Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Deploying ACX Routers Using the ZTD Pull Method

 

This example demonstrates zero touch deployment (ZTD) for ACX routers using the Pull method.

Requirements

This example uses the following hardware and software components:

  • Three MX240 routers

  • Five provisioned ACX2100 routers

  • One unboxed ACX2100 router

  • Configuration server with DHCP, TFTP, and FTP services enabled

  • Junos OS Release 15.1 and later

Overview

This example describes the tasks required to enable ZTD for new ACX routers in a service provider network while ensuring minimal involvement from the deployment technician and the MSP NOC personnel.

Preparing Configuration Templates and Scripts for ACX Deployment Phases

The ZTD process involves a set of configuration files and scripts that are downloaded and executed on provisioned boxes at time of deployment. These scripts and configuration files must be prepared and placed into the TFTP/FTP repository of the configuration server in advance.

The following configuration files are required:

  • The basic configuration template is downloaded to the bootstrapping node as part of the autoinstallation process. A separate configuration file should be created for each platform—ACX500, ACX1100, ACX2100, ACX4000, ACX5000—and placed into the predefined directory of the TFTP server.

    The basic configuration template includes:

    • System configuration settings, such as administrative access and management protocols

    • Event options to execute the first (Phase 0) op script (stored on the FTP server)

    • URL and name of the global configuration template (stored on the FTP server)

    • URL and name of the image file of the recommended Junos OS version (stored on the FTP server)

  • The global configuration template contains router configuration common across all access routers, which are sharing the same network roles.

    The global configuration template may include:

    • Minimum settings for administrative access

    • Network services configuration for DNS, FTP, HTTP, NTP, and so on

    • Network management: SNMP, SYSLOG, Netconf, SSHv2

    • Configuration templates for networking protocols

    • Configuration templates for user and core facing interfaces

    • URL and input parameters for the of the ZTD Phase 1 and Phase 2 scripts

    • List of uplink interfaces, also known as network-to-network interfaces (NNIs) that are used to connect the ACX router to the network

    • ID of the management VLAN (referred to in the configuration as the OAM VLAN)

    • Host-name prefix: “csr-“, “an-“ or “agn-“

The following scripts are required:

  • ZTD Phase 0 script execution is triggered by the event option in the basic configuration template. The script downloads and commits the global configuration template to the ACX router.

  • ZTD Phase 1 script execution is triggered by the event option in the global configuration. The script assigns the NNIs to a management VLAN.

  • ZTD Phase 2 script execution is triggered by the event options in the global configuration. The script upgrades the Junos OS version to the recommended version, and downloads and commits the router-specific configuration to the ACX router.

Aggregation Router Configuration Overview

New ACX routers generally won’t have direct Layer 2 connectivity to the DHCP service of the configuration server. To enable this connectivity, routers in the aggregation segment must be configured prior to starting the ZTD process.

Management access to the access segment is provided by the shared management (OAM) VLAN. At the aggregation routers, the VLAN is terminated into a dedicated virtual-switch instance with a bridge domain.

The VSTP protocol is used to avoid Layer 2 broadcast storms within the management VLAN.

The native VLAN function must be enabled on the access segment-facing interfaces of the aggregation routers, and configured with the VLAN ID of the management VLAN. This configuration allows untagged DHCP frames from the new ACX router to be forwarded to the management bridge domain and on to the configuration server.

An integrated routing and bridging (IRB) interface on each aggregation router provides connectivity between the Layer 2 management bridge domain and the Layer 3 domain of the management network.

Finally a DHCP relay function must be enabled on top of the IRB interface. The IP address assigned to the IRB interface serves as a default gateway for the management network of the ACX routers. The IP address also indicates to the DHCP server which address range will be used to assign management addresses to the ACX router in the given access segments.

DHCP Configuration Overview

You can use any standard DHCP server that meets the requirements specified by RFC 2131. The DHCP server must be able to manage address pools and ranges per ACX router platform or class (DHCP option 60).

The DHCP server configuration elements used in this example include the following:

  • Classes created to match the values of option 60 (vendor class identifier) sent in the DHCPDISCOVER message from the client

    • This configuration example is applicable to ACX2100, ACX4000, and ACX5096 routers. A fourth class, CSR, is included to match DISCOVERY requests received with option 60 set to CSR-acx.

  • URL to the basic configuration file that is loaded during Phase 0 of the ZTD process

  • Address pools per access segment

    • This example uses two address pools created for ACCESS SEGMENT 1 and ACCESS SEGMENT 10.

