Kevin Wallace's Blog http://tortillarepublic.com/?labs=blog.rss OSPF Route Filtering <p>Let's say you have one or more IP routes that you don't want appearing in a router's IP routing table. The reason might be for security or&nbsp;for&nbsp;router performance, as a couple of examples. With OSPF, there are three primary ways to accomplish this route filtering:</p> <ul> <li>Filter a route coming in from another autonomous system, as part of a <em>redistribution</em> configuration.</li> <li>Filter a route between areas, using a <em>filter list</em>.</li> <li>Filter a route from being installed in an single router's IP routing table, using a <em>distribute list</em>.</li> </ul> <p>This video discusses these three approaches, and it demonstrates the configuration of two of these approaches (because redistribution is a topic unto itself).</p> <p>Enjoy the video!</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 14 Nov 2017 11:00:00 +0000 http://tortillarepublic.com/?labs=blog/ospf-route-filtering http://tortillarepublic.com/?labs=blog/ospf-route-filtering 5 Changes in Cisco Unified Communications Manager (CUCM) Version 12.0 <p>If you&rsquo;re one of the 200,000+ Cisco customers using a <em>Cisco Unified Communications Manager</em> (CUCM) server to support your Cisco IP Phones and soft clients, this blog post is for you. Specifically, Cisco recently introduced their latest version of CUCM, version 12.0, and this post will identify a five of the&nbsp;major changes in this new version.</p> <h3>1. Support for Hybrid Deployments</h3> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/HswIjXm8QECZ7jT0IWH2_Screen_Shot_2017-10-27_at_11.48.11_AM.png" width="368" height="197" /></p> <p>For the past year or so, I&rsquo;ve been getting questions from people concerned that CUCM is&nbsp;going away, and that Cisco Unified Communication (UC) customers will&nbsp;gravitate towards Cisco&rsquo;s cloud-based call management solution, called<em> Cisco Hosted Collaboration Solution</em> (HCS). To get some answers, at Cisco Live US earlier this year, I asked one of the Cisco UC engineers about their plans. He assured me that Cisco is committed to going forward with both solutions (i.e. their cloud-based solution and their on-premises CUCM solution). He also explained customers don&rsquo;t have to choose one or the other, because both the cloud-based and locally hosted solutions can communicate and work together in a<em> hybrid deployment</em>. CUCM 12.0 supports this hybrid design approach, which lets you have fewer SIP trunks going out to your service provider, because calls within your location are being handled locally by your CUCM server.</p> <h3>2. Unsupported IP Phone Models</h3> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/iWTl4Fz5S5iuI23a2ZdD_7970.jpg" width="348" height="232" /></p> <p>Before upgrading to CUCM 12.0, you might have to replace some (and potentially many) of your Cisco IP Phones. The following Cisco IP Phone models are not supported in CUCM 12.0 (and many of the following are not supported in CUCM 11.5 either):</p> <ul> <li>7970G</li> <li>7971G-GE</li> <li>7921G</li> <li>12 SP+</li> <li>30 VIP</li> <li>7902</li> <li>7905</li> <li>7910</li> <li>7910SW</li> <li>7912</li> <li>7920</li> <li>7935</li> </ul> <h3>3. Smart Software Licensing</h3> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/HFkCyDwT4WCHfYOHZXrg_Software_License.jpeg" width="342" height="228" /></p> <p>CUCM 12.0 doesn&rsquo;t use the traditional <em>Product-Activation Key</em> (PAK) for licensing. Instead, it relies on Cisco&rsquo;s new approach to licensing, called <em>Smart Software Licensing</em>, where your licenses are associated with your Cisco account, rather than the specific device being licensed.</p> <h3>4. IPv6-Only Support</h3> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/h61kdRBRQfiPmzZETydw_IPv6.jpg" width="348" height="232" /></p> <p>Although it&rsquo;s not a requirement, CUCM 12.0 allows you to have an all-IPv6 deployment.</p> <h3>5. Enforcement of Minimum TLS Version</h3> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/Q9NhyRRYTvsYiLkPGjSq_Authentication.jpg" width="295" height="295" /></p> <p>Perhaps you have a security policy that requires a minimum version of <em>Transport Layer Security</em> (TLS) be used between your UC devices. CUCM 12.0 allows you to specify the minimum TLS version to be used. TLS 1.0 is configured by default, but you can change that minimum to version 1.1 or 1.2.</p> <h3>Lots More Features</h3> <p>Of course, CUCM 12.0 introduces lots of other new features and updates. For a comprehensive discussion on all things new with CUCM 12.0, click <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong>.&nbsp;</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 31 Oct 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/cucm12 http://tortillarepublic.com/?labs=blog/cucm12 Configuring Quality of Service Using MQC <h3>The Need to Know MQC in a World of Automation</h3> <p>These days, <em>Quality of Service</em> (QoS) can be configured relatively easy. If we&rsquo;re using the <em>APIC-EM</em> as a network controller to manage our routers and switches, we can simply point and click our way through the <em>EasyQoS</em> utility and have a very robust QoS configuration applied to our devices. Even at the command line interface (CLI) of a router a switch, we could invoke the power of <em>AutoQoS VoIP</em> (to optimize QoS settings for voice traffic, or (just on routers) <em>AutoQoS for the Enterprise</em> (to discover network traffic patterns and create a customized QoS configuration to reflect our network&rsquo;s specific characteristics).</p> <p>However, what if you need to make an adjustment to such dynamically generated QoS settings? If you examine the underpinnings of any of these QoS automation tools, you&rsquo;ll see they all use the same approach to configure most (of not all) of their QoS settings. This approach is called <em>Modular QoS CLI</em>, or <em>MQC</em> for short. So, even if you intend to use automated QoS tools for the bulk of your configurations, I still posit you need to have an understanding of the MQC approach to QoS configuration, in the event you need to modify, or simply better understand, one of your autogenerated QoS configurations.</p> <p>That&rsquo;s the goal of this blog post, to give you a better understanding of the 3-step process involved in configuring QoS using MQC. Also, this post will equip you with collection of verification and troubleshooting commands.</p> <h3>Examples of QoS Features Configurable with MQC</h3> <p>The main reason knowledge of MQC is critical for network professionals is that MQC is the way we configure almost all of our QoS features (with the rare exception of something like a <em>Link Fragmentation and Interleaving</em> (LFI) configuration, which does not use MQC). Consider some of the QoS features that can be configured using the MQC approach:</p> <ul> <li><strong>Classification:</strong> Classification recognizes specific traffic types, based on a wide spectrum of criteria. This could be as simple as recognizing Telnet traffic by recognizing TCP segments using Telnet&rsquo;s well-known port number of 23. Or, this could be as advanced as using <em>Network-Based Application Recognition</em> (NBAR), which has the ability to perform deep packet inspection and recognize the signatures of many applications.</li> <li><strong>Marking:</strong> After classifying traffic, it can be marked by altering bits to indicate that traffic&rsquo;s priority. For example, at Layer 2, we could use a <em>Class of Service</em> (CoS) marking. A CoS marking uses three bits to indicate a frame&rsquo;s priority, resulting in a range of possible CoS values of 0 through 7. Interestingly, Cisco forbids us to use values of 6 or 7 (with the exception of protocols such as OSPF required for network operation), meaning that we should mark our highest priority traffic (e.g. voice traffic) with a 5. At Layer 3, we could mark traffic with either an <em>IP Precedence</em> or a <em>Differentiated Services Code Point</em> (DSCP) marking. While IP Precedence has the same 3-bit limitation as CoS, DSCP uses 6 bits to indicate a packet&rsquo;s priority. That results in 64 possible priority values (in the range 0 &ndash; 63). While we could specific decimal values to indicate a DSCP value in our configuration, the IETF standards body has selected and named 21 of these 64 values. These named DSCP values are called <em>Per-Hop Behaviors</em> (PHBs), and it&rsquo;s a best-practice recommendation to use these pre-selected values in our configuration.</li> <li><strong>Congestion Management:</strong> Even if we go to the trouble of classifying and marking traffic, that doesn&rsquo;t necessarily mean that we&rsquo;ve impacted the behavior of that traffic. Specifically, we need to have one or more other QoS mechanisms that can look at those markings, and make a decision (e.g. a forwarding decision or a dropping decision) based on those markings. One such mechanism is <em>congestion management</em>, also known as <em>queuing</em>. To illustrate the importance of queuing, let&rsquo;s pretend a router is receiving traffic from a LAN connection at a rate of 1 Gbps and trying to send that traffic out on a relatively slow-speed WAN link (e.g. 10 Mbps). In response to this massive speed mismatch, a router can allocate some of its memory (i.e. a <em>buffer</em> or a <em>queue</em>) to temporarily store packets that cannot be immediately sent due to the lack of WAN bandwidth. Then, in a moment, when that WAN bandwidth becomes available, the router can selectively take packets out of its queue and send them on their way. The process of storing packets and determining in what order to forward packets out of that queue is called <em>queuing</em>. While Cisco routers support a myriad of queuing mechanisms, the two you&rsquo;re most likely to encounter are <em>Class-Based Weighted Fair Queuing</em> (CB-WFQ) and <em>Low Latency Queuing</em> (LLQ). CB-WFQ allocates minimum amounts of bandwidth for various traffic classes. LLQ enhances CB-WFQ, by adding a priority queue for traffic such as voice and video. Packets placed in the priority queue get sent ahead of other packets, up to a limit (i.e. a priority queue refrains from continual transmission, which could otherwise starve out other traffic types).</li> <li><strong>Congestion Avoidance:</strong> When a queue fills to capacity, bad things happen. Not only do low priority and high priority traffic flows alike get rejected as they attempt to place their packets in the queue, something even more insidious occurs. Specifically, when a segment, as part of a TCP flow, is dropped, the TCP session will assume it&rsquo;s sending too aggressively, and reduce its window size (i.e. the number of segments it sends before pausing and waiting to receive an acknowledgement of receipt from the far end of the conversation). This behavior is called <em>TCP Slow Start</em>. It then follows that if a queue is completely full, all TCP flows almost simultaneously go into TCP Slow Start, causing a massively inefficient use of bandwidth commonly referred to as <em>Global Synchronization</em> or <em>TCP Synchronization</em>. To combat the ill effects of a queue filling to capacity, we can use a mechanism such as <em>Weighted Random Early Detection</em> (WRED) to keep an eye on queue depth. As WRED detects a queue is starting to fill up, it can introduce&nbsp;the possibility that packets with specific markings might be dropped. This probably increases along with queue depth, preventing a queue from every completely filling to capacity. Packets with different markings (i.e. different weightings) can take on different drop probabilities. However, a downside to WRED is its aggressiveness in causing a TCP flow to reduce its window size (i.e. the fact that it&rsquo;s dropping packets). A kinder and gentler approach would be to politely ask the far size of a TCP flow to voluntarily reduce its window size, as opposed to forcing it into TCP Slow Start by dropping one or more packets. This approach is possible through the use of <em>Explicit Congestion Notification</em> (ECN), which can be added to our configuration after we fist configure WRED.</li> <li><strong>Traffic Conditioning:</strong> While we sometimes want to guarantee a minimum amount of bandwidth for our traffic, there are other times we want to set a speed limit on specific traffic types (e.g. network gaming traffic). The QoS mechanisms that let us set such speed limits are called <em>Traffic Conditioners</em>, and two traffic conditioners configurable using MQC include <em>policing</em> and <em>shaping</em>. While policing and shaping each limit the amount of bandwidth available to specific traffic classes, policing, by default, discards packets exceeding the configure bandwidth limit. Conversely, shaping stores such excess packets in a queue, and when bandwidth becomes available, that traffic is taken out of the queue and transmitted. Think of it this way: Policing (by default) drops excess traffic, while Shaping delays excess traffic.</li> <li><strong>Link Efficiency:</strong> Link efficiency mechanisms, which help us make the most efficient use of the bandwidth available on a slow WAN link, are less important today than they were a few years ago. They were extremely valuable when our WAN link speeds hovered around 768 kbps (or less). For example, <em>RTP Header Compression</em> (cRTP) could&nbsp;reduce the overhead of packets making up a voice conversation, reducing the 40 Bytes of a combined IP, UDP, and RTP header to only 2 or 4 Bytes. However, Cisco recommends that we only use cRTP on link speeds less than 2 Mbps. So, its usefulness diminishes as our link speeds climb higher.</li> </ul> <h3>MQC Configuration</h3> <p>Now that we have a basic understanding of some of the QoS features configurable with MQC, let&rsquo;s go through an example where we actually use MQC to configure a router with a collection of these features.</p> <p>The first thing to understand about MQC is that it&rsquo;s performed in three distinct steps:</p> <ul> <li><strong>Step #1</strong> creates a collection of one or more Class Maps, which classify different types of traffic into different &ldquo;buckets.