Zero Touch Provisioning in Enterprise SONiC: Automating Network Deployment

Post Views: 18

Listen to this Article

As a network engineer who has deployed countless switches, I’ve experienced firsthand how time-consuming and error-prone manual configuration can be. That’s why I’m excited to share with you one of the most powerful features of Enterprise SONiC: Zero Touch Provisioning (ZTP). This automation capability has transformed how we bring up network infrastructure, making it faster, more consistent, and less susceptible to human error.

Introduction to Zero Touch Provisioning

Zero Touch Provisioning (ZTP) is an alternative approach to traditional Day-0 configurations that automates the fabric “bring-up” process. Instead of manually configuring each switch in your data center, ZTP allows you to unbox, cable, and power on your switching infrastructure with minimal human intervention, resulting in a consistently configured network.

The beauty of ZTP lies in its simplicity and power. It eliminates repetitive configuration tasks and ensures standardization across your network infrastructure. For large-scale deployments, this can save countless hours and significantly reduce the potential for configuration errors.

How ZTP Works in Enterprise SONiC

The ZTP process in Enterprise SONiC follows a straightforward workflow:

The SONiC switch boots up and the ZTP service automatically starts if there is no startup configuration file (/etc/sonic/config_db.json) present
A DHCP server provides IP connectivity to the switch’s management interface along with DHCP Option 67, which provides a URL to a ZTP JSON file
The ZTP service downloads this JSON file and processes all individual configuration sections in lexical sorted order
ZTP evaluates the result based on each configuration section and then exits (it doesn’t run again after completion)

This process enables a fully automated deployment from the moment you power on your switch until it’s properly configured and integrated into your network.

Components of ZTP Implementation

DHCP Server Configuration

The DHCP server plays a crucial role in the ZTP process. Here’s a sample DHCP configuration that was tested with “dhcpserver.de”:

[SETTINGS] IPPOOL_1=10.52.136.207-226 IPBIND_1=10.52.136.206 AssociateBindsToPools=1 Trace=1 DeleteOnRelease=0 ExpiredLeaseTimeout=3600 InstallAsService=2 [GENERAL] LEASETIME=86400 NODETYPE=8 SUBNETMASK=255.255.255.192 NEXTSERVER=10.52.136.206 ROUTER_0=10.52.136.193 DNS_1=192.19.189.30 OPTION_67="http://10.52.136.206/ztp/ztp.json"; [DNS-SETTINGS] EnableDNS=0 [TFTP-SETTINGS] EnableTFTP=1 ROOT=C:\Users\admin\Desktop\DHCPServer\wwwroot; WritePermission=1 [HTTP-SETTINGS] EnableHTTP=1 ROOT=C:\Users\admin\Desktop\DHCPServer\wwwroot; Logfile=C:\Users\admin\Desktop\DHCPServer\wwwroot\http_log.txt;

The critical part here is OPTION_67, which points to the ZTP JSON file that will be downloaded by the switch during the provisioning process.

ZTP JSON File Structure

The ZTP JSON file is the heart of the provisioning process. It defines what actions the switch should take during initialization. Here’s a sample ZTP JSON file:

{ "ztp": { "00-firmware": { "install": { "url": "http://10.52.136.206/ztp/sonic-broadcom.bin" } }, "01-configdb-json": { "dynamic-url": { "source": { "prefix": "http://10.52.136.206/ztp/configs/", "identifier": "serial-number", "suffix": "_config_db.json" }, "destination": "/etc/sonic/config_db.json" } }, "02-set-password": { "plugin": { "url": "http://10.52.136.206/ztp/scripts/set-password.sh" } } } }

Let’s break down the sections of this file:

00-firmware: This section instructs the switch to download a SONiC image from the specified URL. If the image differs from the current one, the switch will reboot and install the new image. If the switch is already running the same image, this step is skipped.
01-configdb-json: This section tells the switch to download a configuration file from a dynamic URL based on the switch’s serial number. For example, if a switch has the serial number QTFCU38120009, the URL would be: http://10.52.136.206/ztp/configs/QTFCU38120009_config_db.json The switch downloads this file and saves it as the running configuration.
02-set-password: This section runs a script to create one or more user accounts on the switch.

The sections are processed in lexical order (00, 01, 02), which allows you to control the sequence of operations during provisioning.

Password Script Example

Here’s a simple example of a set-password.sh script that can be used in the ZTP process:

#!/bin/bash
echo "admin:broadcom" | sudo chpasswd exit 0

This script sets the password for the “admin” user to “broadcom”.

Config-DB.JSON

The config-db.json file contains the complete configuration for the switch. This file can be quite extensive, including settings for interfaces, VLANs, routing protocols, and more. Here’s a small excerpt from a sample config-db.json file:

{ "DEVICE_METADATA": { "localhost": { "default_config_profile": "l3", "docker_routing_config_mode": "separated", "hostname": "leaf2", "hwsku": "Quanta-IX8-56X", "mac": "d8:c4:97:3c:e8:6b", "platform": "x86_64-quanta_ix8_rglbmc-r0", "type": "LeafRouter" } }, "VLAN": { "Vlan10": { "dhcp_servers": [ "40.40.40.2" ], "members": [ "PortChannel1", "PortChannel2", "Ethernet18" ], "vlanid": "10" } } }

The beauty of this approach is that you can create multiple configuration files, name them based on the serial number of each switch, and save them in a specified location on your server. When a switch powers on, it automatically pulls its specific configuration.

Implementation Workflow

To implement ZTP in your environment, follow these steps:

Set up a DHCP server with Option 67 pointing to your ZTP JSON file
Create a ZTP JSON file that defines the provisioning steps
Prepare switch-specific configuration files (config_db.json) for each switch, named according to their serial numbers
Place all files on an accessible HTTP/TFTP server
Connect and power on your switches

Once this setup is complete, all you need to do is cable the switches and power them on. They will automatically install the correct software version and configurations.

Benefits and Best Practices

Benefits of ZTP

Time savings: Eliminate manual configuration of each device
Consistency: Ensure standardized configurations across your network
Error reduction: Minimize human errors in the configuration process
Scalability: Easily deploy large numbers of devices with minimal effort
Auditability: Maintain version-controlled configuration files for all devices

Best Practices

Maintain a repository of configuration templates and ZTP files under version control
Test your ZTP process thoroughly in a lab environment before deploying in production
Include error handling in your scripts to address potential issues during provisioning
Document your ZTP infrastructure including DHCP settings, server locations, and file naming conventions
Consider security implications and ensure that passwords and sensitive information are handled securely

Conclusion

Zero Touch Provisioning in Enterprise SONiC offers a powerful way to automate network deployment, reducing operational overhead and ensuring consistency across your infrastructure. By leveraging DHCP, JSON configuration files, and scripts, you can transform the way you deploy and manage your network.

As data centers continue to grow in scale and complexity, automation tools like ZTP become not just convenient but essential. Whether you’re deploying a handful of switches or building out a massive data center fabric, ZTP can significantly streamline your operations and free up valuable engineering time for more strategic initiatives.

In my experience, implementing ZTP has been a game-changer for network deployments. The initial investment in setting up the ZTP infrastructure pays dividends with each new device deployment, making it one of the most valuable features of Enterprise SONiC for operational efficiency.

Krzysztof Prałat

Infuses our technical support with the narrative depth of a book lover and the strategic acumen of a seasoned gamer. His passion for photography, capturing nature's tranquil moments, mirrors his meticulous approach to resolving technical complexities.