, and troubleshoot MPLS OAM and Ethernet OAM
Add path is important to provide redundancy in RR deployments.
BGP-LS is used for seamless MPLS.
MLDP is used for transporting multicast over MPLS.
There are different VPN technologies as expected and there is also a strong focus on security, how to defend the control plane of your routers and to mitigate DDoS.
QoS is always important and also relates a bit to the above topic.
IPv6 transition will be come more and more important as v4 addresses are now a scarce resource.
Monitoring becomes more important as well and topics like MPLS OAM and Ethernet OAM are therefore added.
The following topics have been removed from the CCIE SP v4 lab:
• Describe, implement, optimize, and troubleshoot packet over SONET
• Describe, implement, optimize, and troubleshoot IP over DWDM
• Describe, implement, optimize, and troubleshoot SP high-end products
• Describe, implement, optimize, and troubleshoot SONET/SDH connections
• Describe, implement, optimize, and troubleshoot T1/T3 and E1/E3 connections
• Describe, implement, optimize, and troubleshoot IP over DSL to the customer
• Describe, implement, optimize, and troubleshoot IP over wire line to the customer
• Describe, implement, optimize, and troubleshoot IP over cable to the customer
Technologies like SONET, E1/T1 are definitely on their way out. There is still a lot of DSL deployed but the future access technologies will likely be more focused on fibre and Ethernet.
These topics are removed from the v4 written:
• Describe, implement, optimize, and troubleshoot Frame Relay connections
• Describe, implement, optimize, and troubleshoot ATM connections
• Entire domain: describe, implement, optimize, and troubleshoot managed service traversing the core
• Entire domain: describe service provider network implementing principles
Frame relay and ATM should be pretty non existant now except for some areas of the world. It’s time to move on.
The exam number for the has changed from 350-029 to 400-201, the written format will still be very similar but the lab has changed a lot. The lab now consists of the following sections:
- Troubleshoot
- Diagnostic
- Configuration
This is the same format as the CCIE RS v5. The day starts with TS which is alotted 2 hours. You can spend an extra 30 minutes on the TS which is deducted from the Configuration section if you wish to.
I won’t describe more of the format here. I will include links for more information at the end.
The important part is that there is a cut score per module and an overall passing score. The addition of the TS and diagnostic section makes sense. It’s desirable that candidates passing have experience and this usually shows more in these sections than in the configuration.
This picture sums up the different sections:
As mentioned earlier the entire lab has now been virtualized. The lab will be based on the following products and software versions:
• ASR 9000 Series running the Cisco IOS XR 5.2 release
• ASR 1000 Series running the Cisco IOS XE 3.13S.15.4(3)S release
• Cisco 7600 Series running the Cisco IOS 15.5(3)S release
• Cisco ME 3600 Series running the Cisco IOS 15.5(3)S release
What’s interesting here is that if Cisco is virtualizing the above platforms this should indicate that maybe there will be virtualized versions of these available in the future to buy or download.
There is already the CSR1000v which matches the ASR 1000, the XRv matches up with the ASR9k. So there must be images for Cisco 7600 and ME 3600 as well. Hopefully Cisco makes these available in some form in the future.
In this document, Cisco mentions that features from newer releases will not be tested and they provide more information on the equipment and what to replace it with if you don’t have a 7600 or ASR 9000.
Here is the document describing topics added and removed.
Finally, here is the landing page for the new CCIE SP v4.
My first impression is positive. Cisco is working on making the lab environment more unified. They have added new topics to update the exam such as network virtualization, EVPN, segment routing, BGP Flowspec. They have also removed legacy topics such as ATM and Frame Relay.
CCIE exams are more relevant than ever and the death of the CCIE is greatly exaggerated.