3V0-25.25 Study Plan — Advanced VMware Cloud Foundation (VCF) Networking

This 4-week plan ramps you from network fundamentals and VCF/NSX component clarity (Week 1), into scenario-driven design decisions and multi-site reasoning (Week 2), then hands-on configuration logic across gateways/segments/VPC/tenancy/services (Week 3), and finishes with structured troubleshooting, optimization, and full practice loops (Week 4) while continuously revisiting the same Parent/Child objectives via spaced review and short “packet-walk” writeups.

Daily workload: 4 pomodoros on study days (25 minutes focus + 5 minutes break).
Pomodoro rule: one micro-deliverable per pomodoro (diagram, checklist, flashcards, or a short written answer).
Micro-task mapping: 1 = read/annotate, 2 = diagram/teach-back, 3 = apply to a scenario, 4 = review + fix weak spots.
Spaced review: every day includes a 10–15 minute recall pass of notes from Day 1, Day 3, and Day 7 equivalents.

Week 1 — Foundations and Architecture Baselines

Week 1 Theme

Build a “traffic-path-first” mental model for VCF networking and NSX: underlay vs overlay, component roles, where routing and enforcement happen, and how to explain a packet walk clearly in a few lines.

Day 1 — Exam Map and Underlay/Overlay Mental Model

Study Content

• Read the Base chapters for IT Architectures, Technologies, Standards and VMware Products and Solutions; highlight “underlay vs overlay” and “intent vs forwarding” language.

• Write a one-page glossary: underlay, overlay, TEP, segment, Tier-0, Tier-1, Edge, north-south, east-west.

• Create a single reference diagram: workload → segment → Tier-1 → Tier-0 → edge uplink → physical network.

• Note 5 symptom keywords and the likely layer (MTU, asymmetric routing, selective host impact, north-south only, intermittent).

Tasks

Task 1: (1 pomodoro) Build your exam objective map

Create a checklist of the five Parent domains and their Children as headings in your notes.
Deliverable: a structured outline page titled “3V0-25.25 Objectives Map”; Verification: you can point to where you will write notes for each objective.

Task 2: (1 pomodoro) Draw the “two-worlds” model (intent vs forwarding)

Sketch a diagram separating control/management intent from data-plane forwarding.
Deliverable: one annotated diagram; Verification: you can explain in 60 seconds why “configured” can differ from “realized.”

Task 3: (1 pomodoro) Write a 6-line packet-walk for a simple flow

Choose a sample flow (VM on Segment A to Internet) and write the hop sequence and decision point per hop.
Deliverable: a 6-line packet-walk script; Verification: each hop includes one “what I’d check” cue.

Task 4: (15 minutes) Spaced review (Day 1 seed)

Do recall-only review of your glossary without looking, then check and correct.
Deliverable: corrected glossary; Verification: you can define all terms in one sentence each.

Day 2 — Standard Architectures, ECMP, and Path Predictability

Study Content

• Re-read the Deep “underlay architecture choices” and extract the differences between CDA and spine-leaf in one paragraph.

• Build an “ECMP/HA symptom” mini-table: what changes, what breaks, what to check.

• Add 3 examples of asymmetric routing impacts on stateful services (NAT/firewall/service insertion).

• Practice writing “best next step” answers that start with blast radius and a proof test.

Tasks

Task 1: (1 pomodoro) Create a CDA vs spine-leaf comparison card

Write a concise comparison focused on overlay constraints and path predictability.
Deliverable: one comparison card; Verification: it includes at least two operational implications and one exam-style symptom.

Task 2: (1 pomodoro) Build an ECMP/HA troubleshooting cue sheet

List 6 cues that point to ECMP hashing or HA failover as the cause.
Deliverable: a one-page cue sheet; Verification: each cue maps to a first proof test (what to check first).

Task 3: (1 pomodoro) Scenario drill: “sessions drop after failover”

Write a short answer explaining why stateful services can break and what design assumption is violated.
Deliverable: a 8–10 sentence mini-essay; Verification: it explicitly mentions return-path symmetry and enforcement point.

Task 4: (15 minutes) Spaced review (Day 1)

Recall the packet-walk hop sequence from Day 1 and rewrite it from memory, then compare.
Deliverable: revised packet-walk; Verification: fewer than two missing hops or missing proof cues.

Day 3 — Virtual Network Concepts: Tunnels, MTU, Selective Failures

Study Content

• Re-read the Deep overlay section and extract “selective failure” patterns (some hosts/large payloads/intermittent).

• Add MTU reasoning to your diagram: where encapsulation overhead matters and what symptoms it creates.

• Create a “working vs broken VM comparison checklist” (placement, segment, policy scope, transport readiness).

• Write two short examples of “ping works but app fails” and what you suspect first.

Tasks

Task 1: (1 pomodoro) Build the selective-failure checklist

Create a comparison checklist you can apply in 60 seconds to two VMs (working vs broken).
Deliverable: a checklist page; Verification: it has at least 10 items and starts with placement and transport readiness.

Task 2: (1 pomodoro) MTU quick reasoning exercise

Write a short note explaining why overlays can fail for large packets and what you’d test first.
Deliverable: a 6–8 sentence note; Verification: it includes “symptom → hypothesis → proof test.”

Task 3: (1 pomodoro) Packet-walk drill: “only some hosts can reach Segment B”

Write a packet-walk that prioritizes transport/TEP/MTU before changing policies.
Deliverable: a packet-walk answer; Verification: your first two checks are not “edit firewall rules.”

