The year is finally over.  Actually, it sort of snuck up on me.  I must be getting really old or something to let that happen.

At the beginning of the year, I posted my goals for 2011.  How did I do?  Not too well.  I batted .500, so feel free to boo me.

• Hurry up and finish CCNA Voice : I finished that on 7 February.  Was it worth it?  Not really.  I haven’t used the knowledge, and voice isn’t my thing.  I got it to spice up the resume, but it didn’t really come into play at all.  Oh, well.  It’ll expire in about 2 years.
• Pass CCIE R&S written exam : I got this one finally.  I flunked out at Cisco Live this year, but I redeemed myself on 23 August with a online pokie games pass.  Jody still owes me a drink since I hold the record for lowest passing score.
• Select a CCIE training vendor : Yeah…I never got to that one.  When I finally got through the written, my job had completely drained my motivation.  I fixed that problem by getting a new job, but that didn’t help free up any time to figure out which vendor I wanted to use.  #fail
• Schedule CCIE R&S lab : That obviously didn’t work out, either, since it’s dependent on selecting a training vendor.  #fail

What does this hold for this year?  Getting some training and scheduling an exam is obviously priority.  Since my new job is going all Juniper, going through those certifications would be next.  Another super-busy year, I’m sure.

Wow! A Junos post! Amazing.

We all know that the configuration on a Junos box is very hierarchical. Sometimes it doesn’t make a lot of sense, but it’s all a pretty cascade of code. One of the big messes that I’ve found is the VPN configuration hierarchy; there are way more items to configure than on an IOS device.  To reinforce the stpes in my head, I thought I’d get some of the pieces into a post. These aren’t all the options, but it’s all you need to get a static IPSec tunnel up and running.

Man, time is hard to come by of late.  I’ve had so little time to rest that’s it’s hard to get my thoughts together.  It’s a good thing in this case, though, since it’s my fantastic job that’s taking all my time.  It’s great to see new network and learn their internals…especially when they were designed by some long-time CCIEs who actually knew what they were doing.

One of the big things that I’m dealing with lately is VRFs.  I’ve implemented some VRF-lite stuff, but I’ve never had any practical experience with the full force of them.  I’m definitely learning here.  Since the blog here is really about my sharing what I’ve learned, let’s go through something that came up recently - terminating VPNs on one VRF while passing traffic to another.

I like to take a month or so off from blogging during the summer, but my CCIE R&S written studies pushed that back a bit.  I’ve finally got my lazy self back on track, but it may just be for a few days since I’ve accepted a new job in another city and am in the process of moving.

I am really excited about the new position.  Since I haven’t started yet, I’m not going to reveal who the company is, but you’ve all seen the name.  They’re forming a new group to handle specialty services for customers, and I’ll be working for the manager of that team as the Senior Network Engineer.  My future boss is a CCIE, so that’s a great start; we didn’t even have a CCNA at my current company until about 2007.  The job is going to be great, and the wife and I are both up for new adventures.

Here’s a story from last week with little of no teaching value.

I got a call from one of our business units looking for some routing help.  We don’t usually care about their production networks, but they were seeing some funky traceroutes, so I agreed to try and help them out.

They sent over two fresh traceroutes from a host on a 7600.  In one of them, the trace went to the 7600 and then on down the line as expected.  In the other, the trace showed the 7600, another router’s far interface IP (that is, an interface not facing the 7600), then the 7600’s interface facing that router.  Every few minutes, the path was switch between the two.  The dude told me that they were an OSPF shop, so I asked him to send me the standard show ip route and show ip ospf database commands so I could see what’s going on.  The word “unexpected” comes to mind when trying to describe what I found.  So do other words that aren’t very appropriate.

The wife and I had a romantic day driving several hours to a small town to take Cisco exams.  If this doesn’t get me some action, I don’t know what else to try.

I’ve already used the phrases “skin of my teeth” and “a pass is a pass” on Twitter today for good reason.  Passing is a score of 790, and I blew that away with a 790.  One more lapse in concentration and I would have been making up more excuses instead of smiling.  I think I’ve mentioned this before, but I have this weird reaction to taking exams where I don’t get nervous at all until after I’m finished.  Walking into the testing center, I was fine.  Walking out, I was shaking like Northern Virginia.  It was so bad that I could barely hold on to the door knob when trying to leave, so I guess that I’m really prouder than I thought I was.

This week we have a guest post from CJ Infantino. He is currently writes on convergingontheedge.com. You can find him hanging out on Google Plus as CJ Infantino or follow him @cjinfantino on twitter.

The other day I was adding VLANs to the the allowed list on the core routers at work. It was then a question came to mind, “Does the VLAN allowed list filter ingress or egress traffic?”.

Now, because all good engineers would configure the allowed list on both ends – as Aaron would say – in the grand scheme of things this really doesn’t matter, but being the inquisitive guy that I am, I wanted to know.

So I searched, and searched and google’d and could not find the answer. At that point there was only one thing left to do – lab it up!

I was studying via Google+ Hangout the other day with CJ and Rob, and one of the topics that came up was that OSPFv2 advertises all loopbacks as 32-bit no matter what the configured mask is.  I rarely use loopbacks outside of a lab and had no idea it did that, so I set up a quick lab to see for myself.  Sure enough!  That’s exactly what I saw.

Of course, being the inquisitive network guys that we are, we went on to discuss methods for making OSPF advertise the configured network instead of the single IP.  The guys mentioned two methods - to redistribute the connected interfaces and to manually set the OSPF network type on the loopback.  We were using IPv4 during the session, but I went back and added some IPv6 addresses and processes to compare.

It’s been a long time, eh? I’ve spent the last month or so with my nose down in a book and my mouse in a Google+ Hangout window studying my rear off for the CCIE R&S Written. Too bad I didn’t pass it.

The exam consisted of 77 questions over a 2 hour window. That’s plenty of time to finish; I think I had 48 minutes left when I was through, so time wasn’t a problem. There were only 2 or 3 questions where I was totally lost, so the technology wasn’t a problem. The big problem, like always, was the usual crap questions that are in these exams. Some didn’t provide all the required information. Some were impractical examples of deployments you would never use in the field. Some were on deprecated technologies. Hell, I had one that involved CatOS. Really? CatOS? Since I only failed by about 2 questions (like I always do), these shenanigans are magnified in my mind. It really irks me how these exams are being done; foggy questions don’t really measure ability.