3 RZM BT 7 O

Ccie4career.
com Skype ID 1: ccie04final

Skype ID 2: nguyenbich279
CCIE4CAREER.COM - CCIE Service Provider TS1 C1

WORKBOOK
CCIE4career.com
Document Information
Author Combat, CC Dreamer, Nevermore
Change Authority Advanced Team Focus
Skype ID1: ccie04final (NOT live:ccie04final)
Please Contact
Skype ID2: nguyenbich279 (NOT live:nguyenbich279)
Version 1.0
Date 9/2/2020
Comment History Solution only
9/2: update questions
1
CCIE4Career.com
The best solution, very clear Workbook  The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
CONTENTS
1. Question 1 .......................................................................................... 5
2. Question 2 .......................................................................................... 9
3. Question 3 ........................................................................................ 12
4. Question 4 ........................................................................................ 14
5. Question 5 ........................................................................................ 17
6. Question 6 ........................................................................................ 21
7. Question 7 ........................................................................................ 23
8. Question 8 ........................................................................................ 27
9. Question 9 ........................................................................................ 29
10. Question 10 ...................................................................................... 32
11. Question 11 ...................................................................................... 36
2
CCIE4Career.com
Main Topology
3
CCIE4Career.com
Troubleshooting Guidelines
Important!!: Read the Following Guidelines Before Starting the Section
 This section is comprised of a set of troubleshooting scenarios.

 You have a maximum of 150 minutes to complete the section. A warning
message will be displayed after 120 minutes.
 The final score of this section is combined with the Configuration and the
Diagnostic sections to complete your final Pass or Fail status on the Cisco CCIE
lab exam.
 Candidates must reach a minimum threshold in all three sections and achieve
an overall cut score in order to pass the CCIE certification.
1. You will be presented with preconfigured routers and switches in the topology.
Do not change the following configuration on the devices:
 Hostname
 Enable password "cisco"
 Console line configuration
2. For all the authentication configurations in the lab, password is "cisco" unless
changed to introduce a break
3. Points are awarded for finding and fixing inserted faults in the presented fully
configured topology. An inserted fault is an introduced break for a scenario
that was previously working. Depending on the scenario, fixing inserted faults
could require one or multiple command lines on the same or multiple devices.
4. The resolution of one incident may depend on the resolution of previous
incident(s). The dependency will not be visible if incidents are resolved in
sequence.
5. There is no physical fault introduced in the presented topology.
6. Do not change any routing protocol boundaries. Refer to the provided diagrams
7. Do not remove any feature that Is configured in order to resolve an
Incident; you must resolve the misconfiguration rather than removing
it all (examples. Access-lists. PBR. CoPP. MCC. and so on) The only exception
to this rule is when there is no other choice except to remove the faulty
configuration in order to resolve the incident.
8. Static and default routes are not permitted unless preconfigured These
restrictions include floating static routes and routes that are generated by a
routing protocol. Routes to Null 0 that are generated as a result of a dynamic
routing protocol solution are permitted.
9. Tunneling and policy-routing are not permitted unless They are preconfigured.
10.Points will be deducted for every incident in which a prohibited solution is used.
11.Candidates have control of all required devices in the topology.
4
CCIE4Career.com
1. Question 1
Question:
INET enabled a random sampled NetFlow:
- Sourced from XYZ PEs collect one packet out of 1.

- Sourced from XYZ ASBRs collect one packet out of 10.
- Other packets collect one packet out of 100.
5
CCIE4Career.com
Verify collecting as expected:
- ping 100.2.2.2 source loopback0 repeat 1000 command on Cisco IOS XE

devices.
- ping 100.2.2.2 source loopback0 repeat 1000 command on Cisco IOS XR
devices.
Fix it, you should see the output similar to this example:
INET#show flow-sampler
Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%
Time source is hardware calendar, *01:17:09.702 CST Thu Mar 15 2018
Sampler : HIGH, id : 1, packets matched : 3005, mode : random sampling mode

sampling interval is : 1
Sampler : MEDIUM, id : 2, packets matched : 300, mode : random sampling mode

