Zero Touch Provisioning on Juniper devices using Linux
In this post we will see in action the Zero Touch Provisioning(ZTP) feature on Juniper devices using Linux.
The Juniper device will be a QFX5100, but you can use any other Juniper EX or QFX devices.
All you need from the Juniper device is the MAC address based on which the DHCP server will identify a particular device trying to perform ZTP. You can get this from the box into which the device came.
The DHCP and FTP servers were installed on an Ubuntu operating system.
This is the topology:
What will happen is that the QFX5100 will be zeroized so that after a reboot, it will not have any configuration and it will try to get an IP address through DHCP on one of the em0, irb.0 or vme.0 interfaces.
The DHCP server will push different options in the DHCP Request message to instruct the QFX5100 from where to get the new Junos software, the configuration and what transfer method should use.
This is the configuration of the DHCP service from the Ubuntu server. Because this is Ubuntu, the DHCP configuration file is located at /etc/dhcp/dhcpd.conf:
subnet 172.30.158.0 netmask 255.255.254.0 { option routers 172.30.158.1; option subnet-mask 255.255.254.0; default-lease-time 3600; max-lease-time 7200; range 172.30.158.180 172.30.158.195; } option option-150 code 150 = ip-address; option space ZTP; option ZTP.server-image code 4 = text; option ZTP.server-image code 0 = text; option ZTP.server-file code 1 = text; option ZTP.image-file-type code 2 = text; option ZTP.transfer-mode code 3 = text; option ZTP-encapsulation code 43 = encapsulate ZTP; host qfx5100-1 { hardware ethernet 64:64:9b:54:0a:01; // the system base address + 1 fixed-address 172.30.158.191; // the IP address that should be assigned to the QFX5100 option option-150 172.30.158.253; // the TFTP server IP option host-name "QFX5100"; // the hostname option ZTP.server-image "/home/pubftp/ZTP/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz"; //the location of the Junos software option ZTP.server-file "/home/pubftp/ZTP/QFX5100-1"; // the location of the configuration file option ZTP.transfer-mode "ftp"; // the transfer method }
Currently the device is running 13.2X51-D30 and it’s being zeroized:
{master:0} root@QFX5100> show version fpc0: -------------------------------------------------------------------------- Hostname: QFX5100 Model: qfx5100-48s-6q JUNOS Base OS Software Suite [13.2X51-D30.4] JUNOS Base OS boot [13.2X51-D30.4] JUNOS Crypto Software Suite [13.2X51-D30.4] JUNOS Online Documentation [13.2X51-D30.4] JUNOS Kernel Software Suite [13.2X51-D30.4] JUNOS Packet Forwarding Engine Support (qfx-ex-x86-32) [13.2X51-D30.4] JUNOS Routing Software Suite [13.2X51-D30.4] JUNOS Enterprise Software Suite [13.2X51-D30.4] JUNOS py-base-i386 [13.2X51-D30.4] JUNOS Host Software [13.2X51-D30_vjunos.] {master:0} root@QFX5100> request system zeroize warning: System will be rebooted and may not boot without configuration Erase all data, including configuration and log files? [yes,no] (no) yes warning: ipsec-key-management subsystem not running - not needed by configuration. warning: zeroizing fpc0 {master:0} root@QFX5100>
After it come back after reboot, it will try to get an IP address through DHCP:
root@:RE:0% Auto Image Upgrade: DHCP Client Bound interfaces: Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0 vme.0 em1.0 Auto Image Upgrade: To stop, on CLI apply "delete chassis auto-image-upgrade" and commit Auto Image Upgrade: No DHCP Client in bound state, reset all enabled DHCP clients Auto Image Upgrade: DHCP Client State Reset: irb.0 vme.0 em1.0
The above three interfaces are configured for DHCP:
{master:0} root> show configuration interfaces vme unit 0 { family inet { dhcp { vendor-id Juniper-qfx5100-48s-6q; } } } {master:0} root> show configuration interfaces irb.0 family inet { dhcp { vendor-id Juniper-qfx5100-48s-6q; } } {master:0} root> show configuration interfaces em1.0 family inet { dhcp { vendor-id Juniper-qfx5100-48s-6q; } } {master:0} root>
The device is constantly trying to start the ZTP process and once the DHCP server is available, the ZTP process will start.
These will be seen on the console of the device:
{master:0} root> Auto Image Upgrade: DHCP Options for client interface vme.0: ConfigFile: /home/pubftp/ZTP/QFX5100-1 ImageFile: /home/pubftp/ZTP/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz Gateway: 172.30.158.1 DHCP Server: 172.30.158.253 File Server: 172.30.158.253 Options state: All options set Auto Image Upgrade: DHCP Client Bound interfaces: vme.0 Auto Image Upgrade: DHCP Client Unbound interfaces: irb.0 em1.0 Auto Image Upgrade: To stop, on CLI apply "delete chassis auto-image-upgrade"and commit Auto Image Upgrade: Active on client interface: vme.0 Auto Image Upgrade: Interface:: "vme" Auto Image Upgrade: Server:: "172.30.158.253" Auto Image Upgrade: Image File:: "jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz" Auto Image Upgrade: Server File:: "QFX5100-1" Auto Image Upgrade: Gateway:: "172.30.158.1" Auto Image Upgrade: Protocol:: "ftp" Auto Image Upgrade: Start fetching QFX5100-1 file from server 172.30.158.253 through vme using ftp Auto Image Upgrade: File QFX5100-1 fetched from server 172.30.158.253 through vme Auto Image Upgrade: Start fetching jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz file from server 172.30.158.253 through vme using ftp Auto Image Upgrade: File jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz fetched from server 172.30.158.253 through vme Auto Image Upgrade: To install /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz image fetched from server 172.30.158.253 through vme WARNING!!! On successful image installation, system will reboot automatically Auto Image Upgrade: Installation of /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz image fetched from server 172.30.158.253 through vme is done, proceeding for reboot of system Broadcast Message from root@ (no tty) at 15:24 UTC... Auto image Upgrade: Stopped *** System shutdown message from root@ *** System going down in 1 minute
As you can, the QFX5100 knows from where to get the Junos software and the configuration.
After reboot, the new configuration is in place and the device is using the new Junos:
{master:0} root@QFX5100> show version fpc0: -------------------------------------------------------------------------- Hostname: QFX5100 Model: qfx5100-48s-6q Junos: 14.1X53-D15.2 JUNOS Base OS Software Suite [14.1X53-D15.2] JUNOS Base OS boot [14.1X53-D15.2] JUNOS Crypto Software Suite [14.1X53-D15.2] JUNOS Online Documentation [14.1X53-D15.2] JUNOS Kernel Software Suite [14.1X53-D15.2] JUNOS Packet Forwarding Engine Support (qfx-ex-x86-32) [14.1X53-D15.2] JUNOS Routing Software Suite [14.1X53-D15.2] JUNOS Enterprise Software Suite [14.1X53-D15.2] JUNOS py-base-i386 [14.1X53-D15.2] JUNOS Host Software [13.2X51-D30_vjunos.] {master:0} root@QFX5100>
You can see in the syslog of the Ubuntu server the DHCP messages between the QFX5100 and the server:
Jan 29 15:19:42 UBUNTU dhcpd: DHCPDISCOVER from 64:64:9b:54:0a:01 via eth0 Jan 29 15:19:42 UBUNTU dhcpd: DHCPOFFER on 172.30.158.191 to 64:64:9b:54:0a:01 via eth0 Jan 29 15:19:42 UBUNTU dhcpd: Dynamic and static leases present for 172.30.158.191. Jan 29 15:19:42 UBUNTU dhcpd: Remove host declaration QFX5100-1 or remove 172.30.158.191 Jan 29 15:19:42 UBUNTU dhcpd: DHCPREQUEST for 172.30.158.191 (10.10.10.254) from 64:64:9b:54:0a:01 via eth0 Jan 29 15:19:42 UBUNTU dhcpd: DHCPACK on 172.30.158.191 to 64:64:9b:54:0a:01 via eth0
Here is a screenshot of a packet capture that caught all the four DHCP messages and the DHCP Request is highlighted with Option 43 showing the configuration and Junos software files location:
Below are some more logs from the image_load file that is capturing the files transfer and software installation:
{master:0}
root@QFX5100> show log messages | match image_load
Jan 29 15:21:26 image_load[2060]: Auto Image Upgrade: DHCP Options for client interface vme.0: ConfigFile: /home/pubftp/ZTP/QFX5100-1 ImageFile: /home/pubftp/ZTP/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz Gateway: 172.30.158.1 DHCP Server: 172.30.158.253 File Server: 172.30.158.253 Options state: All options set
Jan 29 15:21:33 image_load[2088]: /usr/sbin/image_load -G 172.30.158.253 -I vme -O install_reboot -D /var/tmp -W 1 -C /home/pubftp/ZTP/QFX5100-1 -F /home/pubftp/ZTP/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz -T ftp -R 172.30.158.1
