The Blueprint covers topics for both the written and practical exams.
CCDE Practical Exam v3: Blueprints and Exam Weighting
| 1.0 Business Strategy Design (15%) |
| 1.1 Impact on network design, implementation, and optimization using various customer project management methodologies (for instance, waterfall and agile) |
| 1.2 Solutions based on business continuity and operational sustainability (for instance, RPO, ROI, CAPEX/OPEX cost analysis, and risk/reward) |
| 2.0 Control, data, management plane and operational design (25%) |
| 2.1 End-to-end IP traffic flow in a feature-rich network |
| 2.2 Data, control, and management plane technologies |
| 2.3 Centralized, decentralized, or hybrid control plane |
| 2.4 Automation/orchestration design, integration, and on-going support for networks (for instance, interfacing with APIs, model-driven management, controller-based technologies, evolution to CI/CD framework) |
| 2.5 Software-defined architecture and controller-based solution design (SD-WAN, overlay, underlay, and fabric) |
| 3.0 Network Design (30%) |
| 3.1 Resilient, scalable, and secure modular networks, covering both traditional and software-defined architectures, considering: |
| 3.1.a Technical constraints and requirements |
| 3.1.b Operational constraints and requirements |
| 3.1.c Application behavior and needs |
| 3.1.d Business requirements |
| 3.1.e Implementation plans |
| 3.1.f Migration and transformation |
| 4.0 Service Design (15%) |
| 4.1 Resilient, scalable, and secure modular network design based on constraints (for instance, technical, operational, application, and business constraints) to support applications on the IP network (for instance, voice, video, backups, data center replication, IoT, and storage) |
| 4.2 Cloud/hybrid solutions based on business-critical operations |
| 4.2.a Regulatory compliance |
| 4.2.b Data governance (for instance, sovereignty, ownership, and locale) |
| 4.2.c Service placement |
| 4.2.d SaaS, PaaS, and IaaS |
| 4.2.e Cloud connectivity (for instance, direct connect, cloud on ramp, MPLS direct connect, and WAN integration) |
| 4.2.f Security |
| 15% 5.0 Security Design |
| 5.1 Network security design and integration |
| 5.1.a Segmentation |
| 5.1.b Network access control |
| 5.1.c Visibility |
| 5.1.d Policy enforcement |
| 5.1.e CIA triad |
| 5.1.f Regulatory compliance (if provided the regulation) |
CCDE Practical Exam v3: Core Technology List
The following is a list of technologies associated with both the CCDE v3 written exam and the CCDE v3 practical exam. Candidates are expected to have a deep understanding of these technologies. Each of these technologies may appear in any delivery of the exam.
| 1.0 Transport Technologies |
| 1.1 Ethernet |
| 1.2 CWDM/DWDM |
| 1.3 Frame relay (migration only) |
| 1.4 Cellular and broadband (as transport methods) |
| 1.5 Wireless |
| 1.6 Physical mediums, such as fiber and copper |
| 2.0 Layer 2 Control Plane |
| 2.1 Physical media considerations |
| 2.1.a Down detection |
| 2.1.b Interface convergence characteristics |
| 2.2 Loop detection protocols and loop-free topology mechanisms |
| 2.2.a Spanning tree types |
| 2.2.b Spanning tree tuning techniques |
| 2.2.c Multipath |
| 2.2.d Switch clustering |
| 2.3 Loop detection and mitigation |
| 2.4 Multicast switching |
| 2.4.a IGMPv2, IGMPv3, MLDv1, MLDv2 |
| 2.4.b IGMP/MLD Snooping |
| 2.4.c IGMP/MLD Querier |
| 2.5 Fault isolation and resiliency |
| 2.5.a Fate sharing |
| 2.5.b Redundancy |
| 2.5.c Virtualization |
| 2.5.d Segmentation |
| 3.0 Layer 3 Control Plane |
| 3.1 Network hierarchy and topologies |
