Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Brkccie 3000

Download as pdf or txt
Download as pdf or txt
You are on page 1of 93
At a glance
Powered by AI
The presentation discusses BGP (Border Gateway Protocol) and its importance for the CCIE certification. It covers basics of BGP on IOS and IOS-XR, more advanced BGP features, and troubleshooting BGP.

The purpose of the presentation is to help CCIE candidates understand BGP and feel less intimidated by it, as it is an important topic that will be worth many points on the CCIE lab exam.

Some of the main topics covered in the presentation include the history of BGP, how it works and is used on the Internet, basics of BGP configuration on IOS and IOS-XR, more advanced BGP features, and troubleshooting BGP.

#CLUS

BGP is your Friend –


BGP for the CCIE
Candidates
BRKCCIE-3000

Johnny Bass – President Bass Consulting Services, Inc.

#CLUS
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKCCIE-3000


by the speaker until June 18, 2018.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
About the Presenter
• Johnny Bass

• Networking industry since the late 1980s

• CCIE R&S #6458

• CCSI 97168

• Cisco 360 R&S Master Instructor

• Course director for several programs,


including Cisco 360 Route Switch, for
Global Knowledge

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Why Are We Here?

• BGP can be complicated


• BGP is on my blueprint for the lab

• BGP will be worth a LOT of points


• BGP is scary!!!
• Not really 

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
BGP – Little History
• First RFC – RFC1105 in June 1989 by Kirk Lougheed of Cisco and
Jacob Rekhter of IBM
• Replaced EGP for Internet routing
• NSFNET at the time
• Main claim to fame?
• Loop detection and prevention!
• BGP 4 – RFC1654 July 1994
• Add CIDR support
• Multiprotocol BGP – RFC 2283 February 1998

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
BGP is Complicated!
• Yes, it is…lots of RFCs to add lots of functionality
• Supports the Internet
• 686,886 IPv4 network entries (Route Views May 2, 2017)
• 41,213 IPv6 network entries (Route Views May 2, 2017)

• IPv4 and IPv6 unicast and multicast routing


• For the Internet
• For corporate core

• Layer 3 VPN
• MPLS and Dynamic GRE

• Layer 2 VPN
• Segment Routing
• VXLAN EVPN Support
• ????
#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
BGP is Your Friend
• Yes it’s complicated, but its also flexible
• BGP doesn’t have to be
complicated!
• KISS principle…it will get
complicated enough on its own
• BGP scales to BIG numbers
• As of June 7, 2018: 744,761 IPv4 55,488 IPv6
• BGP is policy driven

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
BGP and the CCIE Lab Exams - CCIE Routing &
Switching
• 2.7.a Describe, implement and troubleshoot peer • 2.7.e Implement and troubleshoot scalability
relationships • 2.7.e [i] Route-reflector, cluster
• 2.7.a [i] Peer-group, template
• 2.7.e [ii] Confederations
• 2.7.a [ii] Active, passive
• 2.7.e [iii] Aggregation, AS set
• 2.7.a [iii] States, timers
• 2.7.f Implement and troubleshoot multi-protocol
• 2.7.a [iv] Dynamic neighbors
BGP
• 2.7.b Implement and troubleshoot IBGP and • 2.7.f [i] IPv4, IPv6, VPN address-family
EBGP
• 2.7.g Implement and troubleshoot AS path
• 2.7.b [i] EBGP, IBGP
manipulations
• 2.7.b [ii] 4 bytes AS number
• 2.7.g [i] Local AS, allow AS in, remove private AS
• 2.7.b [iii] Private AS
• 2.7.g [ii] Prepend
• 2.7.c Explain attributes and best-path selection • 2.7.g [iii] Regexp

• 2.7.d Implement, optimize and troubleshoot routing • 2.7.h Implement and Troubleshoot Other Features
policies
• 2.7.h [i] Multipath
• 2.7.d [i] Attribute manipulation
• 2.7.h [ii] BGP synchronization
• 2.7.d [ii] Conditional advertisement
• 2.7.h [iii] Soft reconfiguration, route refresh
• 2.7.d [iii] Outbound route filtering
• 2.7.d [iv] Communities, extended communities
• 2.7.d [v] Multi-homing
#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
BGP and the CCIE Lab Exams - CCIE Service
Provider
• 1.2. Border Gateway Protocol
• 1.2.a. Describe, implement, and troubleshoot IBGP, EBGP, and MP-BGP
• 1.2.b. Describe, implement, and troubleshoot BGP route policy enforcement
• 1.2.c. Describe BGP path attribute
• 1.2.d. Describe and optimize BGP scale and performance
• 1.2.e. Describe, implement, and troubleshoot advanced BGP features

• 4.3. Routing/fast convergence


• 4.3.b. Describe, implement, and optimize BGP convergence

• 5.1. Control plane security


• 5.1.b. Describe, implement, and troubleshoot routing protocol security, for example: BGP-TTL security and protocol
authentication
• 5.1.c. Describe, implement, and troubleshoot BGP prefix suppression
• 5.1.e. Describe, implement, and troubleshoot BGP prefix based filtering
• 5.1.f. Describe, implement, and troubleshoot BGPsec
• 5.3. Infrastructure security
• 5.3.e. Describe, implement, and troubleshoot BGP Flowspec

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
BGP and the CCIE Lab Exams - continued
CCIE Routing & Switching and Service Provider
• Don’t forget
• Layer 3 VPN
• PE to CE routing

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Basics of BGP
BGP Peering
• iBGP versus eBGP
• iBGP within the same Autonomous System
• eBGP between AS
• iBGP TTL is 255
• eBGP TTL is 1
• eBGP with IOS-XR requires a route policy to accept or advertise routes