Task 4: (15 minutes) Spaced review (Day 2)

Recall your ECMP/HA cue sheet and rewrite the top 4 cues from memory, then correct.
Deliverable: updated cue sheet; Verification: you can explain each cue in one sentence.

Day 4 — VCF Portfolio Interaction and NSX Component Roles

Study Content

• Re-read the Deep portfolio interaction model (build/lifecycle/operate) and summarize it in 5 bullets.

• Create a role-based inventory: management/control plane vs data plane vs attachment (Edge) vs logical objects.

• Map symptom shapes to component classes (telemetry missing, north-south broken, tenant scope leak, selective host failures).

• Practice choosing the “minimum tool view” that proves the top hypothesis.

Tasks

Task 1: (1 pomodoro) Build the role-based component inventory sheet

Create a table with columns: component class, role, top failure signature, first proof test.
Deliverable: one-page table; Verification: it covers at least 6 component classes and includes a proof test for each.

Task 2: (1 pomodoro) Create a symptom-to-tool start matrix

Write a quick matrix: systemic vs local, forwarding vs visibility, deterministic vs intermittent → starting lens.
Deliverable: one matrix page; Verification: each branch names one proof test and one “don’t-do-first” trap.

Task 3: (1 pomodoro) Scenario drill: “green health but users report drops”

Write a best-next-step response distinguishing datapath vs visibility chain failure.
Deliverable: a structured answer (hypothesis → proof test → tool); Verification: it explicitly proves traffic before blaming policy.

Task 4: (15 minutes) Spaced review (Day 1 & Day 3)

Recall your glossary and selective-failure checklist without looking; then correct gaps.
Deliverable: corrected glossary/checklist; Verification: fewer than three missing definitions or checklist items.

Day 5 — NSX Architecture Explanation: Enforcement Points and Design Justification

Study Content

• Re-read the Deep architecture map: segments, Tier-1, Tier-0, edges, and enforcement points.

• Create a one-page “where is the decision made?” guide (switching vs routing vs policy vs services).

• Write three mini-answers that justify centralized vs distributed choices from a scenario.

• Add multi-tenant scoping cues: VPC/projects/tenancy boundaries and “correct rule, wrong scope.”

Tasks

Task 1: (1 pomodoro) Build the enforcement-point guide

Write a guide listing the first decision point for common symptoms (can’t reach gateway, inter-segment broken, external broken, intermittent).
Deliverable: one-page guide; Verification: each symptom maps to a likely boundary and a proof cue.

Task 2: (1 pomodoro) Centralized vs distributed decision drill

Pick a scenario emphasizing strict egress control and write the design choice + failure mode avoided.
Deliverable: a short design justification; Verification: it mentions hairpin/bottleneck risk or symmetry/stateful risk explicitly.

Task 3: (1 pomodoro) Multi-tenant scoping drill

Write a response to “Tenant A can’t reach shared services” that separates permissions, scope, and forwarding.
Deliverable: a structured answer; Verification: it includes at least one scope validation step.

Task 4: (15 minutes) Spaced review (Day 2 & Day 4)

Recall your tool-selection matrix and ECMP/HA cues; then correct from notes.
Deliverable: updated matrix; Verification: you can apply it to a new symptom in under 60 seconds.

Day 6 — Build-Order Dependencies and Milestone Validation (Preview of Deployment Domain)

Study Content

• Review the dependency chain: Edge readiness → Tier-0 → Tier-1 → segments; add a “what fails if missing” note per step.

• Read the Deep milestone approach for federation and summarize the “partial publish” failure class.

• Draft a minimal “post-step validation” checklist for each major object type (edge cluster, Tier-0, Tier-1, segment).

• Do one end-to-end scenario writeup: “internal works, external fails.”

Tasks

Task 1: (1 pomodoro) Dependency chain flashcards

Create 8 flashcards: each card is “object → prerequisites → one proof test.”
Deliverable: 8 flashcards; Verification: you can answer each card without looking at notes.

Task 2: (1 pomodoro) Federation milestone checklist

Write the five milestones and one minimal proof test per milestone.
Deliverable: a milestone checklist; Verification: it includes at least one trust/identity check and one publication/realization check.

Task 3: (1 pomodoro) Scenario writeup: north-south failure

Write a triage sequence segment → Tier-1 → Tier-0 → edge/uplink with one proof test per boundary.
Deliverable: a boundary-ordered triage script; Verification: the sequence targets the earliest boundary first.

Task 4: (15 minutes) Spaced review (Day 5)

Recall the enforcement-point guide and rewrite the top 4 symptom mappings from memory.
Deliverable: updated guide; Verification: mappings are consistent with your packet-walk method.

Day 7 — Weekly Consolidation and Mini-Practice

Study Content

• Consolidate Week 1 notes into three artifacts: one diagram, one checklist pack, one “top traps” page.

• Do a self-quiz: 10 short prompts (component role, likely layer, first proof test).

• Rewrite one “best next step” answer for each of these: selective host failure, north-south down, intermittent after failover, telemetry missing.

• Identify 3 weakest areas and schedule them as the first review tasks in Week 2.

Tasks

Task 1: (1 pomodoro) Create your Week 1 one-page cheat sheet

Compress the week into: traffic path, decision points, top 10 proof tests, top 5 traps.
Deliverable: one-page cheat sheet; Verification: you can answer 5 random prompts using only this sheet.

Task 2: (1 pomodoro) Mini-practice set (self-authored)

Write 10 short scenario prompts and answer each in 2–3 lines (hypothesis → proof test → tool).
Deliverable: 10 Q&A lines; Verification: each answer includes a proof test and does not jump to deep logs first.