Jan 29 15:21:34 image_load[2088]: Directory to store image is valid /var/tmp
Jan 29 15:21:34 image_load[2088]: Auto Image Upgrade: Interface:: "vme" Auto Image Upgrade: Server:: "172.30.158.253" Auto Image Upgrade: Image File:: "jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz" Auto Image Upgrade: Server File:: "QFX5100-1" Auto Image Upgrade: Gateway:: "172.30.158.1" Auto Image Upgrade: Protocol:: "ftp"
Jan 29 15:21:37 image_load[2088]: ftp -JI vme ftp://172.30.158.253//home/pubftp/ZTP/QFX5100-1
Jan 29 15:21:39 image_load[2088]: PING 172.30.158.253 (172.30.158.253): 56 data bytes 64 bytes from 172.30.158.253: icmp_seq=0 ttl=64 time=0.920 ms --- 172.30.158.253 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.920/0.920/0.920/0.000 ms vme: encaps: (null); framing: <error> flags=0x3/0x8000 <PRESENT|RUNNING> curr media: (unknown type) (null) vme.0: flags=0x400c000 <UP|MULTICAST> inet mtu 1500 local=172.30.158.191 dest=172.30.158.0/23 bcast=172.30.159.255
Jan 29 15:21:39 image_load[2088]: Auto Image Upgrade: Start fetching QFX5100-1 file from server 172.30.158.253 through vme using ftp
Jan 29 15:21:39 image_load[2088]: Auto Image Upgrade: File QFX5100-1 fetched from server 172.30.158.253 through vme
Jan 29 15:21:39 image_load[2088]: Copied /var/tmp/QFX5100-1 to target directory
Jan 29 15:21:39 image_load[2088]: ftp -JI vme ftp://172.30.158.253//home/pubftp/ZTP/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz
Jan 29 15:21:41 image_load[2088]: PING 172.30.158.253 (172.30.158.253): 56 data bytes 64 bytes from 172.30.158.253: icmp_seq=0 ttl=64 time=0.386 ms --- 172.30.158.253 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.386/0.386/0.386/0.000 ms vme: encaps: (null); framing: <error> flags=0x3/0x8000 <PRESENT|RUNNING> curr media: (unknown type) (null) vme.0: flags=0x400c000 <UP|MULTICAST> inet mtu 1500 local=172.30.158.191 dest=172.30.158.0/23 bcast=172.30.159.255
Jan 29 15:21:41 image_load[2088]: Auto Image Upgrade: Start fetching jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz file from server 172.30.158.253 through vme using ftp
Jan 29 15:21:55 image_load[2088]: Auto Image Upgrade: File jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz fetched from server 172.30.158.253 through vme
Jan 29 15:22:14 image_load[2088]: pkg version 14.1X53-D15.2 local version 13.2X51-D30.4
Jan 29 15:22:14 image_load[2088]: Package name jinstall-vjunos-14.1X53-D15.2-domestic-signed
Jan 29 15:22:14 image_load[2088]: Pkgfile /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz unsigned_pkgfile jinstall-vjunos-14.1X53-D15.2-domestic.tgz
Jan 29 15:22:28 image_load[2088]: Auto Image Upgrade: To install /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz image fetched from server 172.30.158.253 through vme
Jan 29 15:22:28 image_load[2088]: WARNING!!! On successful image installation, system will reboot automatically
Jan 29 15:22:28 image_load[2088]: request system software add /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz no-validate force
Jan 29 15:24:55 image_load[2088]: Verified jinstall-vjunos-14.1X53-D15.2-domestic.tgz signed by PackageDevelopmentVJunos_13_2_0 Adding vjunos... Saving contents of boot area prior to installation WARNING: This package will load JUNOS 14.1X53-D15.2 software. WARNING: It will save JUNOS configuration files, and SSH keys WARNING: (if configured), but erase all other files and information WARNING: stored on this machine. It will attempt to preserve dumps WARNING: and log files, but this can not be guaranteed. This is the WARNING: pre-installation stage and all the software is loaded when WARNING: you reboot the system. POST-INSTALL... Saving the config files ... NOTICE: uncommitted changes have been saved in /var/db/config/juniper.conf.pre-install Pushing installation package to host... Extracting jinstall-qfx-5-14.1X53-D15.2-domestic ... Install jinstall-qfx-5-14.1X53-D15.2-domestic completed Install jinstall-vjunos completed WARNING: A REBOOT IS REQUIRED TO LO
Jan 29 15:24:55 image_load[2088]: Auto Image Upgrade: Installation of /var/tmp/jinstall-qfx-5-14.1X53-D15.2-domestic-signed.tgz image fetched from server 172.30.158.253 through vme is done, proceeding for reboot of system
Jan 29 15:24:55 image_load[2088]: Adding event for /home/pubftp/ZTP/QFX5100-1 .
