Building a CCIE Lab: MPLS Core

Ok, I’ve decided to put together things that I’ve been studying for the best part of a year and build my own lab topology using VIRL. The unfortunate thing with VIRL is that I’m now limited to a 20 node topology, but I’ll make due with what I can for now and if needed, I may move to GNS3 for a larger topology in the future. Honestly, I don’t know why the 30 node option was removed, except that Cisco has now partnered with Packet to offer double the nodes of your license, but you have to purchase server time on their platform, which honestly seems shady and really has me considering something different in the future if things don’t change. But that’s beside the point of this first post, so moving forward.

Anyway, here is a picture of the lab that I’ve put together in VIRL, and I’ll be attaching a link if you’d like to the VIRL file at some point if anyone wants to download it and play around with it on their own.


This is just the basic flow for now, and I have a feeling that it will be changing over time as I decide to test out different things.

MPLS Core, Step 1: IGP reachability
To begin with, I’m focusing on the configuration of the MPLS core of this, since it will be needed for communication between the sites. MPLS-Core

The core I’ve put together consists of 4 PE routers, along with 2 P routers. The IGP for the core is just a simple OSPF area 0. The first thing to do after everything is IP’d is to turn up OSPF on the six routers. I went with an OSPF PID of 1, and set the router-id for each router to 0.0.0.X, where X was the number of the router ( for P-1, for PE-10, etc). Network statements were in place for the point-to-point interfaces and loopback0 addresses. I used /32s for the loopback0 address since I was going to be using that as my MPLS LDP router-id as well.

Sample OSPF config for PE-10:

PE-10 OSPF config

After OSPF is turned up, I ran a TCL script on each router to ensure that I could reach all points within the core from each router. Here’s the TCL script I use, it’s pretty good to get in this habit as I prepare for the lab, although the first run seemed to cause several of my lab routers to lock up and need to be rebooted. I think I had an incorrect statement in the script that I corrected, but it was definitely a reminder to save often.


At this point, we have reachability between the different routers in the network from the other routers. This is the first step that I take when I am setting up an MPLS core, as we need to be able to reach the other devices via Layer 3, because MPLS uses our routing table and CEF to build its LFIB (label forwarding information base). We will look at this in the following sections though.

MPLS Core, step 2: Enable MPLS
Once we have established L3 reachability within the core, we can focus on turning up MPLS on the necessary links in order to exchange LDP information and build a LSP across the core.

The first step is to run the global configuration command mpls label protocol ldp on all routers in the core. This isn’t a necessary step, since on most routers, LDP is the default protocol for MPLS, but I do it out of habit when I’m enabling MPLS, plus, you never know when it’ll come in handy in a troubleshooting lab if TDP is enabled instead of LDP, or if LDP is disabled. The next step that I like to do, but is not necessary, is to define a label range that is specific to the router. This makes reading the LFIB much easier, as you can see which labels are applied by which routers if they are using a specific range for each router. This is done using the global command mpls label range <min-value> <max-value>, with a label range of 16-1048575. Labels 0-15 are a reserved label range:

  • 0 – IPv4 Explicit NULL Label – RFC 3032
  • 1 – Router Alert Label – RFC 3032
  • 2 – IPv6 Explicit NULL Label – RFC 3032
  • 3 – Implicit NULL Label – RFC 3032
  • 4-6 – Unassigned
  • 7 – Entropy Label Indicator (ELI) – RFC 6790
  • 8 – 12 – Unassigned
  • 13 – GAL Label – RFC 5586
  • 14 – OAM Alert Label – RFC 3429
  • 15 – Extension Label – RFC 7274

The last global command to run is another one that is not necessary, but I typically run it in order to have control over the router-id used for MPLS, as this needs to be a stable and reachable address in order for LDP to remain stable. The command mpls ldp router-id <interface> force will force MPLS to use the IP address of the interface specified in the command. Since I configured my Loopback0 interfaces with a /32 for this reason, I use the mpls ldp router-id loop0 force command to use this as my MPLS LDP router-id.

