CCIE Enterprise Infrastructure (EI) v1.1: Blueprint Breakdown and Study Plan
I am often asked by my students to provide a breakdown of the entire CCIE Enterprise Infrastructure (EI) v1.1 Blueprint from my point of view and the importance of various sections and topics contained within. In this blog, I have shared my thoughts on the Blueprint with a focus on highlighting the most important topics as well as the time one should devote to each section.
Section 1 - Network Infrastructure
This section serves as a core foundation for the exam, encompassing traditional Networking Technologies previously covered in the CCIE R/S exam. It establishes the fundamental network structure crucial for the remaining 70% of the test.
Engineers should devote a minimum of 100 hours to lab work in this section.
Key topics that one should pay attention to are:
- Port-Channels (EtherChannel)
- STP (Rapid-PVST & MST)
- EIGRP (Classic & Named Mode)
- OSPFv2 (Network / Area Types)
- OSPFv3 (Network / Area Types)
- BGP (iBGP/eBGP, Attributes, Routing Policies)
- Multicast Routing (PIM Sparse Mode)
Section 2 - Software-Defined Infrastructure
This is the most important section of the CCIE EI exam, both from a learning point of view as well as its importance for current and future workplace usage. This section covers contemporary technologies utilized in present-day deployments. With an ever-increasing emphasis on this section, Cisco is clearly signaling that technologies covered in this section will form the base of its near-mid term network architectures. I strongly recommend engineers should make a concentrated effort to thoroughly grasp these technologies as they also enhance your career prospects.
Allocate a minimum of 120 hours to comprehend the technologies covered in this section including their practical applications.
Focus intently on these pivotal topics:
- Underlay Configuration (Manual/LAN Automation)
- Fabric Configuration (Standard Campus / Fabric in a Box)
- Fabric Deployment (Host Onboarding/Adding devices to a Fabric)
- Fabric Border Handoff (IP Transits/SDA Transit/L2 Handoff)
- Segmentation (Macro & Micro Segmentation)
- Controller Functionality (vManage, vBond, vSmart)
- WAN Edge Deployment
- Transport Configuration (Underlay/Tunnel Interfaces/TLOC Extension)
- OMP (Attributes/Redistribution)
- Configuration Templates (CLI/Feature Templates)
- Centralized Policies (DIA/AAR/Control Policies)
- Localized Policies (Access-Lists/Route Policies)
Cisco Software Defined Access (SDA)
Cisco Software Defined WAN (SD-WAN)
Section 3 - Transport Technologies & Solutions
This is a relatively straight-forward section encompassing two key technologies: MPLS VPNs & DMVPN. One should concentrate on configuring MPLS VPNs using BGP as the PE-CE routing protocol. For DMVPN, engineers should focus on configuring DMVPN Phase III, while also understanding the distinctions among the three phases.
40 hours for in-depth understanding and practical exercises should suffice.
Essential topics for this section are:
- Unicast Routing using LDP
- MP-BGP - VPNv4 / VPNv6 [6PE]
- PE-CE Routing using BGP
- Configuring DMVPN [Single Hub/Multi-Hub]
- NHRP Redirection
- Encrypting DMVPN using IPSec using IKEv1 & IKEv2
Section 4 - Infrastructure Security & Services
This section provides coverage of several services applicable to IOS-based Routers. While the topics are numerous and it may come across as being overwhelming at first glance, the coverage and understanding needed to ace this section is not overly extensive.
Engineers should allocate 80 hours for a comprehensive grasp of the topics and practical exercises in this section.
The key topics requiring extra attention are:
- DHCP Server on an IOS-Device
- FHRP (HSRP, VRRP)
- NAT on an IOS-Device (Dynamic NAT/PAT, Static NAT/PAT, VRF-aware NAT)
- Tracking Objects & IP SLA
- QoS (Bandwidth Reservation, Priority Queuing, Policing, Shaping)
- System Management (Telnet, SSH, SNMP)
- Storm Control
- DHCP Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Port Security
- ACLs (IPv4/IPv6)
- RA Guard
- DHCP Guard
- Source Guard
Network Security - Switches
Network Security - Routers
IPv6 Security Features
Section 5 - Infrastructure Automation & Programmability
This section delves into Automation & Programmability concepts and configurations. Engineers should familiarize themselves with various Data Encoding Formats and their attributes as well as configuring EEM applets and devices using the Guest Shell. Focusing on Python, the primary scripting language, is key.
At least 40 hours will be needed to gain a solid grasp of the key concepts and practical experience in this area.
Focus on the following topics in this section:
Data Encoding Methods - Characteristics (JSON, XML, YAML, Jinja)
Automation & Scripting - EEM Applets, Guest Shell & Python
Preparing for the CCIE EI exam is a two-step process:
- Achieving proficiency in individual topics
- Practicing on Full-Scale labs to gain experience and know-how in how to integrate and co-deploy these technologies effectively.
Taking this two-step approach is going to drastically enhance your chances of passing the CCIE EI exam.
I would spend around 360 hours on individual technologies & at least 40-60 hours on the Full Scale Labs (what I call Super Labs on my platform).