Category Archives: Juniper

A Flashback and a New Busy Year!

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.

Renewing my JNCIP-ENT

Once you got the email from the vendor saying something like “Your certification is about to expire”, the only thing which come to my mind is “Dam it! Again…..”

So long story short, the exam is 120 minutes, 65 questions  and the same blueprint from last time. The only change i noticed was the Junos Software release, it is 15.1 now
I used my notes here from my previous studies.
There is another exam to achieve the JNCIP-ENT (JN0-646) which has the same blueprint but uses an Enhanced Layer 2 Software (ELS). The CLI it’s slightly on switching configs.

I got 73%, so it’s a pass! Maybe i get energy to face the JNCIE before i receive again the famous email “…about to expire”

I don’t remember the price of the JNCIP exam because i did it 3 years ago, but by the priced published by PearsonVue it increased apparently

Juniper Networks Certified Expert Data Center (JNCIE-DC) Open for Registration

At the pinnacle of the Data Center certification track is the 1-day JNCIE-DC practical exam. This exam is designed to validate the networking professionals’ ability to deploy, configure, manage, and troubleshoot Junos-based platforms. Throughout this 8-hour practical exam, candidates will build a data center network consisting of multiple MX Series and QFX Series devices. Successful candidates will perform system configuration on all devices including management capabilities, a Clos IP fabric, EVPN/VXVLAN, DCI, and CoS features.

The JNCIE-DC is valid for three years. Recertification is achieved by passing the current version of the JNCIP-DC exam or by attending a corresponding course.

Exam Overview

Exam code: JPR-980

Lab Exam (Hands-on Lab)

Held at selected Juniper Networks testing centers

Exam length: 8 hours

Prerequisite certification: JNCIP-DC

The lab will be available 3 April 2017

Junos Software Release:

  • MX80 3D Universal Edge Router: 16.1
  • QFX5100 Ethernet Switch: 14.1
  • vMX 3D Universal Edge Router: 15.1
  • vSRX Services Gateway: 12.1

Topics for the Exam

    Management

  • On-box Scripts
    • Event scripts
    • Commit scripts
    • Operation scripts
  • Junos Space
    • Auto discover
    • Configuration management
  • ZTP
    • Initial provisioning of QFX switches using a CentOS DHCP server
  • NETCONF

   Layer 2 Underlay

  • VCF configurations
    • Master and backup RE
    • Inactive state VCF member
    • VCP port setup
  • Convert interface speed
    • 40G to 4x10G
  • MC-LAG
    • Interchassis link (ICL) redundancy
    • IRB MAC Sync
    • Layer 3 gateway function
    • ICCP

Layer 3 Underlay

  • BGP for an IP Clos fabric
    • Clos IP fabric
    • Loopback interface for routing updates
    • EBGP in an IP fabric
    • Avoid blackholing traffic
    • Routing policies

    Controllerless Overlay

  • EVPN control plane
    • EVPN signaling
    • EVPN routes
    • VNI target communities
    • Prevent suboptimal routing
    • Inter-VRF routing
    • Automatic route-target
    • Load balancing
    • Anycast Gateway
  • EVPN/VXLAN
    • Virtual tunnel end point function
    • VXLAN learning process
    • MAC address learning
    • Passing traffic between VNIs

    Data Center Interconnect (DCI)

  • DCI
    • EVPN signaled VXLAN
    • L3VPN implementation
    • EVPN MPLS

    Security

  • Control plane protection
    • Firewall filters
    • Role-base access control (RBAC)
  • SRX Series device as a gateway
    • Security zones
    • Security policies

    Class of Service (CoS)

  • CoS features
    • Loss priority
    • Rewrite rules
    • Shaping and policing
    • Scheduling
    • BA and MF classification
    • Drop profiles
    • Traffic control profiles

Juniper New SDN and Automation Track

Juniper updated their Certification Program with a new Track, SDN and Automation. A Specialist exam (JN0-410) is only available for now,  JNCIA is a pre-requirement, but the Professional level should be expected next year (2017). This exam covers SDN foundations, NFV, Contrail and OpenStack Platforms.

juniper_cert_program_nov2016

This list provides a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.

