Friday, October 17, 2014

Fall 2014 Training Updates

First, I am proud to announce that 54 of my students have passed the CCDE Practical exam to date! Your efforts and hard work have allowed you to achieve one of the most difficult certifications available. If you haven't already done so, please join the CCDE Exclusive Linked In group by clicking on this link. This group consists only of fully-certified CCDEs and provides a way for us to share news and contact each other when necessary. About half of all CCDEs are members.. join today! :)

There are a several new announcements regarding the CCDE certification and my training:

CCDE As a Partner Requirement

Cisco has inched closer to making the CCDE certification a Partner requirement! This is great news for everyone who has achieved this certification (by my count, 233 individuals to date). It is also the perfect justification for Cisco Partners to encourage and support their employees in their pursuit of the certification. Details of the new programs can be found on Cisco's website (partner login required). The Partner Specialization that is expected to require a CCDE-certified individual is the Master Enterprise Networks Specialization, which launches in 2015.

Classroom Training Updates

I have several CCDE Practical Bootcamp classes on my training schedule for the next few months.

I have agreed to teach CCBootcamp's CCDE Practical class the week of November 10th, 2014. If you are interested in registering, please contact them at or call them at 877-654-2243. Las Vegas is always a great city to visit, and this time of year is very reasonable weather-wise. It's nothing like Cisco Live's sweltering 110 degrees Fahrenheit daytime temperatures!

I am running a CCDE Practical Bootcamp in Dubai, the week of January 18th, 2015. Details can be found on my website (click here), or you can register by going directly to Eventbrite. I am offering a 15% discount if you register by the end of October. Use the promotional code 'october' when you register.

I also have a CCDE Practical Bootcamp class scheduled for the week of April 20th, 2015 in Orlando, Florida USA. Spring weather in Florida is nice, and the theme parks are great fun for the family, so considering bringing them along! Details can be found on my website, and registration is available at Eventbrite.

Online Training

I am also offering my online CCDE practice exam training in two forms. On Saturday November 1st, I will lead the first of the CCDE Practical practice exam review sessions. The second session will be on Saturday November 8th. These live Webex-based sessions allow candidates to ask questions about the CCDE program, CCDE practical exam and the practice exams that I offer. All past students are invited to attend, until they receive a passing score on Cisco's CCDE Practical exam. Details on this class can be found on my website.

If your schedule isn't flexible, my self-paced training is always available to suit your needs. Within 24 hours of registering you will receive my CCDE training materials and four practice exams. Once you complete the exams, let me know and I will provide access to recordings of the above-mentioned review sessions which explain the correct answers. Self-paced registrants are also permitted to attend any subsequent live sessions, and will be provided access to future recordings at no charge.

As always, if you have any questions about the CCDE program or these training opportunities, please email me at

Thank you,

Thursday, April 17, 2014

Dubai Was a Blast!

During the week of March 30, 2014 I traveled to Dubai to deliver my CCDE Practical Bootcamp class. The above picture is our class photo from the week (I need to remember to do this for future classes). From left-to-right: Asad, Jeriel, Jeremy (me), Evgeny, Alexander, Hamed and Mazin. Only Hamed is a local… thank you for your hospitality! The rest traveled from Europe, Africa and the Middle East region to immerse themselves in a week of network design concepts, case studies and practice exams.
I had such a great time delivering the class that I am already planning to return to Dubai in early 2015 to teach it again. According to those who live in the area, the winter and early spring months are the best time to visit; the weather can get quite unbearable beginning in May. We hit highs of 90 degrees Fahrenheit (32 C) while I was in town, which was quite a departure from the snow and ice of my hometown in the US. I couldn’t imagine trying to walk outside during the summer highs of 120 degrees F! If you are interested in attending my next Dubai class (likely January 18-23 or February 1-5, 2015) please email me and I will provide details as they become available.
As for leisure, I was able to find a bit of time in the evenings to visit the world’s largest mall and travel to the observation deck of the world’s tallest building. The Burj Khalifa is remarkably tall; I worked for some time in New York City and became accustomed to living among the skyscrapers. Even the new Liberty Tower in Manhattan does not tower over neighboring buildings in quite the same way as the Burj Khalifa. I was also able visit the Madinat Jumeirah resort and meet up with Sam, a previous student and active CCDE who lives in Dubai. Dubai is an impressive location to hold a class; I am looking forward to returning!
Thank you once more to those who attended this class, and good luck to all my friends and students who are planning to take the CCDE practical exam in May! If you’d like to learn more about my online training, please visit If you would like to attend my next CCDE bootcamp in the US, visit

Thursday, December 5, 2013

CCDE Training Schedule for 2014

Congratulations to my seven students who successfully completed the CCDE Practical exam on November 22nd! I am honored to have trained 31 of the world’s CCDEs. Thank you for allowing me to be a part of your success. Passing this exam is quite an accomplish; you should be very proud of your effort.

Interest in the CCDE program has increased considerably since I started training network engineers and architects for this certification in 2010. I’m trying my best to increase my training offerings to meet candidates needs. To that end I have opened registration for the following CCDE training classes. If you are interested in attending, please click on the links below. If you have any questions, please don’t hesitate to ask.

April CCDE Practice Exams

My next online CCDE practice exams are scheduled for Saturday April 5th and 12th, 2014. Registrants for these sessions will receive four CCDE Practice exam scenarios, as well as my CCDE overview presentation and guidance documents. The review sessions will take place on consecutive Saturdays and are expected to last from 9am ET until approximately 1pm ET. Registration for these sessions in available at Eventbrite.

Self-Paced CCDE Practice Exams

My CCDE practice exams are available in a self-paced offering. Once you register you will receive the exam content within 24 hours. Registrations for the self-paced class are always invited to attend any subsequent live sessions as well, including the February 1st CCDE overview presentation and question & answer session. Registration for the self-paced class is available at Eventbrite. I have updated my content to reflect the most recent changes in the CCDE program, including the flexible lunch breaks and day-before registration for any Pearson Professional Center.

CCDE Bootcamp in Philadelphia, Pennsylvania - January 27-31, 2014

My next scheduled live CCDE Practical bootcamp class is coming up at the end of January. It will be held at the University of Pennsylvania campus in Philadelphia, PA. My live class content has been updated to incorporate the latest CCDE updates. I have also added a new section comparing/contrasting GETVPN and DMVPN, based on feedback from recent class attendees. Registration is open at Eventbrite.

CCDE Bootcamp in Celebration, Florida - July 28-August 1, 2014

Last year’s Celebration, Florida class was quite successful. Feedback about the town (located near Orlando in Central Florida) and the Stetson University facilities was overwhelmingly positive. I have decided to bring my class back to the same location this coming July. Registration is open at Eventbrite. The course description can be found by clicking on the title above.

CCDE Bootcamp in Dubai, UAE March 30 - April 3, 2014

I am also offering my week-long class in Dubai during the week of March 30th, 2014. Registration is available in at Eventbrite. The class will be held at City Seasons Suites in Dubai. If you have any questions about this class please let me know. I am also considering a European class the month of November, 2014. If you are interested in attending a class in London or Frankfurt, please let me know. I am still trying to gauge the interest level before committing to this class.

As always, if you have any questions about my training classes or the CCDE program please write me an email at I look forward to helping candidates succeed at this certification in the coming year.

Tuesday, October 1, 2013

Python Scripting and the Blackjack "In Bet"ween Bet

I recently spent an hour or so at the local casino (Delaware Park) playing blackjack with my father-in-law. The table we chose had a side bet called “IN BETween”, which compares the player’s two cards to the dealer’s up card. If all three cards match, the player is paid a 30-1 return. If the dealer’s card is in between the two player cards (hence the name of the game), the player is paid based on a pay table. At Delaware Park, the current pay table is:

Result Pay Ratio Example Winning Hand
All Cards Match 30-1 7-7-7
One Card Spread 10-1 3-4-5
Two Card Spread 6-1 8-T-J
Three Card Spread 4-1 2-5-6
All Other Spreads 1-1 3-7-T
For comparison purposes, Aces are the highest possible card.

