I have been weighed.  And measured.  And my configuring skills have been found…lacking.  Welcome, everyone, to the post-lab wrap up post.  Jan 20th looked like a good day for me.  I found all the faults in the troubleshooting section.  The config section looked very beatable to me.  I double checked all the configs with the hour and a half of extra time I had available.  I found some dumb mistakes that were immediately corrected.  And when I left the lab, I had a very good feeling about this one.  Alas, 58 minutes later, the score report I received indicated that I wasn’t as good as I had expected.

Without gory, rule-breaking details, I really thought I did better.  I had reachability in my lab without violating any of the constraints.  My paper was filled with two check marks next to all by one task that I was working on when time was called.  I re-read each question and physically put the point of my pencil on each word on the screen to make sure I didn’t read over anything and miss a subtle nuance that could sink me.  In the end, I think those nuances are what might have sunk me.  It’s not enough to have full reachability if you miss a little phrase that tells you to avoid a certain method or use a specific technique.  While I feel that I had accounted for all of those possibilities, the score report doesn’t think so.  And since the cold reality of the score report is more official than my high hopes, it looks like this trip to sunny San Jose was a bust as well.

After posting my results on Twitter, along with the condolences there were a lot of questions about whether or not I should as for a lab re-grade.  For those not familiar, the lab is partially graded by a script.  In cases where the script returns some strange results a proctor will look over your lab and double check certain tricky tasks.  Historically, I’ve gotten my scores after 3-5 hours.  The fact that I got this report while sitting at In-and-Out burger confused me.  Perhaps the first pass of the grading script didn’t have any issues with my configs.  One or two people even suggested that as a good sign that I might have even passed from the script alone.  So, as I stared at the percentages in front of me, I contemplated something I had never tried before.  I wanted them to take another look at my exam.  I wanted another proctor to take the configurations saved from my equipment and load them up onto new routers and regrade my exam by hand.  This process is not without it’s downsides, though.  First, it costs $250 for them to even do it.  If you get re-graded to a passing score, there is no refund.  Secondly, there is as much possibility of you losing points as there is passing.  This is because the human eyes of the proctor may catch something incorrect that the script missed.  So, you may have only been 3 points from passing, only to now find that you are 8 points away due to some other mistakes.  However, if you are very close to the mark, as in ~2-3%, there is no reason not to take the chance on the regrade.  After all, it’s still cheaper than a new $1400 lab attempt, right?  Third, the regrade attempt takes up to three weeks.  So if you’re hoping for a fast turnaround before deciding to take another lab attempt, you’re going to have a cool your jets for the better part of a month.  On the bright side, Cisco is usually very understanding and will refund the $1400 if you’ve booked another lab attempt and your re-read is honored and changed to a passing score.

Turns out, Cisco won’t even look at tests that are not “statistically close to the historical passing rate.” English?  If you aren’t within about 5% of the passing score, you don’t even have the option to have it regraded.  And, at least in Cisco’s eyes, I was wide of the mark this time.  I’ve filed a case with support to at least be granted the option for the regrade.  We’ll see what happens.  In the meantime, I’m getting back on the horse.  I’ve already had conversations with my employer about when and if there will be another attempt on their dime.  I’m not packing away any lab equipment for the time being.  I’m getting right back into the thick of things to keep it all fresh.  In fact, my wife and I went to the final closing party for a local pub that we’ve been going to since college.  As I sat there surrounded by all the merrymakers and noise of a bar full of people, all I could think of was how much I wanted to get back home and start labbing up some multicast questions.  It seems that the lab has transformed me and sharpened my focus into laser-like precision.  I think about how I’m going to configure tasks and how I’m going to move efficiently from one task to the next.  I pace myself based on the amount of work I can get done in 6 hours with a 40-minute lunch break.  I review flash cards and GNS3 configs during my free time.

