Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client

The phone-home client (PHC) enables the device or VM instance to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the device or VM instance to the network.

Prerequisites

PHC depends on the following software and utilities to operate:

  • Connectivity to redirect server and phone-home server (PHS)

  • DHCP client

    Note:

    DHCP-based ZTP is not supported on vSRX Virtual Firewall.

  • SLAX support for configuration commits

  • Python support

  • Curl support

  • Factory default configuration

  • Mechanism to retrieve device serial number

  • SHA1/MD5 utilities to verify software image

  • Basic utilities like GREP and AWK

Understanding the Phone-Home Client

PHC enables the device or VM instance to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the device to the network. When the device or VM instance first boots, PHC connects to a redirect server, which then redirects to PHS to get the configuration or software image.

Similar to DHCP-based ZTP, the device or VM instance must be in factory default state in order for PHC to provision the device. If the device is not in factory default state, you can issue the request system zeroize command to bring the device back to the factory default state.

Understanding the Redirect Server Configuration

By default, the factory default configuration includes the redirect server URL, which is https://redirect.juniper.net.

Understanding Interoperability Between the Phone-Home Client and DHCP-Based ZTP

To avoid conflicts between these two provisioning methods, the following steps are taken when the device or VM instance boots up:

Note:

DHCP-based ZTP is not supported on vSRX Virtual Firewall.
Note:

Provisioning does not start if the device is not in factory default mode. If the device is not in factory default mode, issue the request system zeroize command.
Note:

The request system zeroize command is not supported on vSRX Virtual Firewall.

  1. If the DHCP client receives either partial or complete DHCP options, PHC is terminated, and DHCP-based ZTP attempts to provision the device until it is successful.

  2. If the DHCP client does not receive DHCP options, PHC attempts to provision the device until it is successful.

    If PHC fails to connect to the redirect server, however, DHCP-based ZTP attempts to provision the device. Both provisioning methods attempt to provision the device until one method is successful.

Understanding the Phone-Home Client Process

The following steps take place when PHC is launched:

  1. PHC connects to the redirect server.

  2. The device or VM Instance downloads and installs the software image from PHS.

    If the software upgrade fails, the process starts over.

  3. The device or VM instance reboots, and PHC validates the installed software image when the device comes back online.

  4. The device or VM instance downloads the configuration.

  5. If a script (either pre-configuration script, post-configuration scripts, or both) was received as part of the configuration, the following happens:

    Note:

    PHC supports both Python and shell scripts.

    1. The pre-configuration script is executed.

    2. The configuration received from the redirect server is committed.

    3. The post-configuration script is executed.

  6. PHC sends a bootstrap-complete message to the PHS.

  7. PHC cleans up the downloaded resources.

  8. The existing phone-home configuration, along with any supporting configuration, is overwritten by the new configuration on the device or VM instance.

  9. If any of the above steps fail, the phone-home process starts over again from the beginning, and a bootstrap failure error message is sent to PHS.

Understanding the Configuration File Format for the Phone-Home Client

PHC supports XML as the file format for the configuration file.

For example, the configuration file format looks like this:

Currently, only the merge and override CLI commands are supported on configurations received by the PHC.

Understanding Pre-Configuration and Post-Configuration Scripts

You can include pre-configuration and post-configuration scripts on PHS in addition to, or instead of, using the Junos OS CLI. Embed the scripts in base64 encoded format. PHC extracts the encoded scripts from the bootstrap information received from PHS, decodes, and then runs the decoded scripts at the appropriate stages of provisioning.

Verifying that the Phone-Home Client Downloaded the Configuration and Software Image

To verify the progress of the phone-home process, you can view the notification.xml file on PHS.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
21.1R1
Starting in Junos OS Release 21.1R1, the phone-home client is supported on vSRX Virtual Firewall.