Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Paragon Automation Getting Started

Ready. Set. Let’s go!

This guide explains the high-level tasks that you can perform after you log in to the Paragon Automation GUI. The Paragon Automation suite consists of the following applications:

  • Paragon Pathfinder (formerly NorthStar Controller)
  • Paragon Insights (formerly HealthBot)
  • Paragon Planner (formerly NorthStar Planner)
  • Anuta Networks ATOM
  • Paragon Active Assurance (formerly Netrounds)
    Note:
    • To access Anuta ATOM from Paragon Automation, you must first integrate ATOM with Paragon Automation. See Get Started with ATOM.
    • Currently, Paragon Active Assurance features are not accessible from the Paragon Automation GUI, because Active Assurance is not yet integrated with Paragon Automation. You can access the documentation on the Paragon Active Assurance TechLibrary page.

Access Paragon Automation and Set Up Licenses

Before you use the Paragon Automation applications:

  1. Log in to the Paragon Automation GUI by using the web application URL (or the ingress controller virtual IP [VIP] address) and the credentials that your Paragon Automation administrator provided. If you're logging in for the first time, the GUI prompts you to change the password.

    For details, see Access the Paragon Automation GUI in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

    Note:

    For information on the default username and password after installation, see the Log in to the Paragon Automation UI section of the Paragon Automation Installation Guide (located in the Set Up section of the Paragon Automation Documentation page).

  2. To use Paragon Insights, Paragon Pathfinder, and Paragon Planner, you must install the necessary licenses on the License Management page (Administration > License Management).

    For more information, see About the License Management Page in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

    Note:
    • If you do not install the licenses, then some menu items in the Paragon Automation menu are not displayed.

    • If you have a license key that was generated for a version of Paragon Automation earlier than Release 22.1 you must upgrade the license key format to the new format before you can install it in Paragon Automaton Release 23.1. You can generate a new license key by using the Juniper Agile Licensing portal. For details, see View, Add, or Delete Licenses in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

Add and Configure Devices

  1. Add or discover the devices that you want Paragon Automation to monitor and manage:
    1. On the Devices page (Configuration > Devices), click the Add (+) icon.

      The Add Devices page appears.

      Note:

      You can either discover devices already active in your network (Discover Devices option) or add new devices by using Zero Touch Provisioning (ZTP) (Add New Devices option). In this guide, we'll cover the discovery of active devices.

      For details on how to add new devices, see Add Devices in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

    2. Check that the Discover Devices option is highlighted.
    3. You can either enter device details manually or import the device details from a comma-separated values (CSV) file:
      • To enter the device details manually, select Enter Manually, which is the default. Go to Step 1.d.
      • To enter the device details using a CSV file:
        1. Select Import From File, and click Browse.
          Tip:

          Click the Download Sample CSV File link to download a sample CSV and use the sample file to create your own CSV file.

        2. In the File Upload dialog box, select the CSV file to upload, and click Open.

          Paragon Automation parses the file and displays the device details in one or more Targets and Credentials sections.

        3. (Optional) Confirm that the device details and credentials were imported correctly.

          Go to Step 1.h.

    4. Click the Managed Status toggle button to specify whether the device is managed or unmanaged:
      Note:

      Paragon Automation supports Juniper Networks, Cisco IOS XR, and Nokia devices. For a complete list of supported devices, see Supported Devices and OS Versions in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

      • Managed: Indicates that Paragon Automation can discover the device, configure and monitor the device, and perform device operations (such as rebooting and pushing configurations to the device). This is the default option.
      • Unmanaged: Indicates that Paragon Automation cannot discover the device by using NETCONF.
    5. In the Hostname / IP Targets field, enter the hostnames or IP addresses of the devices that you want Paragon Automation to discover.

      You can enter multiple hostnames or IP addresses by typing each entry and then pressing Enter.

    6. (Optional) You can also select devices from the list of devices discovered by Paragon Pathfinder (using BGP-LS):
      Note:

      For a device to be discovered by Paragon Automation by using BGP-LS, the IP addresses of the device must be routable from Paragon Pathfinder and NETCONF must be enabled on the device.

      • Click the Add targets from topology to this list link.

        The Add Topology Targets page appears.

      • Select the check boxes corresponding to the devices that you want to add, and click Add.

        You are returned to the Add Devices page. The IP addresses of the devices that you added appear in the Hostname / IP Targets field.

