Wednesday, January 13, 2010

Stefan Fouant, JNCIP-M/T and JNCIE-M/T Lab & Preparation Notes

Congratulations to Stefan Fouant, CISSP and JNCIE-M/T, recently posted his steps for methods the JNCIP-M/T and JNCIP-M/T to Groupstudy. This is an excellent posting which covers the following:

> JNCIP-M/T review
> JNCIE-M/T review
> Proteus Networks JNCIE-M/T practice exams/lab gear review


JNCIP-M/T and JNCIE-M/T Lab & Preparation Notes

Hello Fellow Groupstudy Lurkers,

I'm delighted to say that I passed the JNCIE-M/T exam last month and I am
now the proud recipient of the highly sought-after JNCIE-M/T designation!
I'd like to take a few moments to share about my experiences with the rest
of you who may also decide to pursue this certification. Sorry for the long
post, but I'm sure some of you will find this useful.

Before I delve into the specifics of the JNCIP-M/T and JNCIE-M/T
preparations, let me suggest that anyone who is interested in pursuing this
track start out with the JNCIA-M/T certification, prior to moving to the
JNCIS-M/T. While it is possible to skip directly to the JNCIS-M/T
certification, there is so much useful information available in the 'JNCIA
Study Guide' that I strongly believe it should be at the top of the list for
those who are just starting out with JUNOS.

As for JNCIP-M/T, I prepared entirely using the 'JNCIP Study Guide' by Harry
Reynolds. Although this book is long out of print, the Study Guide is
available as a free download from Juniper's website, as are the rest of the
Study Guides for the Service Provider track. For actual hands-on, I used a
testbed comprised entirely of Juniper Olives running in VMware. Yes, it is
possible to use an Olive lab exclusively in order to do EVERYTHING needed to
prepare for this exam. As this exam is mostly focused on BGP and IGPs there
is nothing which actually requires a hardware based PFE or dedicated ASICs,
as such an Olive is perfectly acceptable for test preparation.

If you decide to pursue this route and do preparations exclusively in this
manner, there are a few things to keep in mind. I've found that the initial
install of JUNOS requires quite a bit more memory than it does once its
finally completed. I was able to successfully run a VM Olive running JUNOS
8.1 (at the time of this writing JUNOS 8.1 was the version being used in the
exam) with as little as 48 MB of memory, however CLI response time was
incredibly slow. I've found the sweet spot to be right at around 96MB of RAM
for each Olive VM image. In order to follow through the examples in the
JNCIP Study Guide, you're going to want to have at least 8 Olive VMs running
simultaneously (7 for the actual routers comprising the student's testbed
and another Olive to simulate the EBGP peers using Virtual Routers). Make
sure you have at least 768 MB of available memory you can allocate to your
VMs. Depending on what version of VMware you are running, you might need to
tweak the vmnet interfaces so that each Olive has enough fxp0s, and you
might also need to stitch them together logically within the VMware
configuration files. Be prepared to get under the hood of VMware
configuration in order to get all this working correctly. Perhaps a better
option would be to configure an ESX or ESXi Server and run your images off a
high-powered server, where you have loads of memory and virtual switching
capabilities. Another option is to utilize a single hardware-based chassis,
such as the MX240 and segment this using Logical Routers (see below for
details on this configuration).

Preparing for the JNCIE-M/T exam is a bit more difficult, as it requires
actual hardware to perform many of the tasks required of this exam. Many of
the tasks like setting up Multicast or Layer 2 VPN srequire dedicated
hardware within the PFE, so using Olives is not an option. Never fear, it
is entirely possible to prepare for this exam using as little as a single
MX240 coupled with Logical Routers (Logical Systems in JUNOS 9.3 and above).
You will need a total of ~40 connections to set this lab up so get your
hands on a high density 40x1GE card and a bunch of fiber and you should be
ready to go. Make sure the card you use is capable of Layer 3 services, as
cards capable of running only Layer 2 services will fall short of many of
the configuration tasks. If you're short on SFPs or just don't have enough
physical ports, it's also possible to use logical tunnels to stitch your
logical routers together, as in the following example:

logical-systems {
dc {
interfaces {
lt-0/0/10 {
unit 0 {
description dc->r7;
encapsulation ethernet;
peer-unit 1;
family inet {
address 10.0.8.13/30;
}
family iso;
}
}
}
}
r7 {
interfaces {
lt-0/0/10 {
unit 1 {
description r7->dc;
encapsulation ethernet;
peer-unit 0;
family inet {
address 10.0.8.14/30;
}
family iso;
}
}
}
}
chassis {
fpc 0 {
pic 0 {
tunnel-services {
bandwidth 1g;
}
}
}
network-services ip;
}

The last bit is required in order to make sure you allocate a fixed amount
of bandwidth on the PFE for the logical tunnels. The coolest thing about
the logical tunnels feature within JUNOS is that you can actually configure
them with Ethernet, Frame Relay, or a host of other encapsulation types.
Logical tunnel interfaces behave just like regular interfaces and it's
entirely possible to configure things like IS-IS across them, as can be seen
in the above example where 'family iso' has been enabled.

