JNCIE-SEC #374 – It finally happened

This post is about my Journey becoming JNCIE-SEC #374. Sorry for taking so long but this Blog-Post really needed my special attention because there are many personal feelings involved with the way from JNCIA-JunOS up to JNCIE-SEC.
When I started my long journey, I found many Blog Posts about this Topic. I knew that one day I would do the same – give something back – and writing about my experience. And boy am I proud that this day finally has arrived… 🙂

After talking to a lot of network-folks I decided to also provide some insights into my lab and the time-schedule that I created myself for the training – hopefully, this will help some of you.

SPOILER:
You will NOT find any Info about the actual Exam, nor any “illegal tips” or stuff like that – if you know me a bit better you know why. The Expert is the most valuable Exam – in my Opinion even higher than a degree in IT because this Exam will not only show you boring Theory but will show you the “real world”. And I want to keep it like that – I know this value and I have taken the path that I would never ever destroy – so please don’t contact me via Mail “Hey Chris – can you send me the actual topology?” – Please understand this – thanks.

 

In case you are still reading – congrats – you seem to be willing to really “study” for this Exam and you want to learn something – and I will guide you.

First of all: In my Opinion, the Expert-Prep is not about learning all the Topics (which are massive) in every detail (but of course this helps) – the Exam is about Time and T-Shoot capabilities. You need to be able to decide in a couple of minutes how to actually solve a given Network Problem – these problems are not some Sci-Fi-Stuff – they are real problems that would face you in the real-world by a customer. After my first attempt I was leaving the Exam Room and thought 2 things:

1) Holy smokes – the topics weren’t as hard as I thought – no “traps” or “mean questions”
2) Holy smokes – how should I do all this in only 8 hours and verify all this…

When I started my journey in 2016, I purchased the inetzero Books, that most of the Experts I talked to also used for all the Tracks – and boy was this helpful. I can only recommend you to give them a shot: https://www.inetzero.com/

In many Blogs you will read, that the inetzero book is enough – I personally would say, that this is only partially true – because if you don’t know how to create a proper “strike plan” (by the way special Thanks to Udo Steinegger for providing an excellent JNCIE-SEC Bootcamp) you already lost…

Most of this will be addressed in Junipers official Bootcamp – which I also took and which was very helpful because only JNCIE’s will “teach” this Bootcamp as far as I know. You already know the Topics if you took the Professional Course, but having an actual JNCIE telling you how to create “strike plans” and how to “calm your mind” is priceless. That was my motivation to go for the Bootcamp. Of course, you have to decide for yourself.

Ask yourself this:
Do you know how to calm your mind even in the most stressful situations and do you stay calm and focused when presented with a complete unknown topology with a completely unknown number of devices and complete unknown tasks that you have to do in a short amount of time?

If you answered this partially no –> Go for the Bootcamp – or work inside a NOC where the Customers keep calling you, telling you, that this problem is the most important in the world and you were just born to solve this problem because every customer calling the NOC is a VIP – not always entertaining but this helps a lot 😉

After my first attempt I knew, that the Exam was doable (who would have thought) – I mean I knew that before but once you actually tried the Exam, felt all the pressure inside this room and have this “only 8 hours” feeling, you start to lab different than before – JunOS Shortcuts, for example, are your friend. So after this first attempt, I went straight to my Hotel-Room and tried to remember the Topics that I struggled with the most. I got this tip from a friend – don’t wait until the next morning – most of it will be forgotten. Write down every part that you thought you screwed up or that was not working easily for you. With this List, you can go to your lab again and train, train, train.

I personally labbed 100% virtual – this has pros and cons.

Pro:
I installed myself EVE-NG (basically my life savior because doing Expert-Labs in ESX is ugly and painful and takes a lot of time…) and could basically lab from anywhere, anytime.
+ Waiting at the customer’s site between 2 calls? –> Lab
+ Waiting at the airport for the plane? –> Lab
+ Going by train –> Nice –> Lab time
+ Can’t sleep because of a problem bugs you and you still want to test the newest vSRX in parallel? –> Great –> Fire it up and Lab it 😉

Cons:
Well since you can basically lab from anywhere and you are a “freak” like me, you most likely will lab from everywhere:
+ Waiting at a romantic dinner table for the food (sorry sorry sorry Darling) –> Lab
+ Waiting at the cinema for the movie to start –> Lab
+ Waiting at the bar for the next drink –> Lab

It’s also important to “take a day off” – regenerate and start fresh again.

So I knew that I would most likely not “one-shot” this thing –> So I stayed focused and waited roughly 2 Months until the next attempt. I really felt like I could do it (you will read this again later) and got there super excited. In attempt No. 2 I scored even higher than the first time – but still failed. I got a bit frustrated and started to question myself because I was still many points behind the passing Score (no I will not tell it of course). Luckily for me, I have family and people always cheering me up. The Juniper Community is the best in my opinion, regardless of Partners, Juniper themselves or Customers – there are so many awesome people out there that I have met – this made the difference I think – I don’t know If I had taken another shot without all the support that I got. It’s more fun to go this road with family and friends – they might not know what you are talking about, but they can ask you prepped questions, that you have to create for yourself.

So for attempt No. 3 I prepped myself some “flashcards” like back in school. I thought of questions, that my family could ask and the answers that I would need. I ended up with roughly 90 Flashcards regarding all the Topics – especially the “pain” ones. While taking a walk through our town – which I do almost every night before going to sleep – my wife constantly asked me with the help of this flashcards – later she remembered the questions and the answers herself, so I think she could do the JNCIP-SEC now 😛 😉

3 Months after attempt No. 2 I thought that it was time for No.3.
During that time I moved from DiData to Telonic which made “staying focused” even harder. In this 3 months, I constantly learned with flashcards while in parallel I labbed and labbed and labbed – I created around 32 Topologies (this is very very easy in EVE-NG) to test every scenario that I thought would be helpful. Also, I prepped the Superlab from inetzero’s book in eve which was a massive help. I felt that I was faster and faster and took shot No. 3 – and boy did I hit the wall when I got the results –> Fail again…

At this point I have to tell you one thing:
I remembered: When I got my JNCIA-JunOS back in 2013 I had this dream – I wanted to become JNCIE – NO MATTER WHAT!
Yeah – jokes aside – I was pretty down and thought about never getting it – this is okay – it’s part of the experience of becoming an expert and I’m sure every expert knows this point.

After receiving the Fail for No.3 I immediately booked No.4 for roughly a month after No.3 because I knew that I was sooooo close – this time I focused more on the Labs and about “getting the point of the problems”. Knowing the Topics is good – very good – but you have to combine them in order to solve your customer’s Problem efficient. So I got through all the inetzero Labs again and again and I also labbed the whole Bootcamp again – no problem thanks to the workbooks and printouts. You may have seen this phase on Twitter – I motivated myself every day and tried to feel the joy of telling everybody that I finally made it.

And on the 3rd of July at my 4th attempt (now you know why I L O V E my JNCIE-SEC #374) I finally made it. This was kind of awkward –> you prep every day for almost 2 Years, solve every problem you find, attend Bootcamps and Labs and what so ever and all of a sudden you are there – this was hard for me to get. I literally checked every System (Acclaim, Cert-Manager, and Mails) against each other to verify that this was no mistake – It wasn’t.

This road was the most challenging task in my life so far – far harder than the apprenticeship – far harder than my work at the NOC and ProfessionalService – but would I do it again? Going through all this pain and “lost weekends” and suffering from thinking that I would never get there? Yes – Yes, Yes and Yes – I would do it again. I encourage you to do the same – The Expert is still the most valued Certification there is – not because it is impossible to do – but because there are so many factors that have to fit in order for you to get it. And if you fail? No one built Rome in one day –> go for it again. And again, and again, and again – don’t lose hope because you have read somewhere that someone got this on his first try – congrats to him but don’t let that drag you down –> stay focused –> visualize your goal and go for it –> look ahead, not back or sideways – get your Expert – not because you need to do it, but because you want to do it. And even if it takes 327 failed attempts – No. 328 will work (hope you get the point)


So my key points are:

+ Take your time to carefully design yourself test-labs and configs. Lab as much as you can and try to remember JunOS SHortcuts
+ Familiarize yourself with Notepad++ – It can help you a lot
+ Don’t let a fail drag you down – learn from it
+ Learn especially the Topics that you are “weak” in
+ Start Skype-Groups or forums with people also studying – this will also help you to stay focused
+ Learn how to calm yourself – sounds stupid – you can thank me later
+ Practice, Practice, Practice (you will, for example, find some practices in my other Blog Posts)
+ Try to understand the whole Picture – not just pieces
+ Take a good sleep before the exam day (you will be awake I know but try it)
+ Don’t go for a big Lunch on the exam day – you will regret it in multiple ways later…
+ MOST IMPORTANT: If you finally made it –> CELEBRATE IT!!! Take your Family and friends to Dinner and enjoy this moment.

I hope that my “novel” was not boring for you – If you need help to focus or just need someone to talk to about the JNCIE-SEC because you failed – contact me. Again –> not to gain knowledge about the actual exam –> but to get Infos from someone who recently did exactly the same.
As promised I will release some of my EVE-Labs and my training schedule for you to check – but note that this is a big help but still does not contain anything about the real topology. The Topics are listed on the official Website –> so I guess this shouldn’t be a Problem. If it is and you are from Juniper –> please let me know and I will take it down immediately. But I think I know what is “safe to share” and what is “not safe” 😉

 

Christian Scholz
JNCIE-SEC #374

The TechFest2018 (Berlin) is here

It’s finally my favourite time of the year – time for the Juniper TechFest 2018 (Juniper EMEA SE-Summit) #JNPRTECH2018
Make sure to grab your shirt and glasses at the registration (this year’s Shirt is light-blue).

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

There are so many things and interesting presentations to discover this year as you can imagine. I can’t wait until the speakers start.

My first surprise was getting a J-Coin this morning (thank you sooooooo much guys – especially Sue), that had nothing to do with the Tech-Fest itself – this was a coin for me 🙂 When I get back home I will post a picture of my J-Coin book, which I bought for my Coin-Collection 😉
Christian Scholz - Tech Fest 2018
I was so excited that I almost forgot my breakfast – almost 😛

First stop for me (after registration, which I already finished yesterday) was of course the certification room, where the Juniper Certification-Team thankfully prepared a quiet place for free written exams.

I know that I said this a couple of times, but this can’t be said enough:
Thank you for all doing this every year – it’s greatly appreciated.

This year I got some really nice PIN’s from the Team:

Christian Scholz - Tech Fest 2018

Christian Scholz - Tech Fest 2018

From JNCIA to JNCIS to JNCIP and now finally JNCIE – memories came back…
You should all stop by the examroom – not primary to collect your pins and badges but to get certified / re-certified.
Up to 3 exams are free for everybody – It’s best to pre-register them through pearsonvue (you should have got an email) to guarantee a seat – usually there are “rush times” with waiting periods around breakfast and lunch that you can easily avoid by registering your seat.

“Welcome Lunch” will start at 12.15, first presentation at 14.00 – the roomnames are shown on the big screens next to the registration.

In case you want to meet up, here’s my schedule for today:

Welcome Lunch, 12.15 till 13.45
Tungsten Fabric (Track 2), 14.00 – 15.30
Security – Strategy and Roadmap (Track 1), 16.30 – 18.00
Drink reception & Networking Dinner, 19.00 till 21.30

Also make sure to stop by the 2 “booth’s” this year to collect some bonus-presents 🙂

 

EDIT: Seems, that the Agenda is changing – make sure to stay up to date:
http://emea.juniper.net/EMEA_TECH_FEST_2018_Part-Agenda

 

EVE-NG Professional – First Preview

This morning something exciting happened: Thanks to Alain, the Head-Dev of EVE I got my Hands on a „Trial-License“ of EVE-NG-PRO, which will come out very very soon. This Post will review some Features and my Lab-Tests. Stay tuned and watch eve-ng.net for News about the Release-Date – if eve PRO is out, you will see it there.

 

 

 

 

 

 

As you can see, EVE-PRO will start with Version 2.0.4-4 and you will be greeted with 3 Modes:
+ Native
+ HTML5
+ HTML5 Desktop

Native and HTML5 are well known from the Community Edition. HTML5 Desktop is based on Docker and in my Opinion the world’s greatest way to Lab – this will change everything…

 

 

 

 

 

 

 

After Login to HTML5-Desktop you are presented with the „Full-blown“ Desktop of your labbing Dreams. It has Wireshark over RDP so you don’t need to install Wireshark on your PC, which is G R E A T if you want to Lab at Work, where you are usually not allowed to install Software or access ssh or access any „cli-opening“ commands. Isn’t this just awesome? Now EVE brings the Term „labbing everywhere“ to a whole new Level. Regardless where you are – even at the Hotel-Bar, where you only have Web browser access – you can login into your Lab and do whatever you want.

 

 

 

 

 

I was amazed, how smooth this actually works – Docker runs really nice on Ubuntu 16.04LTS which EVE is based on. It comes with Firefox and Chromium installed, however Firefox is preferred and used by default. So from HTML5-Desktop you are able to do some things:

+ run EVE in Firefox in Native or HTML-Mode and work normally on it
+ ssh into your EVE-Host and access it’s CLI (for upgrading or downloading new Software etc.)

I started my JNCIE-SEC Lab and tested the Capturing on ge-0/0/1 – worked like a charm – I could see all packets as they would flow in real-life – and all this from my Work-PC which is very strict. No Problems at all.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

My Lab runs smooth as always – and now there is a shiny new „Docker“ node running 😉

Also a new feature ist the NAT Network – you can now add a NAT-Network to your topology – it runs a DHCP-Server for your nodes to fetch an address and access the Internet through the EVE-hosts IP – great if you want your V-Appliances to fetch the latest updates.

Another nice Feature is the possibility to close a running Lab and go to a second Lab. I often had the problem, that due to extremely long boot-time form y full-blown Lab I wouldn’t close my full-blown Lab to test some other things real quick – no more do I have to worry about this. Running labs can be accessed again at any time and are placed under „running“ folder.

 

 

 

 

What I also like is the new “hot add”-Link Feature – you can now finally delete and add links while the Devices are running. I tested this 6 times – 5 times from Juniper to Juniper it worked very nice – one time I had to disable the interface at the cli and enable it again – but since I shut every Interface that I don’t use in real-life also, this is not a problem – after enabling the Interface everything works fine – another sweet feature, which mainly helps my “laziness” to stay lazy – and for quick-testing this feature is really handy – add a note, enable some interfaces, hot-add-link, test and after test, simply destroy – you can pop-up parts of the Lab now in no-time.

 

 

 

 

I was honored to get the chance to test eve-pro and of course I will be one of the first to buy eve-Pro as soon as it gets out to support the amazing devs for this in my opinion „Masterpiece of Lab-Technology“. Stay tuned – in the coming days I will test EVE-NG-Pro „Bare“ VS ESX 6.5 for labbing and do some “pressure-tests” on PRO.

My first J-Coin from “oversea”

Everytime I drive home, I talk to my Wife over the Phone (yes, EVERY time). This evening she told me, that Mail from Juniper arrived and I was extremely curious, what it could be. And I must say, that I wasn’t disappointed 😀

Now I have 2 J-Coins – one from EMEA Summit 2017 and one from the Circle – can’t wait to get tham all – I already purchased a Book for all the coins 🙂

 

An era has ended and another era starts – taking my Juniper-Career to the next Level

Maybe some of you already heared it – Beginning tomorrow (1st of February 2018) I will no longer be working for Dimension Data.
In the recent years the Juniper-Projects were getting few and so I decided to take my career to the next level by moving to Telonic.
I’m very excited to get the opportunity to work at a “Juniper-Focused” Company and getting the Opportunity to work even closer with Juniper and Juniper-Focused colleagues. The first big step to achieve this is to finally get the JNCIE-SEC, which due to lost time I couldn’t complete when working at DiData. Thank you DiData for all the good years and “see you soon” – the IT-World is a small Village 🙂

SRX100 in DimensionData Style

As you all know, I work for DimensionData in Germany. As a matter of fact i really like to mention this wherever I go – it’s my personality to do so because I only work for COmpany’s that I’m “proud” of – else it wouldn’t make sense to work there right?

I recently thought of pimping my old SRX100B with the NeonGreen from DiData – and it turned out pretty damn well for my first time spraypainting 🙂

 

What do you think?
My next Project will be a fire-red SRX240 I have inside my Lab 😉

Juniper EMEA SE-Summit 2017 :: Madrid here I come

Finally the time has arrived to pack my stuff and travel to Madrid for the Juniper SE Summit EMEA 2017. The EMEA Summit is by far the greatest event I have been a part of regarding Juniper Networks. Mainly european colleagues and champions who are able to understand the special european procedures and guidelines that are sometimes very hard to understand for colleagues living outside europe – especially data protection and privacy.

Of course I will also participate in my 2 granted exams – would be a shame to waste the possibility to do them for free – however this year there’s a limitation of 2 exams per person per Summit – but I think this is more than enough – after all this Summit is for the Tech-Sessions and not for pure Certification 😉 So this time I will try to nail the JNCIS-FWV and JNCIS-QF

I will update this post every evening – so stay tuned 🙂
The Summit will happen from July 11th to July 13th 2017 in Madrid.

The Agenda can be found here:
http://juniper-emea.net/2017JnprUChampionsTechSummit-Agenda?elqTrackId=7920060D1A63B2AF7B70D8C0B3324D88&elq=695f01e85a8c416daaeea26fb7733e07&elqaid=14440&elqat=1&elqCampaignId=3320

 

 

Day 1 – Monday – arrival

This morning we (I took my wife with me so she could enjoy Madrid) went from Oekoven (my Home-Town, 9 houses, 19 cows but FTTH) to Madrid.

As always (plane leaves at 12:05) we had just enough time (arrived at 9.50) thanks to very fast * cough * security officials and baggage drop ladies just so to stand punctual at the gate at boarding time.
Arrived in madrid, I noticed the very nicely built hall of the airport.

Thanks to a great service from the hotel, a driver was ready for our pick-up.
By the way it’s somewhat funny to read the sign “Mr. Scholz”- I’m not used to that 😉
Madrid, 33° C and many (unlike in Germany) brown plants (see for yourself)

When we arrived at the hotel, I immediately noticed the Juniper registration, which stood proudly at the opposite of the entrance.
My calendar for the next days is ready to rock. Equipped with my green DimensionData Shirt and Basecap we went out to explore a bit of our madrid area, to shop some cans of water and to eat something.

Madrid has really nice small Restaurants – very charming.
Now I’m looking forward to tomorrow when the game begins – after breakfast I scheduled 2 exams 😉

 

 

 

 

Day 2 – Tuesday – plenary

Tuesday – first thing to do after Breakfast was heading to the registration. I was surprised to see that Juniper also choose green today 😛

I got a bag with my badge, a book from juniper (really nice one this time) and of course a shirt.

The next step on my “to do List” was the JNCIS-FWV since more and more of our Customers migrate from ScreenOS to JunOS or still have SSG’s in production. Therefore this certification was my next step. Thankfully I passed 😉 I also met the Guys from the Certification Team. Again – it was a big pleasure and honor to meet you guys – thanks for making the Certification possible every year.

After the Certification it was time to meet old friends and Colleagues by the Pool – a little chill before the plenary sessions

Finally it was time for the plenary Sessions – Kireeti time 😉 We were introduced into the strategy and what juniper will do next. This year it was really interesting since there were 2 Rooms (i was in a room where they streamed the other room) so there were not like 1000 people sitting on a bird-cage and getting the climate system to crash 🙂 By the way – again ° C today – tomorrow it will be 37° C and for Thursday they told us, that we will reach the 39° C – I am afraid 😀

 

Another cool thing is the Juniper “Game” this year – I still am in the Lead and hopefully defend the first place 😉
After all I’m still the No1 Fanboy, right? lol 😀

vSRX D100 (vSRX 15.1X49-D100) is out

Just tested the new vSRX D100 Version on EVE and ESX.
Compared to D90 it feels (tested on ESX and EVE) way slower but seems to run very good once booted up (tested IPsec, DHCP-Server, DHCP-Client, Policy, OSPF, BGP and Clustering).

The following Graphic shows the time in seconds that the SXR needed from (Amnesiac) Login to cli prompt:

In general the time is almost identical – however the D100 needed significantly longer for boot when compared to the D90.
While the D90 took around 2Minutes from “click on start” to “login prompt”, the D100 needed a whooping 8 Minutes and reacted very very slow afterwards. After a night “idle” it was as responsive as the D90. I’m reading myself through the CHangelog, however I could not find a valid reason for this behavior so far.

 

I will proceed to test the D100 and of course compare D90 with D100 for you to make a good choice for your Home-Labs 🙂