Archive for the ‘CCIE VOICE-LAB’ Category

Wow,, I just noticed I have not been logged into this blog portal since 2012. Its almost 4 years!! where have I been to, must been hibernating somewhere behind the wet slab of beer or inside the close wall?

Well, I have been bit busy with doing so many other things with my full time job. The job I had kept me busy and challenged while at the same time I have completed my Master degree in Computing research and also 70% completing my PhD in machine learning. I am finally into my thesis and that is expected to be done and dusted by december 2017. I can’t wait to finish this.

More to come on this but this is my first paper (Alzheimer’ disease (AD) prediction using machine learning) accepted in IVCNZ 2016 conference .Those who are interested can read it through my download page –download_myfirstPaper

The academic papers are really different cattle of fish compared to the article we write on the blog. No matter what I did, my paper was bashed to death before it came alive but at the end I got use to the tantram we have to publish high quality of paper. My supervisor Manoranjan Paul helped me to shape the paper. Thank you Mano.

Gents, time flies fast and i think after PhD, i will do nothing from university prospective. what have changed since?

  1. SDN-WAN (sneaking into at ISP level straight, enterprise to follow)  is flourishing and coming in a big way. Traditional physical boxes (e.g. router,switches etc) are on the way to get encapsulated into the VM
  2. Intel DPDK is a game changer to put out all vendor with hardware router/firewalls. so go Intel!
  3. The smartCPE is the answer to the messy racks and racks of equipment in branch offices.
  4. SDN -storage is moving fast. Applications are being architected in a way that do not need those traditional block storage. Scale out and scale up architecture is getting traction. Who need recover point for DR anymore if the app is designed in a way that provide native fault-tolerance without needing a backup! Backup is already within two or three nodes in multple locations already! why did we not think about it 10 years ago?
  5. Applications are being design to support “native” cloud. which means workload can be placed in multiple geo based locations without needing the expensive DR site and I think traditional
  6. AWS, Microsoft and now Oracle are the big players in Cloud market. Pay_as_you_go model 🙂
  7. AI is improving the existing technologies and doing crazy things – center of it is deep learning where all the action is. it would be interesting to see where it ends up. for example AI/Machine learning based AntiVirus, fraud detection.

Anyway, another year left before I get my life back into the real world and start this sleeping blog portal up and running again!.

thank you,



000 0001 1 Unallocated (unassigned) number
000 0010 2 No route to specified transit network
000 0011 3 No route to destination
000 0110 6 Channel Unacceptable
000 0111 7 Call awarded and being delivered in
an established channel
001 0000 16 Normal call clearing
001 0001 17 User busy
001 0010 18 No user responding
001 0011 19 No answer from user (user alerted)
001 0101 21 Call Rejected
001 0110 22 Number changed
001 1010 26 Non selected user clearing
001 1011 27 Destination out of order
001 1100 28 Invalid number format
001 1101 29 facility rejected
001 1110 30 Response to status enquiry
001 1111 31 Normal, unspecified
010 0010 34 No circuit/channel available
010 0110 38 Network out of order
010 1001 41 Temporary failure
010 1010 42 Switching equipment congestion
010 1011 43 Access information discarded
010 1100 44 Requested circuit/channel not available
010 1101 45 Pre-empted
010 1111 47 Resources unavailable, unspecified
011 0001 49 Quality of service unavailable
011 0010 50 Requested facility not subscribed
011 0100 52 Outgoing calls barred
011 0110 54 Incoming calls barred
011 1001 57 Bearer capability not authorised
011 1010 58 Bearer capability not presently available
011 1111 63 Service or option not available, unspecified
100 0001 65 Bearer capability not implemented
100 0010 66 Channel type not implemented
100 0101 69 Requested facility not implemented
100 0110 70 Only restricted digital information
bearer capability is available
100 1111 79 Service or option not implemented, unspecified
101 0001 81 Invalid call reference value
101 0010 82 Identified channel does not exist
101 0011 83 A suspended call exists, but this call identity does not
101 0100 84 Call identity in use
101 0101 85 No call suspended
101 0110 86 Call having the requested call identity has been cleared
101 1000 88 Incompatible destination
101 1011 91 Invalid transit network selection
101 1111 95 Invalid message, unspecified
110 0000 96 Mandatory information element is missing
110 0001 97 Message type nonexistent or not implemented
110 0010 98 Message not compatible with call state or
message type nonexistent or not implemented
110 0011 99 Information element nonexistent or not implemented
110 0100 100 Invalid information element contents
110 0101 101 Message not compatible with call state
110 0110 102 Recovery on timer expiry
110 1111 111 Protocol error, unspecified
111 1111 127 Interworking, unspecified


Is it possible to study a PhD, CCIE Data Center with a full time job? Absolutely YES, I have been there and done that. I also went on 5 work related overseas trips and 2-3 weeks on holiday, driven around the country town in Australia.

If someone tells you that they saw a ghost and an alien (at the same time) in midday with 3D glasses while eating their favorite MAC hand burger filled with popcorns, would you believe? This sounds like a fantasy, isn’t it?
You probably have heard many similar tell tails, which is hard to believe. This sounds a little bit unreal that how could anyone do full time work, PhD, study and all these things together, unless had bunch of CPU fitted and have connection with neural networks. Well, in short, I’ll walk you through about my experience and how I managed to do all these things together. I will also be briefing a few tips for CCIE DC candidates.

Those who mistakenly hit this page and are not in IT field, this may be not an interesting post for you.
Stay tuned…

Be warned this is a long post, grab a cuppa and enjoy the reading. Please feel free to send your feedback or any question that you might have in mind. The purpose of this post is to inspire those who are still in their CCIE DC pursuit as well as those who are thinking of doing it but due to family commitments they unable to manage time.
I have always loved playing with Linux servers while I worked in an ISP environment. We used to have all Linux servers running qmail/postfix an all other ISP hosting open source software.Quite often I’d automate tasks with cron and bash/python scripts as that time I had so much free time. I consider myself pretty good with Linux/Unix servers. I have never been a fan of windows, even I started my career with MCSE Windows NT 3.5. I just thought windows wasn’t for me and switched to the Linux (since kernel 1x). Anyhow, since I started working with Cisco stuff, then server guys always thought that I was a network guy. Inspired by this feeling that people still thinking that I am not a server guy, my thoughts went about doing Cisco CCIE DC lab exam. Then I thought I will also be seen as a server guy. You know what I am trying to say, most server guys either lack with networking or security skil. I have at least not found anyone with strong server background as well as strong route/switch background. May be they exist for sure!