AS65000 AS65001
iBGP eBGP

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
BGP Peering – Open
• Open requirements
• AS
• Authentication
• Version
• Update Source
• One address family

AS65000 AS65001
iBGP eBGP

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
BGP Peering - iBGP
• IOS/IOS-XE • IOS-XR
Router bgp 65000 Router bgp 65000

neighbor 192.168.100.1 remote-as 65000 address-family ipv4

neighbor 192.168.100.1 update-source exit


loopback 0
neighbor 192.168.100.2
neighbor 192.168.100.1 next-hop-self
remote-as 65000

update-source loopback 0

address-family ipv4 unicast

next-hop-self

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
BGP Peering - eBGP
• IOS/IOS-XE • IOS-XR
Router bgp 65000 Route-policy LetRoutesFly

neighbor 192.168.100.1 remote-as 65001 pass

end-policy

Router bgp 65001

address-family ipv4

exit

neighbor 192.168.100.2

remote-as 65000

address-family ipv4 unicast

policy LetRoutesFly in

policy LetRoutesFly out

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
BGP Route Injection
• Routes into BGP?
• Network statements
• Redistribution
• Network statement has to match an entry in the IGP table
• Auto Summary impacts both for IPv4
• IOS-XR does not have the concept of auto summary
• For network statement, if auto summary is enable, then a match of a subnet wil
allow a classful network statement to work, otherwise an exact match
• For redistribution, auto summary will summarize the routes to their classful
boundary, otherwise subnets are injected
• Auto summary is disabled by default

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
BGP Route Injection
• IOS/IOS-XE • IOS-XR
Router bgp 65000 Router bgp 65000
address-family ipv4 address-family ipv4 unicast
network 10.1.1.0 mask 255.255.255.0 network 10.1.1.0/24
redistribute ospf 1 redistribute ospf 1

For IPv4 on IOS/IOS-XE, the network and redistribution commands can be


done under the routing process

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
BGP IPv6 Unicast Address Families
• IOS/IOS-XE • IOS-XR
Router bgp 65000 Router bgp 65000

neighbor 2005:dead:beef:12::1 remote-as address-family ipv6 unicast


65001
network 2005:cafe:beef:db8::/64
address-family ipv6 unicast
redistribute ospf 1
neighbor 2005:dead:beef:12::1 activate
exit
network 2005:cafe:beef:db8::/64
neighbor 2005:dead:beef:12::2
redistribute ospfv3 1
remote-as 65000
address-family ipv6 unicast

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Aggregate Prefixes
IOS/IOS-XE IOS-XR
PE2(config-router)#aggregate-address 1.1.0.0 255.255.0.0 ? RP/0/RSP0/CPU0:P1(config-bgp-af)#aggregate-address 1.1.0.0/16 ?

advertise-map Set condition to advertise attribute as-confed-set Generate AS confed set path information

as-confed-set Generate AS confed set path information as-set Generate AS set path information

as-set Generate AS set path information route-policy Policy to condition advertisement, suppression,
and attributes
attribute-map Set attributes of aggregate
summary-only Filter more specific routes from updates
route-map Set parameters of aggregate
<cr>
summary-only Filter more specific routes from updates

suppress-map Conditionally filter more specific routes from updates

<cr>

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Verify BGP Neighbors and Routes
• IOS/IOS-XE • IOS-XR
• To see the BGP neighbors • To see the BGP neighbors
• Show ip bgp summary • Show bgp ipv4 unicast summary
• Show ip bgp neighbor • Show bgp ipv4 unicast neighbor
• Show bgp ipv6 unicast summary • Show bgp ipv6 unicast summary
• Show bgp ipv6 unicast neighbor • Show bgp ipv6 unicast neighbor
• To see the BGP table • To see the BGP table
• Show ip bgp • Show bgp ipv4 unicast
• Show bgp ipv6 unicast • Show bgp ipv6 unicast

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Not so basic BGP

BRKCCIE-3000
BGP Peering with Peer Groups
• IOS/IOS-XE • IOS-XR
Router bgp 65000 • Nope
neighbor MyGroup peer-group
neighbor MyGroup remote-as 65001
neighbor 192.168.100.1 peer-group
MyGroup
address-family ipv4
neighbor 192.168.100.1 activate

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
BGP Peering with Templates
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65001
template peer-policy MyPolicy af-group MyAFgroup ipv4 unicast
send-community both send-community both
exit-peer-policy session-group MySession
template peer-session MySession remote-as 65001
remote-as 65001 ttl-security hops 2
ttl-security hops 2 exit
exit-peer-session neighbor 192.168.100.1
bgp log-neighbor-changes use session-group MySession
neighbor 192.168.100.1 inherit peer-session address-family ipv4
MySession use af-group MyAFgroup
address-family ipv4
neighbor 192.168.100.1 activate Or
neighbor 192.168.100.1 inherit peer-policy
MyPolicy router bgp 65001
exit-address-family neighbor-group MyNeighbors
remote-as 65001
ttl-security hops 2
address-family ipv4 unicast
send-community both
neighbor 192.168.100.1
use neighbor-group MyNeighbors

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
BGP Timers
Timers by default are:
• Hello 60 seconds
• Hold 180 seconds
• Scan 60 seconds

• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
bgp scan-time 45 bgp scan-time 45
timers bgp 30 90 timers bgp 30 90
neighbor 192.168.100.1 timers 45 135 neighbor 192.168.100.1
timers 45 135

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
BGP iBGP Full Mesh Alternatives
• By default iBGP expects a full mesh of neighbor relationships.
There are two alternatives:
• Confederations
• Route reflection