Task 3: (1 pomodoro) Teach-back recording or written teach-back

Explain the underlay/overlay contract and packet-walk method as if teaching a colleague.
Deliverable: a 3–5 minute recording outline or a 250–350 word teach-back; Verification: it includes one example symptom and your first proof test.

Task 4: (15 minutes) Spaced review (Week wrap)

Review all flashcards from Days 1–6, mark misses, and write a “fix list” of 3 items.
Deliverable: fix list; Verification: each fix item includes a concrete action you will do in Week 2.

---

Week 2 — Scenario-Driven Design and Multi-site Decisions

Week 2 Theme

Turn architecture knowledge into confident scenario decisions: centralized vs distributed connectivity, multi-site intent vs site-local reality, fleet standardization choices, and clear justifications that predict the failure mode you’re avoiding.

Day 1 — Centralized vs Distributed: Decision Matrix You Can Reuse

Study Content

• Build a one-page decision matrix mapping requirements (east-west heavy, strict egress control, stateful services, scale) to a recommended connectivity pattern.

• Write 3 “wrong design → expected symptom” pairs (hairpin bottleneck, asymmetric return path, unexpected enforcement point).

• Practice a short justification template: requirement → design choice → path explanation → failure mode avoided.

• Do a micro packet-walk for both designs (same app) and compare hops.

Tasks

Task 1: (1 pomodoro) Create the centralized vs distributed decision matrix

Draft your matrix with at least 6 requirement rows and a “recommended pattern” column.
Deliverable: one-page matrix; Verification: you can apply it to a new scenario in under 90 seconds.

Task 2: (1 pomodoro) Write 3 “trap-to-symptom” flashcards

Each card should describe a trap (hairpin, misplaced enforcement, stateful asymmetry) and the symptom it causes.
Deliverable: 3 flashcards; Verification: each includes one proof test you’d do first.

Task 3: (1 pomodoro) Scenario drill: strict egress + low east-west latency

Write a structured answer choosing a design and explaining how you preserve east-west efficiency while enforcing egress control.
Deliverable: 10–12 sentence answer; Verification: it includes an explicit traffic path and enforcement point.

Task 4: (15 minutes) Spaced review (Week 1 Day 5)

Recall your enforcement-point guide from memory, then correct from notes.
Deliverable: corrected guide; Verification: at least 4 symptom mappings include a proof cue.

Day 2 — Multi-site Foundations: Shared Intent vs Site-Local Reality

Study Content

• Write a “shared vs local” list: what must be consistent across sites vs what must remain site-local (uplinks, external routing, failure boundaries).

• Add a trust/identity checklist for multi-site (DNS, time sync, certificate identity alignment) and why it matters for policy publication.

• Draft 2 failure-mode narratives: inter-site link degradation vs site isolation (what stays up, what degrades).

• Practice describing the “partial publication” class and what you would validate first.

Tasks

Task 1: (1 pomodoro) Build the multi-site shared-vs-local worksheet

Create two columns: Shared intent and Site-local dependencies, with at least 8 items each.
Deliverable: worksheet page; Verification: each item includes a one-line “why it matters” note.

Task 2: (1 pomodoro) Trust/identity checklist for multi-site registration and policy sync

Write a checklist focused on DNS resolution consistency, time sync, and certificate identity alignment.
Deliverable: checklist page; Verification: includes one example of how a mismatch looks (symptom wording).

Task 3: (1 pomodoro) Scenario drill: policy sync inconsistent across sites

Write a best-next-step answer (hypothesis → proof test → tool lens) that treats it as a publication/realization boundary first.
Deliverable: structured answer; Verification: it names a milestone and a minimal proof test.

Task 4: (15 minutes) Spaced review (Week 1 Day 6)

Recall your federation milestone checklist and rewrite it from memory, then correct.
Deliverable: corrected milestone list; Verification: each milestone has exactly one proof test line.

Day 3 — Fleet Design: Standard Blueprints, Drift, and Observability Invariants

Study Content

• Define 6 “fleet invariants” (topology template, naming, baseline segmentation posture, lifecycle validation points, observability signals).

• Write 3 “allowed deviations” examples and how you keep them safe (IP space, edge sizing, uplink details).

• Create an “observability invariant” page: what signals prove platform health vs NSX health vs flow correctness.

• Practice answering: “Why does standardization reduce troubleshooting time?”

Tasks

Task 1: (1 pomodoro) Draft your fleet invariants list

Write 6 invariants and tie each to a concrete operator action (what you validate and when).
Deliverable: invariants page; Verification: each invariant includes a validation cue (what you’d check).

Task 2: (1 pomodoro) Create a drift detection checklist

List 10 drift risks (naming inconsistency, policy scope mismatch, mixed routing patterns, uneven upgrades) and how you detect them.
Deliverable: checklist; Verification: at least 5 items mention a specific comparison method (known-good domain vs affected).

Task 3: (1 pomodoro) Scenario drill: “same requirements, different outcomes across domains”

Write a short design recommendation emphasizing standard blueprints and observability invariants.
Deliverable: 8–10 sentence recommendation; Verification: includes “what changes” + “what it prevents” + “what to validate.”

Task 4: (15 minutes) Spaced review (Week 1 Day 4)

Recall your role-based component inventory without looking, then fix gaps.
Deliverable: updated inventory sheet; Verification: each component class has a first proof test.

Day 4 — Multi-tenant Design: VPC, Projects, and Tenancy Boundaries

Study Content

• Write a three-layer tenancy safety model: ownership (RBAC), visibility (scope), data-plane (routing/policy boundaries).

