Are IPv6 Certifications Important? – with Fred Bovy (CCIE #3013)

by Mirek Burnejko

Fred BovyFred Bovy is a Legend.

A former Cisco employee, real passionate of networking, now focused in 100% on IPv6.

This long interview answers the question: are IPv6 certifications important? You also can find here great stories from Fred’s professional life (10 years in Cisco).

Grab a coffee and have fun.

In this interview you will find:

  • Why you should try Fred’s IPv6 materials?
  • Is Cisco’s certification model good?
  • Why certifications from IPv6 Forum have a great value?
  • Do IPv6 certifications help you with finding a great job?

ICM: IT Certification Master: Hi Fred. It is a pleasure to have here an IPv6 expert. Tell us something about you.

Fred Bovy: Thank you very much for your interest, I have never been working more than these days as I am on IPv6 365 days, 24 hours!

I am convinced that 2012 is really going to be a great year for IPv6!

I am now dedicating all my time to think about how I can help people to migrate to IPv6.

To summarize my IPv6 activity, I took my first IPv6 Training back in 96-98.
But I really started to dedicate my life for IPv6 since I joined the CISCO IPv6 IOS Engineering Team (NSSTG) in 2001.
I am now an IPv6 Forum Gold Certified Trainer and a Gold Certified Engineer.
And most of my Training are Gold Certified by the IPv6 FORUM.

I am also the Fast Lane IPv6 Course Subject Matter Expert so I am in charge of developing their IPv6 Training, communicate with the IPv6 Forum to get all my courses Gold Certified, post a few blogs on FAST LANE Web Server of write some White Papers about IPv6. The last WP was about Transition to IPv6 for Service Providers, which is currently my #1 priority.

Recently I have developed a new CISCO Training derived from the IP6FD CISCO Official Training.

The goal was to make a course targeted for SPs and their partners but my only customer for this course so far is CISCO and I already gave about 6 sessions. At the beginning it was difficult to find the balance between not enough or too many information but now I think I found the solution with the help of the feedback received.

I have planned many interesting labs for the SPs.

After giving this course 6 times it became obvious that it was impossible to do all these labs with people who are discovering IPv6 Fundamentals the same week. So I designed a new IPv6 Training Curriculum.

I still have to work on my Web Server which has been done in a couple of weekends nights but I think it presents the essence of how I can help most companies wishing to move to IPv6. For the last months my work focused on the 3 keys to a successful transition:

  • HOW? What are the choices, the options for a smooth transition?
  • What are the risks we take moving to IPv6? During and after each Transitioning phase, will my network be as safe as my IPv4 Network? Do I test any more risk using this tool rather than this one?
  • TRAINING. Network managers are not trained for IPv6 for most of them and we don’t have 15 years of recipes to answer all the questions without having to really think about it. In IPv4, ready to use solutions are here for everything and a network manager just need to follow the best practices to be completely protected with replies like “we always did like that!” or “But everybody else’s doing this way so it must be good and I cannot be wrong doing the same!”

I also prepared a few presentations, which I have posted on youtube and slideshare public servers to give an overview of my training. I think my approach is really unique and based on years of experience. You can find some demo of my presentation in youtube and slideshare.

The links to these presentations are on my Wiki page.

This is video that is a good example of how I have summarized the fundamentals of IPv6:

ICM: What was your first IT job and what was your first certification?

FB: Since I started to work in the Networking Industry I have received many certifications.
I started to install and maintain NOVELL, 3COM and another one I forgot as it vanished! My first LAN installation in 1985, I used electric cables, the one you use for your home lights and home devices, to connect the PCs 🙂

I would say that at the opposite, the most meaningful and most difficult Certification I passed at first attempt was the CCIE in 1997. It was a 2 days exam. One day of configuration with IP, IPX, Appletalk, Decnet Phase IV, Phase V, Banyan Vines, IBM Token-Ring and DSLSw+, X25, Frame-Relay, ISDN and more!… It was really challenging to finish all the configurations in one day. And you know the questions were not “configure IP with BGP, blah” but it was more like a non-technical customer could be asking you to configure something and you had to figure out what was really asked behind the question. If you did not understand what was asked and configuring something else, it was a zero. Hopefully the proctor was nice and I was asking questions about the questions until I was sure to have understood the customer need.
Then, there was 1/2 day of troubleshooting. It was a funny exam, you just had time to fix one mistake every minute and if you could not find them in time you had no chance to pass the exam!

But before the CCIE, I passed many easy certifications like PROTEON and a few more like this but the very first product I supported with passion was the NYNEX SYSTEM STRATEGIES product.

At this time I was working for ITS, the Service Company of SITA, the Airlines Global Network Company. The Airlines were using complex Terminal Clusters using modems to share lines (like the Cable Technology). My Mission was to help the AIRLINES To migrate from dumb terminal to LAN Based solutions.

In 1990, I traveled two weeks to the states to visit EMULEX, Los Angeles, CA. EMULEX was making the PC Card to support SYSTEM STRATEGIES.
EMULEX was also the SITA card used for all the SITA PC based application and ITS as selling it ! EMULEX still makes the cards used by CISCO virtualization machines today
After LA, I flight to the East Coast and I went to New-York, NY for a one week training on SYSTEM STRATEGIES Product.

The SYSTEM STRATEGIES product was the ONLY one to propose a UNIX TCP/IP to SNA Gateways Products, the full range of terminals emulations and line protocols! The power of UNIX TCP/IP and IBM Mainframes SNA combined from the most basic IBM RJE Emulation terminal emulating card readers and punchers to the IBM LU6.2/PU2.1 APPN Peer-to-Peer. This was used for high-level interconnection Gateways, for instance X.400 to DISOSS Mailing Systems!  I was more than happy to work on these products, I was friend with the SITA IBM SNA Network Manager who was giving me his admin password for when he was in holidays to manage my VTAM Configuration for my demo PUs.

I was a System Engineer, a pre-sales support for my company and I helped to reply for the Paris Hospitals (52 Hospitals) who was requesting something that ONLY SYSTEM STRATEGIES Product could provide. But I was the SE but also the Project Manager, the Customer Support Engineer (post sales support), the Trainer… Actually, the technical people of ITS did not have any clue about anything but Modem and Terminal Technologies used by the Airlines used until now.  My work was ONE MORE TIME TO HELP THE TRANITION to LAN based solution! So I was the only one to know the PCs and PS/2 (not the game console!), RISC Platforms (IBM AIX, HP 9000) LANs, TCP/IP, UNIX, SNA, NOVELL IPX/SPX, X25, Digital VMS and Decnet….

ICM: You worked for Cisco for a decade, as a trainer and as a consultant. What was your the biggest project? Please, tell us that was an IPv6 project 🙂

FB: Not exactly!

I worked 3 years as a Network Consultant and my work was to help two customers to launch their MPLS backbones and solve any problem related to the new MPLS backbones, like Internet Access for the MPLS-VPN Customer, implementation of QoS, implementation of MPLS-TE Link Fast Re-Route…

My Mentor was Jim Guichard who wrote many MPLS Reference Books in the CiscoPress and is an MPLS Guru. For 6 months, he was going to the entire meeting with the customers with me, VIVENDI and EQUANT (ITS, SITA, the Airlines Global Network again).

I replaced Peter Psenak as the EQUANT Consultant. Peter is now an OSPF Development Engineer and one of the best OSPF specialist in the World. Just like Jim for OSPF.

For the MPLS TE Fast-Reroute Project, I have been working many months with JP Vasseur who is a CISCO Fellow and the best consultant I have never met! He is one of the best specialist for MPLS Fast Restoration in the world.

Jim Guichard, JP Vasseur and Francois le Faucheur wrote an Ultimate MPLS reference book about MPLS Design, which I mostly recommend, for people with some MPLS background. I have also been working with Francois le Faucheur who designed DiffServ-TE, did a lot of work about QoS and MPLS. He is with JP Vasseur the greatest Architect I know, just google JP, Francois and Jim and you will see for yourself!

Then I moved to the CISCO IPv6 Engineering Dev-Testing Department for 7 years.

Dev-Testing is about working in collaboration with the development Engineer to develop the Test Plans and the TCL Script to automate the new features Testing.

The 6PE team hardly needed someone good in MPLS and programming to do the 6PE dev-test. This team had NO experience in MPLS and 6PE testing required a lot of expertise about MPLS!

The CISCO 6PE Team is a funny CISCO story!… 6PE was a MUST DO for CISCO and was requested by SP fro large scale IPv6 deployments.

Most of the CISCO SP customers were launching an MPLS backbone at the end of the 90s.

At the same time IPv6 was officially declared the successor of IPv4 and the first reason was IPv4 addresses depletions. NAT and private addressing brought an interim solution but it was also costing a fortune as it was breaking the Internet Peer-to-Peer Model and many networks applications.

Peer-to-Peer was a key driver to TCP/IP adoption with the downsizing and the client-server model. IBM proposed LU6.2/PU2.1 to propose a peer-to-peer solution.

OSI Protocols and CLNS which was using an address up to 20 bytes long with ISIS routing protocol was supposed to be the successor of IPv4 for many years. Digital adopted it with Decnet Phase V. Novell IPX adapted ISIS to propagate routes and Services instead of RIP and SAP distance vector protocols. ISIS was also adapted for IP and many SPs switched from OSPF to ISIS.

