The CCDE

Session Number-1234

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

The CCDE
• What is the CCDE? • The Written Exam • The Practical Exam

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

3

The CCDE Logo
• This is not the CCDE Logo • There is no logo at this point • We are waiting on the Cisco Identity Team to come up with a logo for this certification • They intend to have a logo ready by the time the certification launches

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

4

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

What is the CCDE?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

5

What is the CCDE?
• Why Are We Doing This? • Where Does the CCDE Fit? • What the CCDE is Not • How the CCDE Was Developed • The Bottom Line

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

6

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Why Are We Doing This?
• To understand the CCDE, we need to start with the group building the CCDE
John Cavanaugh: TAC=>AS Global Services, 10+ years at Cisco Khalid Raza: TAC=>CA network design, 10+ years at Cisco Bruce Pinsky: TAC=>CA network design, 10+ years at Cisco Alvaro Retana: TAC=>IOS RP/Architecture Team, 10+ years at Cisco Russ White: TAC=>IOS RP/Architecture Team, 10+ years at Cisco Mosaddaq Turabi: TAC=>CA network design, 10+ years at Cisco Steve Barnes: 7+ years at Cisco

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

7

Why Are We Doing This?
• Notice the pattern?
We all started in implementation and troubleshooting We all moved into network and protocol design positions over our time at Cisco We all learned how to design networks by seeing networks fail

• As we moved, our certifications didn’t (really) keep up
This is a microcosm of the industry as a whole Where were you ten years ago?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

8

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Why Are We Doing This?
• The network engineering field has split into many pieces • Implementation and design are almost completely different career paths
Implementation Design Voice Voice SAN SAN

Operations and design are not normally both outsourced Design is almost always global, while operations might be global or regional Most people seem to move from operations to design work over time

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

9

Why Are We Doing This?
Voice Voice SAN SAN Design L3 Roots

• We seem to have lost our “roots”
We focus on specific technologies
Voice WAN Acceleration Security ....

We focus on “Places in the Network”
The data center The WAN The campus ....

Session_ID Presentation_ID

Implementation

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

10

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Why Are We Doing This?
• L3 design is no longer widely taught or practiced
Routing and L3 design are “easy,” in theory And yet... A lot of L3 design problems seem to be cropping up
Implementation Design L3 Roots Voice Voice SAN SAN

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

11

Why Are We Doing This?
• The CCDE
Is a certification with relevance to what I actually do Provides a target for those coming into design
Much like the original CCIE, this is a baseline You build special skills on top of this, not in lieu of it

Provides a backfill for those already in design
A baseline of skills on which to build special skills

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

12

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Where Does the CCDE Fit?
• Certifications can be seen in two dimensions
What does it certify?
Implementation Design
Strategic

How does it relate to the business?
Tactically or Strategically Vertically or Horizontally
Implementation Design Tactical

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

13

Where Does the CCDE Fit?
• The CCDE is Strategically Oriented
Not the “tyranny of the immediate” Long term problems are the focus Where is this network now? Where will it be in five years? How do I get it from here to there?
Implementation Strategic

Tactical

Design

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

14

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Where Does the CCDE Fit?
• The CCDE is Design Oriented
What changes do I need to make to....
Merge these Networks? Implement this Application? Provide this Level of Security? Prepare this Network for the Next Five Years?
Strategic

How do I transition the network?
Business hurdles? Technical hurdles? People hurdles?

Tactical

Implementation

Design

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

15

Where Does the CCDE Fit?
Senior Network Designer Designs large scale networks in a variety of business environments Troubleshoot and resolve design level issues

Network Designer Designs moderate scale networks in a narrow set of business environments Design components of larger networks

Network Designer Understands the fundamentals of network design Designs components of medium and large scale networks

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

16

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Where Does the CCDE Fit?
• The CCDE is more horizontal to the business
Interacts with the business, rather than following the business
T requ echnica l irem ents
l s na ion n ns ti o a t tio ig nc ific ta es Fu p e c en D S em nd pl a Im lans p

Technical specifications Implementation plans

p

s ines Bus ents irem requ tion enta igns lem Imp nd Des a lans

Session_ID Presentation_ID

Tech requ nical ireme nts Imple plans mentation

al ts nic en ion ch em tat Te quir en m re ple Im ans pl

re F u pla Im qui nct ns ple rem ion an me e al d nt nts De at sig ion ns

l tiona Func ents irem n requ tatio s men n Imple d Desig s an plan

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

17

What the CCDE is Not
• This is not a business test
There is no “budget” for any given problem

• But—there are business problems on the test
Business problems provide the primary structure Business problems provide the primary driver towards specific technology solutions

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

18

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

What the CCDE is Not
• You do not “go forth and configure”
This is higher level than the “?”