No matter what, I’m going to go back and try this again.  I feel like the top of Everest is in sight and I just need one last push to reach the summit.  I’ve come too far to fail now.  More studying, more refining of my task config skills, more “stick time” for this airplane of router and switch configuration.  For want of a nail, this lab was lost.  But the next time around, the only nail will be the lab being nailed by me.

Other than perhaps professional sports referees, I can think of no more maligned group of individuals than the proctors in the CCIE labs.  The myths about them are legend.  They screw up your rack at lunch.  They do everything they can to make you fail.  They act obtuse when you ask questions because they don’t like passing new CCIEs.  For the most part, all the mystery and nastiness that surrounds the proctors is just a bunch of hokum.  They are people just like you and I.  They do their jobs just like you and I.  It just so happens that their job is closely identified with something that most people study for hundreds of hours to achieve, and when those people fail, they look to cast blame on others.

I’ve been to the lab once or twice.  I’ve met several proctors both there and at Cisco events.  People who only need to be known by first names.  People like Howard and Tom and Stefan.  And each time I encountered them outside the lab setting, they impressed me with their poise and charm and sense of humor.  Just like any position of authority, the CCIE lab proctor has a role to play once they step inside the walls of the lab.  They must project an  aura of authority and calm.  They must provide guidance where confusion reigns.  And above all, they must protect the integrity of the program.  When most people deal with them in this setting, they come off cold and uncaring.  Just like a judge or a police officer, it’s important to remember that the position of proctor is a role that must be played.  Keeping some things in mind before you step through the badged door will go a long way to making your proctor experience a smooth one.

1.  Be nice. Yes, it sounds silly, but it’s a very important thing to keep in mind.  People are amped up when the walk into the lab.  They are stressed and wired and strung out.  Some people retreat into a shell when stressed.  Some people lash out and are irritable.  What’s important to keep in mind is that when dealing with the proctor, you should keep a calm and even demeanor.  People tend to respond in kind with the emotions they are presented.  If you walk over to ask a question and are short and snippy, expect a short answer in return.  However, if you are nice and pleasant, it can go a long way toward getting a favorable answer quickly.  When you go to lunch, don’t be afraid to engage the proctor in some light conversation.  Talk about the weather or the food or a sports team.  Anything but the lab.  Engaging them outside the walls will give you a feel for how they react to things and can help you judge if they will be helpful when it comes time to utilize them.  Besides, it never hurts to be friendly.

2.  Ask ‘yes’ or ‘no’ questions. The most popular complaint I hear about proctors is that they never answer the question that you ask them.  Before you stand up to go ask for clarification, carefully word your question so that it can be answered with a simple ‘yes’ or ‘no’.  For instance, rather than asking “How should I configure this frame relay connection?”, instead ask “There are two ways two configure this frame relay connection, point-to-point and point-to-multipoint.  The question isn’t clear about which I should use.  I’m leaning toward configuring it as a point-to-point.  Would I be correct in this assumption?”  The proctor may still choose not to answer your question, but you’re more likely to get a binary yes/no response out of them.  By showing you understand the technology and you aren’t just trolling for an answer, you’ll appeal to their interpretive skills.  Remember that the proctor won’t give you an answer, no matter what.  They have too much riding on their job, reputation, and the CCIE program to ‘bend’ the rules for one candidate.

