Juniper Zero Touch Provisioning in action on QFX 5100

Posted on

Juniper ZTP (Zero Touch Provisioning) feature allows us to provision an out-of-the-box Juniper QFX switch without remote hands (to the cli).

ZTP can be triggered either after a system factory defaults (>request system zeroize) or by enabling dhcp client on an interface facing the dhcp server or by committing # set chassis auto-image-upgrade .

Deploying and provisioning QFX 5100 switch with ZTP


{master:0}[edit]
admin@qfx5100# delete interfaces irb.0 

{master:0}[edit]
admin@qfx5100# set interfaces irb.0 family inet dhcp vendor-id test 

{master:0}[edit]
admin@qfx5100# set chassis auto-image-upgrade 

{master:0}[edit]
admin@qfx5100# commit                                                  

                                                                               
Auto Image Upgrade: DHCP Options for client interface irb.0:                   
ConfigFile: /var/ftp/pub/qfx5100.config ImageFile: /var/ftp/pub/jinstall-qfx-5
-13.2X51-D21.1-domestic-signed.tgz Gateway: 172.17.8.1 File Server: 172.17.8.
1 Options state: All options set                                                                               
configuration check succeeds
commit complete

{master:0}[edit]
admin@qfx5100#                                                                                
Auto Image Upgrade: DHCP Client Bound interfaces: irb.0                                                                                 
                                                                               
Auto Image Upgrade: DHCP Client Unbound interfaces: ge-0/0/0.0                                                                                 
                                                                               
Auto Image Upgrade: Active on client interface: irb.0                                                                               

error: remote side unexpectedly closed connection

qfx5100 (ttyd0)

login: lab
Password:

--- JUNOS 13.2X51-D15.5 built 2014-03-06 10:05:33 UTC
{master:0}
admin@qfx5100>                                                                                
Auto Image Upgrade: Interface::   "irb"                                        

Auto Image Upgrade: Server::      "172.17.8.1"                                

Auto Image Upgrade: Image File::  "jinstall-qfx-5-13.2X51-D21.1-domestic-signed
.tgz"                                                                          

Auto Image Upgrade: Config File:: "qfx5100.config"                            

Auto Image Upgrade: Gateway::     "172.17.8.1"                                

Auto Image Upgrade: Protocol::    "ftp"                                        
                                                                               
                                                                               
Auto Image Upgrade: Start fetching qfx5100.config file from server 172.17.8.1 through irb using ftp                                                         
                                                                               
                                                                               
Auto Image Upgrade: File qfx5100.config fetched from server 172.17.8.1 through irb                                                                          
                                                                               
                                                                               
Auto Image Upgrade: Start fetching jinstall-qfx-5-13.2X51-D21.1-domestic-signed.tgz file from server 172.17.8.1 through irb using ftp

In order for ZTP to function, the DHCPD server needs to provide DHCP option 43 and suboptions 00, 01, 02 and 03 representing the QFX 5100 Junos image, QFX Configuration file, filetype and transfer mode (ftp) and option 150 representing the ftp server IP address.

ISC Dchpd configuration:


#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample  
#

set vendor-string = option vendor-class-identifier;
ddns-update-style none;
default-lease-time 3600;
log-facility local7;
max-lease-time 28800;

option option-150 code 150 = ip-address;
subnet 172.17.8.0 netmask 255.255.255.0 {
        option routers                  172.17.8.1;
        option subnet-mask              255.255.255.0;
        default-lease-time 28800;
        max-lease-time 32200;
            range 172.17.8.100 172.17.8.225;

}


option space SUNW;
option SUNW.server-image code 4 = text;
option SUNW.server-image code 0 = text;
option SUNW.server-file  code 1 = text;
option SUNW.image-file-type code 2 = text;
option SUNW.transfer-mode  code 3 = text;
option SUNW-encapsulation code 43 = encapsulate SUNW;


host qfx5100 {
        hardware ethernet dc:38:e1:5c:a9:00;
        fixed-address 172.17.8.111;
        option option-150 172.17.8.1;# Define FTP Server Address
        option SUNW.server-image "/var/ftp/pub/jinstall-qfx-5-13.2X51-D21.1-domestic-signed.tgz";
        option SUNW.server-file "/var/ftp/pub/qfx5100.config";
        option SUNW.transfer-mode "ftp";
}

Related posts:

  1. How to load config from file in Junos
  2. How to show Juniper platform and Junos version
  3. Juniper ACX: Layer 2 bridge between access interfaces
Posted in Juniper, Juniper Switching and tagged , , .

Leave a Reply

Your email address will not be published. Required fields are marked *


1 × = two

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>