Configure Zero Touch Provisioning

This chapter describes Zero Touch Provisioning (ZTP) and procedures to configure ZTP.

Table 1. Feature History

Feature Name

Release Information

Feature Description

Zero Touch Provisioning (ZTP)

Cisco IOS XR Release 6.5.31

ZTP allows you to easily deploy the network with minimal user intervention. You need not login to each router to configure the router during the network deployment.

Two ZTP configurations are supported:

  • ZTP client runs on 42XX platform (XE Device) and ZTP is configured on NCS 4000

  • ZTP client runs on NCS 540 and ZTP is configured on NCS 4000

Commands added:

  • ztp initiate

  • ztp terminate

  • ztp clean

Understanding ZTP

ZTP makes it easier for the network operators to deploy and manage the network. The field technician need not login into each router during its deployment to configure the router as it is automatically configured.

ZTP Client on 42XX platform (XE Device)

ZTP client runs on the 42XX platform and ZTP is configured on NCS 4000. In this case, the ZTP client uses the TFTP server to download and apply an initial ZTP configuration.

ZTP Client on NCS 540

ZTP client runs on NCS 540 and ZTP is configured on NCS 4000. In this case, the ZTP client uses the HTTP server to perform the following tasks:

  • Download and apply an initial configuration—If the downloaded file content starts with !! IOS XR it is considered as a configuration file, and ZTP performs apply_config action on the configuration file.

  • Download and execute a shell script—If the downloaded file content starts with #! /bin/bash, #! /bin/sh or #!/usr/bin/python it is considered as a script file, and ZTP executes the script.

Prerequisites

  • The connection between the DHCP server, TFTP (for 42XX platform) or HTTP server (for NCS 540), and the router must be established.

  • The TFTP or HTTP server must have the required ZTP configuration file and must be accessible to the router.

  • (ZTP on NCS 540) Ensure that the ncs4k-k9sec.pkg and ncs4k-mgbl.pkg packages are installed on NCS 4000.

  • (ZTP on NCS 540) Ensure that the host name is not configured on NCS 540.

Restriction

ZTP is supported only on the data port and not on the management port.

Limitation of ZTP on NCS 540

ZTP client does not run on NCS 540 when the DHCP sever is configured on a VLAN other than the default VLAN.

Example of ZTP Configuration on NCS 4000 to run ZTP on NCS 540


Note

Place the configuration file in the http home directory on the http server. If the http server is configured on NCS 4000, then the configuration file must be placed under the /pkg/CTC directory on NCS 4000.

Example


pool vrf default ipv4 test_pool
 network 20.0.0.0/24
 exclude 20.0.0.0 0.0.0.0
 exclude 20.0.0.1 0.0.0.0
 exclude 20.0.0.2 0.0.0.0
 exclude 20.255.255.255 0.0.0.0
!  
dhcp ipv4 
 profile test_dhcp server
  bootfile http://20.0.0.1/ncs5k-day0.cfg
  pool test_pool
  option 43 hex 010a6578722d636f6e666967020100
  default-router 20.0.0.1
 !        
 interface FortyGigE0/8/0/7 server profile test_dhcp
!  
interface FortyGigE0/8/0/7
 ipv4 address 20.0.0.1 255.255.255.0
!
http server
!

Start ZTP on NCS 540

There are two modes of ZTP.

  • Fresh boot

  • Manual invocation

Fresh Boot

Perform the following steps to perform fresh boot using ZTP.

  1. Trigger ZTP after reload to download and execute a config file or a script.

    1. Change the order of fetcher priority in /pkg/etc/ztp.ini file as follows. 

      
[ios:~]$ cat /pkg/etc/ztp.ini
[Fetcher Priority]
usb:    0
DPort4: 1
Mgmt4:  2
Mgmt6:  3
DPort6: 4
[ios:~]$

    2. Use the conf t/commit replace command.

    3. Use the ztp clean command.

    4. Use the reload location all command.

      or

      Use the hw-module location all reload command in admin console.

    You can monitor the console logs available at /disk0:/ztp/ztp.log to check the status of the ZTP operation.

  2. Trigger ZTP after reload to download and execute a config file or a script and also to upgrade device image using iPXE.

    1. Change the order of fetcher priority in /pkg/etc/ztp.ini file as follows. 

      
[ios:~]$ cat /pkg/etc/ztp.ini
[Fetcher Priority]
usb:    0
DPort4: 1
Mgmt4:  2
Mgmt6:  3
DPort6: 4
[ios:~]$

    2. Use the hw-module location all bootmedia network reload command in admin console.

    You can monitor the console logs available at /disk0:/ztp/ztp.log to check the status of the ZTP operation.

Manual Invocation

Perform the following steps to manually initiate ZTP.

  1. Perform the following steps to manually initiate ZTP on a data interface.

    1. Unconfigure host name on the router.

    2. Use the ztp initiate debug verbose int data interface-name command.

    You can monitor the console logs available at /disk0:/ztp/ztp.log to check the status of the ZTP operation.

