CCIE Data Center Study Guide
1.0 Data Center Layer 2/Layer 3 Connectivity
1.1 Design, implement, and troubleshoot Layer 2 technologies
1.1.a Link aggregation (a.k.a Port Channel)
-
LACP (802.3ad)
-
Bundling of 1-8 interfaces (Max interfaces: 8)
-
LACP PDUs sent over Multicast MAC (01:80:c2:00:00:02)
-
LACP Detection Period: 1 packet/second
-
LACP PDUs are sent down on all links
-
-
Keep-alive packets (sent after LACP establishment)
-
Fast: 1 packet every second
-
Slow: 1 packet every 30 seconds
-
http://blog.glinskiy.com/2013/07/lacp-timer-and-what-it-means.html
- Keep-alive frequency defines how often the local interface expects a LACP PDU. It does notdefine how frequent the interface ~sends~ an LACP PDU.
-
https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/lacp-rate-fast.html
- lacp rate fastcommand on NXOS defines how fast the interface sends the PDUs * https://www.thomas-krenn.com/en/wiki/Link_Aggregation_and_LACP_basics
-
-
Terminology
- Actor: Local interface sending PDU
-
Partner:**Remote interface
-
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-aggregated-ethernet-lacp.html](https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-aggregated-ethernet-lacp.html)
-
LACP Active
- Interface actively negotiates by sending LACPDUs
-
LACP Passive (default state)
- Port-channel acts as “speak when spoken to”
-
LACP Advantages
-
-
Failover
-
Dynamic configuration
- Devices on each end can determine link aggregation capability
LACP Packet Capture
-
https://www.cloudshark.org/captures/002b05eb114b
-
Static Channel
- Configuration: channel-mode “ON”
-
-
Virtual Port-Channel
-
Port-Channel Requirements
-
Same speed and duplex on member interfaces
-
-
NXOS Port-Channel Compatibility Check
-
Use command:
show port-channel compatibility-parameters -
Port mode
-
Access VLAN
-
Trunk native VLAN
-
Allowed VLAN list
-
Speed
-
802.3x flow control setting
-
MTU
- This attribute is strictly not applicable as the Cisco Nexus 5000 Series switch only supports system level MTU.
-
Broadcast/Unicast/Multicast Storm Control setting
-
Priority-Flow-Control
-
Untagged CoS
-
-
NX-OS Port-Channel Load Balancing
-
For a Layer 2 frame, it uses the source and destination MAC addresses.
-
For a Layer 3 frame, it uses the source and destination MAC addresses and the source and destination IP addresses.
-
For a Layer 4 frame, it uses the source and destination MAC addresses, the source and destination IP addresses, and the source and destination port number.
-
1.1.b Tagging/trunking
Configuration:
[image:2496FECD-829B-46BA-92FB-E2BB16CB508D-15163-00015984410BC38E/5t5zSeHDOkmTQHh-OjpnrHrONdyFRpxXp-e76l1BBj_-9-JNKxNW4xAuoArkStIwZEFvaJqtrbMM5mgC2QvM_zXjI0xY1W1Or0e8xA0mEwJK1Pd9FJUn5b_x210tUY-Uq-XWp03_.png]
-
VLAN (802.1Q) Encapsulation
-
801.2Q tag is 2 bytes total
-
12 bits used for the VLAN ID (VLAN range: 2^12-1 = 4095 = 0 - 4094)
-
Access Mode
- An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN.
- If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address.
- Access switchport carries VLAN-1 by default, unless specified
- Q: What happens when untagged packet arrives on switchport in access mode?
- In ACI, the packet will be accepted. In NXOS, it will accept either an untagged or specifically tagged packet.
- In other platforms, the behavior is inconsistent and varies…
- Trunk Mode
- A trunk port can have two or more VLANs configured on the interface; it can carry traffic for several VLANs simultaneously.
- Native VLAN
- Untagged packets that traverse through a trunk port will be classified under the Native VLAN
- Links must have the same native VLAN end-to-end. A “native vlan mismatch” message will appear if there’s a mismatch. The link, however, should not go down or be disabled.
