Category Archives: CCIE SP

Border Gateway Protocol (BGP) – Advertising NLRI is Complete!

BGP

I have completed the final videos and quizzes for the latest module on BGP I am recording at CBT Nuggets. Here is a recap of the videos so far!

Border Gateway Protocol (BGP) – Basic Operations (Released Jan 2018)

https://www.cbtnuggets.com/it-training/border-gateway-protocol-basic

  1. An Overview of BGP
  2. BGP Message Types
  3. BGP Message Formats
  4. BGP Neighbor States
  5. BGP Path Attributes
  6. The Origin Attribute
  7. The AS_PATH Attribute
  8. The NEXT_HOP Attribute
  9. BGP Weight
  10. BGP Best Path Selection

Border Gateway Protocol (BGP) – Peerings (Released Feb 2018)

https://www.cbtnuggets.com/it-training/border-gateway-protocol-peerings

  1. eBGP Peerings
  2. Cisco eBGP Peering Example
  3. Juniper eBGP Peering Example
  4. iBGP Peerings
  5. Cisco iBGP Peering Example
  6. Juniper iBGP Peering Example
  7. eBGP Multihop
  8. Using BGP Authentication
  9. Misc. Neighbor Options

Border Gateway Protocol (BGP) – Advertising NLRI (Released June 2018)

https://www.cbtnuggets.com/it-training/border-gateway-protocol-advertising-nlri

  1. The Cisco Network Command
  2. Cisco Troubleshooting for NLRI Reachability
  3. Redistributing NLRI in Cisco BGP
  4. Cisco BGP RIB Failures
  5. BGP Synchronization
  6. Juniper NLRI Advertisement
  7. Static Routes with Multihoming
  8. Redistributing NLRI into IGPs
  9. Using iBGP with a Stub AS
  10. Advertising a Default Route
  11. BGP Aggregation

Border Gateway Protocol (BGP) – Cisco Routing Policy Mechanisms (Releasing July 2018)

  1. An Overview of BGP Routing Policy
  2. The BGP Decision Process
  3. A Routing Policy Example
  4. InQ and OutQ
  5. Cisco IOS BGP Processes
  6. Next Hop Tracker, Event, and the Open Processes
  7. Table Versions
  8. Clearing BGP Sessions
  9. Soft Reconfiguration
  10. Route Refresh

My Next Book! Mastering the CCIE Evolving Technologies Section

CCIE Evolving Technologies

You asked for it! You got it! Terry Vinson and I are putting together an e-book (and print) for you to master this section in most of the CCIE Written Exams. I have received more questions about this section of the written exams than any other topic (pretty much ever!)

Since Cisco Systems announced these new additions to the already brutally difficult written exams, students have been in a bit of a panic about finding the scarce training materials to address these topics.

Our text follows the current blueprint letter for letter. There are plenty of practice questions to build your confidence, and no topic is left unexplored.

Thanks to Amazon.com, we are able to bring this product to you for a price that makes sense – the e-book version will be just $9.99!

Note this text arrives quickly – our current publication date is May 31, 2017!

Check Out My Other Books! 

CCIE Evolving Technologies – Cloud Security and Privacy

cloud

Cloud Security and Privacy Overview

Here is another post to help you with the new Evolving Technologies section of the written exams for CCIE. This is from the Cloud section, and specifically addresses the Security and Privacy sub-bullet.

The Top Concerns

What should be your top most concerns in this area? Here they are:

  • Secure data transfers – ensuring data travels over IPsec, or similarly protected channels is critical as information moves from your users to private, or public, or hybrid clouds; obviously public and hybrid clouds can present more risk as the Internet is often the medium of transfer.
  • Secure software interfaces – the APIs you and your provider use in your cloud services must also offer security and privacy mechanisms.
  • Secure stored data – for storage in the cloud ecosystem, is your data receiving the security and privacy it requires; what about proper disposal of data by cloud providers?
  • User access control – who has access to your data in the cloud? This is especially critical if your data is maintained by a public provider with users that fall outside of your corporate scope.
  • Data separation – if you are using cloud services in a multi-tenant environment, what techniques are in use to protect data breaches from one organization to another.

Cloud Security Controls

These tend to fall into these categories:

  • Deterrent controls – intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed.
  • Preventive controls – strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.
  • Detective controls – intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.
  • Corrective controls – reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control.

Pearson Education (InformIT)