&rdquo; By the way, Cisco cautions us not to create more than eleven of these Class Maps for any one interface. Also be aware that there is one Class Map we have by default, and it&rsquo;s named <strong>class-default</strong>. We cannot (nor would we want to) delete this pre-existing Class Map.</li> <li><strong>Step #2</strong> creates a Policy Map, which specifies the QoS settings applied to each class of traffic.</li> <li><strong>Step #3</strong> applies a Policy Map (typically, but not always, to an interface). The application of the Policy Map also specifies the direction in which the Policy Map is applied, meaning that it&rsquo;s conceivable an interface would have two Policy Maps applied, one in the inbound direction and one in the outbound direction.</li> </ul> <p>This example illustrates a sample&nbsp;configuration using&nbsp;these three steps:</p> <h4>Step 1: Create One or More Class Maps</h4> <p><code>HQ-ROUTER#<strong>conf term</strong></code></p> <p><code>Enter configuration commands, one per line.&nbsp; End with CNTL/Z.</code></p> <p><code>HQ-ROUTER(config)#<strong>class-map match-any EMAIL</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol exchange</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol pop3</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol smtp</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol imap</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>exit</strong></code></p> <p><code>HQ-ROUTER(config)#</code></p> <p>The above Class Map name of <strong>EMAIL</strong> is case-sensitive, and I personally use the practice of capitalizing the names of all Class Maps and Policy Maps I create. That lets mean quickly spot things in the configuration I&rsquo;ve named, as opposed to some Cisco IOS keyword. Also, notice the use of the <strong>match-any</strong> option. This tells the&nbsp;Class Map that a packet will be classified into this Class Map if it meets any of the matching criteria. By default, a Class Map uses the Boolean logic of <strong>match-all</strong>, meaning that in order to be classified in a Class Map, a packet would have to match each of the specified criterion. In this example, however, a variety of e-mail packet types are classified into this one Class Map. Also, note the <strong>protocol</strong> keyword used as part of the <strong>match</strong> command. That keyword uses NBAR to recognize the signature of the specified protocol.</p> <p><code>HQ-ROUTER(config)#<strong>class-map VOICE</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol rtp audio</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>exit</strong></code></p> <p><code>HQ-ROUTER(config)#</code></p> <p>In our second Class Map, we&rsquo;re classifying voice over IP (VoIP) traffic. Notice the absence of the <strong>match-any</strong> or <strong>match-all</strong> qualifier in the <strong>class-map</strong> command. As mentioned previously, the default logic is <strong>match-all</strong>. However, since we have only one match criterion in this Class Map, there&rsquo;s no need to specify any alternate logic. Finally, notice the keyword of <strong>audio</strong> in the <strong>match</strong> command. This qualifier helps us categorize just VoIP traffic into the VOICE class, since video streams also use Real-Time Protocol (RTP).</p> <p><code>HQ-ROUTER(config)#<strong>class-map match-any WEB</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol http</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol secure-http</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>exit</strong></code></p> <p><code>HQ-ROUTER(config)#</code></p> <p>In our third Class Map, we&rsquo;re categorizing both HTTP and HTTP traffic into the <strong>WEB</strong> Class Map.</p> <p><code>HQ-ROUTER(config)#<strong>class-map SCAVENGER</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>match protocol bittorrent</strong></code></p> <p><code>HQ-ROUTER(config-cmap)#<strong>exit</strong></code></p> <p>Although BitTorrent is used for many legitimate purposes, let&rsquo;s assume that in this example, we&rsquo;ve had issues with employees illegally downloading movies using BitTorrent, and we want to restrict it&rsquo;s bandwidth.</p> <h4>Step 2:&nbsp;Apply QoS Policies to Class Maps Using a Policy Map</h4> <p><code>HQ-ROUTER(config)#<strong>policy-map DEMO</strong></code></p> <p><code>HQ-ROUTER(config-pmap)#<strong>class EMAIL</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>bandwidth 512</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>random-detect dscp-based</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>random-detect ecn</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>exit</strong></code></p> <p>We begin by creating a Policy Map named <strong>DEMO</strong>. From there, we use the <strong>class</strong> command to enter <strong>policy-map-class</strong> configuration mode for the Class Maps we configured in Step #1. First, we go into <strong>policy-map-class</strong> configuration mode for the <strong>EMAIL</strong> Class Map. The <strong>bandwidth</strong> command (which enables the CB-WFQ queuing feature) uses <em>kbps</em> as its unit of measure, and here&rsquo;s what the <strong>bandwidth 512</strong> command is saying: "Give this class of traffic at least 512 kbps of bandwidth if it needs that much, and give it more if it needs more, and more is available." The <strong>random-detect dscp-based</strong> command enables WRED, and tells WRED to make its packet dropping decisions based on packets&rsquo; DSCP values, as opposed to IP Precedence values. Note that the <strong>random-detect</strong> command cannot be given to a class of traffic until you first apply the <strong>bandwidth</strong> command to the traffic class. The <strong>random-detect ecn</strong> command is then used to enable WRED&rsquo;s Explicit Congestion Notification feature.</p> <p><code>HQ-ROUTER(config-pmap)#<strong>class VOICE</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>priority 256</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>exit</strong></code></p> <p>Next, we enter <strong>policy-map-class</strong> configuration mode for the <strong>VOICE</strong> class of traffic. The <strong>priority 256</strong> command (which enables the LLQ queuing feature) is saying: "Give this class of traffic 256 kbps of bandwidth, but no more, and send packets in this class ahead of other packets."</p> <p><code>HQ-ROUTER(config-pmap)#<strong>class WEB</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>bandwidth 768</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>random-detect dscp-based</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>random-detect ecn</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>exit</strong></code></p> <p>Next, we configure CB-WFW for the <strong>WEB</strong> class of traffic, using the same basic commands (with the exception of bandwidth amount) as we used for the <strong>EMAIL</strong> traffic class.