The reason that I use an address for the router-id is that when MPLS forwarding table is created, it associates a label with both the IP address and the subnet mask in order to create the entry. If these are not consistent across the label switched path (LSP), then the packet will not be able to reach its destination. Using a /32 and making sure that the specific host route is advertised in the IGP makes this much more consistent and is considered best practice.

Note: The global command mpls ip is enabled by default on most routers, but it is another command that I usually enter just to make sure it is turned on during configuration.

The final step in bringing up the MPLS process is to enable it on the interfaces of the routers facing each other that you wish for MPLS neighborships to be established. This is done by going into an interface and using the mpls ip command in order to enable MPLS on the interface. Once this is done on both sides of a connection, you will typically see a message indicating that LDP is established:
Example: LDP-5-NBRCHG: LDP Neighbor (6) is UP

MPLS LDP Verification
Once I have enabled MPLS on all of my core routers and their interfaces, I use the following commands to make sure that everything looks good.

show mpls ldp neighbor
show mpls ldp neighbor
This output shows us all of the LDP neighbors and gives us quite a bit of good information as well.

  • Peer LDP Ident: This is the router-id of the LDP neighbor session.
  • Local LDP Ident: This is the router-id of the local router’s LDP session.
  • TCP connection: This gives us the TCP port information for the LDP session. The number here that is important is 646, which is the TCP port that LDP hellos are initially sent on. The IP address that precedes this is the router that initiated the LDP session. The other number is an arbitrary TCP port that responds on the other router to the initial LDP hello in order to establish the LDP session. The LDP Hello is initially sent out via an all-router multicast of Targeted LDP sessions using a neighbor statement can also be used in order to limit multicast announcements on a link.
  • State: This tells us the state of the link, Oper is what we want to see when the LDP state is operational.
  • Msgs sent/rcvd: This is the count of the number of LDP messages, including keepalives, that have been sent to/from this neighbor.
  • Downstream: This indicates that the downstream method for distributing labels is being used. The LSR advertises all of its locally assigned (incoming) labels to its LDP peer, barring any ACL restrictions.
  • Up-Time: The uptime for this LDP session.
  • LDP Discovery sources: These are the sources (Interfaces/IP) that were the source for the establishment of the LDP session.
  • Addresses bound to peer LDP Ident: These are interface IP addresses on the LDP peer device. These addresses are a part of the LFIB, and also may be next hop addresses in the local routing table.

show mpls ldp discovery <detail>
show mpls ldp disc

This command gives us a nice and concise insight as to the interfaces that LDP peer sessions have been established on, along with the LDP ID of the neighbor on that interface. The detail command gives additional information that is especially useful when troubleshooting timer and other negotiation problems.
sh mpls ldp discovery det
As you can see, this tells us much more information on the LDP peer sessions, along with timers, and whether or not a password is required or in use. I’ve found this command especially useful when working on troubleshooting, or if I need to modify timers and determine if both sides have the same timers configured.

show mpls forwarding-table
sh mpls forwarding-table
The MPLS forwarding-table is also known as the LFIB. It is very useful, as it contains a wealth of information when it comes to determining how a labeled packet is handled when it comes into the router. The first column, Local Label, is the label that this router expects to see on a packet that arrives. This is the top label, when we have multiple labels on a stack, and is the only one that this router will be interested in. Since the router we are looking at is a P router, and the way this lab network is built, all labels outbound from it will be at their destination, the Outgoing Label column for all of these labels will be Pop Label. If we had multiple P routers in the LSP, we would see a label in the Outgoing Label that corresponded to the Local Label of the next-hop router for that LSP, and the Local Label would be swapped with that label, and then forwarded out the outgoing interface. The outgoing interface and next hop columns are information that is contained in CEF for the prefix that we are trying to forward the packet to.

There are quite a few other commands that are useful, but for the initial configuration, those are the three that I rely on to make sure that the LFIB looks good before moving on to the next step, which will be to build a BGP VPN network between our PE routers and configure VRF’s on the PE’s to connect to the customer networks. That will be the next in this series of posts.

