Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Zero Touch Provisioning

Zero Touch Provisioning installs or upgrades the software automatically on your new Juniper Networks devices with minimal manual intervention.

Zero Touch Provisioning Overview

Zero Touch Provisioning (ZTP) allows you to provision new Juniper Networks devices in your network automatically, with minimal manual intervention. You can use either management ports or network ports, depending on your device, to connect to the network. When you physically connect a device to the network and boot it with a default factory configuration, the device upgrades (or downgrades) the software release and autoinstalls a configuration file from the network. The configuration file can be a configuration or a script. Using scripts, you can create device-specific configuration files and perform HTTP request operations to web servers to download specific configuration files or software releases.

To locate the necessary software image and configuration files on the network, the device uses information that you have configured on a Dynamic Host Configuration Protocol (DHCP) server. If you do not configure the DHCP server to provide this information, the device boots with the preinstalled software and default factory configuration.

For Junos OS Evolved, Zero Touch Provisioning (ZTP) dynamically detects the port speed of WAN interfaces and uses this information to create ZTP server ports with the same speed. Devices running Junos OS Evolved support automation of the device configuration and software upgrade over the management interface of Routing Engine 0 (RE0) or over WAN interfaces.

Pre-Upgrade Scripts

You can use pre-upgrade scripts to perform any pre-provisioning tasks before ZTP upgrades any software images or configuration files. We support Bash, shell, and Python 3 scripts.​

Some pre-provisioning tasks include:

  • Downloading signing keys or certificates for your third-party applications, and installing them on the device.

  • Specifying the management and WAN interface names and the speed of the WAN interfaces.

    ZTP uses this information to avoid cycling through the unnecessary speed groups where the interface does not reside.

  • Toggling between using DHCPv4 option 43 suboption 5 as an FTP IP address and an HTTP port.

You can also use a pre-upgrade script to improve the convergence time of ZTP. Create a file with the name of dhcp_interface in the /var/tmp directory that contains the names of management interfaces, and the names and speeds for WAN interfaces and reference this file in the pre-upgrade script. Speed is optional for management interfaces. ZTP uses this information to avoid cycling through the unnecessary speed groups where the interface does not reside. If there is an interface failure, ZTP will only retry the failed interface up to five times. This process improves convergence time because ZTP isn't cycling through interfaces that aren't required.

Here are some examples of the format for specifying the interface names and speeds in the pre-upgrade script.

For a WAN interface:

For a management interface:

Here is an example that shows the name of a WAN interface and its speed:

In the pre-upgrade script, you can specify whether DHCPv4 option 43 suboption 5 is used as an FTP IP address or an HTTP port. To use DHCPv4 option 43 suboption 5 as an HTTP port, create a file with the name of http_port in the /var/tmp/ directory. When the pre-upgrade script executes, and ZTP discovers that there is an http_port file located in the /var/tmp/ directory, DHCPv4 option 43 suboption 5 is used as an HTTP port. This port is used to download any software images or configuration files. If ZTP does not discover this file, DHCPv4 option 43 suboption 5 is used as an FTP IP address, and uses this address to download any software images or configuration files. This improvement leads to faster convergence.

You can use DHCP option 43 suboption 9 for DHCPv4 and DHCP option 17 suboption 9 for DHCPv6 to specify the name of your pre-upgrade script as part of the bootstrap information.

Note:

To see which platforms support ZTP, in a browser, go to Feature Explorer. In the Explore Features section of the Feature Explorer page, select All Features. In the Features Grouped by Feature Family box, select Zero Touch Provisioning. You can also type the name of the feature in the Search for Features edit box. See the Release History Table at the end of this topic for more details of how ZTP support has expanded.

ZTP Workflow

When a device boots up with the default configuration, the following events take place:

  1. DHCP client is run on supported interfaces.

  2. DHCP server provisions an IP address and includes several DHCP options in the reply related to the ZTP process.

  3. The device processes the DHCP options and locates configuration files, executes scripts, and upgrades and/or downgrades software.

  4. If both the image and configuration files are present, the image is installed and the configuration is applied.

  5. If only the image file is present, the image is installed on the device.

  6. If the image is the same as the image already installed on the device, ZTP continues and skips the installation step.

  7. If the image was unable to be fetched by the device, ZTP will try to fetch the image again.

  8. If the image is corrupted, installation fails.

    If installation fails for any reason, ZTP will retry on other interfaces.

  9. If only the configuration file is present, the configuration is downloaded.

    If the first line of the file consists of the #! characters followed by an interpreter path, then the file is considered a script, and the script is executed by the interpreter. If the script returns an error, ZTP will retry on other interfaces.

    If the configuration file is unable to be downloaded, the ZTP process will try to download it again.

    If the configuration file is corrupted, has syntax errors, or includes commands that are unsupported by the device, the device will be unable to commit, and ZTP will retry on other interfaces.

  10. If there is no image or configuration file, ZTP will retry on other interfaces.

  11. If there is no file server information, ZTP will retry on other interfaces.

  12. Once the configuration is committed, the ZTP process is deemed successful and terminates.

Provisioning a Device Using a Script

During the ZTP process, when you connect and boot a new networking device, the device requests an IP address from the DHCP server. The server provides the IP address, and if configured, the filenames and locations for the software image and configuration file for the device. The configuration file can be a configuration or a script.

If a configuration file is provided, the operating system determines if the file is a script based on the first line of the file. If the first line contains the characters #! followed by an interpreter path, the operating system treats the file as a script and executes it with the specified interpreter.

If the script returns an error (that is, a nonzero value), ZTP will retry on other interfaces.

Table 1 outlines the supported script types, the corresponding interpreter path, and the platforms that support that script type during the ZTP process.

Table 1: Scripts Supported During ZTP

Script Type

Interpreter Path

Platform Support

Shell script

#!/bin/sh

All devices

SLAX script

#!/usr/libexec/ui/cscript

All devices

Python script

#!/usr/bin/python

Devices running Junos OS with Enhanced Automation

Devices running Junos OS Evolved

Note:

For security reasons, Junos OS has strict requirements for running unsigned Python scripts on devices running Junos OS. Only devices running Junos OS with Enhanced Automation and devices running Junos OS Evolved support using unsigned Python scripts in DHCP option 43 suboption 01.

If the operating system does not find the characters #! followed by an interpreter path, it treats the file as a configuration in text format and loads the configuration on the device.

Zero Touch Provisioning Restart Process Triggers

ZTP restarts when any of the following events occur:

  • Request for configuration file, script file, or image file fails.

  • Configuration file is incorrect, and commit fails.

  • No configuration file and no image file is available.

  • Image file is corrupted, and installation fails.

  • No file server information is available.

  • DHCP server does not have valid ZTP parameters configured.

  • When none of the DHCP client interfaces goes to a bound state.

  • On Junos OS Evolved devices, if downloading a file fails, ZTP restarts.

When any of these events occur, ZTP resets the DHCP client state machine on all of the DHCP client-configured interfaces (management and network) and then restarts the state machine. Restarting the state machine enables the DHCP client to get the latest DHCP server-configured parameters.

Before ZTP restarts, approximately 15 to 30 seconds must elapse to allow enough time to build a list of bound and unbound DHCP client interfaces.

The list of bound and unbound DHCP client interfaces can contain:

  • No entries.

  • Multiple DHCP client interfaces.

    Priority is given to the DHCP client interfaces that have received all ZTP parameters (software image file, configuration file, and file server information) from the DHCP server.

ZTP attempts to download the software image and configuration files from the file server. If that download fails, ZTP clears the DHCP client binding on that interface and restarts the state machine on other interfaces.

The ZTP restart process continues until there is either a successful software upgrade, or an operator manually commits a user configuration and deletes the ZTP configuration.

Zero Touch Provisioning on PTX10008 Routers running Junos OS Evolved

Zero Touch Provisioning (ZTP) allows you to provision your router in your network automatically, with minimal manual intervention. Starting in Junos OS Evolved Release 20.1R1, the PTX10008 devices support automation of the device configuration and software upgrade over the management interface of Routing Engine 0 (RE0).

ZTP is enabled on the PTX10008 device in the factory default mode. You can connect the management interface (re0:mgmt-0) to a network with a Dynamic Host Configuration Protocol (DHCP) server, and then add ZTP configuration to the DHCP server. Use the show interfaces re0:mgmt-0 command on the PTX10008 device to find the MAC address of the interface to use on the DHCP server configuration.

When the PTX10008 device is able to contact the DHCP server and retrieve ZTP parameters, it performs the following ZTP operations based on these parameters:

  1. Fetches the specified image and/or configuration file using the specified protocol.

  2. If an image is specified, ZTP installs the image on both Routing Engines and reboots the device.

  3. If a configuration file is specified:

    • If the file is a Junos configuration, ZTP applies the configuration on the device.

    • If the file is a script, ZTP executes the script on the device.