• Full mesh = (n x (n-1))/2


• 7 routers = 21 sessions
AS65001

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
BGP iBGP Full Mesh Alternatives -
Confederations
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
bgp confederation identifier 100 bgp confederation identifier 100
bgp confederation peer 65001 bgp confederation peer 65001
neighbor 192.168.100.1 remote-as 65001 neighbor 192.168.100.1
address-family ipv4 remote-as 65001
neighbor 192.168.100.1 update-source address-family ipv4 unicast
loopback 0 update-source loopback 0
neighbor 192.168.100.1 ebgp-multihop 2 next-hop-self
neighbor 192.168.100.1 next-hop-self

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
BGP iBGP Full Mesh Alternatives – Route
Reflectors
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
neighbor 192.168.100.1 remote-as 65000 neighbor 192.168.100.1
address-family ipv4 remote-as 65000
neighbor 192.168.100.1 update-source address-family ipv4 unicast
loopback 0 update-source loopback 0
neighbor 192.168.100.1 next-hop-self next-hop-self
neighbor 192.168.100.1 route-reflector- route-reflector-client
client

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
BGP iBGP Synchronization
• With synchronization enabled, BGP does not use or advertise a route learned from
an IBGP peer unless there is a matching route in the routing table from a source
other than BGP.
• RFC 1403 requires that the router ID of the BGP source and the OSPF source be
identical.

iBGP Packet

BGP Update R1 R2 R3 BGP Update


Packet Packet

R2 is OSPF only
• IOS/IOS-XE OSPF

Router BGP 65001 • IOS-XR


no synchronization • Does not support synchronization!

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Path Attributes
Categories Examples

Origin
Mandatory AS path
Well known Next hop
Local preference
Discretionary
Atomic aggregate
Community
Transitive
Aggregator
Optional Originator ID
Nontransitive Cluster list
MED

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
BGP 12 Step Program
• Prerequisite: no AS loop, good next hop, synchronized if necessary.
1. Highest weight
2. Highest local preference
3. Locally originated
4. Shortest AS path length
5. Origin code
6. Lowest MED
7. EBGP over IBGP
8. If routed to neighbor, prefer the path with lowest IGP metric to next hop
*Consider multipath in RIB
9. If external, prefer older one (> 1 min)
10. Lowest router ID or originator ID
11. Minimum cluster list length
12. Lowest neighbor address

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
BGP Attribute Manipulations – Weight
AS 65001

AS 65002

AS 65000

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
BGP Attribute Manipulations – Weight
Locally injected routes have a weight of 32,768. Learned routes have a weight of 0.
• IOS/IOS-XE • IOS-XR

router bgp 65000 router bgp 65000


address-family ipv4 address-family ipv4 unicast
neighbor 192.168.100.1 weight 100 network 172.16.0.0/16 route-policy MyWeight
neighbor 192.168.200.1 route-map YourWeight neighbor 192.168.100.1
in address-family ipv4 unicast
network 172.16.0.0 route-map MyWeight weight 100
! neighbor 192.168.200.1
route-map MyWeight permit 10 address-family ipv4 unicast
set weight 0 route-policy YourWeight in
! route-policy YourWeight
route-map YourWeight permit 10 if prefix is (10.0.0.0/8) then
match ip address prefix-list YourRoutes set weight 150
set weight 150 else
route-map YourWeight permit 20 pass
! endif
ip prefix-list YourRoutes permit 10.0.0.0/8 end-policy
route-policy MyWeight
set weight 100
end-policy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
BGP Attribute Manipulations – Local Preference
AS 65001

AS 65002

AS 65000

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
BGP Attribute Manipulations – Local Preference
Default local preference is 100.

• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
bgp default local-preference 150 bgp default local-preference 150
address-family ipv4 neighbor 192.168.200.1
neighbor 192.168.200.1 route-map MyPref address-family ipv4 unicast
in route-policy MyPref in
! !
route-map MyPref permit 10 route-policy MyPref
match ip address prefix-list YourRoutes if prefix is (10.0.0.0/8) then
set local-preference 125 set local-preference 125
route-map MyPref permit 20 else
! pass
ip prefix-list YourRoutes permit endif
10.0.0.0/8 end-policy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
BGP Attribute Manipulations – AS Path Prepend
AS 65001

AS 65002

AS 65000

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
BGP Attribute Manipulations – AS Path
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
address-family ipv4 neighbor 192.168.100.1
neighbor 192.168.200.1 route-map 2nd address-family ipv4 unicast
out route-policy 2nd out
! !
route-map 2nd permit 10 route-policy 2nd
match as-path 1 if as-path is-local then
set as-path prepend 65000 65000 65000 prepend as-path 65000 3
route-map 2nd permit 20 else
! pass
ip as-path access-list 1 per ^$ endif
end-policy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
BGP Attribute Manipulations – MED
AS 65001

AS 65002

AS 65000

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
BGP Attribute Manipulations – MED
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
default-metric 999 default-metric 999
address-family ipv4 neighbor 192.168.100.1
neighbor 192.168.200.1 route-map 2nd address-family ipv4 unicast
out route-policy 2nd out
! !
route-map 2nd permit 10 route-policy 2nd
match as-path 1 if as-path is-local then
set metric 99 set med 99
route-map 2nd permit 20 else
! pass
ip as-path access-list 1 per ^$ endif
end-policy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
BGP Private AS, Local AS, Allow AS in, AS
Override
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
neighbor 192.168.100.1 remote-as 20 neighbor 192.168.100.1
neighbor 192.168.100.1 local-as 10 no- remote-as 20
prepend replace-as local-as 10 no-prepend
address-family ipv4 address-family ipv4 unicast
neighbor 192.168.100.1 allowas-in
neighbor 192.168.100.1 as-override allowas-in
neighbor 192.168.100.1 remove-private- as-override
as remove-private-as

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Route Filtering Tools
• Prefix lists:
• Used for prefix-based filtering or matching of routes.
• Can be used to match on the prefix, route source, or next-hop address.

