Zero Touch Provisioning (ZTP) is a Junos future, very useful when deploying new devices. Basically it allows you to provision all necessary config and software versions with a single cable plug (no extra work needed).
When the new switch arrived all you need to do is take it out of the box power it up and plug it into the network (via management port or any network port).
ZTP was first introduced in Junos 12.2 (know as EZ Touchless Provisioning) since that time it is supporting wider range fo devices including EX , SRX , QFX and more on the roadmap.
I would like to describe a configuration based on Raspberry Pi box as a server. DHCP is used to instruct switch with a details related to config file and install package to fetch. I will use open source software to prepare RPI with needed tools to perform full config and image deployment.
Software needed isc-dhcp-server, vsftp, junos image (for software / junos version upgrade)
RPI network interface setup
RPI have one ethernet interface and one wi-fi connection. Ethernet is used to setup DHCP interface to propagate settings and wi-fi will be used fo management only (remote access).
nano /etc/network/interfacesauto wlan0
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 10.100.10.1
netmask 255.255.255.0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
DHCP sever
DHCP server is responsible for assigning IP addresses to our box (e.g. ex switch). Send instructions regarding config file / software file to upgrade (location of files on ftp server), but also can be used to setup values like hostname, ntp or dns servers.
To install isc-dhcp-server on RPI preinstalled software have to be disabled.
update-rc.d dhcpcd disableUpdating dhcpd.conf
nano /etc/dhcp/dhcpd.conf# dhcpd.conf
#
# Setting up the options....
#
# option definitions common to all supported networks...
option domain-name "mnsbone.net";
option domain-name-servers ns1.mnsbone.net, ns2.example.org;
option space NEW_OP;
option NEW_OP.image-file-name code 0 = text;
option NEW_OP.config-file-name code 1 = text;
option NEW_OP.image-file-type code 2 = text;
option NEW_OP.transfer-mode code 3 = text;
option NEW_OP.alt-image-file-name code 4= text;
option NEW_OP.http-port code 5= text;
option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;
default-lease-time 60;
max-lease-time 7200;
################################################
### Defining the pool and using the options ###
################################################
subnet 10.100.10.0 netmask 255.255.255.0 {
range 10.100.10.10 10.100.10.20;
option tftp-server-name "10.100.10.1";
option NEW_OP.transfer-mode "ftp";
option NEW_OP.image-file-name "/pub/images/ex3400/junos-arm-32-18.2R3-S1.7.tgz";
option NEW_OP.config-file-name "/pub/config/jn-switch32.config";
}
FTP server setup
nano /etc/vsftpd.conflisten=YES
#listeni_ipv6=YES
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES
anon_root=/var/ftp/
no_anon_password=YES
hide_ids=YES
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#connect_from_port_20=YES
listen_port=21
Change owner for /var/ftp/
chown nobody:nobody /var/ftp/ZTP in action
After the DHCP and FTP is setup we have to upload config file and image into the ftp folder on the RPI, connect it directly or via switch into MGMT port of the switch and power it on…
Now is the magic happening:
Last login: Thu Jan 1 00:12:28 on ttyu0
--- JUNOS 18.2R3.4 Kernel 32-bit JNPR-11.0-20190605.30b921f_buil
root@:RE:0% cli
{master:0}
root>
Auto Image Upgrade: DHCP Client Bound interfaces: vme.0
Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0
Auto Image Upgrade: To stop, on CLI apply
"delete chassis auto-image-upgrade" a
Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0
Auto Image Upgrade: To stop, on CLI apply
"delete chassis auto-image-upgrade" and commit
Auto Image Upgrade: Active on client interface: vme.0
Auto Image Upgrade: Interface:: "vme"
Auto Image Upgrade: Server:: "10.100.10.1"
Auto Image Upgrade: Image File:: "junos-arm-32-18.2R3-S1.7.tgz"
Auto Image Upgrade: Config File:: "jn-switch35.config"
Auto Image Upgrade: Protocol:: "ftp"
Auto Image Upgrade: FTP timeout set to 7200 seconds
Auto Image Upgrade: Start fetching jn-switch35.config file from server 10.100.1
0.1 through vme using ftp
Auto Image Upgrade: File jn-switch35.config fetched from server 10.100.10.1 thr
ough vme
Auto Image Upgrade: FTP timeout set to 7200 seconds
Auto Image Upgrade: Start fetching junos-arm-32-18.2R3-S1.7.tgz file from serve
r 10.100.10.1 through vme using ftp
Auto Image Upgrade: File junos-arm-32-18.2R3-S1.7.tgz fetched from server 10.10
0.10.1 through vme
Auto Image Upgrade: To install /var/tmp/junos-arm-32-18.2R3-S1.7.tgz image fetc
hed from server 10.100.10.1 through vme
WARNING!!! On successful image installation, system will reboot automatically
Auto Image Upgrade: Installation of /var/tmp/junos-arm-32-18.2R3-S1.7.tgz image
fetched from server 10.100.10.1 through vme is done, proceeding for reboot of
system
Broadcast Message from root@jn-switch3400
(no tty) at 0:13 UTC...
Auto image Upgrade: Stopped
*** System shutdown message from root@jn-switch3400 ***
System going down in 1 minuteAfter this process switch will boot with new software and new config applied.
In case of any problems with image installation, clear switch storage via:
request system storage cleanup This will free up some space. Then give it a second shoot.
For more advance config option check the juniper docs they are really useful.