• This is not about choosing the right equipment in the right place
Hardware limitations only come in at a high level Hardware changes occur on a daily basis

• The skills you demonstrate for this certification should be timeless

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

19

How the CCDE Was Developed
• Start with a team of old timers
10+ years at Cisco Prior CCIE program involvement Current CCIE Currently doing design Must wear old folk’s glasses Gray hair a plus You get the idea....

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

20

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

How the CCDE Was Developed
• Walk through a group of typical customer engagements
Better known as “tell war stories” How did you get involved? What information were you given? What else did you ask for? What sorts of documentation did you provide? What process did you use to design the solution? How did you present the design? What changes were made during the presentation phase? Did it work?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

21

How the CCDE Was Developed
• Build a set of claims from the Engagement Structure • Classify each claim based on the type of task
Does the candidate need to know a piece of knowledge, know how to do something, or be able to analyze something?

• Set the weight for each claim
How important is it for a qualified candidate to know this?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

How the CCDE Was Developed
• Determine how to ask the question
Can the context for the question be contained in the stem of a single question? Are there analytical skills involved? Can the question be formed so it can be answered with a multiple choice response?

• The answers to these questions determine if the skill can be tested on the written, or they must be tested on the practical

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

How the CCDE Was Developed
• Write a bunch of questions
Cover the claims determined to be suitable for the written examination Cover the claims in the weightings determined

• Review a bunch of questions
Does the question actually test the claimed knowledge or skill? Is the question psychometrically sound? Do we care? Will knowing this specific bit of knowledge or having this specific skill actually impact someone’s ability to design well?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

24

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

How the CCDE Was Developed
• Throw out a bunch of questions
For every question on the beta examination, three were written

• Run the beta exam
Do a bunch of psychometric magic I’m a routing geek, not a psychometric geek, so don’t ask

• Throw out a bunch of questions
Didn’t we just do this? Three out of every four questions written were discarded

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

25

How the CCDE Was Developed
• How long did this take?
Two and a half years More than 100 years of “man hours”

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

26

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

The Cisco Certified Design Expert
The Bottom Line

• The CCDE is an expert level network design certification • Comparable to the CCIE in difficulty, depth, and breadth • Focusing on Layer 3 network design • Includes the touch points between layer 3 and the layers above and below • Includes the touch points between layers 3 and 9, but does not focus on business aspects • Is generally vendor neutral—technology, not features

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

The Written Exam

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

28

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

The Written Exam
• The Purpose of the Written • Written Outline
Design Routing Tunneling QoS Management Security

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

29

The Purpose of the Written
• Test Knowledge of Design Concepts
Theoretical Knowledge of Network Design Principles

• Test Technology Knowledge
No “Bit Level” Questions No Configurations Focused on Design Implications

• Show Qualification for the Practical
If you don’t know this stuff, you don’t have any hope of passing the practical....

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

30

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Routing
Aggregation

• If Host A sends a packet to Host F, what will happen?
The packet will be discarded at B The packet will be discarded at C The packet will be received by D The packet will be discarded at E The packet will be received by F

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

31

Routing
Aggregation

• The packet is discarded at C
The destination address is 10.1.1.48 This falls within 10.1.1.0/25 So the traffic is routed to C But C doesn’t have an ARP entry for this destination So it ARPs and drops the packet

• Why do we care?
Overlapping destinations are a fact of life when you aggregate You need to understand how they interact

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

32

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Routing
Aggregation

• What justification would you give for configuring Router A as an ABR, with the Hub and Spoke area as an OSPF stub area, without route summarization?
To reduce the routing table size at Router B To reduce the complexity of the full mesh in OSPF To reduce the impact of Router B failing at Router C To reduce SPF run time at Router A