  • Address ranges associated with the device classes.

    • This example includes two address ranges per address pool. Once the ACX router downloads and commits the basic configuration, the device sends a new DHCP request with option 60 set to CSR-acx. A new IP address is then assigned to the ACX router that puts it in the management VLAN.

Topology

Figure 1 depicts a topology for zero touch deployment of an ACX router using the Pull method. The topology has three ACX routers in each access segment. The new ACX router being deployed in ACCESS SEGMENT 1 has its interface ge-1/2/0 connected to interface ge-1/2/0 on router Agg1 in the aggregation segment. Aggregation router Agg1 has an interface is connected to the provider edge router. The configuration server is also connected to the provider edge router. It acts as a DHCP, TFTP, and FTP server, and hosts the scripts, configuration files, and Junos OS images required to deploy the new ACX router.

Figure 1: Topology Diagram for Zero Touch Deployment Using the Pull Method
Topology Diagram for
Zero Touch Deployment Using the Pull Method
Note

The configurations in this example include deployment-specific parameters such as root authentication, FTP URLs, server IP address, Junos OS version, and so on. Adjust these variables to suit your network environment.

Configuration

To deploy ACX routers by using the zero touch deployment Push method, perform these tasks:

Creating the Basic Configuration File for the New ACX Router

Step-by-Step Procedure

To create a basic configuration template for the new ACX 2100 router:

  1. Copy the following configuration to a text editor.
  2. Save the configuration as acx2100.conf.

Creating the Global Configuration File for the New ACX Router

Step-by-Step Procedure

To create a global configuration template for the new ACX 2100 router:

  1. Copy the following configuration to a text editor.
  2. Save the configuration as acx_global_config.conf.

Configuring DHCP, TFTP, and FTP Services on the Configuration Server

Step-by-Step Procedure

To create a enable DHCP, TFTP, and FTP services on a Linux-based configuration server:

  1. Copy the following configuration to a text editor:
  2. Save the file as dhcpd.conf, in the /etc/dhcp/ directory on the Linux system.
  3. Enable TFTP and FTP server functionality on the configuration server. Use the username ztdadmin.
  4. Setup TFTP and FTP directory structures and save the basic configuration files, global configuration file, router-specific configuration files, Junos OS images, and ZTD scripts, as shown in Figure 2.
    Figure 2: TFTP and FTP Directory Structure
    TFTP and FTP Directory Structure
    Note

    The ZTD scripts can be found in the section ACX Deployment Scripts.

Configuring Aggregation Routers

CLI Quick Configuration

To quickly configure aggregation routers Agg1 and Agg2 for the ZTD process, copy the following commands, remove any line breaks, and then paste the commands into the CLI.

Router Agg1

Router Agg2

Note

This configuration is included for reference only. This configuration example does not require router Agg2.

Step-by-Step Procedure

To configure the aggregation routers:

Note

For brevity, only aggregation router Agg1 is shown here.

  1. Create the access-facing interface toward the new ACX router.
  2. Create the IRB interface to act as the ACX router’s default gateway.
    Note

    This configuration example uses a stand-alone aggregation device. The VRRP configuration elements are included as a reference for cases where dual-homed connectivity is desired for the access devices. If your environment uses this setup, ensure that the router-option value in the DHCP server configuration uses the virtual IP address.

  3. Create a bridge domain.
  4. Create the DHCP relay settings to forward the ACX router’s DHCP requests to the DHCP (configuration) server.

Deploying the ACX Router

Step-by-Step Procedure

To deploy the ACX router:

  1. Unpack the ACX router, power it on, and connect the designated interface to the network.

    For this example, the new the ACX2100 router uses interface ge-1/2/0.

    Once the router boots up, the autoinstallation function of the ACX router communicates with the DHCP server, acquires an initial IP address, downloads and commits the basic configuration template, and proceeds to use the ZTD scripts to setup the device, as follows:

    • When the basic configuration is committed to the ACX router, the event options in the basic configuration trigger the execution of the ZTD Phase 0 script. This script downloads and commits the global configuration.

    • When the global configuration is committed to the ACX router, the event options in the global configuration trigger the execution of the ZTD Phase 1 script. The ZTD Phase 1 script assigns the NNIs to a management (OAM) VLAN.

    • The global configuration also triggers the execution of the ZTD Phase 2 script. The ZTD Phase 2 script validates and upgrades the Junos OS to the recommended version, and commits the router-specific configuration to the ACX router.

    Note

    The ZTD scripts can be found in the section ACX Deployment Scripts.

