I'm very proud to post the story of Joao. He passed recently JNCIE-DC and became one of the firsts JNCIE x4. Joao is a "Juniper Fan" like me.
I'm currently preparing JNCIE-DC as well, so I was so happy to read his experience.
The Joao JNCIE-DC experience:
During the month of March I was fortunate enough to participate on the beta version of the new JNCIE exam for the Data Center track.
A bit of background on my history with Juniper, I have been working with their platforms for the past 8 years and achieved the first E level certification in 2014 with the SP track. Enjoyed that learning experience a lot and it became addictive. The exam is a natural result and final accessory of what is obtained throughout the journey. I ended up doing an E level exam per year with the ENT, SEC and DC sequentially.
This text reflects my personal experience: I work for a Juniper Elite partner and more recently became part of the JNCIE exam delivery team by joining the proctor program for EMEA. In order to assist on the exam, the track qualification is mandatory so I convince myself that I had to attempt it soon rather than later.
I learned a lot with my previous exam experiences, such as: read the whole exam and never rush into start; understand the setup and the expectation of the implementation; pay attention to written details of the question; leave enough time for verification; set a maximum troubleshooting time per exercise.
The specific knowledge I gathered for this track comes from experience of implementing DC related projects for the past three years. This includes VC/VCF, MC-LAG, IP fabric with overlays (EVPN), Contrail, Security and QoS. I cannot stress enough how crucial this was to feel more confident for the exam attempt. The past few months have been around a project with DCI technologies using the MX, the QFX and EX as well as platforms from other vendors for switching and security.
After completing these major projects I acquired the official materials of DCX, ADCX and TDCX to understand how Juniper is positioning the training for the JNCIP-DC. This proved invaluable since the courses serve as a perfect guideline for what Juniper is expecting you to know for the track. Needless to say but this alone is far from being enough to go for the exams, both written or practical. I have not gone through the official training so I ended up reading the fine print of all pages and combined with the live experience I managed to pass the JNCIP-DC exam.
Additional to these courses I also went through the Junos Automation (JAUT) course's materials and I highly recommend to understand and practice its contents.
In addition to the above courses I have used the following O’Reilly Media books for architecture and implementation reference:
- Juniper MX Series, 2nd Edition
- Juniper QFX5100 Series
The gap between the written and the lab exam is considerable. By gap I mean what is expected in terms of knowledge and experience. My strategy was to go through the exam objectives (https://www.juniper.net/us/en/training/certification/resources/jncie-dc) enough times to be confortable to do any task in an reasonably short amount of time. This is a new track and technology so the number of options is still fairly diminished when comparing to other tracks. I trusted this could be the only advantage I would have and it did not prove me wrong.
Exploring the blueprint to its extent is easy from a configuration point of view, the hard part is to get everything to work together. My lab consisted of MX80, QFX5100, EX4300, SRX1500, vMX, vQFX, vSRX and Space. I used a bigger number of devices to be able to emulate all different topologies within specific segments of the network and verify it on the setup as a whole. Some devices merely were there to create more configuration tasks or to serve as physical connections’ augmentation. This improves speed, large setup perception skills and configuration replication. I recall that part of these setups were actually used for PoC which turned out to go live. This fact helped to go into detail. Here is where actual experience is important for these exams.
I honestly enjoyed the experience. The feeling when comparing to my last track (SEC) is completely different. It felt as going back to the SP environment which is my personal preference. Comparing both blueprints you can see plenty of similarities (scripting ; IGP > L3 Underlay ; VPN > Overlay > DCI) and then a flavour of security (Control plane protection > Secure and Monitor Junos Devices). Still on the topic of comparison, the number of lines of the blueprint from the SP track to the DC track is noticeable; this lead me to perceive that the lab exam will possibly contain everything from the blueprint so I tried my best to have considerable knowledge on all topics. If the DC blueprint mentions it, do it. Having said that lets drill a bit into them per item:
- Management: make sure you know the possibilities depending on the platform you are working with (MX, QFX, vMX, vSRX); practice scripting (commit, event, op); play with space on mentioned topics; practice ZTP and know the uses of NETCONF;
- L2 Underlay: make, break, resize and operate any type of VCFs, know MC-LAG inside out and its variances depending on platform;
- L3 Underlay: understand BGP IP fabric and the different possible topologies for DC architectures (eBGP and/or iBGP); control prefix advertisement; master BGP configuration options
- Controllerless overlay: know all EVPN route types; understand implementation differences depending on platform; mitigate traffic tromboning circumstances; troubleshoot L2 and L3 reachability problems; L2 and L3 host traffic segregation using VXLAN with EVPN control plane; VXLAN implementations depending on platform with inter-VXLAN routing; understand and drive split-horizon situations in the Ethernet segment; implement distributed Layer 3 gateway options; I tested everything with Ipv4 and Ipv6 based hosts
- Data Center Interconnect: the ADCX course provides a good guideline on available DCI options so make sure you know how to implement them all (Option 1 to 4); I also tested EPVN/VXLAN to EVPN/MPLS stitching; make sure where and how you should apply these options
- Security: understand stateless firewall filters and the different applications within control or forwarding planes; understand the SRX security architecture and how to drive a stateful firewall implementation;
- Class of Service: implementation and testing of end to end QoS setups for layer 2 and/or layer 3 traffic on the different platforms; make sure you understand the differences between BA and MF classification and traffic profiles;
Again, make sure you read the whole exam before starting as your early decisions may inflict on later architectural requirements.
As always, have fun on your journey! Good luck if you plan to sit the exam.
Feel free to reach out on twitter @emperphis
commenter cet article …