Sampler : LOW, id : 3, packets matched : 1, mode : random sampling mode

Solution:
Checked initial configure about Net flow:
INET:
flow-sampler-map HIGH
mode random one-out-of 1
!
flow-sampler-map MEDIUM
!
flow-sampler-map LOW
multilink bundle-name authenticated
!
class-map match-all HIGH
match access-group 101
class-map match-all MEDIUM
match access-group 102
!
policy-map MY-POLICY
class HIGH
class MEDIUM
class class-default
netflow-sampler LOW
!
6
CCIE4Career.com
access-list 101 permit ip 0.0.1.0 255.255.0.255 any
access-list 102 permit ip 0.0.2.0 255.255.0.255 any
Fix the problem:

policy-map MY-POLICY
class HIGH
netflow-sampler HIGH
class MEDIUM
netflow-sampler MEDIUM
Verification:
XYZ-ASBR22#ping 100.2.2.2 source l0 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 100.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.2.22
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 2/9/132 ms
RP/0/0/CPU0:XYZ-ASBR12#ping 100.2.2.2 source l0 repeat 1000
Wed Mar 14 17:26:05.132 UTC
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
7
CCIE4Career.com
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/2/
INET#show flow-sampler
Sampler : HIGH, id : 1, packets matched : 200, mode : random sampling mode

Sampler : MEDIUM, id : 2, packets matched : 200, mode : random sampling mode

Sampler : LOW, id : 3, packets matched : 0, mode : random sampling mode

8
CCIE4Career.com
2. Question 2
Question:
XYZ Site 2 implemented the MPLS Traffic Engineering Autotunnel Primary and
Backup:
- Primary tunnels tunnel number 50000-59999.

- Backup tunnels tunnel number 40000-49999.
After the implementation of this feature, an operations engineer identified that all
routers have MPLS TE tunnels number starting from 50000 (MPLS TE primary
tunnels). However, none of the routers have MPLS TE tunnels starting from 40000
(MPLS TE backup tunnels).
Your task is to identify this issue and to fix it. After you complete this task, you should
find MPLS TE tunnels number starting from 40000 in all routers of the XYZ Site2, as
per this example:
XYZ-PE21#show ip int bri | in Tunnel
Tunnel40000 10.0.1.21 YES TFTP up up
9
CCIE4Career.com
Solution:
Initial configure about MPLS TE

mpls traffic-eng tunnels
mpls traffic-eng auto-tunnel backup tunnel-num min 40000 max 49999
mpls traffic-eng auto-tunnel primary onehop
mpls traffic-eng auto-tunnel primary config unnumbered-interface Loopback0
mpls traffic-eng auto-tunnel primary config mpls ip
mpls traffic-eng auto-tunnel primary timers removal rerouted 60
mpls traffic-eng auto-tunnel primary tunnel-num min 50000 max 59999
mpls traffic-eng auto-tunnel mesh
mpls traffic-eng auto-bw timers frequency 60
multilink bundle-name authenticated
!
interface Auto-Template55
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination access-list 55
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 100
tunnel mpls traffic-eng path-option 1 dynamic
tunnel mpls traffic-eng auto-bw max-bw 200
!
router isis
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
!
access-list 55 permit 0.0.1.0 255.255.0.255
access-list 55 permit 0.0.2.0 255.255.0.255
Check tunnel status:

XYZ-PE21#show mpls traffic-eng auto-tunnel backup
State: Disabled
Auto backup tunnels: 0 (up: 0, down: 0)
Tunnel ID Range: 40000 - 49999
Create Nhop Only: No
Check for deletion of unused tunnels every: 3600 Sec
SRLG: Not configured
Config:
unnumbered-interface: Loopback0
Affinity/Mask: 0x0/0xFFFF
10
CCIE4Career.com
Fix the problem: All XYZ Site 2 Routers

mpls traffic-eng auto-tunnel backup
Verification:
XYZ-PE21#show ip int bri | in Tunnel
Tunnel0 10.0.1.21 YES unset up up
Tunnel55 unassigned YES unset up down
11
CCIE4Career.com
3. Question 3
Question:
An XYZ operations engineer has identified that every time that the link between XYZ-
ASBR22 and INET flaps, the BGP IPv4 peering with INET takes more than 4 minutes
to be established. The BGP IPv6 peering with INET is established in a shorter period
of time. Your task is to perform the no shutdown command on XYZ-ASBR22 g5
interface that connects to INET, identify the root cause of why the BGP IPv4 peering
is taking logger to be established compared to the BGP IPv6 peering, and to fix the
issue.
After you complete this task, the BGP IPv4 peering should be established in about
the same amount of time that the BGP IPv6 peering is established between XYZ-
ASBR22 and INET.
12
CCIE4Career.com
Solution:
Shutdown interface g5 in XYZ-ASBR22