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

33

Routing
Aggregation

• To reduce the impact of Router B failing at Router C
Router B failing would normally cause a full SPF run on all routers If the Hub and Spoke area is a stub, routers within the area would not run SPF for a failure at B

• Why do we care?
Failure domains are intrinsically related to flooding domains in link state protocols Failure domains are important in network design

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

34

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Routing
Layer 2 Interaction

• If the link between A and B fails, when will EIGRP on C discover the failure?
Immediately The next time B transmits a CDP status packet to C When the B takes the link to C down When the routing protocol adjacency fails

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

35

Routing
Layer 2 Interaction

• When the routing protocol adjacency fails
CDP doesn’t have status packets B has no reason to take the B to C link down when the A to B link fails As long as the link status is up, EIGRP on C has no reason to remove A from its neighbor table

• Why do we care?
Because this layer 2 behavior impacts network convergence at layer 3 When considering fast convergence to support an application, you need to take layer 2 links into account

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

36

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Routing
• Traffic Flow vs RP Metric Tuning • Routing Protocol Operation
Adjacency Formation Loop Free Paths

• Address Allocation • Multicast Operation
Multicast Routing

• Operational Costs of Configuration
Configuring with Intent

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

37

Tunneling
End Services

• A company wants carry credit card transactions between Host A and Host B. What tunneling mechanism should they consider?
L2TPv3 IPsec tunnels using AH An L3VPN using MPLS IPsec runnels using ESP

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

38

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Tunneling
End Services

• IPsec runnels using ESP
First, what sort of protection do we need for this application? Prevent outsiders from seeing it altogether L2TPv2: Provides layer 2 transport (not layer 3) IPsec using AH does not prevent from snooping L3VPNs using MPLS do not encrypt data IPsec using ESP encrypts the data

• Why do we care?
Because of the layer 3 interaction with the application What does the application need? What is the best layer 3 mechanism for providing it?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

39

Tunneling
Scalability

• What tunneling mechanism would you consider for connecting 1000 remote sites which need to be fully meshed, have layer 3 transport requirements only, and use OSPF routing?
VPLS IPsec using AH L3VPNs GRE tunnels

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

40

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Tunneling
Scalability

• L3VPNs
VPLS would require a full mesh of 1000 OSPF adjacencies IPsec would require a full mesh of 1000 tunnels, and wouldn’t support OSPF (no multicast support) GRE would require a full mesh of 1000 tunnels and OSPF adjacencies L3VPNs allow you to carry routing information through the tunnel infrastructure without forming adjacencies through the tunnels

• Why do we care?
The tunnel infrastructure directly impacts the layer 3 and routing scalability We need to choose the tunnel mechanisms we use with this in mind

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

41

Tunneling
L3 Routing Interaction

• When using any form of IPsec over GRE tunneling (for instance, DMVPNs) over a public or private network, how many routing instances will you need to provide full reachability?
One Two Three Four

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

42

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Tunneling
L3 Routing Interaction

• Two
One to provide reachability between the tunnel endpoints One to provide reachability between the destinations reachable through the tunnels

• Why do we care?
The tunnel mechanism directly impacts the routing design We need to design the routing around the tunneling mechanism chosen

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

43

Tunneling
• Topology
Understand the impact of logical and physical topologies

• Inter-Provider
Understand the mechanisms available for carrying tunnels through service provider boundaries

• Path Selection
Understand steering traffic with and into tunnels

• Failover
Understand mechanisms for providing fast failover in tunnel environments

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

44

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Quality of Service
Performance Metrics

• Which of the following would you deploy to control delay along the path from A to B?
Head of queue dropping Traffic policing Tail of queue dropping Traffic shaping

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

45

Quality of Service
Performance Metrics

• Traffic policing
Head of queue and tail of queue drops will drop random packets, so the delay will be random Traffic shaping will try to keep the traffic in line, but will really tail drop in this case Traffic policing will drop traffic which is out of policy, keeping the delay consistent

• Why do we care?
This is an interaction between layer 3 and transport behavior required by specific applications

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

46

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Quality of Service
Differentiated Services

• Which would you deploy to increase the throughput of multiple TCP traffic flows on a single link?
Head of queue dropping Traffic Policing Weighted RED Traffic Shaping

