Preparation Tips for the JNCIP-M/T and JNCIE-M/T Exams

So it’s been a while since I’ve posted, and I’m just now getting to a point where I can start writing a bit more, not to mention feeling quite a bit more well rested after a grueling month of December. I was quite busy during the last month as I was doing last minute preparations for my JNCIE-M/T exam scheduled for Dec. 17th, not to mention trying to wrap up several projects before years end. I’m delighted to say that I passed the exam and am now the proud recipient of the highly sought-after JNCIE-M/T designation!  I’d like to take a few moments to share about my experiences with the rest of you who may also decide to pursue this certification.

Before I delve into the specifics of the JNCIP-M/T and JNCIE-M/T preparations, let me suggest that anyone who is interested in pursuing this track start out with the JNCIA-M/T certification, prior to moving to the JNCIS-M/T. While it is possible to skip directly to the JNCIS-M/T certification, there is so much useful information available in the ‘JNCIA Study Guide‘ that I strongly believe it should be at the top of the list for those who are just starting out with JUNOS.

As for JNCIP-M/T, I prepared entirely using the ‘JNCIP Study Guide‘ by Harry Reynolds. Although this book is long out of print, the Study Guide is available as a free download from Juniper’s website, as are the rest of the Study Guides for the Service Provider track. For actual hands-on, I used a testbed comprised entirely of Juniper Olives running in VMware. Yes, it is possible to use an Olive lab exclusively in order to do EVERYTHING needed to prepare for this exam. As this exam is mostly focused on BGP and IGPs there is nothing which actually requires a hardware based PFE or dedicated ASICs, as such an Olive is perfectly acceptable for test preparation.

If you decide to pursue this route and do preparations exclusively in this manner, there are a few things to keep in mind. I’ve found that the initial install of JUNOS requires quite a bit more memory than it does once its finally completed. I was able to successfully run a VM Olive running JUNOS 8.1 (at the time of this writing JUNOS 8.1 was the version being used in the exam) with as little as 48 MB of memory, however CLI response time was incredibly slow. I’ve found the sweet spot to be right at around 96MB of RAM for each Olive VM image.

In order to follow through the examples in the JNCIP Study Guide, you’re going to want to have at least 8 Olive VMs running simultaneously (7 for the actual routers comprising the student’s testbed and another Olive to simulate the EBGP peers using Virtual Routers).  Make sure you have at least 768 MB of available memory you can allocate to your VMs.  Depending on what version of VMware you are running, you might need to tweak the vmnet interfaces so that each Olive has enough fxp0s, and you might also need to stitch them together logically within the VMware configuration files.  Be prepared to get under the hood of VMware configuration in order to get all this working correctly.  Perhaps a better option would be to configure an ESX or ESXi Server and run your images off a high-powered server, where you have loads of memory and virtual switching capabilities.  Another option is to utilize a single hardware-based chassis, such as the MX240 and segment this using Logical Routers (see below for details on this configuration).

Preparing for the JNCIE-M/T exam is a bit more difficult, as it requires actual hardware to perform many of the tasks required of this exam.  Many of the tasks like setting up Multicast or Layer 2 VPN srequire dedicated hardware within the PFE, so using Olives is not an option.  Never fear, it is entirely possible to prepare for this exam using as little as a single MX240 coupled with Logical Routers (Logical Systems in JUNOS 9.3 and above).  You will need a total of ~40 connections to set this lab up so get your hands on a high density 40x1GE card and a bunch of fiber and you should be ready to go.  Make sure the card you use is capable of Layer 3 services, as cards capable of running only Layer 2 services will fall short of many of the configuration tasks.  If you’re short on SFPs or just don’t have enough physical ports, it’s also possible to use logical tunnels to stitch your logical routers together, as in the following example:

logical-systems {
    dc {
        interfaces {
            lt-0/0/10 {
                unit 0 {
                    description dc->r7;
                    encapsulation ethernet;
                    peer-unit 1;
                    family inet {
                        address 10.0.8.13/30;
                    }
                    family iso;
                }
            }
        }
    }
    r7 {
        interfaces {
            lt-0/0/10 {
                unit 1 {
                    description r7->dc;
                    encapsulation ethernet;
                    peer-unit 0;
                    family inet {
                        address 10.0.8.14/30;
                    }
                    family iso;
                }
            }
     }
}
chassis {
    fpc 0 {
        pic 0 {
            tunnel-services {
                bandwidth 1g;
            }
        }
    }
    network-services ip;
}