• Create 3 common scoping mistakes and their symptoms (tenant can’t reach shared services, tenant impacts others, correct rule wrong scope).

• Draft a “shared services access pattern” note: how you permit it without breaking isolation.

• Practice a scenario answer separating permissions vs scope vs forwarding.

Tasks

Task 1: (1 pomodoro) Build the tenancy safety model one-pager

Write the three layers and list at least 4 checks per layer.
Deliverable: one-page model; Verification: you can map any tenancy symptom to one of the three layers first.

Task 2: (1 pomodoro) Scenario drill: “Tenant A can’t reach shared services”

Write a stepwise answer: confirm design allows path, validate scope/ownership, then validate forwarding/policy.
Deliverable: structured answer; Verification: includes at least one scope validation and one packet-walk boundary.

Task 3: (1 pomodoro) Create 5 scoping-trap flashcards

Each card states a scoping mistake and the first proof test.
Deliverable: 5 flashcards; Verification: each proof test is not “change firewall rules” as step one.

Task 4: (15 minutes) Spaced review (Week 2 Day 1)

Recall your centralized vs distributed matrix and re-apply it to a fresh scenario prompt.
Deliverable: one new filled-in scenario decision; Verification: includes a predicted wrong-design symptom.

Day 5 — Stateful Services and Design Assumptions (Symmetry, Placement, Return Paths)

Study Content

• Write a short “symmetry is an invariant” explanation for NAT/stateful firewall/service insertion.

• Create a path-variability page: how ECMP/HA changes return paths and why that breaks state.

• Draft 2 design choices that improve predictability (clear boundary, controlled egress, avoid unintended hairpin).

• Practice a scenario: “works until failover,” and answer with a design correction, not just rule edits.

Tasks

Task 1: (1 pomodoro) Build the symmetry and state cheat sheet

Write 8 bullets: 4 “why symmetry matters,” 4 “how to test symmetry assumptions.”
Deliverable: cheat sheet; Verification: includes one decisive proof cue for asymmetry.

Task 2: (1 pomodoro) Scenario drill: sessions drop after failover

Write a design-focused answer: what assumption failed, what you would change, what you’d validate afterward.
Deliverable: 10–12 sentence answer; Verification: includes “design change” + “failure mode prevented” + “validation step.”

Task 3: (1 pomodoro) Create a return-path variability checklist

List 8 triggers (ECMP hashing, HA failover, upstream route change, congestion) and one test for each.
Deliverable: checklist; Verification: each trigger has a measurable verification cue.

Task 4: (15 minutes) Spaced review (Week 1 Day 2)

Recall your ECMP/HA cue sheet and rewrite top 6 cues from memory, then correct.
Deliverable: updated cue sheet; Verification: each cue maps to a first proof test.

Day 6 — Multi-site Scenarios: Failure Boundaries and “What Stays Up”

Study Content

• Write two site-failure narratives: inter-site degradation vs site isolation, and what services remain local.

• Add a “local-first validation” flow for multi-site issues: prove local connectivity, then inter-site, then shared-control assumptions.

• Practice the “partial publication” pattern: distinguish control/intent issues from datapath issues.

• Do one full scenario writeup that includes trust/identity checks as a design dependency.

Tasks

Task 1: (1 pomodoro) Write the two failure-boundary narratives

Each narrative should be 8–10 sentences describing expected behavior and operator signals.
Deliverable: two narratives; Verification: each includes at least two “what you would observe” cues.

Task 2: (1 pomodoro) Build the local-first validation flow

Create a step list: local datapath proof → inter-site proof → shared-control/trust proof.
Deliverable: validation flow; Verification: it includes one proof test per step and a tool lens choice.

Task 3: (1 pomodoro) Scenario drill: “only Site B affected after certificate rotation”

Write a best-next-step response focusing on identity/trust alignment and site-local validation.
Deliverable: structured answer; Verification: names a trust dependency and a minimal validation test.

Task 4: (15 minutes) Spaced review (Week 2 Day 2)

Recall your shared-vs-local worksheet from memory and fill missing items, then correct.
Deliverable: updated worksheet; Verification: at least 12 total items per column.

Day 7 — Weekly Consolidation: 4 Full Design Writeups + Self-Scoring Rubric

Study Content

• Write 4 full scenario responses (centralized vs distributed, multi-site design, fleet standardization, tenancy boundary).

• Build a self-scoring rubric: path clarity, enforcement point clarity, predicted failure mode avoided, and one proof test.

• Identify your top 3 recurring mistakes and write a “counter-habit” for each.

• Schedule Week 3 with your weakest build/config topics first (edge, Tier-0/Tier-1, segments, VPC/tenancy, stateful services).

Tasks

Task 1: (1 pomodoro) Produce 4 scenario writeups (timed)

Write each in 8–12 sentences using the same template (requirements → design → path → failure avoided → validation).
Deliverable: 4 writeups; Verification: each includes an enforcement point and a validation step.

Task 2: (1 pomodoro) Create your self-scoring rubric

Define 5 scoring criteria and score your 4 writeups; note one improvement per writeup.
Deliverable: rubric + scores; Verification: you can explain why each writeup earned its score.

Task 3: (1 pomodoro) “Counter-habit” plan for your top 3 mistakes

For each mistake, write a replacement behavior you will do in Week 3 (for example, “prove blast radius first”).
Deliverable: counter-habit list; Verification: each includes a trigger phrase and an action.

Task 4: (15 minutes) Spaced review (Week wrap)

Review Week 1 cheat sheet + Week 2 decision matrix + tenancy model; mark 5 flashcards you missed and rewrite them.
Deliverable: corrected flashcards; Verification: you can answer all 5 without notes.

---

Week 3 — Deployment, Configuration, Tenancy, and Services

Week 3 Theme

Convert design intent into build-order accuracy: confidently identify the correct NSX object for a scenario, deploy prerequisites in dependency-safe order (edge readiness → Tier-0 → Tier-1 → segments/VPC), and explain why a given configuration will or will not be realized in the dataplane—using short validation checkpoints after each step.

Day 1 — Build-Order Mastery: Edge Readiness to North-South Baseline

Study Content

• Re-read your dependency chain notes (Edge readiness → Tier-0 → Tier-1 → segments) and add “what fails if missing” for each link.

• Create an edge readiness checklist focused on uplinks, MTU consistency, and upstream reachability assumptions.

• Write a “north-south baseline test” script (what you prove first, second, third) without relying on deep logs.

• Draft two short scenario answers: “Tier-0 created but external unreachable” and “north-south intermittent under load.”

Tasks

Task 1: (1 pomodoro) Produce the Edge Readiness Checklist v1

Write 12–15 checklist items grouped into: uplinks/routing, MTU/transport, capacity/HA.
Deliverable: a one-page checklist; Verification: you can apply it to a scenario and pick your first 3 validation steps.

Task 2: (1 pomodoro) Create a Tier-0 baseline validation script

Write a 6–8 line boundary-ordered proof sequence for external connectivity (Tier-0 intent → edge/uplink → upstream return).
Deliverable: a short script; Verification: each line contains one proof cue (expected observation).

Task 3: (1 pomodoro) Scenario drill: “Tier-0 exists, but only some subnets reach Internet”

Answer with a hypothesis-first approach (placement/edge readiness vs routing intent vs stateful asymmetry).
Deliverable: 10–12 sentence answer; Verification: you include one comparison test (known-good vs broken scope).

Task 4: (15 minutes) Spaced review (Week 2 Day 5)

Recall the symmetry/state cheat sheet and rewrite 6 bullets from memory, then correct.
Deliverable: corrected cheat sheet; Verification: at least 3 bullets are actionable tests (not definitions).

Day 2 — Segments and Tier-1: Attachment, Realization, and “First Broken Boundary”

Study Content

• Write the minimal steps to create a logical segment and attach it correctly in a routed design.

• Build a Tier-1 “intent checklist”: upstream connectivity, default route behavior, and route advertisement expectations.

• Create a quick triage for “can’t reach gateway” that distinguishes segment/attachment vs transport/realization vs policy.

• Draft two packet-walk answers: “new segment DHCP fails” and “inter-segment routing one-way.”

Tasks

Task 1: (1 pomodoro) Segment creation quick sheet

List the minimum attributes and dependencies for a functional segment in your target designs (gateway attachment, IP plan, basic services expectations).
Deliverable: one-page quick sheet; Verification: it contains at least 3 fast proof tests (gateway reachability, IP assignment, known-good compare).

Task 2: (1 pomodoro) Tier-1 intent and validation checklist

Write 10 checklist lines that prove Tier-1 routing intent is realized (segment-to-segment, upstream behavior, default route).
Deliverable: a checklist; Verification: each line includes an expected result and what it implies.

Task 3: (1 pomodoro) Scenario drill: “inter-segment routing fails only in one direction”

Write a boundary-first triage (segment → Tier-1 → policy/services) and identify the earliest likely break.
Deliverable: a structured answer; Verification: you name the first broken boundary and one decisive proof test.

Task 4: (15 minutes) Spaced review (Week 1 Day 3)

Recall the selective-failure checklist and rewrite the top 8 items from memory, then correct.
Deliverable: updated checklist; Verification: the first 3 items are placement/transport-focused.

Day 3 — VPC and Tenancy: Scope, Ownership, and Safe Shared Services

Study Content

• Review your three-layer tenancy safety model (ownership, visibility/scope, data-plane boundaries) and add 3 checks per layer.

• Write a “VPC operational meaning” page: what it isolates, how it relates to gateways/segments, and what to verify first.

• Create a shared services access pattern note: how to permit access without breaking isolation or leaking scope.

• Draft scenario answers: “Tenant A can’t reach shared services” and “Tenant admin changed shared objects.”

Tasks

Task 1: (1 pomodoro) Build the VPC verification checklist

Write a checklist that proves isolation and intended reachability (routing path exists, policy scope correct, ownership boundaries respected).
Deliverable: one checklist; Verification: includes at least one scope validation step and one forwarding validation step.

Task 2: (1 pomodoro) Shared services pattern writeup

Describe a safe pattern in 8–10 sentences (controlled attachment, explicit policy boundaries, minimal blast radius).
Deliverable: a short design note; Verification: it explicitly states what must remain tenant-local vs shared.

Task 3: (1 pomodoro) Scenario drill: “Tenant A can’t reach shared services”

Answer with the sequence: prove design allows path → validate scope/ownership → validate forwarding/policy.
Deliverable: a structured answer; Verification: includes one packet-walk boundary and one scope proof.

Task 4: (15 minutes) Spaced review (Week 2 Day 4)

Recall 5 scoping traps and their first proof tests from memory, then correct.
Deliverable: refreshed flashcards; Verification: each proof test is a validation, not a configuration change.

Day 4 — Stateful Services: Where State Lives and How to Prevent Asymmetry Failures

Study Content

• Re-read your state/symmetry notes and add “how ECMP/HA changes return paths” in one paragraph.

• Write a service-placement checklist: how to confirm where enforcement occurs and whether return traffic traverses the same point.