    7. In the Device Credentials field, enter the username and password.
      Note:

      For Junos OS devices, we recommend that you use a non-root account with super user permissions. Ensure that you configure this account on each device that you discover or add.

    8. Click OK.

      Paragon Automation triggers a device discovery job and displays a confirmation message with a link to the job. You are returned to the Devices page.

    9. (Optional) Click the job ID link on the confirmation message (or on the Jobs page [Monitor > Jobs]) to open the Job Status page, where you can monitor the status of the device discovery.
    10. After the job finishes, go to the Devices page and verify that the devices are discovered correctly.
      Note:
      • For managed devices, the Management Status should be Up, indicating that Paragon Automation established a connection with the device. In addition, the Sync Status should be In Sync, indicating that the configuration and the inventory data in Paragon Automation and on the device are in sync.
      • For unmanaged devices, the Management Status should be Unmanaged, and the Sync Status should be Unknown. The Sync Status Unknown indicates that Paragon Automation added the device to its database, but that no NETCONF session was created to synchronize the configuration and the status.
  2. Edit the device profile for each device that you added and configure the fields related to Path Computation Element (PCE) protocol (PCEP), NETCONF, and (optionally) parameters related to telemetry.
    Note:

    These configurations will be used by Paragon Pathfinder and Paragon Insights.

    1. On the Devices page (Configuration > Devices), select the device, and click the Edit (pencil) icon.

      The Edit Device-Name page appears.

    2. Configure the parameters related to PCEP in the Protocols > PCEP section.
      • Specify which PCEP version to use from the Version list:
        • Select Non-RFC, which is the default option, to run in non-RFC 8231/8281 compliance mode.

          You can use this option for devices running Junos OS versions 15.x through versions 19.x.

        • Select RFC Compliant to run in RFC 8231/8281 compliance mode. You can use this option for any vendor's devices that conform to RFC 8231/8281. For example, Juniper devices running Junos OS versions 19.x and later.
        • Select 3rd party PCC for older versions of Cisco devices.
      • In the IP Address field, enter the IP address used by the device to connect to Paragon Automation for managing LSPs.
    3. Configure the NETCONF parameters in the Protocols > Netconf section.
      • Enabled: Click the toggle button to enable NETCONF on the device.
      • Bulk Commit: Click the toggle button to enable NETCONF bulk commit. If you enable bulk commit, you can provision multiple LSPs in a single commit instead of using multiple commits.
        Note:
        • When you use point to multipoint (P2MP) LSPs on Juniper devices, you must enable bulk commit to enable support for P2MP LSP provisioning on the devices.
        • In other cases, enabling bulk commit is optional, and you can use bulk commit if you want to improve provisioning efficiency.
      • iAgent/Netconf Port: Enter the port number (on the device) to be used for NETCONF. This port should not be used for any other service.

        The default port number is 830 for Juniper Networks devices and 22 for other devices.

    4. (Optional) If you want Pathfinder to receive telemetry data from devices, configure the system identifier (for Junos Telemetry Interface [JTI]) and the management IP address in the Device ID Details section.
      Note:

      For the JTI system identifier, use the format device-host-name:jti-ip-address, where:

      • device-host-name is the hostname of the device.
      • jti-ip-address is the IP address (local-address statement) that is configured for the export profile in Junos OS.
    5. Click OK to save your changes.

    For details, see Edit Devices in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

Get Started with Paragon Pathfinder

  1. Add the devices to the controller device group:
    1. On the Device Group Configuration page (Configuration > Device Groups), select the controller device group, and click the Edit (pencil) icon.

      The Edit Device Group page appears.

    2. In the Devices field, select the devices that Paragon Automation previously discovered, and then save and deploy the changes.

    For details, see Edit a Device Group in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  2. Run the device collection task in one of the following ways:
    • From the Administration menu:
      1. On the Task Scheduler page (Administration > Task Scheduler), click the Add (+) icon.

        The Create New Task wizard appears.

      2. In Step 1 of the wizard, specify the following and click Next.
        • In the Name field, enter a name for the task.
        • From the Task Group list, select Collection Tasks.
        • From the Task Type list, select Device Collection.
      3. In Step 2 of the wizard, select the devices that you want to include in device collection, specify the task and collection options, and click Next.
      4. In Step 3 of the wizard, specify the schedule and recurrence for the task.
      5. Click Submit.