Way back in 2008-2009, when Cisco first released UCS products and block first came into the market, I was the first in APAC who got a chance to get my hands dirty to build V-Block based first Teleco grade platform in Australia for second largest Teleco. Being the lead engineer on this cloud project I ended up with doing everything. The most fun part was Nexus 1000v, N7k and vCloud director (VCSD, hot code name redwood).

I always get inspired by a new technology and always want to be the first to get my hands dirty!. After this I did handful projects on Nexus based products, a lot of VMware stuff and went to UCS training at Cisco. It was all in way back 2009-2010. Then I got side tracked with doing other CCIEs. In 2013/14 Cisco introduced CCIE DC. I was like that sounds interesting as it has multiple technology (UCS, SAN, Nexus etc.) and thought Yeppee, that will really make me a real server guy (Well at least in others view).


I then started, planning about the DC track prep. I passed DC written exam in the forth quarter of 2013 but I couldn’t find any seats in Australia. The only seats I saw was in RTP around April last year,I booked the lab seat to enforce me to do a study of this track.
Study Material used:

  • Cisco Techtorial – CCIE Datacenter exam
  • Rick Mur’s Videos – especially on Storage and UCS were very helpful
  • Tech notes,
  • Bug scrub on the current lab NX-OS codes
  • Cisco internal NXOS/UCS and MDS ppts/tshoot guide (TAC restricted), unfortunately i don’t hold this material anymore
  • INE blog – I couldn’t’ find any other proper blog where you can get answers to your queries.
  • CiscoLive Presio – they are awesome to get you started

The practice was a challenge as everyone know that to build a DC home lab it cost an arm and a leg. I was working at Cisco back then and managed to do a few full lab sessions on internal labs. They also had an internal CCIE DC mailing list where I found a lot of resources to study. Not to mention, At Cisco I met some very smart guys, I hope one day we can still work together somewhere haha– specially. Seriously, it was amazing to see these smart guys in action – the way they work, interact and analyze any issue was awesome. (You guys know if you read this thread who I am talking about, you nerd! .. John Nield and Hung To). I call them unified engineers as they really go above and beyond normal engineers.

I also used a lot of Cisco PEC labs. Unfortunately, that time there were no online DC racks. Anyway, cut a long story short, I went on my first attempt to the states (RTP). It was a 12 hour flight from Sydney to LA and then from LA to RTP was another 4 hours. When I got at RTP, I was really tired and my exam was the next day.

I was confident (thinking I did the first vBlock based cloud project in AU) and excited to see the lab challenge. I think it’s something that is natural to human beings – the human brain loving rewards. Did you every notice how many time you see your mobile phone screen on a day to check if you got anything there? Why? Well the reason for that is simple, every time when you look at the phone screen and check message your brain gets a reward for that and you keep doing it. The brain love a reward just like a dog. You can teach the dog virtually anything as long as you reward him every time. Even I managed to teach wild Australian Lorikeet how to handshake with me. I got 2 pair (sometimes 4 pairs) of wild Lorikeets coming (two or three time) up in my balcony and one does handshake and other doesn’t. That is how I identify which pair is my regular one and so I can feed them with honey. Oh thinking about Lorikeet, I just bought 5 liters of honey for my wild Lorikeets for my those great backyard buddy!!. Sorry went a bit off topic.

Back to the point, so brain love challenge and rewards. I travel all the way to the states for this exam, probably enforced by my brain to do this. Anyone I told that I am going for exam thought I was mad and most of them did not believe that anyone will go to the states for the computer exam!!
The exam day::
I woke up early, the hotel shuttle bus at Durham airport dropped me to the Cisco exam centre. There was a traffic diversion and I managed just in time to get in the door. Fortunately, the proctor was a little bit late. There were 2 other candidates waiting for the exam. One for CCIE SP and other for DC. This time I couldn’t finish the exam, I ran out of time. When I finished the exam, proctor said pen down, out of here. I felt slightly that we are in the US, better put pen down otherwise the proctor is going to shoot us. Return to the hotel, with little hope to pass.
Around 10 PM, the same day, I got my result and it was “FAIL”. Obviously, thought I did well infrastructure section and storage, but UCS took the show. I was not disappointed, but took it as an experience and now I know where to focus more. The next day I took my flight back to Sydney and told everyone that I failed. They said, you went to the states only for 3 days and failed, a bit shocking or them to believe.

Speed was the culprit and reading questions and understanding the diagram was really time consuming. Anyway, I thought I never passed any CCIE exam so far on the first attempt like another candidate. They must be very smart to pass on first.

I already enrolled for PhD this year (2014) at University and my assignment was due in April, just after my fail lab attempt. Focussed on PhD and got my assignment done. Boys, its tough to do a PhD than CCIE, I tell you right here. I have not done academic writing for ages and had to catch up with it. I actually managed to pick it up quite faster than I thought, probably it was saved in a dead socket that just got shocked and become up live. Then I did about 2 research projects for my PhD delivering 10 assignments (15-20 page) each – e.g. topic selection, literature review, research design, presentation and running experiments to generate data, etc. April to October, my PhD took the show while I was still doing full time job.

At work, being technically all rounder didn’t really help to spare more time for my study as I was often pulled up to fix multiple things that nobody was able to fix. The project had a crazy unrealistic schedule and I had to work on weekend on critical integrations and no break during the week because planning for the next weekend integration/cutovr. I think it took a lot of time out of my study schedule. I almost worked 15 extra weeks in the last year (on top of regular full time standard hours). Furthermore, I still went out with my friends once or twice a week to enjoy, but 2014 was a real busy year for me.

