Beagle Networks

Whats The Best refurb/used L3 Gig switch right now?

This will be the first of many articles about the “grey” market for Network equipment and what is the most cost effective part for a particular function.  Product selection is a very important part of any budget oriented network engineer.

 For Cisco there are only a few Layer 3 Gig switches worth consideration at all.  You must take in a few considerations.  If you absolutely require stacking, you are pretty much pidgin holed into the 3750G models.  These are still quite expensive and I do not see the cost on these coming down any time soon.  You can usually find a WS-C3750G-48TS in the 1500$ to 2000$ range.  These have 4 SFP ports uplink and do not have the licensing “issues” that the 3750e/x  (And 3560e/x) line have.  With the 3750e and x lines, they come with a ‘universal’ image which uses licenses to unlock advanced features.  While this is all and good on the new market, it would be next to impossible to get these upgraded after it has been resold. There is also nothing preventing cisco from refusing to issue licenses past the EoL period. For this reason, I never recommend the 3750e/x lines unless it is for Layer2 functions only, even in new deployments. 

The juniper ex line has stacking like features and is always cheaper than cisco new.  on the refurb market, its very hit and miss as it seems as soon as Juniper goes in, it doesn’t come out.  That factor alone keeps refurb prices relatively high compared to MSRP.

If you do not need stacking - it is a whole different ball game.   The 4948-10GE and 4948-S Switch lines were horrendously expensive new, and they never got a lot of love from the networking community.  Due to a glut coming onto the used market and relatively little demand (due to not knowing the product line I assume), prices of these switches are quite low.  The 4948-10GE has two X2 Ports (Beware - the twin-gig converters do not work in these!) and 48 Gig-e copper ports.  The -S variant has 4 SFP.  You can find either model for sale for around 900-1500$.  This easily makes the 4948-10ge the lowest cost 10g Cisco switch out there at the moment.  The one caveat with these lines is that they do ipv6 *routing* in software.  I would advise anyone that is installing these to take this into consideration and to really only use ipv6 for management of these devices.  

When you compare the 3560g line to the 4948, the prices are about equal.  On the surface, the 3560g and 4948-s are the same switch.  However, internally the 4948 has a much better buffering architecture and this makes this better suited for data center and service provider environments.  This was the original intention of the 49xx line and its pretty obvious when you put these in a multi-user environment.  The 3560g is roughly the same price as the 4948 - so unless the ipv6 part is killer for you - it is my recommendation that the 4948-10GE is the most cost effective refurb Layer 3 switch on the used market right now.

Never Thought Id Do it

The Cisco CCIE R/S really put me off.  It is a full month after I failed and I still feel hostility towards cisco for that LAME attempt at a test they gave me.  Its not just that I failed - I would pass that test again if I took it - Its that it seems like it is designed to make you fail the first time.  The CCIE SP was not like that.  I failed because I didnt know certain things.  I failed the R/S due to how the test was worded and composed.

Anyway; I have found my way into the world of Juniper.  Due to my day job providing some jncia level training for free, I decided to get myself a J-2320 and a EX2200 switch.   I passed the JNCIA the day after my training after only using Junos for 3 days.

Juniper seems to have done their tests right (so far).  The JNCIA is fair test - a mix of syntax and industry standard things. The syntax is crazy for any cisco guy, but after a while it isnt so bad.  If you are experienced IOS-XR, you adapt pretty quickly.

I plan on doing my JNCIS and JNCIP in the next few weeks, with a JNCIE-SP attempt sometime this year.

I will try to continue to update this regularly.  (Go Bruins!)

My feelings and opinion on the CCIE R/S Lab

Its been a while since I have written - A week of prep time going into the R/S Exam, and a week of .. emotional recovery.

This article is going to be a little controversial and I even may get some hate mail but it needs to be said.

The state of the current CCIE Lab exam actually encourages and enables brain dumpers to cheat and pass!

In reaction to a high pass rate out of certain lab centers, Cisco put in the “Open Ended Question” section which were a series of “CCNP” level verbal questions.  You failed them, you failed the exam.  Done in minutes, 2000+$ out the window.  This enraged many many people.  People who did not speak native English, and people without good interpretive skills such as my self would do very poorly.

This did not last long however, and the troubleshooting section was added.  I must say that this section was actually fairly decent when as it came to actually testing what a person day to day would do.  I have no qualms about this portion of the test other than it should be longer.

However my main problem with the lab exam is the absolutely horrible job it does of actually testing skills.  The way the questions are worded to attempt to combat brain dumpers makes it more of a reading comprehension test. I cannot go into specific questions as I actually do want to keep my CCIE # and do not want to violate the NDA, but the types of questions given are overly reliant on tiny knobs that you never really change in production.