• AS path access lists:


• Used in BGP for filtering or route matching based on BGP AS Path attribute.

• Route maps:
• Primarily used to implement complex routing policies.
• Can also be used as a powerful filtering tool.

• Routing policy language:


• Replaces route maps in Cisco IOS XR Software.
• Feature-rich language for complex routing policies.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Configuring Prefix-Lists
• Prefix-lists have names and sequence numbers (like route-maps).
• IOS/IOS-XE
router(config)# ip/ipv6 prefix-list list-name [seq seq]
{permit|deny} network/len [ge value] [le value]

• IOS-XR
router(config)# ipv4/ipv6 prefix-list list-name
router(config-ipv4-pfx)# [seq seq] {permit|deny} network/len
[ge value] [le value] [eq value]

• An entry with no le or ge (or eq) parameter matches exactly the specified prefix.
• An entry with an le or ge (or eq) parameter matches any route within the address
space of address/prefix with prefix longer than or equal to ge value and shorter
than or equal to le value or equals to the eq value for IOS-XR platforms.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
BGP Prefix Filtering
• IOS/IOS-XE • IOS-XR
ip prefix-list noRFC1918 deny 10.0.0.0/8 prefix-set RFC1918
le 32 10.0.0.0/8 le 32,
ip prefix-list noRFC1918 deny 172.16.0.0/12 le 32,
172.16.0.0/12 le 32 192.168.0.0/16 le 32
ip prefix-list noRFC1918 deny end-set
192.168.0.0/16 le 32 !
ip prefix-list noRFC1918 permit 0.0.0.0/0 route-policy NoRFC1918
le 32 if prefix in RFC1918 then
router bgp 65000 drop
address-family ipv4 else
neighbor 192.168.100.1 prefix-list pass
noRFC1918 out endif
end-policy
!
route bgp 65000
neighbor 192.168.100.1
address-family ipv4 unicast
route-policy NoRFC1918 out
#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Commonly Used Characters in Expressions
. Any single character, including a space
* Zero or more sequence of pattern
+ One or more sequence of pattern
? Zero or one occurrence of pattern
^ Beginning of string
$ End of string
_ Match any delimiter (including beginning, end, space, tab, comma)
\ Remove special meaning of character that follows
[] Match one character in a range
( ) Match on a pattern
| Logical OR

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Review of some common RegEx
1. = 10 - 19 ^200(_200)*$
^. = any AS path but local \1 = repeat of last match 1 time
^$ = local AS ^[0-9]+$ = match any single AS
.* = any ^([0-9]+)(_\1)*$ = any AS and it
can prepend
^200$ = only AS200
_200$ = starts in AS200
^200_ = ends with AS200
_200_ = AS in the path

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
RegEx
• IOS/IOS-XE • IOS-XR
ip as-path access-list 1 permit _10$ as-path-set CustomerAS
ip as-path access-list 1 permit _20$ ios-regex ‘_10$’,
ip as-path access-list 1 permit _30$ ios-regex ‘_20$’,
ip as-path access-list 1 permit _40$ ios-regex ‘_30$’,
router bgp 65000 ios-regex ‘_40$’
address-family ipv4 end-set
neighbor 192.168.100.1 filter 1 in route-policy CustomerAS
if as-path in CustomerAS then
pass
else
drop
endif
end-policy
router bgp 65000
neighbor 192.168.100.1
address-family ipv4 unicast
route-policy CustomerAS in

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
BGP Communities
• BGP communities are a means of tagging routes to ensure a consistent filtering or
route selection policy.
• The community attribute is a transitive optional attribute. Standard community is 32
bit values, extended community are 64 bit value.
• There are several define communities:
• no-advertise: Do not advertise routes to any peer.
• no-export: Do not advertise routes to real EBGP peers.
• local-as: Do not advertise routes to any EBGP peers.
• internet: Advertise this route to the Internet community.

• A community value is split into two parts:


• High-order typically contain the AS number of the AS that defines the community meaning.
• Low-order bits have local significance.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
More advanced BGP
features
BGP Outbound Route Filtering
Outbound route filtering (RFC 5291) allows one BGP router to send a prefix list to another.

• IOS/IOS-XE
Router bgp 65000
address-family ipv4
neighbor 192.168.100.1 capability orf prefix-list send
neighbor 192.168.100.1 prefix-list MyList in

Ip prefix-list MyList permit 10.0.0.0/8 ge 24

• IOS-XR
route-policy MyORF router bgp 65000
if orf prefix in (10.0.0.0/8 ge 24) then neighbor 192.168.100.1
pass
remote-as 65001
address-family ipv4 unicast
endif
route-policy PassAll in
endpolicy route-policy PassAll out
route-policy PassAll capability orf prefix send
pass orf route-policy MyORF
endpolicy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
BGP Dynamic Neighbors
• IOS/IOS-XE
router bgp 65000
bgp log-neighbor-changes
bgp listen range 192.168.0.0/16 peer-group My192Neighbors
bgp listen limit 200
neighbor My192Neighbors peer-group
neighbor My192Neighbors remote-as 65001 alternate-as 65002 65003 65004
!
address-family ipv4
neighbor My192Neighbors activate
exit-address-family

• IOS-XR
• nope

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
BGP Prefix Independent Convergence
• IOS/IOS-XE • IOS-XR
router bgp 65000 route-policy PIC
address-family ipv4 unicast set path-selection backup 1 install
bgp additional-paths install end-policy
router bgp 65000
address-family ipv4 unicast
additional-paths selection route-policy PIC