The PhD mid session break came in the first week of Nov 2014, I went to a Lord How Island for some research work to collect some data. I rented a push bike and I could not imagine cycling one end of the island to another within 15 minutes by push bike. I actually had a week break there to refresh myself.

I tend to get inspired for new study after the Christmas – New year break. Every year during this time, I focus on two things;
a) What I achieved last year
b) What I am going to achieve this year

Experienced last year’s crazy schedule first hand, I really made up mind, I am not going to study PhD+CCE and full time job. I totally dropped an idea of CCIE but focus on the PhD. Then I took a week off again (As I had plenty of time in liue and went to a country drive. I drive passed all 10-15 beaches between Sydney and Melbourne boarder. I was nearly driving to Melbourne, but then thought I might have to extend my stay which was not possible as work demanded to complete something that week. I had some fun with Meercat at Mogo Zoo (in NSW, a must see, kids will love it) and other animals and visited the beautiful beaches on south coast of NSW that I have never been to.

It really changed my outlook, some fresh idea came in my mind and then I rethink that why can’t I study again for CCIE DC, study PhD in parallel (with full time work). I then managed to convince myself and got into this journey. This time I know there are plenty of rack vendor (INE my choice)! More workbooks. Went on YouTube and there it was Rick Mars a lot of videos to watch. Again, I think this is because our brain love being rewarded and put you in challenging situations.

I enrolled in January at University for the second year in PhD, this time I prepared all the required firs terms PhD related research work in advanced. Finished first in mid Feb while I also studied a little bit here and there for DC. By Jan last week, I was doing 4 hours daily hands on practice. I had UCS simulator and N7K simulator practicing at home and PEC and INE secondary sources.

I started looking for DC dates, but no dates in Sydney, all of a sudden one day I saw dates all of a sudden appeared in Sydney. I just picked up the second week of April, 2015 for my lucky exam day!
Feb to April – I started studying seriously, everyday finishing work at 5pm sharp and then studying either for my PhD or CCIE. Sometime I will do both but this time I had no life. I couldn’t go out with friends and enjoy drinks on the weekend. I also had to travel to interstate for two weeks, which really interfered with both my study and I was unable to use my rack time.. What a shocker!!.
Anyway, last two weeks before the exam, I ask my manager to take Monday and Friday off (I had plenty of Time in L). Then luckily I had an Easter long weekend that helped me to focus on study. This time I
a) I developed my speed on doing tasks that I was slow on.
b) Focused how to troubleshoot
c) Checked blogs, latest tech notes
d) Made note of all events when I was not able to produce lab results, e.g. Fails to bring F port channel Trunking. UCS FCOE VPC won’t come up, FEX not registering, etc. About 150 of them. I will be sharing 20 of them here, which will help you guys
e) I managed to find a study buddy, but he vanished after he passed, just over a week! After he passed he said he has nothing to do with me! What a shocker.
f) Adopted a proper learning method – e.g. Read, observe and repeat methodology that is standard across the academic world.
g) I reused Cisco free PEC labs available to Cisco partners for part-by-part learning scenario
h) Once I learned part-by-part then I need full time full rack e.g. OTV+FP,Infra, Storage , FCOE etc.
i) In a DC rack rental, previous candidate often leaves their practice unresolved. I’d always fix them before I do my rack scenarios.
I continued it just before my lab attempt, In April, I forgot about my PhD related work but jut focused on CCIE stuff. Well, I got 10 days to deliver my PhD project literature review so has started working on it already.

I have been practicing all day on weekends, just before the exam. I finished labbing at 11PM and went to bed, woke up at 5:30 and couldn’t sleep afterwards. I woke up had a shower and breakfast. At 7AM my wild Loikeet came on my balcony demanding food – I shook hands with them and ask them to wish me good luck. Hey one of Lorikeet bit my finger as I was slightly late to feed them pure Mudgee honey!. Probably she was not happy with me feeding her grapes.
Got support from my friends wishing me best of luck by text message.
This time I was confidently as I managed to control my speed and accuracy of doing tasks. I was also familiar with the lab topology and was confidence to handle any scenario that might come up in my plate in the lab. I took a train ride to CCIE exam centre, it only took me 30 minutes, had a cuppa and a bottle of water. Took it upstairs, saw there was another candidate was waiting for the exam. Reception lady was very friendly and she told us that sometime proctor arrives a few minutes late. After a few minutes there was another candidate at the reception. One was for R&S and another for Service provider. The SP guy flue from Korea. He left lab just after 4 hours, not sure if he passed.
The proctor finally arrived, he took you to the exam centre after we showed him a photo identity. This time I was calm and I read the whole exam in less than 15 minutes. Made notes like NTP, IP address, UCS FI ports, MDS plots, loopback address, WAN address.
Last time I went task-by-task in chronological order. This time I changed my strategy and I think that finally paid it off.
a) Configured DC1 MDS1 First
b) Configured DC2 MDS1 second
c) Then moved onto N5ks – including fex
d) Then UCS and Nexus 1000v. On 1000v you will not see the VEM. I thought if I forgot this section because of me tripping into other issues,this will make sure have enough points. Remember the UCSs and 1000v Is a great point CoW.
If you got up to these sections right, you know if you are loosing the battle with lab (cancer)or winning.
e) Then DC2 N7Ks – finish everything here, including L2/L3, OTV ACL etc.
f) Then Once you finish DC#2 – most tasks in DC1 or copy and paste of DC#2 – a true notepad job!
g) This time I managed to finish the whole lab within 7 hours. One hour spare to verify the solution.
h) Verification is a key to pass so I made sure I did it as much as I could from the remaining time. As a result, I picked up a few blunder mistakes (assigned wrong loopback address in DC1), UCS port type requirement got wrong and a few others. I picked them up at the last minute.
i) The proctor came up and said you only got 15 minutes left. Then I did another round of final checklist with task written on paper – ticked them how much I scored. I only missed 3 questions that I didn’t know the answer. Tried looking up in the document, but I couldn’t find.
BTW, if you are planning to do an exam in Sydney, you will not regret , the proctor here is a really nice guy and very knowledgeable. He will try to help you , obviously without telling you the solution. I asked him 5-6 questions and he was to the point and excellent in explaining his thoughts on my doubts. Another guy also had the same opinion about him.
I left the exam centre at 5pm and checked my phone while on the way back to home and within I got an email stating – your result is available. I clicked while I was just ordering a beer at the pub with colleagues. Unfortunately, my mobile won’t open Cisco site as it was on GPRS. I have iPhone3 that somehow I don’t want to give up yet, but it was quite frastrauting. I went to a bartender and asked him to give me WIFI code. My drinks were waiting, my friends’ thoughts I was ordering some sprits but little they know what I was after. I nearly chucked my phone into the rubbish bin, but then thought it my 8 year old toy and I should have more patience. Anyway, after connecting to wifi, I managed to open a website and what my eye saw was unbelievable. “PASSED”. I screamed and everyone at the pub thought I was mad. Then my friends explained the why I screamed out. I then kept refreshing the screen, though it may be a mistake again, but I think my brain was inspiring me to do something to get rewards.
My CCIE Journey ends up here, hopefully no more CCIE. I think 4xCCIEs are enough to retire, what a your thoughts? Seriously, after PhD which I will most likely finish in 2017, no more study. It’s going to be a full stop.


