I’m currently installing a new sandbox for our DSL customers.
The idea is quite simple: Once a customer is virus infected or doing something nasty put him into a sandbox using some firewall forwading (IPFW) and squid magic. I’ve created such a sandbox about 3 years ago – but I have new ideas and some updates I want to bring in. I will probably show how the whole system works in a later post.
But before going live with the new sandbox I just wanted to test the basics and make sure i have some proof of concept that everything is working as planned.
So I took one of my PCengines Alix board (alix2d3) and decided to install FreeBSD 7.2 on it.
Sounds easier as it is but here are the steps what I did:
Installing FreeBSD to have a PXEboot Environment using a serial console
Actually, installing FreeBSD over the network is quite simple and consists of following tasks:
- configure a DHCP server
- configure a TFTP server
- configure a NFS server
- prepare the data for the installation
- modify some stuff on the nfs host
- boot the alix box and install everything needed
- reboot alix box and enjoy
So, but some stuff is really tricky…
I got this morning another mail from cisco with updates to the CCIE certification:
Cisco has revised the certification requirements for CCIE Routing & Switching
(CCIE R&S)-the expert level certification for network engineers.
The new certification standards reflect the job skills employers look for
at the expert level and are outlined on the Cisco Learning Network at
CCIE R&S v4.0 written exam topics and CCIE R&S v4.0 lab exam topics.
The revised CCIE R&S v4.0 exams are scheduled for release on October 18, 2009
and will immediately replace the currently available v3.0 exams.
To support the certification changes, the Cisco 360 Learning Program for
CCIE R&S is being updated with new lessons on MPLS and Troubleshooting,
additions to the instructor-led workshops, new lab exercises for
self-paced practice, and new performance assessments.
The Program is the only authorized expert training currently aligned to
CCIE R&S v4.0. The program is delivered globally by Cisco Learning Partners.
Save the Date: Two Live CCIE R&S Certification Webinars, May 20, 2009
Cisco will conduct two live webinars on Wednesday, May 20, 2009 covering
enhancements made to the CCIE R&S certification and to the
Cisco 360 Learning Program for CCIE R&S to align with the updates.
Attendees can choose from calls at 8:00 AM and 7:00 PM PST.
Click here to register.
For more information on the updates, the Cisco 360 Learning Program for
CCIE R&S, and how to locate an authorized Learning Partner, access the
Cisco Learning Network.
By just having a quick look on the new lab blueprint I noticed following changes:
- MPLS needs to be configured (PE, CE)
- IPv6 increased (Multicast, EIGRP)
- Security: the zone based firewall and IPS (Intrusion Prevention System)
- Troubleshooting is a new section
On the written part I’ve noticed that analyzing a network and proposing changes to due e.g. a migration has also been added. Sounds like kind of CCDE stuff in there… Some IOS have been upgraded to the T-train and some Routers (-3725s, +1841s / +3825s) and Switches (no more 3550s) are replaced.
The Lab format did also changed: 2 hours independent troubleshooting and then a different 6 hours lab.
I think this new blueprint is now closer to what we have in real world. Troubleshooting is one of the key aspects which was missing in v3 – you had to troubleshoot what you’ve fucked up. As far as I remember in the old 2-day CCIE lab exams you had troubleshooting on the 2nd day. Now part of this came back. Thats great!
I’ve added the 2 PDF’s from Cisco which the blueprint details to the download section.
[Update]: Petr from Internetwork Experts made a great post about this.