🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
400-007
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
400-007 Cisco Systems Coming Soon

CCDE Written

The CCDE 400‑007 course teaches expert‑level network design methodology, advanced routing, campus, data‑center, WAN, and security architectures, guiding architects through requirements, migration, validation, and operational optimization.

120
Minutes
90
Questions
$450
Exam Cost

Who Should Take This

Network architects, senior engineers, and consultants with seven or more years of enterprise or service‑provider design experience should take this exam. They seek to validate mastery of end‑to‑end design processes, from requirement gathering to migration planning and post‑deployment validation, and to differentiate themselves as strategic design leaders.

What's Covered

1 All domains in the Cisco Certified Design Expert Written (CCDE 400-007) exam: Network Design Methodology
2 , Advanced Routing Design
3 , Campus and Data Center Design
4 , WAN and Service Provider Design
5 , Security Design
6 , and Automation and Orchestration Design

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

62 learning goals
1 Domain 1: Network Design Methodology
3 topics

Requirements analysis and constraint identification

  • Implement structured requirements gathering that captures business objectives, application requirements, performance SLAs, availability targets, growth projections, and regulatory constraints for network design engagements.
  • Analyze competing design constraints including budget limitations, existing infrastructure dependencies, organizational politics, timeline pressures, and technical debt to identify feasible design trade-off boundaries.
  • Design a requirements traceability matrix that maps business requirements through technical requirements to specific design decisions, enabling impact analysis when requirements change during the design lifecycle.

Design validation and migration planning

  • Implement design validation strategies including proof-of-concept testing, simulation modeling, traffic analysis, and failure scenario testing to verify that proposed designs meet stated requirements.
  • Design phased migration plans that transition from current-state to target-state network architecture with rollback procedures, coexistence strategies, and traffic cutover windows that minimize service disruption.
  • Analyze risk factors in network migration scenarios including protocol interoperability during transition, control plane convergence during cutover, and data plane impact assessment for brownfield deployments.

High availability and resiliency design principles

  • Implement availability calculations using MTBF, MTTR, and component reliability data to quantify expected uptime for serial and parallel network topologies and validate designs against SLA targets.
  • Analyze failure domain boundaries in hierarchical network designs to determine blast radius of component failures and evaluate whether redundancy placement provides adequate fault isolation.
  • Design graceful degradation strategies that maintain critical service availability during partial network failures by implementing traffic prioritization, alternate path selection, and capacity-aware failover mechanisms.
2 Domain 2: Advanced Routing Design
4 topics

OSPF and IS-IS design for large-scale networks

  • Implement OSPF multi-area hierarchical design with area boundaries, stub area types, summarization points, and virtual links optimized for convergence speed and LSDB scaling in networks with thousands of prefixes.
  • Analyze OSPF versus IS-IS design trade-offs for underlay routing in large data center and service provider networks considering convergence behavior, extensibility via TLVs, and segment routing integration.
  • Design IGP domain boundaries and redistribution strategies for multi-region networks that prevent routing loops, limit failure propagation, and maintain consistent path selection across administrative boundaries.

BGP design for enterprise and service provider

  • Implement iBGP route reflector hierarchies with cluster design, optimal reflector placement, and path diversity preservation to scale internal BGP to hundreds of peers without full mesh requirements.
  • Implement eBGP peering design for multi-homed enterprise internet connectivity with prefix filtering, AS-path prepending, local preference manipulation, and MED attributes to achieve deterministic traffic engineering.
  • Analyze BGP convergence behavior during prefix withdrawal, path change, and session reset scenarios to evaluate the impact of route dampening, graceful restart, and add-path on large-scale network stability.
  • Design BGP-based traffic engineering strategies using communities, conditional route injection, and selective advertisement to optimize inter-AS traffic distribution across multiple upstream providers.

MPLS and segment routing design

  • Implement MPLS L3VPN design with VRF-lite at the edge, MP-BGP VPNv4/VPNv6 route distribution, and route target assignment strategies for multi-tenant service isolation in enterprise and provider networks.
  • Implement segment routing architecture using SR-MPLS and SRv6 to simplify label distribution, enable traffic engineering without RSVP-TE, and support network slicing for differentiated service delivery.
  • Analyze MPLS L2VPN design options including VPWS, VPLS, and EVPN to determine the optimal L2 extension technology based on scale requirements, multi-homing needs, and MAC learning efficiency.
  • Design an MPLS-to-segment-routing migration strategy that maintains service continuity for existing L3VPN and traffic engineering services while progressively adopting SR capabilities across network regions.

Multicast and QoS design

  • Implement PIM sparse-mode multicast design with RP placement strategies, Anycast-RP redundancy, MSDP inter-domain distribution, and SSM for known-source applications in enterprise campus and WAN environments.
  • Design end-to-end QoS architectures with classification, marking, queuing, shaping, and policing policies that preserve application SLAs across campus, WAN, and data center network segments.
  • Analyze QoS design implications for real-time applications including voice, video, and interactive collaboration when traversing multiple network domains with different trust boundaries and queuing capabilities.
3 Domain 3: Campus and Data Center Design
3 topics

Campus network design

  • Implement Cisco SD-Access campus fabric design with fabric border nodes, control plane nodes, edge nodes, and wireless LAN controllers integrated into the fabric for identity-based micro-segmentation.
  • Analyze campus design trade-offs between traditional three-tier hierarchical architecture, collapsed core designs, and SD-Access fabric overlays based on scale, segmentation requirements, and operational maturity.
  • Design multi-site campus fabric interconnection using transit control planes, SD-Access transit nodes, and LISP site-to-site communication to extend identity-based policy across geographically distributed locations.
  • Implement campus wireless design integration including AP deployment models, roaming domain design, RF profiles, and wireless-to-fabric mapping for seamless wired and wireless segmentation consistency.

Data center network design

  • Implement spine-leaf data center fabric design using VXLAN encapsulation with BGP EVPN control plane for scalable Layer 2 and Layer 3 connectivity across thousands of endpoints.
  • Analyze VXLAN-EVPN fabric design options including symmetric versus asymmetric IRB, distributed anycast gateway, and multi-site EVPN interconnection to determine the optimal overlay architecture for workload mobility requirements.
  • Design multi-site data center interconnection using EVPN multi-site, OTV, or LISP to extend Layer 2 domains across geographically separated data centers while controlling failure domain propagation and BUM traffic flooding.
  • Implement data center storage networking design including FCoE, iSCSI, and NVMe-oF fabric considerations for converged network architectures that maintain lossless Ethernet requirements for storage traffic classes.

Data center compute and virtualization design

  • Implement network design for containerized workloads including Kubernetes CNI integration, service mesh networking, and Cisco ACI integration with container orchestration platforms for policy-based micro-segmentation.
  • Analyze network design implications of virtual machine mobility, container orchestration scheduling, and bare-metal server provisioning on data center fabric scale, VTEP density, and host route advertisement.
4 Domain 4: WAN and Service Provider Design
3 topics

SD-WAN design

  • Implement Cisco SD-WAN overlay design with vManage, vSmart, vBond controller placement, transport independence across MPLS and internet underlay, and OMP route distribution for centralized policy enforcement.
  • Implement SD-WAN application-aware routing policies using SLA metrics including latency, jitter, and packet loss to dynamically steer traffic across available transport paths based on real-time performance measurement.
  • Analyze SD-WAN design scalability factors including controller cluster sizing, hub-spoke versus mesh topology selection, and regional hub placement to support branch office counts from hundreds to thousands.
  • Design SD-WAN migration from traditional MPLS WAN to hybrid SD-WAN architecture with coexistence strategies, phased branch migration waves, and service-level validation at each migration stage.

MPLS VPN and service provider WAN design

  • Implement inter-AS MPLS VPN design using Options A, B, and C to provide end-to-end VPN service across multiple autonomous systems with appropriate control plane coupling and security boundaries.
  • Analyze PE router scaling limitations including VRF table size, BGP VPNv4 prefix counts, and label space exhaustion to determine when hierarchical VPN architectures or route reflector partitioning are required.
  • Design carrier Ethernet and MPLS-based managed WAN services with SLA guarantees, traffic engineering, and fast reroute protection to deliver differentiated service tiers for enterprise customers.

WAN optimization and cloud connectivity

  • Implement direct cloud connectivity design using cloud on-ramps, ExpressRoute, Direct Connect, and Cloud Interconnect with SD-WAN integration to optimize application performance for SaaS and IaaS workloads.
  • Analyze WAN design implications of SaaS application adoption including local internet breakout placement, split-tunnel versus full-tunnel architectures, and DNS-based traffic steering for cloud-first branch designs.
  • Design a multi-cloud WAN connectivity strategy that provides consistent network policy, security inspection, and performance monitoring across AWS, Azure, and GCP environments interconnected through hub VPC/VNet transit architectures.
5 Domain 5: Security Design
3 topics

Network segmentation and zero trust

  • Implement network macro-segmentation design using VRFs, VLANs, and firewall zones to isolate network security domains aligned with data classification levels and regulatory compliance boundaries.
  • Implement micro-segmentation design using Cisco TrustSec SGTs, ISE policy sets, and SD-Access fabric segmentation to enforce identity-based access control independent of IP addressing and VLAN topology.
  • Design a zero-trust network architecture that enforces continuous authentication, least-privilege access, and encrypted transport using Cisco Secure Access, ISE, Duo, and per-flow encryption across campus, WAN, and cloud segments.
  • Analyze segmentation design effectiveness by mapping communication flows against policy intent, identifying overly permissive rules, and evaluating lateral movement risk across trust boundaries.

Firewall and intrusion prevention design

  • Implement firewall deployment design including inline, routed, transparent, and clustered modes with active-active and active-standby failover topologies for Cisco Secure Firewall in data center and perimeter environments.
  • Analyze firewall design scalability by evaluating session table capacity, throughput requirements, SSL inspection overhead, and IPS signature performance impact to size firewall platforms for projected traffic loads.
  • Design distributed security inspection architectures that position firewall and IPS services at optimal enforcement points across campus, data center, and cloud perimeters to balance security visibility with traffic hair-pinning overhead.

Secure network access and DDoS protection

  • Implement 802.1X network access control design with Cisco ISE authentication policies, authorization profiles, and posture assessment to enforce differentiated access based on user identity and device compliance.
  • Design DDoS mitigation architecture using Flowspec, RTBH, traffic scrubbing services, and Cisco firewall rate limiting to protect critical network infrastructure and services from volumetric and application-layer attacks.
  • Analyze network infrastructure hardening requirements including control plane policing, management plane protection, routing protocol authentication, and infrastructure ACLs to reduce attack surface on network devices.
6 Domain 6: Automation and Orchestration Design
3 topics

Controller-based network design

  • Implement Cisco DNA Center-based network design with hierarchical site structures, network profiles, and policy-based automation to standardize provisioning across campus, branch, and WAN network segments.
  • Analyze controller high availability and scalability design including cluster sizing, geographic distribution, disaster recovery, and API gateway load balancing for network management platforms.
  • Design intent-based networking architecture that translates business policy into network configuration through Cisco DNA Center assurance, compliance verification, and closed-loop remediation workflows.

Model-driven programmability

  • Implement YANG data model-based network automation design using NETCONF and RESTCONF protocols to enable model-driven configuration management and operational state retrieval across multi-vendor environments.
  • Analyze network automation design trade-offs between NETCONF transactional operations, RESTCONF RESTful simplicity, gNMI streaming telemetry, and CLI-based legacy automation for different device lifecycle stages.
  • Design a network-as-code strategy that uses version-controlled YANG models, CI/CD pipelines, automated compliance validation, and staged deployment workflows to manage network infrastructure as software artifacts.

Telemetry and observability design

  • Implement model-driven telemetry design using gNMI dial-out subscriptions and on-change notifications to replace SNMP polling with push-based monitoring for real-time network visibility at scale.
  • Design a network observability architecture that correlates telemetry streams, syslog events, flow data, and synthetic monitoring to provide end-to-end visibility from user endpoint through application infrastructure.
  • Analyze telemetry collection scaling challenges including data volume, collector capacity, storage retention, and pipeline processing latency to right-size observability infrastructure for large-scale network deployments.

Scope

Included Topics

  • All domains in the Cisco Certified Design Expert Written (CCDE 400-007) exam: Network Design Methodology (15%), Advanced Routing Design (20%), Campus and Data Center Design (20%), WAN and Service Provider Design (20%), Security Design (15%), and Automation and Orchestration Design (10%).
  • Expert-level network design methodology including requirements gathering, constraint analysis, design trade-off evaluation, migration planning, and validation strategies for large-scale enterprise and service provider networks.
  • Key Cisco design topics: OSPF multi-area design, BGP route reflector hierarchies, MPLS L3VPN/L2VPN, EVPN-VXLAN fabric design, SD-WAN overlay architecture, SD-Access campus fabric, spine-leaf data center topologies, QoS end-to-end design, multicast design, IPv6 transition, network segmentation, and zero-trust architecture.
  • Scenario-driven architectural decisions that balance scalability, resiliency, security, manageability, performance, and cost across multi-site enterprise and service provider network environments.
  • Network automation design including controller-based architectures, model-driven programmability, YANG data models, NETCONF/RESTCONF, Cisco DNA Center, and orchestration frameworks for large-scale network operations.

Not Covered

  • Device-level CLI configuration commands and platform-specific implementation syntax that belong to CCNP-level operational certifications.
  • Current Cisco product SKUs, pricing, and rapidly changing licensing models not durable for a long-lived domain specification.
  • CCDE Practical exam-specific scenario format and lab topology details that differ from written exam objectives.
  • Application-layer protocol deep dives and software development practices that do not directly impact network design decisions.
  • Wireless controller configuration and RF engineering details beyond high-level campus wireless integration design.

Official Exam Page

Learn more at Cisco Systems

Visit

400-007 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Cisco®, CCNA®, CCNP®, CCIE®, and related marks are registered trademarks of Cisco Technology, Inc. Cisco does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.