a) Read online blogs – you will always learn something that you can’t find on Cisco documents
b) At DC rack rental: Most of the time you will see previous candidate has left his configuration unresolved e.g. not able to bring the San port channel up or VEM not showing up on Nexus1000v. I suggest, when your turn comes up, check it out and try to resolve it. That is exactly what might happen to you in the actual lab.
c) Check what other candidates are practicing on online racks. Take a backup of their config that they left because their time is up and try to find out why they are practicing that. You will get a lot of info re where to focus.
d) Narrow down particular tasks and mindmap it.
e) Use endnotes or similar software to manage your reading list. I personally use endnote.
f) Follow the above order – e.g. do storage first – you will know why I said it
…. I will be publishing a link here to other tips related to MDS, OTV etc.

I am sharing a few ways that could help you to save time for study. Remember, there are only going to be 24 hours in a day unless you go to a marsh and they have 48 hours a day type solar system  so we got to get what we can out of these hours. This is just a matter of balancing it out.
a) If you are married, ask your relatives to help you out with kids drop/off, pick up, shopping etc. SS you get more time to study
b) Set up your study pad in your grandpas’ / relative’s home. This will enforce you to concentrate more and regularly on the study
c) After 5PM switch off work and personal work emails and don’t’ try to let your brain overpower you.
d) The sleepless – study found if you sleep 4 hours over a few months and then sleep longer in between makes up for the loss. I had pulled that research article from one of the top ranked journals
e) Ask your manager for Friday of over 2-4 months of the study period. I was lucky my manager approved it.
f) If you are not worried about full time vs part time – get a contract job and only work for 6 months, remaining 3-4 a month you can dedicate to study. Get it done and then get another contract role. I personally don’t care if I am permanently or contractor. These days there is no job security anywhere. If you can’t do a job, then you will be chucked out anyway.
g) At work, try to aim to finish at 4pm. Try to do given work task as quickly as possible so your plate is always empty and you take home no job. Your brain is free to entertain DC stuff
h) Try this – Take 10 minute lunch break and leave office at 4:30pm to escape the peak hour traffic buildup.
i) Try taking Friday or Monday off to stretch your study on weekends.
j) Remember, if you don’t use it you lose it theory – read, observe and report is the key of success.

If you have any other tips and would like to include them here, please feel free to contact me.

What’s next? Nothing, CCIE has been just a brain game for me, personally, it keeps me a challenged. Good food for my brain.

A lot of people asking me why I don’t have R&S under my belt. There is a secret hidden behind that, I’m not the only one who does not have R&S, I also know the genius Mark Snow (also 4xCCIE) also somehow he also have not added R&S to his portfolio.
Well the reason is simple – why go margarine when u have butter 🙂

For those who are unable to get the dates, make sure your brain’s neuron networks are active till the exam date.

Cheers, Harold

Triple CCIE now – so what?

Posted: March 18, 2013 in CCIE VOICE-LAB

Last week, as we all know – The LinkedIn password in hash form were stolen by Russian hackers. Well they were found on one one of the Russian website. I personally recommend everyone who have account on the LinkedIn to change their password.

However, if you’re still curious to know if your LinkedIn account password was among the one that has fallen into these hackers hand, here is the brand new dedicated website that allows you to type your password and it actually converts your password into the HASH and then compares it against the hacked HASH database.

If your password was not hacked, you’ll see the following result:

” Looks like your password was not leaked. Hooray, You should still change it.”

That’s good news, your password was safe!, if your’ password was hacked, you’ll see the following:

2012 06 06 14h26 09 LeakedIn: Check if your LinkedIn password was leaked with this tool

WARNING: Use this site at your own risk, don’t quote me!

On a side note, if you’re a heavy linkedin addict and use calendar and other iPhone app of LinkedIN, something here for you to be aware of.






That is scary, isn’t it?

If you are a “pure” network engineer and still have a mortgage to pay, this post is probably for you!. Those who are preparing for CCIE voice or application firewall or F5 load balancer are on the right track.

