Since my FAQ on the JNCIP-M continues to be one of the most popular posts I have written here on my blog, I guess it makes sense to compliment that with a similar FAQ for the JNCIE-M lab exam. For consistency, I will try and answer all the same questions I did for the JNCIP (this time with the JNCIE in mind) and add in some JNCIE specific Qs and As as well. As always, your feedback and additional questions are welcome!
Q: Is an olive lab suitable for exam preparation?
A: Yes, I used an olive lab to prepare for both my JNCIP and JNCIE. That said, it gets a little hairier when studying for the JNCIE than for the JNCIP:
Q: Are there any problems with using an olive lab exclusively when preparing for the JNCIE-M?
A: Yes, there are issues. You will of course have the same problems surrounding every interface being an fxp interface and the same general bugginess you saw when studying for the JNCIP-M. Additionally, you will likely have at least some problems with multicast, firewall filters and CoS. This means that it will be a bit harder to study for the JNCIE in an all-Olive lab than studying for the JNCIP was. Overall the problems are still outweighed by the price and availability of building an olive lab vs a full M (or T) series lab, but if you can get access to a “real” test bed – I highly recommend it.
Q: Which topics should I focus on in my studies?
A: You really do need to understand all of the topics covered in the JNCIP-M Study Guide [PDF] and the JNCIE-M Study Guide [PDF]. Don’t forget to review the JNCIP-M guide again as at least one section of the JNCIE-M exam is almost straight out of that guide and much of the knowledge needed during the JNCIE is from the JNCIP material. Some important topics to be particularly aware of during your studies are:
- Network discovery, evaluation and troubleshooting.
- Exchanging routes between up to 3 different IGPs across multiple redistribution points while maintaining a loop-free, stable and redundant topology.
- Scalable, redundant and complex MPLS and MPLS-TE network setup.
- L2 and L3 VPNs.
- Large multicast forwarding topologies (including multi-AS scenarios), using a different logical topology than unicast traffic.
- CoS design and replication based on specific criteria.
Q: What is the format of the test, how will the questions be posed?
A: Much like the JNCIP test (and the study guide case studies), you will be given a list of requirements, broken into sections. The sections are again similar to the chapter topics, this time those in the JNCIE book (Discovery and Verification, MPLS and TE, etc). The JNCIE is different however in the way that the requirements are posed, while the JNCIP followed the book very closely, the JNCIE diverges a bit more and is a bit less direct. Instead of step by step instructions like you experienced with the IP exam, there is a more indirect ‘figure out what these requirements mean and then follow them’ type approach. For this reason I highly recommend that you read all of the requirements at least twice and ask the proctor plenty of clarifying questions as you work through them.
Q: Will I be required to configure all protocols on a single test-bed with different scenarios?
A: Not entirely. Again like the IP, the IE exam does not cover every possible scenario all in one test.
Q: Are the Study Guides enough preparation or do I need to take a bootcamp?
A: I have never taken any exam bootcamps so I can’t say much on this topic, at least not without running the risk of being wrong ;). So I leave this choice up to you, but I would say that experience is crucial to passing a lab test as demanding as the JNCIE-M and that I don’t think a bootcamp will be able make up for a lack thereof.
Q: What do I need to know that is not in the Study Guide?
A: You will again need to be familiar with JUNOS’ command completion and the various ways to load a configuration (or portions of a configuration) in JUNOS (cut-and-paste is your friend). You will also need to have skill and experience troubleshooting existing networks; quick effective troubleshooting is very hard to study and mostly must be learned through trial by fire lessons and genuine experience.
Q: Is time an issue?
A: Just like the JNCIP-M, the JNCIE-M is a timed exam and so time and speed must be considered. f you are truly prepared for the exam, 8 hours should be plenty of time to finish. Don’t try to speed through it though – mistakes are much more costly than the time it takes to re-read a requirement, ask a question or verify your network. Use the shortcuts available to you and take your time to do things right the first time.
Q: Exactly how many routers you need to set up a lab to practice in?
A: The case studies in the book use 7 routers, plus there are the customer, peer and transit routers. But you don’t need that many if you use logical or virtual routers. If you are using olive(s) instead of real routers, you can use vmware and create all the olive routers on one PC and if you have a “real” router, you can set up many logical routers on one chassis. Because we had a bunch of old p3 PCs laying around and access to a couple M10s, my co-worker built our lab with 5 olive PCs and 2 m10s. On one of the M10s, we set up all the logical routers to act as CE and peer/tran routers.