| 3.1.a Layers and their purposes in various environments |
| 3.1.b Network topology hiding |
| 3.2 Unicast routing protocol operation (OSPF, EIGRP, ISIS, BGP, and RIP) |
| 3.2.a Neighbor relationships |
| 3.2.b Loop-free paths |
| 3.2.c Flooding domains |
| 3.2.d Scalability |
| 3.2.e Routing policy |
| 3.2.f Redistribution methods |
| 3.3 Fast convergence techniques and mechanism |
| 3.3.a Protocols |
| 3.3.b Timers |
| 3.3.c Topologies |
| 3.3.d Loop-free alternates |
| 3.4 Factors affecting convergence |
| 3.4.a Recursion |
| 3.4.b Micro-loops |
| 3.5 Route aggregation |
| 3.5.a When to leak routes / avoid suboptimal routing |
| 3.5.b When to include more specific routes (up to and including host routes) |
| 3.5.c Aggregation location and techniques |
| 3.6 Fault isolation and resiliency |
| 3.6.a Fate sharing |
| 3.6.b Redundancy |
| 3.7 Metric-based traffic flow and modification |
| 3.7.a Metrics to modify traffic flow |
| 3.7.b Third-party next hop |
| 3.8 Generic routing and addressing concepts |
| 3.8.a Policy-based routing |
| 3.8.b NAT |
| 3.8.c Subnetting |
| 3.8.d RIB-FIB relationships |
| 3.9 Multicast routing concepts |
| 3.9.a General multicast concepts |
| 3.9.b MSDP/anycast |
| 3.9.c PIM |
| 4.0 Network Virtualization |
| 4.1 Multiprotocol Label Switching |
| 4.1.a MPLS forwarding and control plane mechanisms |
| 4.1.b MP-BGP and related address families |
| 4.1.c LDP |
| 4.2 Layer 2 and 3 VPN and tunneling technologies |
| 4.2.a Tunneling technology selection (such as DMVPN, GETVPN, IPsec, MPLS, GRE) |
| 4.2.b Tunneling endpoint selection |
| 4.2.c Tunneling parameter optimization of end-user applications |
| 4.2.d Effects of tunneling on routing |
| 4.2.e Routing protocol selection and tuning for tunnels |
| 4.2.f Route path selection |
| 4.2.g MACsec (802.1ae) |
| 4.2.h Infrastructure segmentation methods |
| 4.2.h.i VLAN |
| 4.2.h.ii PVLAN |
| 4.2.h.iii VRF-Lite |
| 4.3 SD-WAN |
| 4.3.a Orchestration plane |
| 4.3.b Management plane |
| 4.3.c Control plane |
| 4.3.d Data plane |
| 4.3.e Segmentation |
| 4.3.f Policy |
| 4.3.f.i Security |
| 4.3.f.ii Topologies |
| 4.3.f.iii Application-based routing |
| 4.4 Migration techniques |
| 4.5 Design considerations |
| 4.6 QOS techniques and strategies |
| 4.6.a Application requirements |
| 4.6.b Infrastructure requirements |
| 4.7 Network management techniques |
| 4.7.a Traditional (such as SNMP, SYSLOG) |
| 4.7.b Model-driven (such as NETCONF, RESTCONF, gNMI, streaming telemetry) |
| 4.8 Reference models and paradigms that are used in network management (such as FCAPS, ITIL, TOGAF, and DevOps) |
| 5.0 Security |
| 5.1 Infrastructure security |
| 5.1.a Device hardening techniques and control plane protection methods |
| 5.1.b Management plane protection techniques |
| 5.1.b.i CPU |
| 5.1.b.ii Memory thresholding |
| 5.1.b.iii Securing device access |
| 5.1.c Data plane protection techniques |
| 5.1.c.i QoS |
| 5.1.d Layer 2 security techniques |
| 5.1.d.i Dynamic ARP inspection |
| 5.1.d.ii IPDT |
| 5.1.d.iii STP security |
| 5.1.d.iv Port security |
| 5.1.d.v DHCP snooping |
| 5.1.d.vi IPv6-specific security mechanisms |
| 5.1.d.vii VACL |
| 5.1.e Wireless security technologies |
| 5.1.e.i WPA |
| 5.1.e.ii WPA2 |
| 5.1.e.iii WPA3 |
| 5.1.e.iv TKIP |
| 5.1.e.v AES |
| 5.2 Protecting network services |
| 5.2.a Deep packet inspection |
| 5.2.b Data plane protection |
| 5.3 Perimeter security and intrusion prevention |
| 5.3.a Firewall deployment modes |
| 5.3.a.i Routed |
| 5.3.a.ii Transparent |
| 5.3.a.iii Virtualization |
| 5.3.a.iv Clustering and high availability |
| 5.3.b Firewall features |
| 5.3.b.i NAT |
| 5.3.b.ii Application inspection |