The last bit is required in order to make sure you allocate a fixed amount of bandwidth on the PFE for the logical tunnels.  The coolest thing about the logical tunnels feature within JUNOS is that you can actually configure them with Ethernet, Frame Relay, or a host of other encapsulation types.  Logical tunnel interfaces behave just like regular interfaces and it’s entirely possible to configure things like IS-IS across them, as can be seen in the above example where ‘family iso’ has been enabled.

Navigating the CLI is a bit unwieldy using Logical Routers if you’re working from the root of the physical device, so its highly advisable to configure individual user accounts for each logical router.  This will enable you to log in to each logical router and be positioned within the root of that logical router as if you were in the root of a real physical router.  This can be accomplished with the following configuration:

system {
        class dc {
            idle-timeout 0;
            logical-system dc;
            permissions all;
        class r7 {
            idle-timeout 0;
            logical-system r7;
            permissions all;
        }
        user dc {
            uid 2014;
            class dc;
            authentication {
                encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
            }
        }
        user r7 {
            uid 2010;
            class r7;
            authentication {
                encrypted-password "xxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
            }
        }
    }
}

In addition to the above lab setup, I used the ‘JNCIE Study Guide‘ from Harry Reynolds.  While this is an excellent book in preparation for the exam, my advice is to make sure you also read through the ‘MPLS Applications’, ‘Multicast’, and ‘VPN’ Configuration Guides, and be familiar with as many knobs and configuration options as possible.  You are also going to want to make sure you understand IS-IS and OSPF as well as BGP in an even deeper fashion than that required in the JNCIP-M/T exam.

As a word of note, in preparing for both the JNCIP-M/T and the JNCIE-M/T exams, make sure you have a good handle on how to use ‘load merge terminal relative’, ‘load patch terminal’, and when to copy and paste portions of code simply using ‘show | display set’.  It’s equally important to know which one of the above commands to use in a given situation. For example, when copying changes to several stanzas from one router to another, it’s often quite a bit easier to use the ‘load patch’ command as you won’t have to copy snippets from portions of different stanzas into a notepad prior to loading into the target router. Little things like this can save quite a bit of time and will come in handy when your time would be better served trying to focus on troubleshooting why your IGP isn’t coming up.

Finally, I should mention that I also utilized the services of Proteus Networks which offers remote-proctored JNCIP-M/T, JNCIE-M/T and JNCIE-ER practice exams on their lab gear.  For $800, their package consists of two 8 hour labs comprising a wide variety of topics you are likely to see on the exam.  When you are finished with each, they will grade it and give you feedback on how well you performed.  What I liked about Proteus is that they even let me play around with the gear after my exam was graded, and allowed me to go and fix some of my mistakes.  In addition, they were highly responsive to my emails, and answered all of my questions in a timely manner.  Looking back, I don’t think I would have been able to pass the JNCIE-M/T exam without the use of their services as there were several subject areas identified throughout their exam which required additional focus.  In my opinion, their remote-proctored exams are a genuine bargain for the price and anyone who is preparing for the JNCIE exams should seriously investigate their offerings.

All in all, the total study time for JNCIP-M/T was approximately 2 months, and the total study time for JNCIE-M/T was approximately 3 months.  This usually comprised about an hour or two each day during the week reading, and anywhere from 10-16 hours of lab time on the weekends.  I’m lucky in that I have also worked in a Service Provider environment for several years where I was able to intimately familiarize myself with many of these technologies over a span of many years.  In addition, I have spent a considerable amount of time reading a plethora of books on a wide variety of networking technologies.  If you are new to MPLS, Multicast, Layer 2/3 VPNs, QoS, or IPv6, you may want to factor in additional time into your study schedule.  The trick here is to be consistent and develop a schedule which you can live with – you will be infinitely better served by spending a few hours a day over a span of several months rather than hundreds of hours the few weeks before your exam.  Slow and steady wins the race here… you’ll be surprised at how quick a few months can go by when you’re motivated and committed to something!