        The device collection task is added. You're returned to the Task Scheduler page.

        For details, see Add a Device Collection Task in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

    • From the Network menu:
      1. On the Topology page (Network > Topology), select the check boxes corresponding to the devices for which you want to run device collection.
      2. From the More list, select Run Device Collection.

        For details, see Add a Device Collection Task in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  3. Configure topology acquisition as follows:
    1. Enable MPLS, RSVP, and the interior gateway protocol (IGP) (IS-IS or OSPF) traffic engineering using the sample configurations provided:
      • Enable MPLS:
      • Configure a routing policy:
      • Enable RSVP:
      • Enable IS-IS:
      • Enable OSPF:

      For more information, see the Paragon Automation Installation Guide (located in the Set Up section of the Paragon Automation Documentation page).

    2. Enable BGP-LS on the devices, as shown in the following sample configuration:

      For more information on options to configure BGP-LS and additional details, see the Install Paragon Automation section of the Install Multi-Node Cluster on Ubuntu or the Install Multi-Node Cluster on CentOS topics in the Paragon Automation Installation Guide.

    3. (Optional) Configure BGP-LS peers in Paragon Automation.
      Note:

      You need to perform this step only if you want to change the BGP-LS peers that you configured during the Paragon Automation installation process.

      Paragon Automation uses the Junos OS containerized routing protocol process (daemon) (cRPD) to establish BGP-LS sessions with devices in the network for topology acquisition. The cRPD container is part of the BGP Monitoring Protocol (BMP) pod running on one of the Paragon Automation worker nodes

      As part of the Paragon Automation installation, you configure the IP addresses of one or more BGP-LS peers and the autonomous system to which they belong. This information is added to the cRPD configuration automatically. If you need to modify this configuration, you can do it one of the following ways:

      Note:

      The following steps are provided at a high-level. For details, see the Modify cRPD Configuration section of the Install Multi-Node Cluster on Ubuntu or the Install Multi-Node Cluster on CentOS topics in Paragon Automation Installation Guide.

      • Modify the BMP configuration file as follows:
        1. Open the BGP Monitoring Protocol (BMP) configuration file in an editor.
          Note:

          The BMP configuration file (kube-cfg.yml) is located in the /etc/kubernetes/po/bmp/ directory on the Paragon Automation primary node. For information on how to access the primary node, see the Paragon Automation Installation Guide (located in the Set Up section of the Paragon Automation Documentation page).

        2. Make the configuration changes (for example, add the device IP addresses) to the BMP configuration file.
        3. Apply the modified configuration file.
        4. Connect to the cRPD container, and verify that the configuration changes are applied.
      • To connect to cRPD and edit the configuration:
        1. Connect to the cRPD container and enter configuration mode.
        2. (Optional) View the current BGP configuration and the autonomous system number.
        3. Modify the autonomous system number.
        4. Add a new neighbor.
        5. Commit the configuration changes.
    4. Verify the status of the BGP-LS sessions in one of the following ways:
      • Use the CLI on the router. For Juniper devices, run the show bgp summary command.
      • Connect to the cRPD container, and run the show bgp summary command.
    5. Verify that the BGP-LS routes are being advertised on the device, and that the routes are received by Paragon Automation. You can do this in one of the following ways:
      • Use the CLI on the router. For Juniper devices, run the show route advertising-protocol bgp ip-address-worker-node-cRPD command, where ip-address-worker-node-cRPD is the IP address of the Paragon Automation worker node on which cRPD is running.
      • Connect to the cRPD container and run the show route receive-protocol bgp bgp-ls-peer-address hidden command, where bgp-ls-peer-address is the IP address of the router that is sending the route advertisements to cRPD.
        Note:

        In cRPD, the routes are hidden because the next hop cannot be resolved. This is not a concern because cRPD will never be a part of the forwarding path and the BGP decision process is not used for path calculations. The topology information collected is passed on to the Paragon Automation topology server using BMP. The Path Computation Server (PCS) then uses this information to perform the path calculations.

