Christians Juniper Blog – Page 8 – Home of JNCIE-SEC#374

JNCIE-SEC Beta Exam is out

christianscholz 2018-11-24 No Comments

Recently Juniper announced the new and shiny JNCIE-SEC Beta exam (JPR-933).
That must hurt all my fellow haters who constantly insisted, that Junipers SEC-Track is dead – well – beat it, guys! 😉

https://www.juniper.net/uk/en/training/certification/news/2018/20181022-new-jncie-sec-jpr-933-beta-exam/

Beta exams for the new JNCIE-SEC Lab Exam (JPR-933) will be available soon!
Testing will be offered during certain JNCP Lab Exam events in December and January.

This does however also mean, that if you have already studied with the old inetzero books and materials, you need to be aware of the changes. The biggest change, in my opinion, is the addition of JunOS Space Security Director and SDSN / SkyATP. Not sure, what will be exactly in this exam, however, this sounds like a lot of new sub-topics that you need to be aware of. My guess is, that the Bootcamp and the inetzero workbooks will be updated soon.

Software Release:

vSRX Services Gateway: 18.2 –> NIIIIICE 😀
vQFX Ethernet Switch: 17.4
Junos Space Security Director: 18.2

I’m very very happy that the new SEC-E will use the full virtual possibilities of vSRX and vQFX – my guess is, that this will be a fully virtual Lab – no Hardware needed. This is also very interesting for me because I already did the last one fully virtual during my preparation – after all my Nickname is Mr. vSRX 😉

Juniper NXTWORK EMEA 2018 – just couple of days away

christianscholz 2018-11-24 No Comments

Of course, you already noticed, that the NXTWORK EMEA is just a few days away and I haven’t blogged very much lately. Mostly because of a very very big Project for us at Telonic – but there’s light at the End of the Tunnel 😉

Fair Warning: I will blog the shit out of NXTWORK and Twitter will need a couple of extra Servers just for my Tweets – it will be like you are there with me 😛

Stay tuned.

It’s coming home – it’s coming – Plaque is coming home ;)

christianscholz 2018-09-04 No Comments

Finally received my Plaque 🙂 Thank you so much Juniper 🙂

JNCDS-WAN – Triple D done

christianscholz 2018-08-24 No Comments

Today I finished the last of my triple exams – the JNCDS-WAN 🙂

It was a close call for a Friday but in the end it was enough. I enjoyed the course well and I enjoyed the learning for these three in my opinion very valuable exams. If you are working in pre-sales or as an architect and you’re working with Juniper products I can only recommend you doing these exams – The courseware is very very good.

My next goal will be another specialist certification – the JNCIS-DevOps.

JNCIE-DC here I come

christianscholz 2018-08-06 1 Comment

While finishing my first Post of my JNCIE-SEC Training Series, I got feedback today from my Company Telonic.
From today on I start my Training for the JNCIE-DC 😀

I missed my evening Labs on EVE-NG – time to get this done 😉

JNCIE-SEC #374 – It finally happened

christianscholz 2018-07-23 4 Comments

This post is about my Journey becoming JNCIE-SEC #374. Sorry for taking so long but this Blog-Post really needed my special attention because there are many personal feelings involved with the way from JNCIA-JunOS up to JNCIE-SEC.
When I started my long journey, I found many Blog Posts about this Topic. I knew that one day I would do the same – give something back – and writing about my experience. And boy am I proud that this day finally has arrived… 🙂

After talking to a lot of network-folks I decided to also provide some insights into my lab and the time-schedule that I created myself for the training – hopefully, this will help some of you.

SPOILER:
You will NOT find any Info about the actual Exam, nor any “illegal tips” or stuff like that – if you know me a bit better you know why. The Expert is the most valuable Exam – in my Opinion even higher than a degree in IT because this Exam will not only show you boring Theory but will show you the “real world”. And I want to keep it like that – I know this value and I have taken the path that I would never ever destroy – so please don’t contact me via Mail “Hey Chris – can you send me the actual topology?” – Please understand this – thanks.

In case you are still reading – congrats – you seem to be willing to really “study” for this Exam and you want to learn something – and I will guide you.

First of all: In my Opinion, the Expert-Prep is not about learning all the Topics (which are massive) in every detail (but of course this helps) – the Exam is about Time and T-Shoot capabilities. You need to be able to decide in a couple of minutes how to actually solve a given Network Problem – these problems are not some Sci-Fi-Stuff – they are real problems that would face you in the real-world by a customer. After my first attempt I was leaving the Exam Room and thought 2 things:

1) Holy smokes – the topics weren’t as hard as I thought – no “traps” or “mean questions”
2) Holy smokes – how should I do all this in only 8 hours and verify all this…

When I started my journey in 2016, I purchased the inetzero Books, that most of the Experts I talked to also used for all the Tracks – and boy was this helpful. I can only recommend you to give them a shot: https://www.inetzero.com/

In many Blogs you will read, that the inetzero book is enough – I personally would say, that this is only partially true – because if you don’t know how to create a proper “strike plan” (by the way special Thanks to Udo Steinegger for providing an excellent JNCIE-SEC Bootcamp) you already lost…

Most of this will be addressed in Junipers official Bootcamp – which I also took and which was very helpful because only JNCIE’s will “teach” this Bootcamp as far as I know. You already know the Topics if you took the Professional Course, but having an actual JNCIE telling you how to create “strike plans” and how to “calm your mind” is priceless. That was my motivation to go for the Bootcamp. Of course, you have to decide for yourself.

Ask yourself this:
Do you know how to calm your mind even in the most stressful situations and do you stay calm and focused when presented with a complete unknown topology with a completely unknown number of devices and complete unknown tasks that you have to do in a short amount of time?

If you answered this partially no –> Go for the Bootcamp – or work inside a NOC where the Customers keep calling you, telling you, that this problem is the most important in the world and you were just born to solve this problem because every customer calling the NOC is a VIP – not always entertaining but this helps a lot 😉

After my first attempt I knew, that the Exam was doable (who would have thought) – I mean I knew that before but once you actually tried the Exam, felt all the pressure inside this room and have this “only 8 hours” feeling, you start to lab different than before – JunOS Shortcuts, for example, are your friend. So after this first attempt, I went straight to my Hotel-Room and tried to remember the Topics that I struggled with the most. I got this tip from a friend – don’t wait until the next morning – most of it will be forgotten. Write down every part that you thought you screwed up or that was not working easily for you. With this List, you can go to your lab again and train, train, train.

I personally labbed 100% virtual – this has pros and cons.

Pro:
I installed myself EVE-NG (basically my life savior because doing Expert-Labs in ESX is ugly and painful and takes a lot of time…) and could basically lab from anywhere, anytime.
+ Waiting at the customer’s site between 2 calls? –> Lab
+ Waiting at the airport for the plane? –> Lab
+ Going by train –> Nice –> Lab time
+ Can’t sleep because of a problem bugs you and you still want to test the newest vSRX in parallel? –> Great –> Fire it up and Lab it 😉

Cons:
Well since you can basically lab from anywhere and you are a “freak” like me, you most likely will lab from everywhere:
+ Waiting at a romantic dinner table for the food (sorry sorry sorry Darling) –> Lab
+ Waiting at the cinema for the movie to start –> Lab
+ Waiting at the bar for the next drink –> Lab

It’s also important to “take a day off” – regenerate and start fresh again.

So I knew that I would most likely not “one-shot” this thing –> So I stayed focused and waited roughly 2 Months until the next attempt. I really felt like I could do it (you will read this again later) and got there super excited. In attempt No. 2 I scored even higher than the first time – but still failed. I got a bit frustrated and started to question myself because I was still many points behind the passing Score (no I will not tell it of course). Luckily for me, I have family and people always cheering me up. The Juniper Community is the best in my opinion, regardless of Partners, Juniper themselves or Customers – there are so many awesome people out there that I have met – this made the difference I think – I don’t know If I had taken another shot without all the support that I got. It’s more fun to go this road with family and friends – they might not know what you are talking about, but they can ask you prepped questions, that you have to create for yourself.

So for attempt No. 3 I prepped myself some “flashcards” like back in school. I thought of questions, that my family could ask and the answers that I would need. I ended up with roughly 90 Flashcards regarding all the Topics – especially the “pain” ones. While taking a walk through our town – which I do almost every night before going to sleep – my wife constantly asked me with the help of this flashcards – later she remembered the questions and the answers herself, so I think she could do the JNCIP-SEC now 😛 😉

3 Months after attempt No. 2 I thought that it was time for No.3.
During that time I moved from DiData to Telonic which made “staying focused” even harder. In this 3 months, I constantly learned with flashcards while in parallel I labbed and labbed and labbed – I created around 32 Topologies (this is very very easy in EVE-NG) to test every scenario that I thought would be helpful. Also, I prepped the Superlab from inetzero’s book in eve which was a massive help. I felt that I was faster and faster and took shot No. 3 – and boy did I hit the wall when I got the results –> Fail again…

At this point I have to tell you one thing:
I remembered: When I got my JNCIA-JunOS back in 2013 I had this dream – I wanted to become JNCIE – NO MATTER WHAT!
Yeah – jokes aside – I was pretty down and thought about never getting it – this is okay – it’s part of the experience of becoming an expert and I’m sure every expert knows this point.

After receiving the Fail for No.3 I immediately booked No.4 for roughly a month after No.3 because I knew that I was sooooo close – this time I focused more on the Labs and about “getting the point of the problems”. Knowing the Topics is good – very good – but you have to combine them in order to solve your customer’s Problem efficient. So I got through all the inetzero Labs again and again and I also labbed the whole Bootcamp again – no problem thanks to the workbooks and printouts. You may have seen this phase on Twitter – I motivated myself every day and tried to feel the joy of telling everybody that I finally made it.

And on the 3rd of July at my 4th attempt (now you know why I L O V E my JNCIE-SEC #374) I finally made it. This was kind of awkward –> you prep every day for almost 2 Years, solve every problem you find, attend Bootcamps and Labs and what so ever and all of a sudden you are there – this was hard for me to get. I literally checked every System (Acclaim, Cert-Manager, and Mails) against each other to verify that this was no mistake – It wasn’t.

This road was the most challenging task in my life so far – far harder than the apprenticeship – far harder than my work at the NOC and ProfessionalService – but would I do it again? Going through all this pain and “lost weekends” and suffering from thinking that I would never get there? Yes – Yes, Yes and Yes – I would do it again. I encourage you to do the same – The Expert is still the most valued Certification there is – not because it is impossible to do – but because there are so many factors that have to fit in order for you to get it. And if you fail? No one built Rome in one day –> go for it again. And again, and again, and again – don’t lose hope because you have read somewhere that someone got this on his first try – congrats to him but don’t let that drag you down –> stay focused –> visualize your goal and go for it –> look ahead, not back or sideways – get your Expert – not because you need to do it, but because you want to do it. And even if it takes 327 failed attempts – No. 328 will work (hope you get the point)

So my key points are:

+ Take your time to carefully design yourself test-labs and configs. Lab as much as you can and try to remember JunOS SHortcuts
+ Familiarize yourself with Notepad++ – It can help you a lot
+ Don’t let a fail drag you down – learn from it
+ Learn especially the Topics that you are “weak” in
+ Start Skype-Groups or forums with people also studying – this will also help you to stay focused
+ Learn how to calm yourself – sounds stupid – you can thank me later
+ Practice, Practice, Practice (you will, for example, find some practices in my other Blog Posts)
+ Try to understand the whole Picture – not just pieces
+ Take a good sleep before the exam day (you will be awake I know but try it)
+ Don’t go for a big Lunch on the exam day – you will regret it in multiple ways later…
+ MOST IMPORTANT: If you finally made it –> CELEBRATE IT!!! Take your Family and friends to Dinner and enjoy this moment.

I hope that my “novel” was not boring for you – If you need help to focus or just need someone to talk to about the JNCIE-SEC because you failed – contact me. Again –> not to gain knowledge about the actual exam –> but to get Infos from someone who recently did exactly the same.
As promised I will release some of my EVE-Labs and my training schedule for you to check – but note that this is a big help but still does not contain anything about the real topology. The Topics are listed on the official Website –> so I guess this shouldn’t be a Problem. If it is and you are from Juniper –> please let me know and I will take it down immediately. But I think I know what is “safe to share” and what is “not safe” 😉

Christian Scholz
JNCIE-SEC #374

The TechFest2018 (Berlin) is here

christianscholz 2018-07-17 4 Comments

It’s finally my favourite time of the year – time for the Juniper TechFest 2018 (Juniper EMEA SE-Summit) #JNPRTECH2018
Make sure to grab your shirt and glasses at the registration (this year’s Shirt is light-blue).

There are so many things and interesting presentations to discover this year as you can imagine. I can’t wait until the speakers start.

My first surprise was getting a J-Coin this morning (thank you sooooooo much guys – especially Sue), that had nothing to do with the Tech-Fest itself – this was a coin for me 🙂 When I get back home I will post a picture of my J-Coin book, which I bought for my Coin-Collection 😉

I was so excited that I almost forgot my breakfast – almost 😛

First stop for me (after registration, which I already finished yesterday) was of course the certification room, where the Juniper Certification-Team thankfully prepared a quiet place for free written exams.

I know that I said this a couple of times, but this can’t be said enough:
Thank you for all doing this every year – it’s greatly appreciated.

This year I got some really nice PIN’s from the Team:

From JNCIA to JNCIS to JNCIP and now finally JNCIE – memories came back…
You should all stop by the examroom – not primary to collect your pins and badges but to get certified / re-certified.
Up to 3 exams are free for everybody – It’s best to pre-register them through pearsonvue (you should have got an email) to guarantee a seat – usually there are “rush times” with waiting periods around breakfast and lunch that you can easily avoid by registering your seat.

“Welcome Lunch” will start at 12.15, first presentation at 14.00 – the roomnames are shown on the big screens next to the registration.

In case you want to meet up, here’s my schedule for today:

Welcome Lunch, 12.15 till 13.45
Tungsten Fabric (Track 2), 14.00 – 15.30
Security – Strategy and Roadmap (Track 1), 16.30 – 18.00
Drink reception & Networking Dinner, 19.00 till 21.30

Also make sure to stop by the 2 “booth’s” this year to collect some bonus-presents 🙂

EDIT: Seems, that the Agenda is changing – make sure to stay up to date:
http://emea.juniper.net/EMEA_TECH_FEST_2018_Part-Agenda

vQFX 18.2 is out

christianscholz 2018-05-25 No Comments

Let me test this in EVE and give you an update soon 😉

How to deploy vMX with multiple RE’s and multiple FPC’s in EVE-NG (KVM)

christianscholz 2018-04-22 46 Comments

As promised (little late but better late than never) I wanted to show you guys an amazing thing, that I recently saw myself at Twitter:
Deploying the vMX with Dual-RE and multiple Linecards (PFE’s) – awesome, right?

For this Setup I followed http://www.eve-ng.net/documentation/howto-s/109-howto-juniper-vmx-16-x-17-x but made slight modifications (added metadata files for each Device) so that both RE’s and all PFE’s would come up correct – it’s obviously not enough to just deploy multiple VM’s 😉

Inside your decompressed vMX-Bundle Folder you will find the following files (example for v18.1, click to enlarge):

Create folders for VCP-RE0 and VCP-RE1 and also for FPC-0 up to FPC-11 (I personally tried up to 5 due to lack of CPU) and copy the files (see below example) into the right folders for every fpc and vcp:

Don’t forget to fix EVE’s permissions after you have created :
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

When adding nodes to your topology you need to select “RE-0″, RE-1” and your PFE’s – do not add RE0 or PFE0 multiple times – this will not work – for each chassis you can deploy the appropriate VM’s. Connect them through interface “int” – with a bridge this is done quite easy.

Power up and down as many fpc’s as you need – they will now come up with the correct fpc-slot-no and will no longer interfere each other as compared to deploying just fpc0’s which will obviously not work:

By default RE0 will be Master and RE1 will be backup – but like the real MX you can change this via config and request them to failover and so on. Also “commit synchronize” is your friend 😉

set system commit synchronize
set chassis redundancy routing-engine 0 master
set chassis redundancy routing-engine 1 backup
set chassis fpc 0 lite-mode
set chassis fpc 1 lite-mode
set chassis fpc 2 lite-mode
set chassis fpc 3 lite-mode
set chassis fpc 4 lite-mode
set chassis fpc 5 lite-mode

Enjoy your “Powerhorse vMX” 😉

vQFX 17.4R1.16 on EVE-NG (Professional and Community)

christianscholz 2018-03-21 49 Comments

Hi all,

a couple of days the new vQFX came out in Version 17.4R1.16 – and you know me – of course it had to be “eved” 😉
Here’s how I got it flying:

1.) Create a new folderstructure for your new vQFX:

root@eve-ng:/opt/unetlab/addons/qemu# mkdir vqfxre-17.4
root@eve-ng:/opt/unetlab/addons/qemu# mkdir vqfxpfe-17.4

2.) Move your files (extracted from vbox) to the new folders:

root@eve-ng:~# mv vqfx17.4-pfe.vmdk /opt/unetlab/addons/qemu/vqfxpfe-17.4/
root@eve-ng:~# mv vqfx17.4-re.vmdk /opt/unetlab/addons/qemu/vqfxre-17.4/

Hint:
To get the vmdk you need to download the “Vagrant” Virtualbox-Files and extract them twice with 7zip to uncover the vmdk’s
You start with the .tgz, extract this, get a file without an extension and extract this again (all with 7zip)

3.) Convert the vmdk (PFE and RE) to qcow2-format:

RE:
root@eve-ng:~# cd /opt/unetlab/addons/qemu/vqfxre-17.4
root@eve-ng:/opt/unetlab/addons/qemu/vqfxre-17.4# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vqfx17.4-re.vmdk hda.qcow2      
root@eve-ng:/opt/unetlab/addons/qemu/vqfxre-17.4# rm vqfx17.4-re.vmdk 

PFE:
root@eve-ng:~# cd /opt/unetlab/addons/qemu/vqfxpfe-17.4
root@eve-ng:/opt/unetlab/addons/qemu/vqfxpfe-17.4# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vqfx17.4-pfe.vmdk hda.qcow2      
root@eve-ng:/opt/unetlab/addons/qemu/vqfxpfe-17.4# rm vqfx17.4-pfe.vmdk

And now you can spin-up your new vQFX17.1R1.16 under EVE-NG 😉

Enjoy – if you have questions feel free to ask in the comment section below.