| 5.3.b.iii Traffic zones |
| 5.3.b.iv Policy-based routing |
| 5.3.b.v TLS inspection |
| 5.3.b.vi User identity |
| 5.3.b.vii Geolocation |
| 5.3.c IPS/IDS deployment modes |
| 5.3.c.i In-line |
| 5.3.c.ii Passive |
| 5.3.c.iii TAP |
| 5.3.d Detect and mitigate common types of attacks |
| 5.3.d.i DoS/DDoS |
| 5.3.d.ii Evasion techniques |
| 5.3.d.iii Spoofing |
| 5.3.d.iv Man-in-the-middle |
| 5.3.d.v Botnet |
| 5.4 Network control and identity management |
| 5.4.a Wired and wireless network access control |
| 5.4.b AAA for network access with 802.1X and MAB |
| 5.4.c Guest and BYOD considerations |
| 5.4.d Internal and external identity sources |
| 5.4.e Certificate-based authentication |
| 5.4.f EAP chaining authentication method |
| 5.4.g Integration with multifactor authentication |
| 6.0 Wireless |
| 6.1 IEEE 802.11 standards and protocols |
| 6.1.a Indoor and outdoor RF deployments |
| 6.1.a.i Coverage |
| 6.1.a.ii Throughput |
| 6.1.a.iii Voice |
| 6.1.a.iv Location |
| 6.1.a.v High density / very high density |
| 6.2 Enterprise wireless network |
| 6.2.a High availability, redundancy, and resiliency |
| 6.2.b Controller-based mobility and controller placement |
| 6.2.c L2/L3 roaming |
| 6.2.d Tunnel traffic optimization |
| 6.2.e AP groups |
| 6.2.f AP modes |
| 7.0 Automation |
| 7.1 Zero-touch provisioning |
| 7.2 Infrastructure as Code (tools, awareness, and when to use) |
| 7.2.a Automation tools (for instance, Ansible) |
| 7.2.b Orchestration platforms |
| 7.2.c Programming language (for instance, Python) |
| 7.3 CI/CD Pipeline |
CCDE Practical Exam v3: On-Prem and Cloud Services Technology List
The technologies shown in this document are associated with the On-prem and Cloud Services area of expertise of the CCDE v3 practical exam. Candidates are expected to have a deep understanding of these technologies. Each of these technologies may appear in any delivery of the exam.
Note: The technologies listed here are in addition to the technologies listed in the CCDE Core Technology list.
| 1.0 Transport Technologies |
| 1.1 Data Center Interconnect options |
| 2.0 Layer 3 Control Plane |
| 2.1 Inter-fabric connectivity, such as multipod, multisite |
| 2.2 External connectivity for on-prem and cloud |
| 2.3 Multi-cloud network architecture |
| 3.0 Network Virtualization |
| 3.1 Overlay |
| 3.1.a Management plane |
| 3.1.b Control plane |
| 3.1.c Data plane (such as VXLAN, MPLS) |
| 3.1.d Segmentation |
| 3.1.e Policy |
| 3.1.e.i Security |
| 3.1.e.ii Topologies |
| 3.1.e.iii Data center interconnect |
| 3.1.e.iv Multiple site strategy |
| 3.1.e.v Service insertion |
| 3.2 Virtual Networking |
| 4.0 Automation |
| 4.7 Deployment models |
| 4.7.a Bare metal |
| 4.7.b VM |
| 4.7.c Microservices |
| 5.0 Data Center |
| 5.1 Storage |
| 5.1.a Physical topology |
| 5.1.b QoS requirements |
| 5.1.c FC and FCoE |
| 5.1.c.i Zoning |
| 5.1.c.ii Trunking |
| 5.1.c.iii Link aggregation |
| 5.1.c.iv Load balancing |
| 5.1.d iSCSI |
| 5.1.d.i Authentication |
| 5.1.d.ii Multipathing |
| 5.2 Application delivery |
| 5.2.a Load balancer deployment modes |
| 5.3 Compute |
| 5.3.a UCS blade integration |
| 5.3.b UCS rack server integration |
| 5.3.c HyperFlex integration |
| 5.4 Compute connectivity |
| 5.4.a SAN/LAN uplinks |
| 5.4.b Port modes |
CCDE Practical Exam v3: Workforce Mobility Technology List
The technologies listed in this document are associated with the Workforce Mobilityarea of expertise of the CCDE v3 practical exam. Candidates are expected to have a deep understanding of these technologies. Each of these technologies may appear in any delivery of the exam.