</p> <p><code>HQ-ROUTER(config-pmap)#<strong>class SCAVENGER</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>police 128000</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c-police)#<strong>exit</strong></code></p> <p><code>HQ-ROUTER(config-pmap-c)#<strong>exit</strong></code></p> <p><code>HQ-ROUTER(config-pmap)#<strong>exit</strong></code></p> <p>Finally, we use the <strong>police 128000</strong> command on the SCAVENGER traffic class (i.e. the traffic class containing the BitTorrent traffic). Interestingly, the units of measure for the <strong>police</strong> and <strong>shape</strong> commands is <em>bps</em>, as opposed to <em>kbps</em> used by CB-WFQ and LLQ. This command says: "Drop any traffic in the <strong>SCAVENGER</strong> class that exceeds 128 kbps of bandwidth."</p> <p><strong>Step 3:&nbsp;Apply the Policy Map</strong></p> <p><code>HQ-ROUTER(config)#<strong>int gig 0/1</strong></code></p> <p><code>HQ-ROUTER(config-if)#<strong>service-policy output DEMO</strong></code></p> <p><code>HQ-ROUTER(config-if)#<strong>end</strong></code></p> <p><code>HQ-ROUTER#</code></p> <p>While we can get fancy, and do things like nesting one Policy Map inside another, we commonly (as is this example) apply a Policy Map to an interface. Here, we&rsquo;re applying the Policy Map named <strong>DEMO</strong>&nbsp;to packets leaving (i.e. coming out of) interface Gig 0/1.</p> <h3>MQC Verification</h3> <p>Let&rsquo;s consider the three primary commands used to verify and troubleshoot an MQC configuration:</p> <h4><strong>show class-map</strong></h4> <p>This command displays information about the Class Maps configured on the router, along with information about what traffic types are classified in each Class Map. Here&rsquo;s the output from our example:</p> <p><code>HQ-ROUTER#<strong>show class-map</strong></code></p> <p><code>&nbsp;Class Map match-any class-default (id 0)</code></p> <p><code>&nbsp;&nbsp; Match any &nbsp;</code></p> <p><code>&nbsp;Class Map match-any EMAIL (id 1)</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; exchange</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; pop3</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; smtp</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; imap</code></p> <p><code>&nbsp;Class Map match-any WEB (id 3)</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; http</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; secure-http</code></p> <p><code>&nbsp;Class Map match-all VOICE (id 2)</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; rtp audio&nbsp;</code></p> <p><code>&nbsp;Class Map match-all SCAVENGER (id 4)</code></p> <p><code>&nbsp;&nbsp; Match protocol&nbsp; bittorrent</code></p> <p><code>HQ-ROUTER#</code></p> <p>Notice that the output also shows us the <strong>class-default</strong> Class Map, which we have by default. You can think of this as a &ldquo;catch all&rdquo; Class Map, meaning that if you don&rsquo;t explicitly classify a packet into a Class Map you create, it will be classified into the <strong>class-default</strong> Class Map.</p> <h4><strong>show policy-map</strong></h4> <p>This command shows what policies (i.e. specific QoS features and settings) are applied to our Class Maps. Here&rsquo;s the output from our example:</p> <p><code>HQ-ROUTER#<strong>show policy-map</strong></code></p> <p><code>&nbsp; Policy Map DEMO</code></p> <p><code>&nbsp; &nbsp; Class EMAIL</code></p> <p><code>&nbsp; &nbsp; &nbsp; bandwidth 512 (kbps)</code></p> <p><code>&nbsp;&nbsp; &nbsp; &nbsp; packet-based wred, exponential weight 9</code></p> <p><code>&nbsp; &nbsp; &nbsp; random-detect ecn</code></p> <p><code>&nbsp; &nbsp; &nbsp; dscp&nbsp; &nbsp; min-threshold&nbsp; &nbsp; max-threshold&nbsp; &nbsp; mark-probablity</code></p> <p><code>&nbsp; &nbsp; &nbsp; ----------------------------------------------------------</code></p> <p><code>&nbsp; &nbsp; &nbsp; default (0) &nbsp; -&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; -&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1/10</code></p> <p><code>&nbsp; &nbsp; Class VOICE</code></p> <p><code>&nbsp; &nbsp; &nbsp; priority 256 (kbps)</code></p> <p><code>&nbsp; &nbsp; Class WEB</code></p> <p><code>&nbsp; &nbsp; &nbsp; bandwidth 768 (kbps)</code></p> <p><code>&nbsp;&nbsp; &nbsp; &nbsp; packet-based wred, exponential weight 9</code></p> <p><code>&nbsp; &nbsp; &nbsp; random-detect ecn</code></p> <p><code>&nbsp; &nbsp; &nbsp; dscp&nbsp; &nbsp; min-threshold&nbsp; &nbsp; max-threshold&nbsp; &nbsp; mark-probablity</code></p> <p><code>&nbsp; &nbsp; &nbsp; ----------------------------------------------------------</code></p> <p><code>&nbsp; &nbsp; &nbsp; default (0) &nbsp; -&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; -&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1/10</code></p> <p><code>&nbsp; &nbsp; Class SCAVENGER</code></p> <p><code>&nbsp;&nbsp; &nbsp; police cir 128000 bc 4000</code></p> <p><code>&nbsp;&nbsp; &nbsp; &nbsp; conform-action transmit&nbsp;</code></p> <p><code>&nbsp;&nbsp; &nbsp; &nbsp; exceed-action drop&nbsp;</code></p> <p><code>HQ-ROUTER#</code></p> <h4><strong>show policy-map interface </strong><em>interface_id</em></h4> <p>This is my favorite QoS verification command, because it shows us the combined information we saw in the two previous <strong>show</strong> commands. Also, it gives us counts for how many packets and how many Bytes have been classified by each Class Map. Here&rsquo;s the output from our example:</p> <p><code>HQ-ROUTER#<strong>show policy-map interface gig 0/1</strong></code></p> <p><code>&nbsp;GigabitEthernet0/1&nbsp;</code></p> <p><code>&nbsp;&nbsp; Service-policy output: DEMO</code></p> <p><code>&nbsp;&nbsp; &nbsp; queue stats for all priority classes:</code></p> <p><code>&nbsp; &nbsp; &nbsp; Queueing</code></p> <p><code>&nbsp; &nbsp; &nbsp; queue limit 64 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; (queue depth/total drops/no-buffer drops) 0/0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; (pkts output/bytes output) 0/0</code></p> <p><code>&nbsp;&nbsp; &nbsp; Class-map: EMAIL (match-any) &nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; 5 minute offered rate 0000 bps, drop rate 0000 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol exchange</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol pop3</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol smtp</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol imap</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Queueing</code></p> <p><code>&nbsp; &nbsp; &nbsp; queue limit 64 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; (queue depth/total drops/no-buffer drops) 0/0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; (pkts output/bytes output) 0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; bandwidth 512 kbps</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; Exp-weight-constant: 9 (1/512)</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; Mean queue depth: 0 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; dscp &nbsp; &nbsp; &nbsp; Transmitted&nbsp; &nbsp; ECN &nbsp; &nbsp; &nbsp; Random drop&nbsp; &nbsp; &nbsp; Tail drop&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Minimum&nbsp; &nbsp; &nbsp; &nbsp; Maximum &nbsp; &nbsp; Mark</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pkts/bytes &nbsp; &nbsp; marked&nbsp; &nbsp; &nbsp; &nbsp; pkts/bytes &nbsp; &nbsp; &nbsp; pkts/bytes&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; thresh &nbsp; &nbsp; &nbsp; &nbsp; thresh &nbsp; &nbsp; prob</code></p> <p><code>&nbsp;&nbsp; &nbsp; Class-map: VOICE (match-all) &nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; 5 minute offered rate 0000 bps, drop rate 0000 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol rtp audio&nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; Priority: 256 kbps, burst bytes 6400, b/w exceed drops: 0</code></p> <p><code>&nbsp;&nbsp; &nbsp; Class-map: WEB (match-any) &nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; 5 minute offered rate 0000 bps, drop rate 0000 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol http</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol secure-http</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; 5 minute rate 0 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Queueing</code></p> <p><code>&nbsp; &nbsp; &nbsp; queue limit 64 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; (queue depth/total drops/no-buffer drops) 0/0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; (pkts output/bytes output) 0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; bandwidth 768 kbps</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; Exp-weight-constant: 9 (1/512)</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; Mean queue depth: 0 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; dscp &nbsp; &nbsp; &nbsp; Transmitted&nbsp; &nbsp; ECN &nbsp; &nbsp; &nbsp; Random drop&nbsp; &nbsp; &nbsp; Tail drop&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Minimum&nbsp; &nbsp; &nbsp; &nbsp; Maximum &nbsp; &nbsp; Mark</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pkts/bytes &nbsp; &nbsp; marked&nbsp; &nbsp; &nbsp; &nbsp; pkts/bytes &nbsp; &nbsp; &nbsp; pkts/bytes&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; thresh &nbsp; &nbsp; &nbsp; &nbsp; thresh &nbsp; &nbsp; prob</code></p> <p><code>&nbsp;&nbsp; &nbsp; Class-map: SCAVENGER (match-all) &nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; 5 minute offered rate 0000 bps, drop rate 0000 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: protocol bittorrent</code></p> <p><code>&nbsp; &nbsp; &nbsp; police:</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; cir 128000 bps, bc 4000 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; conformed 0 packets, 0 bytes; actions:</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; transmit&nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; exceeded 0 packets, 0 bytes; actions:</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; drop&nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; &nbsp; conformed 0000 bps, exceeded 0000 bps</code></p> <p><code>&nbsp;&nbsp; &nbsp; Class-map: class-default (match-any) &nbsp;</code></p> <p><code>&nbsp; &nbsp; &nbsp; 0 packets, 0 bytes</code></p> <p><code>&nbsp; &nbsp; &nbsp; 5 minute offered rate 0000 bps, drop rate 0000 bps</code></p> <p><code>&nbsp; &nbsp; &nbsp; Match: any&nbsp;</code></p> <p><code>&nbsp;&nbsp; &nbsp; &nbsp; queue limit 64 packets</code></p> <p><code>&nbsp; &nbsp; &nbsp; (queue depth/total drops/no-buffer drops) 0/0/0</code></p> <p><code>&nbsp; &nbsp; &nbsp; (pkts output/bytes output) 0/0</code></p> <p><code>HQ-ROUTER#&nbsp;</code></p> <h3>Summary</h3> <p>While an in-depth study of each QoS feature mentioned in this post would fill an entire course, the goal of this post was to introduce you to the 3-step MQC process and to give you a passing familiarity with many of the QoS mechanisms configurable with MQC. Equipped with this knowledge, my hope is that you&rsquo;re now better able to interpret the auto-generated QoS configs you encounter.</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 17 Oct 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/mqc http://tortillarepublic.com/?labs=blog/mqc What I Would Do If I Were Starting Over <p>A common question I hear from people just getting into the Cisco world is, &ldquo;K<em>evin, what would you do if you were starting from scratch?</em>&rdquo; Sometimes, that question takes the form of, &ldquo;<em>Which track (e.g. Collaboration, Route/Switch, etc.) has&nbsp;the biggest job opportunities?</em>&rdquo;</p> <p>For years, my response was the same, &ldquo;<em>If you get really good in any track, there are plenty of opportunities. So, pick the track that&rsquo;s most interesting to you. After all, you&rsquo;re going to be spending a lot of time studying that track&rsquo;s technology. So, you&rsquo;d better love it!</em>&rdquo;</p> <p>While I still believe that advice is sound, I&rsquo;ve got to admit my answer to that question changed a bit. The reason is, while there is certainly demand for IT professionals in all of Cisco&rsquo;s certification tracks, a couple of technologies recently leapt to the forefront:</p> <ol> <li>Network Programmability</li> <li>Cyber Security</li> </ol> <p>This blog post answers the question of what I would do if I were starting my career over, keeping in mind the emergence of these two hot topics.</p> <h3>The &ldquo;Hybrid Engineer&rdquo;</h3> <p>Earlier this year at <em>Cisco Live US</em>, I remember listening to Chuck Robbins&rsquo; keynote, where he described the type of network engineer that was needed for the future. They would have to have traditional <em>command line interface (CLI) skills </em>in addition to <em>programming skills</em>. They could then merge these different skills sets, allowing them to write programs (e.g. Python programs) to configure network devices (often referred to as<em> network programmability</em> or <em>Software Defined Networking </em>(SDN)). He then coined a term for&nbsp;this new breed of network engineer, calling them <em>hybrid engineers</em>.</p> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/C6sft8XxSqm5s2kDdJLR_Screen_Shot_2017-09-27_at_12.52.37_PM.png" width="539" height="349" /></p> <p>Thinking that network programmability would primarily be used with routing and switching technologies (in an enterprise or a data center), I chatted with a Cisco engineer about Cisco&rsquo;s vision for the future regarding network programmability. He explained how Cisco envisioned a future where all of their technologies could be controlled by programming. For example, a Cisco Unified Communications Manager (CUCM) could be configured programmatically, rather than through the traditional graphical user interface (GUI). However, as you&rsquo;re imagining&nbsp;this, please keep in mind that programs could either communicate directly with the network devices being managed, or they could communicate with&nbsp;a network controller (e.g. a <em>Cisco APIC</em> or <em>APIC-EM</em>), which then reaches out and configures the network devices.</p> <p>Based on my&nbsp;conversation, I concluded that for any serious network professional, learning network programmability was a necessity, not just a &ldquo;<em>nice to have</em>&rdquo; on a resume. In fact, if you&rsquo;ve read this blog for a while, you might remember my first post of 2017, where I declared it was time to&nbsp;make a career&nbsp;pivot and start learning network programmability. That&rsquo;s when I started digging into network programmability, and it&rsquo;s been my focus most of this year.