Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Step 2: Up and Running

Onboard Devices

Onboard the devices that you want Paragon Automation to monitor and manage. You can either discover devices already active in your network (Discover Devices option) or add new devices by using Zero Touch Provisioning (ZTP) (Add New Devices option). For information on ZTP, see Zero-Touch Provisioning Overview.

Paragon Automation supports Juniper Networks, Cisco IOS XR, and Nokia devices. For a complete list of supported devices, see Supported Devices. For new Juniper devices, follow the instructions in the hardware documentation to unbox the device, mount it on a rack, and power on the device. For details about installing a device, see the device's Hardware Guide on the TechLibrary or the device’s Quick Start Guide. Search for the device in the search box provided or navigate to Routing > View More, Switching > View More, or Security > View More.

Use one of the following sequence of steps to onboard your devices:

Discover Devices

To onboard devices already active in your network.

  1. On the Devices page (Configuration > Devices), click the Add (+) icon.

    The Add Devices page appears.

  2. Select the Discover Devices option, which is highlighted by default, to discover devices already active in your network.
  3. You can either enter device details manually or import the device details from a comma-separated values (CSV) file:
    • To enter the device details manually, select Enter Manually, which is the default. Go to Step 4.
    • To enter the device details using a CSV file:
      1. Select Import From File, and click Browse.
        Tip:

        Click the Download Sample CSV File link to download a sample CSV and use the sample file to create your own CSV file.

      2. In the File Upload dialog box, select the CSV file to upload, and click Open.

        Paragon Automation parses the file and displays the device details in one or more Targets and Credentials sections.

      3. (Optional) Confirm that the device details and credentials were imported correctly.

        Go to Step 10.

  4. Click the Managed Status toggle button to specify whether the device is managed or unmanaged:
    • Managed: Indicates that Paragon Automation can discover the device, configure and monitor the device, and perform device operations (such as rebooting and pushing configurations to the device). This is the default option.
    • Unmanaged: Indicates that Paragon Automation cannot discover the device by using NETCONF.
  5. In the Hostname / IP Targets field, enter the hostnames or IP addresses of the devices that you want Paragon Automation to discover.

    You can enter multiple hostnames or IP addresses by typing each entry and then pressing Enter.

  6. (Optional) You can also select devices from the list of devices discovered by Paragon Pathfinder (using BGP-LS):
    Note:

    For a device to be discovered by Paragon Automation by using BGP-LS, the IP addresses of the device must be routable from Paragon Pathfinder and NETCONF must be enabled on the device.

    • Click the Add targets from topology to this list link.

      The Add Topology Targets page appears.

    • Select the check boxes corresponding to the devices that you want to add, and click Add.

      You are returned to the Add Devices page. The IP addresses of the devices that you added appear in the Hostname / IP Targets field.

  7. In the Device Credentials field, enter the username and password.
    Note:

    For Junos OS devices, we recommend that you use a non-root account with super user permissions. Ensure that you configure this account on each device that you discover or add.

  8. To use RADIUS credentials for managing the device, toggle the Use Same Credentials for Managing the Device button on. To use Paragon Automation generated credentials for managing the device, toggle the Use Same Credentials for Managing the Device button off.

    Note: NOTE:

    To use RADIUS authentication on the device, you must configure information about the RADIUS servers on the network. For more information, see Radius Authentication.

  9. Click OK.

    Paragon Automation triggers a device discovery job and displays a confirmation message with a link to the job. You are returned to the Devices page.

  10. (Optional) Click the job ID link on the confirmation message (or on the Jobs page [Monitor > Jobs]) to open the Job Status page, where you can monitor the status of the device discovery.

  11. After the job finishes, go to the Devices page and verify that the devices are discovered correctly.

    Note:
    • For managed devices, the Management Status should be Up, indicating that Paragon Automation established a connection with the device. In addition, the Sync Status should be In Sync, indicating that the configuration and the inventory data in Paragon Automation and on the device are in sync.
    • For unmanaged devices, the Management Status should be Unmanaged, and the Sync Status should be Unknown. The Sync Status Unknown indicates that Paragon Automation added the device to its database, but that no NETCONF session was created to synchronize the configuration and the status.

Add New Devices

To onboard devices using ZTP:

Note:

To use ZTP, the devices must be present in the same subnet as Paragon Automation. To onboard devices in a different subnet, you must install and run DHCP Relay to connect the devices with Paragon Automation. See Configure a DHCP Relay for ZTP for more information.

  1. On the Devices page (Configuration > Devices), click the Add (+) icon.

    The Add Devices page appears.

  2. Select the Add New Devices option.
  3. Enter the root password and the range of IP addresses for management connectivity.

  4. You can either enter device details manually or import the device details from a comma-separated values (CSV) file:
    • To enter the device details manually, select Enter Manually, which is the default. Go to Step 5.
    • To enter the device details using a CSV file:
      1. Select Import From File, and click Browse.
        Tip:

        Click the Download Sample CSV File link to download a sample CSV and use the sample file to create your own CSV file.

      2. In the File Upload dialog box, select the CSV file to upload, and click Open.
      3. (Optional) Confirm that the device details and credentials were imported correctly.

        Go to Step 12.

  5. Select the device family that you want to add from the Device Family list.
  6. Select the device model that you want to add from the Device Model list.
  7. Select the Junos image that the device must use from the JUNOS Image list. The default is Use Image on Device indicating that the device is added to Paragon Automation with the image already existing in it.
  8. In the Device Serial Numbers field, enter the serial number of the device that you want to add. To add more than one serial number, enter the serial number of each device that you want to add and then press Enter.
  9. When the common root password is disabled, enter the root password to be assigned to the device in the Root Password field.

  10. (Optional) Click the Add (+) icon to add more device models for discovery.

    Repeat steps 5 through 9.

  11. Click OK.

    Paragon Automation triggers a device discovery job and displays a confirmation message with a link to the job. You are returned to the Devices page.

  12. (Optional) Click the job ID link on the confirmation message (or on the Jobs page [Monitor > Jobs]) to open the Job Status page, where you can monitor the status of the device discovery.

  13. After the job finishes, go to the Devices page and verify that the devices are discovered correctly.

Now that you've onboarded the devices, you can configure the devices.

Configure Devices

Edit the device profile for each device that you added and configure the fields related to Path Computation Element (PCE) protocol (PCEP), NETCONF, and (optionally) parameters related to telemetry.
Note:

These configurations will be used by Paragon Pathfinder and Paragon Insights.

  1. On the Devices page (Configuration > Devices), select the device, and click the Edit (pencil) icon.

    The Edit Device-Name page appears.

  2. Configure the parameters related to PCEP in the Protocols > PCEP section.
    • Specify which PCEP version to use from the Version list:
      • Select Non-RFC, which is the default option, to run in non-RFC 8231/8281 compliance mode.

        You can use this option for devices running Junos OS versions 15.x through versions 19.x.

      • Select RFC Compliant to run in RFC 8231/8281 compliance mode. You can use this option for any vendor's devices that conform to RFC 8231/8281. For example, Juniper devices running Junos OS versions 19.x and later.
      • Select 3rd party PCC for older versions of Cisco devices.
    • In the IP Address field, enter the IP address used by the device to connect to Paragon Automation for managing LSPs.
    • Enter the MD5 key to secure PCEP sessions between Paragon Pathfinder and the device. You must configure the same key on the router as well.

  3. Configure the NETCONF parameters in the Protocols > Netconf section.
    • Enabled: Click the toggle button to enable NETCONF on the device.
    • Bulk Commit: Click the toggle button to enable NETCONF bulk commit. If you enable bulk commit, you can provision multiple LSPs in a single commit instead of using multiple commits.
      Note:
      • When you use point to multipoint (P2MP) LSPs on Juniper devices, you must enable bulk commit to enable support for P2MP LSP provisioning on the devices.
      • In other cases, enabling bulk commit is optional, and you can use bulk commit if you want to improve provisioning efficiency.
    • In the Retry Count field, enter the number of attempts to establish a NETCONF connection with the device.

    • iAgent/Netconf Port: Enter the port number (on the device) to be used for NETCONF. This port should not be used for any other service.

      The default port number is 830 for Juniper Networks devices and 22 for other devices.

  4. (Optional) If you want Pathfinder to receive telemetry data from devices, configure the system identifier (for Junos Telemetry Interface [JTI]) and the management IP address in the Device ID Details section.
    Note:

    For the JTI system identifier, use the format device-host-name:jti-ip-address, where:

    • device-host-name is the hostname of the device.
    • jti-ip-address is the IP address (local-address statement) that is configured for the export profile in Junos OS.

    For information on identifying the jti-ip-address, see export-profile (Junos Telemetry Interface).

  5. Click OK to save your changes.

For details on configuring device parameters, see Edit Devices.

Configure Paragon Pathfinder

Configure Paragon Pathfinder to acquire network topology and provision add LSPs. You can use Paragon Pathfinder features if you have installed the required license.

  1. Add the devices to the controller device group:
    1. On the Device Group Configuration page (Configuration > Device Groups), select the controller device group, and click the Edit (pencil) icon.

