JNCIE-ENT Blueprint opinions

open_portopen_port Member Posts: 8 ■□□□□□□□□□
I've mostly completed a project to match JNCIE-ENT blueprint topics to specific resources (i.e. documentation links, book & page numbers, etc). I've posted a public version on google docs, which anyone can view - JNCIE-ENT Blueprint Public.

There were a few topics that weren't very easy to interpret, so I couldn't really match them up to documentation. I was hoping to hear what other people think the following blueprint topics are asking for? Maybe I'm missing something obvious.


Brackets "[]" show where the topics in question reside in the blueprint, and parentheses "()" show my best guess.

[Ethernet Switching > Spanning Tree]
Multiple Topologies (MSTP instances??)
Optimization (MSTP/VSTP load balancing??)

[Ethernet Switching > Security Features]
MAC table filtering (allowed-mac? Layer 2 filter?)

[Protocol independent Routing > Filter-based forwarding]
Based on IFL (all inbound traffic on a specific interface?)


Thanks

Comments

  • AldurAldur Juniper Moderator Member Posts: 1,460
    I would assume that multiple topologies is referring to multi-topologies (see link below) but it would be odd to have that under the spanning tree. Since it's under spanning tree I'm supposing MSTP instances would make the most sense.

    Multitopology Routing Overview - Technical Documentation - Support - Juniper Networks

    As far as security features, check out the following doc, I'd recommend knowing all of those security features.

    Port Security Overview - Technical Documentation - Support - Juniper Networks

    Ahh good ol' FBF. That's makes me think about when my team created the Juniper JNCIE-ENT Bootcamp course, I created the FBF stuff in there. Definitely know how to configure FBF (lots of fun steps in there to remember) and the situations in which you should use it. And I would recommend that you know how to not only FBF all traffic that ingresses an interface, but know how to allow certain traffic to pass through, and into, the router normally, then FBF specific traffic that ingresses an interface. It's just as simple as configuring your firewall filter to do the job right.
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
  • open_portopen_port Member Posts: 8 ■□□□□□□□□□
    As usual, thanks for the reply Aldur!

    I read on the Juniper forum that Multi-topology routing has actually been removed from the ENT blueprint because it isn't supported on the SRX platform: MTR Support. I had printed an older copy of the blueprint, which still showed MTR, but I looked at the new blueprint and it has indeed been removed. So, that's one less thing to worry about.

    I'm glad to see that I wasn't missing something on the switching side. I figured they were just talking about multi-instance MSTP, but I wanted to hear others views on that.

    My blueprint resource list includes the document you pointed out regarding port security features, so I think I'll be covered there. I think the word 'table' in 'MAC table filtering' was what threw me a bit. I thought it may have been something more complex, like applying a policy to the forwarding-table (i.e. set forwarding-options family inet filter input). If I just need to know the basic port security features, then I have a good idea about what it means by 'MAC table filtering' now.

    Thanks again.
  • open_portopen_port Member Posts: 8 ■□□□□□□□□□
    I forgot to comment on fbf. It sounds like I was just over thinking that one as well. Fbf 'based on Layer 4' made sense, but I thought fbf 'based on ifl' may have been something tricky. Again, it sounds like I'm over-thinking this one.

    Thanks
  • AldurAldur Juniper Moderator Member Posts: 1,460
    Yeah, I wouldn't pay too much attention to the IFL thing on FBF, they probably more or less just wanted you to be able to put a firewall filter on a non-zero logical unit, such as an interface that has VLAN tagging on it.
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
Sign In or Register to comment.