Note: The technologies listed here are in addition to the technologies listed in the CCDE Core Technology list.
| 1.0 Security |
| 1.1 Network control and identity management |
| 1.1.a Cisco ISE |
| 2.0 Wireless |
| 2.1 Enterprise wireless network |
| 2.1.a WLAN architectures |
| 2.1.a.i Centralized |
| 2.1.a.ii Distributed |
| 2.1.b Roaming optimizations |
| 2.1.c Mesh network architecture |
| 2.1.d RF and radio design |
| 2.1.d.i Channel planning |
| 2.1.d.ii Channel width |
| 2.1.d.iii Spatial streams |
| 2.1.d.iv Radio Resource Management |
| 2.1.d.v Client considerations, such as transmit power, RSSI, SNR |
| 2.1.e Antenna types |
| 2.2 Regulatory domains |
| 2.3 Site survey |
| 2.3.a Floor maps |
| 2.3.b Coverage requirements |
| 2.3.c Building materials |
| 2.3.d Attenuation |
| 2.3.e Interferences |
| 2.3.f Capacity planning |
| 2.3.g AP cell areas |
| 2.3.h Wired network |
| 2.3.h.i PoE |
| 2.3.h.ii Switch port capacity |
| 2.3.h.iii Uplink capacity |
| 2.3.i Outdoor/indoor locations |
| 2.3.j Survey types |
| 2.3.j.i Walkthrough |
| 2.3.j.ii Predictive |
| 2.3.j.iii Active |
| 2.3.j.iv Passive |
| 2.3.k Heat maps |
| 2.4 Requirement gathering and analysis |
| 2.4.a Areas of coverage |
| 2.4.a.i Expected coverage per area |
| 2.4.a.ii Client density |
| 2.5 Multicast over wireless |
| 2.6 mDNS |
| 2.7 Location services and solutions |
| 2.7.a RTLS |
| 2.7.b DNA Spaces |
| 2.7.b.i Analytics |
| 2.8 Automation, Assurance, Insights, and Telemetry (Legacy and DNAc) |
| 2.8.a AVC/NetFlow |
| 2.8.b DNAc |
CCDE Practical Exam v3: Large-Scale Networks Technology List
The technologies shown in this document are associated with the Large Scale Networks area of expertise of the CCDE v3 practical exam. Candidates are expected to have a deep understanding of these technologies. Each of these technologies may appear in any delivery of the exam.
Note: The technologies listed here are in addition to the technologies listed in the CCDE Core Technology list.
| 1.0 Transport Technologies |
| 1.1 Carrier Ethernet |
| 1.2 Ring-based (such as SONET/SDH, OTU) |
| 1.3 Frame relay (migration only) |
| 1.4 Wireless (including satellite links, microwave links) |
| 1.5 Optical |
| 2.0 Layer 2 Control Plane |
| 2.1 Loop detection protocols and loop-free topology mechanisms |
| 2.1.a REP |
| 2.2 Transport mechanisms and their interaction with routing protocols over different link types |
| 3.0 Layer 3 Control Plane |
| 3.1 Factors affecting convergence |
| 3.1.a Transport |
| 3.2 Generic routing and addressing concepts |
| 3.2.a Large-scale NAT |
| 3.3 Multicast routing concepts |
| 3.3.a Multicast delivery/implementation models |
| 3.3.b mVPN |
| 4.0 Network Virtualization |
| 4.1 Multiprotocol Label Switching |
| 4.1.a Segment routing |
| 4.1.b LDP and SR interworking |
| 4.1.c MPLS traffic engineering |
| 4.2 QoS techniques and strategies |
| 4.2.a End-user requirements |
| 4.2.b DiffServ |
| 4.2.c IntServ |
| 4.3 EVPN |
| 4.3.a Management plane |
| 4.3.b Control plane |
| 4.3.c Data plane (such as VXLAN, MPLS, PBB) |
| 4.3.d Segmentation |
| 4.3.e Policy |
| 4.3.e.i Security |
| 4.3.e.ii Topologies |
| 4.3.e.iii Multiple site strategy |
| 5.0 Security |
| 5.1 Infrastructure security |
| 5.1.a Data plane protection techniques |
| 5.1.a.i uRPF |
| 5.1.a.ii RTBH |
| 6.0 Automation |
| 6.1 Lifecycle management/closed-loop automation |
CCDE.Blog - Succeed in your CCDE 