(DISCLAIMER: This blog post was written at the end of 2018, and was accurate to the JNCIA-Cloud syllabus at the time of writing. The syllabus will change over time, sometimes subtly, sometimes profoundly. It’s unlikely I’ll be keeping this post up-to-date to reflect these changes. Having said that, a great deal of the content in this post will no doubt still be relevant, and interesting; just be sure to compare the info in this post to the current syllabus, to make sure that you’re not missing anything.
Also, keep reading this post to find out how you can sit this exam for free. That’s right – FOR FREE!)
My aim in the next two years is to become JNCIE certified.
In fact, I’ve never told anyone this, but maybe it’s okay to tell you this one time: in the year 1675 my great-grandad made me promise him that one day I’d become expert-accredited with Juniper Networks. At the time I had no idea what it meant. Remember, this is a time before electricity. But now, 343 years later, I see that my granddad was full of a profound wisdom far beyond his years. It’s true!
As well as becoming an expert in Service Provider tech, I also want a good grounding in other areas of networking. So you can imagine that I was very romantically attracted to Juniper’s recent 3 x JNCIA badge, awarded to people who have passed the JNCIA-Junos, JNCIA-Cloud, and JNCDA (design) certs. What a great opportunity to learn SDN and design principles, because I personally haven’t had much chance to do any cloud stuff in my networking career. In fact, learning about SDN has, for me personally, seemed about as immediately relevant to my job as learning the names of all the dogs in Spain. The opportunities for me to get real-world experience of this new exciting SDN tech have so far been slim, and I’m very envious of my colleagues who get to do it in real life “on the reg”.
Now, thanks to Juniper’s new cert track, I know a lot more about all things SDN: the JNCIA-Cloud exam and syllabus are a great intro to some of the key concepts surrounding automation and software-defined network. In fact, I’m delighted to say that today I actually passed the exam, and I’m so happy that I took it. Three weeks ago I had no idea about concepts like NFV, PCEP, or OpenStack. You might as well have told me that virtualised networks ran on a Dwangle-Infused Pseudo-Hampton, reflected back into the turbo-web via pre-furdled Dribble-Stwips. But now, thanks to the JNCIA-Cloud exam, I can talk confidently about SDN technologies, and understand articles and literature about cloud-based networking without feeling like I’m way out of my depth.
One thing I definitely found during my studies though, was that Googling for “JNCIA-Cloud” brings up hardly anything of use. In fact, the search results are mainly made up of gross brain dumps. That simply won’t do. Not on my internet. So, I thought I’d do something about it, by writing a post with some useful links and info for anyone who wants to take this relatively new exam. My recent Ultimate Guide To Studying For The JNCIP-SP is by far my most popular post, so with any luck you’ll also enjoy this one!
CHRIS PARKER’S ULTIMATE JNICA-CLOUD STUDY GUIDE!
In this blog post you find headers matching each section on the JNCIA-Cloud syllabus, with some of my own notes, combined with plenty of good links and literature that will guide you on your quest for ultimate knowledge.
Now, it goes without saying that I am not in any way claiming that this post gives you all you need to pass the exam. In fact, I know for a fact that there were questions on the exam that I don’t cover below, and there’s also info below that isn’t on the exam at all. The point of this post isn’t to give you the exact things you need to pass the exam. Instead, the point of this post is to help you to self-study your way to a place where you can confidently talk about software-defined networking, to JNCIA-Cloud level.
WHAT LEVEL IS THE JNCIA-CLOUD PITCHED AT?
The JNCIA-Cloud is actually quite different to the JNCIA-Junos, in that it doesn’t involve any knowledge of actually configuring anything cloud-based. You won’t need to know any CLI commands, and you won’t need to know how to troubleshoot or debug. You won’t be expected to install Contrail from scratch, and you won’t be expected to deploy new virtual network functions.