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
BGP Conditional Route Injection
• IOS/IOS-XE
router bgp 109
bgp inject-map NewRoutes exist-map RcvRoutes
!
route-map RcvRoutes permit 10
match ip address prefix-list RcvRoutes
match ip route-source prefix-list RouteSource
route-map NewRoutes permit 10
set ip address prefix-list NewRoutes
ip prefix-list RcvRoutes permit 10.1.1.0/24
ip prefix-list NewRoutes permit 10.1.1.0/25
ip prefix-list NewRoutes permit 10.1.1.128/25
ip prefix-list RouteSource permit 10.2.1.1/32

• IOS-XR
• nope

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
BGP Security
These are the most common BGP threats:
• BGP routing table manipulation
• BGP route spoofing
• BGP DoS

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
BGP Countermeasures Overview

Countermeasure BGP Table BGP Route BGP DoS


Manipulation Spoofing*
BGP Neighbor Yes No No
Authentication
BGP TTL Security Check Yes No Yes
BGP Maximum Prefix No No Yes

• *BGP route spoofing can be prevented using filtering based on prefixes and AS path.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
BGP Security
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
neighbor 192.168.100.1 password C1sc0 neighbor 192.168.100.1
neighbor 192.168.100.1 ttl-security hops 1 password C1sc0
address-family ipv4 ttl-security
neighbor 192.168.100.1 maximum-prefix 1000 address-family ipv4
maximum-prefix 1000

•TTL Seuciry:
•With IOS/IOS-XE the hops value is how many hops away the neighbor can be (the
acceptable TTL would be from 255 to 255 minus the number of hops)
•With IOS-XR, only 255 is an acceptable TTL value
•BGP neighbors can be authenticated before establishing a TCP session:
•HMAC-MD5 is used.
•Cisco IOS-XR supports HMAC-SHA1 with key chains.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Dynamic Layer 3 VPN with mGRE
• Dynamic L3 VPNs with mGRE Tunnels feature provides an L3
transport
• L3 tunneling transport can also be used within IP networks to
transport VPN traffic across another IPv4 network
• Currently not available on IOS-XR

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
BGP Dynamic Layer 3 VPN
• IOS/IOS-XE router bgp 65000
neighbor 192.168.100.1 remote-as 65000
neighbor 192.168.100.1 update-source
vrf definition MGRE
Loopback0
rd 1:2
address-family vpnv4
route-target export 1:2
neighbor 192.168.100.1 activate
route-target import 1:2
neighbor 192.168.100.1 send-community
address-family ipv4
extended
exit-address-family
neighbor 192.168.100.1 route-map MGRE-
!
NEXT-HOP in
interface FastEthernet1/0
address-family ipv4 vrf MGRE
vrf forwarding MGRE
redistribute connected
ip address 172.16.11.18 255.255.255.240
!
!
route-map MGRE-NEXT-HOP permit 10
l3vpn encapsulation ip MGRE
set ip next-hop encapsulate l3vpn MGRE
transport ipv4 source Loopback0

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
BGP Policy Accounting
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is
sent to, or received from, different peers.

• IOS/IOS-XE • IOS-XR
ip as-path access-list 1 permit _1234$ route-policy BGPAccounting
route-map BGPAccounting permit 10 if as-path originates-from ‘1234’ then
match as-path 1 set traffic-index1
set traffic-index 1 endif
router bgp 65000 end-policy
table-map BGPAccounting router bgp 65000
! address-family ipv4 unicast
interface gigabitethernet0/0 table-policy BGPAccounting
bgp-policy accounting !
interface gigabitethernet0/0/0/0
ipv4 bgp policy accounting input source-
accounting

show cef interface gigabitethernet0/0 policy-


statistics show cef interface gigabitethernet 0/0/0/0
bgp-policy-statistics

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
BGP Flowspec
• Flowspec specifies procedures for the distribution of flow specification
rules via BGP and defines procedure to encode flow specification rules as
Border Gateway Protocol Network Layer Reachability Information (BGP
NLRI) which can be used in any application.
• The BGP flow specification (flowspec) feature allows you to rapidly deploy
and propagate filtering and policing functionality among a large number of
BGP peer routers to mitigate the effects of a distributed denial-of-service
(DDoS) attack over your network.
• In Cisco IOS 15.5(S) release, BGP flow specification is supported only on a
BGP flow specification client and route reflector.
• ASR9000 can be the flow specification controller

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
BGP Flowspec - Controller
• IOS-XR router bgp 65000
address-family ipv4 flowspec
exit
class-map type traffic match-all MyFlowSpec
neighbor 192.168.100.2
match protocol tcp
address-family ipv4 flowspec
match packet length 1000-1500
match destination-port 80 8080
match destination-address 172.16.199.0
255.255.255.0
end-class-map
policy-map type pbr MyFlowSpecPolicy
class type traffic MyFlowSpec
set dscp 46
policy rate 50 mbps
redirect nexthop 192.168.200.1
end-policy-map
!
flowspec
local-install interface-all
address-family ipv4
service-policy type pbr MyFlowSpecPolicy

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
BGP Flowspec - Client
• IOS/IOS-XE • IOS-XR
router bgp 65000 router bgp 65000
address-family ipv4 flowspec address-family ipv4 flowspec
neighbor 192.168.100.1 activate
exit
!
flowspec neighbor 192.168.100.1
address-family ipv4 address-family ipv4 flowspec
local-install interface-all !
vrf customerA flowspec
local-install interface-all local-install interface-all

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Troubleshooting BGP
Troubleshooting BGP Peering
• IOS/IOS-XE • IOS-XR
• Show ip bgp neighbor • Show bgp neighbor
• Show bgp ipv6 unicast neighbor • Show bgp ipv6 unicast neighbor
• Show ip bgp summary • Show bgp summary
• Show bgp ipv6 unicast summary • Show bgp ipv6 unicast summary

