Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Deploying ACX Routers Using the ZTD Push Method

 

This example demonstrates zero touch deployment (ZTD) and one touch deployment (OTD) of ACX routers using the Push method.

Requirements

This example uses the following hardware and software components:

  • Three MX240 routers

  • Five provisioned ACX2100 routers

  • One unboxed ACX2100 router

  • Configuration server with DHCP, TFTP, and FTP services enabled

  • Junos OS Release 15.1 and later

  • USB storage device

  • Junos Space Network Management Platform running Release 14.1 or later

The following elements from the ZTD Pull method are also required for the Push method:

  • Configuration server

  • Basic configuration template

  • Global configuration template

  • ZTD scripts

  • Aggregation routers

Note

For more details on these elements, see Example: Deploying ACX Routers Using the ZTD Pull Method.

For more details on the ZTD scripts, see ACX Deployment Scripts.

If you are deploying ACX routers using the OTD Push method, you must ensure Layer 3 connectivity between the ACX router, the DHCP server, and the Junos Space Platform. If you are using the OTD method with Layer 3 connectivity to the DHCP server, you do not need to enable DHCP relay functionality on the aggregation routers.

Overview

This example describes the tasks required to deploy new ACX routers in a service provider network while ensuring minimal involvement from the deployment technician and the MSP NOC personnel. At the end of this ZTD process, the ACX router can also be managed by Junos Space.

When the ZTD method is used, a basic configuration is automatically downloaded onto the ACX router through the autoinstallation feature. The event options in the basic configuration trigger the download and execution of the Phase 0 script, which in turn downloads and commits the global configuration to the ACX router.

Event options in the global configuration trigger the Phase 1 script, which creates a management VLAN (also known as the OAM VLAN) to enable a ZTD management plane. The global configuration also enables management access, software processes, system log preferences, and user authentication settings.

The global configuration template contains the URL to a configlet (initially generated by Junos Space) stored on the configuration server, named space_configlet.conf. The Phase 2 script downloads and commits the configlet on the ACX router, after which the router initiates a connection to, and is discovered by, Junos Space. After the discovery is successful, the device template associated with the ACX router is deployed and the Junos OS version is upgraded on the ACX router.

This example also describes the one touch deployment (OTD) method for scenarios where connectivity between the access nodes (ACX router) and aggregation router is provided through a third-party wholesale operator, and the new ACX router is not able to use DHCP to obtain location information for its home configuration server. In this scenario, some initial parameters must be loaded onto the ACX router manually. To do this, a configlet generated from Junos Space, which contains the connection parameters and Junos Space server configuration, is loaded onto the ACX router using a USB flash drive.

Topology

Figure 1 depicts a topology for ZTD of an ACX router using the Push method. The topology has three ACX routers in each access segment. The new ACX router being deployed in ACCESS SEGMENT 1 has its interface ge-1/2/0 connected to interface ge-1/2/0 on router Agg1 in the aggregation segment. Aggregation router Agg1 has an interface is connected to the provider edge router. The configuration server and Junos Space server are also connected to the provider edge router. The configuration server acts as a DHCP, TFTP, and FTP server, and hosts the configlets and scripts required to deploy the new ACX router.

Figure 1: Topology Diagram for Zero Touch Deployment By Using the Push Method
Topology Diagram for
Zero Touch Deployment By Using the Push Method

Configuration

To deploy ACX routers using the ZTD Push method, perform these tasks:

Creating Basic Configuration Files and a Global Configuration Template

CLI Quick Configuration

To create basic configuration files and a global configuration template, use the CLI samples provided in the Pull method configuration example at Example: Deploying ACX Routers Using the ZTD Pull Method.

Make the following modifications to the Pull method configuration templates as part of the preparation for the Push method:

  • Basic configuration file: in the group GR-ZTP, under the statement apply-macro CODE, replace the parameter INACTIVE "active" with INACTIVE "inactive". This deactivates the Junos image upgrade procedure as part of the Phase 2 script execution.

  • Global configuration file: in the group GR-ZTP-SCENARIOS, under the statement apply-macro SCENARIO-1, replace the parameter METHOD "pull" with METHOD "push".

Note

The configurations in this example include deployment-specific parameters such as MODE, root authentication, FTP URLs, server IP address, Junos OS version, configlet file name, and so on. Adjust these variables to suit your network environment.

Step-by-Step Procedure

Configuring DHCP, TFTP, and FTP Services on the Configuration Server

CLI Quick Configuration

To enable DHCP, TFTP, and FTP services on the configuration server, use the CLI samples provided in the Pull method configuration example at Example: Deploying ACX Routers Using the ZTD Pull Method.

Configuring Aggregation Routers

CLI Quick Configuration

To configure aggregation routers Agg1 and Agg2 for the ZTD process, use the CLI samples provided in the Pull method configuration example at Example: Deploying ACX Routers Using the ZTD Pull Method.

Step-by-Step Procedure

Creating a Device Template

Step-by-Step Procedure

To use the Junos Space Network Management Platform to create a device template:

  1. Log in to Junos Space and click the Device Templates workspace.
  2. Click Template Definitions and create a template definition.
  3. Click Templates and create a device template using the template definition.

    The following display indicates a device template created to load the production configuration for the ACX router.

Uploading Junos OS Images

Step-by-Step Procedure

The Push method can include upgrading the Junos OS to a recommended image through Junos Space.

To import the recommended version of Junos OS image to Junos Space Platform:

  1. In Junos Space, select Images and Scripts > Images.

    The Images page is displayed.

  2. Click the Import Image icon.

    The Import Images dialog box appears.

  3. Click Browse.

    The File Upload dialog box displays the directories and folders on your local file system.

  4. Navigate to the device image file that you want to import and click Open.
  5. Click Upload in the Import Images dialog box.

    Once the file is imported to the Junos Space server, it is listed on the Images page. You can associate the image to the ACX router when you create the modeled instance.

    The following display shows the recommended Junos OS version uploaded and available in Junos Space.

Creating a Connection Profile

Step-by-Step Procedure

A connection profile specifies connectivity-related parameters for devices added to Junos Space using the Modeling devices feature. A connection profile contains device interface details, the NAT configuration details for Junos Space, and the protocol used to assign IP addresses to devices.

To create a connection profile:

  1. In Junos Space, select Devices > Model Devices > Connection Profiles.

    The Connection Profiles page is displayed.

  2. Click the Create Connection Profile icon on the Actions menu.

    The Create Connection Profile page is displayed.

  3. Create a connection profile by specifying the following details:
    • Profile Name

    • Interface Type (Ethernet or ADSL)

    • Interface (Specify the ACX router interface that will be connected to the network)

    • IP Assignment via (for Ethernet: Static, DHCP, or PPPoE)

    • Attempts

    • Interval

    • DHCP Server Address

    • Lease Time

    The following display indicates sample settings to create a connection profile.

  4. Click Create.

    The connection profile is created.

Creating a Modeled Instance

Step-by-Step Procedure

A modeled instance allows you associate a list of devices with a common set of connectivity parameters. To make it easier to add large numbers of devices, you can upload a CSV file to Junos Space. The CSV file should list each device on its own line, using the format <ID>,<serial-number>,<device-type>.

Note

The Create Modeled Instance page includes a sample CSV file.

To create a modeled instance to deploy the ACX routers:

  1. In Junos Space, select Devices > Device Management > Model Devices.

    The Model Devices page is displayed.

  2. Click the Create Modeled Instance icon on the Actions menu.

    The Create Modeled Instance page is displayed.

  3. Create a modeled instance by specifying the following details:
    • Name

    • Discovery Type (Add Manually or Upload CSV)

    • Template Association (Associate the device template created earlier)

    • Image Upgrade/Downgrade

    • Specify the following options in the Activate Now section:

      • Username (Account on ACX router, in this case user)

      • Password

      • Confirm Password

      • Serial Number Validation

      • Connection Profile (Associate the connection profile created earlier)

      • Configuration Update

    The following display indicates sample settings to create a modeled instance.

  4. Click Next.

    The Create Modeled Instance page displays the device instance of the ACX routers.

  5. (Optional) Modify the default hostname, platform, IP address, and gateway details on a per-device basis.
  6. Click Finish.

    The modeled instance is created. You are redirected to the Model Devices page.

    The instances of the ACX router display the Connection Status as Down and Managed Status as Waiting for Deployment in the Device Management page.

Adding the Configlet file to the Configuration Server

Step-by-Step Procedure

At the end of Phase 2 of the ZTD process, a configlet file is used to start a device-initiated connection to Junos Space. This configlet file is created on the Junos Space server, but must be added to the configuration server.