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

47

Quality of Service
Differentiated Services

• Weighted RED
Head of queue dropping will allow the TCP flows to synchronize Traffic policing and shaping will not balance between the flows to increase overall throughput Only WRED is specifically designed to prevent TCP flows from consuming all available queue resources, and leave room for other flows WRED reduces the “sawtooth” effect and synchronization of multiple TCP flows

• Why do we care?
This is an interaction between layer 3 and transport behavior required by specific applications

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

48

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Quality of Service
• Integrated Services
RSVP Operations

• Application Requirements
General requirements presented by common applications

• Class Starvation • Interaction with Other Technologies
DSCP bits in Ethernet, ATM, Frame Relay, etc.

• Policy Based Routing

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

49

Network Management
Analyze Network Conditions

• Which of the following is true of SNMP and Syslog?
Syslog always provides a wider variety of information than SNMP traps Syslog is more reliable than SNMP traps, since it is carried over TCP Syslog may lose information because of logging buffer overflows, but SNMP will not Syslog information is always available as SNMP traps

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

50

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Network Management
Analyze Network Conditions

• Syslog is more reliable than SNMP traps, since it is carried over TCP
Whether Syslog or SNMP provides more information in a specific case depends on the information provided by the device SNMP traps can be dropped because of buffer overflows Syslog information may overlap with SNMP traps, but not always

• Why do we care?
A network design engineer must know when to specify and use the various management tools available A network design engineer must know what sorts of information to expect from each tool when looking at a design or problem

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

51

Network Management
Management Tools

• If you wanted to determine the servers which transmit the most traffic to an external destination, which tool would be the most appropriate?
Packet level debugs filtered through an access list SNMP traps set for traffic flows Buffered Syslog based on packet event information Netflow traffic flow statistics

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

52

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Network Management
Management Tools

• Netflow traffic flow statistics
Packet level debugs? Right! SNMP wouldn’t be able to keep up with traffic flow information Syslog would depend on debugs or some other information

• What other options are there here?
IP Accounting? ACLs with logging?

• Why do we care?
A network design engineer must know when to specify and use the various management tools available A network design engineer must know what sorts of information to expect from each tool when looking at a design or problem

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

53

Network Management
• In-band verses Out-of-Band Management • SNMP Concepts and Operation • Auditable Factors in Network Management • Traffic Management Concepts • Change Management Concepts

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

54

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Security
Availability

• What would the result of configuring two synchronized servers with the same IP address, as shown, be?
A could split inbound sessions with B, causing difficult to troubleshoot problems A could overlap transactions with B, violating various regulations A could provide access to the service while B is under a DoS attack

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

55

Security
Availability

• A could provide access to the service while B is under a DoS attack
We don’t know enough about the configurations of these servers or their services to determine if the other options are correct But, we do know anycast is a common technique to provide resiliency during DoS attacks

• Why do we care?
A design engineer must be able to plan in mitigations against various attacks

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

56

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Security
Control Plane Protection

• What attacks would configuring unicast RPF at A and B prevent?
False routing protocol adjacencies from B, C, D, and E DoS attacks against A and B from B, C, D, and E Attacks from spoofed sources originating from B, C, D, and E Layer 2 based attacks against A and B sourced from B, C, D and E

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

57

Security
Control Plane Protection

• Attacks from spoofed sources originating from B, C, D, and E
uRPF would prevent spoofed packets from entering the network uRPF does not manage routing adjacencies uRPF does not block DoS attacks uRPF does not operate at layer 2

• Why do we care?
A design engineer must be able to plan in mitigations against various attacks

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

58

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Security
• Identity and Trust
Router access mechanisms 802.1x and other identity mechanisms

• Data Plane Protection
Infrastructure protection

• Incident Planning and Preparation

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

59

The Written Exam
• Layer 3 Focused
While we’ve seen questions which are not layer 3, they relate to some interaction with layer 3 Application reliance on layer 3 Layer 2 impact on layer 3

• No Configurations • No Bit Level Questions
Some detail, but not to the depth of bits, etc

• Broad Array of Technical Areas
Layer 3 Design, Routing, Tunneling, QoS, Management, and Security

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

60

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

The Practical Exam

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

61

The Practical Exam
• An Overview • High Level Skills
Analysis Design Implementation Justification (Abstraction)

• The Practical Format • A Short Practical Example

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

62

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

An Overview
• The Purpose of the Practical
Test application of knowledge to real problems Integrate smaller bits of knowledge into a useful whole Integrate business problems into technical design

• The Structure of the Practical
Computer based; no lab environment No configuration of real devices Scenario based Tightly scripted

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

63

An Overview
• What about multiple good solutions?
Aren’t there bound to be a bunch of good solutions for any given problem?

