Category Archives: Juniper

Magic Quadrant for Enterprise Network Firewalls 2018

Leave a reply

Security landscape is evolving fast, so fast detection and mitigation is important for customers.   Many enterprises are looking to firewall vendors to provide cloud-based malware detection instances to aid them in their advanced threat detection efforts, as a cost-effective alternative to stand-alone sandboxing appliances.
SSL Decryption is one of the key topics, since TLS 1.2 to the TLS 1.3 standard will undoubtedly force changes in how enterprise firewall vendors process the traffic.
Policy Orchestration and Automation Become Critical on SDN deployments, some vendors haven’t provide much attention om this topic. Firewall Services Within IaaS Environments Become an Area of Differentiation.

Magic Quadrant for Enterprise Network Firewalls

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2018

Tags: , , , ,

Juniper Cross-Track Recertification for Associate-Level Exams

Leave a reply

Do you have an associate-level exam that is coming up for renewal? Rather than retaking the same exam, you can now recertify your certification by passing another associate-level exam.

On September 21, the Juniper Networks Certification Program (JNCP) updated the recertification policies to allow for cross-track recertification for all associate-level exams. If, for example, your JNCIA-Junos certification is coming up for renewal, consider attempting the JNCDA, the JNCIA-Cloud, or the new JNCIA-DevOps certification exam instead. If you pass, not only will you have earned a new certification, but you will have also recertified an existing one.

Plus, you’ll be on your way to earning our new JNCIAx3 or JNCIAx4 multi-certification badges.

Learn more on the JNCP Recertification webpage.

Tags: , ,

Read it, then try it—with Juniper vLabs

Leave a reply

Juniper vLabs is a web-based platform that lets you try out Juniper products and features at any time, in a no-risk environment. Leveraging the vMX, vQFX, and vSRX product lines, vLabs provide a variety of standalone devices and preset topologies. Reservable in advance or on-demand, vLabs are free to access and open to everyone.

Juniper vLabs takes a “read-it-then-try-it” approach to learning. This offering guides you from product and solutions documentation to a live environment where you can get hands-on experience.

Enter Juniper vLabs.

 

https://youtu.be/Zt5fiVhNgFQ

Tags: , , , , , , , , ,

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure 2018

Leave a reply

Based on Gartner by 2020, only 40% of network operations teams will use the command line interface (CLI) as their primary interface, down from 75% in 2018.

Cisco still evolving their Unified Vison across the Campus with DNA Center and SD-Access solutions giving the full capabilities in one single pane of glass simplying the day-to-day operations.

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure

References:

Magic Quadrant for the Wired and Wireless LAN Access Infrastructure 2018

Tags: , , ,

A Flashback and a New Busy Year!

Leave a reply

Dear Reader,

Thanks to spend your time reading this post on the first day of the new year.

The 2017 was a busy year regards projects and a new area i’ve been exploring myself (Business Development), this is quite new for me but it’s going….

What i mean by Business Development? I’ve been focus only on Engineering (hands-on) which is by far what i really like to do, so i get the implementation plan and GO! Why not dive in the conversation with the customer and understand their challenges, advise what technologies are in the market that really suit them. Presenting cutting-edge technologies and advise the customer is also something i really like.

What do i have for this upcoming year? I’ve done some re-cert’s, like Juniper, VMware and Cisco.
I have do do some re-certs this year too, but i want to focus more on the CCDE than ever, so i’m starting officially today and i hope do the Written in 6 months. I will attend the Cisco Live Barcelona 2018, so i hope get good contacts to push this even further. This is the plan mentally but i know this might has to change a bit.

CCNA Cyber Ops is just around the corner :)

Happy New Year.

Tags: , , ,

Renewing my JNCIP-ENT

Leave a reply

Once you got the email from the vendor saying something like “Your certification is about to expire”, the only thing which come to my mind is “Dam it! Again…..”

So long story short, the exam is 120 minutes, 65 questions  and the same blueprint from last time. The only change i noticed was the Junos Software release, it is 15.1 now
I used my notes here from my previous studies.
There is another exam to achieve the JNCIP-ENT (JN0-646) which has the same blueprint but uses an Enhanced Layer 2 Software (ELS). The CLI it’s slightly on switching configs.

I got 73%, so it’s a pass! Maybe i get energy to face the JNCIE before i receive again the famous email “…about to expire”

I don’t remember the price of the JNCIP exam because i did it 3 years ago, but by the priced published by PearsonVue it increased apparently

Tags: , , , , , , , , , , , ,

Juniper Networks Certified Expert Data Center (JNCIE-DC) Open for Registration

Leave a reply

At the pinnacle of the Data Center certification track is the 1-day JNCIE-DC practical exam. This exam is designed to validate the networking professionals’ ability to deploy, configure, manage, and troubleshoot Junos-based platforms. Throughout this 8-hour practical exam, candidates will build a data center network consisting of multiple MX Series and QFX Series devices. Successful candidates will perform system configuration on all devices including management capabilities, a Clos IP fabric, EVPN/VXVLAN, DCI, and CoS features.

The JNCIE-DC is valid for three years. Recertification is achieved by passing the current version of the JNCIP-DC exam or by attending a corresponding course.

Exam Overview

Exam code: JPR-980

Lab Exam (Hands-on Lab)

Held at selected Juniper Networks testing centers

Exam length: 8 hours

Prerequisite certification: JNCIP-DC

The lab will be available 3 April 2017

Junos Software Release:

  • MX80 3D Universal Edge Router: 16.1
  • QFX5100 Ethernet Switch: 14.1
  • vMX 3D Universal Edge Router: 15.1
  • vSRX Services Gateway: 12.1

Topics for the Exam

    Management

  • On-box Scripts
    • Event scripts
    • Commit scripts
    • Operation scripts
  • Junos Space
    • Auto discover
    • Configuration management
  • ZTP
    • Initial provisioning of QFX switches using a CentOS DHCP server
  • NETCONF

   Layer 2 Underlay

  • VCF configurations
    • Master and backup RE
    • Inactive state VCF member
    • VCP port setup
  • Convert interface speed
    • 40G to 4x10G
  • MC-LAG
    • Interchassis link (ICL) redundancy
    • IRB MAC Sync
    • Layer 3 gateway function
    • ICCP

Layer 3 Underlay

  • BGP for an IP Clos fabric
    • Clos IP fabric
    • Loopback interface for routing updates
    • EBGP in an IP fabric
    • Avoid blackholing traffic
    • Routing policies

    Controllerless Overlay

  • EVPN control plane
    • EVPN signaling
    • EVPN routes
    • VNI target communities
    • Prevent suboptimal routing
    • Inter-VRF routing
    • Automatic route-target
    • Load balancing
    • Anycast Gateway
  • EVPN/VXLAN
    • Virtual tunnel end point function
    • VXLAN learning process
    • MAC address learning
    • Passing traffic between VNIs

    Data Center Interconnect (DCI)

  • DCI
    • EVPN signaled VXLAN
    • L3VPN implementation
    • EVPN MPLS

    Security

  • Control plane protection
    • Firewall filters
    • Role-base access control (RBAC)
  • SRX Series device as a gateway
    • Security zones
    • Security policies

    Class of Service (CoS)

  • CoS features
    • Loss priority
    • Rewrite rules
    • Shaping and policing
    • Scheduling
    • BA and MF classification
    • Drop profiles
    • Traffic control profiles
Tags: , , , , , , , ,

Juniper New SDN and Automation Track

Leave a reply

Juniper updated their Certification Program with a new Track, SDN and Automation. A Specialist exam (JN0-410) is only available for now,  JNCIA is a pre-requirement, but the Professional level should be expected next year (2017). This exam covers SDN foundations, NFV, Contrail and OpenStack Platforms.

juniper_cert_program_nov2016

This list provides a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.

  • SDN Theory and Applications
  • OpenStack
  • Contrail
  • Contrail Service Chaining
  • Contrail Analytics
  • Troubleshooting

SDN Theory and Applications

  • Identify SDN concepts.
    • SDN definitions
    • SDN versus NFV
    • SDN applications (data center, enterprise, WAN, transport networks)

OpenStack

  • Identify OpenStack concepts.
    • Components (Nova, Neutron, and so on)
    • VM creation
    • Tenancy
    • Network policies
  • Demonstrate knowledge of configuring, monitoring, or implementing OpenStack.
    • VM creation
    • Snapshots

Contrail

  • Identify Contrail architectural concepts.
    • Controller versus orchestration
    • Node types
    • vRouters
    • Layer 2 versus Layer 3 overlay networks
    • Contrail API
    • Storage
    • Route distribution, protocols
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail.
    • Traffic path verification
    • Configuration process, dependencies
    • Analytic node configuration

Contrail Service Chaining

  • Identify Contrail service chaining concepts.
    • In-network service chain
    • Transparent service chain
    • Source NAT
    • Heat templates
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail service chaining.
    • Analyzer service virtual machine
    • Third-party services
    • Traffic path verification

Contrail Analytics

  • Identify Contrail analytics concepts.
    • Infrastructure workspace
    • Networking workspace
    • Traffic analysis
  • Demonstrate knowledge of configuring, monitoring, or implementing Contrail analytics.
    • Underlay and overlay monitoring
    • Event monitoring
    • Traffic monitoring

Troubleshooting

  • Demonstrate knowledge of troubleshooting Contrail.
    • Route availability in the controller
    • Virtual router programming
    • Contrail CLI commands
    • Fabric scripts
    • Contrail Introspect
    • vRouter commands
    • Top of rack service node (TSN)
  • Demonstrate knowledge of troubleshooting OpenStack.
    • Log monitoring
    • Privilege, authentication
    • Component interaction

References:

Juniper Networks Certified Specialist SDN and Automation (JNCIS-SDNA)

Tags: , , ,

Renew your Expired Juniper Certification until March 2017

Leave a reply

The JNCP is offering a recertification grace period to candidates whose certifications expired in 2016. Expired certifications may be renewed between January 1, 2017 and March 31, 2017 by taking the same or higher level exam or using the Continuing Education option. This means candidates with Specialist through Expert-level certifications that have expired do not have to start at the JNCIA-level.

To renew an expired certification, candidates must pass the appropriate exam or attend an appropriate course by March 31, 2017. See the Recent News section of the Certification Website for instructions on how to take advantage of this offer

Tags: ,

Juniper new Champion Program Design Track

Leave a reply

Juniper launched the new Champion Program Design Track through the Innovative Level! This new track complements their existing program for Routing, Switching, Security, Enterprise, and Service Provider, featuring the same program policies and reward structure.

Current components of the track are available to achieve Aspiring and Innovative Champion levels; the Ingenious tier is planned for 2017 when the professional-level design certifications become available.

You can find the design track by logging into your Learning Academy account and navigating to the new offering in the “My Curriculum” section.

My status today:

juniper_champion_design_track_status

References:

Champion Partner Program

Tags: , , , ,

New Juniper Service Provider Routing and Switching JN0-661 Exam

Leave a reply

On July 7, 2016 the JN0-660 Service Provider Routing and Switching exam will be replaced with the JN0-661 Service Provider Routing and Switching exam.

Detailed exam information for the  Service Provider Routing and Switching exam can be found here.

“Automation” piece is no covered on new exam

Detailed Exam Objectives include:

  • OSPF
  • IS-IS
  • BGP
  • Class of Service (CoS)
  • IP Multicast
  • MPLS
  • Layer 3 VPNs
  • Layer 2 VPNs
Tags: , ,

BGP Free Core

Leave a reply

“BGP Free Core” is a typical topology in MPLS Service Provider Networks where you run IGP+Label. This allows traffic to transit over devices which don’t know traffic final destination, instead they look only for labels, bring more performance at the end. MPLS allow applications such as L2VPN, L3VPN and much more.

bgp-free-core

Normal Forwarding

In normal forwarding traffic towards to destination will go hop-by-hop (lookup next-hop) until reach destination

R4#show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
a – application route
+ – replicated route, % – next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 20 subnets, 2 masks
i L2     10.1.1.1/32 [115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.2.0/24 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.11.0/24 [115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.1.12.0/24 [115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.2.2.2/32 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
C        10.2.4.0/24 is directly connected, GigabitEthernet1.24
L        10.2.4.4/32 is directly connected, GigabitEthernet1.24
i L2     10.2.11.0/24 [115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.2.12.0/24 [115/20] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.2.13.0/24 [115/20] via 10.4.13.13, 00:13:18, GigabitEthernet1.413
[115/20] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
C        10.4.4.4/32 is directly connected, Loopback0
C        10.4.12.0/24 is directly connected, GigabitEthernet1.412
L        10.4.12.4/32 is directly connected, GigabitEthernet1.412
C        10.4.13.0/24 is directly connected, GigabitEthernet1.413
L        10.4.13.4/32 is directly connected, GigabitEthernet1.413
i L2     10.11.11.11/32
[115/30] via 10.4.12.12, 00:13:18, GigabitEthernet1.412
[115/30] via 10.2.4.2, 00:13:18, GigabitEthernet1.24
i L2     10.11.12.0/24 [115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.12.12.12/32
[115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.12.13.0/24 [115/20] via 10.4.13.13, 00:15:50, GigabitEthernet1.413
[115/20] via 10.4.12.12, 00:15:50, GigabitEthernet1.412
i L2     10.13.13.13/32
[115/20] via 10.4.13.13, 00:15:50, GigabitEthernet1.413

R4#show ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
10.1.1.1/32          10.2.4.2             GigabitEthernet1.24
10.4.12.12           GigabitEthernet1.412
10.1.2.0/24          10.2.4.2             GigabitEthernet1.24
10.1.11.0/24         10.2.4.2             GigabitEthernet1.24
10.4.12.12           GigabitEthernet1.412
10.1.12.0/24         10.4.12.12           GigabitEthernet1.412
10.2.2.2/32          10.2.4.2             GigabitEthernet1.24
10.2.4.0/24          attached             GigabitEthernet1.24
10.2.4.0/32          receive              GigabitEthernet1.24
10.2.4.2/32          attached             GigabitEthernet1.24
10.2.4.4/32          receive              GigabitEthernet1.24
10.2.4.255/32        receive              GigabitEthernet1.24
10.2.11.0/24         10.2.4.2             GigabitEthernet1.24

What is the exact path(or multiple)?

R4#trace 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.4.2 3 msec
10.4.12.12 4 msec
10.2.4.2 3 msec
2 10.1.12.1 3 msec
10.1.2.1 3 msec
10.1.12.1 2 msec

CSR-4#show mpls forwarding-table
no MPLS apps enabled or MPLS not enabled on any interfaces

MPLS Forwarding

On MPLS we have LIB and LFIB. LIB essentially holds all the labels and associated information, while LFIB do the forwarding based on incoming labeled packets. CEF is a pre-requirement to run MPLS.
For MPLS the routing table (RIB) still the same as we see on Normal Forwarding.

This is the LFIB table….

R4#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  10.12.12.12/32   0             Gi1.412    10.4.12.12
17         Pop Label  10.13.13.13/32   0             Gi1.413    10.4.13.13
18         Pop Label  10.1.12.0/24     0             Gi1.412    10.4.12.12
19         Pop Label  10.2.12.0/24     0             Gi1.24     10.2.4.2
Pop Label  10.2.12.0/24     0             Gi1.412    10.4.12.12
20         Pop Label  10.11.12.0/24    0             Gi1.412    10.4.12.12
21         Pop Label  10.12.13.0/24    0             Gi1.412    10.4.12.12
Pop Label  10.12.13.0/24    0             Gi1.413    10.4.13.13
22         Pop Label  10.2.13.0/24     0             Gi1.24     10.2.4.2
Pop Label  10.2.13.0/24     0             Gi1.413    10.4.13.13
23         22         10.11.11.11/32   0             Gi1.24     10.2.4.2
24001      10.11.11.11/32   0             Gi1.412    10.4.12.12
24         16         10.1.1.1/32      0             Gi1.24     10.2.4.2
24003      10.1.1.1/32      0             Gi1.412    10.4.12.12
25         17         10.1.11.0/24     0             Gi1.24     10.2.4.2
24004      10.1.11.0/24     0             Gi1.412    10.4.12.12
26         Pop Label  10.2.11.0/24     0             Gi1.24     10.2.4.2
27         Pop Label  10.1.2.0/24      0             Gi1.24     10.2.4.2
28         Pop Label  10.2.2.2/32      0             Gi1.24     10.2.4.2

Doing a trace to R1 we get a labeled path

R4#trace 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.4.2 [MPLS: Label 16 Exp 0] 3 msec
10.4.12.12 [MPLS: Label 24003 Exp 0] 10 msec
10.2.4.2 [MPLS: Label 16 Exp 0] 3 msec
2 10.1.12.1 3 msec
10.1.2.1 3 msec *
Tags: , , ,