Cisco announced this week that they are upgrading the venerable CCIE certification to version five. It’s been about three years since Cisco last refreshed the exam and several thousand people have gotten their digits. However, technology marches on. Cisco talked to several subject matter experts (SMEs) and decided that some changes were in order. Here are a few of the ones that I found the most interesting.
Time Is On My Side
The v5 lab exam has two pacing changes that reflect reality a bit better. The first is the ability to take some extra time on the troubleshooting section. One of my biggest peeves about the TS section was the hard 2-hour time limit. One of my failing attempts had me right on the verge of solving an issue when the time limit slammed shut on me. If I only had five more minutes, I could have solved that problem. Now, I can take those five minutes.
The TS section has an available 30 minute overflow window that can be used to extend your time. Be aware that time has to come from somewhere, since the overall exam is still eight hours. You’re borrowing time from the configuration section. Be sure you aren’t doing yourself a disservice at the beginning. In many cases, the candidates know the lab config cold. It’s the troubleshooting the need a little more time with. This is a welcome change in my eyes.
The biggest addition is the new 30-minute Diagnostic section. Rather than focusing on problem solving, this section is more about problem determination. There’s no CLI. Only a set of artifacts from a system with a problem: emails, log files, etc. The idea is that the CCIE candidate should be an expert at figuring out what is wrong, not just how to fix it. This is more in line with the troubleshooting sections in the Voice and Security labs. Parsing log files for errors is a much larger part of my time than implementing routing. Teaching candidates what to look for will prevent problems in the future with newly minted CCIEs that can diagnose issues in front of customers.
Some are wondering if the Diagnostic section is going to be the new “weed out” addition, like the Open Ended Questions (OEQs) from v3 and early v4. I see the Diagnostic section as an attempt to temper the CCIE with more real world needs. While the exam has never been a test of ideal design, knowing how to fix a non-ideal design when problems occur is important. Knowing how to find out what’s screwed up is the first step. It’s high time people learned how to do that.
Be Careful What You Wish For
The CCIE v5 is seeing a lot of technology changes. The written exam is getting a new section, Network Principles. This serves to refocus candidates away from Cisco specific solutions and more toward making sure they are experts in networking. There’s a lot of opportunity to reinforce networking here and not idle trivia about config minimums and maximums. Let’s hope this pays off.
The content of the written is also being updated. Cisco is going to make sure candidates know the difference between IOS and IOS XE. Cisco Express Forwarding is going to get a focus, as is ISIS (again). Given that ISIS is important in TRILL this could be an indication of where FabricPath development is headed. The written is also getting more IPv6 topics. I’ll cover IPv6 in just a bit.
The biggest change in content is the complete removal of frame relay. It’s been banished to the same pile as ATM and ISDN. No written, no lab. In it’s place, we get Dynamic Multipoint VPN (DMVPN). I’ve talked about why Frame Relay is on the lab before. People still complained about it. Now, you get your wish. DMVPN with OSPF serves the same purpose as Frame Relay with OSPF. It’s all about Stupid Router Tricks. Using OSPF with DMVPN requires use of mGRE, which is a Non-Broadcast Multi-Access (NBMA) network. Just like Frame Relay. The fact that almost every guide today recommends you use EIGRP with DMVPN should tell you how hard it is to do. And now you’re forced to use OSPF to simulate NBMA instead of Frame Relay. Hope all you candidates are happy now.
The lab is also 100% virtual now. No physical equipment in either the TS or lab config sections. This is a big change. Cisco wants to reduce the amount of equipment that needs to be physically present to build a lab. They also want to be able to offer the lab in more places than San Jose and RTP. Now, with everything being software, they could offer the lab at any secured PearsonVUE testing center. They’ve tried in the past, but the access requirements caused some disaster. Now, it’s all delivered in a browser window. This will make remote labs possible. I can see a huge expansion of the testing sites around the time of the launch.
This also means that hardware-specific questions are out. Like layer 2 QoS on switches. The last reason to have a physical switch (WRR and SRR queueing) is gone. Now, all you are going to get quizzed on is software functionality. Which probably means the loss of a few easy points. With the removal of Frame Relay and L2 QoS, I bet that services section of the lab is going to be really fun now.
IPv6 Is Real
Now, for my favorite part. The JNCIE has had a robust IPv6 section for years. All routing protocols need to be configured for IPv4 and IPv6. The CCIE has always had a separate IPv6 section. Not any more. Going forward in version 5, all routing tasks will be configured for v4 and v6. Given that RIPng has been retired to the written exam only (finally), it’s a safe bet that you’re going to love working with OSPFv3 and EIGRP for IPv6.
I think it’s great that Cisco has finally caught up to the reality of the world. If CCIEs are well versed in IPv6, we should start seeing adoption numbers rise significantly. Ensuring that engineers know to configure v4 and v6 simultaneously means dual stack is going to be the preferred transition method. The only IPv6-related thing that worries me is the inclusion of an item on the written exam: IPv6 Network Address Translation. You all know I’m a huge fan of NAT. Especially NAT66, which is what I’ve been told will be the tested knowledge.
You’ve removed RIPng to the trivia section. You collapsed multicast into the main routing portions. You’re moving forward with IPv6 and making it a critical topic on the test. And now you’re dredging up NAT?!? We don’t NAT IPv6. Especially to another IPv6 address. Unique Local Addresses (ULA) is about the only thing I could see using NAT66. Ed Horley (@EHorley) thinks it’s a bad idea. Ivan Pepelnjak (@IOSHints) doesn’t think fondly of it either, but admits it may have a use in SMBs. And you want CCIEs and enterprise network engineers to understand it? Why not use LISP instead? Or maybe a better network design for enterprises that doesn’t need NAT66? Next time you need an IPv6 SME to tell you how bad this idea is, call me. I’ve got a list of people.
I’m glad to see the CCIE update. Getting rid of Frame Relay and adding more IPv6 is a great thing. I’m curious to see how the Diagnostic section will play out. The flexible time for the TS section is way overdue. The CCIE v5 looks to be pretty solid on paper. People are going to start complaining about DMVPN. Or the lack of SDN-related content. Or the fact that EIGRP is still tested. But overall, this update should carry the CCIE far enough into the future that we’ll see CCIE 60,000 before it’s refreshed again.
More CCIE v5 Coverage: