Jason Lunde

Author Archives: Jason Lunde

CCIE Data Center Lab, v2 – iPexpert’s Plan

CCIE Data Center Lab, v2 – iPexpert’s Plan

The announcement of the CCIE Data Center Version 2 blueprint has changed the exam that we once knew. No longer are the MDS switches around, plaguing us with the perfectly rational fears of iSCSI gateway configuration, or FCIP configuration nuances. Gone too are the days of fighting the IP protocol stack running on the ever-finicky MDS switches. While some rejoice these facts, I take a step back and try to wrap my head around “what’s next?”

At iPexpert we strive to stay ahead of the proverbial curve within the training market; so immediately after analyzing the impact of the changes (and subsequently drinking quite a bit of beer), we began planning and calculating the changes that we would need in order to adapt to the new version of the exam.

We will most definitely be updating our product portfolio to accommodate the changes. This includes, but is not limited to our:

• CCIE Data Center, Volume 1 – Technology Workbook
• CCIE Data Center, Volume 2 – Full-Scale Mock Lab Workbook
• CCIE Data Center Lab VoD
• CCIE Data Center Written VoD
• CCIE Data Center Lab Bootcamps (Live and Continue reading

CCIE DC v2 Silently Announced!

So as with most things, a student just pointed out to me that the CCIE DC v2 has silently been pushed out into the Cisco Learning portal! See here:

http://www.cisco.com/web/learning/certifications/expert/ccie_dc/index.html

There is a PDF in there now showing the differential changes in the v1 and v2 blueprints:

http://www.cisco.com/web/learning/certifications/shared/docs/ccie-datacenter-comparison.pdf

Lab Structure

Well here is the rundown folks:

  1. 1 hour diagnostic section added
    1. Tests diagnostics around network issues, and the analyzing of the network without access to actual devices
    2. Independent tickets garnered from multiple sources (diagrams, emails, logs, etc…)
    3. Multiple Choice, Drag-n-drop, point-and-click item types (similar to the written examination)
  2. Troubleshoot and Configuration will be the remaining 7 hours

You have to pass both of these sections individually (achieve the minimum), and as well have a combined score above the combined minimum for both modules.

Lab Topics and Hardware

They have changed quite a bit in regards to topics, though they haven’t removed very much from the existing lab exam. A lot of what I put in parenthesis below is me, making an educated guess as to what they mean by those line items. With an already pretty full 8-hour exam, cramming some, or even all Continue reading

Understanding NPV: Part 1 of a 2-part Series

N-Port Virtualization (NPV), and N-port ID Virtualization (NPIV) have been around for quite some time now. Enhancements have been made to the traditional NPV and NPIV implementations, making it more convenient for unified fabric topologies (which is what we will be discussing today). This blog, part 1 in a 2-part series, will be discussing the ‘fcoe-npv’ implementation of NPV/NPIV, while the next blog will be focused on the traditional implementation.

NPV and NPIV were created as a method in which we could add additional switches (i.e. port density), to a given fabric, without consuming additional domain-id’s, or adding to the administrative burden of a growing SAN (managing zoning, domain-id’s, principle switch elections, FSPF routing, etc…). A lot of this concern stemmed from the fact that the Fibre Channel standard limits us to 239 usable domain id’s. Essentially 8-bits, or the most significant byte in the Fibre Channel ID (FCID), is reserved for this domain-id. This byte is what is used within FSPF protocol to route traffic throughout a Fibre Channel fabric. While this gives us 256 addresses, only 239 are usable, as some are reserved. Beyond this, many vendors restrict us too a much smaller number of domain-id’s on Continue reading

Connectivity Policies in UCSM

The importance of using templates with Cisco UCS cannot be emphasized enough. Creating something that you can reuse over and over again, as well as update and push out to pre-created objects, can save you a ton of time from an administrative perspective. vNIC and vHBA templates are a great example of this within Cisco UCSM. These templates allow you to create reusable vNIC and vHBA objects that you can reference within the creation of a service-profile template or even a LAN/SAN connectivity policy.

20141216_01

20141216_02

You can reach even further with policies and template on UCS, and create what are known as LAN and SAN connectivity policies. These will allow us to pre-create the LAN and SAN connections for service profiles and service profile templates. Take this for example. Say we knew that we were going to deploy a lot of ESXi servers in our environment, and that they would all essentially have the same exact LAN requirements in terms of the number of NICs that they needed, and the VLANs that they would need for the hosts themselves, as well as the guest machines. We could create a connectivity policy for these servers, and reuse that policy in all of Continue reading

Routing on the CCIE Data Center Lab – How Deep Do We Need to Go?

Every time I teach NX-OS the same question often arises, “How good do we need to be at routing in order to pass the lab exam?” My first inkling is always to say ‘learn it all,’ but we all know that isn’t always possible. There is a ton of information to learn within the scope of this lab exam, so in order to fully understand this question, we need to look towards Cisco’s almighty guide, the blueprint!