To add the configlet to the configuration server:

  1. In Junos Space, select Devices > Model Devices.

    The Model Devices page is displayed.

  2. Select the modeled instance whose configlet you want to download, and select Download Configlet from the Actions menu.

    The Download Configlet page is displayed.

  3. Transfer the configlet to the configuration server by specifying the following details:
    • Configlet Type (CLI )

    • Encryption (AES or Plain Text)

    • Save (None - download to your computer)

    The following display indicates sample settings to save the configlet.

  4. Click Download.

    The Configlets.zip file is downloaded to your local computer.

  5. Rename the configlet as a configuration file, space_configlet.conf.
  6. Open the file with a text editor and remove the interface configuration from the configlet.
  7. Upload the configlet file to the configuration repository of the FTP server.

Deploying the ACX Router

Step-by-Step Procedure

To deploy the ACX router:

  1. Unpack the ACX router, power it on, and connect the designated interface to the network.

    For this example, the new the ACX2100 router uses interface ge-1/2/0.

    Once the router boots up, the autoinstallation function of the ACX router communicates with the DHCP server, acquires an initial IP address, downloads and commits the basic configuration template, and proceeds to use the ZTD scripts to setup the device, as follows:

    • When the basic configuration is committed to the ACX router, the event options in the basic configuration trigger the execution of the ZTD Phase 0 script. This script downloads and commits the global configuration.

    • When the global configuration is committed to the ACX router, the event options in the global configuration trigger the execution of the ZTD Phase 1 script. The ZTD Phase 1 script creates a management (OAM) VLAN to enable a ZTD management plane through the access and aggregation segments.

    • The global configuration also triggers the execution of the ZTD Phase 2 script. The ZTD Phase 2 script commits the router-specific configuration, validates and upgrades the Junos OS to the recommended version, and commits the production configuration from Junos Space to the ACX router.

    Note

    The ZTD scripts can be found in the section ACX Deployment Scripts.

  2. Verify that the ACX router has its full and proper configuration using the verification steps in the section Verification.

Deploying ACX Routers Using the One Touch Deployment (OTD) Push Method

If you are deploying ACX routers using the OTD Push method, perform these additional tasks:

Creating a Configlet USB

Step-by-Step Procedure

With the OTD Push method, the ACX router is activated by connecting a USB device and installing a configlet, which enables the device to initiate a connection to Junos Space.

To download the configlet to a USB drive:

  1. In Junos Space, select Devices > Model Devices.

    The Model Devices page is displayed.

  2. Select the modeled instance whose configlet you want to download, and select Download Configlet from the Actions menu.

    The Download Configlet page is displayed.

  3. Specify the following details to download the configlet:
    • Configlet Type (CLI)

    • Encryption (AES)

    • Save (None, to download the file to your local computer)

  4. Click Download.

    The Configlets.zip file is downloaded to your local computer.

  5. Unzip the .ZIP file and copy the configlet to the USB device.

    The following is a sample of a DHCP static configlet for OTD, generated by the Junos Space Platform:

Deploying the ACX Router

Step-by-Step Procedure

To deploy the ACX router:

  1. Unpack the ACX router, power it on, and connect the interface specified in the connection profile to the network.
  2. Plug the USB device into the USB port on the ACX router.
  3. Reboot the ACX router.

    A persistent SSH connection is established with the Junos Space Platform.

  4. Verify that the ACX router has its full and proper configuration using the verification steps in the section Verification.

Verification

Use the following procedures to verify the deployment of ACX routers during the Push method:

Note

To verify the basic configuration, global configuration, configuration through scripts, and Junos OS upgrades, it is helpful to be connected to a system log server to receive notifications about the execution of scripts, configuration downloads, and so on, as they happen. As you receive appropriate notifications, you can then further verify the configuration downloads and Junos OS upgrades by establishing an SSH connection to the ACX router and using the verification steps below.

Verifying the Progress of the ZTD Process

Purpose

Verify the progress of the ZTD process and verify the basic configuration, global configuration, configuration through scripts, and Junos OS upgrades.

Note

This step can be used in conjunction with the appropriate verification procedures below, depending on the stage of the ZTD process.

The monitor start command allows you to view entries being added to a log file in real-time. In this example, the ZTD process is logged to the file op-script.log. You can use this method to monitor the ZTD process as it is happening.