Navigating the CLI is a bit unwieldy using Logical Routers if you're working
from the root of the physical device, so its highly advisable to configure
individual user accounts for each logical router. This will enable you to
log in to each logical router and be positioned within the root of that
logical router as if you were in the root of a real physical router. This
can be accomplished with the following configuration:

system {
class dc {
idle-timeout 0;
logical-system dc;
permissions all;
class r7 {
idle-timeout 0;
logical-system r7;
permissions all;
}
user dc {
uid 2014;
class dc;
authentication {
encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
}
user r7 {
uid 2010;
class r7;
authentication {
encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
}
}
}

In addition to the above lab setup, I used the 'JNCIE Study Guide' from
Harry Reynolds. While this is an excellent book in preparation for the
exam, my advice is to make sure you also read through the 'MPLS
Applications', 'Multicast', and 'VPN' Configuration Guides, and be familiar
with as many knobs and configuration options as possible. You are also
going to want to make sure you understand IS-IS and OSPF as well as BGP in
an even deeper fashion than that required in the JNCIP-M/T exam.

As a word of note, in preparing for both the JNCIP-M/T and the JNCIE-M/T
exams, make sure you have a good handle on how to use 'load merge terminal
relative', 'load patch terminal', and when to copy and paste portions of
code simply using 'show | display set'. It's equally important to know
which one of the above commands to use in a given situation. For example,
when copying changes to several stanzas from one router to another, it's
often quite a bit easier to use the 'load patch' command as you won't have
to copy snippets from portions of different stanzas into a notepad prior to
loading into the target router. Little things like this can save quite a bit
of time and will come in handy when your time would be better served trying
to focus on troubleshooting why your IGP isn't coming up.

Finally, I should mention that I also utilized the services of Proteus
Networks (www.proteus.net) which offers remote-proctored JNCIP-M/T,
JNCIE-M/T and JNCIE-ER practice exams on their lab gear. For $800, their
package consists of two 8 hour labs comprising a wide variety of topics you
are likely to see on the exam. When you are finished with each, they will
grade it and give you feedback on how well you performed. What I liked
about Proteus is that they even let me play around with the gear after my
exam was graded, and allowed me to go and fix some of my mistakes. In
addition, they were highly responsive to my emails, and answered all of my
questions in a timely manner. Looking back, I don't think I would have been
able to pass the JNCIE-M/T exam without the use of their services as there
were several subject areas identified throughout their exam which required
additional focus. In my opinion, their remote-proctored exams are a genuine
bargain for the price and anyone who is preparing for the JNCIE exams should
seriously investigate their offerings.

All in all, the total study time for JNCIP-M/T was approximately 2 months,
and the total study time for JNCIE-M/T was approximately 3 months. This
usually comprised about an hour or two each day during the week reading, and
anywhere from 10-16 hours of lab time on the weekends. I'm lucky in that I
have also worked in a Service Provider environment for several years where I
was able to intimately familiarize myself with many of these technologies
over a span of many years. In addition, I have spent a considerable amount
of time reading a plethora of books on a wide variety of networking
technologies. If you are new to MPLS, Multicast, Layer 2/3 VPNs, QoS, or
IPv6, you may want to factor in additional time to your study schedule. The
trick here is to be consistent and develop a schedule which you can live
with - you will be much better served by spending a few hours a day over a
span of months rather than hundreds of hours the weeks before your exam.
Slow and steady wins the race here... you'll be surprised how quickly a few
months can go by when you're motivated and committed to something!

I hope this helps those of you who are pursuing either the JNCIP-M/T or the
JNCIE-M/T certifications, and I wish you the best of luck in your endeavors!

Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D

8 comments:

  1. Thank you Stefan. You mentioned you used Proteus labs for the JNCIE but I only see "JNCIP Remote Proctored Lab" on their website. I am missing something? Also can you please give me an idea on how important (little/medium/high) are topics like ipv6/firewall/multicast in the exam? Thank you
    Mark

    ReplyDelete
  2. Greetings, Mark.

    Please note, this was a posting of congratulations to Stefan, the author of this article. I included the article for readers of this blog. To get in contact with Stefan, please visit his blog @ http://www.shortestpathfirst.net/.

    Thanks.

    ReplyDelete
  3. Hi Stefan,

    Congratulation!

    Sorry if i am bit late :)
    I recently joined a service provider and just started working on juniper. I am ccie r/s and want to jump directly into JNCIP -M. Could you please tell how long it will take me to prepare if i spend like 4 hours daily?
    And could you please advice me how should i start preparation?
    I am planning to buy a desktop with 2Gig proc, 4GB ram, will it be good enough to run required lab?

    Waiting your kind suggestions
    Thanks

    ReplyDelete
  4. Hi Ramesh,

    Please note, this was a posting of congratulations to Stefan, the author of this article. I included the article for readers of this blog. To get in contact with Stefan, please visit his blog @ http://www.shortestpathfirst.net/.

    ReplyDelete
  5. Before working with stefan fouant , check his references and proceed with caution he WILL screw you over

    ReplyDelete
  6. Anonymous, get some balls and spill your story.

    ReplyDelete
  7. In some sense, given that you study enough for the material, it's not necessarily your lack of knowledge for the material, it's also your ability to decipher the convoluted wordings of the requirements. Something that might take a few lines turns into a page. I find that somewhat lame in a sense. Oh well we can't have a gazillion JNCIX out there can we :)

    ReplyDelete
  8. Hi Stefan,

    Can you please let us know what material you find useful for studying the new JNCIE-SP exam ...
    So far I don't find much on the market.

    Thanks !

    ReplyDelete