The Juniper Networks Certification Program (JNCP) Enterprise Routing and Switching track permits members to exhibit capability with Juniper Networks technology. Effective candidates show intensive comprehension of systems networking innovation by and large and Juniper Networks enterprise routing and switching platforms.
What Is Enterprise Routing?
After you’ve invested some energy in the networking field, you tend to notice that there is once in a while a solitary approach to do things, and by and large, infrequently a solitary, exact definition for terms. All things considered, regularly a network engineer’s best answer would it say it is “depends.” Such is the situation with enterprise routing, so we should begin off with a definition inquiry: what is an enterprise network? Is it a substantial multinational system utilized by an assembling organization; is it an administration system supporting a state or an area; is it a local system utilized by a sections wholesaler; or is it a system that backings your nearby dental practitioner’s office?
Obviously, it’s most likely these and some more. At an abnormal state, you can express that a enterprise network is one that is utilized to bolster exercises as opposed to producing income, as in an administration supplier’s system. Some may say that in the event that somebody pays you to get to your network, you are giving an administration to him and you’re no more an enterprise network. In any case, that clearing explanation doesn’t generally apply if that somebody is paying you to take care of your expenses to give that administration. Thus, as should be obvious, it depends.
From the viewpoint of hardware platforms, Juniper Networks has assigned the accompanying as enterprise products:
- J-series routers to include the J2320, J2350, J4350, and J6350
- M-series to include the 7i, M10i, and M120 routers
- MX Universal Edge routers to include the MX-80 and MX-240
- SRX Services Gateway to include the Branch Office and the Data Center models
- EX Ethernet switches to include the EX2200, EX2500, EX3200, EX4200, EX4500, and EX8200
In any case, larger enterprise networks may discover stages, for example, the M320 and MX960/480 extremely valuable for their surroundings. Truth be told, the opposite is likewise valid, in that a conventional service provider network might just locate a proper need and use for stages assigned as enterprise routers.
The JNCIS-ENT is a written exam that has been designed specifically for networking professionals who have a beginner to an intermediate level of knowledge in terms of routing and switching implementations in Junos.
The topics of the JNCIS-ENT exams are based on content that the training courses follow and additional resources as well. Clearing the exam provides certification for two years following which candidates have to pass the JNO-343 exam.
The course includes:
- Layer 2 switching and VLANs: Within this students are asked to identify concepts, operation as well as functionality for Layer 2 switching using the Junos OS. This also includes Enterprise switching platforms, frame processing, bridging components, benefits, concepts and the functionality of VLAN’s as well as various other functions relating to the same.
- Spanning Tree: Identification of the benefits, concepts and the functionality of the Spanning Tree Protocol, Convergence and reconvergence, BPDU’s etc.
- Layer 2 Security: Identification of the benefits, concepts and the operation of the various security and protection features, storm control, filter types, port security, DHCP snooping, MAC limiting, firewall filter configuration as well as application.
- Protocol independent routing: Identification of the operation, functionality and concepts of the various protocol independent components of routing, load balancing, filter based forwarding, Martian address, etc.
- Open Shortest Path First (OSPF): Identification of the operation, functionality and concepts of OSPF, router ID, LSA packet types, Router ID, Routing policy application etc.
- Intermediate System to Intermediate System (IS-IS): Identification of the operation, functionality and concepts of IS-IS, TLV’s, levels and areas, metrics, additional basic options, etc.
- Border Gateway Protocol (BGP): Basic operation, message types, attributes etc
- Tunnels: GRE, IP-IP, tunnel considerations and applications.
- High availability: Link aggregation groups (LAG), Graceful Routing Engine switchover (GRES), Virtual Chassis, Nonstop bridging, Unified In-Service Software Upgrade, configuration and monitoring of high availability components.
The JNCIS-ENT is a written exam that has been designed specifically for networking professionals who have an advanced level of knowledge in terms of routing and switching implementations in Junos OS. It also tests the platform configuration along with the troubleshooting skills of the candidates. The certificate that candidates get is valid for a period of two years following which recertification can be obtained by clearing the JNO-643 exam.
The course includes:
- OSPF: Description of the operation, functionality and concepts of OSPFv2 as well as OSPFv3, OSPF LSA types, DR/BDR operation, authentication options, overload, given scenarios demonstration of knowledge of configuration and monitoring single and multi area OSPF. etc
- BGP: Description of the operation, functionality and concepts of BGP, next hop resolution, BGP route selection, BGP communities, BGP attributes, Advanced BGP options, implementation of BGP routing policy, load balancing- forwarding table, multihop, multipath etc.
- IP Multicast: Description of the operation, functionality and concepts of IP multicast, IP multicast traffic flow, PIM dense mode and sparse mode, Anycase RP, routing policy and scoping, concept and operation of RPF, PIM sparse-mode and dense-mode etc.
- Ethernet Switching and Spanning Tree: Description of the operation, functionality and concepts of Ethernet switching, VLAN’s, Layer 2 tunneling, Tunnel Layer 2 traffic through Ethernet networks, etc.
- Layer 2 Authentication and Access Control: Description of the various access control and authentication features of Layer 2, functionality and concepts of 802.1x, server fail fallback, guest VLAN etc.
- IP Telephony Features: Description of the operation, functionality and concepts of the various features that help facilitate the deployments of IP telephony, LLDP and LLDP-MED, Power over Ethernet, Voice VLAN.
- Class of Service (CoS): Description of the operation, functionality and concepts of Junos CoS for Layer 2 or 3 networks, CoS header fields, packet loss priority, polices, shaping, classification, forwarding classes, etc.
When it comes to the pinnacle in terms of Enterprise Switching and Routing certification, there is no other practical exam than the JNCIE-ENT practical exam. This is an exam that has been designed to validate the ability of the network professional to configure, deploy, troubleshoot as well as manage the enterprise switching and routing platforms on Junos OS. In the course of this practical exam, which goes on for about 8 hours, candidates are expected to create an enterprise network infrastructure which consists of multiple routers as well as switching devices. Candidates who are successful are expected to have performed system configurations on all the devices, configure features and protocols such as OSPF V2, IPV6, BGP, OSPF V3, MSDP, CoS, 802.1x, SSM, etc. The JNCIE-ENT will be valid for a period of two years and recertification will be achieved by clearing the present version on the JNCIP-ENT examination.
A brief overview of the course contents are:
- System Services and Security: System Services, Syslog, NTP, sFlow, configuration of archival, authorisation and authentication, PoE, securing on the control pane, stateless firewall configuration.
- Interfaces: Aggregated Ethernet, VRRP, implementation of interfaces, GRE tunnels, BFD, logical tunnel interfaces.
- Ethernet Switching: Multiple CIST, xSTP interoperability, Optimization, VLAN trunking and switching, Voice VLANs, Master determination, Layer 2 firewall filters, IP Telephony, Q-in-Q, etc.
- IGPs: Multi-area OSPF topologies, OSPF, BFD, Route selection process, redistribution, IPv6, filter and summarisation of routes, etc.
- BGP: Troubleshooting and implementation, route selection, 2 byte and 4 byte AS, BFD, routing policy.
- Protocol-Independent Routing: Hash key, load balancing, per flow, filter based forwarding, configuring of routes.
- Multicast: Shared tree and source tree, implementation of multicast, designated router, SSM, SSM Mapping, RPF table manipulation, RP redundancy.
- Class of service: Implementation, drop profiles, rewrite rules, loss priority, shaping and policing, BA and MF classification, scheduling.
Elite, coordinated items, including cutting edge firewalls, for securing networks, applications and access over the whole enterprise network.
In today’s mind boggling environment, if administration solutions are moderate, unintuitive, or confined in their level of granularity and control, network security management can turn out to be excessively tedious and inclined to mistake.
Junos Space Security Director gives security policy management through a natural, incorporated, electronic interface that offers requirement crosswise over rising and customary danger vectors. As an application on the Junos Space stage, Security Director gives broad security scale, granular strategy control, and policy broadness over the network. It helps administrators rapidly deal with all periods of security strategy life cycle for stateful firewall, security intelligence (utilizing danger encourages from Spotlight Secure cloud for insurance against Web application assaults, command and control related dangers, botnets, and local data feeds),unified threat management (UTM), intrusion prevention system (IPS), AppFW, VPN, and Network Address Translation (NAT).
The Juniper Networks Certification Program (JNCP) Junos Security certification track is a project that permits members to show capability with Juniper Networks technology. Effective applicants exhibit intensive comprehension of security innovation all in all and Junos programming for SRX Series gadgets.