Zero Touch Provisioning Using DHCP Options

Zero Touch Provisioning (ZTP) allows for automatic provisioning of Juniper Network devices that you add to your network. You can provision any supported device by using either a script to be executed or a configuration file to be loaded. You will also need to configure a DHCP server with required information, which is provided in this procedure, to use ZTP.

ZTP requires that your device is in a factory default state. The device from the factory boots with preinstalled software and factory default configuration. On a device that does not currently have the factory default configuration, you can issue the request system zeroize command.

Before you begin:

  • Ensure that the device has access to the following network resources:

    • The DHCP server that provides the location of the software image and configuration files on the network

      Refer to your DHCP server documentation for configuration instructions.

    • The File Transfer Protocol (anonymous FTP), Hypertext Transfer Protocol (HTTP), or Hypertext Transfer Protocol Secure (HTTPS), or Trivial File Transfer Protocol (TFTP) server on which the software image and configuration files are stored

      Note:

      Although TFTP is supported, we recommend that you use FTP or HTTP instead, because these transport protocols are more reliable.

      CAUTION:

      HTTP URLs are limited to 256 characters in length.

    • A Domain Name System (DNS) server to perform reverse DNS lookup (not supported).

    • (Optional) An NTP server to perform time synchronization on the network

    • (Optional) A system log (syslog) server to manage system log messages and alerts.

      Syslog messages will be forwarded to this syslog server during ZTP.

  • Locate and record the MAC address for your device.

    On PTX10008 devices, the management MAC addresses are located on routing engines.

CAUTION:

You cannot commit a configuration while the device is performing the software update process. If you commit a configuration while the device is performing the configuration file autoinstallation process, the process stops, and the configuration file is not downloaded from the network.

To enable zero touch provisioning for a device using DHCP options:

  1. Boot the device.
  2. Make sure the device has the default factory configuration installed.

    Issue the request system zeroize command on the device that you want to provision.

    Starting in Junos OS Evolved Release 19.3R1, on the QFX5220-128C device, in Zero Touch Provisioning (ZTP), you can use either WAN interfaces or management interfaces to automatically download and install the appropriate software and the configuration file on your device during the bootstrap process. ZTP automatically configures on a WAN port that has the default port speed of 100-Gbps, and then connects your device to the Dynamic Host Configuration Protocol (DHCP) server to perform the bootstrap process:

    • If multiple DHCP replies arrive, ZTP chooses the best set of arguments.

    • If multiple interfaces provide the same arguments, ZTP chooses one of the interfaces.

    • If there is an error while connecting to DHCP server, ZTP retries to connect to the DHCP server, and if multiple interfaces again provide the same arguments, ZTP chooses one of the interfaces.

    We recommend you provision the DHCP server and save the software and configuration file in the specified DHCP server path on the file server.

  3. Download the software image file and/or the configuration file to the FTP, HTTP, or TFTP server from which the device will download these files.
  4. Configure the DHCP server to provide the necessary information to the device.

    Configure IP address assignment.

    You can configure the dynamic or static IP address assignment for the management address of the device.

    Note:

    This address can be any address from the pool.

  5. Define the format of the vendor-specific information for DHCP option 43 in the dhcpd.conf file.

    Here is an example of an ISC DHCP 4.2 server dhcpd.conf file:

  6. Configure the following DHCP option 43 suboptions:
    • Suboption 00: The name of the software image file to install.

      Note:

      When the DHCP server cannot use suboption 00, configure the software image filename using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

      For example:

    • Suboption 01: The name of the script or configuration file to install.

      For example:

      Note:

      Optionally, you can specify a non-default port number for the HTTP and HTTPS protocols by appending the port number to the image or configuration name separated by a ":". For example,

      /dist/config/jn-switch35.config:8088. In this case, if the transfer protocol is HTTP or HTTPS, then is used as the port number. If the transfer protocol is FTP or TFTP, then the port number 8088 is ignored.
      Note:

      ZTP determines if the file is a script file based on the first line of the file. If the first line contains the characters #! followed by an interpreter path, ZTP treats the file as a script and executes it with the specified interpreter path. For a script to execute, the script file must provide the ability to fetch and load a valid configuration file on the device during the ZTP process.

      The following list provides the types of scripts and their associated interpreter paths:

      • Shell script interpreter path: #!/bin/sh

      • SLAX script interpreter path: #!/usr/libexec/ui/cscript

      • Python script interpreter path: #!/usr/bin/python

        For security reasons, Junos OS has strict requirements for running unsigned Python scripts on devices running Junos OS. Only devices running Junos OS with Enhanced Automation and devices running Junos OS Evolved support running unsigned Python scripts as part of the ZTP process.