I hope this helps those of you who are pursuing either the JNCIP-M/T or the JNCIE-M/T certifications, and I wish you the best of luck in your endeavors!

14 Replies to “Preparation Tips for the JNCIP-M/T and JNCIE-M/T Exams”

  1. Congratulations Stefan. very very nice tips for JNCIP and JNCIE. now a days i m preparing for JNCIP exam. today i have discovered your page a very useful. thanks again and keep it up

  2. Thank you Stefan. You mentioned you used Proteus labs for the JNCIE but I only see “JNCIP Remote Proctored Lab” on their website. I am missing something? Also can you please give me an idea on how important (very little/medium/.high) are topics like ipv6/firewall/multicast in the exam? Thank you

  3. Mark – The Proteus website has been undergoing some changes, I am sure they just haven’t updated the site to reflect their various offerings. I am certain they can accomodate your needs, whether it be for JNCIP-M, JNCIE-M, or JNCIE-ER exam preparations. With regards to your query about the topics, I can’t reveal too much without breaking NDA, but I’d say if you study the JNCIE Study Guide you should be well on your way. As my post mentioned, it probably wouldn’t hurt to read the ”Multicast’, ‘MPLS Applications’, and ‘VPNs’ Configuration Guides. Good luck!

  4. Hello!

    Congratulation for your second JNCIE. 🙂

    I’ve one question for you that how much time is needed for preparation for JNCIE and JNCIP. In a Single day ?? or month ??
    what time you’ve spent for JNCIP and JNCIE?

    Best wishes for your next plan.

    regrds,
    Mehdi Raza

  5. Hi Stefan, so were the Proteus Networks remote labs helpful? Do you recommend it? How many labs did you do with them?

  6. Congrats on you JNCIE.
    I am prepareing for my JNCIE and had a question regarding the logical routers. I configured individual user for each logical router and it worked fine. However when I try to configure an interface it gives the followign message .

    denver:Denver# …d 10 family inet address 192.168.2.2/30
    error: statement not found ‘unit’
    error: could not set vlan-id

    I have to always go to the main router and configure from there.

    Thanks

  7. nice one Stefan!

    you can also use “set cli logical-system dc” to enter to logical-system dc from the root of physical device (this way you don’t need to configure user/pass for log– dc) and you can jump back to root of the physical device by using clear cli logical-system dc as well

  8. how would you create a vrrp setup with logical-system? The problem is that you can only define one peer-unit and in the case of vrrp you need to have at least two peer-unit. Any idea?

  9. Hi Stefan,

    Do you have by any change the configuration files (C and P routers) used for the JNCIE M/T study guide?

    Greetings Robert

  10. Stefan.

    I posted over at techexams but thought I would post here as well to see if you had any advice.

    I’m currently putting together a lab for the JNCIE-SP and just wondering what I do and don’t need. I currently have 2 M10s running JUNOS 10.4 R1.9 – Only 1 is currently working. Each have an RE-2.0 with 512MB RAM. Each has a 4X 100Mb interface PIC.

    I know I can run logical systems and I’ve already got a bunch of logical systems running inside the working M10. As for interfaces I’ve simply running subinterfaces and given each logical router a bunch of subinterfaces.

    Any PICs required or at least recommended? I can buy an Adaptive Services PIC or Tunnel Services PIC, but need to know if either would be useful for the lab.

  11. Hello Stefan. Could you tell me how you configured the PE-CE connection for L2 circuits and VPNs on the MX series router? Did you use logical tunnel interfaces for example? I suppose you used real Ethernet interfaces, however I have difficulties setting this up on the MX series router with logical systems. I know that you need a Tunnel Services PIC for an M/T series router. So did you use any specific hardware, or any specific commands to achieve this?

Leave a Reply

Your email address will not be published. Required fields are marked *