Update: June 2017

Ok, it’s been far too long since I’ve posted anything on this page, and all I can say is that the CCIE has been the most all consuming study process that I have ever been through in my life. I finally decided to book my lab for September 11, 2017, which gives me roughly three more months until I will sit the lab for my first (and hopefully only) attempt. I have been getting in 25-30 hours of lab time in per week, and I’m hoping to up that to closer to the 40 hour per week range as the lab approaches.

My study plan at this point has been doing lots of full scale labs, along with working through Narbik’s Foundations and Advanced Foundations workbooks. I attended Narbik’s 10 day CCIE bootcamp in early April, and it was easily the best class that I’ve ever been to. He is an amazing teacher and all around awesome guy, and if you can swing it, I highly recommend attending if you are serious about the lab. I know he offers a pretty hefty discount for military (active and retired) members, so make sure you mention it to Janet when you sign up.

Lastly, it is getting close to Cisco Live 2017 in Las Vegas. We’re just a little over three weeks away from the kickoff to my favorite event of the year. This year, I’m participating in TFDx at CLUS, which is Tech Field Day at Cisco Live. This year, they’re having separate groups on Tuesday and Wednesday, and I’ll be a delegate on Tuesday. It’s an entire day of Cisco presenting, and I’m looking forward to hearing them along with reconnecting with some TFD friends and meeting a few new people.

The final portion of this update is a challenge to myself. I’m hoping to begin to add more content specific to the final process of preparing for my CCIE lab. I’m going to start to add more content specific to pieces of the blueprint that I found difficult or interesting, along with screenshots and other fun stuff. This is in hopes of helping me be accountable to not only getting content created, but hopefully learning more about the process by posting my thought process on the site. Short update, I know, but more will be coming soon. I’ve already started the process of creating a 20 node lab in VIRL, and I’m hoping to share that soon.

CCIE R&S Books and Useful Links

Below is a long list of useful books and links that I’ve found in my studies for the CCIE. Many of the links go to resources on, so you may need a CCO account to view them.

Reflections on Studying

Since this past August, I’ve been going through and studying for 20-30 hours per week to prepare for my CCIE exams. In that time, I’ve been able to pass my written exam and have continued to press on towards my ultimate goal of taking and passing the CCIE lab exam. Over the past several weeks, I’ve read articles that continue to dismiss the need for the CCIE, especially the Routing and Switching version that I’m working towards. I’ve seen some valid points, but this hasn’t deterred me.

Let me back up a bit and start off by saying that studying has never been something that I have particularly enjoyed or even known how to do properly. For the most part, my educational career involved very little studying but I was still able to get through my primary and secondary schooling with a high GPA and little effort put in. I’m not saying this to gloat, but I honestly wish I had learned how to study at that time in my life. College was similar, but I quickly found that in order to reach that level I had to put in more study effort. It was difficult, but I managed to get through it.

Fast forward to my CCNA and CCNP, and those didn’t require too much effort to get through. I’m not saying they were easy by any stretch of the imagination, but I was able to cram through about a month per exam to get through them. I worked through what I needed to in order to pass, and I passed them. I then decided to move to my CCIE with a similar approach. This is where I hit the mother of all road blocks, as I quickly found that every method in my life that I had approached for learning was not truly correct. I was studying to pass an exam, but that didn’t work for the CCIE due to the massive amount of information that one needed to actually have a complete understanding of. I first passed the written in 2013, but then fell off the wagon and didn’t get much further until a few years later.

This time around, I decided that I needed to figure out how people approached the CCIE differently than other exams. Most people who had passed that I had talked to said that the 20-30 hours per week of study time was a necessity. I discussed this with my wife and found a schedule that would permit this. I highly recommend discussing this with your significant other if you are in a relationship when you begin working towards your CCIE, as it will effect both of you.