Instead, the JNCIA-Cloud exam is designed to make sure that you understand the concepts of SDN, the Juniper SDN product set, the functional components of those products, and the protocols they use.
Don’t be fooled, it’s not an “easy” exam – you really do need to know the components of the things on the syllabus – but it’s all very achievable. I passed it with 3 weeks of studying at evenings and weekends, though it did take up pretty much all my spare time in those 3 weeks. You will have different personal commitments, and of course your own networking knowledge will make a difference. If you already have a good grounding in VMware you’ll probably knock it out quicker. If you’re brand new to all of it like I was, but you’ve also not got a good grasp on BGP and MPLS, maybe it’ll take a little longer. But keep it up, dive into the reading, and do your best. I’m sure you can pass if you try!
HOW DID YOU STUDY FOR THIS EXAM, CHRIS?
My method was a bit clumsy, but it worked for me.
The very first thing I did was to take this JNCIA-Cloud practice test at the Junos Genius website. I took it without having done a single bit of studying. For every question that I didn’t understand, I opened up a new tab and put the words and concepts I didn’t understand into Google. By the end of the exam I had about 100 tabs open. Lol! I then went through each page, spent a fortnight reading around it all, and then took the practice exam again. Finally, I watched all the videos I link to at the very bottom of this post, did some final round-up revision, and finally I took the real exam.
I’d actually recommend this method to other folks, because it lets you take a deep-dive into it all, and as you read around the concepts you’ll find yourself going down rabbit holes of blog posts and videos that you might not otherwise have found. It’s not very structured, but it is fun! But if you’d like something more structured, I hope you’ll find the links below useful too.
The first section of the syllabus deals with the fundamental concepts: “Public, private, and hybrid clouds”, “XaaS”, and “Underlay versus overlay”.
This Microsoft article is a good starter guide to the difference between the three different types of cloud. And hey, did you know there’s a difference between hybrid clouds and multicloud? If not, you’ll want to read this article from The Enterprisers Project.
Check out this IBM article for the difference between IaaS, PaaS and SaaS.
“Underlay versus overlay”: Essentially, the underlay is your normal IP/IPv6 network, with cables, running OSPF or IS-IS etc. Your overlay network is the protocols like VXLANs and whatnot, that allow hosts at one end to talk to hosts at the other end, dynamically, using tunnels. In otherwords, they work on top of, or “over”, your underlying network. This article at Nuage Networks puts it well: “The core idea of an overlay network is that some form of encapsulation, or indirection, is used to decouple a network service from the underlying infrastructure”. Give that article a read!
There’s also some related technologies you’ll want to have an awareness of. For example, you’ll want to know a little about leaf-spine architectures. Again, you don’t need to know how to configure them, just the principles. Read this to learn about them.
You’ll also want to know a little about EVPN and VXLAN. A guy called David Mahler has made some great videos about SDN, and it’s worth giving a few videos on his channel a watch. Here’s one on VXLAN.
In the NFV section of the JNCIA-Cloud syllabus you’ll see that it mentions VNFs, and the NFV Framework.
NFV stands for Network Function Virtualisation, and refers to the general concept of virtualising network functions. Which is confusing, because a VNF refers to a Virtualised Network Function, which is a virtualised device. Oh boy! I swear this took me an entire day to get my head around. Give this piece a read for clarity, on the difference between NFV and VNF. Don’t even think of taking the exam until you know your NFV from your VNF!
There’s a thing called the NFV Framework, defined by the European Telecommunications Standards Institute (ETSI). Think of the NFV Framework as like a theoretical model for the way that different virtualised and physical functions can all work together, regardless of the hardware or the vendor.
This article is AMAZING at explaining how the NFV framework works. The section on the high-level architectural framework of NFV is golden, and explains it perfectly. It’s part of a chapter from a book called “Network Functions Virtualization (NFV) with a Touch of SDN”. Read it slowly, take it all in. It’s important!