After watching this side bet for awhile, I began to wonder what the house odds were for this game. Sure, I can just look it up (h/t to the State of Washington -, but this seemed like a perfect excuse to spend a few minutes with Python. So I dusted off my old Poker python script and modified it to simulate this game. No one actually starts a Python script with an empty notepad file, right? Smile

If you are interested in playing with this script, it takes two parameters. The first is the number of decks used. The number of decks is an important factor in this wager, as the majority of the value in the bet is due to the frequency of 30-1 payouts. Seeing three matching cards on a random draw from a single deck only happens .235% of the time (3/51 * 2/50), while the same result from eight decks happens .541% of the time, more than twice as often (31/415 * 30/414).

The second parameter is the number of iterations. Monte Carlo simulations benefit from many iterations. I’ve found that 1,000,000 iterations convergences on the mathematical results that the State of Washington has in their reference document.

Without further explanation, here is the script. If you notice any errors or anything I’ve done that is wildly inefficient please let me know; I always like improving my programming skills. If you want to improve this one suggestion would be to add the other pay tables listed in the State of Washington document. My local casino only seems to use the payouts I have listed, and since I rarely go to a casino (even the local one) these are the only payouts I was interested in.

# - Runs Monte Carlo simulation of In BETween bet
#       with user-specified number of decks and iterations
# Reference URL -
import sys
import random
def inbetween(cards):
# Takes array of three cards
# Returns win multiple based on standard pay table
#   return value includes original wager, if successful
  if cards[0][0] > cards[2][0]:
    cards[0], cards[2] = cards[2], cards[0]
  if cards[0][0] == cards[1][0] == cards[2][0]: return 30+1
  if cards[0][0] < cards[1][0] < cards[2][0]:
    if cards[2][0] - cards[0][0] == 2: return 10+1
    elif cards[2][0] - cards[0][0] == 3: return 6+1
    elif cards[2][0] - cards[0][0] == 4: return 4+1
    return 1+1
  return 0

def card_gen(num_decks):
# Takes number of decks (1 - 8)
# Returns three cards in array
# cards[0] = Player Card 1
# cards[1] = Dealer card 1
# cards[2] = Player Card 2
  card1 = []
  card2 = []
  card3 = []
  card1 = [random.randrange(0,13), random.randrange(0,4), random.randrange(0, num_decks)]
  card2 = [random.randrange(0,13), random.randrange(0,4), random.randrange(0, num_decks)]
  while card2 == card1:
#    print "Collision! " + str(card1) + " " + str(card2)
    card2 = [random.randrange(0,13), random.randrange(0,4), random.randrange(0, num_decks)]
  card3 = [random.randrange(0,13), random.randrange(0,4), random.randrange(0, num_decks)]
  while (card3 == card1) or (card3 == card2):
#    print "Collision! " + str(card1) + " " + str(card2) + " " + str(card3)
    card3 = [random.randrange(0,13), random.randrange(0,4), random.randrange(0, num_decks)]
  cards = []
  return cards

def readable_hand(cards):
# Returns a readable version of a set of cards
  rank_refstring = "X23456789TJQKA"
  suit_refstring = "xcdhs"
  string = ""
  for i, v in enumerate(cards):
    string += rank_refstring[v[0]+1] + suit_refstring[v[1]+1] + str(v[2]+1)
  return string
# Main Program Body
# Initialization
iterations = 0
num_decks = 0
cards = []
total_won = 0
result = 0
# Process command-line arguments
if (len(sys.argv) < 3) or (sys.argv[1] in ("-h", "--help")):
First input is number of decks to be used (1 - 8)\n\
Second input is number of iterations to run the Monte Carlo simulation\n\n\
--help: This message\n")
    num_decks = int(sys.argv[1])
    iterations = int(sys.argv[2])
    if iterations < 1: iterations = 1
for n in range(1, iterations+1):
  cards = card_gen(num_decks)
  result = inbetween(cards)
  total_won += result
#  print "Result[" + str(n) + "]: $" + str(result) + " Hand = " + readable_hand(cards)
print "Total Wagered = $" + str(iterations)
print "Total Returned = $" + str(total_won)
print "Total Profit = $" + str(total_won - iterations)
print "Win / Loss Percentage = %.2f" % \
  (100*float(total_won - iterations) / iterations) + "%"

Friday, September 13, 2013

CCDE Study Resources Update

It’s been a while since I have updated my CCDE Study Resources list. Below is a list of resources that I recommend CCDE Practical candidates use to prepare for the exam. But first… who should be attempting this exam?