  • SDN Theory and Applications
  • OpenStack
  • Contrail
  • Contrail Service Chaining
  • Contrail Analytics
  • Troubleshooting

SDN Theory and Applications

  • Identify SDN concepts.
    • SDN definitions
    • SDN versus NFV
    • SDN applications (data center, enterprise, WAN, transport networks)

OpenStack

  • Identify OpenStack concepts.
    • Components (Nova, Neutron, and so on)
    • VM creation
    • Tenancy
    • Network policies
  • Demonstrate knowledge of configuring, monitoring, or implementing OpenStack.
    • VM creation
    • Snapshots

Contrail

  • Identify Contrail architectural concepts.
    • Controller versus orchestration
    • Node types
    • vRouters
    • Layer 2 versus Layer 3 overlay networks
    • Contrail API
    • Storage
    • Route distribution, protocols
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail.
    • Traffic path verification
    • Configuration process, dependencies
    • Analytic node configuration

Contrail Service Chaining

  • Identify Contrail service chaining concepts.
    • In-network service chain
    • Transparent service chain
    • Source NAT
    • Heat templates
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail service chaining.
    • Analyzer service virtual machine
    • Third-party services
    • Traffic path verification

Contrail Analytics

  • Identify Contrail analytics concepts.
    • Infrastructure workspace
    • Networking workspace
    • Traffic analysis
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail analytics.
    • Underlay and overlay monitoring
    • Event monitoring
    • Traffic monitoring

Troubleshooting

  • Demonstrate knowledge of troubleshooting Contrail.
    • Route availability in the controller
    • Virtual router programming
    • Contrail CLI commands
    • Fabric scripts
    • Contrail Introspect
    • vRouter commands
    • Top of rack service node (TSN)
  • Demonstrate knowledge of troubleshooting OpenStack.
    • Log monitoring
    • Privilege, authentication
    • Component interaction

References:

Juniper Networks Certified Specialist SDN and Automation (JNCIS-SDNA)

Renew your Expired Juniper Certification until March 2017

The JNCP is offering a recertification grace period to candidates whose certifications expired in 2016. Expired certifications may be renewed between January 1, 2017 and March 31, 2017 by taking the same or higher level exam or using the Continuing Education option. This means candidates with Specialist through Expert-level certifications that have expired do not have to start at the JNCIA-level.

To renew an expired certification, candidates must pass the appropriate exam or attend an appropriate course by March 31, 2017. See the Recent News section of the Certification Website for instructions on how to take advantage of this offer

Juniper new Champion Program Design Track

Juniper launched the new Champion Program Design Track through the Innovative Level! This new track complements their existing program for Routing, Switching, Security, Enterprise, and Service Provider, featuring the same program policies and reward structure.

Current components of the track are available to achieve Aspiring and Innovative Champion levels; the Ingenious tier is planned for 2017 when the professional-level design certifications become available.

You can find the design track by logging into your Learning Academy account and navigating to the new offering in the “My Curriculum” section.

My status today:

juniper_champion_design_track_status

References:

Champion Partner Program

New Juniper Service Provider Routing and Switching JN0-661 Exam

On July 7, 2016 the JN0-660 Service Provider Routing and Switching exam will be replaced with the JN0-661 Service Provider Routing and Switching exam.

Detailed exam information for the  Service Provider Routing and Switching exam can be found here.

“Automation” piece is no covered on new exam

Detailed Exam Objectives include:

  • OSPF
  • IS-IS
  • BGP
  • Class of Service (CoS)
  • IP Multicast
  • MPLS
  • Layer 3 VPNs
  • Layer 2 VPNs

BGP Free Core

“BGP Free Core” is a typical topology in MPLS Service Provider Networks where you run IGP+Label. This allows traffic to transit over devices which don’t know traffic final destination, instead they look only for labels, bring more performance at the end. MPLS allow applications such as L2VPN, L3VPN and much more.

bgp-free-core

Normal Forwarding

In normal forwarding traffic towards to destination will go hop-by-hop (lookup next-hop) until reach destination

R4#show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
a – application route
+ – replicated route, % – next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 20 subnets, 2 masks
i L2     10.1.1.1/32 [115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.2.0/24 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.11.0/24 [115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.12.0/24 [115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.2.2.2/32 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
C        10.2.4.0/24 is directly connected, GigabitEthernet1.24
L        10.2.4.4/32 is directly connected, GigabitEthernet1.24
i L2     10.2.11.0/24 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.2.12.0/24 [115/20] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.2.13.0/24 [115/20] via 10.4.13.13, 00:13:18, GigabitEthernet1.413
[115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
C        10.4.4.4/32 is directly connected, Loopback0
C        10.4.12.0/24 is directly connected, GigabitEthernet1.412
L        10.4.12.4/32 is directly connected, GigabitEthernet1.412
C        10.4.13.0/24 is directly connected, GigabitEthernet1.413
L        10.4.13.4/32 is directly connected, GigabitEthernet1.413
i L2     10.11.11.11/32
[115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.11.12.0/24 [115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.12.12.12/32
[115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.12.13.0/24 [115/20] via 10.4.13.13, 00:15:50, GigabitEthernet1.413
[115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.13.13.13/32
[115/20] via 10.4.13.13, 00:15:50, GigabitEthernet1.413

R4#show ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
10.1.1.1/32          10.2.4.2             GigabitEthernet1.24
10.4.12.12           GigabitEthernet1.412
10.1.2.0/24          10.2.4.2             GigabitEthernet1.24
10.1.11.0/24         10.2.4.2             GigabitEthernet1.24
10.4.12.12           GigabitEthernet1.412
10.1.12.0/24         10.4.12.12           GigabitEthernet1.412
10.2.2.2/32          10.2.4.2             GigabitEthernet1.24
10.2.4.0/24          attached             GigabitEthernet1.24
10.2.4.0/32          receive              GigabitEthernet1.24
10.2.4.2/32          attached             GigabitEthernet1.24
10.2.4.4/32          receive              GigabitEthernet1.24
10.2.4.255/32        receive              GigabitEthernet1.24
10.2.11.0/24         10.2.4.2             GigabitEthernet1.24

What is the exact path(or multiple)?

R4#trace 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.4.2 3 msec
10.4.12.12 4 msec
10.2.4.2 3 msec
2 10.1.12.1 3 msec
10.1.2.1 3 msec
10.1.12.1 2 msec

CSR-4#show mpls forwarding-table
no MPLS apps enabled or MPLS not enabled on any interfaces

MPLS Forwarding

On MPLS we have LIB and LFIB. LIB essentially holds all the labels and associated information, while LFIB do the forwarding based on incoming labeled packets. CEF is a pre-requirement to run MPLS.
For MPLS the routing table (RIB) still the same as we see on Normal Forwarding.

This is the LFIB table….

R4#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  10.12.12.12/32   0             Gi1.412    10.4.12.12
17         Pop Label  10.13.13.13/32   0             Gi1.413    10.4.13.13
18         Pop Label  10.1.12.0/24     0             Gi1.412    10.4.12.12
19         Pop Label  10.2.12.0/24     0             Gi1.24     10.2.4.2
Pop Label  10.2.12.0/24     0             Gi1.412    10.4.12.12
20         Pop Label  10.11.12.0/24    0             Gi1.412    10.4.12.12
21         Pop Label  10.12.13.0/24    0             Gi1.412    10.4.12.12
Pop Label  10.12.13.0/24    0             Gi1.413    10.4.13.13
22         Pop Label  10.2.13.0/24     0             Gi1.24     10.2.4.2
Pop Label  10.2.13.0/24     0             Gi1.413    10.4.13.13
23         22         10.11.11.11/32   0             Gi1.24     10.2.4.2
24001      10.11.11.11/32   0             Gi1.412    10.4.12.12
24         16         10.1.1.1/32      0             Gi1.24     10.2.4.2
24003      10.1.1.1/32      0             Gi1.412    10.4.12.12
25         17         10.1.11.0/24     0             Gi1.24     10.2.4.2
24004      10.1.11.0/24     0             Gi1.412    10.4.12.12
26         Pop Label  10.2.11.0/24     0             Gi1.24     10.2.4.2
27         Pop Label  10.1.2.0/24      0             Gi1.24     10.2.4.2
28         Pop Label  10.2.2.2/32      0             Gi1.24     10.2.4.2

Doing a trace to R1 we get a labeled path

R4#trace 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.4.2 [MPLS: Label 16 Exp 0] 3 msec
10.4.12.12 [MPLS: Label 24003 Exp 0] 10 msec
10.2.4.2 [MPLS: Label 16 Exp 0] 3 msec
2 10.1.12.1 3 msec
10.1.2.1 3 msec *

JNCP Increases Active Status For Technical Certifications

This is good news :) from Juniper about Inactive Certifications

Hello Champions,

 

We have some good news. The Juniper Networks Certification Program (JNCP) is increasing the Active status for all Juniper Networks technical certifications from 2 years to 3 years, and eliminating the 1 year Inactive status grace period. This includes t certifications. This is good news for partners as it means the recertification cycle will be 3 years rather than 2 years, and certification benefits such as Champions Program compliance are aligned with certification Active Status. This also means that partner certifications that are currently Inactive or due to turn Inactive will be converted to Active to align with the new 3 year certification life.

 

Here is How it Works:

 

  • Today a certification is Active for 2 years, Inactive for 1 year and on the 3rd year it expires if not renewed. The Inactive status has provided a 1-year grace period to recertify, however, in the Inactive status the candidate receives no certification benefits, including lack of Champion Program compliance. If a certification expires, the candidate is required to start again at the JNCIA level.
  • With this change, a certification will be in the Active status for 3 years with candidates receiving all benefits including Champion Program compliance for the entire time. The grace period has been removed, so before the end of the 3rd year, the candidate is required to recertify, or their certification will expire and they’ll be required to start again at the JNCIA level. To provide advance notice to candidates, CertManager (JNCP Certification database) does send automatic 90, 60, and 30-day notices when certifications are about to expire.

 

When Does This Occur?

  • In early October all certifications that are in the Inactive status now will be converted to the Active status and those that will turn Inactive in the next 12 months will have their expiration date extended by one year in CertManager.
  • In roughly a week’s time after the change occurs in CertManger, the new Active statuses will then be imported into the Learning Academy to update the certification records for partners, including those partaking in the Champion Program.

 

What does this mean for Champions and JPA Compliance?

  • Once the conversion into the Learning Academy is complete, partner administrators from Elite and Select partners should re-run their JPA compliance tool. There may be instances where Champions who have an Inactive certification today, may return to Active, and this may have a positive impact on JPA compliance.

 

For questions about this change, or for assistance with the JPA compliance tool, please email champion@juniper.net.

Blaming myself!Failed JNCDA

The first feeling i have in mind is frustration! After read Juniper Networks Design Fundamentals (JNDF) courseware, and did practise test (passed with 80%) i was confident to take exam JNCDA (JN0-1100) and pass.
I reviewed my exam twice, before submit it i closed my eyes !After i read Failed, i closed and opened my eyes again looking for a different result, but it didn’t come. But against the odds i failed, Yes! I failed with 66% (70% to pass).

Something went wrong at Pearson VUE Center, because i was not able to see my detailed report or received a printed copy about my weaknesses (areas). After open a ticket requesting a detailed report, Pearson VUE spoke out saying it’s not possible have a detailed report and this is not a case of a future enhancement!

pearsonvue_com

Sorry, but this is what i call a bad user experience!

Anyway, I would like to say thank you Julie Wider for the opportunity.

Now it’s time to wait 14 days to take this exam again. I leave my notes here if you want take this exam soon.

 

 

White box with Cumulus Networks

Probably you heard about “white box” term or Open Networking, which is a new move in the Networking Industry. It’s pretends decouple hardware from software in network device sold by vendor. Have you imagined running NX-OS in x86 server for a network fabric (leaf?) purpose? What do you earn doing this? It would be cheaper off course but you will need Network/Ops teams evolve with that (skill gap?). Some Service Providers like AT&T are moving on white box solutions, they are testing Provider Edge (PE) modes in  MPLS network, replacing expensive boxes from vendors which doing basic functions. At the moment Cisco is not getting there with any product! Juniper is doing some advances, his new product OCX 1100 you can run Cumulus. But what is Cumulus? It’s full-featured Linux OS for networking hardware!
I’ve had an opportunity to play with Cumulus (2 spines/leafs with OSPF, BGP, VXLAN, Bridging), and it seems interesting, but i would expect a more readable CLI. Are we be able to learn another CLI? Absolutely!

Recently Cumulus Networks launch a Virtual Edition called Cumulus VX , it’s available for different Hypervisors, so Network Engineers  will not be in the dark any more. Another benefit with Virtual editions is run a demonstration to customers is a few clicks.

Cumulus-VX-logo

Juniper vSRX 2.0 is out

Juniper released a new version of vSRX (formerly known as Firefly Perimeter) running Junos OS 15.1X49-D15) with more features, and forwarding capacity. The latest version was Junos 12.1 , so moving to 15.1 code is a big jump…I hope it doesn’t hurt!

New Features

The following features are new in Junos OS Release 15.1X49-D15 for vSRX:

  • Naming update: the product formerly known as Firefly Perimeter is now vSRX.
  • vSRX includes DPDK packet I/O support for higher throughput.
  • SCSI virtual disk support has been added to existing IDE support for improved performance and to permit network-attached storage (NAS) integration.
  • vSRX includes SR-IOV vNIC and VMXNET3 vNIC support for greater performance and hypervisor compatibility.
  • vRAM has been increased to 4 GB and vDisk to 16 GB.
  • vSRX includes KVM Ubuntu 14.04 and CentOS 7.0 support to take advantage of Linux improvements and tools enhancements.
  • KVM images are downloaded in qcow2 format instead of the self-extracting .jva script used in previous releases.
  • vSRX includes VMware vSphere 5.1 and 5.5 support to take advantage of ongoing VMware improvements.
  • vSRX includes new architecture based on Linux and Junos OS for performance and flexibility.

vsrx_arch

References:

vSRX Tech Library Release Notes

SRX Series Features Not Supported on vSRX

Junos Genius 2.0 is out

Juniper redesign the interface of Junos Genius, and looks great.  There are other features included on this version: user profiles, fetch test exam questions, Sync Offline Data and much more
I really recommend it to practise before jump to a live exam, and it’s free!

Download the app now in the Apple AppStore or Google Play:

iPhone
iPad
Android

 junos_genius1  junos_genius2
junos_genius3 junos_genius4
junos_genius5

junos-genius

References:

Juniper Junos Genius