• Draft a scenario: “outbound works, return fails” and explain why this is often asymmetry, not a missing rule.

• Create a “fix category” guide: when the right fix is redesign (path predictability/service placement) vs simple rule adjustment.

Tasks

Task 1: (1 pomodoro) Service-placement and symmetry checklist

Write 10–12 checks that confirm consistent enforcement and predictable return paths.
Deliverable: checklist; Verification: at least 4 checks are “observe/confirm” tests, not “change settings.”

Task 2: (1 pomodoro) Scenario drill: “works until failover”

Write a design-focused response: assumption violated → design change → validation after change.
Deliverable: 10–12 sentence answer; Verification: includes one predicted symptom that disappears after the redesign.

Task 3: (1 pomodoro) Build the ‘fix category’ decision guide

Create a decision guide with 6 rows: symptom → likely mechanism → fix category (rule vs placement vs path predictability).
Deliverable: one-page guide; Verification: each row includes a proof test that confirms the mechanism.

Task 4: (15 minutes) Spaced review (Week 1 Day 2)

Recall your ECMP/HA cues and rewrite the top 6 cues from memory, then correct.
Deliverable: updated cue sheet; Verification: every cue has a “first proof test” line.

Day 5 — Federation Deployment Thinking: Prereqs, Milestones, and Minimal Proof Tests

Study Content

• Review the federation milestone sequence and write one minimal proof test per milestone.

• Create a “partial publication” diagnostic sheet: what it means, what it is not, and the first validations.

• Write a short dependency note on trust/identity: DNS/time sync/cert identity alignment and why mismatches cause partial outcomes.

• Draft scenario answers: “only one site receives policy updates” and “policy updates delayed after upgrade.”

Tasks

Task 1: (1 pomodoro) Federation milestones one-pager

Write the five milestones with exactly one proof test each (one line each).
Deliverable: milestone page; Verification: you can explain why each proof test is sufficient to proceed.

Task 2: (1 pomodoro) Partial publication diagnostic sheet

Create a sheet with: top 5 causes, top 5 “don’t assume this” traps, and first 3 validations.
Deliverable: diagnostic sheet; Verification: your first 3 validations include a trust/identity check and a publication/realization check.

Task 3: (1 pomodoro) Scenario drill: “Federation looks configured but Site B doesn’t get updates”

Answer with hypothesis → proof test → tool lens, and choose the next milestone to validate.
Deliverable: structured answer; Verification: you avoid jumping to routing fixes before proving publication/realization.

Task 4: (15 minutes) Spaced review (Week 2 Day 2)

Recall the shared-vs-local worksheet and rewrite 10 items from memory, then correct.
Deliverable: updated worksheet; Verification: you can label each item as shared intent or site-local dependency.

Day 6 — Monitoring and Day-2 Operations: Tool Choice, Health Triage, and Change Correlation

Study Content

• Build a “symptom-to-tool start” page: forwarding vs visibility, local vs systemic, deterministic vs intermittent.

• Write a minimal day-2 runbook: blast radius → change correlation → health lens → NSX realization → flow/path → logs.

• Create a post-change verification checklist (after upgrades/cert changes/DNS changes) that includes one datapath proof.

• Draft scenario answers: “dashboards blank but users OK” and “users broken but NSX health green.”

Tasks

Task 1: (1 pomodoro) Symptom-to-tool start matrix v1

Write a branching matrix that ends in: one proof test + the best starting lens for that branch.
Deliverable: matrix page; Verification: you can route 5 random symptoms to a start lens in under 60 seconds.

Task 2: (1 pomodoro) Day-2 runbook card

Compress the runbook into a 10-line card you can memorize and reuse.
Deliverable: runbook card; Verification: it includes both “change correlation” and “prove forwarding vs visibility” steps.

Task 3: (1 pomodoro) Post-change verification checklist

Write a checklist for upgrades/cert changes/DNS changes: identity/trust checks plus one datapath baseline test.
Deliverable: checklist; Verification: it includes an explicit “known-good baseline” step.

Task 4: (15 minutes) Spaced review (Week 1 Day 4)

Recall your role-based component inventory and rewrite it from memory (at least 6 rows), then correct.
Deliverable: updated inventory; Verification: each row has a first proof test.

Day 7 — Weekly Consolidation: Build Scripts + 12 Mini-Scenarios (Config-Focused)

Study Content

• Consolidate Week 3 into three scripts: (1) edge/Tier-0 baseline, (2) Tier-1/segment baseline, (3) tenancy/VPC baseline.

• Create 12 mini-scenarios (2 each): segments, Tier-1, Tier-0, edge readiness, tenancy/VPC scope, stateful services.

• For each scenario, write a 3-line answer: first boundary → first proof test → next action.

• Identify 4 weak spots and schedule them as the first items in Week 4’s troubleshooting/practice loop.

Tasks

Task 1: (1 pomodoro) Produce the 3 baseline scripts

Write three concise scripts you can reuse in practice questions and labs.
Deliverable: 3 scripts (one page each); Verification: each script is boundary-ordered and includes at least 5 proof cues.

Task 2: (1 pomodoro) Write 12 mini-scenarios + 3-line answers

Each answer must start with the earliest boundary and a proof test (not a config change).
Deliverable: 12 Q&A items; Verification: at least 8 answers include a known-good comparison or scope validation.

Task 3: (1 pomodoro) Teach-back: “How to avoid wrong-layer fixes”

Write a 250–350 word teach-back explaining why dependency order and proof tests prevent wasted troubleshooting.
Deliverable: teach-back text; Verification: includes one example where a policy change would be the wrong first move.