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
BGP Neighbor States
When establishing a BGP session, BGP goes through the following
states:
Idle: The router is searching the routing table to see whether a route exists to reach
the neighbor.
Connect: The router found a route to the neighbor and is waiting to completed the
three-way TCP handshake.
Active: BGP will try another TCP three-way handshake to establish a connection
with the remote BGP neighbor. If it is successful, it will move to the OpenSent state.
If the ConnectRetry timer expires then we move back to the Connect state.
OpenSent: The open message is sent, with the parameters for the BGP session.
OpenConfirm: The router received an agreement on the parameters for establishing
a session.
Established: Peering is established; routing begins.
#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Troubleshooting BGP Updates (Routes)
• IOS/IOS-XE • IOS-XR
• Show bgp • Show bgp
• Or show ip bgp • Show bgp ipv6 unicast

• Or show bgp ipv4 unicast


• Show bgp ipv6 unicast

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Conclusion
• BGP is complicated, but it is manageable. The more you play with
it, the more comfortable you’ll get…the more BGP will be your
friend!

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Agenda
• Introduction
• BGP for the CCIE Candidates
• Basics of BGP: IOS and IOS-XR
• Not so basic BGP
• More advanced BGP features
• Troubleshooting BGP
• Conclusion
• Q&A

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Q&A

If you have questions later, email me @ Johnny@Bassconsulting.com


Or find me on LinkedIn www.linkedin.com/in/johnny-bass-ccie6458
Complete your online session evaluation

Give us your feedback to be entered


into a Daily Survey Drawing.
Complete your session surveys through
the Cisco Live mobile app or on
www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing
on demand after the event at www.CiscoLive.com/Online.

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Continue
your Demos in
the Cisco
Walk-in
self-paced
Meet the
engineer
Related
sessions
education campus labs 1:1
meetings

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Thank you

#CLUS
#CLUS
R&S related Cisco education offerings
Course Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE® Routing & Switching
CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates
Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.

• Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP® Routing & Switching
• Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
• Troubleshooting and Maintaining
Cisco IP Networks v2.0

Interconnecting Cisco Networking Devices: Builds on ICND1 to provide capabilities needed to configure, implement CCNA® Routing & Switching
Part 2 (or combined) and troubleshoot a small enterprise network. Including: understanding of
Quality of Service (QoS), how virtualized and cloud services interact and
impact enterprise networks, along with an overview of network
programmability and the related controller types and tools that are
available to support software-defined network architectures.
Also available in self study eLearning format with Cisco Learning Lab.

Interconnecting Cisco Networking Devices: Understand layer 2 and layer 3 networking fundamentals needed to CCENT® Routing & Switching
Part 1 install, configure, and provide basic support of small/branch networks.
Covers network device security and IPv6 basics. Also available in self
study eLearning format with Cisco Learning Lab.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Design Cisco education offerings
Course Description Cisco Certification
Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, CCDP® (Design Professional)
(ARCH) Version 3.0 and detailed design of a network infrastructure that supports desired
capacity, performance, availability required for converged Enterprise (Available Now)
network services and applications.

Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies CCDA® (Design Associate)
(DESGN) Version 3.0 used to determine requirements for network performance, security,
voice, and wireless solutions. Prepares candidates for the CCDA (Available Now)
certification exam.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Wireless Cisco education offerings
Course Description Cisco Certification
• Designing Cisco Wireless Enterprise Professional level instructor led trainings to prepare candidates to CCNP® Wireless
Networks conduct site surveys, implement, configure and support APs and
• Deploying Cisco Wireless Enterprise controllers in converged Enterprise networks. Focused on 802.11 and
Networks related technologies to design, deploy, troubleshoot as well as secure
• Troubleshooting Cisco Wireless Enterprise Wireless infrastructure. Course also provide details around Cisco
Networks mobility services Engine, Prime Infrastructure and wireless security.
• Securing Cisco Wireless Enterprise Networks
Implementing Cisco Unified Wireless Network Prepares candidates to design, install, configure, monitor and conduct CCNA® Wireless
Essential basic troubleshooting tasks of a Cisco WLAN in Enterprise installations.
Understanding of the Cisco Unified Wireless Networking for enterprise
deployment scenarios. In this course, you will learn the basics of how to
Deploying Basic Cisco Wireless LANs (WDBWL) install, configure, operate, and maintain a wireless network, both as an 1.2
add-on to an existing wireless LAN (WLAN) and as a new Cisco Unified
Wireless Networking solution.
The WDAWL advanced course is designed with the goal of providing
learners with the knowledge and skills to successfully plan, install,
Deploying Advanced Cisco Wireless LANs configure, troubleshoot, monitor, and maintain advanced Cisco wireless
1.2
(WDAWL) LAN solutions such as QoS, “salt and pepper” mobility, high density
deployments, and outdoor mesh deployments in an enterprise customer
environment.
Deploying Cisco Connected Mobile Experiences WCMX will prepare professionals to use the Cisco Unified Wireless
Network to configure, administer, manage, troubleshoot, and optimize 2.0
(WCMX) utilization of mobile content while gaining meaningful client analytics.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Cybersecurity Cisco education offerings
Course Description Cisco Certification
Understanding Cisco Cybersecurity The SECFND course provides understanding of CCNA® Cyber Ops
Fundamentals (SFUND) cybersecurity’s basic principles, foundational knowledge,
and core skills needed to build a foundation for
understanding more advanced cybersecurity material &
skills.
Implementing Cisco Cybersecurity This course prepares candidates to begin a career within a CCNA® Cyber Ops
Operations (SECOPS) Security Operations Center (SOC), working with
Cybersecurity Analysts at the associate level.
Cisco Security Product Training Official deep-dive, hands-on product training on Cisco’s
Courses latest security products, including NGFW, ASA, NGIPS,
AMP, Identity Services Engine, Email and Web Security
Appliances, and much more.