  4. Verify that the network topology is discovered, and that the topology is displayed in the Paragon Automation GUI. On the Topology page (Network > Topology):
    1. Check that the devices are displayed (with a router icon) on the topology map.
    2. On the Node tab (of the Network Information table), verify that the Type, IP Address, and Management IP (address) are displayed for each device.
  5. For LSP management, configure PCEP and NETCONF on each device:
    1. Configure PCEP on the device using the following sample configuration:

      where pce1 is the unique PCE identifier, and Paragon-PCEP-Address is the virtual IP address of the Pathfinder PCE server configured during the Paragon Automation installation process.

    2. Ensure that you enable NETCONF:
      • In the device profiles in Paragon Automation, as explained in Add and Configure Devices.
      • On the routers. On Juniper routers, you can enable NETCONF by using the following commands:
    3. Verify that PCEP and NETCONF sessions are established on the device. On Juniper devices, you can verify this by running the following commands:
  6. On the Node tab (of the Network Information table), for each device, verify that the PCEP Status and NETCONF Status fields display Up.
  7. Provision LSPs from the Tunnel tab of the Network Information table (on the Topology page).

    For more information, see Add a Single LSP, Add Diverse LSPs, and Add Multiple LSPs in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

Get Started with Paragon Insights

Figure 1 provides a high-level overview of the following concepts in Paragon Insights:

  • How devices and device groups are related.
  • How rules and playbooks are related.
  • How devices and device groups, and rules and playbooks are associated with each other.

For more information, see the chapters on rules and playbooks in the Paragon Automation User Guide.

Figure 1: Understand Devices and Device Groups, and Rules and Playbooks in Paragon Insights Understand Devices and Device Groups, and Rules and Playbooks in Paragon Insights

To get started with Paragon Insights:

  1. Configure the devices that you're monitoring using Paragon Insights to stream telemetry data.

    For details, see Network Device Requirements in the Paragon Insights Installation Guide (located in the Set Up > Get Started section of the Paragon Insights Documentation page).

  2. Add the devices to a device group:
    1. On the Device Group Configuration page (Configuration > Device Groups), click the Add (+) icon.

      The Add Device Group page appears.

    2. Configure the fields to add a device group, and include the devices that Paragon Automation previously discovered to the device group.

      For details, see Add a Device Group in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  3. (Optional) Review the pre-existing rules and playbooks.

    If required, you can:

    • Upload predefined rules, predefined playbooks, or both. You can download predefined rules and playbooks from the Paragon Insights GitHub repository.
    • Create rules, playbooks, or both.

    For details, see the Playbooks and Rules chapters of the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  4. Apply one or more playbooks to the device group:
    1. On the Playbooks page (Configuration > Playbooks), click the paper airplane icon corresponding to the playbook that you want to apply.

      The Run Playbook: Playbook-Name page appears.

    2. Enter the name of the playbook instance.
    3. Select the device group to which you want to apply the playbook.
    4. (Optional) Enter the variables.
    5. (Optional) Choose the schedule at which you want the playbook to run.
    6. Click Save & Deploy.

      After a few seconds, Paragon Insights runs the playbook instance.

    7. Click the deployment status icon (on the Paragon Automation banner) to verify that the deployment was successful.

    For more information, see Manage Playbook Instances in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  5. After the playbook instances have finished running, access the Network Health page (Monitoring > Network Health), and select the device group for which you want to monitor the health.
Tip:

Paragon Insights allows you to define entities called resources, which are used for root cause analysis (RCA) and for generating smart alerts. You can define resources at the network element level or at the network level. You can then configure resource properties, map a resource to Paragon Insights rules, and configure dependencies between resources. Paragon Insights then automatically identifies the resources that need to be discovered and maps the dependencies between the resource instances.

For details, see Understand Resources and Dependencies in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

Get Started with Paragon Planner

  1. If you haven't previously run a device collection task, which enables Pathfinder to obtain the configuration of network devices, run the task as explained in Step 2 (of Get Started with Paragon Pathfinder).
  2. Use Paragon Pathfinder to create an archive directly from the live network.

    For details, see Add a Network Archive Task in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  3. Access the Paragon Planner Desktop application:
    1. Ensure that the client PC from which you access the Paragon Planner desktop application has the following installed:
    2. Access the Paragon Planner desktop application by:
      1. Downloading the Java Network Launch Protocol (JNLP) file by using the Paragon Automation GUI.
      2. Using the JNLP file to launch the Paragon Planner desktop application.
      3. Logging in using your Paragon Planner credentials.