interface g5
no shutdown
!
XYZ-ASBR22#show bgp ipv4 unicast summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.21 4 65000 82 71 90 0 0 00:56:44 5
100.1.22.1 4 1000 0 0 1 0 0 00:00:28 Idle
XYZ-ASBR22#show bgp ipv6 unicast summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8::21 4 65000 0 0 1 0 0 never Idle
2001:DB8:100:22::1
4 1000 9 5 101 0 0 00:00:03 12
XYZ-ASBR22#
!and waiting 4 mins.
XYZ-ASBR22(config-if)#shu
*Mar 14 17:58:15.592: %IFDAMP-5-UPDOWN: interface GigabitEthernet5 update IP Routing
state to UP, interface is not suppressed
*Mar 14 17:58:15.592: %IFDAMP-5-UPDOWN: interface GigabitEthernet5 update CLNS Routing
state to UP, interface is not suppressed
*Mar 14 17:58:16.303: %BGP-5-NBR_RESET: Neighbor 100.1.22.1 active reset (BGP
Notification sent)
*Mar 14 17:58:16.303: %BGP-5-ADJCHANGE: neighbor 100.1.22.1 Up
Checked initial configure under interface g5
interface GigabitEthernet5
dampening 30 1 1 255 restart 5
Fix the problem: XYZ-ASBR222

interface GigabitEthernet5
no dampening
13
CCIE4Career.com
4. Question 4
Question:
SWT1 and SWT2 sites use RIPng as the IGP IPv6 routing protocol. SWT1 and SWT2
recently contracted a MPLS L2VPN circuit from XYZ site2. The SWT sites do not
receive RIPng prefixes from each other. Your task is to identify the issue and to fix
it.
Note: Due to some limitation on the virtualization, platform used in this lab, only
control plane traffic is functional. Data plane is not completely functional, which
implies that SWT1 still cannot ping SWT2 loopacb0 address and vice versa
After you complete this task, SWT1 should receive a RIPng prefix from SWT2 and
vice versa.
SWT1#show ipv6 route rip
IPv6 Routing Table - default - 5 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
14
CCIE4Career.com
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
a - Application
R 2001:DB8:192::2/128 [120/2]
via FE80::A8BB:CCFF:FE00:D010, Ethernet0/1
Solution:
Verify initial configure and L2VPN circuit states in XYZ-PE22, XYZ-PE23.

XYZ-PE22#show xconnect all
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
DN pri ac Et0/3:5(Ethernet) DN l2tp 10.0.1.23:1000 DN
XYZ-PE23(config-if)#do show xcon all


------+---------------------------------+--+---------------------------------+--
-- pri ac Et0/3:5(Ethernet) DN unkn 0.0.0.0:0 --
XYZ-PE22#
interface Ethernet0/3
description mtu 1520
no ip address
no keepalive
xconnect 10.0.1.23 1000 encapsulation l2tpv3 pw-class SWT12
XYZ-PE23#
description mtu 1520
no ip address
no keepalive
end
!
15
CCIE4Career.com
l2vpn xconnect context ABC
member Ethernet0/3
member pseudowire1000
Fix the problem:
XYZ-PE23:
pseudowire-class SWT12
encapsulation l2tpv3
ip local interface Loopback0
!
interface pseudowire1000
encapsulation l2tpv3
neighbor 10.0.1.22 1000
ip local interface Loopback0
Verification:
XYZ-PE22#show xconnect all

------+---------------------------------+--+---------------------------------+--
UP pri ac Et0/3:5(Ethernet) UP l2tp 10.0.1.23:1000 UP
SWT1#show ipv6 route rip

IPv6 Routing Table - default - 5 entries

Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
a - Application
R 2001:DB8:192::2/128 [120/2]
via FE80::A8BB:CCFF:FE00:D010, Ethernet0/1
16
CCIE4Career.com
5. Question 5
Question:
17
CCIE4Career.com
An XYZ operations engineer deployed a bundle interface between XYZ-ASBR21 and

