Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Software Installation and Upgrade

  • —Starting in Junos OS Evolved Release 22.4R1, you can use RFC-8572-based secure ZTP to bootstrap your remotely located network devices that are in a factory-default state. Secure ZTP enables mutual authentication between the bootstrap server and the network device before the remote network device is accessed for initiating zero-touch provisioning.

    To enable mutual authentication, you need a unique digital voucher, which is generated based on the DevID (Digital Device ID or Cryptographic Digital Identity) of the ntwork device. The DevID is embedded inside the Trusted Platform Module (TPM) 2.0 chip on the network device. Juniper Networks issues a digital voucher to customers for each eligible network device.

    [See Secure Zero Touch Provisioning and Generate Voucher Certificate.]

  • Support for outbound SSH service (QFX5130-32CD and QFX5700)—Starting in Junos OS Evolved Release 22.4R1, we support the outbound SSH service. You can use the restart service-deployment command to restart the Service Deployment System (SDX) process.

    [See outbound-ssh.]

  • Phone-home client (QFX5130-32CD and QFX5700)—Starting with Junos OS Evolved Release 22.4R1, you can use either the legacy DHCP-options-based zero-touch provisioning (ZTP) or the phone-home client (PHC) to provision software for the switch. If the switch boots up and receives DHCP options from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots, PHC connects to the pre-configured Juniper redirect server (redirect.juniper.net), which will redirect to a phone home server to get the configuration or software image.

    To initiate either DHCP-options-based ZTP or PHC, the switch must either be in a factory-default state, or you can issue the request system zeroize command. PHC allows these switches to be onboarded onto the Mist dashboard.

    [See Understanding the Phone-Home Client.]