      If the file does not contain special characters (#!) , ZTP determines that the file is a configuration file and loads the configuration file.

    • Suboption 02: The symbolic link to the software image file to install.

      Note:

      If you do not specify suboption 2, the ZTP process handles the image filename as a filename, not a symbolic link.

    • Suboption 03: The transfer mode that the device uses to access the TFTP, FTP, HTTP, or HTTPS server. If you select FTP as the transfer mode, Junos OS uses the anonymous FTP login to download files from the FTP server.

      Note:

      If suboption 03 is not configured, TFTP becomes the transfer mode by default.

      If you select either the HTTP or HTTPS transfer mode, you can provide a username and password, and those parameters are authenticated.

      Here's the format for HTTP transfer mode:

      If the transfer mode isn't HTTP or HTTPS, another transfer mode is used--for example, FTP.

      If the transfer mode is HTTP or HTTPS, and a username and password are provided, the device sends an HTTP GET request with the authorization headers to download the software image.

      If you don't provide a username and password, the device doesn't add authorization headers to download the software image.

    • Suboption 04: The name of the software image file to install.

      Note:

      If the DHCP server does not support suboption 00, configure the image file using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

      For example:

    • Suboption 05: The IP address of the FTP server or the HTTP port that the device uses to download either the pre-configuration script, image, or configuration file.

      If there is an http_port file located in the /var/tmp/ directory, this suboption will be used as an HTTP port. If there isn't a file in this location, this suboption will be used as an FTP IP address.

    • Suboption 08: HTTP proxy server information that is passed from the DHCP server to the DHCP client. This is useful when the device needs to access the phone-home server or redirect server via a proxy server.

      Note:

      When you configure the DHCP server and HTTP proxy server, make sure that you use the correct port number to allow traffic to flow through the secure tunnel. Also, make sure that the hostname or IP address of the HTTP proxy server and port number are separated by a colon: for example, 192.168.10.10:8080. If you don't use a colon, port 1080 is used.

      When the DHCP client receives the HTTP proxy server information, it is saved in the /var/etc/phc_vendor_specific_info.xml (INET) file.

      If the DHCP client does not receive the HTTP proxy server information, nothing is saved to the /var/etc/phc_vendor_specific_info.xml (INET) file, and the DHCP client moves into a bound state.

      You can renew the HTTP proxy server information by issuing the request dhcp client renew interface command. The DHCP client fetches the valid HTTP proxy server information from the DHCP server. Using the command is simpler than having to restart the provisioning process When the HTTP proxy server is renewed, or the HTTP proxy server information is changed or deleted, jdhcp will rewrite the /var/etc/phc_vendor_specific_info.xml file with the latest information received from suboption 8.

      Here's the format for this option:

      Here's an example of the format using a fictitious proxy name:

    • Suboption 09:The name of your pre-upgrade script.

      You can use a pre-upgrade script to download signing keys or certificates for your third-party applications before provisioning your device. You can also use a pre-upgrade script to specify the management and WAN interface names and the speed of the WAN interfaces. ZTP uses this information to avoid cycling through the unnecessary speed groups where the interface does not reside.

      Here's the format for this option:
  7. (Mandatory) Configure either option 150 or option 66.
    Note:

    You must configure either option 150 or option 66. If you configure both option 150 and option 66, option 150 takes precedence, and option 66 is ignored. Also, make sure you specify an IP address, not a hostname, because name resolution is not supported.

    • Configure DHCP option 150 to specify the IP address of the FTP, HTTP, HTTPS, or TFTP server.

      For example:

    • Configure DHCP option 66 to specify the IP address of the FTP, HTTP, HTTPS, or TFTP server.

      For example:

  8. (Optional) Configure DHCP option 7 to specify one or more system log (syslog) servers.

    For example:

  9. (Optional) Configure DHCP option 42 to specify one or more NTP servers.

    List each NTP server separated by a space.

    For example:

  10. Connect the device to the network that includes the DHCP server and the FTP, HTTP, HTTPS, or TFTP server.
  11. Power on the device.
  12. Monitor the ZTP process by looking at the console.
    Note:

    When SLAX scripts are executed, the op-script.log and event-script.log files are produced.

    For Junos OS Evolved, use the /var/log/ztp.log file to troubleshoot.

    You can also monitor the ZTP process by looking at error messages and issuing operational commands. See Monitoring Zero Touch Provisioning for more information.

