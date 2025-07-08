Zero-Touch Provisioning (ZTP) automates initial configuration of switch systems at boot time. It helps minimize manual operation and reduce customer initial deployment cost. ZTP allows for automatic upgrade of the switch with a specified OS image, setting up initial configuration database, and to load and run a container image file.

The initial configuration is applied using a regular text file. The user can create such a configuration file by editing the output of a “show running-config” command.

Note Only a textual configuration file is supported.

The user-defined docker image can be used by customers to run their own applications in a sandbox on their platform. They can therefore also be used for automating initial configuration.

Note Only one docker container can be launched in ZTP.

There is no explicit command to enable ZTP. It is enabled by default. Disabling it is performed by a user-initiated configuration save (using the command “configuration write”). The only way to re-enable ZTP is to run a “reset factory” command, clearing the configuration of the switch and rebooting the system.

ZTP is based on DHCP. For ZTP to work, the software enables DHCP by default on all its management interfaces. The switch OS requests option 66 (tftp-server-name) and 67 (bootfile-name) from the DHCPv4 server or option 58 (bootfile-url) from the DHCPv6 server, and waits for the DHCP responses containing file URLs. The DHCP server must be configured to send back the URLs for the software image, configuration file, and docker container image via these two options. Option 66 would contain the URL prefix to the location of the files, option 67 would contain the name of files, and option 58 would contain the complete URLs of files. The format of these two options is a string list separated by commas. The list items are placed in a fixed order:

DHCPv4

Copy Copied! option tftp-server-name "<image server url>, <config server url>, <docker container server url>" ; option bootfile-name "<image file>, <config file>, <docker container file>" ;

DHCPv6

Copy Copied! option dhcp6.bootfile-url "<image server url/image file>, <config server url/config file>, <docker container server url/docher container file>" ;

Note The item value can be empty, but the comma shall not be omitted.

To have DHCP server discern the proper files based on switch-specific information, the OS must provide identifying information for the server to classify the switches. In addition, the OS attaches option 43 (vendor-specific information) and option 60 (vendor class identifier) in DHCPv4 requests and option 17 (vendor-opts) in DHCPv6. Option 60 is set as string “Mellanox” and options 17 and 43 contain the following specific sub-options:

System Model

Chassis Part Number

Chassis Serial Number

Management MAC

System Profile

MLNX-OS Release Version

The corresponding subtypes respectively are defined as:

Copy Copied! DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_MODEL 1 DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_PARTNUM 2 DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_SERIAL 3 DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_MAC 4 DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_PROFILE 5 DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_RELEASE 6

Upon receiving such DHCP requests from a client, the server should be able to map the switch-specific information to the target file URLs according to predefined rules.

Once the OS receives the URLs from the DHCP server, it executes ZTP as follows:

If the software image URL is not specified, this step is skipped. Otherwise: Perform disk space cleanup if necessary and fetch the image if it does not exist locally Resolve the image version: If it is already installed on active partition, proceed to step 2 If it is installed on a standby partition, switch partition and reboot If it is not installed locally, install it and switch to the new image and then reboot If a reboot occurs, ZTP performs step 1 again and no image upgrade will occur If configuration file URL is not specified, skip this step. Otherwise: Fetch the configuration file Apply the configuration file Skip these steps if a docker image file URL is not specified. Otherwise: Fetch the docker image file Load the docker image Clean up the docker images with the same name and different tag. Start the container based on the image Remove the downloaded docker image file

Note While performing file transfer via HTTP, the same information as DHCP option 43 is expected to be carried in a HTTP GET request. This switch software supports the following proprietary HTTP headers: MlnxSysProfile

MlnxMgmtMac

MlnxSerialNumber

MlnxModelName

MlnxPartNumber

MlnxReleaseVersion

If some sort of failure occurs, the switch waits a random number of seconds between 1 and 20 and reattempts the operation. The switch attempts this up to 10 times.

ZTP progress is printed to terminals including console and active SSH sessions.

For modular switch systems, the two management nodes start ZTP individually. Status synchronization is then performed between the two nodes:

Target software image version needs to be the same, otherwise ZTP fails

Both nodes must install the software image successfully, otherwise ZTP fails

ZTP failure for one node leads to failure for both

ZTP disable on one node leads to ZTP disable for both

ZTP abort on one node leads to ZTP abort for both

In ZTP configuration files, commands between #<CHASSIS_MASTER> and #</CHASSIS_MASTER> pair are only executed on the master.

Copy Copied! #<CHASSIS_MASTER> chassis ha bip 10.7 . 146.34 / 24 #</CHASSIS_MASTER>

Node reboot caused by ZTP is also synchronized:

Master node asks slave to reboot. Slave node switches to next boot location and acknowledges the reboot request. Master node reboots slave node via hardware. Master node reboots itself.

Software upgrade from non-ZTP versions to ZTP versions and vice versa is supported. When upgrading from a non-ZTP version, ZTP is disabled because ZTP is always assumed to start with an empty configuration, otherwise the final configuration becomes a mixture of the existing configuration from the stored database and new configuration from the server and hence not deterministic.

The following is a URL configuration example for ISC DHCPv4 server:

Copy Copied! host master { hardware ethernet E4:1D:2D:5B: 72 : 80 ; fixed-address 3.1 . 2.13 ; option tftp-server-name "scp: <user>:<password> @3 .1. 3.100 /ztp/,scp: <user>:<password> @3 .1. 3.100 /ztp/"; option bootfile-name "image-X86_64-3.6.4612.img, switch-1.conf, ubuntu.img.gz" ; }

DHCPv4 request is made out of the following components:

Option 43 (vendor-encapsulated-options) and option 60 (vendor-class-identifier) are added in the DHCPv4 request packet

Option 66 (tftp-server-name) and option 67 (bootfile-name) are added in the parameter request list of DHCPv4 request packet

The following is a DHCPv6 configuration example:

Copy Copied! host master { ...... option dhcp6.bootfile-url "scp: 3.6 . 4612 .img, scp: switch .conf, scp: ubuntu.img.gz"; }

Copy Copied! host master { ...... option dhcp6.bootfile-url "scp: 23.01 . 0100 .img, scp: switch .conf, scp: ubuntu.img.gz"; }

DHCPv6 request is made out of the following components:

Option 17 (vendor-opts) is added in the DHCPv6 request packet

Option 59 (bootfile-url) is added in the parameter request list of DHCPv6 request packet

no zero-touch suppress-write Disables suppression of configuration write. Syntax Description N/A Default Enabled Configuration Mode config History 3.6.5000 3.9.2400: Added note Example switch (config) # no zero-touch suppress-write Related Commands show zero-touch Notes When ZTP is active, “configuration write” is suppressed because it may interfere with ZTP operation. Therefore, after running “no zero-touch suppress-write” if “configuration write” is performed, then ZTP is disabled as a consequence of the database save.

To automatically save the configuration at the end of applying a configuration via ZTP, append the following two commands to the end of the config files. The first command will turn off the ZTP suppress-write, then the configuration write command should work. no zero-touch suppress-write configuration write



zero-touch abort Aborts on-going zero-touch process. Syntax Description N/A Default Enabled Configuration Mode config History 3.6.5000 Example switch (config) # zero-touch abort Zero-touch failed [Zero-touch is aborted by operator] Zero-touch provisioning will be aborted Related Commands show zero-touch Notes