</p> <h3>1.5 Million Unfilled Jobs</h3> <p>Another disruptor in the IT space is <em>cyber security</em>. Depending on which article you read, you&rsquo;ll learn that by the year 2019 or 2020, there is projected to be 6 million jobs in cyber security, with a staggering 25 percent of those jobs (i.e. 1.5 million jobs) unfilled. That&rsquo;s the biggest technology-specific job opportunity I&rsquo;ve ever seen.</p> <h3>My &ldquo;Starting Over Plan&rdquo;</h3> <p>With these two statistical outliers (i.e. technologies with a disproportionate demand in today's marketplace) in mind, here's what I would do if I were starting over. However, please understand this is what I believe would be right for me. I don&rsquo;t know your circumstances, learning style, interests, job situation, nor&nbsp;a myriad of other determining factors. So, what I&rsquo;m proposing is not to be taken as what I&rsquo;m recommending you personally do. Rather, it&rsquo;s my response to the oft-asked question of what I would do, if I had to start over. However, I do hope you follow the logic in my plan and determine whether or not similar moves might be appropriate in your career.</p> <h4>Step #1: Earn&nbsp;My CCNA R/S Certification</h4> <p>Yes, I know. Routing and switching technologies have been around for decades, and they aren&rsquo;t perceived as <em>hot topics</em>. However, I contend that no matter what track you find yourself going down (e.g. Collaboration, Data Center, Security, Wireless, etc.), packets need to be routed, and frames need to be switched. So, as a foundation, I believe in learning routing at switching at the CCNA R/S level.</p> <h4>Step #2: Learn the Fundamentals of Network Programmability</h4> <p>Since network programmability is a necessary skill, regardless of the&nbsp;technology-specific track on which you focus, I would next&nbsp;learn fundamental concepts surrounding network programmability. These concepts include topics such as: <em>Python</em> programming, <em>JSON</em> and <em>XML</em> formatting, <em>YANG data modeling</em>, <em>Cisco APIC-EM</em> configuration, <em>Cisco APIC</em> configuration, Telnetting directly to network devices with <em>telnetlib</em>, connecting to devices with Secure Shell (SSH) using <em>Paramiko</em> and <em>Netmiko</em>, and configuring network devices (regardless of vendor) using <em>NETCONF</em>.</p> <h4>Step #3: Earn&nbsp;My CCNP R/S Certification</h4> <p>Next, I would get my CCNP R/S, not only based on my previous assertion about the pervasive need for routing and switching knowledge, but also because earning my CCNP R/S demonstrates I can learn concepts at a deep level. My belief is there is more reward for&nbsp;going deep in a single technology track (e.g. to the NP or IE levels) as compared to going shallow in multiple technology tracks (e.g. earning multiple NA-level certs).</p> <h4>Step #4: Earn My CCNA CyberOps Certification</h4> <p>With the overwhelming demand for CyberOps professionals looming ahead, I&rsquo;d want to be conversant in cyber security topics and concepts. At the time of this blog post, Cisco only has a CCNA-level certification for CyberOps, but nothing yet at the CCNP or CCIE levels. However, I believe earning my CCNA CyberOps would be a valuable career move, regardless of whether or not I actually focus on CyberOps in my job role.</p> <h4>Step #5: Earn My CCNA and CCNP Certifications in the Track Most Interesting To Me</h4> <p>This step harkens back to my previous advice about picking a track you&rsquo;re interested in, because you really need to love something to spend that much time with it. So, after building a foundation in routing and switching, learning fundamental network programmability concepts, and becoming acquainted with cyber security, I would then start marching down the certification track that most closely aligned with my interests. After earning the CCNA cert in that track (or the CCDA&nbsp;cert&nbsp;for the Design track), I would then proceed to earn the CCNP (or CCDP) cert in that track.</p> <h4>Step #6: Decide if I&rsquo;m Willing to Commit to Earning a CCIE in My Preferred Track</h4> <p>Preparing for a CCIE certification is incredibly challenging. I find the written exams to be super intense, and the corresponding lab exams an order of magnitude more intense. Personally, I have two CCIEs, one in Route/Switch and one in Collaboration. My first CCIE lab (which was in R/S) took me three attempts to pass. My second CCIE lab, in which I invested approximately 1,600 hours of study, took me two attempts to pass, and was the most difficult thing I&rsquo;ve done in my entire career.</p> <p>The point is, if you make the commitment to earn your CCIE (or CCDE in the Design track), it&rsquo;s going to disrupt your life. Prior to passing&nbsp;the lab for my second CCIE, I studied every day from October of one year till&nbsp;my lab date in late March of the following year (with the exception of taking off Christmas Day). Going in, I knew my life would be out of balance during those months, but I&rsquo;m blessed with a supportive family that allowed me the intense focus I needed. However, your situation might be different. If you&rsquo;re an external thinker rather than an internal thinker (in other words, you do your best reasoning when discussing a problem with others), you&rsquo;re at a disadvantage in the CCIE lab. If you&rsquo;re a slower typist (e.g. you type&nbsp;at a rate of less than 60 words per minute), you&rsquo;re at a disadvantage in the CCIE lab. While these personal characteristics (and others like them) have nothing to do with your knowledge of technologies, they can still derail your CCIE pursuit.&nbsp;You need to have a serious conversation with yourself about your readiness to take on such a daunting task. When having that self-dialogue, determine the level of desire you have regarding your CCIE cert.</p> <p>Peak performance strategist Anthony Robbins points out the word <em>desire</em> comes from the Latin roots of <em>de</em> and <em>sire</em>, which mean <em>&ldquo;Of the Father</em>.&rdquo; That leads to my personal belief that if you have a strong desire for something, that desire came from somewhere, and you&rsquo;ve been equipped to attain that thing you desire. This means I wouldn&rsquo;t pursue a CCIE just because it might&nbsp;be a good career move. I would only go down that path if I had a white hot desire that wouldn&rsquo;t let me do anything other than pursue my CCIE.</p> <h4>Step #7: Pick Another Track</h4> <p>After reaching the CCNP level in my preferred field of study, or perhaps the CCIE level if I had that burning desire, I would then pick another track I had interest in and repeat the process. Learning is a lifelong journey I believe should never cease, but you must select wisely.