In short,  SDN (Software defined network, aka SDN cat) products are already out of the bag now. SDN will require no more so called CLI monkey (The Network Engineer)  to configure and monitor the traditional switches/routers. SDN products are coming soon in your local cinema. Here is a typical example of upcoming SDN:

Dynamic changing nature of an IT industry, keeps all of us (in IT) awake till 2am in the morning – this sounds about true! I remember way back in 2010 when I was studying for CCIE Security, I bought an IPS appliance of the eBay and as soon as it arrived on Tuesday afternoon, I was on it until 3AM in the morning. I remember that day it was 2:30 AM in the morning, my neighbor “Mrs Kathy” knocked on my door and asked why I have been vacuuming my flat for the last 3 hours, she couldn’t sleep because of the noise. I said, no I am not vacuuming my carpet at all, in fact, I don’t even have a carpet to start with! She grumbled and said to me, she can still hear a “strange” noise coming out of your flat. I said, oh..  I bought this small machine that might have some strange noise coming out of it. She looked at me and said politely ‘go to bed and have some life”. You know now it is true, we’ve to wake up or study during the weekend to keep up with the never changing world of the IT. This is fun or fuss! It’s your call to get along with it or select another career that is not so dynamic. That is my little real story. Let’s come to the point now!

In this post, I will try to keep everything much simpler than they are hovering over onto us. I think this is about the time to make a decision whether to stay in a pure so called ‘network engineering’ role or move into application, system and virtualization (Cloud is the right buzz word) space.

All Network Engineers should diversify their skill set, those days are not long ahead from now when Employer will stop advertising network engineer’s role. Nobody needs old pascal or clipper programmer anymore these days, do they?

I put that intentionally in “BIG” quotes, there is a reason for that. If you look any role that google or other big  web3 company are advertising for network engineer, they are asking for ‘Perl/python’ scripting. Why is that? Now you probably think, it is a network engineer role, but they are asking for scripting knowledge. This doesn’t sound right. Since when a Cisco or Juniper router need to be scripted. Those who are preparing for CCIE Routing and Switching lab exam would probably have used a skirt of TCL based script to check ping connectivity across the topology in the lab exam, but most network engineers (especially those coming from the small shop)  won’t have a clue about using script on a router.
But wait .….. there is a catch why google/amazon need a perl/python junkie for a networking role. Well, simply because the power of Open Source philosophy.

Google and Amazon are the biggest consumer of networking equipment on this planet that vendors like Cisco/Juniper build for them as well as for other companies. Most cash flow comes off these big companies because they buy switches from these companies – simple. Now, what happens if these big consumers (google/amazon) decide and start building their own switches? You must be thinking what I am talking about. Why would anyone build switches if there are off the shelf switches that they can buy.

The fact is, these vendors have had so good for such a long time. Have had enough milking out of writing software codes. A 48 port switch from Cisco or from Juniper will have approximately the same amount of chips/silicons so the original (OEM) hardware costs almost the same. The silicon chip cost the same no matter which vendor is using it. The switch price is decided by the  cost of the software and feature set. Sounds familiar now with the Cisco IOS and feature sets (voice, security, advance enterprise et. al)?

Talking about these top companies/consumer (google/amazon), the cost is not probably issued with them. They’ve got the money and they can buy any vendor switches.  The issue comes with when they want something to do with the switch but they can’t do. This is because of switch vendor do not release source code with the switch. As we all know, google recruits best of the best mind and have an in-house programming team, so called ‘python/Perl’ programmer.
Cisco never has a merchant switch in their portfolio until the Nexus family of product release late last year. So much customer base (banking/share market/financial institutions) and no merchant switch? You see someone else started building merchant switches and ate up the market share. Time is the money! Google philosophy works in the same way, they want the feature set with a switch and they want it now. Most vendors won’t even look into introducing new features, the reason being their team is so busy in fixing the bug from previous release, have no resources to work on a new feature. Well, the close source world works like this way and it has been since I have been working in IT. It is as it is and as its name implies (close source, black magic).

In this modern day and age, thanks god, things has started changing. Take a step back, had Cisco/Juniper made their networking equipment codes available through GPL license, it would have been easier for anyone to add and remove features that they wanted on the fly. It would have been just like any other open source project that we see on Now the game of depending on the vendor  to get a feature set is changing rapidly. Genius brain child at google/amazon have finally decided not to depend on these vendors  anymore to get a new feature that they want today and now. This is fair enough and fair game, just like a kid want to play with a toy today when he’s a kid and need a toy when he’s a kid. It would be meaningless having a bunch of toys stacked in the backyard when you’re 50! Is it? Anyway… The matter of the fact is, google’s traffic is so huge none of the vendor on this planet were able to provide them the right equipment to handle their massive data the way they wanted. This is the only option for them.

As we all know, Google already has a team of engineers working on building their own network switches. They order cheap silicon (from Taiwan) and build their own switches. Are these switches running Chrome OS or Android and what about IOS Feature set? The IOS for these no-name brand switches are based on the standard Linux kernel (version 2.6  oh yeah) and an open stack software protocol  that comes in a tar file OpenFLOW. The answer is no, they run the standard Linux kernel and  *nix variant. The engineer can get root shell access and write their own codes to develop the switch feature set that they wanted today. Is this new, probably, know, this is what open source is all  about. The  magic stick is called “openflow” that is running wild in the open source community to power these no-name brand switches. Now you’d be thinking that if these big giants have started building their switches what the heck another vendor are going to do with their products. Well, believe it or not vendor had already started the race with Google and other web giants. Cisco, Juniper, IBM, HP all has started introducing OpenFLOW feature in their switches:

Cisco openflow
Google’s secret 10 GIG switch:
IBM has already released openFLOW based switches – IBM OpenFLOW switches

There are so many advantages of openstack codes running on Taiwanese silicon switches. The main advantages are:
1. Develop your own feature that you want “TODAY” (don’t wait for years for a small feature set)
2. Software based controlled – NO CLI or expensive engineer required to configure a switch.
3. Easy to take switching codes to the next label – End of the vendor war

BTW, if you already not aware of, google G-Scale production network was already on their own homegrown OpenFLOW based switching platform. They’ve figured out how to hook slow (their internal) on openFlow. Full SDN are based on sFLOW and runs on top of OpenFlow.  There are only 2 vendors at the moment who have solved this L2 and L3 issue with sFLOW and OpenFlow. Nircia is the one that comes in my mind who have the full SDN product. Well, they’ve solved the issue at the right time. Cisco and other vendor are still figuring it out. See on the above Cisco link – Cisco has a dedicated coding team to develop openFlow in their switches.

