Two new certifications… and….. aspirations for another JNCIE!

Over the last month or so, I have been quietly working away at a couple more JNCIS certifications – JNCIS-QF (QFabric) and JNCIS-SEC (Security).

For those of you who have not done any Juniper certifications before – a JNCIS is roughly equivalent to a CCNP level certification. I’ve come off the back of fairly intensive study for my JNCIE-ENT, for which I was invited to sit the beta of some new test forms in February – so rather than doing 6+ an hour per night, I slowed this down to an hour or two per week. It’s actually been quite odd re-figuring out what to do with all this “free time” – so doing these certifications was a good thing to do to keep my brain occupied and learning something new!

I’m pleased to say that I passed both, getting my JNCIS-QF on 14 March, and my JNCIS-SEC on 8 April. I thought both did a really good job of establishing that the candidate had a reasonable knowledge of the subject areas covered, and would feel confident setting up either a QFabric system or a Juniper SRX in a live deployment (which I guess is the point, right?).

I’ve also decided that I am in fact going to work towards a third JNCIE – the JNCIE-SEC. In many ways, this is going to be far more interesting than the other two, given the fact that I have far less experience in the area of Network Security than I have in Service Provider or Enterprise (as I have spent most of my career working for large service providers!). I’m really looking forward to learning a bunch of new and different technologies – something which is always very enjoyable!

I do however plan to take this one significantly slower than the other two. Essentially I did all the study for my last two JNCIEs in one year – and while I am glad I did it, as I wanted to prove to myself that I could; I would not do it again as I had no life at all while I was doing it. My plan is to slowly work towards this with the aim of doing the JNCIE-SEC exam sometime in the next year. Over the next couple of months I plan to sit the JNCIP-SEC and the JNCSP-SEC – though I will be doing plenty of labbing for the JNCIE as I study for these two written exams. From there I’ll make a week-by-week study plan of what I want to learn and work out a pace to approach it, and only book the exam when I’m sure that I am entirely ready.

As I do this, I’ll be blogging regularly on some of the new technologies and concepts I will be learning – and would appreciate any feedback/corrections; much of this stuff will be very new and different for me!

I also am hoping to hear back on my JNCIE-ENT result in the next few weeks – and will post this as soon as I get it!


JNCIE-SP in review

Over the last 6 months, I’ve done around 900 hours of study towards my JNCIE-SP exam (perhaps a bit too much, however coming from a Cisco background and only having touched my first Juniper router 10 months prior to the exam I felt this was prudent). I did the exam on the 26th of September (a few weeks ago at the time of writing), and now that I’ve had a chance to get a bit of rest afterwards thought I’d do a post on the experience.

One of the first things I’d say is that there’s really two elements to it. The first is an absolute understanding of the technologies within the syllabus (see Secondly, realistically to be attempting this you’re going to need a large amount of operational experience on the Juniper platform plus some solid debugging skills. The ability to quickly isolate a problem that’s either been pre-introduced in the exam (or that you create by doing something stupid) is crucial under the time pressure.

As for study, one of the interesting things about the Juniper certification problem (unlike the Cisco Certs) is that to do a JNCIE you have to do all levels of certification before that (so JNCIA, JNCIS-SP, JNCIP-SP & JNCIE-SP). It’s worth noting that a Juniper JNCIS is roughly equivalent to a CCNP, and a JNCIP is roughly equivalent to a CCIE written. What’s good about this is the Juniper resources for each of these certifications are as a general rule pretty focused on standards rather than the bullshit “vendor way” (while obviously having a slight slant towards some of the Juniperisms i.e. BGP VPLS rather than LDP VPLS there was very little proprietary rubbish or anything like that).

Wanting to ensure I didn’t unnecessarily throw away money (and having a  solid understanding of most of the underlying protocols), I ordered the books from all the courses for the certifications, and spent a fair amount of time studying these as I went through this. This proved helpful as when I got my JNCIP (and then began the 900 hours of study towards my JNCIE) I already had a very detailed knowledge of the Juniper implementation of these protocols and standards.

For the time I was spending studying specifically towards the JNCIE I did a combination of things. Firstly, I purchased 390 VM credits on Junosphere (1 credit = 1 virtual router for 24 hours), enough to spend 39 weekend days playing around with different implementations of various scenarios. I actually ended up only using 300 of these credits, however this was one of the most invaluable resources I had. Junosphere takes a bit of getting used to, and the interface can be a bit clunky at times, however after a while you get pretty quick at manually writing your own topology definitions and converting any bootcamp or lab environment documented in a book into a Junosphere topology so that you can fire it up yourself. I also purchased the Proteus and InetZero study guides for the exam. This was interesting – I found that the Proteus guide was very much focused on the technologies, however the lab scenarios were a bit rubbish, while the InetZero book was purely a lab book with some good scenarios. The InetZero labs were significantly more time consuming than the actual lab exam, however this put me in good stead to finish the exam in good time.