</p> <p>As an illustration, when I was younger, I&rsquo;d go into a book store looking for bargains. Now, I go into a book store looking for the books that will move the needle the most in my life, understanding that our time here is limited. We&rsquo;ll never learn it all. So, let&rsquo;s choose wisely what to learn next.</p> <h3>Summary</h3> <p>Well, there you have it, the seven steps I would personally take if I were starting my career over. As a reference, the following graphic shows how I visualize the route/switch training and the network programmability training as&nbsp;being foundational. Then, independent silos of technologies stack on that foundation.</p> <p><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/QuXrep9fRKC3M64fjdiw_Screen_Shot_2017-09-27_at_1.39.29_PM.png" width="540" height="306" /></p> <p>If you decide to adopt&nbsp;some of these strategies for your own career, I've personally created&nbsp;resources to get you through&nbsp;the first three steps:</p> <ul> <li><a href="#" target="_blank" rel="noopener noreferrer">CCNA R/S Complete Video Course</a></li> <li><a href="#" target="_blank" rel="noopener noreferrer">Fundamentals of Network Programmability Video Course</a></li> <li><a href="#" target="_blank" rel="noopener noreferrer">CCNP R/S Complete Video Course Library</a></li> </ul> <p>All the best in your studies!</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 03 Oct 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/startingover http://tortillarepublic.com/?labs=blog/startingover Fundamentals of Auto Smartports <p>The <em>Auto Smartports</em> feature available on Cisco Catalyst switches allows a port to automatically detect that you&rsquo;ve attached a device it can recognize (e.g. a Cisco IP Phone, wireless access point, video surveillance camera, etc.)</p> <p>Then, it runs a macro on that port to apply a "best practice configuration," including QoS, STP, and security settings.</p> <p>This video introduces you to this exciting feature and gives you a configuration demonstration.</p> <p>For scaling automatic configurations beyond a single switch, check out Cisco&rsquo;s <em>Software Defined Networking</em> (SDN) solutions. In fact, you can sign up for my <a href="#" target="_blank" rel="noopener noreferrer">Free SDN Mini-Course</a> by clicking <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong>.</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 26 Sep 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/smartports http://tortillarepublic.com/?labs=blog/smartports 3-Year Anniversary & My First Live On-Line Training Class In 3 Years <p>Some of my blog posts (most of them, in fact) focus on teaching you some technical content or offer career advice. But, sometimes, I just need to share a major milestone&nbsp;with you. That&rsquo;s what I&rsquo;m doing in this post (actually, a couple of major milestones), and I hope you can (virtually) celebrate with me.</p> <p>The first milestone is my <em>3-year anniversary</em> of being in business full-time as <em>Kevin Wallace Training, LLC</em>. Specifically, on Sept. 26, 2014, I walked away from my 14-year position as an instructor for a Cisco Learning Partner (CLP) to run my own business.</p> <p>During the past&nbsp;three years, I&rsquo;ve released a ton of training videos. However, I hadn&rsquo;t actually taught a live online class,&nbsp;allowing me to interact with participants. That all changed this month, which brings us to the second milestone.</p> <p>Earlier this week (I&rsquo;m writing this on 9/15/17), I wrapped up my first live-online training class in about three years. I was given the opportunity to to teach a <em>CCNA R/S Crash Course</em>. The course was a total of 16 hours (for hours a day, for two days a week, for two weeks). The interest and engagement blew me away. There were 403 people that signed up for the first week of class, and we cranked through the big topics on the CCNA R/S (200-125) exam.</p> <p>If you were one of those in attendance, please accept my <em>thank you</em> for entrusting me with your time and attention, and for bringing your <em>A game</em> to the training. (The amount of questions and comments was insane!)</p> <p>Another reason I wanted to share this is&hellip; <em>I&rsquo;m doing it again next month!</em></p> <p>That&rsquo;s right. On October 4th and 5th (from 11:00 AM - 3:00 PM Eastern Time), I&rsquo;ll be doing Part 1 of the CCNA R/S Crash Course. Then, on October 11th and 12th, I&rsquo;ll be doing Part 2 of that course.</p> <p>Here&rsquo;s the agenda for both parts of the course:</p> <h3>Part 1:</h3> <h4>DAY 1 (10/4/17)</h4> <ul> <li>Segment 1: Fundamentals of Networking (2hrs)</li> <li>Segment 2: LAN Switching (2hrs)</li> </ul> <h4>DAY 2 (10/5/17)</h4> <ul> <li>Segment 3: IP Routing (3hrs)</li> <li>Segment 4: Wide Area Networks (WANs) (1hr)</li> </ul> <h3>Part 2:</h3> <h4>DAY 1 (10/11/17)</h4> <ul> <li>Segment 5: Network Services&nbsp;(2hrs)</li> <li>Segment 6: Securing Network Devices&nbsp;(2hrs)</li> </ul> <h4>DAY 2 (10/12/17)</h4> <ul> <li>Segment 7: Network Management&nbsp;(3.5hrs)</li> <li>Segment 8: Final Preparation&nbsp;(30mins)</li> </ul> <p>I&rsquo;d love it if you could join me next month for this live event. Here are the links to register (TIP: Be sure to register for both Part 1 and Part 2):</p> <ul> <li>Click <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong> to Register for CCNA R/S (200-125) Crash Course - Part 1</li> <li>Click <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong> to Register for CCNA R/S (200-125) Crash Course - Part 2</li> </ul> <p>By the way, I just checked, and both parts are about half full. So, please <em>secure your spot now</em>.</p> <p>Of course, you might be wondering how much this costs. Well, the great news is, if you already have an existing <em>Safari Books Online</em> account, there&rsquo;s no extra cost! It&rsquo;s included with your membership. (On a side note, I really think having a Safari Books Online account is one of the best values for IT professionals out there today, because you get access to a ton of online books and videos.)</p> <p>In fact, you can sign up for a FREE 10-day trial by clicking <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong>.</p> <p>So, you could sign up on or before Oct. 1st, and attend Part 1 of the training for free (assuming there are still seats available at that time).</p> <p>Let me just wrap up with a heartfelt <strong><em>thank you</em></strong>&nbsp;for your encouragement and trust over the past three years, and I hope we can spend some time together in class next month.</p> <p>All the best,</p> <p>Kevin</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 19 Sep 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/3-yr-anniversary http://tortillarepublic.com/?labs=blog/3-yr-anniversary Introduction to GitHub for Cisco Network Engineers <p><em>Software Defined Networking</em> (SDN) can use a network controller to help orchestrate the monitoring and configuration of multiple network devices, allowing for faster configuration and more scalability. While these controllers have graphic user interfaces (GUIs), allowing them to be individually configured by an administrator, they can also be controlled with programs (typically written in <em>Python</em>).