In the 80s a new concepts also started which was to converge data and voice networks to reduce the costs. For many years ATM was presented as the Network to support all kind of traffic including Business or Bulk Data, Video, Voice traffic. ATM was a really nice solution but could not scale with multi Gigabit links having to manage 53 bytes Cells! Funny to see that many smart Engineers designed a very complex protocol suites to math all kind of traffic but just could not accommodate the link speed of the near future! Some ATM Application like LAN Emulations could not scale large networks neither!

Many vendors were then working on a solution more scalable than ATM to solve this entire problem. Many vendors developed IP Switching technologies and CISCO proposed TAG Switching. TAG Switching was bringing many solutions for the SP and some large Enterprises.

So most of the customers were deploying MPLS Backbones and CISCO could not tell the customers that they would need to deploy an IPv6 backbone, as it was the future! 

6PE was a great idea to provide immediate IPv6 service over IPv4/MPLS backbones. 6PE is an exception as it has no performances impact as the other encapsulation transition technologies. CEFv6 performs the label imposition in interrupt mode as fast as any other encapsulation. Then the packet is switched like any other MPLS packet until the egress 6PE.

The ONLY drawback of 6PE is about Multicast. MPLS has no really good solution about MPLS!

Now the problem for CISCO was an organization problem. The Engineering teams are grouped by technologies. There is an MPLS Group near BOSTON, MA USA and an IPv6 Group in the UK mostly based in Reading and Edinburgh. IPv6 folks did not want to hear about MPLS, which was EVIL to them as MPLS is breaking a lot of IP Concepts and features like Multicast. MPLS folks did not want to hear bout IPv6 which was too far away and not in the MPLS Team priorities! So, an IOS Engineering Director hired a brain from IBM, Eric Levy-Abegnoly who came to CISCO with his sidekick, Luc Revardel. A few other CISCO Engineers followed in the CISCO Mobile IPv6 R&D Group. This was an IBM Hardcore group in CISCO based in Southern France, Sophia-Antipolis office and managed from the UK. They were new to IPv6 and new to MPLS but 6PE was an easy development, based on MPLS-VPN without VPNs. Benoit Lourdelet, the IPv6 Product manager for 10 years is also based in Sophia-Antipolis. He succeeded to Patrick Grossetete I have also been working with.

This is where my 3 years extensive MPLS experience as a CISCO Consultant helped a lot the 6PE development. MPLS was not tested for 15 years before large-scale deployment and I can tell you that when my customers launched their MPLS backbones, we hit severe bugs and I spent many nights and days troubleshooting problems to bring the customer backbones back up!

After 6PE, customers required 6VPE, which was 6PE in the VRF. 6PE was in the Global Routing Table. Again this has led to debate in the IPv6 Group!
But I would not qualify this a religious debate, as I can understand the point of Ole Troan, the IPv6 Technical Leader who was not approving this development in the first place. Reason is that IPv6 has a concept very similar to VRF, which is the scoped zone Architecture. With the scoped zone architecture, each zone must have its own routing table, which is very similar to the VRF concept and does not need MPLS, does not break Multicast and so forth.

Finally 6VPE was developed by the IPv6 Group but as a client of the scoped zone. A VRF is actually internally considered as a zone.

The requirements was that all the supported MPLS-VPN IPv4 Architectures had to be supported by 6VPE so I had to write the scripts for all the supported Architectures like CsC, Internet Access, Hub and Scope. A colleague took care of InterAS A, B and C.

After this I also did the dev-test of other features like Netflow for IPv6 and the last project I was involved was the Secured NEighbor Discovery Protocol (SeND). At the beginning, Microsoft was pushing CISCO to make it quickly as Microsoft was supposed to implement SeND in VISTA and LONGHORN. We made it and then Microsoft finally did not!

SeND was a big project as it involved key pairs, X.509 Certificates PKI Architecture. I was dedicated on IPv6 Security for 3 years trying to kill the routers, crafting packets using many tools like THC-IPv6 and many others. I wrote the test plan and most of the scripts as Eric helped me on the most complex involving PKI CA Chain of thrust.

In any project my role was to pull an IOS image from the interested train (I.e 12.2S) and run all the scripts before the feature integration, report and raised bugs if there was anything, which should have been fixed before the feature integration.
Then we were receiving an image with the feature from the Development Engineers and we were running all the tests again to make sure that our new feature broke no feature.
Then we were running the scripts we wrote to test the feature itself.
We were also instrumenting an image with CFLOW to measure our test coverage with an objective of 80% minimum!
CFLOW is a very interesting tool as it shows any portion of the code, which is not covered by our scripts.
If we could identify any important part not covered we were adding some new test case and running the script again.
Then we were passing our scripts to the team who are dedicated to run the dev-test scripts for any new version before these could be published on CCO. Most of the time, these teams were also calling me when a script was failing for me to troubleshoot the problem and raised a bug for the right team to fix it.