For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Cybersecurity Cisco education offerings
Course Description Cisco Certification
CCIE Security 5.0 CCIE® Security

Implementing Cisco Edge Network Configure Cisco perimeter edge security solutions utilizing Cisco CCNP® Security
Security Solutions (SENSS) Switches, Cisco Routers, and Cisco Adaptive Security Appliance
(ASA) Firewalls
Implementing Cisco Threat Control
Solutions (SITCS) v1.5 Implement Cisco’s Next Generation Firewall (NGFW), FirePOWER
NGIPS (Next Generation IPS), Cisco AMP (Advanced Malware
Protection), as well as Web Security, Email Security and Cloud
Implementing Cisco Secure Access Web Security
Solutions (SISAS)
Deploy Cisco’s Identity Services Engine and 802.1X secure
Implementing Cisco Secure Mobility network access
Solutions (SIMOS)
Protect data traversing a public or shared infrastructure such as
the Internet by implementing and maintaining Cisco VPN
solutions
Implementing Cisco Network Security Focuses on the design, implementation, and monitoring of a CCNA® Security
(IINS 3.0) comprehensive security policy, using Cisco IOS security features
For more details, please visit: www.cisco.com/go/securitytraining or http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Data Center / Virtualization Cisco education
offerings
Course Description Cisco Certification
Introducing Cisco Data Center Networking (DCICN) Get job-ready foundational-level certification and CCNA® Data Center
Introducing Cisco Data Center Technologies (DCICT) skills in installing, configuring, and maintaining
next generation data centers.
Implementing Cisco Data Center Unified Computing (DCUCI) Obtain professional level skills to design, CCNP® Data Center
Implementing Cisco Data Center Infrastructure (DCII) configure, implement, troubleshoot next
Implementing Cisco Data Center Virtualization and Automation generation data center infrastructure.
(DCVAI)
Designing Cisco Data Center Infrastructure (DCID)
Troubleshooting Cisco Data Center Infrastructure (DCIT)

Product Training Portfolio:DCAC9K, DCINX9K, DCMDS, DCUCS, Gain hands-on skills using Cisco solutions to
DCNX1K, DCNX5K, DCNX7K, CACND, DSACI, HFLEX configure, deploy, manage and troubleshoot
UCSDF, UCSDACI, DCUCCEN unified computing, policy-driven and virtualized
data center infrastructure.

Designing the FlexPod® Solution (FPDESIGN) Learn how to design, implement and administer Cisco and NetApp Certified
Implementing and Administering the FlexPod ® Solution (FPIMPADM) FlexPod® solutions FlexPod® Specialist

Designing the VersaStack Solution (VSDESIGN) Learn how to design, implement and administer
Implementing and Administering the VersaStack Solution (VSIMP) VersaStack solutions

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Network Programmability Cisco education offerings
Course Description Cisco Certification
Developing with Cisco Network Provides Application Developers with comprehensive curriculum to Cisco Network Programmability
Programmability (NPDEV) develop infrastructure programming skills; Developer (NPDEV) Specialist
Addresses needs of software engineers who automate network Certification
infrastructure and/or utilize APIs and toolkits to interface with SDN
controllers and individual devices
Designing and Implementing Cisco Network Provides network engineers with comprehensive soup-to-nuts Cisco Network Programmability
Programmability (NPDESI) curriculum to develop and validate automation and programming skills; Design and Implementation
Directly addresses the evolving role of network engineers towards more (NPDESI) Specialist Certification
programmability, automation and orchestration

Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming – within the context of Recommended pre-requisite for
performing functions relevant to network engineers. Use Network NPDESI and NPDEV Specialist
Programming to simplify or automate tasks Certifications

Cisco Digital Network Architecture This training provides students with the guiding principles and core
Implementation Essentials (DNAIE) elements of Cisco’s Digital Network Architecture (DNA) architecture and
its solution components including; APIC-EM, NFV, Analytics, Security
and Fabric.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Cloud Cisco education offerings
Course Description Cisco Certification
Learn how to perform foundational tasks related to
Understanding Cloud Fundamentals (CLDFND)
Cloud computing, and the essentials of Cloud CCNA® Cloud
Introducing Cloud Administration (CLDADM)
infrastructure, administration and operations
Implementing and Troubleshooting the Cisco Cloud Infrastructure
(CLDINF) Obtain professional level skills to design,
Designing the Cisco Cloud (CLDDES) automate, secure, provision and manage private CCNP® Cloud
Automating the Cisco Enterprise Cloud (CLDAUT) and hybrid Clouds
Building the Cisco Cloud with Application Centric Infrastructure (CLDACI)

Product Training Portfolio:


CloudCenter: CLDCTR* Gain in-depth hands-on skills using Cisco
UCS Director: UCSDF, UCSDACI solutions to configure, deploy, manage and
Prime Service Catalog: PSCF, PSCI, PSCD troubleshoot Cloud deployments
MetaPod: MPODF20
*Available Q3FY18

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Collaboration Cisco education offerings
Course Description Cisco Certification
CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot CCIE® Collaboration
complex collaboration networks

Implementing Cisco Collaboration Applications Understand how to implement the full suite of Cisco collaboration CCNP® Collaboration
(CAPPS) applications including Jabber, Cisco Unified IM and Presence, and Cisco
Unity Connection.
Implementing Cisco IP Telephony and Video Learn how to implement Cisco Unified Communications Manager, CCNP® Collaboration
Part 1 (CIPTV1) CUBE, and audio and videoconferences in a single-site voice and video
network.
Implementing Cisco IP Telephony and Video
Part 2 (CIPTV2) Obtain the skills to implement Cisco Unified Communications Manager
in a modern, multisite collaboration environment.
Troubleshooting Cisco IP Telephony and Video
(CTCOLLAB) Troubleshoot complex integrated voice and video infrastructures

Implementing Cisco Collaboration Devices Acquire a basic understanding of collaboration technologies like Cisco CCNA® Collaboration
(CICD) Call Manager and Cisco Unified Communications Manager.

Implementing Cisco Video Network Devices Learn how to evaluate requirements for video deployments, and
(CIVND) implement Cisco Collaboration endpoints in converged Cisco
infrastructures.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Service Provider Cisco education offerings
Course Description Cisco Certification
Deploying Cisco Service Provider Network Routing SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP), CCNP Service Provider ®
(SPROUTE) & Advanced (SPADVROUTE) route manipulations, and HA routing features; SPADVROUTE covers advanced
routing topics in BGP, multicast services including PIM-SM, and IPv6;
Implementing Cisco Service Provider Next-
Generation Core Network Services (SPCORE) SPCORE covers network services, including MPLS-LDP, MPLS traffic
engineering, QoS mechanisms, and transport technologies;
Edge Network Services (SPEDGE) SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,
and Carrier Ethernet services; all within SP IP NGN environments.

Building Cisco Service Provider Next-Generation The two courses introduce networking technologies and solutions, including OSI CCNA Service Provider ®
Networks, Part 1&2 (SPNGN1), (SPNGN2) and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network
management, and Cisco OS (IOS and IOS XR).

Implementing Cisco Service Provider Mobility UMTS The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills Cisco Service Provider Mobility
Networks (SPUMTS); required to understand products, technologies, and architectures that are found CDMA to LTE Specialist;
Implementing Cisco Service Provider Mobility CDMA in Universal Mobile Telecommunications Systems (UMTS) and Code Division Cisco Service Provider Mobility
Networks (SPCDMA); Multiple Access (CDMA) packet core networks, plus their migration to Long- UMTS to LTE Specialist
Implementing Cisco Service Provider Mobility LTE Term Evolution (LTE) Evolved Packet Systems (EPS), including Evolved Packet
Networks (SPLTE) Core (EPC) and Radio Access Networks (RANs).

Implementing and Maintaining Cisco Technologies Service Provider/Enterprise engineers to implement, verification-test, and Cisco IOS XR Specialist
Using IOS XR (IMTXR) optimize core/edge technologies in a Cisco IOS XR environment.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Internet of Things (IoT) Cisco education offerings
Course Description Cisco Certification
Managing Industrial Networks for An associate level instructor led lab based training CCNA® Industrial
Manufacturing (IMINS2) focuses on common industrial application protocols,
security, wireless and troubleshooting designed to
prepare you for the CCNA Industrial certification
Managing Industrial Networks with This instructor led lab based training addresses Cisco Industrial
Cisco Networking Technologies (IMINS) foundational skills needed to manage and administer Networking Specialist
networked industrial control systems for today's
connected plants and enterprises. It helps prepare plant
administrators, control system engineers and traditional
network engineers for the Cisco Industrial Networking
Specialist certification.
Control Systems Fundamentals For IT and Network Engineers, provides an introduction to Pre-learning for IMINS,
for Industrial Networking (ICINS) industry IoT verticals, automation environment and an IMINS2 training &
overview of industrial control networks (E-Learning) certifications
Networking Fundamentals For Industrial Engineers and Control System Technicians, Pre-learning for IMINS,
for Industrial Control Systems (INICS) covers basic IP and networking concepts, and IMINS2 training &
introductory overview of Automation industry Protocols. certifications

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Data and Analytics Cisco education offerings
Course Description
ANDMB – Data Management, Architecture and Applications Provides hands on training with a technical mix of application, compute, storage and
networking topics concerning the deployment of Big Data clusters.

ANDMA – Advanced Data Management, Architecture and Covers major architecture design to cater to different needs of the application, data center
Applications or deployment requirements. It provides architectural designs and advanced hands-on
training on topics covering Scaling of cluster to thousands of nodes and management, Data
Life Cycle management with HDFS tiered storage, and different approaches for Multi-tenant
Hadoop cluster deployments with Openstack

Data and Analytics training page: http://www.cisco.com/c/en/us/training-events/resources/learning-services/technology/data-analytics.html


For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Digital Business Transformation
Cisco education offerings
Course Description Cisco Certification
For Technology Sellers:

Adopting the Cisco Business Architecture Builds skills to discover and address technology needs using a Cisco Business Architecture
Approach business-focused, consultative sales approach, broadly applicable and Analyst
targeted to prepare for the digital transformation journey that is
demanded across the business world.
Applying Cisco Business Architecture Provides tools and skills training to prepare the learner to use a business Cisco Business Architecture
Techniques led approach to technology solutions sales and deployments. This Specialist
continues the journey begun with the Adopting the Cisco Business
Architecture Approach above
Mastering the Cisco Business Architecture Builds skills, and proven, real-world techniques to prepare for a Cisco Business Architecture
Discipline Business architect leadership role in the sales and deployment of Practitioner
transformative technology solutions.

Cisco Customer Success Manager Specialist Prepares for the crucial role that drives adoption and enablement, Cisco Certified Customer
ensuring that customers achieve their expected business outcomes, and Success Manager
reduces churn/increases renewal for services and subscription based
products.

For more details, please visit: http://learningnetwork.cisco.com


Questions? Visit the Learning@Cisco Booth

#CLUS BRKCCIE-3000 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 93

You might also like