Cisco recommends 7+ years of network design experience before tackling this certification program. I would like to add that 7+ years designing the same small network is unlikely to cut it. Candidates will want to have spent time in a variety of network design challenges; preferably split between service provider and enterprise networks. I agree with the CCDE program team that many technologies have made the jump between these two traditional network types, but not all of them have. For example, I haven’t run into an Enterprise running IS-IS. I know they’re out there, but they are still rare.


Recommended Reading List

I highly recommend that CCDE candidates read the following Cisco Press books. Remember, you can skip the configuration syntax, although I often find it helpful to review configs to bolster my understanding of technology:

  • Optimal Routing Design
  • MPLS Fundamentals
  • End-to-End QoS Network Design (a new version is due out in November 22, 2013)
  • BGP Design and Implementation
  • Definitive MPLS Network Designs

I also suggest that CCDE candidates familiarize themselves with the technologies covered in these books. Whether you actually read them, or use their tables of content to guide you online learning, that’s your call:

  • Layer 2 VPN Architectures
  • IPv6 Fundamentals
  • Network Management: Accounting and Performance Strategies
  • Developing IP Multicast Networks (terribly dated, so I suggest researching this on your own)

Cisco Live 365

Cisco Live 365 is an incredibly valuable CCDE preparation resource. Himawan Nugroho wrote an excellent blog post on preparing for the CCDE where he covered the presentations that he used to pass the exam. My own list is similar to his, so I’ll only list my ‘must watch’ sessions here.

  • BRKRST-2042 Highly Available Wide Area Network Design
  • BRKSEC-4054 DMVPN Deployment Model
  • BRKRST-2335 IS-IS Network Design and Deployment
  • BRKRST-2310 Deploying OSPF in a Large Scale Network
  • BRKRST-2336 - EIGRP Deployment in Modern Networks
  • BRKRST-3051 - Core Network Design: Minimizing Packet Loss with IGPs and MPLS

As a bonus, here are a couple that look highly relevant to the CCDE Practical exam, but I haven’t watched yet:

  • BRKIPM-3010 - Which Routing Protocol? - IPv4 and IPv6 Perspective
  • BRKRST-2044 - Enterprise Multi-Homed Internet Edge Architectures
  • BRKCRS-3036 - Enterprise Campus Design: Routed Access


Online Discussion Boards

There are two great online resources for CCDE preparation. The first is Cisco’s own Cisco Learning Network. The CCDE section of this site is the definitive source for test dates and official exam blueprints. There is also an online discussion board that is monitored by Cisco and several current CCDEs and CCDE candidates. On topic questions are generally answered quickly. You can even find a CCDE overview video that I participated in on the main page on the site.

The second resource is Ethan Bank’s CCDE Group Study Google group. Ethan is a prospective CCDE candidate who created this Google group. It currently has over 100 members, including several current CCDEs (myself included) and several of Cisco’s CCDE Practical content developers. My favorite part of the Google group is the ability to opt-in to daily email updates. Message traffic is light, but with so many participants, any questions are quickly answered.



I provide two forms of training for the CCDE Practical exam:


CCDE Practical Bootcamp Classes

These are five day in person classes where we cover the technologies candidates will need to know for the CCDE Practical exam. My next class is hosted by CCBootcamp in Las Vegas, NV the week of November 11, 2013. I am tentatively scheduling my first CCDE bootcamp of 2014 for the week of January 27th in Philadelphia, PA. If you are interested in attending either of these classes, please email me at and I can provide registration information. Also, if you have a suggestion for a European location for 2014, please let me know. I’d like to take my class on the road next year… let me know where you’d like it to be.

Details on the format of the classes can be found at


Online CCDE Practice Exams

For those candidates who cannot take a week off for training, or have difficulty traveling to the US, I also offer an online CCDE training option. This event utilizes my CCDE practice exams to prepare candidates for the type of questions and format of the CCDE Practical exam. Participants receive four CCDE exam scenarios with a total of 80 questions. I review the exams via WebEx with candidates on two consecutive Saturdays (two scenarios per review session). Candidates are invited to attend the WebEx review sessions in real-time to ask questions, or they can choose the self-paced option and watch the review sessions on-demand. Registration for the self-paced option is always available. The next live review sessions are scheduled for November 2nd and 9th.


