One of the first hurdles one has to overcome in achieving the CCIE - EI has been getting access to a proper lab environment. At the time of writing I have not found any reputable “rack rental” provider for the CCIE - EI. Hence I found it neccessary to build my own.
Click here if you want to go straight to the inventory list.
Hardware & Software
Cisco has released the equipment and software list for the CCIE - EI Pods for the exam. This is the logical starting point for any lab build. I will break down my choices of lab software choices by the points on this list.
The CCIE - EI Exam pods look like this pre-cabling:
Virtual machines
- Cisco CSR 1000v Series Cloud Services Routers with Cisco IOS XE SD-WAN Release 16.12
- Cisco IOSv with Cisco IOS Software Release 15.8
- Cisco IOSv-L2 with Cisco IOS Software Release 15.2
All of the above virtual machines are available in CML-PE
- Cisco SD-WAN (vManage, vBond, vSmart, vEdge) Software Release 18.4
SD-WAN appliances are available to lab on for free if your Cisco account has access to the images.
- Cisco DNA Center Release 1.3.1
The DNA Center is the main challange on the list is the DNA Center. At the time of writing it is yet to be released as a virtual appliance. The cheapest option(ignoring any partner benefits) is currently the DN1-HW-APL at a price of $24000 on Ebay. Your best bet to get hands on with SDA is through your employer.
UPDATE: Cisco now offers CCIE - EI practice labs, which includes everything necessary for the EI lab. A bit expensive to rely on 100% thoughout the CCIE EI study process, but a reasonably cheap way to get access to a DNAC.
UPDATE: Cisco is about to start supporting virtual DNA centers that’s easier on the hardware requirements. See the Cisco blog
Physical Equipment
- Cisco Catalyst 9300 Series Switches Release 16.12
Catalyst 9300 are very nice switches, the ideal choice if your budget allows for it. They allow for “Fabric in a box” and they can assume the role of control node, border node and edge node in SDA. The Catalyst 3850 can be used as a cheaper alternative.
I had a few ISR 4331 routers available that could be used as control-plane and border nodes in SDA. Hence the choice of edge nodes landed on refurbished c3650-24p switches with a license upgrade. If the 4331s weren’t readily available I would have gone for 4 x Catalyst 3850.
Supporting virtual machines
- Cisco Identity Services Engine 2.6
- Microsoft Windows 10 Professional
- Ubuntu Desktop 18.04 LTS
Peter Palúch, the CCIE Enterprise Infrastructure Exam Program Manager published the CCIE - EI host VM on the Cisco Learning Network. Getting hands-on experience with the tools available on the Host VM is recommended as automation tasks will be carried out on this VM.
Based on the CCIE - EI Learning Network webinars the desktop environment will be Xubuntu 18.04. This as available as an OVA from osboxes.org or as an iso from Xubuntu.org. I went the ISO route and a ‘minimal installation’.
Lab topology
The lab topology I use for my studies is a direct copy of the topology presented in the CCIE EI webinars. Writeups on this exists elsewhere.
End result
The completed lab build looks like this from the front. Not as pretty as the CCIE - EI exam pods but functional.
In the back there’s a laptop and a USB hub acting as a console server. It is connected to the console port of all devices via the Mini USB console ports.
As the lab will be used remotely I have put all ‘Always on’ hardware and lab hardware on two different UPS units. This way I am able to cut the power to the lab hardware from home if neccessary without taking down everything.
I started using CML-PE but found it to be cumbersome and lacking in functionality. The main benefit of it is that it provides the neccessary device images). EVE-ng is a far better option, especially due to the support for multiple startup configs. It does however require a bit of Linux networking knowledge to successfully use it with external devices.
Hardware
| Role | Item |
|---|---|
| Virtualization 1 | Dell R720 (40c, 384GB RAM, 2TB NVMe) |
| Virtualization 2 | Dell R720 (48c, 384GB RAM, 2TB NVMe) |
| Console server | Laptop, USB hub + Mini USB |
| Power control | Eaton 9130 |
| Infrastructure router | 1 X ISR 4331 |
| Infrastructure switch | 1 X C2960G-48P |
| SDA Control plane & Border | 2 x ISR 4331 |
| Intermediate node | 2 x C2960-X |
| SDA Edge | 2 x C3650-24p |
Must-have Software
| Product | Purpose | Link |
|---|---|---|
| VMware ESXi 7.0 | Virtualization host OS | VMware |
| Xubuntu 18.04 | Workstation VM | Xubuntu |
| Ubuntu 18.04 | General purpose OS | Ubuntu |
| CCIE Host VM | End host, Automation workstation | Learning Network |
| Cisco Modeling Labs - PE | IOSv and IOSvL2 images | Learning Network or EVE-ng.net |
| Cisco Modeling Labs - PE Plus or EVE-NG | Virtual network environment | Learning Network or EVE-ng.net |
| Cisco ISE 2.6 | Network security policy management | Cisco |
| Viptela vEdge 18.4 | Viptela SD WAN component | Cisco |
| Viptela vSmart 18.4 | Viptela SD WAN component | Cisco |
| Viptela vManage 18.4 | Viptela SD WAN component | Cisco |
| Cisco CSR1000v 16.12 | Virtual IOS-XE Router | Cisco |
| DNAC 1.3.1 | DNAC Appliance OS | Cisco |
Nice-to-have Software
| Product | Purpose | Link |
|---|---|---|
| Netbox | Lab documentation(hard to see cabling remotely) | Github, Ansible role |
| Veeam Backup & Replication | Enables easy full resets of VMs(ISE etc.) | Veeam |
See Also
Got feedback or a question?
Feel free to contact me at hello@torbjorn.dev