Network administrators and security experts will figure out how to utilize SRX Junos administrations doors to address an array of enterprise data network requirements—including IP routing, intrusion detection, assault alleviation, unified threat management, and WAN acceleration. Junos® Security is a reasonable and nitty gritty guide to the SRX product offerings.
The JNCIS-SEC exam has been designed for networking professionals who are experienced and have intermediate knowledge when it comes to the Junos software from the Juniper Network. The examination, which is conducted in a written format, aims to verify the understanding of the candidate in terms of security technologies as well as related troubleshooting and platform configuration. The exam topics of JNCIS-SEC are based keeping in mind the content of training courses led by recommended instructors. The JNCIS-SEC certification carries a validity of two years following which students can get recertified by clearing the JNO-332 examination.
Overview of the course:
- Security Overview: Identification of general features. Concepts and functionality of the Junos OS security, Branch vs high end platforms, packet flow, Junos security architecture, packet based vs session based forwarding.
- Zones: Description of the benefits, operation and concept of zones, dependencies, zone types, transit packet behaviour, zone configuration steps, monitoring and troubleshooting, etc
- Security policies: Description of the benefits, operation and concept of security policies, types of policy, to the device traffic examination, policy components, re-matching, scheduling, ALGs, address books, monitoring, configuring and troubleshooting security policies, etc.
- Firewall user authentication: Description of the benefits, operation and concept of firewall user authentication, authentication server support, client groups, etc.
- Screens: Description of the benefits, operation and concept of screens, screen options, attack types and phases, screen configuration.
- NAT: Description of the benefits, operation and concept of NAT, NAT/PAT processing, NAT types, etc.
- IPSec VPNs: Description of the benefits, operation and concept of IPSec VPNs, IPSec tunnel establishment, Junos OS IPSec implementation options, etc.
- High Availability (HA) Clustering: Description of the benefits, operation and concept of HA, characteristics and features of HA, requirements and considerations of deployment, cluster modes, redundancy groups, real time objects, etc
- Unified Threat Management (UTM): Description of the benefits, operation and concept of UTM, licensing, packet flow, white-list vs blacklist etc.
The JNCIP examination has a course structure that includes:
- Application-Aware Security Services: Description of the operation, functionality and concepts of AppSecure, AppID, AppSecure traffic processing, AppFW, AppTrack, AppQoS, AppDos and monitoring, configuration and troubleshooting of various modules in AppSecure.
- Virtualisation: Description of the operation, functionality and concepts of the various components of virtualisation on the SRX Series Services Gateways, RIB groups, Logical systems, routing instances, Intra-LSYS as well as Inter-LSYS communication and demonstration of knowledge of monitoring, configuration and troubleshooting the various elements in terms of virtualisation.
- Advanced NAT: Description of the operation, functionality and concepts of NAT, destination NAT, NAT traffic processing, Static NAT, Persistent NAT, Source NAT, NAT traversal, double NAT, DNS doctoring, routing, IPv6 NAT (Carrier-grade NAT) – NAT64, NAT444, NAT46, DS-Lite, NAT and FBF, and demonstration of knowledge of monitoring, configuration and troubleshooting of advanced level of NAT implementations.
- Advanced IPSec VPNs: Description of the operation, functionality and concepts of the different IPSec VPN implementations, site to site VPN’s, Group VPN’s, VPNs and NAT, PKI for IPSec VPNs as well as VPNs and dynamic gateways. In addition to this a demonstration of knowledge of monitoring, configuration and troubleshooting of various advanced IPSec VPN implementations will also be sought from students.
- Intrusion Prevention: Description of the operation, functionality and concepts of Intrusion Prevention System in Junos for SRX Series Services Gateways, IPS rulebases and rules, IPS packet inspection process, attack detection based on signature, spoofing, flooding attacks, fingerprinting and reconnaissance scans, network settings, scan prevention, attack database etc.
- Transparent Mode: Description of the operation, functionality and concepts of the various transparent mode implementations, VLAN translation, High availability, IRB, spanning tree traffic processing, Layer 2 security, etc
- Troubleshooting: Demonstration of knowledge of troubleshooting Junos OS security issues, SNMP, Flow analysis, tracing, policy flow, show commands, packet capture.