Preparation Tips for the JNCIE-ER Certification Exam

Monday, April 04, 2011

Stefan Fouant


As many of you know, Juniper is currently undergoing a massive effort to update their certification program. 

The previous track in 'Enterprise Routing' is now changing to 'Enterprise Routing and Switching' incorporating elements from the previous certification track in addition to some new elements essential to Enterprise switching such as Spanning-Tree, VLANs, Layer 2 Security, as well as High Availability features like Virtual Chassis. 

We can expect that a lot of the topics like Firewalling and NAT will be removed from this exam as these topics will more properly appear in the Security track.

Although the new JNCIE-ENT certification is planned to be released in August 2011, there are many of you who are currently pursuing the existing JNCIE-ER before time runs out. 

The good news is that Juniper plans to continue offering the existing JNCIE-ER exam until October 2011 so there is still quite a bit of time for those who are interested in attaining this certification.

There probably isn't a single day that goes by that I don't receive an email inquiry from someone currently pursuing the JNCIE-ER with a request to learn from my experiences and test preparation techniques. 

And although this exam will only be available for another 7 months, I thought I'd write about my preparations and experiences with this exam so those candidates might benefit - not to mention it prevents me from having to keep repeating myself over and over again...

Building the Lab

For this particular exam, you are really going to need to get your hands on several J-Series routers, or at the very least some M/T/MX-Series routers with Adaptive Services capabilities (NOTE: This might require additional hardware on non J-Series devices, such as an Adaptive Services PIC or a Multi-Services PIC). 

While it's possible to do a lot of the routing preparation with Olives, a good majority of the exam is on services such as Firewalling, NAT, and IPsec. Without the right hardware, a candidate cannot properly prepare for these sections as performing these functions in an Olive is impossible. Olives have no hardware PFE or the appropriate Services PICs or Modules, therefore there is no SP interface which is required to create interface-style and next-hop style service-sets.

If you happen to have a bunch of SSG 300-Series or SSG 500-Series ending in an M in your environment, you may be in luck.  These devices can be successfully converted to an equivalent J-Series box running Junos. For example, an SSG 320M can be converted to a J2320, and an SSG 350M can be converted to a J2350.

The easiest way to do this is to boot the SSG platform from the USB flash drive which has been formatted with the Junos image. An easy way to build a loadable Junos image onto a USB flash drive is to insert the USB flash drive into a working J-Series device and then perform the following function:

request system snapshot as-primary partition media compact-flash

This will copy all the appropriate system files and Junos image onto the flash drive and prepare it for booting on another device.

Once this has been done and the USB flash drive inserted into the SSG, the following commands can be issued to force the SSG to boot into Junos rather than ScreenOS:

set boot junos usb

NOTE: The SSG 300M-series or SSG 500M-series device must be running ScreenOS version 6.1 or later in order for you to perform the conversion. If your device is running an earlier ScreenOS version, you must first upgrade it to ScreenOS 6.1 or later.

A more thorough explanation of the upgrade process can be found here: Converting SSG 300M-series and SSG 500M-series Security Devices to J-series Services Routers with a USB Storage Device.

Exam Preparation Materials

In terms of exam study materials, here is what I used for the exam:

  • 'JUNOS Enterprise Routing' by Harry Reynolds and Doug Marschke. Read it twice if you can
  • 'Advanced Juniper Networks Routing in the Enterprise' courseware and labs which used to be available for free on the Juniper FastTrack site.  These are no longer available publicly, but can likely be found with a little digging.  I definitely recommend going through the labs because they are extremely representative of the types of things that you are likely to see on the exam.
  • 'Adaptive Services' chapter in the JUNOS 'Services Interfaces Configuration Guide' - its 500 pages but will definitely educate candidates on all the variants of Junos Services.
  • The 'JNCIP-M Study Guide' by Harry Reynolds is another really useful addition.  The labs in this book will really help with routing policy and configuration of OSPF, RIP, and BGP.
  • Probably the *single* most useful preparation tip I can give to anyone is to take the JNCIE-ER Bootcamp and/or the Remote Proctored lab exams offered by Proteus Networks.  I haven't personally taken the bootcamp, but I did see the materials from a colleague who sat through it and after sitting the exam I can tell you their Bootcamp is spot on.  On another note, I did take their remote proctored lab exams and once again I am not disappointed with my experience with them.  Rick Schenderlein was my proctor with Proteus and he really took the time to help me understand the areas that I could use improvement on.

As with all Expert level lab exams, a very important tip is to make sure you read the full exam in its entirety before starting a single configuration element. This is truly an expert level exam - one which requires you to think through your design decisions. 

There are often things later on in the exam which require you to go back and reconfigure something you've already set up in an previous section. Reading ahead will allow you to save yourself some time when you've thought your design through fully in advance.

All in all, I didn't think the exam was that tough, but I also had 12+ years of experience working with Junos and a JNCIE-M certification prior to sitting the exam. If you've already got the JNCIE-M, I think it's actually possible to prepare and pass this exam in just a few short months since there is considerable overlap between these two exams. 

In my case, I actually finished the exam in a little over 5 hours and spent another 1-2 hours going over everything just to make sure I had it right. I've heard that most people going in are pretty much down to the wire with time so I'm not sure what happened in my case but simply attribute it to being over-prepared and having spent about a full year of non-stop preparations between the JNCIP-M, JNCIE-M, and the JNCIE-ER exams. 

The trick here, as with preparation for anything, is to be consistent and develop a schedule which you can live with - a few hours a day over a span of several months will serve you infinitely better than studying hundreds of hours the few weeks before your exam. Slow and steady wins the race here... you'll be surprised at how quick a few months can go by when you're motivated and committed to something!

I hope this helps those of you who are pursuing JNCIE-ER certifications, and I wish you the best of luck in your endeavors!

Cross-posted from ShortestPathFirst

Possibly Related Articles:
Information Security
Certification Training Network Security Servers JNCIE-ER Routing
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.