The biggest effect that I’ve found over the past almost 7 months of studying is that I have a confidence in areas that I didn’t before. This is especially true when it comes to my career. As many people will admit, we networkers seem to struggle with the imposter syndrome more than we’d care to, and I was someone who always felt that this was the case. I knew what I was doing, but I always felt afraid that I was a fraud. After putting in the effort and work to truly understand what is in this exam, I’ve found it has given me a confidence in the work I do outside of my studies.

In the end, the single best thing that has come from studying is that it’s started a passion in me for learning and understanding how these things work. I’ve found other like-minded people to have discussions with, and I’ve rediscovered how much I enjoy learning. I’m already looking forward to what I decide to do after I complete my goal, but I hope that if you are on this same path, or somewhere else in it, that you continue towards whatever goal you have set for yourself.

Cisco Live – Why?

So, we’re sitting at five months until the starting point of my favorite event of the year, Cisco Live. Since you’re reading this, I’m going to give you my thoughts on why this is my favorite event of the year, along with how my perception of what Cisco Live is has changed since I first attended it in 2011.

At my first CLUS in 2011, I was overwhelmed. I hadn’t been a network engineer very long, and I was very intimidated by the number of extremely knowledgeable people who were all over Mandalay Bay in Las Vegas. If it’s your first time attending, trust me, we’ve all been there and it is very easy to get lost in the crowd and not know what to do or where to go. One thing that I’ve learned is that the people at CLUS are extremely helpful. This doesn’t just go for the people working the event. If you have a question, look for someone with the NETVET flag on their badge. These are people who have attended at least 3 of the last 5 events, and they will help point you in the right direction.

Another evolution of Cisco Live has been that of social networking, and it has played a huge part in why this event is what I look forward to every year. The social networking aspect, mainly Twitter, is what helped me get out of my introverted shell, albeit very slowly, over several years and actually start to talk to people in person that I’d talked to online for years. If you go with co-workers, I’d highly recommend not just staying with people who you are around the other 51 weeks of the year, but rather start up a conversation with some random people. This is truly geek nirvana, and you will find someone who has the same passions as you do if you look for it.

If you decide to take the plunge and get the full conference pass, you will have a selection of hundreds upon hundreds of sessions to choose from, and you will wonder how you’re supposed to decide what to go to. My advice: Pick a couple of topics that you are very interested in, and look for sessions that hit those areas first. Maybe pick a couple that are completely outside of your normal wheelhouse. The great thing is, most sessions are recorded or have been presented at past events and are available to watch on CiscoLive365 any time. One thing that I’ve also learned over time is that if you really are interested in a topic, get to the session early and sit at the front. All the way in the front. Engage with the speakers, ask questions, talk to them afterwards. There are amazing resources, but mostly, amazing people who are passionate for technology, and to get the most out of CLUS you need to make it as interactive as possible.

I’ve been given so many opportunities because of Cisco Live and engaging in the social aspects that have come along, especially over this past year, that I still wonder how I’ve found myself involved in them. From Cisco Champions to Tech Field Day to RouterGods, I’ve been able to find an online community that just doesn’t exist where I live. I guess my closing advice for Cisco Live would be this: Get out of your comfort zone, find new people, talk to them, and make sure to keep in touch after the event.

Click here to sign up for Cisco Live 2017
(Note: I’m participating in the Social Media contest for Cisco Live 2017, so there’s an embedded link ID for me in that link.)

Year in Review – 2016

This year has been one for the record books in terms of personal and professional changes and adventures in my life. I figured that I would do a quarter-by-quarter breakdown of the happenings in the life of this introverted network engineer, since there are some months that either nothing really life-altering happened, or I’ve decided to selectively remove from memory. Here goes:

2016 Q1 – January through March

These months were probably the biggest change in life for our household, as our son was born on February 2, 2016. He is our first child and he is the bright point in every day of my life. Parenthood has changed my life, both on a personal and a professional level. I won’t get too much into the details of this, as it’s not really directly related to the technical aspects that I prefer to delve into here.

I was also accepted into the Cisco Champions program in 2016, something which I am very grateful to be a part of. This community helped open the door to many of the other opportunities and changes that happened to me this year, and I highly recommend that if you are interested in engaging with a group of awesome professionals that you look into applying.

