One of the things I like the most about the Juniper certification process is how straight-forward it is. You take a test that covers a clearly defined subject area and at the end of it, if you pass, you have a new certification. Simple and clean. However, this is also one of the more frustrating parts of their certification process. A single test means that for any one test, questions can come from a wide range of topics of varying complexity.
Currently, I am working on obtaining my Juniper Networks Certified Internet Specialist for Enterprise Routing and Switching (or JNCIS-ENT) credential. As the title would suggest, this test focuses on mainline routing and switching concepts in the Juniper universe. There is nothing particularly surprising in the testing objectives. However, as anyone who has worked in the networking field for a few years can tell you–switching and routing are huge topics by themselves. Combining them only makes for a larger pool of possible test questions.
To demonstrate the wide range of possible topics, let me compare the official Juniper study resources and guides for the JNCIA and the JNCIS-ENT. First, the JNCIA is based on content from two days of class (IJOS and JRE). The JNCIS-ENT is based on content from four days of class (JIR and JEX, both two days long). The officially sanctioned study guides available for download from the Juniper certification site are about three times as big for the JNCIS-ENT compared to the JNCIA. Having said all that, let me also say that this is a fun certification to get. This is the certification where you really learn how Junos OS works and begin to make it do some really cool things.
I’ll post a future article about my general studying methodology as well as a handful of Juniper-specific resources that I regularly use during my prep. For now, let’s talk about hardware…
To prep for this exam (as well as upcoming exams for my JNCIP and other JNCIS level certs) I have begun to build my own home Juniper lab. I am lucky enough to be working with a Juniper certified training partner (Dynamic Worldwide Training Consultants) so I have been able to attend both the JIR and JEX in-person multiple times. This is great because I do not have the same full set of features in my home lab that are available in their incredible classroom lab environment.
However, here is what my current home lab looks like:
My fledgling Juniper certification home hardware lab
(1) – SRX 210HE-POE
(1) – SRX 210H
(2) – 5-port unmanaged 10/100/1000 switches
(1) – 4-port 10/100 hub
Because of the ability to create virtual routers in Junos OS, I am able to simulate a much more complex routing environment with only these two SRX devices. In addition, I will be adding (2) layer-2 Cisco switches (2950s) and (2) layer-3 Cisco switches (3550s) and an SRX 100H. I cannot afford even a cheap Juniper EX2200 right now (about $800-$900 a piece)–but I’ll need to buy at least two so I can build a virtual chassis environment in the future. Including the cost of power strips and some low-end racking hardware (in transit), I am probably at about $1150 spent. This is a slight problem as I only agreed to spend about $1000 when discussing this budget with my wife!
As I have already hinted at, this is not a perfect learning environment. However, it does provide me with the ability to cover about 90% of the topics covered on the JNCIS-ENT. The only area I have some real problems with is the High Availability subjects. I will not be able to create and configure a virtual chassis (as this is not supported on the SRX line) nor will I be able to cluster my SRX boxes (because you need identical hardware). However, the SRX clusters are not a part of this exam and the VC stuff is pretty straight-forward, once you get your arms around it. So just about everything else is fair game!
Are you wondering what I use the cheap little 5-port switches for? Well, since I currently have no way of extending a router segment (i.e. no managed layer-2 device), I use these $15 switches to simulate a VLAN segment on a larger switch. I could use my SRX for this purpose, but if all I need is an extra port or two, this is a quick and easy fix. Of course I cannot see any bpdu’s when I use the switches this way (because there are no real layer-2 protocols operating on these devices), but it works for now. Besides, I’m a switch guy at heart. I get switching. I need to practice my routing skills much more.
…and, of course you have realized that I use the 10/100 hub as a network tap/sniffer, right? Additionally, I have installed four network cards in my testlab PC (different from my working or office PC) and made sure that Windows is not routing packets internally between the NICs. This allows me to simulate the behavior of multiple hosts on separate network segments.
Some things to know about the SRX devices.
Juniper struck gold with the SRX product line. I haven’t seen it anywhere official, but I have heard it said that SRX is short for Security/Router/Switch(as in EX). These little devices are like magic. Out of the box, they are firewall devices. As firewalls, they are quite powerful and can support unified threat management features such as IPS, antivirus, http content checks, and more. However, you can turn off the stateful inspection features, and operate them as routers or a layer-3 switch. As routers, they support routing instances (i.e. virtual routers) among the other standard Juno OS routing feature set. As a switch, they behave very similar to the EX line. However, you must have a SRX240 or higher to get line speed switching–but for a lab environment this is not a problem.
Pick up a used SRX210 on eBay for a great value for the budget conscious Juniper lab. You’ll spend between $250 to $500 depending on when you buy, what you buy and how you buy it. A used SRX100 will cost you between $150 and $300. Just be sure to check the fine print. My SRX210HE did not include a power supply. I missed this detail and it cost me an extra $85. I could have easily purchased a whole unit from another seller for less than the combined cost of the two products separate. Don’t worry too much about the version of software when you purchase. Remember that once you register with the Juniper support site and enroll your hardware (with its serial number), you can download the latest version of the Junos OS for installation on to your device at no additional cost.
Links:
Reset to Factory Default 
Reblogged this on Imtech ICT UK Blog.
Nice article!
Thanks! I’m currently working on an update to this post since I have received all my hardware. I’ll also post some configuration and topology possibilities. Considering the premium for Juniper hardware, I am pretty excited about the use cases and configuration options for this lab at just around $1200.