I can only assume this is an attempt to stave off “Brain Dumpers” - People who write down the entire test so they can figure it out later, and share it so others may pass.  However I think it only exacerbates the problem because people like me who honestly try to do the test without cheating will get extremely frustrated at all the minor details which caused us to fail.  It is as if you need to look at the ‘dumps’ to even figure out what they are asking.  I cannot imagine how difficult this test is for non native English speakers or people with reading comprehension issues.

I passed the Trouble Shooting part without much effort - however the Config section was just pure hell.  I knew every single technology on the test - however I failed because of really stupid things.  The initial graph they give you to do vlan’s for example, I had no friggen clue on what to do with it.  There is no clear and concise map like the CCIE SP.  The CCIE SP Exam (Which I failed the first time due to my XR knowledge) is extremely straight forward - and really hard!  The configuration section in that test is perfect.  Questions are straight forward.  There is no attempt to throw off dumpers by putting in trick words or trick timers.

There are people who are going to cheat no matter what.  There is nothing that you can do to stop these people - though I believe the troubleshooting section which can have many many different solutions is a great start.  I would like to see the trouble shooting section extended to 50% of the exam, and configuration shrunk down to 4 hrs (or 50%).  This more accurately describes the day to day of a networking admin (If you take out change management, meetings, HR problems, eating, etc). 

I feel that older CCIEs are saying that the certificate is losing its credibility due to these dumpers but where ever there is money, there are going to be cheats.  But also there are going to be a large increase of legit people who want to do this job as well.  It is natural human behavior to protect what one has earned, and to attack those whom seek it.  There now have been 37000+ CCIEs in the world and that number is just going to increase.  China is a REALLY BIG country with billions of people.  Its only a matter of time before there are twice as many CCIEs in China than the US. Same with India.

Cisco is trying to defeat these dumpers by inserting random minor changes to questions - however that is also harming people who are attempting to do this legitimately.  I am not condoning dumping and I would never do it myself, however I am just saying I can see why people do this.

**FAIL**

Well I passed the tshoot.. that was quite easy for me..

Config I failed.. and It doesnt even look like it was close.  I have no idea how I missed a few questions..

Im almost certain typos in some things played a large part.  being graded on exact strings is kind of ridiculous.  having a log message say “Foo” when its supposed to say “Foooo” - you shouldnt be graded on stuff like that.

Im going to write a whole piece on my experience.  Everything was working perfectly when i left - no extraneous routes, nothing however I failed somehow.

I got 0% in an entire section (2 questions) which I *KNOW* everything was working to their specification.

IF I failed its because of semantics..

I cannot believe the little details they throw into the CCIE RS.  ITs totally unnecessary.  If I have failed, It will because I missed a stupid timer or something.  Every single thing was working when I left and I didnt use any banned solutions however I think that I may have left a thing off here and there, and I may fail.

The time is now

Well, the time has come. Ive studied all I can study.  Its up to fate now.  If I get a couple of technologies that I dont know well all on the same test - I am going to fail.  I ran out of time.

I know 85% of the material inside and out on the blueprint.  I *KNOW* I am going to be tripped up by their language - So thats at least 10% lost there.  I know Im not going to know 1 thing - so thats another 5%.  That leaves me a 5% margin of error.

I will most likely fail.  This was a pipe dream from the very beginning. Passing one of these in 1 year is hard enough, let alone 2 in 56 days.

Either way, the only way I can fail is if i don’t try.

8 Days till I take CCIE R/S Lab for the first time

It seems just like yesterday when I got my CCIE SP however here I am again.  Ive been learning a lot about stuff I do not use on a daily basis so I can say at least that I am becoming a better engineer because of this. 

The two biggest fears that most people have told me are both EEM and OER/PFR.  After ‘going hard’ on these two things, I hope I get them on the lab so I can just kill it.  They are confusing at first, but after you work with them a while it aint so bad.

I still plan on failing but I do think that It will be close.  Going for 2 CCIE’s in 57 days is just insane.

The real reason I am doing the R/S Lab *AT ALL* is because I heard about the wall of pain in RTP way back when it was first started.  It was a dream of mine to be rwerber@cisco.com (Which did come true a few years ago) and to sign that damn wall.  Well, if anyone taking the lab in RTP on April 2nd reads this - I’d like you to take my photo of me signing the wall.  For those who do not know what the wall of pain is - it is 3 large sheets of paper on the wall @ rtp which people who have passed the IE can sign and put their # (and track) on.  Usually, the only way you get to sign it is to either go back on your own, or take another test.  I figured Ive spent 1500$ on dumber things and there is a chance i’ll pass.  I know i’ll pass it eventually so it will be good to get the experience.

