Registering switches via Zero Touch Provisioning (ZTP)

Switches can be registered and configured automatically using the Zero Touch Provisioning process. This process includes the configuration of MCLAGs, BGP sessions, port configurations and other initial configurations on the switches.

If you prefer to add the switches manually, which allows more control over the setup and also the use of previously configured switches please consult this guide: Managing switches

Note that not all platforms are supported, consult the Hardware Compatibility Guide for an up to date list of supported equipment.

How the ZTP process works

While this process depends on the platform, it is generally based on the DHCP protocol on the management VLAN based on an interaction between the switch (via the management port) and the site controller. The process is initiated by the switch with a DHCP packet.

  • ONIE-based process: Dell Enterprise Sonic, Dell OS10, Juniper JUNOS, Arista

  • POAP-based process: Cisco Nexus (upcoming)

  • Proprietary: Cisco ACI

ONIE-based process

Prerequisites:

  1. A Datacenter record created in MetalSoft.

  2. A deployed site controller with a network setup that allows DHCP requests from the ethernet Switch management port to reach the Site Controller either L2 or L3 (DHCP relay) and HTTP & TFPT download from the Site Controller to the switch management port. See Deploying the MetalSoft site controller resource for more details.

  3. A Switch template added in Templates > Switch templates that includes the URL of the switch image and any additional assets that will be pulled during installation (such as the config_db.json file in the case of SONIC). Note that the URL must be reachable by the Site Controller. Use the ** Templates ** > Switch templates > Add switch template button or the CLI os-template register command to add a new switch template.

  4. An entry in MetalSoft Switch Defaults table matching the switch model number or MAC address. This record needs to reference the OS template to be installed and other details. Go to Switches > Switch Defaults and click Add switch defaults and fill in the form with required information.

  5. Switch is in ONIE-mode (either from the factory or manually configured via the switch boot menu - see instructions below)

The ONIE process:

  1. The switch performs a broadcast on the management interface (DHCP protocol) that is received by the Site Controller.

  2. The Site Controller allocates a management IP according to the matching Switch Defaults entry.

  3. The Site Controller replies with a DHCP Reply packet containing the IP and additional information (the OS image to install)

  4. The switch pulls the image from the repository via the site controller proxy and the switch installs it.

  5. The switch reboots

  6. Depending on the platform, the switch OS performs another DHCP request and the site controller replies with the URL of the initial configuration files (in the case of sonic it is ztp.json and config_db.json). Note that those configuration files must match the switch platform being provisioned and can use several variables. See below the variables glossary.

  7. MetalSoft will then use the RESTCONF API to enable EVPN if supported by the platform and create the required uplinks to the spine switches and create BGP sessions using the defaults provided for AS numbers.

  8. The switch is now fully registered. Note that the initial configuration file typically sets the management IP on the switch to static to avoid any dependency on the site controller.

To manually set a compatible switch in ONIE mode

Note that this is platform specific but in general lines the steps would be the following:

  1. Connect a console cable to the switch

  2. Reboot the switch

  3. During the boot look for the keyboard key to press during boot to enter the boot menu (such as F2)

  4. Press the key

  5. Select using the arrow keys the Erase operating system (or equivalent). This is needed as the ONIE-based process needs free disk space to store the OS image prior to installation.

  6. Erasing the OS might take some time after which the switch will reboot or will need to be rebooted manually.

Cisco ACI ZTP process

This process is driven by the Cisco ACI controller. The Site Controller can safely coexist with the APIC DHCP server as it will not respond to DHCP requests from switches without a matching model number or MAC address. Note however that ACI must be manually configured to allow ZTP.

Pre-requisites:

  1. A Datacenter record created in MetalSoft configured with the SDN provisioner configured.

  2. A deployed site controller with a network setup that allows http requests to the Cisco APIC controller

  3. An APIC controller configured in MetalSoft datacenter object: Switches > Controllers tab > Add controller

The Cisco ACI ZTP process:

  1. Switch performs a DHCP broadcast

  2. Switch is automatically added to Cisco ACI

The system will automatically scan for new switches in Cisco ACI when a server sees an unknown switch connected to it.

Variable glossary

The following variables can be used in the initial configuration files to customize the deployment. They will be replaced when uploaded to the switch with details matching the switch and the environment:

  • {{hostname}} - The hostname of the switch.

  • {{management_interface_ip_0_address}} - The ip address of the switch.

  • {{management_interface_ip_0_gateway}} - The gateway to configure on the switch for the management interface.

  • {{management_interface_ip_0_mask}} - Netmask for the switch management interface.

  • {{management_interface_ip_0_prefix_size}} - Prefix size (eg 24 for a /24 subnet) of the management interface of the switch.

  • {{loopback_ipv4}} - IP (v4) of a loopback interface on the switch that can be used for BGP sessions.

  • {{loopback_ipv6}} - IP (v6) of a loopback interface on the switch that can be used for BGP sessions.

  • {{vtep_ipv4}} - IP (v4) of a VTEP interface on the switch that can be used for identifying the switch in a fabric.

  • {{vtep_ipv6}} - IP (v6) of a VTEP interface on the switch that can be used identifying the switch in a fabric.

  • {{asn}} - AS number allocated to this switch that can be used for BGP sessions.

  • {{mlag_system_mac}} - MAC address of the switch MCLAG object in a switch or a pair of switches.

  • {{mlag_domain_id}} - Domain ID of the MCLAG object if applicable.

See this SONIC leaf switch example of how these variables can be used.