Zero Touch Provisioning Using DHCPv6 Options

Note:

Zero Touch Provisioning (ZTP) using DHCPv6 options isn't supported on Junos OS Flex images. A Flex image has the word "flex" in the filename. Here is an example filename of a Flex image: jinstall-host-qfx-5e-flex-x86-64-20.4R3.8-secure-signed.tgz.

The DHCPv6 protocol doesn't have a subnet option for the IA_NA (identity association for non-temporary addresses) to learn and install subnet routes. Instead, the subnet route is installed through Neighbor Discovery Protocol.

In IPv6, devices periodically advertise IPv6 prefixes along with other link parameters using Router Advertisement (RA) messages. On the client (Juniper device running ZTP), once the DHCPv6 client is bound, the Neighbor Discovery Protocol (NDP) will learn these prefixes and installs the prefix routes via the client interface, with the next hop as the link to the local address of the gateway device.

On the client device, router advertisement configuration is enabled by default along with the DHCPv6 configuration.

  • Ensure that the device has access to the following network resources:

    • The DHCP server that provides the location of the software image and configuration files on the network

      Refer to your DHCP server documentation for configuration instructions.

    • The File Transfer Protocol (anonymous FTP), Trivial File Transfer Protocol (TFTP), Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) server on which the software image and configuration files are stored.

      CAUTION:

      HTTP URLs are limited to 256 characters in length.

  • Locate and record the MAC address printed on the device.

Zero Touch Provisioning (ZTP) allows for automatic provisioning of Juniper Network devices that you add to your network. You can provision any supported device by using either a script to be executed or a configuration file to be loaded.

To use ZTP, you configure a DHCP server to provide the required information. If you do not configure the DHCP server to provide this information, the device boots with the preinstalled software and default factory configuration. If your device is not in a factory default state, you can issue the request system zeroize command.

Optionally, you can configure an HTTP proxy server for either the phone-home server or redirect server. When the phone-home client receives information regarding the HTTP proxy server via DHCP option 17 suboption 8, it will create an HTTPS transparent tunnel with the proxy server. Once the tunnel is established, the phone-home client uses the tunnel as a proxy for the phone-home server or redirect server. The phone-home client downloads the software image and configuration file through the tunnel onto the device. Once bootstrapping is complete, the device reboots and the tunnel quits.

Note:

Starting in Junos OS Release 20.2R1-S1, the DHCPv6 client is supported the MX-Series, EX3400, EX4300, QFX5100, and QFX5200 switches. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. The DHCP server uses DHCPv6 options 59 and 17 and applicable sub-options to exchange ZTP-related information between itself and the DHCP client.

CAUTION:

You cannot commit a configuration while the device is performing the software update process. If you commit a configuration while the device is performing the configuration file autoinstallation process, the process stops, and the configuration file is not downloaded from the network.

To use zero touch provisioning for a device using DHCPv6 options:

  1. Boot the device.
  2. Make sure the device has the default factory configuration installed.
    • If multiple DHCP replies arrive, the ZTP chooses the best set of arguments.

    • If multiple interfaces provide the same arguments, ZTP chooses one of the equal interfaces.

    • If there is an error while connecting to the DHCP server, ZTP tries again to connect to the DHCP server. If multiple interfaces again provide the same arguments, ZTP chooses one of the interfaces.

    We recommend you to provision the DHCP server and save the software and configuration file in the specified DHCP server path on the file server.

  3. Download the software image file and the configuration file to the FTP, HTTP, HTTPS, or TFTP server from which the device will download these files.
  4. Configure the DHCP server to provide the necessary information to the device.
  5. Configure IP address assignment.

    You can configure dynamic or static IP address assignment for the management address of the device. To determine the management MAC address for static IP address mapping, add 1 to the last byte of the MAC address of the device, which you noted before you began this procedure.

  6. Define the format of the DHCPv6 option 59 (OPT_BOOTFILE_URL) in the dhcpd6.conf file, so the server can send information about URLs to images to the client.

    Here’s the format for this option:

    For example:

    The transfer mode and IPv6 address are required, but the port number is optional. If you do not specify the port number, the default port number of the transfer mode is used. If you specify the port number in options 17 and 59, then the port number mentioned in option 17 vendor-specific information option is used.

    You can specify the image file name in either option 59 or option 17. If the image file name is mentioned in both options 59 and 17, then the image name mentioned in option 17 vendor-specific information option is used.

  7. Define the format of the vendor-specific information for the following DHCP option 17 suboptions:

    Here is an example of an ISC DHCP 4.2 server dhcpd6.conf file:

    • Suboption 00: The name of the software image file to install.