Immediately after the basic configuration is applied, you should be able to gain access to the ACX router using SSH and the initial IP address provided by DHCP server. Note that as the process moves forward, your session will be broken a few times, as the initial IP address is reconfigured to a permanent IP address, and the router reboots to complete its OS upgrade.

If the process has an issue at any point, you will be able to review the log file generated by script and identify what went wrong.

Note

While not typical, if you happen to have console access to the ACX router, you can use this method to monitor the process and read ZTD log file in real-time, without interruption.

Action

SSH to the ACX router. Enter configuration mode and execute the monitor start op-script.log command.

Meaning

The output confirms that the installation process worked correctly, and the ZTP script phases completed successfully.

Verifying the Basic Configuration on the ACX Router

Purpose

Verify that the basic configuration is downloaded and committed on the ACX router.

This occurred during Phase 0 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration command.

Meaning

Phase 0 of the ZTD deployment process was successfully initiated. and the basic configuration was downloaded and committed on the ACX router.

Verifying the Global Configuration on the ACX Router

Purpose

Verify that the global configuration is downloaded and committed on the ACX router.

This occurred during Phase 0 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration command.

Meaning

Phase 0 of the ZTD deployment process completed successfully, and the global configuration is committed on the ACX router.

Verifying the IRB Interface Configuration

Purpose

Verify that the ACX router has its IRB interface configuration.

This occurred during Phase 1 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration interfaces irb command.

Meaning

The IRB interface is configured with the IP address provided by DHCP server, and Layer 3 IP routing is enabled on the IRB interface.

Verifying the Core-Facing Interface (NNI) Configuration

Purpose

Verify that the core-facing interface (NNI) of the ACX router is configured correctly.

This occurred during Phase 1 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

This example requires just the single NNI. However, the global configuration template and script used in this case were configured to provide two NNIs, thus both are verified here as enabled and configured.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration interfaces ge-1/2/0 and show configuration interfaces ge-1/2/1 commands.

Meaning

The NNI interfaces of the ACX router have been correctly configured, including a configuration group and management VLAN.

Note

A possible use case for the second interface is to allow another ACX router to connect to this one, creating a chain topology.

Verifying the Management Bridge Domain Configuration

Purpose

Verify that the OAM bridge domain is configured to connect the access and aggregation segments.

This occurred during Phase 1 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration bridge-domains command.

Note

When verifying bridge domains on an ACX5000 Series router, use the show configuration vlans command.

Meaning

The NNIs and IRB interface are associated to the management bridge domain.

Verifying ACX Reachability to the Aggregation Router

Purpose

Verify that the ACX router has a default route to provide reachability to the aggregation router.

This occurred during Phase 1 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration routing-options command.

Meaning

The default route is configured, providing connectivity between the ACX router and aggregation router.

Verifying the VSTP and LLDP Configuration

Purpose

Verify that VSTP and LLDP are enabled on the core-facing (NNI) interfaces.

This occurred during Phase 1 of the ZTD process.

Note

This procedure is required to verify only zero touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show configuration protocols command.

Meaning

VSTP and LLDP are correctly configured and include the NNI interfaces.

Verifying the Junos OS Upgrade

Purpose

Verify that the Junos OS is upgraded to the recommended or production version on the ACX router once the ACX router is discovered by Junos Space.

Note

This procedure is required to verify both zero touch deployment and one touch deployment.

Action

SSH to the ACX router. Enter operational mode and execute the show version command.

Meaning

The ZTD process is complete and the Junos OS is upgraded to the desired version, in this case 15.1X54-D25.

Verifying the Device Template Deployment from Junos Space

Purpose

Verify that the device template is deployed on the ACX router.

Note

This procedure is required to verify only one touch deployment.

Action

  1. in Junos Space, navigate to Devices > Device Management.

  2. Find the appropriate device in the list and verify that the Managed Status column indicates In Sync.

    The following display shows devices and their management status.

    Figure 2: Device Management Page
    Device Management Page
  3. Additionally, you can SSH to the ACX router, enter operational mode, and execute the show configuration command to verify that the ACX router has the correct configuration.

Meaning

The Device Management page indicates that the Managed Status of the new ACX router In Sync, confirming the device template was successfully deployed to the ACX router.