Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Post-Agent Install

Pristine Configuration

When you install an onbox agent on a device (or an offbox agent on the server), the device connects and registers with Juniper Apstra in the Quarantined state. Depending on the vendor and agent type, Juniper Apstra applies partial configuration to the pre-Apstra configuration. This configuration is called Pristine configuration. Pristine configuration is the basis for all subsequent device configuration.

If the enable_push_quarantine_config variable is enabled in the aos.conf file, the following changes are made to devices:

  • All fabric ports are shut down when a device is onboarded.

The Pristine configuration is not validated; it is accepted by Juniper Apstra without inspection. Validation is implicit for this configuration because Apstra assumes the pristine configuration is correct and we are importing it from the device. Note that errors in the Pristine configuration might cause significant problems on the device's lifecycle.

Note:

When you install an agent on a device, any configuration that was already there becomes part of the Pristine Config, which means it's included in the device's entire configuration lifecycle. Any corrections that you make will be service-impacting.

Items that are usually set in the pristine configuration include:

  • Banner
  • Tacacs AAA settings
  • TCAM settings
  • Logging settings
  • Other configuration to enable 3rd party monitoring.

The Pristine configuration is also used for all Full configuration pushes from Apstra. Apstra combines the Pristine configuration and the Apstra-generated configuration to create a Full configuration that is deployed to the switch.

Before the Apstra 4.2 release, adding a new configuration item to the Pristine config after a device is in operation, (day2 operations) required the device to be removed from the Apstra System and re-imported. In the AOS 4.2 and subsequent releases, changes to the pristine configuration can be done while a switch is in the Blueprint.

Discovery-1 (Acknowledge Device)

When you acknowledge a device, you're putting it in the Ready state and acknowledging it in the Apstra UI. This acknowledgment signals to Apstra that you want Apstra to manage the device. As a result, Apstra adds a minimal base configuration (Discovery-1) to the Pristine config. This base config, or Discovery-1, is essential to Apstra agent operation and applies a complete configuration (Full config push), which overwrites all exisiting configuration to ensure config integrity. This config push does the following:

  • All interfaces are rendered with interface speeds for the assigned device profile

  • All interfaces are no shutdown to allow you to view LLDP neighbor information

  • All interfaces are moved to L3 mode (default) to prevent the device from participating in the fabric.

    Note:

    Devices that have been acknowledged cannot simply be deleted. Since the device would still have an active agent installed, the devices would re-appear within seconds. To remove a device from Apstra management, see Remove (Decommission) Device from Managed Devices for the complete workflow.