      Note:

      When the DHCP server cannot use suboption 00, configure the software image filename using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

      For example:

    • Suboption 01: The name of the script or configuration file to install.

      For example:

      Note:

      ZTP determines if the file is a script file based on the first line of the file. If the first line contains the characters #! followed by an interpreter path, ZTP treats the file as a script and executes it with the specified interpreter path. In order for a script to execute, the script file must provide the ability to fetch and load a valid configuration file on the device during the ZTP process.

      The following list provides the types of scripts and their associated interpreter paths:

      • Shell script interpreter path: #!/bin/sh

      • SLAX script interpreter path: #!/usr/libexec/ui/cscript

      • Python script interpreter path: #!/usr/bin/python

        For security reasons, Junos OS has strict requirements for running unsigned Python scripts on devices running Junos OS. Only devices running Junos OS with Enhanced Automation and devices running Junos OS Evolved support running unsigned Python scripts as part of the ZTP process.

      If the file does not contain special characters (#!) , ZTP determines that the file is a configuration file and loads the configuration file.

    • Suboption 02: The image type.

      Note:

      If you do not specify suboption 2, the ZTP process handles the software image as a filename, not a symbolic link.

    • Suboption 03: The transfer mode that the device uses to access the TFTP, FTP, HTTP, or HTTPS server.

      Note:

      If suboption 03 is not configured, the transfer mode mentioned in option 59 for the boot image URL is used.

    • You can specify the URL where the boot file is located as well as an authentication scheme you can use to download the software image, configuration file, or alternate image.

      The primary URL schemes you provide in suboptions 00, 01, and 02 take precedence over the URL specified in the bootfile-url option. If you don't specify the image, configuration, or alternate image as a URL in suboptions 00, 01, and 02, the boot file URL specified in the bootfile-url option is used to download these resources.

      As part of the bootfile-url, you can also specify basic authentication (username and password) for HTTP and HTTPS transfer modes for the software image, configuration file, and alternate image. The username and password are encoded in base64 as part of RFC 7617.

      If the transfer mode is HTTP or HTTPS, the device parses the username and password information.

      Here is an example that shows the HTTP transfer mode and an authentication scheme that uses ztp as the username and welcome as the password:

      For example:

      If the transfer mode isn't HTTP or HTTPS, the device will proceed with the other transfer modes that you've specified as part of DHCPv6 option 17 suboptions 00, 01, and 03.

    • Suboption 04: The name of the software image file to install.

      Note:

      When the DHCP server cannot use suboption 00, configure the image file using suboption 04. If both suboption 00 and suboption 4 are defined, suboption 04 is ignored.

      For example:

    • Suboption 05: The port that the device uses to download either the image or configuration file or both instead of the default port.

    • The DHCPv6 protocol defines the Vendor-specific Information Option ("VSIO”) in order to send vendor options encapsulated in a standard DHCP option.

    The following example configuration shows the DHCPv6 options you’ve just configured:

  8. Power on the device with the default configuration.
  9. Monitor the ZTP process by looking at the console.
    Note:

    When SLAX scripts are executed, the op-script.log and event-script.log files are produced.

    For Junos OS Evolved, use the /var/log/ztp.log file to troubleshoot.

    You can also monitor the ZTP process by looking at error messages and issuing operational commands. See Monitoring Zero Touch Provisioning for more information.

Monitoring Zero Touch Provisioning

You can use the console and operational mode commands to monitor Zero Touch Provisioning.

For Junos OS Evolved, to monitor zero touch provisioning, use the show system ztp operational mode command.

Using the Console to Monitor Zero Touch Provisioning in Junos OS Evolved

Purpose

System log files provide information on the state of the auto-upgrade process, lists of bound and unbound DHCP client interfaces, IP addresses of file servers, names and locations of image and configuration files, and successful and failed attempts at fetching configuration and image files.

Action

Use the information in the console to monitor the auto-upgrade process.

Here is an example of output for Junos OS Evolved.

Meaning

The console shows the progress of ZTP.

Using the show dhcp client binding Command

Purpose

Issue the show dhcp client binding command to display DHCP client binding information

Action

Issue the show dhcp client binding command to display the IP address of the DHCP client, the hardware address of the DHCP client, number of seconds in which the DHCP client’s IP address lease expires, state of the DHCP client IP address in the binding table, and the name of the interface that has active client bindings.

show dhcp client binding

Meaning

The output of this command shows that there is one client interface that is bound, and that there are three interfaces that are receiving DHCP offers from the DHCP server.