3.  Don’t assume a problem is something you can’t fix. Want to piss off a proctor really fast?  Walk up and say, “I can’t get OSPF to come up.  My rack must have a cabling problem.”  I promise that after the eye roll and gruff answer, you’ll fail the lab.  Candidates who are weak in troubleshooting skills tend to blame the physical layers first because it’s the one layer they can’t touch in the lab.  In the old 2-day lab, cabling could be an issue to resolve.  But in the 1-day lab, with cabling extracted from the candidate’s control, there is a 1-in-1,000 chance that the cabling is at fault.  Think about it like this: the lab equipment supports 3-5 candidates 5 days a week for 50 weeks a year.  Cabling issues will be caught and dealt with quickly.  Simple things like bad ports or bad cables will be caught when the lab racks are booted first thing in the morning.  You going to the proctor and claiming that OSPF is broken because your routers are wired backwards will only serve to irritate the proctor.  What will happen next is that the proctor will ask you to wait by his/her desk or make you wait in the RTP conference room.  They will go to your rack and start troubleshooting OSPF.  They’ll find out you misconfigured a network statement or forgot to enable authentication.  They’ll check to make absolutely sure it’s not a layer 1 problem, all while you are isolated away from your terminal.  Then, after 15-30 minutes, they’ll come get you and tell you, “It’s not a physical problem.”  That’s it.  No other information.  You won’t get to see what they did to find your problem.  You won’t get any hints about how to fix the issue.  And you won’t get those 15-30 minutes back.  Period.  On the other hand, if you go to the proctor with a long list of reasons why it has to be a layer 1 problem, like BERT or TDR output or a down/down physical interface that won’t come up at all, they’ll be more receptive due to your troubleshooting efforts.  And if they find a layer 1 fault during their troubleshooting, you’ll probably get the time back from their efforts and the time it takes to replace the faulty unit.

4.  Don’t cheat. Well, duh.  You’d think that should be a given.  But people still try to pull stupid things all the time.  And not just the braindumping.  Writing things down and then trying to sneak them out on the scratch paper, of which every scrap must be accounted for.  Trying to use a cell phone to discreetly look up answers.  Looking at other screens (for all the good it’ll do you).  Just don’t cheat, or even give the appearance you’re cheating.  That should keep the proctors from getting quite nasty with you.

In the end, just remember that these guys and gals are doing their jobs as defined by the CCIE program.  They work hard and do everything within their guidelines to help you pass.  They aren’t out to screw you, and if you keep your head about you and use some common sense and manners, they’ll be the best resource you’ll find in the lab.

In alignment with CCIE level requirements, Cisco is adding L2 switching features to the CCIE R&S Troubleshooting exam through L2 IOS software on Unix (L2IOU) virtual environment. The new feature will be available starting January 17, 2011. The CCIE R&S exam consists of 2 sections b the troubleshooting (TS) section which runs two hours, and the Configuration (Config) section which is six hours. The Config lab utilizes actual physical devices in racks, whereas, the TS lab uses a virtual environment under IOU. IOU offers a very realistic simulation of router (L3+) features in the TS lab but until now had no L2 switch capability. With the addition of the new L2IOU, the TS lab will now include both L2 and L3 capabilities in the virtual environment.

Official Cisco Announcemnt (Thanks to Rob Routt for the text)

So, it appears that Cisco has finally added layer 2 (L2) troubleshooting to the first troubleshooting section of the lab.  Hmmm…

Ladies and gentlemen, a rant…

What?!?! Really?  Why did this have to happen four days before my exam!  Okay, it’s not fair to think that you’re singling anyone out with these changes, but when you added the open-ended questions (OEQ) in 2009, you did it the week before my second lab.  And that little change with the OEQs cost me one lab.  With luck like this, anyone going to Cisco Live Las Vegas 2011 should head down to the casino with me and bet the exact opposite of what I say. You’ll make millions.

I know the standard response.  Anything is fair game for troubleshooting on the TS section.  If I’m a prepared CCIE candidate, I should have no fear about this addition.  Everything will be fine, I’ll nail it.  All of these things are true, but it still doesn’t make me feel any better.  This is like going in to take a driver’s test only to find that the steering wheel is on the wrong side of the car!  Does it affect the test?  Not really, but it is a head scratcher.

If all I have to worry about is layer 3 faults, I don’t have to consider spanning tree or trunk ports or Q-in-Q tunneling or QoS mismatches or backup interfaces or Etherchannel misconfigurations or any one of a number of things.  No, adding L2 to the TS lab doesn’t make it necessarily harder, but it does broaden the range of things I have to think about when I start looking at a problem.  Irritating, this is.