Jan 29 15:24:57 image_load[2088]: mgd: commit complete
Jan 29 15:24:57 image_load[2088]: Merge return value 0
Jan 29 15:24:57 image_load[2088]: After reboot, see /var/log/op-script.log and /var/log/event-script.log for status of config commit
Jan 29 15:24:57 image_load[2088]: Applying reboot operation on system
{master:0}
root@QFX5100>
I hope you enjoyed reading this and you will find useful next time when you will try to deploy many Juniper EXs or QFXs at once for the first time.
The following two tabs change content below.
Paris ARAU
Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
[…] see how you can use Windows OS to perform ZTP on Juniper devices. There was a previous article, Zero Touch Provisioning on Juniper devices using Linux, where we saw how ZTP works when Linux is […]
Hello!
Recovery images are full qcow2 disks, stored in /recovery/junos of the underlying linux OS (jhost in vendor’s terminology), so the recovery options could be extended to previous versions or to switch between flex, controlled & vanilla versions by simply copying the compressed disk image from recovery medias (e. g. jinstall-qfx-5-14.1X53-D30.3-controlled.img.gz in /junos folder of install-media-qfx-5-flex-14.1X53-D30.3), copying to vjunos VM by simply mount_msdosfs-ing and transfer it to underlying linux OS via internal bridge vibr0 (e. g. scp -JU __juniper_private4__ jinstall-qfx-5-14.1X53-D30.3-controlled.img.gz 192.168.1.1:/recovery/junos/jinstall-qfx-5-14.1X53-D30.3-controlled.img.gz ); connect to linux host, either from vjunos cli (request app-engine host-shell) or from cshell (ssh -JU __juniper_private4__ 192.168.1.1), uncompress the transferred image in /recovery/junos and it will be available in the Junos Recovery script. I didn’t test the max number of images which could be stored and/or read by the recovery script, but I recovered to an ACX5048 image (PFE in vjunos is constantly dumping).
Happy junipering!
Nice one Andrei.
I haven’t seen more than three releases being available during the recovery mechanism, but this is something that needs to be tested.
Thanks,
Paris
OK, so you can have up to three images available for recovery:
-sh-4.1# ls -l /recovery/junos/
total 2419160
lrwxrwxrwx 1 root root 72 Mar 2 09:34 current_junos_image -> /recovery/junos/jinstall-qfx-5-14.1X53-D30.3-controlled-201603020934.img
-rw-r–r– 1 root root 828112896 Mar 2 09:34 jinstall-qfx-5-14.1X53-D30.3-controlled-201603020934.img
-rw-r–r– 1 root root 824508416 Mar 1 16:16 jinstall-qfx-5-14.1X53-D30.3-domestic-201603011616.img
-rw-r–r– 1 root root 824573952 Feb 17 07:31 jinstall-qfx-5-14.1X53-D32-domestic-201602170731.img
lrwxrwxrwx 1 root root 68 Mar 2 09:34 old_junos_image -> /recovery/junos/jinstall-qfx-5-14.1X53-D32-domestic-201602170731.img
lrwxrwxrwx 1 root root 70 Mar 2 09:34 previous_junos_image -> /recovery/junos/jinstall-qfx-5-14.1X53-D30.3-domestic-201603011616.img
-sh-4.1#
You can see this also in the recovery menu explained in this post:
https://nextheader.net/2015/10/26/junos-recovery-on-qfx5100/
Just a note that this does not upgrade the host OS on QFX5100 via ztp. I have encountered some issues that required host OS updates to force certain underlying compatibility issues between the host OS and the VM on 14.1D35.
Starting with 14.1X53-D30, ZTP will upgrade the host as well.
Thanks,
Paris
Awesome Paris! way to go!!!