So as many of you will know, I am pretty savvy when it comes to DCV but when it comes to networking in general and especially networking virtualization…I am a rookie.
I missed the NSX-V train, it passed me by while I was working on other things and with NSX-T being quite new…I thought now is as good of a time as any to get on board!
Networking has always been a weak point of mine, and my goal is to change that. I don’t intend to become the next CCIE or anything like that, but I want to become a more rounded consultant and just have a good solid level of understanding in different areas.
I booked myself on the NSX-T 2.4 ICM course and before I attended, I deployed v2.4 in my lab. I followed :
HOW TO BUILD A NESTED NSX-T 2.3 LAB TECHNICAL WHITE PAPER -FEBRUARY 2019 by Jim Streit
This was great, he had gone into great detail in setting it up, the only problem was that in v2.4 there had been a massive overhaul of the UI and various other bits. So I spent plenty of time fumbling around and asking members of the community for help, to help me navigate through the changes.
It got to the point where I was tempted to deploy v2.3 just to make my life easier! One of the things I have learnt over the years is when I learn by working it out and having a go myself, it will stick in my brain, so I kept going with v2.4 till I had it up and running!
This put me in a much better place for the NSX-T v2.4 ICM course. I have to say it was one of the best courses I have been on in a very long time. The instructor was great and very very knowledgable and the other people on the course had a vast amount of knowledge, I can say without a doubt I was the least skilled networking guy there! It was great, I asked lots and lots of questions and discussed various topics and drew lots of diagrams.
If I hadn’t have deployed it in my lab first, I would have found the ICM course much more difficult.
The ICM didn’t go much into the troubleshooting side of things, I mean there is another course for that so that makes sense. But myself and a couple of guys discussed and tried out various failure scenarios just to see what would happen. You can read my other blog posts for that info 🙂
After the course I spent a lot of time just fiddling with NSX-T watching VMworld videos and asking other people with more networking knowledge than me, to help me break down different aspects.
I have learnt so much about networking, but I know I have only scratched the surface and the exam showed me that too
When the NSX-T VCP came out, I had been waiting for it to drop for a while. As my plan was to take it and see how I faired. So I booked it and then knuckled down and studied quite a bit.
I used my ICM notes and the online book you are given during the course and the v2.3 Troubleshooting Guide and just some fiddling around in the lab.
I failed my first attempt, not by much but still, it wasn’t a pass! When I walked out of there, I made notes on areas I wasn’t as sure of as I should have been and then went on holiday for 2 weeks!
The exam for the most part was pretty fair, there were a few questions which had me scratching my head simply because I couldn’t see why I would have to memorise that for the exam when a simple google would give me that info on the fly when needed. Also what I will say is that the majority of questions were totally fair, and even with the ones that made me wonder why they were in there, there wasn’t enough of them to cost me the pass. If I had known my stuff properly I would have passed regardless, I am sure of it!
When I got back from holiday I booked the exam again, I knew if I didn’t, I probably wouldnt get around to it anytime soon, and all that effort I had put in would have gone to waste.
I then looked at my weak areas, from the score report and from my own notes. When I started studying the areas I was weak on, I realised that I had the answers one way or another and I was close in some areas but just fell short. I had followed the blueprint, but as much as I like the blueprint, nothing can prepare you than actually doing it and seeing where you stand. There was a stronger focus on areas I hadn’t put as much focus into and that had cost me the pass.
Basic Things to Know
You have to know your CLIs (NSX, KVM, ESXCLI)
You have to know how to manage a KVM instance and work with it
You have to know all the core things about NSX-T
You have to know all the services (VPN, NAT, DFW, Edge FW etc)
You have to know how to troubleshoot and take backups and how to restore
Know how network traffic flows in a multi-tier environment
I have a nasty habit of speeding through an exam, on my first go I was done in about 40 mins flat and for the first time I think that aided in my failing.
So the 2nd time I was much more prepared, worked on my weak areas and made sure I was still up to speed on the areas I was good in and went at it again.
I took it much slower this time, and read and re-read every question, and behold, some of the wording you needed to fully grasp as the answer could change based upon it.
I PASSED on my 2nd go…..but only just, which as great as it was…it showed me that I still have much learn!
Some Test Questions
Chris Noon ( @UltTransformer ) for a few days before would randomly sending me made up questions to get me in the right frame of mind:
I want to list the currently deployed managers from the NSX Manager CLI, what command do I use?
A) get managers status
B) get managers list
C) list managers
D) get managers
E) list manager status
I am on the CLI of an NSX Edge and I want to check the health status of a specific load balancer. Which command should I use?
A) get load balancer
B) get load-balancer
C) show load balancer status
D) show load-balancer
E) get load-balancer status
Which VPN types are supported by NSX-T? select all that apply
A) SSL
B) MPLS
C) IPSEC
D) Layer 2 VPN
E) Layer 7 VPN
A customer has installed and configured a Web server which sits behind a T0 Gateway. They now want users on the internet to reach this webserver. How would this be accomplished?
A) SNAT
B) PNAT
C) DNAT
D) NAT Overload
A customer has a virtual environment, but their ass clown DB dept has refused to virtualize the Db. Now we need our VM’s on our logical switch to communicate with the physical Db on the local segment. What is the best way to accomplish this?
A) Route from the T1 to the physical Db subnet.
B) Connect the Db directly to the logical switch.
C) Use a gateway to bridge the logical switch to the VLAN.
D) Use the dark arts and summon a god.
A tier 0 gateway peers with the network departments nexus 9k using BGP. Currently, on a failure, there is a 180 second failover time because of BGP standards. what can be used to speed up failover?
A) BFD
B) LLDP
C) IP SLA
D) CDP
VM A sits on logical segment 10000.
VM B sites on logical segment 10001.
Segment 10000 and 10001 both connect yo the same T1.
The T1 has both the SR and a DR enabled.
VM A sits on host X.
VM B sits on host Y.
What is the traffic path (i.e. how is the traffic switched and routed and on what host do these actions take place)?
DRAW IT OUT
A customer wants to send encrypted traffic between 2 sites. The traffic must be routed. What NSX-T technology should be used?
A) MPLS
B) Layer 2 VPN
C) SSL VPN
D) IPSEC VPN
An NSX-T environment is already configured and working for a client. It consists on 2 x Edge Nodes in a cluster, configured to be active/active with all the logical switches latched onto the tier 0.
The customer now needs to load balance traffic, what is needed?
A) Add load balancing to the tier 0 Edges.
B) Change the tier 0 Edges to be active/standby and then config load balancing.
C) Deploy a tier 1 G/W and configure load balancing.
D) Change the tier 0 Edges to be active/standby and deploy a tier 1 to handle load balancing.
Paul Bryants Blog
Paul Bryant ( @emcpebryant ) has a couple of good blog posts on his experiences too and on NSX-T in general, which I found very helpful:
My journey into networking continues
Leave a Reply