XYZ-ASBR22, however the IS-IS adjacency did not establish on this link. Your task
is to identify the issue and to fix it.
After you complete this task XYZ-ASBR22 should see an IS-IS adjacency via the
PortChannel 21 interface.
XYZ-ASBR22#show isis neighbors
No time source, *23:02:11.343 UTC Wed Mar 14 2018
Tag null:
System Id Type Interface IP Address State Holdtime Circuit Id
XYZ-P-RR21 L1 Gi2 10.21.22.1 UP 7 XYZ-P-RR21.02
XYZ-ASBR21 L1 Po21 10.22.21.21 UP 24 XYZ-ASBR22.01
Soution:
Check Portchannel state and initial configure in both ASBR21 and ASBR-22
XYZ-ASBR21#show etherchannel summary
Flags: D - down P/bndl - bundled in port-channel

I - stand-alone s/susp - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
21 Po21(RM) LACP Gi4(bndl) Gi5(bndl)
RU - L3 port-channel UP State
SU - L2 port-channel UP state
P/bndl - Bundled
S/susp - Suspended
XYZ-ASBR21#show run int port-channel 21

Building configuration...
Current configuration : 217 bytes

18
CCIE4Career.com
!
interface Port-channel21
ip address 10.22.21.21 255.255.255.0
ip router isis
no negotiation auto
ipv6 address 2001:DB8:22:21::21/64
ipv6 router isis
mpls ip
mpls traffic-eng tunnels
lacp min-bundle 4
Fix the problem:

interface port-channel 21
lacp min-bundle 2
Verification:
XYZ-ASBR21#show etherchannel summary
Flags: D - down P/bndl - bundled in port-channel

I - stand-alone s/susp - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
21 Po21(RU) LACP Gi4(bndl) Gi5(bndl)
RU - L3 port-channel UP State
SU - L2 port-channel UP state
P/bndl - Bundled
S/susp - Suspended
XYZ-ASBR22#show isis neighbors
Tag null:
System Id Type Interface IP Address State Holdtime Circuit Id
19
CCIE4Career.com
XYZ-ASBR21 L1 Po21 10.22.21.21 UP 24 XYZ-ASBR22.01
20
CCIE4Career.com
6. Question 6
Question:
21
CCIE4Career.com
ABC site 2 and ABC site3 are connected via Layer 3 services provided by XYZ site 2.
They use RIP and RIPng as the PE-CE routing protocol. ABC site 2 and 3 cannot ping
the IPv6 loopback address of each other. There are no issue ith IPv4 connectivity
between their two ABC sites.
Your task is to identify the issue and to fix it. After you complete the tast. ABC0CE3
should be able to ping ABC-CE2 loopback 0 IPv6 adress.
ABC-CE2 should also able to ping ABC-CE3 loopback0 IPv6 address:
- ABC-CE2#ping 2001:db8:168::3
- ABC-CE3#ping 2001:db8:168::2
Solution:
XYZ-PE21:
router bgp 65000
address-family ipv6 vrf ABC
redistribute connected
XYZ-PE23:
router bgp 65000
address-family ipv6 vrf ABC
redistribute connected
Explain:
When redistributing between two IPv6 IGPs:

remember that the command "redistribute <protocol> " will not redistribute the
locally connected interfaces advertised into <protocol>.
In order to account for directly connected subnets, use the separate command
redistribute connected or use the include-connected keyword with IOS.
Verification:
ABC-CE2#ping 2001:db8:168::3
Sending 5, 100-byte ICMP Echos to 2001:DB8:168::3, timeout is 2 seconds:
!!!!!
ABC-CE3#ping 2001:db8:168::2
!!!!!
22
CCIE4Career.com
7. Question 7
Question:
The XYZ service provider contracted CSC ISP to provide connectivity between their
two sites. ABC-CE1 is connected to XYZ-site1 and ABC-CE2 and ABC-CE3 are
connected to XYZ-site2. Despte CSC deployment ABC-CE1 cannot ping the ABC-CE2
loopback0 ipv4 address or the ABC-CE2 loopback0 IPv6 adress. Your task is to
identify the issue and to fix it.
After you complete this task, ABC-CE1 should be able to ping ABC-CE2 loopback 0
IPv4 and IPv6 address.
- ABC-CE1#ping 192.168.2.2
- ABC-CE1#ping 2001:db8:168::2
23
CCIE4Career.com
Solution:
24
CCIE4Career.com
CSC-ASBR1:
router bgp 222
neighbor 10.1.1.2
address-family ipv4 labeled-unicast
next-hop-self
!
!
neighbor 10.100.111.11
route-policy ALL in
route-policy ALL out
as-override
!
commit
!
router static
address-family ipv4 unicast
10.100.111.11/32 GigabitEthernet0/0/0/1
!
commit
CSC-ASBR2:
router bgp 222
neighbor 10.1.1.1
next-hop-self
!
neighbor 10.100.221.21
route-policy ALL in
route-policy ALL out
as-override
!
commit
!
router static
commit
XYZ-ASBR11:
router static
25
CCIE4Career.com
commit
Explain:
By default, forwarding of labled traffic will not work between IOS and XR in option B.
On IOS when mpls bgp forwarding command is entered, the router creates a /32 for
the peering interface along with a /32 for the neighbor. XR cannot label switch traffic
to a next-hop that's not learned via a host route /32. XR by default does not do
that. On XR to fix it, create a static /32 host route to the neighboring IP on the directly
connected ASBR. If the static points to interface and then next-hop. BGP will consider
it as multi-hop, either configure it as multi-hop eBGP or just use interface like "router
static address-family w.x.y.z gi0/0/0/0.30
Verification:
ABC-CE1#ping 192.168.2.2
!!!!!
ABC-CE1#ping 2001:db8:168::2
!!!!!
26
CCIE4Career.com
8. Question 8
Question:
The KLM network is IPv6 only and require access to the INET IPv6 global routing table
via XYZ site1. Even though KLM-RT1 learns IPv6 prefixes injected by INET. KLM-RT1
cannot ping the IPv6 address of the loopback 0configured on the INET router. Your
task is to identify the issue and to fix it.
After you complete this task, KLM-RT1 should be able to ping INET loopback0 IPv6
address.
KLM-RT1#ping 2001:db8:1001::1
Solution:
27
CCIE4Career.com
XYZ-RR1:
router bgp 65000
address-family ipv6
neighbor 10.0.1.11 send-label
XYZ-ASBR11/12:
router bgp 65000
neighbor 10.0.0.1
no address-family ipv6 unicast
next-hop-self
commit
Verification:
KLM-RT1#ping 2001:db8:1001::1
!!!!!
28
CCIE4Career.com
9. Question 9
Question:
The XYZ service provider is offering an mVPN service to ABC-CE2 and ABC-CE3. XYZ
deployed the mVPN Profile 0 also known as Default MDT – GRE – PIM C-mcast
signaling.
ABC-CE2 site added an igmp join-group 239.1.1.1 command under the loopback0
interface and ABC-CE3 site added an igmp join-group 239.3.3.3 command under the
loopback interface to test the multicast connectivity. Everything was working until
XYZ site 2 deployed MPLS Traffic Engineering Tunnels. Now ABC-CE2 router cannot
ping the multicast address located on ABC-CE3 and vice-versa
You task is to identify the issue and to fix it. After you complete the task ABC-CE3
should be able to ping 239.1.1.1 and ABC-CE2 should be able to ping 239.3.3.3
- ABC-CE3#ping 239.1.1.1
- ABCE-CE2#ping 239.3.3.3
29
CCIE4Career.com
Solution:
Checked initial configure:
XYZ-PE21:
XYZ-PE21#show run vrf
Time source is hardware calendar, *04:37:14.774 CST Fri Mar 16 2018
Building configuration...
Current configuration: 879 bytes

vrf definition ABC
rd 65000:21
route-target export 65000:21
route-target import 65000:23
route-target import 65000:20
!
address-family ipv4
mdt preference pim
mdt default 239.10.10.10
mdt data 239.20.20.0 0.0.0.255 threshold 1
mdt data threshold 1
exit-address-family
!
address-family ipv6
exit-address-family
Checked rpf routes:

XYZ-PE21#show ip rpf 10.0.0.21
Fix the problem:
All device in XYZ Site2

router isis
mpls traffic-eng multicast-intact
ABC-CE2:
ip multicast-routing
!
interface Loopback0
30
CCIE4Career.com
ip pim sparse-mode
ip igmp join-group 239.1.1.1
!
ip pim sparse-mode
!
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
ABC-CE3
ip multicast-routing
!
interface Loopback0
ip pim sparse-mode
ip igmp join-group 239.3.3.3
!
ip pim sparse-mode
Verification:
ABC-CE3#show ip pim rp mapping
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
RP 192.168.2.2 (?), v2
Info source: 192.168.2.2 (?), via bootstrap, priority 0, holdtime 150
Uptime: 00:04:29, expires: 00:02:06
ABC-CE3#ping 239.1.1.1
Reply to request 0 from 192.168.2.2, 3 ms

ABC-CE2#ping 239.3.3.3

31
CCIE4Career.com
10. Question 10
Question:
XYZ deployed an LLQ with two priority queues at the XYZ-P-RR21 interfaces facing
PE devices. One priority queue is dedicated for voice traffic and another priority queue
is dedicated for video traffic. An operations engineer identified that neither voice
traffic nor vice traffic are queue in these priority queues. Your task is to identify the
issue and to fix it.
Note:
- Assume that all data traffic is matched correctly

- Traffic can be either labeled or native IP
32
CCIE4Career.com
After you complete this task, you can verify by performing a ping command from any
ASBR device targeting PE loopback 0 addresses for XYZ site 2.
XYZ-ASBR21#ping 10.0.1.21 tos 184 repeat 10 timeouts 2
XYZ-ASBR21#ping mpls ipv4 10.0.1.21/32 exp 5
Soltuion:
Check QoS initial configure
XYZ-P-RR21:
class-map match-all VIDEO
match ip dscp af32
match ip dscp cs3
match mpls experimental topmost 3
class-map match-all VOICE
match ip dscp ef
match dscp cs5
!
policy-map EGRESS
class VOICE
priority percent 18
class VIDEO
priority percent 15
class class-default
bandwidth remaining percent 50
Fix the problem
XYZ-P-RR21
class-map match-any VIDEO
match ip dscp af32
match ip dscp cs3
class-map match-any VOICE
match ip dscp ef
match dscp cs5
Verification:
33
CCIE4Career.com
XYZ-P-RR21#show policy-map interface e1/0
Ethernet1/0
Service-policy output: EGRESS
queue stats for all priority classes:

Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 15/1750
Class-map: VOICE (match-any)

15 packets, 1750 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: ip dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Match: mpls experimental topmost 5
5 minute rate 0 bps
Match: dscp cs5 (40)
0 packets, 0 bytes
5 minute rate 0 bps
Priority: 18% (1800 kbps), burst bytes 45000, b/w exceed drops: 0
Class-map: VIDEO (match-any)

0 packets, 0 bytes
Match: ip dscp af32 (28)
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip dscp cs3 (24)
0 packets, 0 bytes
5 minute rate 0 bps
Match: mpls experimental topmost 3
0 packets, 0 bytes
5 minute rate 0 bps
Priority: 15% (1500 kbps), burst bytes 37500, b/w exceed drops: 0
Class-map: class-default (match-any)
Match: any
Queueing
queue limit 64 packets
34
CCIE4Career.com
(queue depth/total drops/no-buffer drops) 0/1/0
(pkts output/bytes output) 97647/45912669
bandwidth remaining 50%
35
CCIE4Career.com
11. Question 11
XYZ site 1 has two exit points toward INET. The design engineer has defined these
BGP polices for the incoming traffic from INET and outgoing traffic tward INET.
- The IPv4 outgoing traffic should be via XYZ-ASBR11