      For details, see Access Paragon Planner Desktop Application in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  4. Open or import one of the archives and device collections created in Pathfinder to create a network model for Planner.
  5. Use the network model to run simulations in Paragon Planner.

For information about the tasks you can accomplish by using Paragon Planner, see the Paragon Planner Desktop Application User Guide (located in the Manage section of the Paragon Automation Documentation page).

Get Started with ATOM

Because ATOM is a separate application, you must perform the following steps to integrate ATOM with Paragon Automation:

  1. Configure the Paragon Automation portal IP address in the Paragon Automation GUI:
    1. Select Administration > Authentication > Portal Settings from the Paragon Automation menu.

      The Portal Settings page appears.

    2. In the Portal URL field, modify the URL to access the Paragon Automation GUI. You can use one of the following formats:
      • https://hostname.domain-name, where:
        • hostname is hostname of the server on which Paragon Automation was installed.
        • domain-name is the domain assigned to the server.

        For example, https://paragon.example.com/

      • https://server-ipv4-address

        Where server-ipv4-address is the IPv4 address of the server on which Paragon Automation was installed.

    3. Click Save.

      A message indicating that the Paragon Automation portal URL was updated successfully appears.

    For details, see Configure Portal Settings in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).
  2. To enable ATOM users to use single sign-on (SSO) to log in to the Paragon Automation GUI, you must register Paragon Automation as a client in Keycloak. ATOM uses Keycloak to authenticate users.
    Note:

    Ensure that you have the following information before registering Paragon Automation as a client with Keycloak:

    • IPv4 address of the ATOM Keycloak server
    • URL to access the Paragon Automation GUI, as explained in Step 1.b.
    • IPv4 address of the ATOM primary node
    • Username and password to log in to the ATOM primary node

    For details, see Register Paragon Automation with Keycloak in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  3. To enable SSO, you must add Anuta ATOM as an identity provider in Paragon Automation:
    Note:

    Before you add ATOM as an identity provider, ensure that you obtain the following:

    • The issuer URL, which is URL for the authentication server of the identity provider. You can obtain the URL from the OpenID Connect configuration values by using an API to query the authentication provider's well-known configuration endpoint.

      For example, you can use the URL-based API https://atom-keycloak-ipv4-address/.well-known/openid-configuration to obtain the issuer URL. Here, atom-keycloak-ipv4-address is the IPv4 address of the ATOM server on which Keycloak is installed.

    • The client ID and client secret, which are available after you register paragon-automation as a client in Keycloak in Step 2.
    1. On the Identity Providers page (Administration > Authentication > Identity Providers), click Add Identity Provider if you're adding an identity provider for the first time; otherwise, click the Add (+) icon.

      The Add Identity Provider page appears.

    2. Select OpenIDConnect as type of the identity provider, enter the name, and specify the other parameters.
    3. Click OK.

      A confirmation message appears indicating that the identity provider is added successfully. You're returned to the Identity Providers page.

    For details, see Add Anuta ATOM as an Identity Provider in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

  4. Add Anuta ATOM as an external element management system (EMS) application:
    1. On the External EMS page (Administration > External EMS), click the Add (+) icon.

      The Add External EMS page appears.

    2. Specify the following:
      • From the Type list, select ATOM.
      • In the Server Address field, specify the IPv4 address to access the ATOM UI as follows:
        • For a non-high availability (non-HA) setup, enter the IPv4 address that was configured for the ATOM primary node.
        • For a high availability (HA) setup, enter the virtual IPv4 address that was configured.
      • In the Username and Password fields, username and password for accessing ATOM, which were configured during the ATOM installation.
      • In the Parameters field, specify the following parameters:
        Note:

        The client ID and client secret values are available after you register paragon-automation as a client in Keycloak in Step 2.

        • client_id
        • client_secret
        • port (and value 443), which is the port that Paragon Automation uses to connect to Keycloak. (Port 443 is applicable to ATOM version 11.0 or later.)
    3. Click OK.

      A message indicating whether the external EMS application was successfully added or not is displayed.

    For details, see Add Anuta ATOM as an External EMS Application in the Paragon Automation User Guide (located in the Manage section of the Paragon Automation Documentation page).

After you perform the preceding steps, Anuta ATOM users can sign in to Paragon Automation by using their Anuta ATOM credentials.

For more information about Anuta ATOM, see the Anuta ATOM Documentation page.