- If no native VLAN is configured, the default VLAN (1) is used
1.1.c Spanning Tree Protocol
https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
Spanning Tree:
- To prevent layer 2 loops which can cause broadcast storms that will render switches unusable (e.g. high CPU utilization)
Root Bridge
-
Root of spanning tree
-
Chosen on a per-VLAN basis
STP Features
-
PortFast
-
Root Guard
-
Loop Guard
-
BPDU Guard
-
List of Protocols
-
Comparison of the protocols:
-
RSTP (Rapid Spanning Tree)
-
PVST (Per-VLAN Spanning Tree)
- Uses Cisco ISL (Inter-Switch Link) encapsulation
-
PVST+ (Per-VLAN Spanning Tree)
- Uses 802.1Q encapsulation
- RPVST (Rapid PVST)
- Cisco proprietary version of PVST+
- MSTP (Multiple Spanning Tree)
-
1+ VLANs can be assigned to the MST Instance
-
Contains all Spanning Tree info in 1 BPDU
-
Backwards compatible with RSTP and STP
-
Catalyst:
-
https://www.excitingip.com/1688/understanding-spanning-tree-protocols-stp-rstp-mstp/
-
-
1.2 Design, implement, and troubleshoot overlays
-
1.2.a VXLAN
-
1.2.b EVPN
-
1.2.c OTV
1.3 Design, implement, and troubleshoot routing protocols and features
-
1.3.a OSPF
-
1.3.b IS-IS
-
1.3.c BGP
-
1.3.d BFD
-
1.3.e FHRP
1.4 Design, implement, and troubleshoot multicast protocols
-
1.4.a PIM
-
1.4.b IGMP
-
1.5 Describe interfabric connectivity
-
1.5.a Multipod
-
1.5.b Multisite
1.6 Design, implement, and troubleshoot external fabric connectivity
-
1.6.a L2/L3Out
-
1.6.b VRF-Lite
1.7 Design, implement, and troubleshoot traffic management
-
1.7.a Queueing
-
1.7.b Policing
-
1.7.c Classification/marking
-
1.7.d RoCE
2.0 Data Center Network Services
2.1 Design, implement, and troubleshoot network services insertion and redirection
-
2.1.a Policy-based routing
-
2.1.b Policy-based redirection
-
2.1.c VRF stitching
-
2.1.d BD/VLAN stitching
2.2 Design, implement, and troubleshoot services
-
2.2.a PTP
-
2.2.b NTP
-
2.2.c DNS
-
2.2.d DHCP
2.3 Design, implement, and troubleshoot RBAC
-
2.3.a RADIUS
-
2.3.b TACACS+
-
2.3.c LDAP
-
2.3.d AAA
2.4 Design, implement, and troubleshoot maintenance tasks
-
2.4.a Backup and restore
-
2.4.b Firmware upgrades and downgrades
-
2.5 Design, implement, and troubleshoot monitoring services
2.5.a Flow export
-
2.5.b SPAN
-
2.5.c SNMP
-
2.5.d Syslog
2.6 Design, implement, and troubleshoot security features
-
2.6.a CoPP
-
2.6.b Storm control
-
2.6.c ACLs
-
2.6.d First-hop security
-
2.6.e Contracts
-
2.6.f Port security
-
2.6.g MACsec
-
2.6.h Private VLANs
3.0 Data Center Storage Networking and Compute
3.1 Describe, configure, and troubleshoot infrastructure to support block storage protocols
-
3.1.a Fibre Channel
-
3.1.b FCoE
-
3.1.c iSCSI
3.2 Design, implement, and troubleshoot data center storage networking features
-
3.2.a Zoning
-
3.2.b NPV/NPIV
3.3 Design, implement, and troubleshoot compute policies and profiles
-
3.3.a Cisco UCS Manager
-
3.3.b Cisco Intersight
3.4 Design, implement, and troubleshoot data center connectivity
-
3.4.a SAN/LAN uplinks
-
3.4.b Rack server integration
-
3.4.c Fabric ports
-
3.4.d Appliance ports
4.0 Data Center Automation and Orchestration
4.1 Implement and troubleshoot data center tasks using provided Python scripts
-
4.1.a Create, read, update, delete using RESTful APIs
-
4.1.b Deploy and modify configurations
-
4.1.c Data collection and statistics
4.2 Describe and design data center orchestration using tools
-
4.2.a Cisco Intersight
-
4.2.b Cisco UCS Director
-
4.2.c Cisco CloudCenter
5.0 Data Center Fabric Infrastructure
5.1 Configure and troubleshoot physical fabric components
-
5.1.a Fabric discovery
-
5.1.b Controllers/network managers
-
5.1.c Switches
5.2 Design, implement, and troubleshoot fabric policies
-
5.2.a Access policies
-
5.2.b Layer 2/Layer 3 multitenancy
-
5.2.c Troubleshooting policies
-
5.2.d Monitoring policies
5.3 Design, implement, and troubleshoot tenant policies
-
5.3.a Application profiles
-
5.3.b Networking
-
5.3.c Security
5.4 Analyze and troubleshoot logical fabric elements
-
5.4.a Faults
-
5.4.b Events
-
5.4.c Health indicators
5.5 Design, implement, and troubleshoot virtual networking
-
5.5.a Cisco AVE
-
5.5.b vSphere Distributed Switch
-
5.5.c Hyper-V switch
6.0 Evolving Technologies v1.1
6.1 Cloud
-
6.1.a Compare and contrast public, private, hybrid, and multicloud design considerations
-
6.1.a (i) Infrastructure, platform, and software as a service (XaaS)
-
6.1.a (ii) Performance, scalability, and high availability
-
6.1.a (iii) Security implications, compliance, and policy
-
6.1.a (iv) Workload migration
-
6.1.b Describe cloud infrastructure and operations
-
6.1.b (i) Compute virtualization (containers and virtual machines)
-
6.1.b (ii) Connectivity (virtual switches, SD-WAN and SD-Access)
-
6.1.b (iii) Virtualization functions (NFVi, VNF, and L4/L6)
-
6.1.b (iv) Automation and orchestration tools (CloudCenter, DNA-center, and Kubernetes)
6.2 Network programmability (SDN)
-
6.2.a Describe architectural and operational considerations for a programmable network
-
6.2.a (i) Data models and structures (YANG, JSON and XML)
-
6.2.a (ii) Device programmability (gRPC, NETCONF and RESTCONF)
-
6.2.a (iii) Controller based network design (policy driven configuration and northbound/
-
southbound APIs)
-
6.2.a (iv) Configuration management tools (agent and agentless) and version control systems
-
(Git and SVN)
6.3 Internet of things (IoT)
-
6.3.a Describe architectural framework and deployment considerations for IoT
-
6.3.a (i) IoT technology stack (IoT Network Hierarchy, data acquisition and flow)
-
6.3.a (ii) IoT standards and protocols (characteristics within IT and OT environment)
-
6.3.a (iii) IoT security (network segmentation, device profiling, and secure remote access)
-
6.3.a (iv) IoT edge and fog computing (data aggregation and edge intelligence)