      The Edit Device Group page appears.

    2. In the Devices field, select the devices that Paragon Automation previously discovered, and then save and deploy the changes.

    For details, see Edit a Device Group.

  2. Run the device collection task:
    1. On the Task Scheduler page (Administration > Task Scheduler), click the Add (+) icon.

      The Create New Task wizard appears.

    2. In Step 1 of the wizard, specify the following and click Next.
      • In the Name field, enter a name for the task.
      • From the Task Group list, select Collection Tasks.
      • From the Task Type list, select Device Collection.
    3. In Step 2 of the wizard, select the devices that you want to include in device collection, specify the task and collection options, and click Next. By default, all devices are included.
    4. In Step 3 of the wizard, specify the schedule and recurrence for the task.
    5. Click Finish.

      The device collection task is added. You're returned to the Task Scheduler page.

      For details, see Add a Device Collection Task.

  3. Configure topology acquisition as follows:
    1. Enable MPLS, RSVP, and the interior gateway protocol (IGP) (IS-IS or OSPF) traffic engineering on the devices (from the device CLI) using the sample configurations provided:
      • Enable MPLS:
      • Configure a routing policy:
      • Enable RSVP:
      • Enable IS-IS:
      • Enable OSPF:

      For more information, see the Comma separated list of CRPD peers section of Install Paragon Automation on a Multinode Cluster.

    2. Enable BGP-LS on the devices, as shown in the following sample configuration:

      For more information on options to configure BGP-LS and additional details, see Install Paragon Automation on a Multinode Cluster.

    3. (Optional) Configure BGP-LS peers in Paragon Automation.
      Note:

      You need to perform this step only if you want to change the BGP-LS peers that you configured during the Paragon Automation installation process.

      Paragon Automation uses the Junos OS containerized routing protocol process (daemon) (cRPD) to establish BGP-LS sessions with devices in the network for topology acquisition. The cRPD container is part of the BGP Monitoring Protocol (BMP) pod running on one of the Paragon Automation worker nodes

      As part of the Paragon Automation installation, you configure the IP addresses of one or more BGP-LS peers and the autonomous system to which they belong. This information is added to the cRPD configuration automatically. If you need to modify this configuration, you can do it one of the following ways:

      Note:

      The following steps are provided at a high-level. For details, see the Modify cRPD Configuration.

      • Modify the BMP configuration file as follows:
        1. Open the BGP Monitoring Protocol (BMP) configuration file in an editor.
          Note:

          The BMP configuration file (kube-cfg.yml) is located in the /etc/kubernetes/po/bmp/ directory on the Paragon Automation primary node.

        2. Edit the configuration (for example, add the device IP addresses) in the BMP configuration file.
        3. Apply the modified configuration file.
        4. Connect to the cRPD container, and verify that the configuration changes are applied.
      • To connect to cRPD and edit the configuration:
        1. Connect to the cRPD container and enter configuration mode.
        2. (Optional) View the current BGP configuration and the autonomous system number.
        3. Modify the autonomous system number.
        4. Add a new neighbor.
        5. Commit the configuration changes.
    4. Verify the status of the BGP-LS sessions in one of the following ways:
      • Use the CLI on the router. For Juniper devices, run the show bgp summary command.
      • Connect to the cRPD container, and run the show bgp summary command.
    5. Verify that the BGP-LS routes are being advertised on the device, and that the routes are received by Paragon Automation. You can do this in one of the following ways:
      • Use the CLI on the router. For Juniper devices, run the show route advertising-protocol bgp ip-address-worker-node-cRPD command, where ip-address-worker-node-cRPD is the IP address of the Paragon Automation worker node on which cRPD is running.
      • Connect to the cRPD container and run the show route receive-protocol bgp bgp-ls-peer-address hidden command, where bgp-ls-peer-address is the IP address of the router that is sending the route advertisements to cRPD.
        Note:

        In cRPD, the routes are hidden because the next hop cannot be resolved. This is not a concern because cRPD will never be a part of the forwarding path and the BGP decision process is not used for path calculations. The topology information collected is passed on to the Paragon Automation topology server using BMP. The Path Computation Server (PCS) then uses this information to perform the path calculations.

  4. Verify that the network topology is discovered, and that the topology is displayed in the Paragon Automation GUI. On the Topology page (Network > Topology):
    1. Check that the devices are displayed (with a router icon) on the topology map.
    2. On the Node tab (of the Network Information table), verify that the Type, IP Address, and Management IP (address) are displayed for each device.
  5. For LSP management, configure PCEP and NETCONF on each device:
    1. Configure PCEP on the device using the following sample configuration:

      where pce1 is the unique PCE identifier, and Paragon-PCEP-Address is the virtual IP address of the Pathfinder PCE server configured during the Paragon Automation installation process.

