Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Zero Touch Provisioning Using DHCPv6 Options

 

Zero Touch Provisioning (ZTP) allows for automatic provisioning of Juniper Network devices that you add to your network. You can provision any supported device by using either a script to be executed or a configuration file to be loaded.

To use ZTP, you configure a DHCP server to provide the required information. If you do not configure the DHCP server to provide this information, the device boots with the preinstalled software and default factory configuration. If your device is not in a factory default state, you can issue the request system zeroize command.

Note

Starting in Junos OS Release 20.2R1-S1, the DHCPv6 client is supported the MX-Series, EX3400, EX4300, QFX5100, and QFX5200 switches. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. The DHCP server uses DHCPv6 options 59 and 17 and applicable sub-options to exchange ZTP-related information between itself and the DHCP client.

The DHCPv6 protocol doesn't have a subnet option for the IA_NA (identity association for non-temporary addresses) to learn and install subnet routes. Instead, the subnet route is installed through Neighbor Discovery Protocol.

In IPv6, devices periodically advertise IPv6 prefixes along with other link parameters using Router Advertisement (RA) messages. On the client (Juniper device running ZTP), once the DHCPv6 client is bound, the Neighbor Discovery Protocol (NDP) will learn these prefixes and installs the prefix routes via the client interface, with the next hop as the link to the local address of the gateway device.

On the client device, router advertisement configuration is enabled by default along with the DHCPv6 configuration.

  • Ensure that the device has access to the following network resources:

    • The DHCP server that provides the location of the software image and configuration files on the network

      Refer to your DHCP server documentation for configuration instructions.

    • On the MX Series, the File Transfer Protocol (anonymous FTP), Trivial File Transfer Protocol (TFTP), Hypertext Transfer Protocol (HTTP), or Hypertext Transfer Protocol Secure (HTTPS) server on which the software image and configuration files are stored.

      Caution

      HTTP URLs are limited to 256 characters in length.

    • On the EX3400, EX4300, QFX5100, and QFX5200 devices, the Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) server on which the software image and configuration files are stored.

      Caution

      HTTP URLs are limited to 256 characters in length.

  • Locate and record the MAC address printed on the device.

Caution

You cannot commit a configuration while the device is performing the software update process. If you commit a configuration while the device is performing the configuration file autoinstallation process, the process stops, and the configuration file is not downloaded from the network.

To use zero touch provisioning for a device using DHCPv6 options:

  1. Boot the device.
  2. Make sure the device has the default factory configuration installed.
    • If multiple DHCP replies arrive, the ZTP chooses the best set of arguments.

    • If multiple interfaces provide the same arguments, ZTP chooses one of the equal interfaces.

    • If there is an error while connecting to the DHCP server, ZTP tries again to connect to the DHCP server. If multiple interfaces again provide the same arguments, ZTP chooses one of the interfaces.

    We recommend you to provision the DHCP server and save the software and configuration file in the specified DHCP server path on the file server.

  3. Download the software image file and the configuration file to the FTP, HTTP, HTTPS, or TFTP server from which the device will download these files.
  4. Configure the DHCP server to provide the necessary information to the device.
  5. Configure IP address assignment.

    You can configure dynamic or static IP address assignment for the management address of the device. To determine the management MAC address for static IP address mapping, add 1 to the last byte of the MAC address of the device, which you noted before you began this procedure.

  6. Define the format of the DHCPv6 option 59 (OPT_BOOTFILE_URL) in the dhcpd6.conf file, so the server can send information about URLs to images to the client. Note

    Only the HTTP and HTTPS transport protocols are supported on the EX3400, EX4300, QFX5100, and QFX5200 devices.

    Here’s the format for this option:

    transfer-mode://[<ipv6-address>]:<port-number>/<path/image-file-name>

    For example:

    The transfer mode and IPv6 address are required, but the port number is optional. If you do not specify the port number, the default port number of the transfer mode is used. If you specify the port number in options 17 and 59, then the port number mentioned in option 17 vendor-specific information option is used.

    You can specify the image file name in either option 59 or option 17. If the image file name is mentioned in both options 59 and 17, then the image name mentioned in option 17 vendor-specific information option is used.

  7. Define the format of the vendor-specific information for the following DHCP option 17 suboptions:

    Here is an example of an ISC DHCP 4.2 server dhcpd6.conf file:

    • Suboption 00: The name of the software image file to install.

      Note

      When the DHCP server cannot use suboption 00, configure the software image filename using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

    • Suboption 01: The name of the script or configuration file to install.

      Note

      ZTP determines if the file is a script file based on the first line of the file. If the first line contains the characters #! followed by an interpreter path, ZTP treats the file as a script and executes it with the specified interpreter path. In order for a script to execute, the script file must provide the ability to fetch and load a valid configuration file on the device during the ZTP process.

      The following list provides the types of scripts and their associated interpreter paths:

      • Shell script interpreter path: #!/bin/sh

      • SLAX script interpreter path: #!/usr/libexec/ui/cscript

      • Python script interpreter path: #!/usr/bin/python

        For security reasons, Junos OS has strict requirements for running unsigned Python scripts on devices running Junos OS. Only devices running Junos OS with Enhanced Automation and devices running Junos OS Evolved support running unsigned Python scripts as part of the ZTP process.

      If the file does not contain special characters (#!) , ZTP determines that the file is a configuration file and loads the configuration file.

    • Suboption 02: The image type.

      Note

      If you do not specify suboption 2, the ZTP process handles the software image as a filename, not a symbolic link.

    • Suboption 03: The transfer mode that the device uses to access the TFTP, FTP, HTTP, or HTTPS server.

      Note

      If suboption 03 is not configured, the transfer mode mentioned in option 59 for the boot image URL is used.

    • Suboption 04: The name of the software image file to install.

      Note

      When the DHCP server cannot use suboption 00, configure the image file using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

    • Suboption 05: The port that the device uses to download either the image or configuration file or both instead of the default port.

    • Suboption 06: The JLoader package file name (supported only on QFX5100 devices)

    • Suboption 07: FTP timeout code.

    • The DHCPv6 protocol defines the Vendor-specific Information Option ("VSIO”) in order to send vendor options encapsulated in a standard DHCP option.

    The following sample configuration shows the DHCPv6 options you’ve just configured:

  8. Power on the device with the default configuration.
  9. Monitor the ZTP process by looking at the the console. Note

    When SLAX scripts are executed, the op-script.log and event-script.log files are produced.

    You can also use these log files to troubleshoot in case something goes wrong.

    • /var/log/dhcp_logfile

      Use this file to check DHCP client logs.

    • /var/log/event-script.log

      Use this file to check configuration commit status.

    • /var/log/image_load_log

      Use this file to check software image and configuration file fetch and installation status.

    • /var/log/messages

      Use this file to check system-level logs.

    • /var/log/op-script.log

      Use this file to check configuration commit status.

    • /var/log/script_output

      Use this file to check script execution output.

    You can also monitor the ZTP process by looking at error messages and issuing operational commands. See Monitoring Zero Touch Provisioning for more information.