- The IPv4 incoming traffic should be via XYZ-ASBR12
Your task is to identify why this BGP polices is not working and to fix it.
Note: You are not allowed to change any configuration on the INET router, you are
allowed only to use XYZ site 1 devices to fix this issue
After you complete this task, the output of the traceroute command should illustrate
this BGP policy as per this example
36
CCIE4Career.com
XYZ-PE11#trace 100.2.2.2 source 10.0.1.11
1 10.11.1.11
2 10.11.11.1
3 100.1.11.1
INET#trace 10.0.0.1 source loopback0
1 100.1.12.12
2 10.11.12.11
3 10.11.111.1
Solution:
XYZ-ASBR11
router bgp 65000
neighbor 100.1.11.1
no address-family ipv4 labeled-unicast
route-policy IPv4_INET in
route-policy IPv4_INET_OUT out
!
commit
Verification:
RP/0/0/CPU0:XYZ-PE11#traceroute 100.2.2.2 source 10.0.1.11
Thu Mar 15 14:00:24.228 UTC
Tracing the route to 100.2.2.2
1 10.11.1.11 [MPLS: Label 24004 Exp 0] 9 msec 9 msec 9 msec
2 10.11.11.1 9 msec 9 msec 9 msec
3 100.1.11.1 9 msec * 9 msec
INET#traceroute 10.0.0.1 source l10

Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 100.1.12.12 2 msec 2 msec 1 msec
2 10.11.12.11 [MPLS: Label 24003 Exp 0] 9 msec 7 msec 8 msec
3 10.11.111.1 8 msec * 9 msec
37
CCIE4Career.com

3 RZM BT 7 O

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3 RZM BT 7 O

Uploaded by

Copyright:

Available Formats

Ccie4career.

com Skype ID 1: ccie04final

CCIE4CAREER.COM - CCIE Service Provider TS1 C1

 This section is comprised of a set of troubleshooting scenarios.

INET enabled a random sampled NetFlow:

- Sourced from XYZ PEs collect one packet out of 1.

Verify collecting as expected:

- ping 100.2.2.2 source loopback0 repeat 1000 command on Cisco IOS XE

Sampler : HIGH, id : 1, packets matched : 3005, mode : random sampling mode

Sampler : MEDIUM, id : 2, packets matched : 300, mode : random sampling mode

Sampler : LOW, id : 3, packets matched : 1, mode : random sampling mode

Checked initial configure about Net flow:

Fix the problem:

Sampler : HIGH, id : 1, packets matched : 200, mode : random sampling mode

Sampler : MEDIUM, id : 2, packets matched : 200, mode : random sampling mode

Sampler : LOW, id : 3, packets matched : 0, mode : random sampling mode

- Primary tunnels tunnel number 50000-59999.

Initial configure about MPLS TE

Check tunnel status:

Fix the problem: All XYZ Site 2 Routers

Shutdown interface g5 in XYZ-ASBR22

Fix the problem: XYZ-ASBR222

IPv6 Routing Table - default - 5 entries

Verify initial configure and L2VPN circuit states in XYZ-PE22, XYZ-PE23.

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

XYZ-PE23(config-if)#do show xcon all

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

SWT1#show ipv6 route rip

IPv6 Routing Table - default - 5 entries

An XYZ operations engineer deployed a bundle interface between XYZ-ASBR21 and

Flags: D - down P/bndl - bundled in port-channel

Group Port-channel Protocol Ports

XYZ-ASBR21#show run int port-channel 21

Current configuration : 217 bytes

Fix the problem:

Flags: D - down P/bndl - bundled in port-channel

Group Port-channel Protocol Ports

ABC-CE2 should also able to ping ABC-CE3 loopback0 IPv6 address:

When redistributing between two IPv6 IGPs:

Checked initial configure:

Current configuration: 879 bytes

Checked rpf routes:

Fix the problem:

All device in XYZ Site2

Reply to request 0 from 192.168.2.2, 3 ms

Reply to request 0 from 192.168.2.3, 6 ms

- Assume that all data traffic is matched correctly

XYZ-ASBR21#ping 10.0.1.21 tos 184 repeat 10 timeouts 2

XYZ-ASBR21#ping mpls ipv4 10.0.1.21/32 exp 5

Check QoS initial configure

Fix the problem

Service-policy output: EGRESS

queue stats for all priority classes:

Class-map: VOICE (match-any)

Class-map: VIDEO (match-any)

- The IPv4 outgoing traffic should be via XYZ-ASBR11

XYZ-PE11#trace 100.2.2.2 source 10.0.1.11

INET#trace 10.0.0.1 source loopback0

INET#traceroute 10.0.0.1 source l10

You might also like