Arista Cloud Engineer
Level 3 Outline
ACE:L3 Data Sheet
v2022.1
Description
The 5-day ACE Level 3 course is designed around Arista’s data-driven Cloud network architectures. Attendees will master the core technologies found in most modern corporate networks today such as MultiProtocol Border Gateway Protocol (MP-BGP), Exterior BGP (eBGP) underlays, Ethernet Virtual Private Networks (EVPN), and Virtual Extensible LAN protocol (VXLAN). Additional topics include security, QoS, multicast, and Cognitive Campus.
Topics
CloudVision Portal (CVP) Overview and Architecture
- Introduction to Automation and CloudVision
- Network Automation
- DIY, DevOps, Turnkey (CV, Studio)
- State Streaming, SysDB,NetDB, NetDL
- CloudVision Partner Integration
- Overview of Installation
- CloudVision Deployment
- Cloud-based CVaaS, Appliance, Virtual (OVA, KVM)
- Software, Authentication and Connectivity Requirements
- CVP Setup
- Enabling eAPI
- Initial Switch Behavior
- Zero Touch Provisioning (ZTP)
- Process, Modes, Provisioning
- DHCP Configuration
- ZTP Bootstrap with CVP
- Zero Touch Replacement
- Automating Configuration with Configlets
- Creating and Managing Configlet
- Configlet and Container Plan
- Creating Containers
- Creating Configlet Builder
- Using Ansible to Push Configlet via APIs
- Python Library
- Change Control
- Compliance
- Create Change Control
- Add/Remove Metrics
- Day 2 Network Operations
- Real-Time Telemetry, Analytics
- Client to Cloud Visibility
- Troubleshooting with CLI and CVP
- Image Management
- Data Plane Visibility
- Deployment with CloudVision Studios
Universal Cloud Networking (UCN)
- L2LS Architecture
- Review, Requirements
- Design Considerations, Configuration
- DC Architecture
- Traditional DC Architecture
- Arista Modern LS DC Architecture
- Underlay and Overlay Design Options
- Building the Underlay and Overlay
- EVPN, VXLAN, BGP, Other IGPs (ISIS, OSPF)
- L2LS vs. L3LS
- Routing, Redundancy, Configuration
- OSPF Review and Configuration
- ISIS Overview
- BGP
- Address Families, Communities
- Route Reflectors/Distinguishers/Targets
- Configuring Routes, Enabling BGP
- BGP-Labeled Unicast (BGP-LU)
- L3LS Design with BGP
- BGP Routing Protocol of Choice
- Fabric Resiliency with ECMP
- Recommended and Best Practices
VXLAN - Virtual eXtensible LAN
- Overview
- Layer 3 Limitation
- L-S Design with L3 Redundancy (ECMP)
- VXLAN Control Plane
- Broadcasts, Multicast, Head End Replication (HER)
- VXLAN Routing, Operations
- Recommended Practices
EVPN - Ethernet VPN
- Design Options
- Building the Underlay, L3LS
- Routing Protocol, Data Plane, Control Plane
- Network Overlay
- VXLAN BGP EVPN Fabrics
- Key Benefits of Fabrics
- MP-BGP
- Multitenant Control Plane
- VRF and VPN
- EVPN and MP-BGP
- EVPN Failure Scenarios
- Verifying EVPN Deployments
Multicast
- Applications. Protocols, Operation
- PIM, IGMPv2 Snooping, MSDP
- Multicast in the Underlay
- EVPN L2 and L3 Multicast
- Multicast in the Overlay with EVPN
- EVPN Multicast - External Connectivity
QoS
- Modes and Setting
- Trusted, Untrusted, CoS, DSCP
- Traffic Classes and ECN
- CoS-TC Map, DSCP-TC Map
- QoS Policing, Prioritization
- ECN (WRED), PFC
- Configuration
Security
- Macro Segmentation Service (MSS)
- Use Cases and Prerequisites
- MSS - Group. Firewall, Host
- Design Consideration, Operation
- Network Visibility
- Arista EntityIQ
- DMF, Observability and Monitoring
- Third Party NAC
- IoTvision
- CloudVision Cognitive Unified Edge (CV-CUE)
- Arista AI-Driven Network Detection and Response (NDR)
- Threat Detection and Hunting
- Unmanaged Device Security
- Non-Malware and Encrypted Threats
- Attack Surface Assessment (ASA)
- AVA - Autonomous Virtual Assistant
Campus Architectures
- Campus Networking Evolution
- Traditional Campus Architectures
- UCN Principles for Campus
- Wireless, PoE
- WiFi Solutions for Campus
- Fundamentals
- Centrally-managed
- CloudVision Cognitive Unified Edge (CV-CUE)
- Troubleshooting
- Campus Security
- Endpoint Security
- Access Control - Device Inventory (IoT), Analytics, Third-Party NAC
- Infrastructure Security - MSS, WiFi WIPS
- AVA Sensors
- Authentication, 802.1X, EAP
- Secure Connectivity - MacSec, IPSec
Labs
The ACE Level 3 course Includes diverse practical labs built on current EOS and CloudVision platforms. Labs are accessible for three weeks, one week during the instructor-led course, and two additional weeks to work on labs independently. Each student is given their own dedicated environment. Students can connect to these cloud-based labs from anywhere at any time.
Lab Activities
- Navigating CloudVision Portal
- Configlet Management
- Configlet Builder
- Change Control
- Dashboard and Alerts
- Using Studios
- Building the L3LS eBGP Network
- Virtual eXtensible LAN (VXLAN)
- EVPN L2
- EVPN L3
- Active - Active Multi Homing
- Protocol Independent Multicast Sparse-mode
- Quality of Service
Target Audience
The ACE Level 3 course is best suited for individuals with mid-to-senior level of experience in the networking field with advanced Layer 2 and 3 technologies and configurations. Mid-to-senior level network engineers and operations staff will find the skills covered in this course often sought after by modern-day, technology-oriented corporations.
Certification
ACE Level 3 certification requires a 4-hour live practical exam. Candidates must complete the ACE Level 3 course prior to attempting the exam. The candidates will log into a lab environment, similar to the one used for the course labs, and use both CLI and CloudVision to complete the exam.
Latest Schedule
https://www.sdn-pros.com/global-scheduleFollow-on Courses / Certifications
ACE : L4