ICM: We are here to talk about certifications and especially about IPv6 certifications. You have two certifications from IPv6 Forum. Can you tell us something about them and the value for engineers?

FB: Actually I just placed a request to the IPv6 Forum who asked me some references about some work I have beed doing for IPv6. I replied with some example of the IPv6 dev-tests I did for Cisco providing many details about the jobs. I also gave some examples of my IPv6 teaching. You can find some presentation and video examples. You can get these examples from my Wiki page. I also provided many recommendations from happy customers: Cisco people and partners, SPs Architects and so on. There is a board of people who accept or not to give you this certification. The IPv6 Forum president told me that it was well deserved for me!

So again, there is no exam to pass, which is not a bad method as people are more and more cheating and you can find questions and answers for most written or labs exams on the web! When you interviewing some of these people on year later they have forgotten everything and do not have the level of the certifications. Certifications became a big business to make big money for Microsoft, Cisco and most of the vendors. When I was a Cisco consultant I have interviewed many CCIEs who were applying for Network Consultant job and who did not have the level! Some of them were surprised to be interviewed as if the CCIE was sufficient to be hired for the job!

The IPv6 Forum just give you a certification based on your actual achievements which I think is a more honest method even more since the IPv6 Forum is not making money from this. The certification request is free and the will not certify someone who has learned all the answer whatever he or she had cheat or just learn by heart a certification book!

ICM: It is hard to find a job offer for people with certifications from IPv6 Forum. Do you think they have any value for employers?

FB: You are correct and this is a good remark! I think that as IPv6 specialist will be more and more wanted, this certification will be more and more demanded. IPv6 FORUM is working on an IPv6 Security logo and I have applied for this one for my course and me.

So yes I believe it is good!

I am regularly in touch with Latif Ladid, the Emeritus IPv6 Forum President and I give my feedback every time they ask me. I think they are doing a very good job and I am confident that IPv6 Forum will help the IPv6 deployment.

ICM: Do you think we need dedicated certifications for IPv6 experts?

FB: I believe that IP is IP. At the beginning they were a MIB for IPv6 that was separated, then it was deprecated to put all the IP objects in the same MIB.

But while we are in transition phase it is good to have separate certifications because most of our IPv4 EXPERTS are IPv6 IGNORANTS and they could do a lot of harm to IPv6 trying to cut and paste IPv4 models to IPv6 which is the biggest mistake we could make and would just ignore all the improvements that IPv6 brought us.

ICM: Are certifications a good starting point in the IPv6 world?

FB: Yes, Certification is a good starting point and I have been working very hard on an IPv6 Training Curriculum that you could find on my Web site. And certifications are good… Problem is that certifications are more and more meaningless since we can find all the answers to most tests on the net!

ICM: IPv6 was developed 15 years ago. Is it a good time to learn new engineers ONLY about IPv6?

FB: No, I think that engineers hold still have some basic IPv4 knowledge. You cannot ignore that there is still an important realm of IPv4 systems

ICM: Don’t you think employers have a big problem with all these certifications (Almost 1700)? How employers should know that IPv6 Forum Gold Certified Engineer isn’t as much important as CCIE?

FB: IPv6 Forum Certifications are new. Actually they are studying your career to see if you deserve a certification. This is not bad. Again, for a few years, most of the CISCO certifications answers can be found on the Internet now so it does not mean much. Even the lab questions can be found for people to prepare the labs. So now the recertification every two years is just one more way to make $$$.

It was not the case 15 years ago when I passed more than a dozens of Drake Test to get certified to teach most of the CISCO Training: ICRC, ACRC, IMCR, CIT, CID, MCNS, CATM, the management course for Routed networks, the management course for witched systems and so on….

I have been interviewing CCIEs when I was a CISCO consultant who could not answer correctly on a question where the longest match rule was involved! This is a bit extreme but I have not selected many CCIE as they did not have a basic IP Routing knowledge.

ICM: Why Cisco and other companies do not adopt the lab-from-the-associate-level idea?

FB: I agree that labs are good. Any lab-based certification is good as long as you cannot find the question in the Net. IPv6 SAGE is good too but you must have an IPv6 Service provider that allows you to receive IPv6 Emails for instance. This is where I get stucked…

ICM: Where we can find you?

FB: Email: [email protected] or [email protected] and Web.
It is still in development most the content and the format, I am still working on it… I just found a few bugs or incomplete information this morning reading it on my iPad. Do not hesitate to ask any question or challenge me if you think something is wrong  I want to develop it to make it exactly as I wish so I am also learning the joomla basics!
Wiki | Twitter | LinkedIn | Skype: FredericBovy | Mobile: +33 676 198 206 

[This is part of the Interviews with IT Pros Series]

What Do You Think? Should we see more IPv6 certifications on the market. Let’s talk about that in the comments below!