Why the need to cram so much stuff into the beginning?  You know, you always did well with the first TS question of the config section – Hey, we broke three or four things in your lab that you need to fix before you get started.  You don’t get any points if they aren’t fixed, and since they probably are going to break other things, you won’t get points for other questions either.  Guess breaking things on five routers and four switches isn’t nearly as fun as doing it to 30 routers and who-knows-how-many switches.  I’m sure that the setup of the TS lab allows them to break lots and lots of interesting things in ways they can’t simulate in the config section.  But if that’s how things are going to be going forward, they need to remove any TS from the config section too, if it still exists.  After all, there are no sim questions on the CCIE written because they are covered in other sections.  Why should there be troubleshooting on the lab config section when you’ve so eloquently covered it in the TS section?  I figure that once the L2 TS stuff gets baked in, we might actually see this happen.

And another thing…one business day notice?  Really?  Come on now.  That’s just unfair.  Used to be, changes to the lab required six months of notification before going live to allow students the opportunity to study up on them and be prepared.  How do you think the folks taking the lab bright and early Monday morning are going to feel?  I guess that adding a whole new topic to the TS section doesn’t constitute a ‘major’ change anymore.  Or perhaps because you intentionally left the description of the TS section vague, it allows you the opportunity to ‘clarify’ it with little to no warning.

I’ve got a question, Cisco.  Are the braindumpers really hurting you that bad?  You can tell me all you want that the OEQs and the TS section were designed to better assess a candidate’s knowledge of every facet of networking.  With respect: bullshit.  The OEQs were a direct outgrowth of the interview process implemented at a specific testing site to catch people memorizing leaked lab questions and getting through with no difficulties.  The TS section replaced the OEQs once the process was refined to the point where they were no longer needed.  Have people started memorizing the TS section too?  Is it bad enough that we’re going to have a new exam every week in an effort to catch the unworthy candidates?  Perhaps we should just move to a totally interview-based exam with no access to CCO or documentation of any kind?  After all, the perfect CCIE candidate should be able to configure and troubleshoot a lab without access to a keyboard or a mouse or even a monitor!

Okay, I think that’s enough ranting for one morning.  I’m at T-minus 141 hours and counting.  That should be just enough time to brush up on my L2 TS skills in addition to all the other stuff I’m cramming for.  You know, I’m just about to the point where I’m not going to pass this lab because it’s a great career move or because it’s something I feel I need to do or even because it would show me as being at the pinnacle of my networking career.  I’m going to pass this lab just to spite Cisco and some of the dumb last-minute decisions their program mangers make.  Because I don’t know if I can handle CCIE Lab 3: CCIE With A Vengeance.

A while back I wrote a CCIE lab-related post about RIP and why it’s still on the lab.  Most of the questions that I see lately revolve around another old technology and the curiosity of why it’s still contained in the vaunted lab blueprint.  I speak of frame relay.  The much-maligned WAN technology that no one seems to be able to explain the reason for existing anymore, yet the weary lab candidates find themselves pour over at the last minute.

Frame relay has been around forever.  And slightly shorter than forever, it’s been on the CCIE lab blueprint.  I’ve been actively studying for my exam since July 2008.  And as far back as I can remember, I’ve been studying frame relay.  And ever since that time people have been asking why it’s even on the exam.  I’ve heard people say it’s too old.  It’s past it’s prime.  No one offers it anymore.  Recently, with the change to the version 4 lab exam, MPLS was introduced as a configuration topic.  We all thought “Surely frame relay will be gone with its apparent successor on the lab now…”  And yet, frame relay is still there.  In fact, they added frame relay switching back onto the blueprint.  That was a huge change for me, never having dealt with that side of things before.  So, here is frame relay configuration of all kinds taunting us with is outdatedness.  Forcing us to keep up with our grandfather’s WAN technology.  And, in my opinion, that’s just the way Cisco likes it.