2016 Q2 – April through June

It was around this time that I decided that I needed to get back on track and really start to finish the goal that I had set out years ago: Obtain my CCIE R&S. I originally passed my CCIE written in late 2013, but due to a series of personal and professional events, I had never attempted the lab and would need to retake the written exam before making an attempt at the lab. I decided to jump back into the fire and attended the Cisco 360 CIERS 1 class.

This was the most intense classes I’ve attended over the years, and it helped me to see how much this exam encompassed, along with finding out how little I knew. The only problem at this point was figuring out a study plan and how I was going to approach these exams. I felt lost, but luckily I would join up with a group of people I had met through Twitter and expand my connections for not only studying, but finding the motivation to push through and finish what I had started.

The first half of the year ended with an opportunity that really surprised me, an invitation to attend Networking Field Day 12 in August. This is a part of the Tech Field Day program that is run by Gestalt IT, and they put on some of the best discussions from a wide variety of vendors that run the gamut in the IT industry. The people who are involved in these are seen as leaders in the IT world and as people who have a passion for all things related to technology. To say I was humbled to be considered and invited was an understatement.

2016 Q3 – July through September

July kicked off with one of my favorite events of the year, Cisco Live. Back in Las Vegas, where I attended my first Cisco Live in 2011. If you haven’t attended, I highly recommend it, even on a social pass, because the people you will meet there are some of the best and brightest in the industry. Being a part of the Cisco Champions program this year came with some perks, including front row seats during one of the keynotes, and access to a suite during the weekly Customer Appreciation Event.

By far, though, one of the coolest things that I was able to participate in at Cisco Live was to be on a panel where we talked about using social media and how it can be used to further your career. This was the ultimate contradiction for an introvert such as myself, but I also know that getting outside of my comfort zone is the best way to grow. According to Justin Cohen, who was also on the panel, I apparently didn’t shut up once I did start talking.

Shortly after Cisco Live, I began meeting in online chats with some fellow people who were also pursuing their CCIE. This group helped me to be motivated and stay on track with my studies, and to keep me accountable. If you’re interested in working on it, I’d recommend finding people who you can communicate with on a regular basis and form some sort of study group. It’s the best thing I’ve done for my studies thus far.

The quarter rounded off by attending Networking Field Day 12 (NFD12) in Silicon Valley. I knew that this was going to be an intense experience, but until you have been there, you really have no idea what you are getting into. Every day, from the minute you wake up until you go to bed, is drinking from the firehose. I abandoned even attempting to take notes during the presentations because it was so overwhelming, opting to go back and re-watch the videos afterwards. The people I met here continue to impress me, and it was an experience that I will never forget. (And hopefully I’ll have the opportunity to repeat in the future)

2016 Q4 – October through December

A side-note to my attendance at NFD12: Tom Hollingsworth (aka @networkingnerd) said to us during our dinner before the event began that for those who were attending this the first time, it would change us and our views on many things. After I attended, I did indeed understand exactly what he was saying. I felt like I needed to find a new challenge, that I was becoming complacent and stagnant in where I was in my professional life. An opportunity opened up at my employer, a place I have worked for the past 16 years, for a new position that was being created in the company. I applied and was promoted to this position, and I finally do feel like I have a job that challenges me daily and allows me the freedom to do what I truly enjoy doing. I can’t help but believe that part of this was due to being invited to NFD12, and I’m definitely grateful for that.

Following NFD12, I decided it was time to kick my studying into gear. Before that point, I was only putting in 10-15 hours per week of study time. It was becoming apparent that if I was serious about this, I needed to at least double this. I had a discussion with my wife and we agreed on a study timeline for every week that would work for our family. If you are in a relationship and wish to remain so, you need to have this discussion with your significant other. If you suddenly start disappearing for 20-30 non-work hours per week, I can almost guarantee that it will result in either divorce or possibly murder.