You now have an idea what I am whining about in this post.  Back to our original topic- why next generation’s network engineer should have coding skills and why google and other vendor want a network engineer equipped with the Perl/python toolsets. Now, this obviously makes sense that it’s a fair drinking for Google /Amazon to ask a network engineer “hey do you know Perl/Python”.  These web giants just do not want a network engineer with “show IP route” or “IP route” type  Network Engineers (oh the CLI monkey). They need more bang for their bucks. The above #1 and #2 are the reason why a traditional network engineer will no more be in demand in coming years. The fact is  that  the Openflow and sFLOW based network hardware are going to be software GUI provisioned.  There will be no vendor limitation. You can have Cisco, Juniper, raw no-name brand switches , all managed and provisioned by a single GUI (the sFlow controller). Since it’s  software driven and everyone knows how to click and who clicks knows how to read work instructions too. If everything is gonna be software driven, with a few mouse clicks now an HR lady could easily provide SDN powered switches/routers.  SDN powered switches/routers can be shipped on site with no configuration. A sparkee plugs it in at the site when he goes to do the cabling and SDN powered (sFLOW) controller finds and automatically pushes pre-template configuration. These templates are created by the Perl/python type network engineers. The HR lady now can easily select a template and push the configuration with a few mouse clicks to the newly plugged in switch.  Sometime she might get too busy and  can easily schedule provisioning task for midnight. During the day she could focus on her  regular HR tasks.

And what about those template nerds? Once these templates are created, slow/OpenFlow powered switches start configuring themselves within the SDN frame work. What would these nerds (Perl/python type network engineers) do after they have created  the required template? Who is going to monitor and troubleshoot  those newly shipped switches? The well HR lady can’t do that, she only checks and does according to the GUI work instructions (WI)? The answer is SDN taken care of all these tasks. There is no room for mistake because all kinks are already tested and taken care well in advance by Perl/python powered network Engineer. When HR lady and  the nerd wake up  and get to the work the next morning, they saw already 90% traffic load creeping on these  switches in their production network.

Is it just the fantasy or I have lost my mind now thinking about such a crazy thing? What would this type of network engineer will do all day long at google office if everything is gone templates and automatic. HR lady is doing provision work and she can easily cron/schedule it for the night time. Well,  the answer is these nerd in google office you’ll see doing the other innovative work rather than supporting customer (as a traditional network engineer does) for simple things like switch port is not configured, oh port suppose to be a trunk, config errors. Now you’d probably think that I might have been on high when I wrote this posting, pun indeed.  Some of you might have got an idea and may be thinking like – well, I am a network engineer switching part is eaten by the openFLOW revolution, but I will still be able to get a job on Routers. Someone needs routing to do if not switching. Well, don’t kid yourself here mate, open vSwitch/sFLOW  powered SDN products are already on the horizon. These new technologies are baking at a very fast rate – probably on 300 degree Celsius in  a microwave oven. They (the stable SDN) will be out in the wild before we could even think. As  usual, you probably noticed,  early production of mangos do not taste as good as the later or natural version. The same concept applies here, the current version of sFLOW  based  SDN products are quite buggy.  The open vSwitch is a combination of NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag.

Nicira already have vSwitch product out and available today. The software controlled switches (SCN) are the current market trend. SDN will be the next generation network for bigger enterprise. We’re very close to experiencing SDN in real life. (update April 2013, btw, VMware bought this company and added to their portfolio)


I remember, 5 years ago when VMware started doing virtualization, nobody will put their SQL or Exchange server on VM.  DB/APP guys  will go ballistic if you even whisper  SQL VM to IT manager.  Hasn’t that changed now? Oh yeah!, the matter of the fact is these days you have no choice but virtualization.  This is exactly what we would see – Software powered network, the SDN in action, taking networking world to the next level. No offense here, but this is one of the reasons network engineers should multi-skill themselves!. You could argue anything for political shake, but you can’t argue against what is going to be the future trend and you’ll feel and experience these new and upcoming SDn stuffs. They’re going to hit everyone, so did the cloud and dotcom bubble in the past, nothing new here.

In next, blog entry I will cover up OpenFLOW architect and some scripting features.

Cheers, Push
4xCCIE (voice/security/SPv3/DC)

Update 17 April 2014 – VMWare in 2013 bought Nircia and SDN has started kicking in!

Double CCIE Now!

Posted: May 22, 2012 in CCIE VOICE-LAB

It was way back in 2008 when I passed My Voice LAB

In 2011 , I passed my CCIE Security.

More on and !


hehe… Not in 10 minutes but its in 20 minutes 🙂

It has been a long time since my previous posting on this blog. I have been busy doing all sorts of bits and pieces!!

It seems that people are finding issues with integrating Cisco Call manager with Cisco Presence server. I have to agree to it because there is very limited documentation available for the public on the net. So I thought to spare some time and post it for the benefit of all.

I’m assuming you have already installed and configured Cisco Call manager 7x. Two phones are already registered to it.

Also assuming that you have done the basic installation of the Cisco presence server. As you know Installing Cisco presence is like installing Yahoo messenger in your windows XP.

The next .. next.. next and finish strategy :). It’s just the same as you add Call manager subscriber to a Publisher (in 5/6/7x), same secret, the same Pub Ip address will be asked during the installation.

Here are the summary steps of integrating Cisco call manager 7x with Cisco presence 7x.

Step#1: Enable presence globally on Cisco Call manager

By default presence subscription is disable on CCM.

System>Service parameter>Cisco Call Manager>

Search for “Inter-presence” key word and set “Allow Subscription”

Step#2: Create SIP trunk Security Profile in CCM

Special setting is required for SIP trunk which runs from CCM to Presence.