They have gone pretty easy on us in terms of routing, but in their defense, they do have an entire lab dedicated to routing and switching. If we scan down the blueprint to Section 1.2, we see the category we are looking for:

Screen Shot 2015-03-20 at 2.54.17 PM

While that comprises that entire section, I would also err on the side of caution and include Section 1.4a grouped within the L3 category, those being first-hop routing protocols such as HSRP, GLBP, and VRRP.

Look at what they ask us for here, and lets analyze it. They ask for BASIC EIGRP and OSPF, Bi-directional forwarding detection, and equal-cost multi-pathing. ECMP isn’t really its own ‘protocol’, rather something that most L3 protocols support. We will see that Continue reading

Time To Get More Advanced :: FCIP Pt. 2!

Part 1 of this blog series created a topology, much like you see below, where we configured a single vE (virtual expansion) port from MDS1 to MDS2 across an IP network.  We merged VSAN 10 across this FCIP tunnel and verified it by looking into the FCNS database and ensuring that we saw entries from both sides.  Today we are going to build upon this topology, and get into some more advanced features like changing the default TCP port, setting DSCP values for the two TCP streams, and controlling who initiates the tunnel!

FCIPpt2g1

So first things first…the default port for FCIP is TCP port 3225. We will terminate both of our TCP streams on this port (we have 1 stream for control and another for data traffic). Essentially 1 of the MDS’s will initiate the connection to the other, and their destination port will be TCP/3225. Their source port will be some high-number ephemeral port by default (usually over 65000). We can look at the output of a ‘show int fcip #’ to find out who initiated, and on which ports!

MDS1-6(config-if)# show int fcip1
fcip1 is trunking
Hardware is GigabitEthernet
Port WWN is 20:10:00:0d:ec:1f:a4:00
Peer port WWN is Continue reading

FCIP – The Beginning

FCIP is notably a part of the CCIE Data Center lab exam blueprint. It is also a sticking point for a lot of candidates who have not done a whole lot on the storage networking side. Luckily FCIP has many correlations to the modern-day Ethernet networking that we all know and love, as it’s really just another tunneling technology! After some thought, I have decided to break this down into 2 blog posts. This one will cover FCIP basics, and another that will cover some more advanced FCIP options that you might have to use during the CCIE lab examination.

FCIP is used for extending a Fibre Channel (FC) network over an IP backbone. It encapsulates FC in IP so that SCSI and non-SCSI FC frames can be sent over an IP network. Normally most organizations are not going to do this simply for the sake of extending their FC network (why extend a lossless network over a lossy medium?), but rather for backup or replication jobs that need to occur between storage systems that are across some geographical distance. A typical deployment scenario is shown below:

20141229_01

Here we have two SANs separated by an IP network. Now, the Continue reading

Private VLAN Trunks :: Pt. 2: The Secondary (isolated) Trunk

Picking up where we left off on the first series, I want to discuss the other trunking option that we have in regards to PVLAN trunks. We might need a quick review on our PVLAN structure before we begin, however:

vlan 100
private-vlan primary
private-vlan association 200-201
vlan 200
private-vlan community
vlan 201
private-vlan isolated

This second trunk type is actually called the secondary, or isolated trunk. Much like the promiscuous trunk, this one has a pretty specific purpose, and that is to flip the VLAN tag when a frame is traversing a trunk. This time however, rather than removing the secondary VLAN tag, and replacing it with the primary tag, we are going to be doing the opposite! Remember how we were doing it with the promiscuous trunk? What happened here is the node with MAC A ingresses and is placed in VLAN 200. However, when it needs to reach the L3 GW (the router), we have to remove the secondary VLAN tag and replace it with the primary VLAN ID of 100 (so that it will hit the proper sub-interface on the router).

20141118_01

The routers return traffic will naturally be in VLAN 100 based on the sub-interface configuration. But Continue reading

CCIE Data Center Lab Preparation :: Notable Documentation CD Locations

It never fails … every class I teach I am asked the question “Where do I find topic X in the documentation?”  Usually at the top of the lists are the topics that generally have longer configurations surrounding them that are sometimes hard to remember. Topics like FHRP isolation when using OTV, iSCSI gateway configuration on the MDS, Fibre channel zoning, and so on.  So I wanted to compile a quick list of the top 3 that I am always being asked about.

The most popular topic is first-hop redundancy protocol isolation when using OTV.  This can be a tricky one, as it contains MAC ACLs referencing the VMAC (virtual MACs) for the protocol you are trying to filter, access-list identifying the FHRPs multicast hello address, route-maps, route-redistribution filters, and VACLs.  I will have to admit, it is one that I definitely had trouble remembering!  The easiest way to find it is by locating the white paper outlining its use! Follow me!

Our famous starting point will always be here, we will call it “root”:

http://www.cisco.com/cisco/web/psa/default.html?mode=prod

20141119_01

From here we want to drill down:

Switches >> Data Center Switches >> Nexus 7000 Series Switches Continue reading