Using the show dhcpv6 client binding Command

Purpose

Issue the show dhcpv6 client binding command to display DHCP client binding information

Action

Issue the show dhcp6 client binding command to display the IP address of the DHCPv6 client, the hardware address of the DHCPv6 client, number of seconds in which the DHCPv6 client’s IP address lease expires, state of the DHCPv6 client IP address in the binding table, and the name of the interface that has active client bindings.

show dhcpv6 client binding

Meaning

The output of this command shows that there is one client interface that is bound, and that there are three interfaces that are receiving DHCPv6 offers from the DHCP server.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
21.4R1-EVO
Starting in Junos OS Evolved Release 21.4R1 on the QFX5130-32CD, QFX5220, and QFX5700 devices, ZTP supports the DHCPv6 client on the management interface. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. The DHCP server uses DHCPv6 options 59 and 17 and applicable sub-options to exchange ZTP-related information between itself and the DHCP client.
21.3R1-EVO
Starting in Junos OS Evolved Release 21.3R1, on PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016 devices, ZTP now supports DHCP options 61 and 77. DHCP option 61 is used to specify the chassis serial number, and DHCP option 77 is used to specify the make, model, and software version of the chassis.
21.2R1-EVO
Starting in Junos OS Evolved Release 21.2R1 on PTX10008 devices, Zero Touch Provisioning (ZTP) dynamically detects the port speed of WAN interfaces and uses this information to create ZTP server ports with the same speed.
21.2R1-EVO
Starting in Junos OS Evolved Release 21.2R1, QFX5700 devices support the ability for either WAN interfaces or management interfaces to automatically download and install the appropriate software and the configuration file on your device during the ZTP bootstrap process.
21.2R1
Starting in Junos OS Release 21.2R1 on QFX10002 devices, Zero Touch Provisioning (ZTP) dynamically detects the port speed of WAN interfaces and uses this information to create ZTP server ports with the same speed.
21.2R1
Starting in Junos OS Release 21.2R1, on EX2300-C, EX2300-MP, EX4300, EX4300-MP, EX4300-VC, EX4400-24MP, EX4400-48MP, EX4600-VC, EX4650, and EX4650-48Y-VC devices, during the bootstrapping process, the phone-home client can access the redirect server through a proxy server. The DHCP server uses DHCP option 43 suboption 8 to deliver the details of IPv4 and/or IPv6 proxy servers to the phone-home client. The DHCP daemon running on the target switch learns about the proxy servers in the initial DHCP cycle and then populates either the phc_vendor_specific_info.xml or the phc_v6_vendor-specific_info.xml files located in the /var/etc/ directory with the vendor-specific information.
21.2R1
Starting in Junos OS Release 21.2R1, on EX2300-C, EX2300-MP, EX4300, EX4300-MP, EX4300-VC, EX4400-24MP, EX4400-48MP, EX4600-VC, EX4650, and EX4650-48Y-VC devices, you can use a DHCPv6 client and ZTP to provision a switch. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding the image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device continues to check for bindings until provisioning is successful. However, if there are no DHCPv4 bindings, the device checks for DHCPv6 bindings and follows the same process as for DHCPv4 until the device is provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device. The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.
21.1R1
Starting in Junos OS Release 21.1R1, on EX2300, EX2300-VC, EX3400, EX3400-VC, EX4400-24T, EX4400-48F, EX4400-48T, and EX4600 devices, when the phone-home client receives information regarding the HTTP proxy server via DHCP option 43 suboption 8, it will create an HTTPS transparent tunnel with the proxy server. Once the tunnel is established, the phone-home client uses the tunnel as a proxy for the phone-home server or redirect server. The phone-home client downloads the software image and configuration file through the tunnel onto the device. Once bootstrapping is complete, the device reboots and the tunnel quits.
21.1R1
Starting in Junos OS Release 21.1R1, on EX2300, EX2300-VC, EX3400, EX3400-VC, EX4400-24T, EX4400-48F, EX4400-48T, and EX4600 devices, during the bootstrapping process, the phone-home client can access the redirect server through a proxy server. The DHCP server uses DHCP option 43 suboption 8 to deliver the details of IPv4 and/or IPv6 proxy servers to the phone-home client. The DHCP daemon running on the target switch learns about the proxy servers in the initial DHCP cycle and then populates either the phc_vendor_specific_info.xml or the phc_v6_vendor-specific_info.xml files located in the /var/etc/ directory with the vendor-specific information.
20.4R1-EVO