  2. Verify that the ACX router has its full and proper configuration using the verification steps in the next section.

Verification

Use the following procedures to verify the deployment of ACX routers using the Pull method:

Note

To verify the basic configuration, global configuration, configuration through scripts, and Junos OS upgrades, it is helpful to be connected to a system log server to receive notifications about the execution of scripts, configuration downloads, and so on, as they happen. As you receive appropriate notifications, you can then further verify the configuration downloads and Junos OS upgrades by establishing an SSH connection to the ACX router and using the verification steps below.

Verifying the Progress of the ZTD Process

Purpose

Verify the progress of the ZTD process and verify the basic configuration, global configuration, configuration through scripts, and Junos OS upgrades.

Note

This step can be used in conjunction with the appropriate verification procedures below, depending on the stage of the ZTD process.

The monitor start command allows you to view entries being added to a log file in real-time. In this example, the ZTD process is logged to the file op-script.log. You can use this method to monitor the ZTD process as it is happening.

Immediately after the basic configuration is applied, you should be able to gain access to the ACX router using SSH and the initial IP address provided by DHCP server. Note that as the process moves forward, your session will be broken a few times, as the initial IP address is reconfigured to a permanent IP address, and the router reboots to complete its OS upgrade.

If the process has an issue at any point, you will be able to review the log file generated by script and identify what went wrong.

Note

While not typical, if you happen to have console access to the ACX router, you can use this method to monitor the process and read ZTD log file in real-time, without interruption.

Action

SSH to the ACX router. Enter configuration mode and execute the monitor start op-script.log command.

Meaning

The output confirms that the installation process worked correctly, and the ZTP script phases completed successfully.

Verifying the Basic Configuration on the ACX Router

Purpose

Verify that the basic configuration is downloaded and committed on the ACX router.

This occurred during Phase 0 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration command.

Meaning

Phase 0 of the ZTD deployment process was successfully initiated. and the basic configuration was downloaded and committed on the ACX router.

Verifying the Global Configuration on the ACX Router

Purpose

Verify that the global configuration is downloaded and committed on the ACX router.

This occurred during Phase 0 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration command.

Meaning

Phase 0 of the ZTD deployment process completed successfully, and the global configuration is committed on the ACX router.

Verifying the IRB Interface Configuration

Purpose

Verify that the ACX router has its IRB interface configuration.

This occurred during Phase 1 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration interfaces irb command.

Meaning

Layer 3 IP routing is enabled on the IRB interface.

Verifying the Core-Facing Interface (NNI) Configuration

Purpose

Verify that the core-facing interface (NNI) of the ACX router is configured correctly.

This occurred during Phase 1 of the ZTD process.

Note

This example requires just the single NNI. However, the global configuration template and script used in this case were configured to provide two NNIs, thus both are verified here as enabled and configured.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration interfaces ge-1/2/0 and show configuration interfaces ge-1/2/1 commands.

Meaning

The NNI interfaces of the ACX router have been correctly configured, including a configuration group and management VLAN.

Note

A possible use case for the second interface is to allow another ACX router to connect to this one, creating a chain topology.

Verifying the Management Bridge Domain Configuration

Purpose

Verify that the management (OAM) bridge domain is configured to connect the ACX router to the aggregation segment.

This occurred during Phase 1 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration bridge-domains command.

Note

When verifying bridge domains on an ACX5000 Series router, use the show configuration vlans command.

Meaning

The NNIs and IRB interface are associated to the management bridge domain.

Verifying ACX Reachability to the Aggregation Router

Purpose

Verify that the ACX router has a default route to provide reachability to the aggregation router.

This occurred during Phase 1 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration routing-options command.

Meaning

The default route is configured, providing connectivity between the ACX router and aggregation router.

Verifying the VSTP and LLDP Configuration

Purpose

Verify that VSTP and LLDP are enabled on the core-facing (NNI) interfaces.

This occurred during Phase 1 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration protocols command.

Meaning

VSTP and LLDP are correctly configured and include the NNI interfaces.

Verifying the Junos OS Upgrade

Purpose

Verify that the Junos OS is upgraded to the recommended or production version on the ACX router.

This occurred during Phase 2 of the ZTD process.

Action

SSH to the ACX router. Enter operational mode and execute the show version command.

Meaning

Phase 2 of the ZTD deployment process completed successfully, and the Junos OS is upgraded to the desired version, in this case 15.1X54-D25.

Completing this step also indicates that the ZTD process is complete.