Task 4: (15 minutes) Spaced review (Week wrap)

Review your Week 3 scripts and rewrite the first two from memory, then correct.
Deliverable: corrected scripts; Verification: each still contains all boundary steps and proof cues.

---

Week 4 — Troubleshooting, Optimization, and Full Practice Loops

Week 4 Theme

Close the loop by practicing like the exam: fast layer identification, disciplined packet-walk answers, correct tool/lens choice, and design-vs-ops judgment—then use mistake logs to drive targeted review until your answers are short, correct, and repeatable under time pressure.

Day 1 — Troubleshooting Funnel and Tool/Lens Selection (Best-Next-Step)

Study Content

• Re-read the Deep troubleshooting “tool as hypothesis test” section and rewrite it into a 10-line “funnel card.”

• Practice classifying symptoms into forwarding vs visibility, local vs systemic, deterministic vs intermittent.

• Write 8 “best next step” answers using the format: hypothesis → proof test → tool/lens.

• Build a “don’t do first” trap list (jumping to logs, changing firewall rules, redesigning before proving the layer).

Tasks

Task 1: (1 pomodoro) Create the Troubleshooting Funnel Card

Write the funnel steps (scope → layer → smallest proof → lens/tool → deep evidence) in 10 lines.
Deliverable: one card page; Verification: you can apply it to a new symptom in under 45 seconds.

Task 2: (1 pomodoro) Drill: 8 best-next-step prompts

Answer 8 prompts in 3 lines each (hypothesis → proof test → lens/tool).
Deliverable: 8 mini-answers; Verification: each answer includes a proof test and avoids “check logs” as the first move.

Task 3: (1 pomodoro) Build the “Trap List” and Counter-Moves

List 6 common traps and a counter-move for each (what you do instead).
Deliverable: trap list; Verification: each trap has a measurable action (a proof test or comparison).

Task 4: (15 minutes) Spaced review (Week 3)

Recall your 3 baseline scripts (edge/Tier-0, Tier-1/segment, tenancy/VPC) from memory, then correct.
Deliverable: corrected scripts; Verification: each still has boundary order + proof cues.

Day 2 — Infrastructure Issues: Transport, MTU, Tunnels, Selective Failures

Study Content

• Revisit “selective failure” patterns (some hosts, large payloads, intermittent) and link each to a first proof test.

• Write an MTU reasoning note: symptom wording → why overlays can fail → what you test first.

• Create a “working vs broken VM” comparison worksheet and use it on 3 mini-scenarios.

• Add an “edge readiness vs transport readiness” distinction page.

Tasks

Task 1: (1 pomodoro) Selective Failure Decision Sheet

Create a one-page sheet: symptom shape → likely layer → first proof test → next step.
Deliverable: decision sheet; Verification: it covers at least 6 symptom shapes and starts with placement/transport checks.

Task 2: (1 pomodoro) MTU/Overlay quick drill (3 scenarios)

Write 3 short answers for “ping works but app fails” style scenarios, emphasizing MTU/fragmentation checks.
Deliverable: 3 mini-answers; Verification: each includes a proof test that could confirm MTU/overlay issues.

Task 3: (1 pomodoro) Working vs Broken comparison worksheet (applied)

Fill your worksheet for one “bad host group” case and one “bad edge node” case.
Deliverable: 2 filled worksheets; Verification: your conclusion is driven by differences you observed, not guesses.

Task 4: (15 minutes) Spaced review (Day 1)

Recall your funnel card and rewrite it from memory, then correct.
Deliverable: corrected funnel card; Verification: includes “forwarding vs visibility” as an early branch.

Day 3 — Connectivity and Routing Triage: Segment → Tier-1 → Tier-0 → Uplink

Study Content

• Rebuild the routing triage tree with one proof cue per boundary (gateway reachability, upstream default behavior, advertisement intent, uplink reachability).

• Practice 6 packet-walk answers: “can’t reach gateway,” “inter-segment fails,” “east-west ok but north-south down,” “one-way routing,” “only one subnet fails,” “works until change.”

• Write a “first broken boundary” rule: the earliest boundary that must work for all higher layers to work.

• Create a short “what to validate after you fix it” checklist (prevent recurrence).

Tasks

Task 1: (1 pomodoro) Build the Routing Triage Tree Card

Write the ordered boundaries and one decisive proof cue for each.
Deliverable: triage tree card; Verification: you can point to the earliest boundary for any scenario in under 30 seconds.

Task 2: (1 pomodoro) Packet-walk drill (6 prompts)

Answer 6 prompts in 6–8 lines each (path + decision points + one proof per hop).
Deliverable: 6 packet-walk answers; Verification: each hop includes exactly one “what I’d check” cue.

Task 3: (1 pomodoro) Create the Post-Fix Verification Checklist

Write 10 lines: what you verify after changes (baseline datapath test, scope checks, regression checks, known-good compare).
Deliverable: checklist card; Verification: includes at least one known-good comparison and one “re-test the original symptom” step.

Task 4: (15 minutes) Spaced review (Week 2)

Recall your centralized vs distributed decision matrix and apply it to one fresh scenario.
Deliverable: one decision writeup; Verification: includes the failure mode you avoided and one validation step.

Day 4 — ECMP/HA and Stateful Services: Symmetry and Return-Path Variability

Study Content

• Rewrite “symmetry is an invariant” into a short explanation you can use in exam answers.

• Create a “path variability triggers” checklist (ECMP hashing, failover, upstream route change) and link each to an observation/proof.

• Practice 4 scenarios where NAT/stateful firewall appears correct but sessions fail after failover.

