ZTP – and enjoy your coffee!

Zero Touch Provisioning (ZTP) is a Junos future, very useful when deploying new devices. Basically it allows you to provision all necessary config and software versions with a single cable plug (no extra work needed).

When the new switch arrived all you need to do is take it out of the box power it up and plug it into the network (via management port or any network port).

ZTP was first introduced in Junos 12.2 (know as EZ Touchless Provisioning) since that time it is supporting wider range fo devices including EX , SRX , QFX and more on the roadmap.

I would like to describe a configuration based on Raspberry Pi box as a server. DHCP is used to instruct switch with a details related to config file and install package to fetch. I will use open source software to prepare RPI with needed tools to perform full config and image deployment.

Software needed isc-dhcp-server, vsftp, junos image (for software / junos version upgrade)

RPI network interface setup

RPI have one ethernet interface and one wi-fi connection. Ethernet is used to setup DHCP interface to propagate settings and wi-fi will be used fo management only (remote access).

nano  /etc/network/interfaces
auto wlan0
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 10.100.10.1
  netmask 255.255.255.0
  
allow-hotplug wlan0
iface wlan0 inet dhcp
  wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

DHCP sever

DHCP server is responsible for assigning IP addresses to our box (e.g. ex switch). Send instructions regarding config file / software file to upgrade (location of files on ftp server), but also can be used to setup values like hostname, ntp or dns servers.

To install isc-dhcp-server on RPI preinstalled software have to be disabled.

update-rc.d dhcpcd disable

Updating dhcpd.conf

nano /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Setting up the options....
#

# option definitions common to all supported networks...
option domain-name "mnsbone.net";
option domain-name-servers ns1.mnsbone.net, ns2.example.org;

option space NEW_OP; 
option NEW_OP.image-file-name code 0 = text; 
option NEW_OP.config-file-name code 1 = text; 
option NEW_OP.image-file-type code 2 = text; 
option NEW_OP.transfer-mode code 3 = text; 
option NEW_OP.alt-image-file-name code 4= text; 
option NEW_OP.http-port code 5= text;
option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;

default-lease-time 60;
max-lease-time 7200;

################################################
### Defining the pool and using the options  ###
################################################


subnet 10.100.10.0 netmask 255.255.255.0 {
  range 10.100.10.10 10.100.10.20;
   option tftp-server-name "10.100.10.1";
   option NEW_OP.transfer-mode "ftp";
   option NEW_OP.image-file-name "/pub/images/ex3400/junos-arm-32-18.2R3-S1.7.tgz";
   option NEW_OP.config-file-name "/pub/config/jn-switch32.config";
}

FTP server setup

nano  /etc/vsftpd.conf
listen=YES
#listeni_ipv6=YES


# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES

anon_root=/var/ftp/
no_anon_password=YES
hide_ids=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
#connect_from_port_20=YES
listen_port=21

Change owner for /var/ftp/

 chown nobody:nobody /var/ftp/

ZTP in action

After the DHCP and FTP is setup we have to upload config file and image into the ftp folder on the RPI, connect it directly or via switch into MGMT port of the switch and power it on…

Now is the magic happening:

Last login: Thu Jan  1 00:12:28 on ttyu0

--- JUNOS 18.2R3.4 Kernel 32-bit  JNPR-11.0-20190605.30b921f_buil
root@:RE:0% cli
{master:0}
root>                                                                                                                                                                                        
Auto Image Upgrade: DHCP Client Bound interfaces: vme.0                                                                                                                                      

Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0                                                                                                                                    

Auto Image Upgrade: To stop, on CLI apply
"delete chassis auto-image-upgrade"  a

Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0                                                                                                                                    

Auto Image Upgrade: To stop, on CLI apply
"delete chassis auto-image-upgrade"  and commit

Auto Image Upgrade: Active on client interface: vme.0

Auto Image Upgrade: Interface::   "vme"

Auto Image Upgrade: Server::      "10.100.10.1"

Auto Image Upgrade: Image File::  "junos-arm-32-18.2R3-S1.7.tgz"

Auto Image Upgrade: Config File:: "jn-switch35.config"

Auto Image Upgrade: Protocol::    "ftp"


Auto Image Upgrade: FTP timeout set to 7200 seconds


Auto Image Upgrade: Start fetching jn-switch35.config file from server 10.100.1
0.1 through vme using ftp


Auto Image Upgrade: File jn-switch35.config fetched from server 10.100.10.1 thr
ough vme


Auto Image Upgrade: FTP timeout set to 7200 seconds


Auto Image Upgrade: Start fetching junos-arm-32-18.2R3-S1.7.tgz file from serve
r 10.100.10.1 through vme using ftp


Auto Image Upgrade: File junos-arm-32-18.2R3-S1.7.tgz fetched from server 10.10
0.10.1 through vme


Auto Image Upgrade: To install /var/tmp/junos-arm-32-18.2R3-S1.7.tgz image fetc
hed from server 10.100.10.1 through vme


WARNING!!! On successful image installation, system will reboot automatically


Auto Image Upgrade: Installation of /var/tmp/junos-arm-32-18.2R3-S1.7.tgz image
 fetched from server 10.100.10.1 through vme is done, proceeding for reboot of
system


Broadcast Message from root@jn-switch3400
        (no tty) at 0:13 UTC...

Auto image Upgrade: Stopped


*** System shutdown message from root@jn-switch3400 ***

System going down in 1 minute

After this process switch will boot with new software and new config applied.

In case of any problems with image installation, clear switch storage via:

request system storage cleanup 

This will free up some space. Then give it a second shoot.

For more advance config option check the juniper docs they are really useful.