In a PERFECT world, i’ll get my results a few minutes after leaving like a friend of mine did, and go back and sign it again.  If for some miracle I do pass R/S next week - I may make a run at #3 - which i’ll have about 6 months to do.  No idea which I’ll do though - I just know it wont be Voice.

Stupid Router Trick - Double Tag that please.

Customer had a QinQ set up so they could assign their own vlans on a layer2 “vpn”.   The CPE at both site was just a normal 3750 which was doing a dot1q tunnel interface towards the customer, and a standard trunk going into the ISP Pop.

Topology looked like this

C1 (6500) -> CE1 (3750)  (L2 Circuit) -> CORESwitches ->(L2 Circuit)  CE2 -> C2 (6500)

Long story short - They killed one of the 3750’s on site playing with power.  It seems that customers get much more angry when THEY cause the outage.  So with CEO screaming at us to get the connection back up and spare parts hours out - what do you do?

After asking what their uplink switch was and knowing the 6500 capabilities - I had the idea of adding the Provider Tag onto the customer switch directly.  You would normally never do this but because this was the “Small ISP” where service usually sets you apart from the big guys - you do whatever you can to get them up.

First was to define the Service Provider vlan tag (say 100). Next was to configure another port on the 6500 to be the dot1q tunnel port - 

interface gi1/1

switchport access vlan 100

switchport mode dot1q-tunnel

no cdp enable  (This is very important)

And another uplink interface into the ISP - a normal trunk port with only vlan 100 defined

interface gi1/2

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 100

<other isp specific commands here>

You then hook a cable between the old uplink interface to CE1 into Gi1/1 and put the ISP into Gi1/2. 

And that is how you hack a customer back online by self-double tagging.  (some newer platforms can do this nativly)

Advice to Employers on finding the best candidate.

Whenever I list for an entry or jr level job there are a few things which I look for more than others.  I also believe that attitude of the employer is also important in finding the right fit.

As an employer - You want to get the most out of your money.  Every company has had at one time had that one employee who did the work of 2 or more others and was happy doing it.  So, how do you find people like this?

As bad as this sounds, one of the biggest flags I find on a resume is going to a for profit technical school.  I have never had anyone come out of one of these programs with the skills required to even do the most basic position, much less become ‘the one’.  I have said this before - If you are in this business JUST for money, We will eat you alive.

Another red flag is listing absolutely every protocol possible.  TCP is not something one should put on a resume.  This shows a weakness in understanding exactly is used in business. Look for things pertinent to what you have learned and what is a useful skill.  Pick a particular skill they list and take them to the breaking point as much as possible.  Ask questions which they will not know in order to gauge what a typical response would look like when someone asks about something.  If they make up a B.S. answer - this may not be the best candidate. 

Experience and School is no where as near as important as motivation.  I can not stress this enough.  If you have a farm boy who has his own cisco lab and answers questions with answers of “I do not know, but I will lab it when I get home”  - You really should look at hiring them.  A candidate who wants to make themselves better on their own and shows initiative to work and learn is a good sign of an employee being ‘the one’. 

One of the most unfortunate things in this industry is relying on certificates alone.  The amount of cheating that goes on in any industry to acquire certificates devalues them for the people who really do try on their own.  Whenever there is a financial incentive to do anything, people will attempt any way possible to achieve that incentive - and cheating is just way too easy on almost any certificate program.  

Do not be scared of lack of experience.  The best employee I ever hired was completely green.  I met him on IRC and he showed a sponge like thirst for making himself better.  His only experience was working for a hosting company - however he took the initiative to own the network on his own and put programs in place to make it better.  

Retaining employees is also important - when you get that “one”  - you break the rules.  You find any way possible to keep them.  Soft-promotions to be able slide into a higher slot, even though they keep their original responsibility is one method.  Moving them out of the typical silo of management and giving them free roam is another.  Work from home, and flexible work hours is another.

Using a balance of intuition, certificates and work experience is a great way to find that one employee who will go above and beyond.  No formula will work for everyone and there will be people who are great who break all of these rules.  The point I am trying to make is to not ignore someone because of a missing requirement - they may have it but its just hiding in the form of self learning.

Contact me Anytime

You can see the contact me on the lower right hand of the screen on beaglenetworks.net or beaglenetworks.com.  Im always available for a good cisco discussion!