</p> <p>Fortunately, network administrators don't have to create all of their Python programs from scratch. Instead, they can download sample code (which they can then modify for their needs) from other programmers. They can also share their own code. <em>GitHub</em> is a very popular way to share such code samples. This video will introduce you the the fundamentals of GitHub and show you how to get started with your own free GitHub account.</p> <p>This video is a sample from my new <strong><a href="#">Fundamentals of Network Programmability</a> </strong>course.</p> <p>You can get more of my FREE network programmability training videos sent to you by entering your name and e-mail <strong><a href="#">HERE</a></strong>.</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 12 Sep 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/introduction-to-github-for-cisco-network-engineers http://tortillarepublic.com/?labs=blog/introduction-to-github-for-cisco-network-engineers H.323 Gateway Configuration <p>Before Cisco had a&nbsp;<em>Collaboration</em>&nbsp;track, they had a&nbsp;<em>Voice</em>&nbsp;track. One of the courses in that track&rsquo;s curriculum was the&nbsp;<em>CVOICE</em>&nbsp;course, and it really got into the configuration of H.323 gateways. I actually loved that course. I write three versions of the CVOICE book for Cisco Press and taught the CVOICE course for many years.</p> <p>Sadly (for me anyway), the CVOICE course went away when Cisco moved to the Collaboration track. One of the main topics in that CVOICE course was the configuration of H.323 gateways.</p> <p>Although, H.323 gateways are still touched on in the Collaboration curriculum, it doesn&rsquo;t receive the attention it used to receive. Yet, it&rsquo;s still a critical technology to master.</p> <p>So,&nbsp;this video&nbsp;seeks to demystify how to configure a Cisco IOS router to act as an H.323 gateway.&nbsp;</p> <p><iframe src="https://www.youtube.com/embed/3BqLzlI4DxQ?rel=0&amp;controls=0&amp;showinfo=0" width="853" height="480" frameborder="0" allowfullscreen="allowfullscreen"></iframe>Enjoy the video!</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 29 Aug 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/h-323-gateway-configuration http://tortillarepublic.com/?labs=blog/h-323-gateway-configuration Overview of Cisco's CCNA Cyber Ops Certification <p>Many people ask me what technology (e.g. route/switch, collaboration, data center, etc.) they should pursue, based on industry demand. For years, my response has been, &ldquo;There&rsquo;s demand in all of those areas. Just pick the one you&rsquo;re most interested in, because you&rsquo;re going to spend a lot of time studying and working with that technology.&rdquo; While I still contend that&rsquo;s sound advice, I&rsquo;ve got to admit there is one technology forecasted to be disproportionately in demand. That technology is <em>cybersecurity</em>.</p> <p>It was a recurring theme at Cisco Live this year (Las Vegas, 2017); the demand for cybersecurity professionals is massive. Former Symantec CEO Michael Brown projected 6 million cybersecurity jobs by 2019, with a whopping 1.5 million of those jobs being unfilled. In the United States, the average salary for a cybersecurity professional is $67,000. However, with a few years of experience, cybersecurity professionals in the aerospace, defense, or&nbsp;financial services industry can earn salaries over $100,000.</p> <p>Cisco recently introduced a <em>Cybersecurity Operations</em> (Cyber Ops) certification track. At the time of this writing (August, 2017), that track contains only one certification, the <em>CCNA Cyber Ops</em> certification. Following are the details about this new certification:</p> <ul> <li><strong>Job Role:</strong> The goal of the CCNA Cyber Ops curriculum and certification is to prepare someone to work in a Security Operations Center (SOC) as an associate-level security analyst.</li> <li><strong>Prerequisites:</strong> None. That&rsquo;s right! You don&rsquo;t have to have earned your CCNA R/S cert, or even your CCENT cert. You can immediately start working towards your CCNA Cyber Ops cert.</li> <li><strong>Exams:</strong> SECFND (210-250) and SECOPS (210-255). &nbsp;Interestingly, since neither the CCENT &nbsp;cert nor the CCNA R/S cert is a&nbsp;prerequisite, you&rsquo;ll find some basic networking concepts in the SECFND&nbsp;material.</li> <li><strong>Main Topics:</strong> Network Concepts, Security Concepts, Cryptography, Host-Based Security Analysis, Security Monitoring, Attack Methods, Endpoint Threat Analysis and Computer Forensics, Network Intrusion Analysis, Incident Response, Data and Event Analysis, and Incident Handling.</li> <li><strong>Cisco Press Books:</strong> For your study, Cisco Press has two books (one for each exam) making up their <em>CCNA Cyber Ops Official Cert Guide Library</em>. You can click <strong><a href="#" target="_blank" rel="noopener noreferrer">HERE</a></strong> to order.<a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/ahG1FUpHRyuUfp2g1hQ2_Screen_Shot_2017-08-16_at_2.33.36_PM.png" width="200" height="249" /></a></li> </ul> <p>If all this sounds like it&rsquo;s in your wheelhouse, then in terms of job opportunities, (<a href="#" target="_blank" rel="noopener noreferrer">to paraphrase Timbuk 3</a> ) the future&rsquo;s so bright you gotta wear shades.</p> <p>Take good care,&nbsp;</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 22 Aug 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/overview-of-cisco-s-ccna-cyber-ops-certification http://tortillarepublic.com/?labs=blog/overview-of-cisco-s-ccna-cyber-ops-certification BGP Route Reflectors <p>A BGP-speaking router, by default, will not advertise an Internal BGP (iBGP) route to an iBGP neighbor. One solution for this issue is to create a full mesh of neighborships within an Autonomous System (AS). However, that approach doesn&rsquo;t scale well.</p> <p>A more scalable solution is to use a BGP Route Reflector. That&rsquo;s the focus of this new video I created for you. You&rsquo;ll see the issue BGP has with iBGP-learned routes and how to overcome that issue with a BGP Route Reflector configuration.</p> <p><iframe src="https://www.youtube.com/embed/txrIETLNjhY?rel=0&amp;controls=0&amp;showinfo=0" width="711" height="400" frameborder="0" allowfullscreen="allowfullscreen"></iframe></p> <p>Enjoy the video!</p> <p>Kevin</p> <p><a href="http://tortillarepublic.com/?labs=p/about-kevin" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/41QuOFl7RdWwNpCkmujT_QE3brCWSYaZQ2FwpInZC_Headshot.png" alt="" width="136" height="136" /></a></p> <p><em><strong>Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945</strong></em></p> <p><a href="#" target="_blank" rel="noopener noreferrer"><img src="https://s3.amazonaws.com/kajabi-storefronts-production/blogs/3184https://kwallaceccie.mykajabi.com/images/D7y66tcVSAmjHBJSSzWi_X5uJWwKtRM6LrghvN6W5_Subscribe.png" alt="" width="225" height="102" /></a></p> Tue, 15 Aug 2017 10:00:00 +0000 http://tortillarepublic.com/?labs=blog/bgp-route-reflectors http://tortillarepublic.com/?labs=blog/bgp-route-reflectors