    2. Ensure that you enable NETCONF:
      • In the device profiles in Paragon Automation, as explained in Configure Devices.
      • On the routers. On Juniper routers, you can enable NETCONF by using the following commands:
    3. Verify that PCEP and NETCONF sessions are established on the device. On Juniper devices, you can verify this by running the following commands:
  6. On the Node tab (of the Network Information table), for each device, verify that the PCEP Status and NETCONF Status fields display Up.
  7. Provision LSPs from the Tunnel tab of the Network Information table (on the Network > Topology page).

    For more information, see Add a Single Tunnel, Add Diverse Tunnels, and Add Multiple Tunnels.

Configure Paragon Insights

Configure Paragon Insights to monitor and analyze your network configuration and telemetry data. You can use Paragon Insights features if you have installed the required license.

Figure 1 provides a high-level overview of the following concepts in Paragon Insights:

  • How devices and device groups are related.
  • How rules and playbooks are related.
  • How devices and device groups, and rules and playbooks are associated with each other.

For more information, see the chapters on Playbooks and Rules in the Paragon Automation User Guide.

Figure 1: Understand Devices and Device Groups, and Rules and Playbooks in Paragon Insights Understand Devices and Device Groups, and Rules and Playbooks in Paragon Insights

To get started with Paragon Insights:

  1. Configure the devices that you're monitoring using Paragon Insights to stream telemetry data. For details, see Network Device Requirements.
  2. Add the devices to a device group:
    1. On the Device Group Configuration page (Configuration > Device Groups), click the Add (+) icon.

      The Add Device Group page appears.

    2. Configure the fields to add a device group, and include the devices that Paragon Automation previously discovered to the device group.

      For details, see Add a Device Group.

  3. (Optional) Review the pre-existing rules and playbooks.

    If required, you can:

    • Upload predefined rules, predefined playbooks, or both. You can download predefined rules and playbooks from the Paragon Insights GitHub repository.
    • Create rules, playbooks, or both.

    For details, see the Playbooks and Rules chapters in the Paragon Automation User Guide.

  4. Apply one or more playbooks to the device group:
    1. On the Playbooks page (Configuration > Playbooks), click the paper airplane icon corresponding to the playbook that you want to apply.

      The Run Playbook: Playbook-Name page appears.

    2. Enter the name of the playbook instance.
    3. Select the device group to which you want to apply the playbook.
    4. (Optional) Enter the variables.
    5. (Optional) Select the date and time schedule at which you want the playbook to run.
    6. Click Save & Deploy.

      Paragon Insights runs the playbook instance, after a few seconds.

    7. Click the deployment status icon (on the Paragon Automation banner) to verify that the deployment was successful.

    For more information, see Manage Playbook Instances.

  5. After the playbook instances have finished running, access the Network Health page (Monitoring > Network Health), and select the device group for which you want to monitor the health.
Tip:

Paragon Insights allows you to define entities called resources, which are used for root cause analysis (RCA) and for generating smart alerts. You can define resources at the network element level or at the network level. You can then configure resource properties, map a resource to Paragon Insights rules, and configure dependencies between resources. Paragon Insights then automatically identifies the resources that need to be discovered and maps the dependencies between the resource instances.

For details, see Understand Root Cause Analysis.

Configure Paragon Planner

Configure Paragon Planner to plan your network and simulate scenarios. You can use Paragon Planner features if you have installed the required license.

  1. If you haven't previously run a device collection task, which enables Pathfinder to obtain the configuration of network devices, run the task as explained in Step 2.
  2. Use Paragon Pathfinder to create an archive directly from the live network.

    For details, see Add a Network Archive Task.

  3. Access the Paragon Planner Desktop application:
    1. Ensure that the client PC from which you access the Paragon Planner desktop application has the following installed:
    2. Access the Paragon Planner desktop application by:
      1. Downloading the Java Network Launch Protocol (JNLP) file by using the Paragon Automation GUI.
      2. Using the JNLP file to launch the Paragon Planner desktop application.
      3. Logging in using your Paragon Planner credentials.

      For details, see Access Paragon Planner Desktop Application.

  4. Open or import one of the archives and device collections created in Pathfinder to create a network model for Planner. For details, see Router Data Extraction Overview.
  5. Use the network model to run simulations in Paragon Planner.

For information about the tasks you can accomplish by using Paragon Planner, see the Paragon Planner Desktop Application User Guide.