If you have any questions about these resources, please let me know. And if I have missed anything please send me an email so I can update this page.

Monday, June 3, 2013

Don’t Let Twitter Distract You From Your Goals

First, congratulations to the five students of mine who successfully completed the CCDE Practical Exam on May 30th. For students (and others) who were unsuccessful, please let me know what I can do to help you achieve your goal. This is a difficult exam program, so don't get discouraged!

Everyone knows Twitter and blog reading can be a huge distraction. It is easy to 'jump on Twitter' after your morning coffee and before you know it, it's time to go grab lunch. Where did the time go?!? That's just the obvious way that 'the web' can distract you from achieving your goals. The more insidious type of distraction is how what we read on Twitter and our favorite blogs causes us to question our goals. How many times have you read a particularly insightful 140-character post from @etherealmind or @ioshints and thought to yourself 'Wow! I've got it all wrong; I need to drop my pursuit of <Technology A> and start studying <Technology B>, now!' (as an aside... how do these folks make salient points in 140 characters? My initial Twitter posts are always witty and insightful, but they're also 300+ characters. Once I distill them down to 140 characters they all end up saying the equivalent of "Yeah, me too" or "Ntwkring is imprtnt!!!")

Don't get me wrong -- These Twitter and blog posts can (and should) be a source of great inspiration for your career and life goals. The problem is that constantly churning your goals is self-defeating. You will never get anywhere if keep changing your destination. My strategy for dealing with these sorts of distractions is to reserve a couple of hours every few months to evaluate my written goals and determine if I have learned anything new over the preceding months that require me to modify my goals. Often I do make adjustments because facts have changed or because I have achieved one or more goals. In fact, I'm quite surprised on the rare occasion where my goals remain intact after a review.

BTW, you did write down your goals, didn't you? If you didn't, minimize this browser window or put down your smartphone/tablet and spend 15 minutes writing down your professional goals. I can't think of a single person who has told me that they were better off for not having written down their goals, once they've done it.

What is the downside to this strategy? Well, infrequently I will find that a course correction is necessary, and I could have saved myself some unnecessary work if I had modified my goal earlier. On the flip side, I have more often found that the shiny object that drew my attention in a blog post isn't quite as brilliant with the passage of a few weeks' time. Or it may still be hugely important, but isn't worth my time yet based on the items already on my plate. It's surprising how slowly technology develops... There is almost always time to defer to others for the initial exploration. Once they figure it out, sweep in and grab the benefit of their knowledge-sharing. You shouldn't feel bad about this either; it is more efficient for the industry as a whole. The whole thing is reciprocal, if you are publicly sharing the knowledge that you are gaining in pursuit of your own goals!

Next time you see something that seems valuable on Twitter or in a blog post, write it down or clip it in Evernote. Then review all these scraps of paper at your next 'Goal Review' meeting with yourself. If the information is going to change your life, it's okay to put it off for a few weeks. After all, you'll have decades to reap the benefits. Delaying for a month is not going to matter much in hindsight.

Thursday, May 2, 2013

My Experiences with IPv6

I finally cleared enough time on my calendar to start thinking about IPv6 for my corporate network. It’s been quite a while since I last considered implementing IPv6. Fortunately we haven’t had a reason to move forward, so my procrastination has not caused us any grief.
I spent a couple of hours reviewing Ivan Pepelnjak’s Enterprise IPv6 First Steps webinar. Great stuff! It hit on many of the topics I was interested in, including end host address assignments, native IPv6 DNS servers and transition techniques. Armed with a bit of knowledge (always dangerous), I decided to activate IPv6 on my home LAN.
At first I thought my ISP, Comcast, did not support IPv6. I looked for awhile on Comcast’s website to find a rollout schedule, but every link took me back to It was not helpful. I finally broke down and called Comcast support. I was told that IPv6 is enabled in my area, and pretty much everywhere in the Comcast network. My issue turned out to be an old Comcast-provided cable modem. The key to figuring this out is to visit the following web page - This page has an easy-to-use chart of approved devices and whether they support IPv6. I printed this out and took it to my local Comcast office, where they fortunately had a replacement modem available. Be warned, the folks at the Comcast office had never heard of IPv6, but they were able to find a modem on my printed out list. So if you are going to try this yourself, bring the list!
Basic IPv6 Configuration
At home I use a Cisco 1811W router, currently running IOS Advanced IP Services 15.1(4)M6. The following configuration got me up and running on the IPv6 Internet:
ipv6 unicast-routing
ipv6 cef
interface FastEthernet0
description ISP Link
ipv6 address autoconfig default
ipv6 enable
ipv6 dhcp client pd comcast-ipv6 rapid-commit
interface BVI254
description Home
ipv6 address FE80::1 link-local
ipv6 address comcast-ipv6 ::1/64
ipv6 enable

