A longtime issue with networking vendors is providing ports at one speed and the throughput at another speed.  I remember dealing with it back in 2005 with the first generation of Cisco ASA’s which primarily replaced the PIX Firewall.   Those firewalls provided 1Gbps ports, but the throughput the ASA could handle was about half that bandwidth.

Some marketing genius created the term wire speed and throughput.

If you’re curious about this go look at Cisco Firepower NGFW firewalls.  The 4100 series have 40Gbps interfaces, but depending on the model throughput is between 10Gbps and 24Gbps with FW+AVC+IPS turned on.

I have referenced several  Cisco devices, but it’s not a specific issue to Cisco.    Take a look at Palo Alto Networks Firewalls specifically the PA-52XX have four 40Gbps ports, but can support between 9Gbps and 30Gbps of throughput with full threat protection on.

The technology exists so why aren’t networking vendors able to provide wire-speed throughput between ports, even with the full inspection of traffic turned on?    I would very like to know your thoughts on this topic please leave a comment.

To my disappointment having completely read the CCNP Routing and Switching ROUTE 300-101 Official Cert Guide and the Implementing Cisco IP Routing (ROUTE) Foundation Learning Guide (CCNP ROUTE 300-101) for the CCNP Route Exam, these books are not aligned with the exam blueprint.

Looking at the exam blueprint, topics like CHAPv2 and Frame-Relay are still covered but are not used as much.   CHAPv2 is not mentioned in either book.   Secondly, technologies like IPSec VPN and MPLS get little coverage in the books but are prevalent in deployments today.   Additionally there no real configuration examples for DMVPN.

Cisco Press claims to be the official certification guides for the exams, it gives me great concern that the exam blueprint and the official certification guide are not in sync.  Wendell Odom [https://www.certskills.com/]. who wrote a number of the original certification guides always did a great job in matching the book to the exam blueprint and providing exercises to reinforce learning.  He no longer the author on the CCNP certification guides as Wendell focuses on the CCNA Routing and Switching.

The last time I went thru CCNP certification I used the Cisco Press Exam Certification Guides and Sybex CCNP books which included exercises.   Sybex no longer publishes CCNP books.

Before taking the test, I think I’ll find a lab workbook and execute the exercises on VIRL.

Studying for the CCNP Route 300-101 Route exam, there is no discussion of Border Gateway Protocol(BGP) Route Reflectors.    It doesn’t even make the exam blueprint.  BGP Route Reflectors are one of the most important elements for multi-home, multi-location BGP.    This blog post is not going to be a lesson in BGP, as there are plenty of resources do a great job explaining the topic.   Within an Autonomous system(AS) if there are multiple BGP routers, an iBGP full mesh is required.   Its a fancy way of saying all the BGP routers need to be connected within an AS.  Let’s take an example of a large company which has Internet peering in New York, Atlanta and San Francisco.   If the large company is the same AS number, that means it has at least 3 BGP routers, and for business reasons, the routers are dual and dual homed.   That makes 6 BGP routers.  Remember the formula for a full mesh is: N(N-1)/2.   Based on the formula, it would require 15 iBGP peering connections.  iBGP makes a logical connection over TCP, but it still needs 15 configurations.   This is a small example, but it doesn’t scale if we increased to 10 routers, that means 45 iBGP connections and configurations.

What does a route reflector do?

A Route Reflector readvertise routes learn from internal peers to other internal peers.   Only the route reflector needs a full mesh with its internal routers.  The elegance of this solution is that it is a way of making iBGP hierarchical.

The previous example of 6 routers, there are many ways to organize the network with Router Reflectors.   One Cluster with two route reflectors, two clusters with two route reflectors, etc.

 The astonishing part is something so fundamental to leveraging BGP is not cover on the CCNP Routing Exam according to the exam blueprint.

Got my CCNA certificate today via email.   Far from the day of getting a beautiful package in the mail.       The best is how Cisco lets you recertify after a long hiatus.

This morning I sat and passed Cisco 200-301 Designing for Cisco Internetwork Solutions.    The exam is not easy, it required an 860 to pass the exam.   17 years ago when I took it only required a 755.    I got 844 17 years ago.    This time I got an 884.    It’s a tough exam as it requires deep and broad networking knowledge across all domains routing, switching, unified communications, WLANs and how to use them in network designs.

That exam officially gives me a CCDA.   That officially makes 7 certifications (5 AWS and 2 Cisco) in 5 weeks.

Next up is the Cisco Exam for 300-101 ROUTE.

I passed the 200-125 CCNA exam today.   Actually scored higher than I did 17 years ago.     However the old CCNA covered much more material.   Technically per Cisco guidelines it’s 3 - 5 days  before I become officially certified.

Primarily I used VIRL to get the necessary hands-on experience and Ciscopress CCNA study guide.   Wendell Odom always does a good job and his blog is beneficial in studying.   The practice tests from MeasureUp are ok, but I wouldn’t get them again.

Next up the 200-310 DESGN.

Last time,  I started studying for Cisco Certifications, I built a 6 router one switch lab on my desk.   One router had console ports for all the other routers, and the management port was connected to my home network so I could telnet into each of the routers via their console ports.     It was exciting and a great way to learn and stimulate complex configurations.     The routers had just enough power to run BGP and IPSec tunnels.

This time, I found VIRL, which is interesting as you build a network inside an Eclipse environment.   On the backend, the simulator creates a  network of multiple VMs.

So far,  I built a simple switch network.   I’m using it with the Cloud service Packet as the memory and CPU requirements exceed my laptop.    Packet provides a bare-metal server which is required for how VIRL does a pxe-boot.   I wish there was a bare-metal option on AWS.

I’m still trying to figure out how to upload complex configurations and troubleshoot them.

The product is very interesting as it provides a learning environment for a few hundred dollars vs. the couple thousand which I spent last time to build my lab.