Once I kicked up my study time, things really started to make more sense and I was able to schedule and fail my first attempt at the CCIE written exam in early November. However, this failure helped me to see where my weak points were and how I needed to refine my approach to the exam. I took the next month to buckle down and really hit those areas I was weak in, and in early December, I was able to pass my CCIE written.

Final Thoughts

2016 has been a life changing year for me. There have been so many people I have met through different communities, but the main ones have been the Cisco Champions, Tech Field Day, and RouterGods. It’s great to be able to talk to people who are far smarter than I am, because it inspires me on a daily basis. My final thought would be this: If you are thinking about getting more involved in the community that exists out there, do it. I love technology, but the people I’ve met are great and the motivation and desire they have helped to re-ignite in me has really helped me start a new chapter in my professional life. If you are at Cisco Live this June, I hope you feel free to say hi to me.

CCIE R&S written v5.1 thoughts

This afternoon I sat for my second attempt at the CCIE R&S written v5.1 exam after a miserable failure a little over a month ago. I’m happy to report that this was a better result, I managed to pass by a good margin this time, and I just wanted to give a few thoughts on how I think the written is progressing since v5.

I’m honestly happy to say that I believe that Cisco has made really great strides since the v5 was launched almost 3 years ago. I first took the v5 written at CLUS in 2015 and failed horribly. While I will admit that I didn’t do hardly any studying for that attempt, I do remember that the questions themselves were not written well. By that, I mean that they seemed to touch on subjects that were not well defined on the blueprint and there were a lot of grammatical and spelling errors throughout the test. There was no way that I was going to pass it, and I earned that failing score.

This year, I made the decision that it was time to really make a go at a serious attempt to obtain my CCIE. I originally passed the old v4 written almost 3 years ago (Dec 5, 2013) but due to some things that happened in life that ended up being for the best, I never attempted the lab within the 18 months of the original pass and so I knew I needed to retake the written. Shortly after Cisco Live this year, I started studying in earnest.

The structure of the written exam now, in my opinion, is much better than it has been in the past. I thought this when I took the v5.1 the first time and failed last month, and it has been improved on greatly. The topics that it hits are relevant for the most part, and I think that a lot of the input that Cisco received at Cisco Live this year was taken and has helped to create a better exam. This is a fair exam, and I don’t say that just because I’ve passed it. I believed this when I failed last month as well, it makes sense and the topics hit exactly how they should hit according to the blueprint.

My study schedule started out as around 15-20 hours a week for the first month, but due to attending Networking Field Day and a training class for work, which essentially limited my study time in August for two weeks, I really hit the books hard in mid-August. My study schedule evolved into getting up at 4am daily and getting into work to study from 5-8am on M-Fri, then on the weekends I would devote 5 hrs on both Saturday and Sundays. This gave me approximately 25 hours per week of pure study time.

My first attempt in early November was met with thinking that I was prepared, but after a fairly low score, I was able to see where my weaknesses were in what the exam was testing on. I went back and studied the blueprint item by item. I discovered that this is really the only way that you can prepare yourself to know what will be on the test. Do not trust a training provider to cover everything on the blueprint. Don’t trust that the Official Certification Guide will either. The CCIE blueprints are the best source to find out what will be on it, and my main guide has been looking through the configuration guides in the Cisco documentation site. Honestly, every answer on the test is in those documents for the most part.

This isn’t to say that the recommended reading lists don’t have a treasure trove of information, they most certainly do. But I have found such a great resource that I hadn’t tapped into until after that first v5.1 fail that I wish I had earlier. Now it’s time to buckle down and start to prepare for the lab. I’m tentatively hoping to make my first attempt at the lab in the late-May/early-June timeframe. Hopefully I can get a pass before Cisco Live and attend the CCIE party, but that’s a pipe dream at this point.

To everyone who is working towards their certification, whether it’s CCxA, CCxP, or CCxE level, keep studying. There are great resources and people out there who will help you to find motivation that you didn’t know you even had. The list of people who have been a major part of this so far are too many to list, but this is only the beginning and I’ll save those thank you’s until I have my number.