The syllabus also asks you to know about the vMX, the vSRX, and NFX use cases. The NFX is Juniper’s new CPE device that lets you run some cool funky VNFs at your premises. There’s two at the moment – the NFX150 and the NFX250. Have a read abut them.
Here’s some sales documentation on the virtualised MX, and the virtualised SRX. Next, here’s some technical documentation on using the vSRX with Amazon Web Services, and similarly, here’s one for the vSRX with Contrail.
With all of these technologies, you generally don’t need to know how to configure them. You just need to know the philosophy of how the product works, the components, licensing, management etc. Having said that, it can’t hurt to give the install/configuration sections on those links a read, because it can only make you more confident in how the technologies work, and how they interact with other things.
Here’s what the syllabus says you need to know about SDN:
- Identify the concepts, operation or functionality of software-defined networking
- SDN types
- Contrail Cloud/Networking
Honestly, I still don’t know what the syllabus means by “SDN types”. Sorry!
However, I can tell you that a big part of this section is understanding the philosophy of SDN. For example, you’ll want to know what an API is, and what the difference between a northbound and southbound API is. Click here for Northbound, and here for Southbound. Both of those pages have Further Reading links at the bottom. You’ll see that those links come from SDX Central, which is such a great resource. Spend half a day casually browsing and reading that website, and you’ll be a good chunk of the way towards your cert!
OpenFlow isn’t on the syllabus, but it’s good to know about. It’s a protocol that networking devices can use to have their data plane programmed by a controller. Earlier I mentioned David Mahler’s YouTube account. He’s made a general introduction to SDN, and an intro to OpenFlow. Honestly, check out the other stuff on his channel, there’s some great stuff on there.
Here’s an article on the history of OpenFlow from Computer Weekly, and here’s some info about OpenFlow controllers, again fro SDX Central.
One thing that took me a while to understand is that Contrail is actually an umbrella term for a few different products. To start with you’ve got Contrail Networking, and Contrail Cloud. Click those links to see the sales info about each. It can be a bit overwhelming at first, trying to understand the difference. I recommend going to Juniper’s Tech Library, and reading the “Understanding Contrail” section. You’ll notice on the left on that link that there’s lots of other Contrail pages in the Tech Library. Definitely spend some time reading through them!
As you read more about Contrail Networking, you’ll start to see that it’s made up of different nodes – Control Nodes, Config nodes, Analytics nodes, and so on. This is exactly the kind of thing this cert expects you to know about: not just the fact that Contrail exists, but the elements that make Contrail work. For example, the KB has a nice three-page section on the Analytics Nodes, which collect all the state information and usage stats.
It’s no good knowing about Contrail without knowing about OpenStack. Go here to read about it. As always, you’re going to want to know about the components that make up OpenStack, like Nova, Swift, Cinder, Neutron and so on.
Wikipedia has a nice history about OpenStack. Turns out it was originally a project made between Rackspace and NASA! The Wiki page also breaks down all the components, too.
NSX is VMware’s network virtualisation platform. I’ll confess I know very little about VMware, though I’d definitely like to know more. But here’s what I used to learn about it: VMware’s website, and then this great, detailed page on Juniper’s website, “Understanding Network Virtualization with VMware NSX”.
When you’re talking SDN-WAN with Juniper, there’s two products you need to know about: NorthStar, and WANDL.
NorthStar is a controller that helps you to optimise label-switched paths within your network. Click here for the sales page.
Northstar is very expensive, and chances are you won’t get a chance to play with it before you take the exam. Luckily, the NorthStar Controller User Guide at Juniper’s Tech Library gives you all that you need. As with the others, you don’t need to read too much about the actual installation and configuration (though again, it can’t hurt to read it, just to help give you the context of what it does), but do pay attention to the links about how it functions. You’ll also enjoy reading “Understanding Network Topology Acquisition on the NorthStar Controller“, or this page about the Web UI that helps to make the app feels a bit more real.
There is also a Day One guide, if you want to be fully confident!
NorthStar uses optimisation algorithms Juniper gained from buying a product called WANDL. I believe it’s pronounced “WAN DEE ELL”, because according to this page it stands for the Wide Area Network Design Laboratory.
Take some time to read about how NorthStar works. For example, you’ll want to know about the fact that it uses BGP-LS to learn the topology of the network, and PCEP to re-route LSPs. Don’t know what PCEP is? Give this Juniper doc a read, because it’s very cool! It stands for the Path Computation Element Protocol, and it’s used by a controller to program new label-switched paths on a remote router. Can’t hurt to read the Wiki page about it, too.
Our pals at Juniper have put four bullet points into this section: “AppFormix (for example, smart networks), Telemetry, Alerts,” and “Contrail analytics”.
AppFormix is a monitoring and stats-gathering platform for multicloud environments. It can monitor things in private clouds, virtual machines in OpenStacks, AWS, Azure, and more. Here’s the sales documentation on it, which has a video of what the AppFormix dashboard looks like.
As always, the Tech Library has some good descriptions of what AppFormix can do. Pay attention to the Overview section, and also the “Understand The AppFormix Architecture” section. Spend a good amount of time reading through the Feature Guide on that link too, to get a feel for the components of AppFormix.
I first heard about Streaming Telemetry from a talk at NANOG from some Google engineers called “SNMP Is Dead“. Give it a watch, it’s great. Once you’ve watched that, you’ll find all that you need to know on the Juniper site, in the “Junos Telemetry Interface Feature Guide“. I know I’m repeating myself, but spend some time taking in the Tech Library articles, because they’re great on this.
As for Contrail Analytics, give this a read. This link is actually part of a KB section called “Monitoring and Troubleshooting Contrail”. As I say, you’re not really expected to be able to troubleshoot Contrail at JNCIA-Cloud level, but it’s worth reading all of this section anyway, because by learning the troubleshooting, you get a better feel for the elements that make up Contrail. You’ll see three pages on that link: “Contrail Analytics Overview”, “Contrail Alerts”, and “Underlay Overlay Mapping In Contrail”. All good stuff!
CLOUD MANAGED SERVICES
This section expects you to know about four things: CSO, vCPE/NFV (distributed, centralized), SD-WAN, and ZTP. What do those acronyms mean? Good question, Susan!
CSO is short for Contrail Service Orchestration, and it’s a different product to the Contrail we mentioned earlier. I’ve never used it, but it seems really cool: it’s basically a way for ISPs etc to deploy new WAN and LAN tech for customers. Need a new CPE? Send a box out, and it can call home to CSO to get its config. Need to deploy some extra functionality to the boxes? CSO can take care of it. When you know that Contrail Service Orchestrator can do things like that, words like SD-WAN and Cloud CPE start to make a bit more sense.
I actually found CSO a bit tricky to find good info about.
A good place to start is, as always, Juniper’s CSO page on the Tech Library. Start with the overview of CSO to get a feel for it. Once you’ve read that, take a look at this page from a Juniper reseller, that has some screenshots that show you around the platform.
Once you’ve read that, then, AND ONLY THEN, should you watch some YouTube videos, because the videos that are currently on YouTube are not good at all, in any way at all. Here’s a 15 minute video that gives you visibility of lots of the options available to you, but doesn’t really explain the context of those options, or the philosophy. So do your reading first, and then give the video a watch.
Here’s the sales sheet for the vCPE product, and here’s the TechLibrary documentation on the Cloud CPE and SD-WAN offering. Well worth spending some time on these pages
Distributed/Centralized refers to two different ways of deploying CPEs using the CSO platform. The best way to find out what they are is to read the Tech Library chapters for the “Cloud CPE and SD-WAN Solutions Overview“. There’s tons of great stuff in here. CSO? Tick! SD-WAN? Tick! vCPE? Tick!
ZTP stands for Zero-Touch Provisioning. Here’s a Juniper article all about it!
The final section mentions four concepts: SDSN, Sky ATP, Security Director, and Cyphort.
SDSN stands for Software-Defined Secure Network, and it’s the umbrella term for the rest of it. Study the other three, and you know SDSN. Still, give Juniper’s page a read where they define SDSN.
Sky ATP (Advanced Threat Prevention) is some extremely cool tech: it monitors traffic in and out of the network, checks it for known malware, and quarantines users who are sending or receiving the traffic. Click here for the product overview. Then, spend some time reading the documentation in the TechLibrary. There’s lots of good stuff in here, and it’s worth reading the whole lot.
Sky ATP integrates with a thing called Policy Enforcer, which itself is a component of Junos Space security director. Blimey! That’s a lot of concepts. And when you’ve not actually used these services it can be a bit tricky to visualise all that.
So, I recommend spending a bit of time reading about Policy Enforcer here. As with all these Tech Library links, keep an eye on the Content Page links on the left of the page, because they give you tons of extra useful stuff. For example, among other things you’ll see an expanded definition of Juniper SDSN, that brings in Sky ATP and Security Director. You’ll also see an entire section about the components that make up Policy Enforcer.
Security Director is a part of Junos Space. Here’s the sales sheet. As always, the TechLibrary is your best source of knowledge, and again it’s worth taking your time to read as much of it as you can. The overview page for Security Director is good, and has some screenshots to show you what’s going on. The general documentation page has some links to videos showing you around it too, which is hashtag-nice.
As for Cyphort: mate, I’m still not sure what this is. All I could find on Google was pages reporting that Juniper had acquired Cyphort. It’s something to do with cloud security, and it sounds like whatever Cyphort was has been integrated into Sky ATP, because it also did threat protection. But beyond that I don’t know. Gosh, that’s a disappointing way to end a post like this isn’t it? Well, good job I’ve got something very exciting for you to end this very long article:
OKAY BUSTER, HOW CAN I TAKE THIS EXAM FOR FREE??
At the time of writing this (Nov 2018), the Junos Genius page has a 10-part training video course, which, if I’m being honest with you… it’s a bit patchy. The content itself is very useful, and you should absolutely definitely 100% watch it all. It goes without saying that Juniper’s own training is going to be very on-point when it comes to the contents of its exams.
Sadly though the videos are as dry as sand. (Just to clarify, I’m talking about dry sand.)
The video course could honestly have been half the length and just as good. Better, in fact. The whole thing was recorded on what sounds like a £3 eBay microphone. They could at least give us a 1.25x speed option. But I absolutely insist that you watch all the videos, because they do cover some good stuff for sure.
After you’ve watched the videos, there’s a practice exam. And if you pass it, you’ll get a voucher to take the exam for free! That’s a sweet $200 saving! Incredibly generous.
It took me about 3 days to get my code, which you just use at the time of booking the exam. But you can only take the practice exam after watching the videos. So give them a watch, then try the exam. The practice exam is pitched at a very similar level to the actual exam, so if you do well in the practice, you can have a good feeling about passing the real thing!
Thank you so much for reading this post! Hey, have you taken the JNCIA-Cloud? Are you studying for it? Got any links or info I’ve missed? Either way, comment below! I’d love to hear from you.
And as always, I’d love it if you followed me on Twitter, so that you can see any new posts I make, and also so you can read my fresh nonsense.
And if you fancy some more learning, take a look through my other posts. I’ve got plenty of cool new networking knowledge for you on this website, especially covering Juniper tech and service provider goodness.
It’s all free for you, although I’ll never say no to a donation. This website is 100% a non-profit endeavour, in fact it costs me money to run. I don’t mind that one bit, but it would be cool if I could break even on the web hosting, and the licenses I buy to bring you this sweet sweet content.