Starting in Junos OS Evolved Release 20.4R1, PTX10004 devices support automation of the device configuration and software upgrade over the management interface of Routing Engine 0 (RE0).
20.4R1-EVO
Starting in Junos OS Evolved Release 20.4R1, ACX5448 and QFX5120-48YM devices support the ability for either WAN interfaces or management interfaces to automatically download and install the appropriate software and the configuration file on your device during the ZTP bootstrap process.
20.4R1
Starting in Junos OS Release 20.4R1 on the MX-Series, EX3400, EX4300, QFX5100, and QFX5200 devices, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. The DHCP server uses DHCPv6 options 59 and 17 and applicable sub-options to exchange ZTP-related information between itself and the DHCP client.
20.4R1
Starting in Junos OS Release 20.4R1 on the EX4600, EX4650, EX9200 with RE-S-EX9200-2X00X6, QFX5110, QFX5200, QFX5210, QFX5120-32C, and QFX5120-48Y devices, you can use either the legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. When the switch boots up, if there are DHCP options that have been received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots up, PHC connects to a redirect server, which redirects to a phone home server to obtain the configuration or software image.
20.2R1-S1
Starting in Junos OS Release 20.2R1-S1 on the MX-Series, EX3400, EX4300, QFX5100, and QFX5200 devices, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. The DHCP server uses DHCPv6 options 59 and 17 and applicable sub-options to exchange ZTP-related information between itself and the DHCP client.
20.2R1
Starting in Junos OS Release 20.2R1 on SRX300, SRX320, SRX340, SRX345, SRX550 HM, and SRX1500 devices, you can use Zero Touch Provisioning with DHCP options or the phone-home client to provision your device.
20.1R1-EVO
Starting in Junos OS Evolved Release 20.1R1 on PTX10003 devices, Zero Touch Provisioning (ZTP) dynamically detects the port speed of WAN interfaces and uses this information to create ZTP server ports with the same speed.
20.1R1-EVO
Starting in Junos OS Evolved Release 20.1R1, PTX10008 devices support automation of the device configuration and software upgrade over the management interface of Routing Engine 0 (RE0).
19.4R1
Starting in Junos OS Release 19.4R1, ZTP can automate the provisioning of the device configuration and software image on Juniper Route Reflector (JRR). ZTP supports self image upgrades and automatic configuration updates using ZTP DHCP options. In this release, ZTP supports revenue ports em2 thru em9, in addition to management port em0 which is supported in Junos OS Releases before 19.4R1.
19.3R1-Evo
Starting in Junos OS Evolved Release 19.3R1, on QFX5220-128C device, in Zero Touch Provisioning (ZTP), you can use either WAN interfaces or management interfaces, to automatically download and install the appropriate software and the configuration file on your device during the bootstrap process.
19.3R1
Starting in Junos OS Release 19.3R1, you can use either WAN interfaces or management interfaces to automatically download and install the appropriate software and the configuration file on your router during the ZTP bootstrap process.
19.2R1
Starting in Junos OS Release 19.2R1, ZTP can automate the provisioning of the device configuration and software image on management interface em0 for ACX5448 switches.
19.1R1-EVO
Starting in Junos OS Evolved Release 19.1R1, ZTP can automate the provisioning of the device configuration and software image on the management interface for QFX5220 and PTX10003 devices.
19.1-Evo
Starting in Junos OS Evolved Release 19.1R1, to monitor zero touch provisioning on Junos OS Evolved, use the show system ztp command.
18.3R1
Starting in Junos OS Release 18.3R1, ZTP, which automates the provisioning of the device configuration and software image with minimal manual intervention, is supported on MX Series VM hosts.
18.2R1
Starting in Junos OS Release 18.2R1, ZTP can automate the provisioning of the device configuration and software image on VM host platforms that use PTX5000, PTX3000, PTX10008, PTX10016, PTX10002-60C routers.
18.2R1
Starting in Junos OS Release 18.2R1, ZTP can automate the provisioning of the device configuration and software image on VM host platforms that use QFX10008 and QFX10016 switches.
18.1R1
Starting in Junos OS Release 18.1R1, ZTP can automate the provisioning of the device configuration and software image on VM host platforms that use QFX10002-60C switches.
17.2R1
Starting in Junos OS Release 17.2R1, ZTP can automate the provisioning of the device configuration and software image on VM host platforms that use PTX1000 routers.
16.1R1
Starting in Junos OS Release 16.1R1, you can provision supported devices by using either a script to be executed or a configuration file to be loaded.
12.2
Starting in Junos OS Release 12.2, you can use the console and operational commands to monitor Zero Touch Provisioning.