Just like RIP, frame relay wasn’t necessarily meant to be on the exam as a test of your ability to map IPs to DLCIs.  Frame relay introduces a whole level of configuration possibilities to the lab to test your wits without being obvious.  The whole point of keeping it on the lab isn’t to make you expend effort in getting 2 or 3 points.  It’s laying a foundation that could cost you 10 points or more.

I remember reading the Building Scalable Cisco Internetworks (BSCI) routing exam guide a few years back studying for my CCNP.  It was my first real exposure to the depths that routing protocols could go to.  In one the chapters over OSPF, there was a section that covered a ton of information on running OSPF over non-broadcast multi-access networks.  There were tables and charts and graphs galore.  All dedicated to one sub-topic.  Why was that?  Because the intricacies of running OSPF over frame relay are legion.  There are multiple network types that determine DR and BDR functionality and hello timers.  It’s like a mix-and-match sale at the department store.  So many fun combinations from so few parts.  That chart was just the tip of the iceberg, though.  Because once you’ve gotten a frame “cloud” in your lab, the real fun can start.

Suppose you have a really simple question in the lab like this:

Configure frame relay between R3 and R6.  Do not use static
mapping or inverse ARP. (2 points)

Straightforward, eh?  You could probably nail up this frame configuration in about 5 minutes.  Well, think about the rest of this example lab and find all the things that rely on Frame Relay to award points.  Let me give you a few examples:

Configure OSPF on all routers indicated in the diagram.  
Between R3 and R6, use a network type the provides for the
fastest recovery times without a DR/BDR election. (3 points)

Configure the link between R3 and R6 so that routing protocol
packets are never dropped.  If the queue has more than 20 packets,
reduce the bandwith to 32kbps. (3 points)

Configure the link between R3 and R6 to authenticate using CHAP.
(2 points)

Now, I’m not saying that all of those questions could end up in your lab.  But think about it like this:  That single 2-point FR question just became a 10-point chunk of your lab.  Now, if you don’t configure your FR section correctly, you are halfway to failing the lab from one misconfiguration!  Remember, no partial credit means that even if your whole OSPF section is right, failing to get FR working correctly means the script used to grade your exam won’t see all the routes on R3 and R6, and so you won’t get any points for OSPF.  It also means that your QoS won’t work, so there goes three more points.  And so on.  Soon, you could fail the lab simply because that outdated technology you didn’t really care about sucker punched you.

I’ve always held the belief that the CCIE lab is designed in a way to test every facet of being an network superhero.  Not just the obvious things like OSPF configuration or BGP troubleshooting, though.  As I’ve said before, the lab manual is carefully written by a team of highly competent people.  There are no extraneous words, and there are no unimportant tasks.  It’s like a game of Jenga.  The things you do at 10:00 a.m. have a direct impact on the last task you do at 4:00 p.m.  If your lab isn’t built carefully and solidly like a Jenga tower, it will topple down on the desk in front of you and knock your cup of colored pencils and markers onto the floor (metaphorically, of course).  Like it or not, frame relay is one of those blocks that forms the foundation of your tower.  Not because Cisco is protecting their investment in legacy technology.  Not because they are trying to wear lab candidates out with archaic configuration tasks.  Frame relay still exists on the blueprint because it teaches candidates to get their configurations right in that critical first hour of the lab because the Jenga tower that is your lab exam depends on each and every part.  And since frame relay can touch so many parts of the test, Cisco likes to keep it around to make sure you’re paying attention.

So the next time you find yourself staring at the blueprint and asking yourself “Why does Cisco still put frame relay on the lab?” you might try asking instead, “What does Cisco want me to learn from configuring frame relay?”  I think you’ll find the answer to the latter question a lot more enlightening.  With all of the things that depend on a simple frame relay link, one miscue could be the difference between a detailed score report and a simple 4-letter one.  Because from Cisco frame of reference, frame relay isn’t just a simple test question.  It could be one of the most important topics on your exam.