• Write a design correction answer template: assumption violated → design change → validation.

Tasks

Task 1: (1 pomodoro) Symmetry Cheat Sheet (final)

Write 8 bullets: 4 why-symmetry-matters and 4 how-to-prove-symmetry.
Deliverable: cheat sheet; Verification: includes at least one decisive proof cue for asymmetry.

Task 2: (1 pomodoro) ECMP/HA trigger checklist (with tests)

List 8 triggers and one verification cue for each (what you would observe).
Deliverable: trigger checklist; Verification: every trigger maps to a measurable observation, not a configuration guess.

Task 3: (1 pomodoro) Scenario drill: “works until failover” (stateful)

Write a 10–12 sentence answer that proposes a design correction rather than rule tinkering.
Deliverable: structured answer; Verification: includes “design change” + “failure prevented” + “validation after change.”

Task 4: (15 minutes) Spaced review (Day 3)

Recall the routing triage tree card and rewrite it from memory, then correct.
Deliverable: corrected card; Verification: still contains one proof cue per boundary.

Day 5 — Multi-site and Federation Troubleshooting: Partial Publication vs Datapath

Study Content

• Revisit the federation milestone sequence and the “partial publication” failure class; rewrite both into one page.

• Practice distinguishing: control/intent publication issues vs datapath routing issues using scenario clues (“only one site,” “after cert rotation,” “policy delayed”).

• Build a “local-first validation” flow: prove local connectivity first, then inter-site, then shared-control/trust.

• Write 3 multi-site scenario answers that explicitly include trust/identity checks (DNS/time/cert identity alignment).

Tasks

Task 1: (1 pomodoro) Federation Milestones + Proof Tests (one page)

Write the 5 milestones with exactly one proof test each, plus a short note on what “partial publication” means.
Deliverable: one page; Verification: you can point to the next milestone to validate for any federation symptom.

Task 2: (1 pomodoro) Local-first validation flow (multi-site)

Write the step list: local datapath proof → inter-site proof → publication/trust proof.
Deliverable: validation flow card; Verification: each step includes one proof test and one best lens/tool choice.

Task 3: (1 pomodoro) Scenario drill: “Only Site B affected after certificate change”

Write hypothesis → proof tests → next action, treating it as identity/trust + publication boundary until datapath evidence contradicts.
Deliverable: structured answer; Verification: includes one trust check and one policy publication/realization check.

Task 4: (15 minutes) Spaced review (Week 1)

Recall your role-based component inventory and rewrite at least 6 component classes from memory, then correct.
Deliverable: updated inventory; Verification: each class has a failure signature and first proof test.

Day 6 — Full Mixed Practice: Timed Sets + Mistake Log Loop

Study Content

• Do a timed mixed set: 25 prompts split across design, deployment/config, and troubleshooting.

• After each prompt, score yourself using: path clarity, enforcement point, first proof test, correct layer/tool choice.

• Build a mistake log with categories (wrong layer, missing boundary, scope confusion, skipped proof test, over-explained).

• Re-study only the weakest two categories and redo 10 prompts.

Tasks

Task 1: (2 pomodoros) Timed mixed set (25 prompts)

Answer 25 prompts under time pressure using short templates (3 lines for best-next-step; 6–8 lines for packet walk).
Deliverable: 25 answers; Verification: at least 20 include an explicit proof test and a named boundary.

Task 2: (1 pomodoro) Build the Mistake Log (categorized)

Review your answers and categorize misses into 5 buckets with a one-line correction rule each.
Deliverable: mistake log table; Verification: each miss has a correction rule you can apply next time.

Task 3: (1 pomodoro) Targeted re-study + rewrite

Pick your two weakest buckets and rewrite 10 answers using the corrected template.
Deliverable: 10 improved answers; Verification: each corrected answer explicitly addresses the prior mistake.

Task 4: (15 minutes) Spaced review (Day 2)

Recall your selective failure decision sheet and apply it to one new prompt.
Deliverable: one applied decision; Verification: your first step is a placement/transport proof, not a policy change.

Day 7 — Final Consolidation: Readiness Checklist and “Exam-Style” Answer Discipline

Study Content

• Produce a final one-page cheat sheet: triage funnel, routing triage boundaries, tool selection matrix, ECMP/HA + symmetry cues, multi-site local-first flow.

• Re-run 12 “must-win” prompts (the ones that commonly appear: north-south down, selective hosts, post-upgrade oddities, tenant scope leak, policy not syncing).

• Write a readiness checklist: what you can explain confidently and what you will avoid doing first.

• Plan your last 48-hour revision cycle using your mistake log categories.

Tasks

Task 1: (1 pomodoro) Build the Final One-Page Cheat Sheet

Compress your best cards into one page with headings and bullet cues.
Deliverable: one-page sheet; Verification: you can answer 5 random prompts using only this sheet.

Task 2: (1 pomodoro) Run 12 must-win prompts (timed)

Answer 12 prompts with strict brevity and correctness (template-driven).
Deliverable: 12 answers; Verification: each answer contains a proof test, a boundary, and a tool/lens choice.

Task 3: (1 pomodoro) Readiness checklist + “don’t do first” pledge

Write a checklist of 10 readiness items and 6 “don’t do first” behaviors you will avoid.
Deliverable: checklist; Verification: each item is measurable (“I can write X in Y lines”).

Task 4: (15 minutes) Spaced review (Week wrap)

Review your mistake log and rewrite the top 5 correction rules as flashcards, then test yourself.
Deliverable: 5 correction flashcards; Verification: you can recall all 5 rules without notes.