Q: What version of Junos should I use to practice on?
A: The tests now use JUNOS 8.1, so that would be the best to practice on but it is not critical – most commands are available across most versions.
Q: How is the JNCIE-M exam different from the JNCIP?
A: The one thing that is critical in the JNCIE and not present in the JNCIP is troubleshooting. Because you start with an existing network instead of a blank slate, there is some cleanup that is needed to meet your objectives. Make sure that you know how to find, evaluate and fix network problems in addition to being able to configure the network. In particular, pay attention to IGP route sharing – like RIP to OSPF, OSPF to IS-IS, or IS-IS to RIP to OSPF and back to RIP, etc…
Q: How will I know when I am ready for the test?
A: This is a bit harder to judge for the JNCIE-M than it is for the IP because of the troubleshooting aspect. You should again strive to be able to complete all of the case studies in under 90 minutes each but evaluating your network discovery, verification and most importantly troubleshooting and correction skills is a bit harder. If you have strong experience in an operations environment, you should be ok for this part.
Good Luck! and remember, don’t panic!
Few important topics before you enter the exam room:-
1. redistribution between OSPF, RIP and ISIS, make sure how to use policy to stop route looping.
2. how to establish a MPLS LSP from a router within NSSA
3. how to use route reflector for L3VPN routes
4. how to prevent sub-optimal route when you have mutual redistrbution point
5. Two routers, R1, R2 in NSSA, and another two router, R3 R4 in another NSSA area, how to estabish 2 MPLS, R1->R4, R2->R3 via 2 different path.
6. How to use additonal route target to identify a site within a L3VPN. Basically, you need to tag additional route-target on top of a route-target
7. How to prevent routing loop when two sites within a L3VPN has a backdoor connection
8. Know how to tourbleshoot a failed MPLS LSP setup, due to looping (when use only 1 loose hop)
9. Konw how to troubleshoot a route not advetised due to wrong policy when redistribution
10. Know how to configure non-revertive 2 LSP backup each other
Regarding the rooting loop through a backdoor. When these sites are in different AS ? How do you do to avoir loops without SoO ?
You DO use a Site of Origin community. This is the first thing my quick web search turned up: http://www.juniper.net/techpubs/software/junos/junos95/swconfig-vpns/id-10296579.html. It appears to be a fairly relevant example.
This is a fairly easy thing to do especially when you have a customer connecting to your provider network with back door connections. Simply tag their routes with a community string of something like origin:ASnumber:xx and have your policy match this origin and block it from re advertising it back to to the same site. I think you might also be using as-override towards the customer for the loop condition to happen.
Can you shed some light on how to implement item #2 and #5 ?
I have not had the time to look this up but I am fairly certain that building LSPs from routers in a stubby/NSS area to another area is covered in the study guide.
Key point here to remember is to use strict paths where you nail down every interface hop. Also for a topology where you have different routing area/domain you have to turn off cspf in your lsp tunnel for it to come up. It’s all in the book :)
Regarding using RR for L3VPN, you mean anything other than standard IPv4 RRs ? adding just inet-vpn family should be ok.
BTW, Would be here ok to configure 2xP routers as a RRs or should be done on the PEs ?
Just using 2xRR and 1x cluster id ?
There is only 1 way to configure ibgp for L3/VPN routes. You should take precaution on JUNOS’s behavior of how it handles vpn routes on a RR. It should be in your JNCIS book which I highly advise for you to go read. I’m still waiting for those guys to return my score after 3+ weeks…
They have been pretty slow the last half of this year it seems – good luck, hopefully you’ll hear soon. The waiting is the worst part!
Finally, passed :)
On an OSPF ABR (area 0 and 30) with ISIS redistribution, is there any way to limit certain ISIS redistributed routes to area 0 only and not sending to area 30?
For internal you can use area-range/restrict to summarize and block routes from one area to another.
For external you can’t so it has to be summarized at the edge. You can still block it from leaking down to none area 0.
could you please, explain how You can still block external routes from leaking down to none area 0.
Could you let me know how much of multicast,ipv6 and COS is in the exam?