Professional Documents
Culture Documents
CCIE Ent Infra - Build Your Own Lab (And Beyond) - Presentation
CCIE Ent Infra - Build Your Own Lab (And Beyond) - Presentation
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
CCIE EI racks in
one of our DC
locations
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Domain 1: Network Infrastructure
• Layer2 Ethernet switching
• Switching, VLANs and related technologies, EtherChannel, STP family
• Unicast routing
• Static, OSPF, EIGRP, BGP, VRF, routing optimizations in every protocol
• Multicast routing
• Sparse, BiDir, RP discovery, SSM, Anycast RP, IPv6 Anycast RP
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Domain 3: Transport Technologies and Solutions
• MPLS
• Basic MPLS, basic MPLS L3VPNs (IPv4/IPv6)
• DMVPN
• Blueprint limited to troubleshooting dual-hub DMVPN deployments
• Please bear in mind that “troubleshooting” still includes fixing a broken or
incomplete configuration or tuning suboptimal performance
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Suggested
topology for
Domains 1 and 3
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Public 6
Topology Breakdown
• Two core / WAN edge routers
• CSR1000v recommended
• IGP/BGP toward ISPs, redundant default
routing, NAT, DMVPN hubs
• Access & distribution layer switches
• vIOS-L2 sufficient
• IGP routing
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Topology Breakdown
• Two ISPs
• An ISP can be reduced to a single
router inside the cloud, or arbitrarily
expanded so that the traffic between
two sites flows through a PE-P-PE
path (at least one P)
• vIOS sufficient
• One of ISP clouds can be a simple
switch emulating a “backdoor link”
• Two branches
• vIOS + vIOS-L2 sufficient
• Branch #3 allowing diverse L2/L3
scenarios
• Branch #4 kept very simple
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Domain 2: Software Defined Infrastructure
• Software Defined WAN
• New edge router onboarding, basic VPN connectivity, interworking with
traditional networks and with SDA, centralized and localized policies
• Software Defined Access
• Underlay configuration, macro and microsegmentation, VN management,
silent host support, L3 handoff to a traditional network or to SD-WAN
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Suggested
topology for
Domain 2
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Topology Breakdown
• vBond
• At least one, attached to WAN edge
routers
• vSmart
• At least one, attached to an access
layer switch (placement not critical)
• vEdge
• At least one, connected variably to
WAN edge routers and distribution
layer switches
• DNA Center, ISE, vManage
• Attached to the access layer switches
(placement not critical)
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Topology Breakdown
• Branch #1
• Simple SD-WAN/SDA site
• SDA Fabric-in-a-Box style
• Branch #2
• More complex site allowing
• 2x fabric edge + 1x fabric border (SDA)
• 1x fabric edge + 2x fabric border (SDA)
• Two SD-WAN vEdges provide
opportunities for redundancy, TLOC
extension, multiple topologies, …
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Putting It All Together
• The topology is a combination
of the previous two with one change
• In Branch #3, one WAN router is
a SD-WAN vEdge, allowing for
SD-WAN with 1 hub and 3 spokes
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Domain 4: Infrastructure Security and Services
• Device Security
• Network Security
• ACLs, DHCP Snooping, IPSG, DAI, Port Security, Private VLANs, RA Guard,
DHCP Guard, ND Inspection/Snooping, Source Guard, 802.1X
• System Management
• Device management through CLI, SNMP, RESTCONF, NETCONF, logging
• QoS
• Network Services
• FHRP, NTP, DHCP operations, NAT
• Network Optimization & Operations
• IP SLA, tracking objects, Flexible NetFlow, SPAN, EPC, Packet Trace
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Domain 4: Infra Security
and Services
• The topology offers a multitude of
options to practice Domain 4 topics
on virtually every location and their
combinations
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Domain 5: Infrastructure Automation and
Programmability
• Automation and Scripting
• EEM, Guest shell, Python, Python modules “cli” and “eem”
• Programmability
• vManage API, DNAC API, IOS-XE API, interaction with these APIs
appropriately using Postman, Python requests, Python ncclient, gRPC
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Domain 5: Infra Automation
and Programmability
• IOS-XE programmability tasks
particularly suited to HQ on r1/r2
• This is due to r1 and r2 being
recommended to run CSR1000v
• DNAC and vManage APIs obviously
located in HQ
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Hardware Requirements
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Building the SDA Part
• At least for now, the SDA part of the topology must be physical
• Different Catalyst switches can be used for this purpose:
• Catalyst 3650: Fabric Edge only
• Catalyst 3850: Fabric Edge, Border Node, Control Node, does not
support Fabric-in-a-Box
• Catalyst 9200: Fabric Edge only
• Catalyst 9300: Fabric Edge, Border Node, Control Node, Fabric-in-a-Box
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Solving the pain points with SDA
• We are internally working on a paid offering of remotely accessible,
scheduled CCIE-targeted training labs
• Rent-a-lab approach
• The labs will be built on top of a topology identical or very similar to the
full topology we have discussed in this webinar, consisting of 4 physical
Catalyst 9300 switches and a virtual part, fully covering the blueprint
• Individual labs will be targeted at selected technologies and their subsets
(for example SD-WAN, SDA, …), but the whole topology will be available
and unlocked to the candidate to play with
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
On what technology
should the training labs A. SDA
focus? B. SD-WAN
C. Programmability
D. Traditional networking
E. Interworking of SDA/SD-
WAN/traditional networking
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Getting ready for CCIE Enterprise Infrastructure
• Refer to CCIE Enterprise Infrastructure (v1.0) Exam Blueprint
• Consult the CCIE Enterprise Infrastructure (v1.0) Learning Matrix
• Visit Cisco Live! On-Demand Library
• Make friends with developer.cisco.com for programmability topics
• Consider using Cisco Learning Library for targeted courses
• Consider using Cisco dCloud for targeted technologies
• Consider using CML-P for your practice lab
• Join and be active in the Enterprise Certifications CLN community
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Q&A
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Thank you.
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Public 28