Notes - Classic ZTP
Classic ZTP requires two external services: a DHCP server and a web server.
iPXE
iPXE is used to boot the XR router onto a given software version image. By default the router will boot from the local disk. You can either select iPXE manually during bootup, or use an exec command to force the router to boot into iPXE.
Once the iPXE process is executed, it will run a DHCP client process on the mgmt interface. The dataplane interfaces cannot be used for iPXE. The DHCP client tries both IPv4 and IPv6. In the DHCP Discover message, the vendor class ID contains the router device type (ex. NCS-5001), the client ID contains the serial number, and the user-class contains “iPXE” as opposed to “exr-config” which is used for ZTP.
The DHCP server replies with option 77 (or option 59 if using DHCPv6) which contains an HTTP url to the image hosted on the web server. If the web server in the URL is on a different subnet, the router will automatically add a static route using the router learned via DHCP.
The router will download the image from the webserver and boot off the image.
ZTP
The ZTP process is used to apply an inital configuration via a text file, or to download an executable shell or python script which can be used to automatically download and install packages, apply configuration, and even install third party apps and containers. The term “ZTP artifacts” refers to the CLI configuration text file or scripts which are downloaded from the HTTP server.
The ZTP process is executed when the router boots and there is no configuration on the system. This is determined by no username being present in the config. (You must configure a username before you can configure anything else on the router).
ZTP runs a DHCP client on the mgmt interface for both IPv4 and IPv6. Since the network OS is already running, ZTP supports SLAAC (while iPXE does not). Additionally, ZTP can cycle through dataplane ports and try to use those as well, since the network OS is present. (With iPXE only the mgmt interface is available).
ZTP runs in the control plane LXC linux shell, inside the global-VRF namespace so it has full access to all the data interfaces. It also has root permissions. You can also invoke ZTP manually, in which case you can use data interfaces instead of the mgmt interface.
The DHCP offer contains a user-class of “exr-config” instead of “ipxe” which the DHCP server can use to serve the correct bootfile URL. The DHCP server serves a URL to a python/bash script or a plain txt config file.
IOS-XR has a ztp_helper.sh file which can be sourced to provide the script access to XR functions. This includes “xrcmd” which executes an exec command, “xrapply” which applies a block of config, and “xrreplace” which replaces a block of config. In addition, the script has access to basic tools such as wget to be able to download package files.
The scripts must have one of the following shebangs:
A ZTP script can also check that the router is running the right image. If not, the script can force the router to go to iPXE, install the correct image, and then run ZTP again.
If there’s any error in the ZTP process, it will go back and restart the ZTP execution.
The workflow diagram looks as follows:
Further Reading
Podcasts
Last updated