Copy “non Secure SIP Trunk Profile” to “Presence non-secure SIP trunk Proifle”

Modify below parameters:

  1. Device security mode: Non-Secure

  2. Incoming Transport type: TCP+UDP

  3. Outgoing Transport Type: TCP

  4. Incoming Port 5060 (untick Enable digest authentication)

  5. Enable application Level Authentication UNTICK

  6. Accept Presence Subscription TICK

  7. Accept Out-of-Dialogue REFER TICK

  8. Accept Unsoliciliated Notification TICK

  9. Accept Replace header TICK

  10. Transforms security status UNTICK

Save it

Step#3: Add a SIP trunk now from CCM to Presence


Protocol = SIP

Fill in below parameters:

  1. Device Name : PRESENCE-TRUNK

  2. Description : blah blah

  3. Device Pool : DP_HQ

  4. Common Dev conf : None

  5. Call classification : On-Net

  6. Media resource Grp : MRG_HQ

  7. Location : HQ_LOC

  8. AAR GROUP : HQ_AARG (if not using AAR leave empty)

  9. Packet Capture mode : None

  10. Packet Capture duration: 0

  11. MTP required : TICK

  12. Retry Video call as audio : TICK

  13. SIP information – Desitnation Add:


  1. Destination port : 5060

  2. SIP PROFILE : Presence non-secure SIP trunk Proifle

Save above.

Step#3: Make your IP Phone presence capable

  1. Register a phone 2001 name it HQ-Phone1

  2. Create end user “test” and associate HQ-Phone1/2001 with the “test” user

  3. Make sure test user is a part of “Standard CCM End User” and “standard CTI enable”

  4. Make sure Primary extension “2001” is selected when you create the above “test” user

Step#3: Add an application user for IPPM and MOC CTI ports

This will be used by Presence server to initiate IP Phone services:

A) Go to > User Management>Application User>

  1. User ID : IPPM

  2. pass : blah

  3. Presence Grp : Standard

  4. Groups : Standard CCM End User

Save it

Repeat above “A” steps for moc_user as well. moc_user will be used by the MOC CTI user in Presence. All users who want presence using Microsoft MOC client will be associated with this user.

Make sure all “accept” tick boxes are TICKED on moc_user.

B) Go to > SYSTEM>Application Server> Add NEW

Add Presence server IP address here, i.e.

Save this as well. Damn, too many things to save 🙂

Step#4: Create IP Phone service URL

Go to> Device>Device Settings> IP Phone Service

  1. Service Name : IP PhoneMSG

  2. ASCII Service Name : IP PhoneMSG

  3. Service Description : Blah

  4. Service URL : blah

  5. Service Category : XML Service

  6. Service Type : Standard IP Phone Service

  7. Blank

  8. Blank

  9. Enable : TICK

It’s standard Phone URL we create and subscribe in CCM. Nothing new!!

Make sure you copy the correct URL from the DOC CD.

Save above as well.

****Then subscribe above service to HQ phone1/2001*****

Step#5: Enable presence Licensing for each user

Go to> System>License>Capability Assignment>

Then Find the end user you want to assign the presence license.

Tick the user and hit <Bulk Assignment>

A new pop up window to pop-up. Tick both checkboxes in that and save.

  1. Enable CUP – TICK
  2. Enable CUPC – TICK

Step#6: Add CUPC client in CCM for HQ 2001 phone

The trick here is, this is a dummy phone which will control provide HQ Phone1/2001’s presence information to Presence server. Add this dummy presence client and add a HQ2001 DN to it.

Go to> Device>Phone> add NEW

Phone Type : Unified Personal Communicator then hit <NEXT>

  1. Device Name : XXXCISCO

  2. Device Pool : DP_HQ

  3. Phone Button Templ : Personal Communicator SIP blah

  4. CSS : Blah select all common things

  5. Owner user ID : test ← a must

  6. Leave everything else default

  7. Device security profile : Unified Personal Communicator Standard

  8. SIP profile : Standard SIP profile

  9. Digest User : test ← a must ** read more about this

    Save everything above 🙂 so far so good , well done 🙂

    Now add a DN to this above device: (same as HQ phone1 shared one)

  10. Directory Number : 2001

  11. Everything else… default or your customizeble >> Save above

Once above dummy device is added, associate this device with “test” user we created previously. Now you remember we have 2 device associated with this user: A) 2001 phone and B) XXXCISCO

Also Make Physical phone DN2001 has “test” user associated with it. This is the last option in line 2001’s setting before “save” button. If this has not been done and you run presence diagnostic it will keep telling you that “No line appearance existed in CCM blah blah”

That is all we needed to do with Call Manager. Now Jump on the Presence BOX.

Step#7: Presence box general configuration:

After installing basic presence, you’ll see presence post install, setup screen in your web browser by typing a presence Server IP address on your browser and supplying credentials to the login screen.

(hehe, I call it doscreen, sitting like a dog waiting for your fingers to feed it like dog wait for food :))

So you’ll see “Post Install Setup” screen with below options:

  1. CUCM Publisher IP address : (default, not changeable)

  2. AXL User : Administrator

            1. (I’m too lazy to create a new one, for production server, you must create a new AXL user for security reason.)

  3. Axl password : blah blah..

  4. Confirm password : blah blah <then hit the “NEXT”>

  5. Security password : blah blah (whatever you supplied during installation)

  6. Then hit the “CONFIRM” (Ignore the warning)

    Finally you will get 3 options:

    A) Home B) Status C) TOPOLOGY

  7. Click on “HOME” you’ll see you are in a new home 🙂 i.e. Presence main admin page.

Step#8: Upload License and Activate presence Services

  1. First upload the license if you haven’t done that so far.

  2. GO to > Cisco Unified Servicebility>>Tools>Activate services
    Activate all services, it will take 2-3 minutes.

Step#9: Configure Presence

Jump straight on Presence Admin page>>Diagnostic>System Troubleshootor

Pay attention to RED crossed balls and yellow exclamation! Signs and fix them one by one.