Adding Security
Of course, the above configuration is wide-open to the Internet, which likely isn’t to be your preferred configuration. I chose to implement Cisco’s Zone Based Firewall solution, using the following configuration (hat tip to Jeremy Stretch for a fine overview):
zone security Trusted
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted
service-policy type inspect Internet_to_Trusted

! Inside to Outside
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
class-map type inspect match-any Specific_Protocols
match protocol icmp
match protocol http
match protocol https
match protocol ftp
match protocol dns
match protocol ntp
policy-map type inspect Trusted_to_Internet
class type inspect Specific_Protocols
class type inspect All_Protocols
class class-default

interface BVI254

 zone-member security Trusted
interface FastEthernet0
 zone-member security Internet

! Outside to Inside (I only allow DNS resolution from OpenDNS servers for content-filtering. I added specific ‘denies’ for domain so I can see if anyone locally is trying to circumvent my security.
ip access-list extended ISP_IN
permit udp host eq domain any
permit udp host eq domain any
deny   udp any eq domain any
ipv6 access-list ISPv6_IN
sequence 21 permit udp host 2620:0:CCD::2 eq domain any
deny udp any eq domain any
class-map type inspect match-any From_Internet
match access-group name ISP_IN
match access-group name ISPv6_IN
policy-map type inspect Internet_to_Trusted
class type inspect From_Internet
class class-default

Overall Thoughts
It’s really not too difficult to get this working, if your ISP supports it. I ran into a lot of trouble trying to implement on an unsupported modem, and then working to determine if this was worthwhile. If your ISP does not support IPv6, you can register with Hurricane Electric’s service and use their templates to configure your router. I went down this path briefly, with nice success, but I ultimately didn’t need to use this service.
Whether this is worthwhile or not depends on your perspective. Enabling IPv6 does not get you any new features or Internet capabilities at this time. I wish that were not the case. I’d love to see companies like Netflix release certain shows earlier on IPv6 servers or something similar. It would drive user adoption and increase pressure on the ISPs to provide this service. The business case for doing something like this is unclear, so it is unlikely to happen.
I was surprised to discover that when the kids are home we have somewhere between 8 – 12 active IPv6 devices on the home network. All of the iPods, iPhones, Kindles, home PCs, etc are IPv6-enabled. The site confirms that each of these devices is fully IPv6 ready (10/10 rating).
So what is out there on the IPv6 Internet? Not too much, in terms of distinct sites. The big ones (Facebook, Google/Youtube, Microsoft) are ready though. Surprisingly, while is enabled, most of the other URLs do not seem to work. I am also disappointed to learn that OpenDNS’s IPv6 resolvers do not support content filtering. This makes them basically unusable for me, as I count on that service to keep the younger kids out of inappropriate web content.
One final technical issue I found is that it is practically impossible to host a server on IPv6 without opening up that port in your firewall for all IPv6 hosts. For example, if I want to host a web server on 2001:db8::1, I must add an entry in my screening ACL for ::/0 port 80. This is necessary because I cannot guarantee that my provider-assigned prefix will always by 2001:db8::/64. This could be solved with one of two enhancements to IOS:
  1. Allowing address wildcards in IPv6 (such as *::1/128, which could be implemented using a bitmask, as in ‘permit tcp ::1 FF:FF:FF:FF:FF:00:00:00:00 eq 80’
  2. Allowing the delegated-prefix to be used in ACLs (such as ‘permit tcp comcast-prefix::1/128 eq 80’)
This is a nice-to-have, and not a necessity for my personal usage.