• Two Solutions
The scenarios are tightly scripted Business and technical requirements strongly bound the solution set In some places, there are multiple right answers When the requirements leave multiple solutions open, provisions are made to account for all right solutions Some right solutions might be worth more points than other right solutions, however

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

64

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Analysis
• Determine Network Expectations
Examine and understand business goals Examine and understand application requirements Examine and understand the implications of network failures

• Gather and Validate Information
Determine missing information Determine additional required tests

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

65

Design
• Focus on Technology
Understand technical/functional tradeoffs between solutions

• Reduce or Eliminate the Impact on Existing Services • Focus on Scalability • Common Cases verses the Worst Case
Determine what is likely, and plan for that, rather than for the worse case

• Focus on Elegance and Supportability
Know what’s necessary and what’s unnecessary Consider operational expenses (OPEX)

• Minimize Impact of Network Failures

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

66

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Implementation
• Develop an Implementation Plan
Consider interactions between the phases of implementation Minimize impact on services during implementation

• Develop a Contingency Plan

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

67

Justification
• Justify Technologies Chosen • Justify Changes in the Design
Based on functional requirements Based on technical requirements

• Consider Alternate Options
Justify moving or not moving to an alternate

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

68

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Abstraction
• Underlies Many of the Concepts
Analysis, Scalability, Elegance, Supportability, Resiliency, etc.

• Deploy a New Data Center
The Data Center as a Network
Capacity, Addressing, etc.

The Data Center as an Object
Placement, Capacity, etc.

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

69

The Practical Format
• You Begin with a Set of Documents
Background documents Network diagrams Email threads

• You then get a Set of Questions
Network diagram drag and drop/modify attributes Multiple choice Ordering a list Match two lists

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

70

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

The Practical Format
• As You Complete Questions You Gain Access to More Information
Decisions made in the design process New information about the network Changes in the network state

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

71

A Short Practical Example
• We need to install a new credit card processing application between Host A and Host K

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

72

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

A Short Practical Example
• What do we need to know to solve this problem?
What other applications are A and K running?
For simplicity, none

What QoS expectations does this new application have?
Session resets in outage of longer than 1 second

What are the security requirements for this new application?
Must be confidential through the public parts of the network

Why is there a firewall between Router F and Router B?
To protect K from attacks

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

73

A Short Practical Example
• Encrypt from A to B?
This doesn’t solve confidentiality in the public part of the network Doesn’t meet business requirements
Encryption

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

74

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

A Short Practical Example
• Secure Tunnel from A to K?
This bypasses the firewall, allowing A to attack K Doesn’t meet business requirements
Encrypted Tunnel

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

75

A Short Practical Example
• Secure Tunnel from A to G?
Provides confidentiality through the public parts of the network Does not bypass the firewall Appears to meet the requirements....
Encrypted Tunnel

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

76

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

A Short Practical Example
• What sort of tunnel should we use?
MPLS? GRE? IPsec AH? IPsec ESP? L2TPv3?
Encrypted Tunnel

• Which one meets the business requirements?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

77

A Short Practical Example
• How do we handle the convergence requirement?
Less than 1 second of failure time What are our considerations here?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

78

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

A Short Practical Example
• What problems might we have with these two switches?
How does B find out if E fails? How long does this detection take? How long does convergence take once the failure is detected?

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

79

A Short Practical Example
• You need to think through each aspect of the problem • Consider how the pieces will interact • Consider how to solve each specific problem presented

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

80

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Q and A

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

81

Recommended Reading
Continue your learning experience with further reading from Cisco Press

Optimal Routing Design, ISBN 1-58705-187-7

Available Onsite at the Cisco Company Store
Session_ID Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

82

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

83

Session_ID Presentation_ID

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

84

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr