HEY PALS: THIS POST IS LONG!
IT’S A STUDY GUIDE AND A READING LIST FOR A DIFFICULT EXAM.
THIS POST IS NOT DESIGNED TO BE READ ALL IN ONE GO.
UNLESS YOU’RE SOME KIND OF STONE-COLD LEGEND
WHO GOES TO THE GYM 16 TIMES A WEEK, THEN GO AHEAD.
FOR EVERYONE ELSE, I RECOMMEND SKIM-READING THIS POST,
THEN BOOKMARKING IT AND RETURNING TO IT SLOWLY THROUGH
YOUR JNCIP-ENT STUDIES AS YOU ENCOUNTER NEW TOPICS.
GOOD LUCK! I HOPE YOU HAVE TONS OF FUN STUDYING THIS COOL TECH!
I’m delighted to say that I recently passed the JNCIP-ENT, Juniper’s Professional Enterprise exam.
On the whole I had a very positive experience with it. I think Barry Juniper-Networks (the CEO of Juniper Networks) did a great job on this one. He really knocked it out of the park. Rumour has it that he crafted the entire exam himself by hand, chiseling each question out of a beautiful old oak tree, because he wanted the exam to be as good as the IT vendor certs his grandfather took. Wow. You have to admire such commitment to quality, you really do.
Anyway, forget I said any of that. A question I get a looooooooot is: how does one study for Juniper exams, when there aren’t any official books for the certs? The answer: there might not be one single book or box set you can buy – but there’s a ton of knowledge already online, and you don’t have to spend a single yen to get to it.
In this post I’m going to aggregate as much of that knowledge as I can for you. I’ll also tell you you what the exam is like, and the challenges I had studying for it, to help you prep for it.
I ran this post by my pals in Juniper Education before I published it, so believe me when I say that I’m telling you as much as I’m allowed to tell you. In the end they asked me to remove the bit where I told you the actual day that the world will end. They said “it’s not nice when people spoil the ending to a story” and to be fair they’ve got a point.
By the way, if you’re new to this blog – hi! I’m Chris, a Juniper Ambassador and JNCIE-SP #2981. I’ve posted loads of deep-dive networking posts on this blog, from BGP to MPLS to multicast to security, and more. Have a browse through my old posts, and follow me on Twitter if you want to find out when I make new ones!
WHY DOESN’T JUNIPER MAKE BOOKS TO HELP ME STUDY?
There do. In fact, there’s loads. You just won’t find the word “JNCIP” on them.
People sometimes criticise Juniper for not publishing study guides for their exams, in the way that Cisco often do. But remember, even Cisco’s official CCNP books only contain like 60% of the total syllabus. Don’t be fooled: even when a vendor claims to have certification books, it doesn’t mean you can rely on those books alone. You’re not truly a JNCIP, or indeed a CCNP, if you’ve just read a few books and then taken some exams. P-level certs are the real deal: you need to know the protocols very well indeed. You’re expected to read around the topic, truly read around it.
Juniper used to make JNCIA/JNCIS/JNCIP/JNCIE books. They don’t any more. But as you’re going to see in this post, not only does Juniper have extensive documentation on in their knowledge base, Juniper Press also has dozens of books in their Day One and This Week series, focused on specific technologies that you can download for free as PDFs, or buy online if you prefer a hard copy. Let me say that again: these books are COMPLETELY FREE!
There’s so many Day One books it’s almost unbelievable, from EVPN to Multicast VPN, from EX Switches to Junos Automation, from Segment Routing to a book focusing purely on routing policy and firewall filters – and every single one of them is a free PDF. Free. Free!! Did I make that clear? THEY’RE FREE. You can download entire books without spending any money at all. There aren’t many other vendors who go to such lengths to support students and the community at large.
Go here and browse the Juniper Day One library. Nice, eh? Here’s a screenshot of just six of the many books available:
WHAT IS THE JNCIP-ENT EXAM LIKE?
Here’s the syllabus. As the name suggests, this exam covers enterprise networking. But what does that mean?
In terms of layer 3 protocols you’ll see that BGP, OSPF and IS-IS feature heavily. I’m fully on side with OSPF being there; I’ve no idea at all why IS-IS is on there. I mean, I love IS-IS, I prefer it to OSPF, but putting it on an enterprise exam seems like a weird choice. Anyway, you’ve also got multicast and quality of service (or class of service, to use the Juniper terminology), which again are very large topics indeed.
When it comes to layer 2, of course there’s the different flavours of spanning tree. This exam also brings EVPN and VXLAN to the table, helping you get rid of spanning tree and replacing it with layer 3 links in your enterprise core. You’ve also got VLAN stuff: private VLANs, MVRP for automatically advertising VLANs between switches, QinQ, and L2PT. That’s L2PT, not L2TP!
Junos Fusion is introduced as a way to aggregate all the switches in your estate into one big control plane. You also need to know about Power Over Ethernet, LLDP, and voice VLANs. And you’ll definitely need to know Layer 2 security: not only 802.1x, but MAC RADIUS, Captive Portal, the order of operations, and what happens in various failure scenarios. Chuck layer 2 firewall filters in there as well, and you can see that the syllabus is pretty hefty.
How difficult was the exam? Very difficult indeed. Trust me when I say that this exam is no joke. Though amusingly, the very first question was one of the easiest I’ve ever seen on a P-level exam. And then the rest were a true challenge. I spent my entire time questioning how well I was doing, and I’m convinced they put the easy question at the start just for a giggle, to lull you into a false sense of security.
The questions are all multiple choice. There’s no simulated labs; instead they give you lots of questions that actually involve configuration that’s broken, questions asking what the effect of some config is, or detailed debug output. The result is that a lot of the questions still feel very real-world and practical.
Of the 65 questions, the vast majority of them were satisfying. There was a small number that seemed like unusual choices, whether through poor wording or through odd choice of question in general. But we all know that every vendor exam has a few questions like that. It wouldn’t be an IT exam if there weren’t at least three questions that make you wonder whether the writer even speaks English. Luckily, most of the questions were excellent, and I’d strongly encourage you to try for the exam yourself.
Having now done it myself, I can honestly say I have a lot of respect for anyone who is JNCIP-ENT certified. Apart from myself, who of course I have no respect for.
HOW DOES JNCIP-ENT COMPARE TO CCNP-RS?
Yep: I’m writing this blog post in Jan 2020, before the CCNP-RS gets renamed to CCNP-Enterprise! Hmm, I wonder where they got the idea for that name from.
Anyway, it’s difficult to say. For a start, JNCIP is one single exam, which means you need to know all the topics at once. In CCNP you can study the topics in a more compartmentalised way. For me, the fact that you need to know everything in one go increases the challenge considerably. It also decreases the total cost of getting the cert!
There’s significant differences between the two syllabuses. On first glance it seems like the CCNP-RS has more topics: EIGRP, DMVPN, DHCP, and general TCP/IP are all covered in detail on the Cisco cert, to name just a few. (I think I’m right in saying that TCP/IP theory doesn’t often explicitly appear on Juniper certs: for better or worse, Juniper seem to often expect you to learn that separately.) Then again, JNCIP-ENT has multicast and Quality of Service, and introduces EVPN/VXLAN. Each of these is a huge topic in itself, let alone all three together. It’s a substantial commitment in terms of learning. CCNP-RS has more topics in total, but it felt to me like JNCIP-ENT went into more detail with the topics it has.
It’s clear to me that as much as people want to compare them, in reality they’re not the same kind of exam. In fact, the syllabuses are different enough that I actually think it’s not possible to accurately compare the two. If you twisted my arm and made me choose, having done both I’d say I personally found JNCIP-ENT harder simply for the fact that you need to know all the topics going in to the one exam. I like this increase in difficulty: you’re not a true CCNP-RS or JNCIP-ENT unless you actually know all the topics, after all. But that doesn’t make the JNCIP-ENT any more or less valid than the CCNP-RS.
If you only have time for one, choose the one that’s most relevant to your career. You’ll learn a huge amount from either of them, and you’ll come out of either exam a better and more confident engineer.
HOW LONG WILL IT TAKE ME TO STUDY FOR JNCIP-ENT?
Let’s say you’re fresh out of JNCIS-ENT, and you’re perhaps a year into your career. If you can give 8 hours a week to studying, I’d say it will take about a year to pass it. That’s 416 hours, or 10 weeks of full-time studying. That seems like a lot until you remember that it’s about a week per-topic, which I would say is reasonable and realistic.
For me, my study time was one month from the point of deciding to take it. However, I’d also been studying hard for the previous two years with the aim of getting the JNCIE-SP. There’s a fair amount of overlap between the ENT and SP tracks, so I’d already studied half the syllabus at great length. I’ve also passed CCNP twice in my career, so although layer 2 tech isn’t something I often use in the ISP world, the concepts weren’t brand new to me.
In fact, with all the overlapping content between the Service Provider and Enterprise tracks, in November 2019 I thought I’d take a punt on the JNCIP-ENT exam to see how I’d do. I sat it the day after doing JNCIE-SP. I failed by 2%. I mention all that to help you gauge for yourself what level you might need to be at before booking the exam in. If you’ve done the SP track already, it won’t take you too long to fill in the gaps.
DO I NEED TO READ EVERYTHING ON THIS READING LIST?
All of it? No. Most of it? Yep!
The JNCIP series are very difficult exams that covers a lot of topics in great depth. Remember, this cert is one level away from Expert, so you really are expected to know your stuff.
But the reading list isn’t as bad as it seems. In a moment I’ll introduce you to the old JNCIA/S/P/E books. Each one is massive – but if you’re going for the JNCIP then you’ll already be at JNCIS level, which means you’ll know most of the stuff in the early chapters of the books already, so you’ll storm through that.
And yes, there’s lots of other physical books and e-books, but again, you don’t need to read every word of every page. There’s plenty of chapters you can return to when it’s JNCIE time, and not all the chapters are mandatory. I’m giving you multiple options so you can read a little from all of them, and find which ones work best for you.
Yes, there’s a lot to read. Then again, if you’re studying over the course of an entire year, it’s actually not that much, right? Take your time, read it all slowly, lab it up – and remember to enjoy it! All of this tech is extremely cool and incredibly fun. When you master it, you’ll feel like some kind of internet wizard. Study it all with a smile and a curiosity and an excitement, and you’ll get there for sure.
And on top of the resources below you’ll want to lab everything up as much as possible. Lab lab lab lab lab, that’s the key to success! But you know that already, so let’s say no more about it.
LEGAL DISCLAIMER THAT I SHOULDN’T REALLY NEED BECAUSE I’M JUST A GUY WITH A BLOG, IT’S NOT LIKE I’M SOME KIND OF OFFICIAL EXAM REPRESENTATIVE, I’M JUST DOING THIS TO HELP PEOPLE, BUT YOU KNOW WHAT PEOPLE ARE BLOODY LIKE NOWADAYS, THEY’LL SUE YOU FOR BREATHING TOO LOUDLY NEAR THEM. JUST READ THIS NEXT BIT AND THEN CHILL OUT MAYBE? HOW ABOUT THAT FOR AN IDEA?
1) I AM NOT, IN ANY WAY, CLAIMING THAT IF YOU READ ALL THESE BOOKS,
YOU’LL HAVE 100% OF THE KNOWLEDGE YOU NEED TO PASS THE EXAM.
2) THESE BOOKS AND LINKS IN NO WAY REFLECT THE QUESTIONS I SAW IN THE EXAM.
YOU ARE ENTIRELY RESPONSIBLE FOR YOUR OWN STUDYING.
THE READING LIST
FREE ONLINE JUNIPER LABS, VIA YOUR WEB BROWSER
— Did you know that Juniper’s vLabs website lets you spin up live virtual routers, pre-configured and cabled with complete topologies of BGP, OSPF and IS-IS routers? And did you know that once the VMs are live, you get complete access to the entire Junos command-line so you can experiment with pretty much anything you like?
If you’re not yet ready for network emulation tools like GNS3 or EVE-NG, give this a go. It’s such a neat way to learn, and it’s completely free! You’ll need a business email to sign up (ie not Gmail or whatever), but that’s the only caveat. Choose your topology, go grab a coffee while you wait 15 mins for the VMs to be created especially for you, and enjoy 3 hours of lab time. And when the 3 hours are almost up, just save your configs into a text file, spin the VMs up again, put the configs on again, and carry on where you left off.
Did I mention that it’s free?
MULTI-TOPIC STUDY GUIDES
BOOKS: The Sybex Series (JNCIA) (JNCIS) (JNCIP) (JNCIE)
— These four books are old as heck. Like, over 75,000 (fifteen) years old. As such, there’s some topics in here that you don’t need to know about. There’s also plenty of topics on the current syllabus that aren’t in these books.
However, for the topics in this book that are also on the current syllabus, they’re explained brilliantly and should absolutely be your first port of call when you’re hitting the JNCIP-ENT exam. OSPF, IS-IS, and BGP are all explained to a very decent level. Multicast and Class-of-Service are in here too. That’s like half the exam!
Don’t be fooled by the names of these four books: they were written back when the exams were very different, so the certification named on the front cover bears no resemblance to the current exam. For example, the JNCIA book is where you’re going to find a guide to multicast, which isn’t on the current JNCIA at all. Then, skip forward to the JNCIE book, and you’ll find a guide to multicast troubleshooting!
These books are all out of print now, but you can get a lot of them 2nd hand for about £20 on your favourite online bookstore of choice. And the PDFs are free from the Juniper site. Just Google for “sybex jncia filetype:pdf” (for example) and you’ll find them ready to download.
(PROTIP: When the book starts explaining headers of PDUs, LSAs etc, do a Wireshark packet capture of your own, or Google for one, and refer to that. It’s infinitely easier to read a colourful Wireshark capture than it is to follow the way they’re laid out in these books, which is basically like a Microsoft Word table. And don’t worry about memorising every single header of every single packet. A lot of the tiny details aren’t hugely important for JNCIP.)
BOOK: DAY ONE: CONFIGURING EX-SERIES ETHERNET SWITCHES (PDF)
— I read this a while ago, and it’s fantastic. The authors Yong Kim and David Nguyen do a great job at introducing you to EX switches, layer 2 technologies in general, and the options available to you.
Spanning Tree, LLDP, access-port security, and even multicast are all featured in this book. There isn’t loads of detail, but the stuff that is in here is really excellent.
If you’re starting out on your Juniper Layer 2 journey, start here. It’s less than 100 pages, and it will definitely help you on your way.
OSPF and IS-IS
WEB PAGE: My own three-part deep-dive into IS-IS, for JNCIS candidates. (Part 1), (Part 2), (Part 3)
— Haha, a shameless plug! Give these three pages a read to find out how IS-IS functions, how it’s different from OSPF, what the packets are like, and the cool things you can do with it. I like to think it’s a good primer!
BOOK: OSPF and IS-IS: Choosing an IGP for Large-Scale Networks
— What a brilliant and readable book this is. You might remember Jeff Doyle as the man behind the mighty CCIE books, and boy does my guy Jeff know his stuff. Read this book cover to cover and you’ll be bullet-proof when it comes to IGPs.
The only caveat I’ll give to this book is this: as very readable as it is, I wouldn’t go into this book knowing absolutely nothing about IS-IS. Give my primer a read first, and then buy and read this excellent book.
RANDOM USEFUL WEB LINKS
— Area types and operations (via InetZero)
— Stub areas vs stub networks: what is the difference? (Via Network Fun-Times. That’s me!)
— Summarize and restrict routes (via InetZero)
— Leaking routes between OSPF and IS-IS using RIB groups, Instance Imports, and Logical Tunnels (via Matt Dinham’s blog)
— The OSPFv3 database (Me again! I wrote this years ago! Cisco examples, but still useful I think?)
I actually used the old Sybex JNCIA/S/P/E books to learn BGP. Those old-old-old exam books do a great job of explaining the concepts to a deep level of detail. If you read and understand all the BGP stuff in there, and you combine it with plenty of lab time, you’re well on your way towards being exam-ready. In addition, look at these:
JUNIPER KNOWLEDGE-BASE: BGP Overview
— This link is the front page to a TON of free documentation on BGP. Notice on the left that it’s all broken down by topic. You’ll see categories like “Basic BGP Configurations”, “Using Route Reflectors”, and “Monitoring and Troubleshooting”.
You won’t need all of it: for example, the “BGP-Based VPN” section is firmly for the Service Provider world. You can skip any BGP stuff that relates to MPLS. But if you’re after a second resource for Juniper-focused BGP, this is a good place to look.
VIDEO: CBT NUGGETS – Jeremy Cioara’s BGP guide
–If you have a CBT Nuggets subscription, give this a watch. And if you don’t, get your boss to buy a multi-user subscription for the team. This particular series was massively helpful when I was first learning BGP. It’s entirely Cisco focused, but the concepts are all the same. You already know Jeremy is the best of the best when it comes to explaining things.
CLASS OF SERVICE (COS)
EBOOK: Juniper Networks J-series Services Routers Quality of Service
— Not only is this one of the most clear and readable guides to Juniper QoS that I’ve ever seen, it even answers some questions I wasn’t even able to find answers to on Juniper’s website! It’s fairly old – as you can see, it was written for J-Series routers, which are extremely end-of-life now – but it’s almost all still totally relevant. Start here for sure.
EBOOK: Day One: Junos QoS for IOS Engineers
— I don’t know how to do QoS on IOS, but still, I found this to be a very readable guide, and it definitely did a lot to help me get to grips with the various bits of the hierarchy, and how it all fits together. A must read, and a great place to start. (There is also a Day one guide to CoS and QoS, but I personally found it very difficult to understand. The Junos QoS For IOS Engineers is another good starting point!)
BOOK: QoS-Enabled Networks
— This book is a serious deep-dive into QoS. You don’t *need* to read this book for the exam – but I’d highly recommend reading it if you want to be supremely confident at Quality of Service.
JUNIPER KNOWLEDGE-BASE: Overview of Junos Class-of-Service
— Just like with the BGP piece above, this is a link to the front-page of a ton of documentation on the Juniper website. Check out the contents list on the left. You’ve got so much stuff on here, from packet markings to packet flow through a box, from classifiers to re-write rules, and so much more.
I want you to understand though that this Overview page, like all of Juniper’s Overview pages, is not a complete list of everything. For example, the only page on there about policers is a page called “Overview of Policers”. I found a different page on the Juniper website called “Policer Implementation Overview“, with an entirely different contents on the left linking to a ton of useful stuff regarding policers. (Confusingly though, the Policer Implementation Overview page is a different page to the “Overview of Policers” page. A bit like the Judean People’s Front / the People’s Front of Judea, I expect.) What I’m saying is: all the info you’ll need is on the Juniper website – you just need to put on your Sherlock Holmes hat and hunt for it. By which I mean “googling for the thing you want to learn”.
YOUTUBE: Decoding Packets: Deep-Dive Into Multicast.
— This channel taught me multicast. They take such a detailed look into multicast that it’s often at CCIE/JNCIE level. They build a big topology, talk you through debugs/traceoption and packet capture output, and thoroughly cover the various messages that go back and forth. Honestly, I’d watch this before anything else. A truly brilliant explanation of many of the concepts you’ll be expected to know as a JNCIP-ENT.
BOOK: Interdomain Multicast Routing
— Pretty much the definitive guide to multicast. Contains both Juniper and Cisco examples, which is great for finding out those inter-vendor quirks. You’ll definitely be wanting a copy of this. Note: it’s veeeery old now, but still great.
JUNIPER KNOWLEDGE-BASE: Multicast Overview
— Yep: once again there’s a whole heap of documentation on the Juniper website. That link there is the front page to the general multicast page, with loads of great stuff on configuration and troubleshooting. There’s also a separate page called the Multicast Protocols User Guide, which has lots of configuration examples. Give them a good read.
WEBSITE: Network Fun-Times
— Hey, that’s me! At the time of writing this, I’ve just started a new series on multicast. It’s early days yet, but I’ve already written an intro to the protocols involved in multicast, as well as the start of a deeper dive into IGMP. Give them a read!
That EX Series Switch book I mentioned above is a good place to start if you want an intro to spanning tree. After that, check these out:
BOOK: Junos Enterprise Switching
— Another book that’s old but great. This whole book has loads of useful stuff in it, starting at the beginning of LANs and VLANs and working its way up. The spanning tree section is great, and although it’s not extensive enough to be a single source of exam knowledge, it’s a strong place to start. There’s also an equivalent book for Enterprise Routing, too.
JUNIPER KNOWLEDGE-BASE: Spanning Tree Protocol Overview
— Once again, Juniper has lots of good articles on spanning tree on their website. For example, you can read about how to configure Rapid Spanning Tree at this link. You can learn about BPDU Protection at this link. And elsewhere on Juniper’s site, you’ll find pages like this to help you configure MSTP. Note: that last page isn’t mentioned in the contents of the Spanning Tree Overview section. Once again, be aware that the Overview pages in Juniper’s KB aren’t a complete collection of every single thing written on a topic. Search the KB for other articles on the topics you’re studying. You’ll find a wealth of information if you search for it.
Do you know what ELS stands for? It’s Enhanced Layer 2 Software. A few years ago it was an effort by Juniper to standardise the way they do layer 2 stuff across their entire product set. One Junos, and all that. I can’t find a page on the Juniper site that neatly explains it, which is bizarre considering how important it is to understand. Take a look at this Reddit thread for a primer.
ELS isn’t explicitly mentioned on the syllabus, but you’ll want to be aware of the concept while you’re Googling for layer 2 configs. Sometimes you’ll see a non-ELS (ie old) and an ELS (ie new, meaning from like the past 8 years or something I think? Might be less, I dunno) way of configuring things. You’ll only be tested on the new way of doing things, so you can skip over the old stuff for the exam, but it’s worth reading the old way anyway because you’ll definitely come across old switches in the real world. Learn the new way for the exam; learn both ways for the shop floor.
JUNIPER KNOWLEDGE-BASE: Understanding Layer 2 Networking
— This is the front page to the aggregation of a LOT of Layer 2 information. On the left you’ll see the list of topics, and you’ll spot the ones that are relevant for the exam, such as “Configuring Private VLANs”, “Configuring Link Layer Discovery Protocol”, and “Configuring Layer 2 Protocol Tunnelling”.
Remember: just because something isn’t explicitly mentioned on the syllabus, doesn’t mean it won’t appear on the exam. At JNCIS level you learned about general layer 2 networking, MAC learning, flooding, ARP and proxy ARP, MAC table ageing, and so on. It’s implied that these are topics you should know as a JNCIP, so give them a read if you’re not comfortable with them. You’ll find all that and more on the bar on the left of that link.
JUNIPER KNOWLEDGE-BASE: Junos Fusion Overview
— Junos Fusion allows you to take many switches across your estate, and aggregate them into one single control plane. It’s the kind of tech that you’d only get hands-on with if you worked for a big enterprise. Or if you’re a millionaire. So, chances are you’ve not used it, and won’t get a chance to use it before the exam. If so, double your efforts to learn how to configure it, to learn the terminology involved, and to learn the commands available to you if you ever were to troubleshoot Junos Fusion in the real world.
As always, the Juniper site has you covered for studying it. Start at that front page of the Overview, and you’ll see lots of good articles in the bar on the left, like “Understanding Junos Fusion Enterprise Components”, “Understanding Junos Fusion Ports”, “Configuring or Expanding a Junos Fusion Enterprise”, and “Verifying Connectivity, Device States, Satellite Software Versions, and Operations in a Junos Fusion”.
MISC RESOURCES: Private VLANs
— I must confess that I find Juniper’s way of doing Private VLANs a bit complicated. The excellent Mellowd blog agrees. It’s a tricky topic to explain because the config isn’t massively logical, but he does a great job of trying to explain it here. This post really helped me a lot.
The biggest challenge with Private VLANs is understanding how it works over multiple switches. Private VLAN trunk links have a confusing configuration. Spend some time understanding how it works. This page on the Juniper knowledge-base explains all about it.
JUNIPER KNOWLEDGE-BASE: MVRP
— Multiple VLAN Registration Protocol is used between switches to automatically advertise new VLANs. You touched upon it in your JNCIS studies. Now take it to the next level, with this very thorough page on the Juniper knowledge base.
JUNIPER KNOWLEDGE-BASE: QinQ Tunnelling
— This is another page that’s linked off of the general Layer 2 page, but as QinQ is explicitly mentioned on the syllabus, I wanted to bring your attention to it. And once you’re done, read this page on Layer 2 Protocol Tunnelling.
MISC RESOURCES: Filter-Based VLANs
— Weirdly, when you google for this phrase, there isn’t a single page on the Juniper website that mentions it. Which is weird, right? Considering it’s written exactly like that on the syllabus? Luckily other people have asked what on earth this means, and the consensus is that it’s the ability to use a firewall filter to assign traffic to a VLAN based on certain match conditions. Here’s a link on the Juniper forums that explains it, and here’s a link on Reddit that also explains it.
I recommend studying all the layer 2 options available to you in a firewall filter, both in terms of match condition and also what you can do with the matching traffic.
LAYER 2 AUTHENTICATION AND ACCESS CONTROL
Do you know about 802.1x? I didn’t until recently. Turns out that it’s made up of two separate protocols. The host (or “supplicant”) talks EAP to the switch (or “authenticator”), and the switch then talks RADIUS to the Authentication Server. This post here does a message-by-message breakdown, with packet captures. It’s a great write-up, well worth a read.
JUNIPER KNOWLEDGE-BASE: Access Control and Authentication on Switching Devices
— You can once again rely on the Juniper website to give you a ton of stuff on this. You’ll see in the Contents Page on the left of that link that this part of the website has info on 802.1x, MAC RADIUS, Captive Portal, and how you can combine them. It explains what happens if any or all of them fail, the order of operations, and much more. Make sure you’re very fluent in all of this!
IP TELEPHONY FEATURES
JUNIPER KNOWLEDGE-BASE: Power Over Ethernet
— At the risk of sounding like a stuck record: The Juniper website is great for this. Here’s the front page of the Power over Ethernet Features guide for EX Series Switches, containing pages on understanding it, configuring it, upgrading it, monitoring and troubleshooting it, and more.
JUNIPER KNOWLEDGE-BASE: LLDP
— LLDP is one of those things that folks definitely get complacent about. You just think “oh you turn it on and it does its magic, what is there to know”. Don’t make that mistake for this exam. Get your head in the game, and learn not only how the protocol works, but how you can tune it.
JUNIPER KNOWLEDGE-BASE: Voice VLANs
— There’s a very long page here that gives a few scenarios for configuring voice VLANs. In isolation they’re not too difficult, but ask yourself: are you sure you know how this combines with 802.1x and LLDP? Make sure to be confident on this stuff!
Oh boy. Oh boy oh boy. Your guy over here saw EVPN on the syllabus back before his first attempt in November, and thought “aah they probably just want you to know what it is, nothing more.” Nope. You not only need to know what it is, but how it works, the messages it sends, the packets it sends, the route types, the way redundancy works, how to configure it, and how to troubleshoot it. DON’T BE COMPLACENT. Study it, and make sure you truly know it.
BOOK: MPLS in the SDN Era
— This is one of my favourite networking books ever, ever. Ever! MPLS isn’t covered anywhere in the JNCIP-ENT, but if you can get hold of this book then you’ll find so much great stuff in the chapter on EVPN. It’s so gosh darn good. Expertly and clearly written, as is every chapter in this heroic creation.
There’s a few ways of carrying EVPN traffic. VXLAN is one of them, and MPLS is another. You can guess which version this book covers! But the actual MPLS content in this particular chapter is very small indeed. What this chapter does cover is the control plane of EVPN, and the routes advertised. It also gives some great examples of configuration and operational commands. There’s a couple of moments when this chapter refers to knowledge it taught earlier in the book, but not too many. You should be fine to jump straight to this chapter.
JUNIPER KNOWLEDGE-BASE: EVPN User Guide
— This is another one of those Juniper front-pages to a ton of useful stuff. Click that link and look at that extensive list of articles on the left. You’ll spot the ones that are relevant to this certification: sections like “Features Common to EVPN-VXLAN and EVPN-MPLS”, “EVPN-VXLAN”, and “Troubleshooting”, among others.
EVPN Multihoming is mentioned on the syllabus. This is the Overview page to it, and as usual you’ll notice plenty of pages in the contents list on the left that explain how to configure it in different scenarios. EVPN gives you lots of control, but with that control comes lots of potential options to learn and understand. You’ll notice that this page is linked in the “Features Common to EVPN-VXLAN and EVPN-MPLS” section.
One more page I’ll highlight in that section is the Mac Mobility Overview. This is the idea that a virtual machine can suddenly be moved from one data centre to another, and how the route advertisements deal with it.
YOUTUBE: VXLAN – NETWORK DIRECTION
— This is a great channel. The guy calmly and gently explains VXLAN over a series of 10 minute videos, including the terminology and the packet structure. What a nice thing he did in making this series!
The JNCIP-ENT is tough. It’s also well within your capacity to win. If you put the time in to reading and labbing, you can definitely do it! Start with your favourite topics, and let excitement and curiosity carry you down the rabbit hole of networking. Even when it gets tricky, never forget how fascinating and magical it is that a video can get from one side of the world to the other in almost a blink of an eye. Open the books, read far and wide, and have a great time learning.
And if you fancy some more learning, take a look through my other posts. I’ve got plenty of cool new networking knowledge for you on this website, especially covering Juniper tech and service provider goodness.
It’s all free for you, although I’ll never say no to a donation. This website is 100% a non-profit endeavour, in fact it costs me money to run. I don’t mind that one bit, but it would be cool if I could break even on the web hosting, and the licenses I buy to bring you this sweet sweet content.
Good luck pals!