I read a wide range of books and articles, including;

  • The official Juniper JNCIP-SP material
  • Most of the Juniper “Day One” and “This Week” guides. Juniper have also released some vDayOne guides that come with a pre-built Junosphere component they walk you through which is very cool.
  • The InetZero JNCIE-SP lab guide (as mentioned above)
  • The Proteus JNCIE-SP study guide (again, mentioned above)
  • MPLS & VPNs Architectures Vol II by Ivan Pappeljack (while this was Cisco based, it was still incredibly useful)
  • O’Reilly’s Juniper MX Series
  • JNCIE-M study guide by Harry Reynolds
  • JNCIP-M study guide by Harry Reynolds
  • O’Reilly’s Junos Cookbook
  • MPLS Enabled Applications 3rd edition
  • A bunch of Juniper configuration guides
  • A bunch of old NOG presentations
  • RFC2328 – OSPFv2
  • RFC1195 – Integrated ISIS
  • RFC1771 – BGP4
  • RFC1965 – BGP confederations
  • RFC1997 – BGP communities
  • RFC4360 – BGP extended communities
  • RFC4105 – MPLS InterArea TE
  • RFC4364 – BGP/MPLS VPNs
  • RFC6037 – Draft Rosen (ugh!)
  • The Juniper route resolution guide
  • Plus a bunch more that I can’t remember!

As I was going through these, I found a few errors, particularly in the Juniper configuration examples, and sent corrections for these to my Juniper SE. I also found some typos in the Proteus lab guide (nothing major, but amusing to find) and told a friend who works there about it.

I labbed most of the features I was reading about fairly extensively. I had a study plan that took me through the sylabus bit by bit (one week per area) in order to ensure I covered everything. I spent a bit longer than this on a few areas such as Multicast (which I had never touched), and had to revisit some features a few times afterwards (such the more advanced forms of Interprovider VPN/VPLS). Generally I would spend most week nights reading / doing any labbing I could with a couple of MXs in the lab at work, then would try to do a 12-15 hour study day each weekend day on Junosphere (being a tight bastard I hated the idea of not getting the most value I possibly could out of the 24 hour blocks I was having to buy Junosphere time in.

6 weeks out from the exam I began doing 1 practice full exam each week, using the scenarios in the Proteus and InetZero books, then paying for a couple of remote proctored exams which Rick at Proteus ran (I cannot reccomend this enough, Rick was brilliant, the scenarios were a good reflection of the sorts of tasks to expect in the exam, and he was happy to keep emailing me long afterwards with any questions that came up during my study). The benefit of this is that when it came to the real thing I had got past the stress that was only having 8 hours to complete a bunch of tasks on a very broken network. On one of my first practice exams I spent 2.5 hours debugging a LDP issue, then missed a whole lot of other stupid errors because I had got stuck on one question! One of the most important lessons I learned was never to spend more than 5mins debugging a task – move on, do something else, come back and you may find that a fresh perspective makes you see something really obvious and stupid!

During all this time I was very lucky to have a bunch of friends to bounce ideas off and chew the fat with on things I either didn’t quite get or hadn’t struck before. I’d like to particularly thank Chris Jones, Kurt Bales, Ivan Walker, Dylan Hall & Vance McIndoe who were invaluable in being able to ask the occasional dumb (or potentially not so dumb) question, be it some of the more odd behaviours of confederations or completely schooling me in how multicast worked. I’d say that making sure you have “study buddies” who you can do this with is really important – as most people learn better with someone else to bounce things off.

3 weeks out from the exam I made the 12 hour flight to San Francisco and set up camp in a hotel there. That week I did the bootcamp, which was an interesting experience – mainly because I had not realised before that how well prepared I was! The instructor indicated that in the labs in the bootcamp we should be ok as far as speed goes if we were completing 3/4 of the tasks within the allocated time (they were trying to put us under the gun in this respect and make sure we could work well under pressure – however I was completing ALL the tasks within 2/3 of the time, making me feel more confident than I had been before about the whole thing! The bootcamp was really valuable in that again it was another opportunity to do a bunch of tasks in a simulated lab environment which reflected the sorts of things you would be doing, all while being able to discuss any issues you didn’t quite get (by that time though there weren’t many luckily) with the Instructor.

From that point I spent a week and a half doing some final brush up and simulations, plus a couple more remote proctored lab (plus I snuck up to see the Americas Cup boat racing a couple of times :)).

Finally came the day of the exam. One of the things I can recommend the most in the exam is to make sure you don’t have to empty your bladder every 5mins – don’t drink too much coffee! The person to my left must have left 4 times to relieve himself in the morning alone – costing himself valuable time! I got to the Juniper offices early, had a good breakfast at the cafe, then waited. On my day there were 2 of us doing the SP exam, 2 doing SEC, and one doing ENT. Being under NDA, I can’t discuss anything that happened in the exam, however I can say that I completed all the tasks and debugging in 3 hours 15 minutes (including checking), then after spending another 2 hours 45 minuts re-checking everything a few times I was quite satisfied to walk out 2 hours early. I can only attribute this to the amount of study and lab time I put in before the exam. I can also say that the exam was one of the most fun days I’ve had in a long time – there’s nothing more enjoyable than having to do a heap of debugging then roll out some cool features in a network!

From that point I had a holiday booked with my wife (who had arrived in SFO while I was in the exam), so we spent the next few days in San Francisco seeing a few of the sights then travelling to Yosemite to have a poke around there. However it was REALLY hard to relax – even though I was absolutely sure I had everything right I was still nervous and spent a lot of time second guessing myself. Finally – 8 days after the exam on the day we were to leave to go back to New Zealand I woke up to the email from Juniper – I had passed!!!! Woohoo!!! I am JNCIE-SP#2204. It was nice not to be wondering if the email was waiting for me while I was offline on the plane trip.

In review, the JNCIE-SP was really enjoyable to work towards – as a true geek there’s nothing more interesting to me than learning new skills and standards, however I’m taking it a bit easier for the next few months at least and re-learning what it is to not do 40 hours study a week on top of work!