/r/jncip

Photograph via snooOG

Rules

  1. No posting of illegal materials (torrents, stolen PDFs, etc)
  2. No posting of "braindumps" (this includes 9tut)
  3. Be courteous and helpful
  4. If someone is wrong, try to be clear and understanding in your correction, not rude and disrespectful
  5. Do not ask for others to do your labs for you, or solicit payment for labs to be done for you.
  6. Make sure you are following Juniper's NDA policy.

The Reddit Juniper Ring

/r/jncip

284 Subscribers

0

What is the best instance pricing on Google Cloud or AWS for JNCIP lab

Hi everyone, I want to create an eve-ng on the cloud to practice JNCIP labs, with approximately 14-20 nodes vmx. Which hourly plan would be the best choice?

0 Comments
2023/12/07
03:56 UTC

2

JNCIP SEC recertification

Hi,

anyone have recertified for JNCIP SEC with course attendence ?

i'm planning to take the "jncie-sec certification self-study bundle" to get recertified and i can't find math on internet regards.

Thanks

2 Comments
2022/07/20
16:10 UTC

10

JNCIP-SP passed, but barely. what a relief

Looks like no one posts here regularly. So I figured why not.

I just passed my JNCIP-SP. By a hair!

I don't really have any advice. I just wanted to tell some one and unwind from all that stress.

I self studied for about 2 months.

I watched the videos on juniper's learning site. They moved everything and I think they took away things that existed before March. But what can you do? I just spent time searching their site for content. I couldn't afford the 4-6k per online class so I did what I had to. If anyone can't find the content I could share the URLs.

I organized a notebook by topic and read the juniper website to learn more and see configuration examples.

I took the practice tests from juniper and then carefully marked how many i got wrong from each subject and then went back to research those subjects more.

I would say if I had to do it again I would focus on just one subject at a time and not move on until I mastered that subject. The way I studied was very unorganized. And I found myself not really digging in deep and then not learning everything but just the slimmest amount. In the end I focused on single subjects and really focused on them. That seemed to help the most.

It was really frustrating. There are so many things to remember. I found myself learning about one thing then forgetting all of it when I learned the next subject. And I'd have to go back and read it all over again.

I probably brought this on myself by setting a deadline. Give yourself time. Don't rush. That's another thing I learned. Rushing it made me stress even more and then my brain would just block me from learning.

Good luck to anyone else taking it! It's a pretty tough exam.

8 Comments
2021/05/24
06:24 UTC

1

Lecture 3 RELEASED!! - Programming Fundamentals & Practice Problems

0 Comments
2020/06/03
06:03 UTC

3

JNCIP SP

Hi all, I’m recently passed my JNCIS-SP and want to start prepping for JNCIP-SP.

Unfortunately the Juniper Recommended materials and courses are way too expensive for me. Are there any other resources one could use?

Thanks

4 Comments
2020/02/26
15:41 UTC

3

Passed JNO-662

I thought I was going to fail that exam so hard. Squeaked in by 2%

So relieved! Needed to vent, even if the last post here was a year ago!

3 Comments
2019/11/27
22:20 UTC

3

Studying for the JNCIP-ENT

Hello everyone, I'm going to be taking the JNCIS-ENT soon and I want to start planning for my JNCIP-ENT studies. So far I plan on reading the O'Rielly routing and switching books, but I'm also considering the FryGuy book. The author really seems to know his stuff and I'm wondering if anyone else has experience with it. Thanks. https://leanpub.com/JNCIE-ENT/c/5ynkTZvi6wYw

3 Comments
2018/09/28
20:08 UTC

6

Don't Label Me Bro - Juniper Edition

My MPLS post the other week was pretty well received so I figured might as well show the other side of the coin and do it again with Juniper boxes.

#Topology

Today's Topology is similar to last time but Juniperified, we have:

  • 4 x PE routers that are vMX
  • 4 x P are vSRX
  • 4 x CE routers are VSRX boxes as well.

There are again two customers, CUST-A and CUST-B because originality is hard.

To save on some config space I'll just focus on a single router at a time unless there is differences that are worth seeing.

#Provider Routers

###Disable Flow Mode

I'm using SRX routers for my core so we need to disable the default flow based mode and reboot the boxes before we can use them with MPLS.

root@P01# set security forwarding-options family inet6 mode packet-based 

[edit]
root@P01# set security forwarding-options family mpls mode packet-based 

[edit]
root@P01# set security forwarding-options family iso mode packet-based 

root@P01# commit 
commit complete

[edit]

root@P01# run request system reboot 
Reboot the system ? [yes,no] (no) yes

Once this is done we will no longer need to use security zones for everything.

###Basic Setup

To keep things clean I'm using a virtual-router instance to move the first interface into another routing table for management.

set routing-instances MGMT instance-type virtual-router
set routing-instances MGMT interface ge-0/0/0.0
set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1
set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.211/24

Most of my interfaces are connecting to trunk ports to make life easier so I'm going to enable vlan tagging and use subinterfaces to connect to everything.

set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 3011 vlan-id 3011
set interfaces ge-0/0/1 unit 3011 family inet address 10.1.11.1/24
set interfaces ge-0/0/1 unit 3012 vlan-id 3012
set interfaces ge-0/0/1 unit 3012 family inet address 10.1.2.1/24
set interfaces ge-0/0/1 unit 3013 vlan-id 3013
set interfaces ge-0/0/1 unit 3013 family inet address 10.1.3.1/24
set interfaces ge-0/0/1 unit 3014 vlan-id 3014
set interfaces ge-0/0/1 unit 3014 family inet address 10.1.4.1/24
set interfaces lo0 unit 0 family inet address 192.168.255.1/32

Then I'll just turn on OSPF on all active interfaces in the routing instance.

root@P01# set protocols ospf area 0.0.0.0 interface all 

Once we are done we should see a neighbor with every other P router and a PE router (once we get that far)

root@P01# run show ospf neighbor 
Address          Interface              State     ID               Pri  Dead
10.1.11.254      ge-0/0/1.3011          Full      192.168.255.11   128    39
10.1.2.2         ge-0/0/1.3012          Full      192.168.255.2    128    32
10.1.3.3         ge-0/0/1.3013          Full      192.168.255.3    128    39
10.1.4.4         ge-0/0/1.3014          Full      192.168.255.4    128    34

###Enabling MPLS

While Cisco put effort into making sure MPLS is turned on right away, Juniper takes a bit more effort.

First we need to enable MPLS and LDP in the control plane under protocols, we can conveniently use the interface all keyword to enable it on all interfaces.

root@P01# set protocols mpls interface all 

root@P01# set protocols ldp interface all   

Next we need to turn it on for the forwarding plane by adding the mpls family to each interface on the router that will be in the MPLS path. This can be a bit annoying so you might want to look into things like config groups to ease the admin burden.

set interfaces ge-0/0/1 unit 3011 family mpls

set interfaces ge-0/0/1 unit 3012 family mpls

set interfaces ge-0/0/1 unit 3013 family mpls

set interfaces ge-0/0/1 unit 3014 family mpls

set interfaces lo0 unit 0 family mpls

#Route Reflector

We'll use a route reflector again but this time I'm just take advantage of the logical-system feature to carve PE01 and PE02 into two new Route Reflector boxes.

###RR01

First we'll turn on vlan-tagging for the interface I want to use since we still need to configure physical stuff at the interface level in logical-systems.

root@PE11# set interfaces ge-0/0/2 vlan-tagging 

Next we configure the interfaces like above under the logical-system.

root@PE11# set logical-systems RR01 interfaces ge-0/0/2 unit 3123 vlan-id 3123 
root@PE11# set logical-systems RR01 interfaces ge-0/0/2 unit 3123 family inet address 10.0.123.254/24 
root@PE11# set logical-systems RR01 interfaces ge-0/0/2 unit 3123 family mpls 
root@PE11# set logical-systems RR01 interfaces lo0 unit 1 family inet address 192.168.255.154/32 

root@PE11# set logical-systems RR01 protocols ospf area 0.0.0.0 interface all 
root@PE11# set logical-systems RR01 protocols mpls interface all 
root@PE11# set logical-systems RR01 protocols ldp interface all 

BGP is configured with the inet-vpn family which is the same as Cisco's VPNv4 family, the route reflector will have all for PEs as a peer, will use 65123 as the AS for iBGP and will set a cluster-id so Juniper knows it is a Route Reflector.

root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL type internal 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL local-address 192.168.255.154 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL family inet-vpn unicast 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL cluster 192.168.255.254 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL neighbor 192.168.255.11 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL neighbor 192.168.255.22 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL neighbor 192.168.255.33 
root@PE11# set logical-systems RR01 protocols bgp group PE-INTERNAL neighbor 192.168.255.44 
root@PE11# set logical-systems RR01 routing-options autonomous-system 65123 

###RR02

root@PE22# set logical-systems RR02 interfaces ge-0/0/2 unit 3123 vlan-id 3123 
root@PE22# set logical-systems RR02 interfaces ge-0/0/2 unit 3123 family inet address 10.1.123.254/24 
root@PE22# set logical-systems RR02 interfaces ge-0/0/2 unit 3123 family mpls 
root@PE22# set logical-systems RR02 interfaces lo0 unit 1 family inet address 192.168.255.254/32 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL type internal 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL local-address 192.168.255.254 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL family inet-vpn unicast 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL cluster 192.168.255.254 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL neighbor 192.168.255.11 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL neighbor 192.168.255.22 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL neighbor 192.168.255.33 
root@PE22# set logical-systems RR02 protocols bgp group PE-INTERNAL neighbor 192.168.255.44 
root@PE22# set logical-systems RR02 protocols ospf area 0.0.0.0 interface all 
root@PE22# set logical-systems RR02 protocols mpls interface all 
root@PE22# set logical-systems RR02 protocols ldp interface all 
root@PE22# set logical-systems RR02 routing-options autonomous-system 65123 

#Provider Edge

The PE will be similar to the Route-Reflector minus the logical system stuff, we'll setup the interfaces enable OSPF and MPLS, then peer with each of the RRs.

root@PE11# set routing-instances MGMT instance-type virtual-router 
root@PE11# set routing-instances MGMT interface ge-0/0/0.0 
root@PE11# set routing-instances MGMT routing-options static route 0.0.0.0/0 next-hop 10.20.2.1 
root@PE11# set interfaces ge-0/0/0 unit 0 family inet address 10.20.2.201/24 

root@PE11# set interfaces ge-0/0/1 vlan-tagging 
root@PE11# set interfaces ge-0/0/1 unit 3011 vlan-id 3011 
root@PE11# set interfaces ge-0/0/1 unit 3011 family inet address 10.1.11.254/24 
root@PE11# set interfaces ge-0/0/1 unit 3011 family mpls 
root@PE11# set interfaces ge-0/0/1 unit 3123 vlan-id 3123 
root@PE11# set interfaces ge-0/0/1 unit 3123 family inet address 10.0.123.11/24 
root@PE11# set interfaces ge-0/0/1 unit 3123 family mpls 
root@PE11# set interfaces ge-0/0/2 vlan-tagging 
root@PE11# set interfaces ge-0/0/5 unit 0 family inet address 192.168.1.254/24 

root@PE11# set interfaces lo0 unit 0 family inet address 192.168.255.11/32 
root@PE11# set interfaces lo0 unit 0 family inet6 address 2001:1234::1/128 
root@PE11# set interfaces lo0 unit 0 family mpls 

root@PE11# set routing-options autonomous-system 65123 
root@PE11# set protocols bgp group RR type internal 
root@PE11# set protocols bgp group RR local-address 192.168.255.11 
root@PE11# set protocols bgp group RR family inet-vpn unicast 
root@PE11# set protocols bgp group RR neighbor 192.168.255.154 
root@PE11# set protocols bgp group RR neighbor 192.168.255.254 

#VRF / Policies

Now our BGP is up it is time to create the last piece of the L3VPN and which is making the policies as well as the VRF the CE goes into.

###Policies

In Cisco land we controlled what route we imported and exported under the VRF configuration, Juniper does that too but for more granular control we will make a more elaborate policy.

First we make an community policy that just exports the PE's RD on each router.

root@PE11# set policy-options community RT-EXPORT-CE01 members target:65123:101 

Next we'll do the same for the import community where we will make one for each CE for flexibility's sake.

root@PE11# set policy-options community RT-IMPORT-CE01 members target:65123:101 
root@PE11# set policy-options community RT-IMPORT-CE02 members target:65123:102 
root@PE11# set policy-options community RT-IMPORT-CE03 members target:65123:103 
root@PE11# set policy-options community RT-IMPORT-CE04 members target:65123:104

With that in place we make a policy that will become our VRF-Export policy, we will say that if the protocol is directly connected or one of the routing protocols then we will add the export community and accept the route.

root@PE11# set policy-options policy-statement EXPORT-CE01 term EXPORT from protocol [ direct bgp rip ospf ]
root@PE11# set policy-options policy-statement EXPORT-CE01 term EXPORT then community add RT-EXPORT-CE01 
root@PE11# set policy-options policy-statement EXPORT-CE01 term EXPORT then accept 

If it doesn't match that criteria then we will reject it.

root@PE11# set policy-options policy-statement EXPORT-CE01 term REJECT then reject 

The VRF-Import policy will always be from MBGP so we match on protocol BGP, then we select what communities we want to talk to each other.

In our topology Cust-A is CE01 and CE02 so we'll do that then reject the rest.

root@PE11# set policy-options policy-statement IMPORT-CE01 term IMPORT from protocol bgp 
root@PE11# set policy-options policy-statement IMPORT-CE01 term IMPORT from community [ RT-IMPORT-CE01 RT-IMPORT-CE02 ] 
root@PE11# set policy-options policy-statement IMPORT-CE01 term IMPORT then accept 
root@PE11# set policy-options policy-statement IMPORT-CE01 term REJECT then reject

###VRFs

With all that in place we need to make a VRF instance. In my case I'm using ge-0/0/5 on all the PEs as the CE interface so we add it to the VRF, we also set the PE's proper RD and apply the VRF policies we just made. We also use vrf-table-label to help make the L3VPN happy.

root@PE11# set routing-instances CE01 instance-type vrf 
root@PE11# set routing-instances CE01 interface ge-0/0/5.0 
root@PE11# set routing-instances CE01 route-distinguisher 65123:101 
root@PE11# set routing-instances CE01 vrf-import IMPORT-CE01 
root@PE11# set routing-instances CE01 vrf-export EXPORT-CE01 
root@PE11# set routing-instances CE01 vrf-table-label 

We'll also set the router-id for the instance just to have a bit more control

root@PE11# set routing-instances CE01 routing-options router-id 192.168.255.11 

#Customer Edge

###PE01

Finally we will start working on the CE routing!

We need an export policy so Juniper knows what to send so I'll make a simple one that just accepts any route, since PE01 is BGP we'll setup that too. The config is the same as you have seen though you may want to use the as-override option if you are using BGP.

root@PE11# set policy-options policy-statement EXPORT-BGP then accept
root@PE11# set routing-instances CE01 protocols bgp group CUST-A type external 
root@PE11# set routing-instances CE01 protocols bgp group CUST-A export EXPORT-BGP 
root@PE11# set routing-instances CE01 protocols bgp group CUST-A peer-as 65101 
root@PE11# set routing-instances CE01 protocols bgp group CUST-A neighbor 192.168.1.1 as-override 



root@PE11# set policy-options policy-statement EXPORT-BGP then accept 

root@PE11# set policy-options policy-statement EXPORT-OSPF from protocol bgp 
root@PE11# set policy-options policy-statement EXPORT-OSPF then accept
root@PE11# set policy-options policy-statement EXPORT-RIP then metric 5 
root@PE11# set policy-options policy-statement EXPORT-RIP then accept 

###CE01, CE02, CE03, CE04

Since the CE's are still in flow mode, we need to make sure the interfaces we use are trusted by the security zone, we could get more specific but we aren't really playing with the firewall today :)

root@CE01# set security zones security-zone trust host-inbound-traffic system-services all 
root@CE01# set security zones security-zone trust host-inbound-traffic protocols all 
root@CE01# set security zones security-zone trust interfaces ge-0/0/1.0 
root@CE01# set security zones security-zone trust interfaces ge-0/0/2.0 

###CE01

For BGP we just do a normal peering and advertise everything directly connected.

root@CE01# set policy-options policy-statement EXPORT-BGP from protocol direct 
root@CE01# set policy-options policy-statement EXPORT-BGP then accept

root@CE01# set protocols bgp group CUST-A type external 
root@CE01# set protocols bgp group CUST-A export EXPORT-BGP 
root@CE01# set protocols bgp group CUST-A peer-as 65123 
root@CE01# set protocols bgp group CUST-A neighbor 192.168.1.254 

###CE02

Same with RIP for CE02

root@CE02# set policy-options policy-statement EXPORT-RIP from protocol direct 
root@CE02# set policy-options policy-statement EXPORT-RIP then accept

root@CE02# set protocols rip group CUST-A export EXPORT-RIP 
root@CE02# set protocols rip group CUST-A neighbor ge-0/0/1.0 

###CE03 and CE04

The OSPF CE is a bit unique because it is the only protocol we are looking at today that cares about external routes. Let's setup OSPF in two ways, one will simply add all interfaces to OSPF and the other will use the export method we have been doing

root@CE03# set protocols ospf area 0.0.0.0 interface all 
root@CE03# set protocols ospf area 0.0.0.0 interface lo0.0 passive 


root@CE04# set policy-options policy-statement EXPORT-OSPF from protocol direct 
root@CE04# set policy-options policy-statement EXPORT-OSPF then accept 
root@CE04# set protocols ospf export EXPORT-OSPF    
root@CE04# set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 

Now we get the routes but routes from CE04 are external! We might talk about OSPF specific MPLS topics another day!

root@CE03# run show ospf route    
Topology default Route Table:

Prefix             Path  Route      NH       Metric NextHop       Nexthop      
                   Type  Type       Type            Interface     Address/LSP
192.168.3.254      Intra Area/AS BR IP            1 ge-0/0/1.0    192.168.3.254
172.16.31.0/24     Intra Network    IP            1 ge-0/0/2.0
172.16.32.0/24     Intra Network    IP            1 ge-0/0/2.0
172.16.33.0/24     Intra Network    IP            1 ge-0/0/2.0
172.16.34.0/24     Intra Network    IP            1 ge-0/0/2.0
172.16.41.0/24     Ext2  Network    IP            0 ge-0/0/1.0    192.168.3.254
172.16.42.0/24     Ext2  Network    IP            0 ge-0/0/1.0    192.168.3.254
172.16.43.0/24     Ext2  Network    IP            0 ge-0/0/1.0    192.168.3.254
172.16.44.0/24     Ext2  Network    IP            0 ge-0/0/1.0    192.168.3.254
192.168.3.0/24     Intra Network    IP            1 ge-0/0/1.0
192.168.4.0/24     Ext2  Network    IP            0 ge-0/0/1.0    192.168.3.254

#Verification

Now that everything is up we can make sure that BGP is working properly (probably should have done that sooner!)

root@PE11# run show bgp summary                                        
Groups: 2 Peers: 3 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0          
                      12          6          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.1.1           65101       1803       1794       0       3    13:27:34 Establ
  CE01.inet.0: 5/6/6/0
192.168.255.154       65123       1594       1582       0       1    11:54:35 Establ
  bgp.l3vpn.0: 6/6/6/0
  CE01.inet.0: 6/6/6/0
192.168.255.254       65123       1591       1581       0       1    11:54:41 Establ
  bgp.l3vpn.0: 0/6/6/0
  CE01.inet.0: 0/6/6/0

We can also see the MPLS interfaces on the router

root@PE11# run show mpls interface 
Interface        State       Administrative groups (x: extended)
ge-0/0/1.3011    Up         <none>
ge-0/0/1.3123    Up         <none>

[edit]

As well as the LDP neighbors

root@PE11# run show ldp neighbor 
Address                             Interface       Label space ID     Hold time
10.1.11.1                           ge-0/0/1.3011   192.168.255.1:0      14
10.0.123.33                         ge-0/0/1.3123   192.168.255.33:0     13
10.0.123.44                         ge-0/0/1.3123   192.168.255.44:0     13
10.0.123.254                        ge-0/0/1.3123   192.168.255.154:0    11

###PE01 Routing Table

Juniper groups everything into the routing table so we can see the main routing table, the MPLS labels, the VRF routes, and IPv6 routes all in one place! We can also see the INET-VPN routes so we can see if things are being learned properly.

root@PE11# run show route 

inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.123.0/24      *[Direct/0] 12:09:45
                    > via ge-0/0/1.3123
10.0.123.11/32     *[Local/0] 12:09:45
                      Local via ge-0/0/1.3123
10.1.2.0/24        *[OSPF/10] 14:45:03, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
10.1.3.0/24        *[OSPF/10] 14:45:03, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
10.1.4.0/24        *[OSPF/10] 14:45:03, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
10.1.11.0/24       *[Direct/0] 14:45:09
                    > via ge-0/0/1.3011
10.1.11.254/32     *[Local/0] 14:45:09
                      Local via ge-0/0/1.3011
10.1.123.0/24      *[OSPF/10] 11:41:39, metric 2
                    > to 10.0.123.33 via ge-0/0/1.3123
                      to 10.0.123.44 via ge-0/0/1.3123
10.2.3.0/24        *[OSPF/10] 11:42:39, metric 3
                      to 10.1.11.1 via ge-0/0/1.3011
                    > to 10.0.123.33 via ge-0/0/1.3123
10.2.4.0/24        *[OSPF/10] 11:41:48, metric 3
                      to 10.1.11.1 via ge-0/0/1.3011
                    > to 10.0.123.44 via ge-0/0/1.3123
10.2.22.0/24       *[OSPF/10] 11:41:39, metric 3
                      to 10.1.11.1 via ge-0/0/1.3011
                      to 10.0.123.33 via ge-0/0/1.3123
                    > to 10.0.123.44 via ge-0/0/1.3123
10.3.4.0/24        *[OSPF/10] 11:41:48, metric 3
                      to 10.1.11.1 via ge-0/0/1.3011
                      to 10.0.123.33 via ge-0/0/1.3123
                    > to 10.0.123.44 via ge-0/0/1.3123
10.3.33.0/24       *[OSPF/10] 11:42:39, metric 2
                    > to 10.0.123.33 via ge-0/0/1.3123
10.4.44.0/24       *[OSPF/10] 11:41:48, metric 2
                    > to 10.0.123.44 via ge-0/0/1.3123
192.168.255.1/32   *[OSPF/10] 14:45:03, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011
192.168.255.2/32   *[OSPF/10] 12:00:32, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
192.168.255.3/32   *[OSPF/10] 11:42:39, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
                      to 10.0.123.33 via ge-0/0/1.3123
192.168.255.4/32   *[OSPF/10] 11:41:48, metric 2
                    > to 10.1.11.1 via ge-0/0/1.3011
                      to 10.0.123.44 via ge-0/0/1.3123
192.168.255.11/32  *[Direct/0] 14:52:17
                    > via lo0.0
192.168.255.22/32  *[OSPF/10] 11:41:39, metric 2
                    > to 10.0.123.33 via ge-0/0/1.3123
                      to 10.0.123.44 via ge-0/0/1.3123
192.168.255.33/32  *[OSPF/10] 11:42:39, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123
192.168.255.44/32  *[OSPF/10] 11:41:48, metric 1
                    > to 10.0.123.44 via ge-0/0/1.3123
192.168.255.154/32 *[OSPF/10] 12:07:04, metric 1
                    > to 10.0.123.254 via ge-0/0/1.3123
192.168.255.254/32 *[OSPF/10] 11:41:39, metric 2
                      to 10.0.123.33 via ge-0/0/1.3123
                    > to 10.0.123.44 via ge-0/0/1.3123
224.0.0.2/32       *[LDP/9] 14:52:17, metric 1
                      MultiRecv
224.0.0.5/32       *[OSPF/10] 14:52:17, metric 1
                      MultiRecv

inet.3: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.255.1/32   *[LDP/9] 14:45:03, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011
192.168.255.2/32   *[LDP/9] 12:00:32, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Push 299840
192.168.255.3/32   *[LDP/9] 11:42:38, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Push 299808
                      to 10.0.123.33 via ge-0/0/1.3123, Push 299776
192.168.255.4/32   *[LDP/9] 11:41:47, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Push 299792
                      to 10.0.123.44 via ge-0/0/1.3123, Push 299776
192.168.255.22/32  *[LDP/9] 11:37:45, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 299952
                      to 10.0.123.44 via ge-0/0/1.3123, Push 299952
192.168.255.33/32  *[LDP/9] 11:42:38, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123
192.168.255.44/32  *[LDP/9] 11:41:47, metric 1
                    > to 10.0.123.44 via ge-0/0/1.3123
192.168.255.154/32 *[LDP/9] 11:44:55, metric 1
                    > to 10.0.123.254 via ge-0/0/1.3123
192.168.255.254/32 *[LDP/9] 11:37:45, metric 1
                      to 10.0.123.33 via ge-0/0/1.3123, Push 299936
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 299936

CE01.inet.0: 13 destinations, 20 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.11.0/24     *[BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
172.16.12.0/24     *[BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
172.16.13.0/24     *[BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
172.16.14.0/24     *[BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
172.16.21.0/24     *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
172.16.22.0/24     *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
172.16.23.0/24     *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
172.16.24.0/24     *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
192.168.1.0/24     *[Direct/0] 14:45:09
                    > via ge-0/0/5.0
                    [BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
192.168.1.254/32   *[Local/0] 14:45:09
                      Local via ge-0/0/5.0
192.168.2.0/24     *[BGP/170] 00:33:22, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:33:22, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
192.168.254.1/32   *[BGP/170] 13:28:31, localpref 100
                      AS path: 65101 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/5.0
192.168.254.2/32   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)

MGMT.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 14:45:09
                    > to 10.20.2.1 via ge-0/0/0.0
10.20.2.0/24       *[Direct/0] 14:45:09
                    > via ge-0/0/0.0
10.20.2.201/32     *[Local/0] 14:45:09
                      Local via ge-0/0/0.0
                                        
mpls.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 14:52:17, metric 1
                      to table inet.0
0(S=0)             *[MPLS/0] 14:52:17, metric 1
                      to table mpls.0
1                  *[MPLS/0] 14:52:17, metric 1
                      Receive
2                  *[MPLS/0] 14:52:17, metric 1
                      to table inet6.0
2(S=0)             *[MPLS/0] 14:52:17, metric 1
                      to table mpls.0
13                 *[MPLS/0] 14:52:17, metric 1
                      Receive
16                 *[VPN/0] 14:52:17
                    > via lsi.0 (CE01), Pop      
299776             *[LDP/9] 14:45:03, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Pop      
299776(S=0)        *[LDP/9] 14:45:03, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Pop      
299792             *[LDP/9] 11:41:47, metric 1
                      to 10.1.11.1 via ge-0/0/1.3011, Swap 299792
                    > to 10.0.123.44 via ge-0/0/1.3123, Swap 299776
299808             *[LDP/9] 11:42:38, metric 1
                      to 10.1.11.1 via ge-0/0/1.3011, Swap 299808
                    > to 10.0.123.33 via ge-0/0/1.3123, Swap 299776
299824             *[LDP/9] 12:00:32, metric 1
                    > to 10.1.11.1 via ge-0/0/1.3011, Swap 299840
299856             *[LDP/9] 11:42:38, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123, Pop      
299856(S=0)        *[LDP/9] 11:42:38, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123, Pop      
299872             *[LDP/9] 11:41:47, metric 1
                    > to 10.0.123.44 via ge-0/0/1.3123, Pop      
299872(S=0)        *[LDP/9] 11:41:47, metric 1
                    > to 10.0.123.44 via ge-0/0/1.3123, Pop      
299904             *[LDP/9] 11:44:55, metric 1
                    > to 10.0.123.254 via ge-0/0/1.3123, Pop      
299904(S=0)        *[LDP/9] 11:44:55, metric 1
                    > to 10.0.123.254 via ge-0/0/1.3123, Pop      
299936             *[LDP/9] 11:37:45, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123, Swap 299936
                      to 10.0.123.44 via ge-0/0/1.3123, Swap 299936
299952             *[LDP/9] 11:37:45, metric 1
                    > to 10.0.123.33 via ge-0/0/1.3123, Swap 299952
                      to 10.0.123.44 via ge-0/0/1.3123, Swap 299952

bgp.l3vpn.0: 6 destinations, 12 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65123:102:172.16.21.0/24                
                   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
65123:102:172.16.22.0/24                
                   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
65123:102:172.16.23.0/24                
                   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
65123:102:172.16.24.0/24                
                   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
65123:102:192.168.2.0/24                
                   *[BGP/170] 00:33:22, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:33:22, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                    > to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                      to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
65123:102:192.168.254.2/32                
                   *[BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.154
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    [BGP/170] 00:31:09, MED 2, localpref 100, from 192.168.255.254
                      AS path: I, validation-state: unverified
                      to 10.0.123.33 via ge-0/0/1.3123, Push 19, Push 299952(top)
                    > to 10.0.123.44 via ge-0/0/1.3123, Push 19, Push 299952(top)

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2001:1234::1/128   *[Direct/0] 14:52:17
                    > via lo0.0
fe80::250:560f:fc9e:4cd1/128
                   *[Direct/0] 14:52:17
                    > via lo0.0
ff02::2/128        *[INET6/0] 14:52:17
                      MultiRecv

#Pastebins

Here are the configs in pastebins for a bit more convenient looking at.

PE01

PE02

PE03

PE04

P01

P02

P03

P04

CE01

CE02

CE03

CE04

0 Comments
2017/09/19
18:57 UTC

3

JNCIP Books/Study Guides

I'm studying for the JNCIP-ENT certification and I was wondering if anybody knew where you can get the course materials at a discounted rate? $1200 in books seems a little crazy. I also see that they are changing the cert to be JN0-647 in September so I wonder if that will affect the training materials. Are the O'Reilly books still a good resource or are they outdated?

Thanks guys

4 Comments
2017/08/21
23:29 UTC

3

Jncip-SP/ENT Labs and Explanations - BGP Route Reflectors VS Confederations

So i have decided to try and liven up some forums that have been noticeably quiet, because i can't be the only one going for certain exam certs .. And it might help other people as well as me.

First Topic

BGP Confederations!

Test lab

Diagram

http://imgur.com/Tqn6itn

I am omitting IPs for now for the most part, As that seems like it would pad this post alot. I will include base configs though which should help along the way.

AS Breakdown

P1, PE11, PE12, PE21, PE22 Are all apart of the public AS 300.

PE11, PE12 Are apart of SUB-AS 65500

PE1 Is apart of SUB-AS 65300

PE21, PE22 Are apart of SUB-AS 65200

CE10 Is multi homed to both PE11 and PE12 Using Public AS 500

CE20 Is multi homed to both PE21 and PE22 Using Public AS 600

What is the difference between a BGP Confederation and the use of route reflectors/clusters?

Differences between Route Reflectors and clusters / Confederations https://jncie.files.wordpress.com/2008/09/350010_differences-between-bgp-route-reflectors-and-confederations.pdf

Quick Config guide https://www.juniper.net/documentation/en_US/junos16.1/topics/example/routing-protocol-bgp-security-confederation-configuring-cli.html

Some key differences i think that should be kept in mind Route Reflectors Should have a full mesh between them, While the clients only peer with the reflectors.

Whereas in a confederation, There is no need for full mesh peering between sub-as's, BUT within each Sub-AS there should be a full mesh between routers.

Peering RR to RRclients -> IBGP

Clusters IBGP used within the Sub AS's EBGP like protocol is used (EIBGP) used to connect Sub AS's

Changes or additions to BGP attributes Route Reflectors

New mandatory attributes Originator ID Cluster ID

Confederations Enhancements to the AS Path attribute Type 3:AS confederation set Type 4:AS confederation Sequence

Example in this lab, If i look at routes from AS600 to SUB-AS 6550 from the point of view of PE11 and PE12

If i look at these same routes from the perspective of CE10 from CE20 As we see, The SUB-AS paths are HIDDEN from the point of view of the CEs

EXAMPLE http://imgur.com/r0oxyHt

http://imgur.com/lXYtaVt

NEXT HOP handling With confederations even though the protocol being used is like EBGP, The next hop handling is essentially the same as IBGP, Where it is not changed and is preserved on the way through the network by default. These can be changed with a next hop policy of your choosing.

Local Preference Both protocols use the same method of handling the local preference value. It is passed through the network as is and preserved. Even between SUB ASs.

MED(Multi Exit Discriminator) Same as Local Preference, It is passed as it between SUB ASs

Re-Advertising a learned prefix. Route Reflectors Because there is fully meshed IBGP peering between route reflectors, a route reflector does not re-advertise a learned prefix from a NON CLIENT peer to another.

Route Reflectors advertise prefixes learned from a client to the other client or non client peers.

Confederations Because the protocol is like EBGP, Routes learned from each SUB-AS is advertised to other SUB-ASs that are peered. NOTE:Because of the next hop policy listed above, Your routes learned from each sub as will most likely show up as hidden, Unless you are running some sort of IGP between the sub-as's that advertise all internal routes etc etc.

Communication with non member BGP peers (Important info!) Route Reflectors If route reflectors peer with non route reflector routers located in the same AS, The route reflector attributes that are being passed are ignored, because of the type of the attributes (OPTIONAL, non transitive) And the attributes are dropped.

If route reflectors peer with an EBGP peer, ONLY AS number is passed.

Confederations If a member of the confederation is peering with a BGP peer located in another AS, the sub-AS numbers located in the AS-Path are suppressed and ONLY THE CONFEDERATION NUMBER IS PASSE WITHIN THE AS PATH ATTRIBUTE.

Support of multiple instances Route Reflectors can be members of multiple clusters as long as the routers are configured as route reflectors.

Confederations The router can only be a member of a single sub-as or a single confederation

Use of multi-hop parameter. Not needed with route reflectors, But might be needed with confederations.

In the listed PDF there are a few more interesting differences listed toward the bottom that will make for a good read.

5 Comments
2016/12/08
19:38 UTC

4

JNCIP-ENT Exam Topics

OSPF

  • Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
  • OSPF LSA types
  • OSPF area types and operations
  • LSA flooding through an OSPF multi-area network
  • DR/BDR operation
  • SPF algorithm
  • Metrics, including external metric types
  • Authentication options
  • Route summarization and restriction
  • Overload
  • Virtual links
  • OSPFv2 vs OSPFv3
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
  • Implement OSPF routing policy

BGP

  • Describe the concepts, operation and functionality of BGP
  • BGP route selection process
  • Next hop resolution
  • BGP attributes - concept and operation
  • BGP communities
  • Regular expressions
  • Load balancing - multipath, multihop, forwarding table
  • NLRI families - inet, inet6
  • Advanced BGP options
  • Given a scenario, demonstrate knowledge of how to configure and monitor BGP
  • Implement BGP routing policy

IP Multicast

  • Describe the concepts, operation and functionality of IP multicast
  • Components of IP multicast, including multicast addressing
  • IP multicast traffic flow
  • Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
  • RPF - concept and operation
  • IGMP, IGMP snooping
  • PIM dense-mode and sparse-mode
  • Rendezvous point (RP) - concept, operation, discovery, election
  • SSM - requirements, benefits, address ranges
  • Anycast RP
  • MSDP
  • Routing policy and scoping
  • Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
  • Implement IP multicast routing policy

Ethernet Switching and Spanning Tree

  • Describe the concepts, operation and functionality of advanced Ethernet switching
  • Filter-based VLANs
  • Private VLANs
  • Dynamic VLAN registration using MVRP
  • Tunnel Layer 2 traffic through Ethernet networks
  • Layer 2 tunneling using Q-in-Q and L2PT
  • Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
  • Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
  • Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control

  • Describe the operation of various Layer 2 authentication and access control features
  • Authentication process flow
  • 802.1x - concepts and functionality
  • MAC RADIUS
  • Captive portal
  • Server fail fallback
  • Guest VLAN
  • Considerations when using multiple authentication/access control methods
  • Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features

  • Describe the concepts, operation and functionality of features that facilitate IP telephony deployments
  • Power over Ethernet (PoE)
  • LLDP and LLDP-MED
  • Voice VLAN
  • Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

Class of Service (CoS)

  • Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks
  • CoS processing on Junos devices
  • CoS header fields
  • Forwarding classes
  • Classification
  • Packet loss priority
  • Policers
  • Schedulers
  • Drop profiles
  • Shaping
  • Rewrite rules
  • Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks
0 Comments
2015/12/15
15:15 UTC

1

JNCIP-SEC Exam Topics

Application-Aware Security Services

  • Describe the concepts, operation and functionality of AppSecure
  • AppSecure traffic processing
  • AppID
  • AppTrack
  • User FW
  • SSL proxy
  • AppFW
  • AppQoS
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules

Virtualization

  • Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways
  • Routing instances
  • RIB groups
  • Routing between instances
  • Logical systems (LSYS)
  • Intra-LSYS and Inter-LSYS communication
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
  • Given a scenario, describe and implement filter-based forwarding (FBF)

Advanced NAT

  • Describe the concepts, operation and functionality of various types of NAT
  • NAT traffic processing
  • Destination NAT
  • Source NAT
  • Persistent NAT
  • Static NAT
  • Double NAT
  • NAT traversal
  • DNS doctoring
  • IPv6 NAT (Carrier-grade NAT) - NAT64, NAT46, NAT444, DS-Lite
  • Routing
  • NAT and FBF
  • NAT and security policy
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations

Advanced IPSec VPNs

  • Describe the concepts, operation and functionality of various IPSec VPN implementations
  • IPSec traffic processing
  • Site-to-site VPNs
  • Hub-and-spoke VPNs
  • Group VPNs
  • Dynamic VPNs
  • Routing over VPNs
  • VPNs and NAT
  • Public key infrastructure (PKI) for IPSec VPNs
  • Traffic Selectors
  • VPNs and dynamic gateways
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations

Intrusion Prevention

  • Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways
  • IPS packet inspection process
  • IPS rules and rulebases
  • Signature-based attack detection
  • Reconnaissance scans and fingerprinting
  • Flooding, attacks and spoofing
  • Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality
  • IPS deployment options and considerations
  • Network settings
  • Attack database
  • Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
  • Custom signatures
  • Scan prevention

Transparent Mode

  • Describe the concepts, operation and functionality of various transparent mode implementations
  • High Availability
  • VLAN translation
  • Layer 2 security
  • IRB
  • Bridge groups
  • Spanning tree traffic processing
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations

Troubleshooting

  • Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
  • Flow analysis
  • SNMP
  • show commands
  • Logging and syslog
  • Tracing, including flow traceoptions
  • Policy flow
  • Packet capture
0 Comments
2015/12/15
15:13 UTC

1

JNCIP-SP Exam Topics

OSPF

  • Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
  • OSPF LSA types
  • OSPF area types and operations
  • LSA flooding through an OSPF multi-area network
  • DR/BDR operation
  • SPF algorithm
  • Metrics, including external metric types
  • Authentication options
  • Summarize and restrict routes
  • Virtual links
  • OSPFv2 vs OSPFv3
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
  • Implement OSPF routing policy

IS-IS

  • Describe the concepts, operation and functionality of IS-IS
  • IS-IS link-state PDU (LSP) types
  • IS-IS areas/levels and operations
  • LLSP flooding through an IS-IS multi-area network
  • DIS operation
  • SPF algorithm
  • Metrics, including wide metrics
  • Authentication options
  • Route summarization and route leaking
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area IS-ISa
  • Implement IS-IS routing policy

BGP

  • Describe the concepts, operation and functionality of BGP
  • BGP route selection process
  • Next hop resolution
  • BGP attributes – concept and operation
  • BGP communities
  • Regular expressions
  • Multipath
  • Multihop
  • Load balancing
  • Advanced BGP options
  • BGP route damping
  • Multiprotocol BGP
  • Given a scenario, demonstrate knowledge of how to configure and monitor BGP
  • Route reflection
  • Confederations
  • Describe the concepts, operation and functionality of BGP scaling mechanisms
  • Implement BGP routing policy

Class of Service (CoS)

  • Describe the concepts, operation and functionality of Junos CoS
  • CoS processing on Junos devices
  • CoS header fields
  • Forwarding classes
  • Classification
  • Packet loss priority
  • Policers, including tricolor marking and hierarchical policers
  • Schedulers
  • Drop profiles
  • Shaping
  • Rewrite rules
  • Hierarchical scheduling (H-CoS) characteristics (high-level only)
  • Given a scenario, demonstrate knowledge of how to configure and monitor CoS

IP Multicast

  • Describe the concepts, operation and functionality of IP multicast
  • Components of IP multicast, including multicast addressing
  • IP multicast traffic flow
  • Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
  • RPF – concept and operation
  • IGMP
  • PIM dense-mode and sparse-mode
  • Rendezvous point (RP) – concept, operation, discovery, election
  • SSM – requirements, benefits, address ranges
  • MSDP, including single and multi-PIM domains
  • Anycast RP
  • Routing policy and scoping
  • Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM, PIM-SM (including SSM) and MSDP
  • Implement IP multicast routing policy

MPLS

  • Describe the concepts, operation and functionality of MPLS
  • RSVP and LDP operation
  • Primary/secondary paths
  • LSP metrics, including interaction with IGP metrics
  • LSP priority and preemption
  • Fast reroute, link protection and node protection
  • LSP optimization
  • Routing table integration options for traffic engineering
  • RSVP reservation styles
  • Routing policy to control path selection
  • Advanced MPLS features
  • Describe the concepts, operation and functionality of Constrained Shortest Path First (CSPF)
  • TED
  • IGP extensions
  • CSPF algorithm – selecting the best path
  • Tie-breaking options
  • Administrative groups
  • Advanced CSPF options
  • Given a scenario, demonstrate knowledge of how to configure and monitor MPLS, LDP and RSVP
  • RSVP-signaled and LDP-signaled LSPs
  • Traffic protection mechanisms
  • CSPF
  • Implement MPLS routing policy

Layer 3 VPNs

  • Describe the concepts, operation and functionality of Layer 3 VPNs
  • Traffic flow – control and data planes
  • Full mesh vs. hub-and-spoke topology
  • VPN-IPv4 addressing
  • Route distinguishers
  • Route targets
  • Route distribution
  • Site of origin
  • Sham links
  • vrf-table-label
  • Layer 3 VPN scaling
  • Layer 3 VPN Internet access options
  • Given a scenario, demonstrate knowledge of how to configure and monitor the components of Layer 3 VPNs
  • Describe the concepts, operation and functionality of multicast VPNs
  • Next-generation MVPNs (NG-MVPN)
  • Flow of control and data traffic in a NG-MVPN
  • Describe Junos support for carrier-of-carriers and interprovider VPN models

Layer 2 VPNs

  • Describe the concepts, operation and functionality of BGP Layer 2 VPNs
  • Traffic flow – control and data planes
  • Forwarding tables
  • Connection mapping
  • Layer 2 VPN NLRI
  • Route distinguishers
  • Route targets
  • Layer 2 VPN scaling
  • Describe the concepts, operation and functionality of LDP Layer 2 circuits
  • Traffic flow – control and data planes
  • Virtual circuit label
  • Layer 2 interworking
  • Describe the concepts, operation and functionality of VPLS
  • Traffic flow – control and data planes
  • BGP VPLS label distribution
  • LDP VPLS label distribution
  • Route targets
  • Site IDs
  • Given a scenario, demonstrate knowledge of how to configure and monitor Layer 2 VPNs
  • BGP Layer 2 VPNs
  • LDP Layer 2 circuits
  • VPLS

Automation

  • Demonstrate basic knowledge of using automation scripts
  • Operation scripts
  • Commit scripts
  • Event scripts
0 Comments
2015/12/15
15:11 UTC

1

FIRST!! What is JNCIP?

  • What is JNCIP?

  • What is its exam number?

  • What is the current version of the exam?

  • What OS does it cover?

  • What is the most equivalent certification by another vendor?

1 Comment
2015/12/12
22:04 UTC

Back To Top