  2. Perform the following steps to manually initiate ZTP on all the data interfaces.

    1. Unconfigure host name on the router.

    2. Use the ztp initiate dataport dhcp4 noprompt command.

    You can monitor the console logs available at /disk0:/ztp/ztp.log to check the status of the ZTP operation.

Terminate ZTP Sessions in Progress

Use the ztp terminate command to terminate any ZTP session in progress.

Remove ZTP State Files

Use the ztp clean command to remove the ZTP state files.

ZTP Script

The following is the example content of /pkg/CTC/ztp_day0.sh script.

ztp_day0.sh

#!/bin/bash
source /pkg/bin/ztp_helper.sh

# If we want to only run one time: 
xrcmd "show running" | grep -q myhostname
if [[ $? -eq 0 ]]; then
    echo Already configured
fi

#set the hostname
xrapply_string_with_reason "system renamed again" "hostname venus"

ZTP Utilities

ZTP includes a set of shell utilities that can be sourced within the user script. ztp_helper.sh is a shell script that can be sourced by the user script. ztp_helper.sh provides simple utilities to access some XR functionalities. Following are the bash functions that can be invoked:

  • xrcmd—Used to run a single XR exec command: 

    xrcmd “show running”

  • xrapply—Applies the block of configuration, specified in a file: 

    
cat >/tmp/config <<%%
!! XR config example
hostname node1-mgmt-via-xrapply
%%
xrapply /tmp/config

  • xrapply_with_reason—Used to apply a block of XR configuration along with a reason for logging purpose: 

    
cat >/tmp/config <<%%
!! XR config example
hostname node1-mgmt-via-xrapply
%%
xrapply_with_reason "this is a system upgrade" /tmp/config

  • xrapply_string—Used to apply a block of XR configuration in one line: 

    xrapply_string "hostname foo\ninterface GigabitEthernet0/0/0/0\nipv4 address 1.2.3.44 255.255.255.0\n"

  • xrapply_string_with_reason—Used to apply a block of XR configuration in one line along with a reason for logging purposes: 

    xrapply_string_with_reason ”system renamed again" "hostname venus\n interface TenGigE0/0/0/0\n ipv4 address 172.30.0.144/24\n”

  • xrreplace—Used to apply XR configuration replace in XR namespace through a file. 

    
cat rtr.cfg <<%%
!! XR config example
hostname node1-mgmt-via-xrreplace
%%
xrreplace rtr.cfg

  • admincmd—Used to run an admin CLI command in XR namespace. Logs can be found in /disk0:/ztp/ztp_admincmd.log

    admincmd running [show platform]

  • xrapply_with_extra_auth—Used to apply XR configuration that requires authentication, in XR namespace through a file. The xrapply_with_extra_auth API is used when configurations that require additional authentication to be applied such as alias, flex groups. 

    
cat >/tmp/config <<%%
!! XR config example
alias exec alarms show alarms brief system active
alias exec version run cat /etc/show_version.txt
%%
xrapply_with_extra_auth >/tmp/config

  • xrreplace_with_extra_auth—Used to apply XR configuration replace in XR namespace through a file The xrreplace_with_extra_auth API is used when configurations that require additional authentication to be applied such as alias, flex groups. 

    
cat >/tmp/config <<%%
!! XR config example
alias exec alarms show alarms brief system active
alias exec version run cat /etc/show_version.txt
%%
xrreplace_with_extra_auth >/tmp/config

Example of ZTP Configuration on NCS 4000 to run ZTP on 42XX Platform


Note

Place the configuration file in the tftp home directory on the tftp server.

Before You Begin

Before testing ZTP, set the configuration register on 42XX platform to 0x2


Router#configure terminal 
Router(config)#config
Router(config)#config-register 0x2
Router(config)#end

The configuration register can be viewed by using the show version command.

Example


tftp vrf ZTP ipv4 server homedir disk1:/config access-list ztp
!
vrf ZTP
 rd 1111:1111
 address-family ipv4 unicast
 !
!
pool vrf ZTP ipv4 test_pool
 network 209.165.201.0/27
 exclude 209.165.201.0 0.0.0.0
 exclude 209.165.201.1 0.0.0.0
 exclude 209.165.201.2 0.0.0.0
 exclude 209.165.201.30 0.0.0.0
!  
dhcp ipv4
 profile test_dhcp server
  match option 60 string "ciscopnp" action allow
  match option 60 default action drop
  bootfile xe-device.cfg
  pool test_pool
  secure-arp
  option 150 ip 209.165.201.1
  default-router 209.165.201.1
 !        
 interface TenGigE0/8/0/1/3.1111 server profile test_dhcp
!         
ipv4 access-list ztp
 10 permit ipv4 209.165.201.0 0.0.0.255 any
!     
interface TenGigE0/8/0/1/3.1111
 vrf ZTP
 ipv4 address 209.165.201.1 255.255.255.0
 encapsulation dot1q 1111
!

Start ZTP on 42XX platform

ZTP is started when the router boots up without configuration in NVRAM. This can be achieved using one of the following methods:

  • Press the ZTP button located on the front panel for about two seconds. Pressing the ZTP button for about eight seconds reloads the router. ZTP is not started in this case.

  • Use the write erase command on the router and reload it without saving the configurations.