  1. Under Presence Engine: Click on FIX under “no communication presence” this will take you to add presence gateway:

    Add NEW>

    Presence Gateway type : CUCM
    Description : blah

    Presence Gateway : ← CCM IP

    Double check the settings under below menus:

  2. SYSTEM> CCM Publisher : Check all parameter under this

  3. SYSTEM> Application Listioner>Default class SIP TCP Listioner (make sure its what you have defined in the SIP trunk on CCM – transport method TCP or UDP, both should have the same protocol/port) we are using:
    Protocol = TCP
    PORT = 5060

    Add NEW> description=blah/all address pattern=all

Step#10: Tune the Presence Engine’s Service parameter (same as we do with CCM)

SYSTEM>> Service Parameter>Select active CUPS Server> Select Presence Engine

  1. Search “Proxy Domain” and set it to : (or domain name)

  2. Search “Transport Preferred Order” and set it to : TCP/UDP/TLS

Step#10: I Configure IP-Phone Messenger on Presence server

Application>IP Phone> Setting

  1. IPPM Application Status : ON

  2. Application user Name : IPPMSG (created in step 3A)

  3. Application Password : blah…

  4. Confirm password : Blah

  5. Max Instant message : 25 default

  6. Subscription timeout : 3400 default

  7. Publish timeout : 3600 default

    Hit “SAVE”

Step#11: Select a SIP trunk between Presence to CCM

Tell presence which SIP trunk should be used for pumping calls to CCM.


  1. CUP CVP Support : UNTICK

  2. MAX Contact List Size : 200

  3. Enable instant messaging : TICK

  4. Enable SIP Publish on CUCM TICK

  5. CUCM SIP Publish Trunk : <Select_Your_Trunk><– A MUST

Don’t forget to save after above. Above SIP trunk will be automatically listed in above “5”. This we is the one we created on CCM.

Step#12: Set TFTP address for IP COMMUNICATOR Clients

Application>Unified IP Personal Communicator>Settings

  1. Proxy Listenor : Default Cisco SIP proxy TCP Listenor

  2. Primary TFTP : (CCM pub tftp)

  3. Backup TFTP : (sub tftp) or whatever

LDAP – if you are using LDAP put LDAP parameters there. Else disable it.

Step#13: For MOC client define CTI Gateway

Application>>CUCM CTI Gateway>Settings

  1. Application Status : ON

  2. Application Username : moc_user (make sure its created on CCM as app usr)

  3. Application Password : blah

  4. Confirmed Password : blah

  5. CUCM Address : (CCM address)

Now time to run the Presence troubleshooter again. This will tell you what’s remaining and how to fix it. Once those are done, activate the presence and other services and bingo.. You are ready to rock!! On hang on, oh no!! Still remaining:

  1. Rremote call control (RCC) – for MOC integration (Click2Call, RCC)

  2. Creating users and testing presence

  3. Voicemail integration with Presence

I’m sleepy now, will continue to remain part next day!!


How to integrate Cisco Presence with Call manager


Push Bhatkoti

Cisco recommends purging CCM 4x CDR database before running the DMA tool to migrate CCM 4x to 5x/6x.You may use either method shown below to reduce the CCM 4 CDR database.

Method#1 (My favourite)

Shrink the database via the SQL Enterprise Manager.

Note: This is done on the Publisher.

  1. Select Start > Programs > MS SQL Server > Enterprise manager.
  2. Choose the Publisher server.
  3. You can either go to the ART database or CDR database, based on which file is large.
  4. Right-click the database.
  5. Select All Tasks > Shrink database and click Files.
  6. Select the database file CDR and CDR_log on the new window.
  7. Shrink each of them.This process takes some time.If the file is still large or SQL is not able to shrink the transactional file, use Solution 3.


For SQL 2000 (Cisco CallManager 3.3 and 4.0), complete these steps to reduce the size of the CDR_log.LDF. This is located at C:\Program Files\Microsoft SQL Server\MSSQL\Data.

Use these commands at the command prompt:

C:\>osql -E
1>use art

1>backup log art with no_log

1>dbcc shrinkdatabase (art)

C:\>osql -E
1>use cdr

1>backup log cdr with no_log

1>dbcc shrinkdatabase (cdr)

Cheers, Push


Worldwide CCIEs since January 2006

01.01.2006 12862 12247 584 269 26 230 716 397 209 8 106 117
02.01.2006 12967 12292 594 282 28 244 737 404 223 8 112 120
03.01.2006 13060 12365 601 294 32 256 760 412 232 10 115 124
04.01.2006 13161 12462 618 304 35 269 777 422 239 13 119 129
05.01.2006 13299 12552 645 322 39 285 814 441 248 15 125 133
06.01.2006 13417 12716 677 335 39 301 842 456 264 15 124 137
08.01.2006 13602 12850 720 371 46 330 898 483 288 19 141 147
09.01.2006 13756 12929 745 387 50 339 927 501 296 21 144 150
10.01.2006 13885 13039 775 403 53 343 967 522 312 21 146 150
11.01.2006 14056 13165 809 430 57 361 998 534 331 20 153 154
12.01.2006 14141 13237 850 436 59 378 1041 568 338 22 160 158
01.01.2007 14116 13187 888 441 60 387 1056 579 343 23 161 163
02.01.2007 14177 13231 892 445 63 411 1069 582 343 24 171 163
04.01.2007 14387 13408 906 474 70 445 1113 589 359 29 187 161
08.01.2007 15062 13898 1046 569 90 543 1240 483 268 22 167 189
11.01.2007 15658 14329 1207 650 99 601 1344 517 300 23 182 210
03.25.2008 16355 14764 1402 735 111 689 1232 517 300 23 182 210
08.01.2008 17660 15754 1699 916 135 778 1680 632 402 34 228 268
09.09.2008 17840 15852 1764 961 139 802 1729 646 423 34 236 274
10.10.2008 18084 16019 1828 1006 139 822 1776 663 440 35 242 280
11.24.2008 18451 16260 1934 1070 140 857 1843 689 461 35 249 291
01.06.2009 18674 16399 2007 1120 140 872 (I fit here)



1885 706 472 35 250 302

January 2006