Infoblox Deployment Guide - Infoblox Bare Metal Provisioning · 2019-12-16 · 20. Close the...

Deployment Guide Infoblox Bare Metal Provisioning Deployment Guide

© 2019 Infoblox Inc. All rights reserved. Implementing Bare Metal Provisioning, July 2019

2

TABLE OF CONTENTS Introduction ........................................................................................................................................ 3 Requirements ..................................................................................................................................... 3 Sequence of events ........................................................................................................................... 3 Steps ................................................................................................................................................. 3 Instructions ........................................................................................................................................ 5 Summary ........................................................................................................................................... 18


3

Introduction This document describes a possible method for implementing bare metal provisioning utilizing Infoblox’s NetMRI and IPAM products. The aim of the process described here is to allow the customer to deliver network devices to site and then have installers rack and connect the servers to power and network and have the devices come up onto the network with the correct configuration with no input from the installers.

Requirements • All switches need to be of the same model. • DHCP option for the TFTP server to download the initial configuration file. For Cisco

switches, it is option 66.

Sequence of events The following diagram shows the steps involved and the sequence of events, between the device to be provisioned, the Infoblox DHCP server and IPAM servers along with the NetMRI Network Automation server.

Steps 1. Engineer installs the device in the correct location, connects the device to the network and powers

it up.

2. The Device starts up and sends out DHCP request for IP and location of a server to pick up a configuration from

3. The DHCP server identifies the correct range to issue an IP address from, based on the gateway address in the initial DHCP Discover message.


4

4. The DHCP server returns the IP address for the device, along with the location of the server to pull the default configuration from (In this case, the NetMRI server)

5. The DHCP server informs NetMRI via syslog that it has issued a new lease, providing the IP address.

6. The Device contacts NetMRI to request a configuration file

7. NetMRI returns the default config file to the device – this contains three items of information that are important for NetMRI in this process:

a. A node name that identifies it as a device that is to be provisioned – for example – autoconfig

b. A SNMP v1/v2c community string or V3 details that is known to NetMRI, so it can discover the device

c. A local Telnet/SSH user that NetMRI knows of, so that it can discover and pull configurations from the device, and more importantly, also to push configuration to the device once it has been discovered.

8. The Device Reloads using the default configuration file

9. NetMRI attempts to discover the device, using the known credentials

10. The device responds with the request information to NetMRI.

11. NetMRI identifies that this is a device that BMP is applicable.

12. NetMRI builds up the correct configuration for the device, based on a template configuration, using the following information to pick out the configuration template to use

a. Device Type b. Device Vendor c. Device OS d. Device Model

As well as identifying the correct template to use, NetMRI will look up the IP address within IPAM, identify the range is was issued from and pull the extensible attributes to create the permanent node name for this device. NetMRI could also look up other extensible attributes from IPAM, if for example other attributes were utilized to hold details for the following types of data:

• Permanent SNMP sysLocation

• sysContact

• Community String

• Syslog server

• TACACS server

• DNS servers

• Helper Addresses

• Etc.…

13. NetMRI pushes the now complete configuration to the device and reloads the device

14. The Device reloads and comes up onto the network with its permanent configuration

15. NetMRI now accesses the IPAM solution to convert the DHCP lease that was given to the device into a Fixed Reservation within the IPAM/DHCP solution


5

Instructions 1. Log into the Infoblox NIOS appliance with a user with administrator credentials.

2. Navigate to Grid à Grid Manager à DHCP. Click on the check box that is associated with the member that will run DHCP. Click on the ‘Play’ button to start the DHCP service.


6

3. Navigate to DHCP à Networks à Networks.

4. Click on the ‘+’ button to add a DHCP range. This DHCP range will be used by the Cisco switch in this example to get an IP address in which to download the configuration. Ensure the ‘Add Range’ button is pressed. Click Next.


7

5. Type in the starting IP address and the ending IP address for the DHCP range. Click Next.

6. Select the Grid Member that will service this DHCP range clicking on the button and selecting the member. Click Next.


8

7. Ensure the Grid wide settings are correct for this DHCP range. Otherwise, press the respective Override button(s) to make the changes. Click Next.

8. Ensure the Grid wide settings are correct for this DHCP range. Otherwise, press the respective Override button(s) to make the changes. Click Save and Close. Click on the Restart button on the top of the screen afterwards.


9

9. Configure NIOS to forward syslog notifications to NetMRI in NIOS under: Navigate to Grid à Grid Manager àMembers à Grid Properties à Monitoring add the NetMRI appliance as syslog server. Select UDP as the transport. Set the Logging Category to Send All. Click on the Add button. Click Save and Close.

10. Navigate to Grid à Grid Manager à NTP. Select all of the devices. Click on the play

button to enable NTP.


10

11. Navigate to Dashboards à Tasks. Click on the drop-down arrow next to the configuration wheel directly below the Tasks tab and select Enable NetMRI tasks.

12. Click on the setting drop down arrow next the settings wheel for Automation Tasks and select NetMRI Registration.


11

13. Enter the IP address and admin password. Click Register.

14. Log into the NetMRI GUI.


12

15. Click on Settings wheel in the upper right corner of the screen.

16. Navigate to General Settings à Advanced Settings.

17. Search on Discovery keyword and ensure the settings below are on. Setting Configuration

Discovery Ignore Duplicate MACs On

Discovery Truncate IP History On

18. Under Settings à Setup à Credentials à CLI, Add a new USER credential of admin/infoblox. Also add an ENABLE credential of infoblox . These are the credentials for the switch once it has booted with its TFTP config.

19. Under Settings à Setup à Credentials à SNMP v1/2c, move the autoconfig community string to priority 1 and add a community string of infoblox and make it priority 2. This will help


13

the discovery to run faster.

20. Close the Settings windows. Navigate Config Management à Job Management à Triggered

Jobs. Ensure that the following triggered jobs are visible

• Isolate Rogue DHCP Server

• Locate Rogue DHCP Server

• Provision Bare Metal Device

21. Navigate to Config Management à Job Management à Scripts. Ensure that the following scripts are visible under Config Management à Job Management à Scripts

• Isolate Rogue DHCP Server

• Locate Rogue DHCP Server

• Port Activation

• Provision Bare Metal Device

• Provision Network


14

22. On the NetMRI console, execute the tftpsync command. This copies the default switch config files to the tftp directory on the NetMRI appliance. Select ‘y’ when prompted.


15

Configuration of Lists and Templates In order to configure bare metal provisioning, there are three lists that control which devices are configured and what configuration they receive. The following lists are found under Configuration Management -> Job Management -> Lists :

• TAE BMP Switch Model Interface Defs

• TAE BMP Site Settings

• TAE BMP Device Provisioning

The Lists are all related to each other. TAE BMP Device Provisioning contains the MAC address and other configuration specific to that device. This also refers to the TAE BMP Site Settings List, which contains configuration parameters that are specific to a group of devices such as syslog servers, NTP servers and port to VLAN mappings.

The TAE BMP Switch Model Interface Defs list maps the device model to the ports that are available on that type of device. The model column is the name of the device model as reported by the device. The same model name is also used to select the configuration template that will be used for the device. Configuration templates are fund under Configuration Management -> Job Management -> Config Templates. In this example, we are using Cisco Catalyst 2960 switches. To configure Bare Metal Provisioning, a new row must be added to each of the above lists. The values are specified in the tables below

TAE BMP Switch Model Interface Defs:

Column Value

Vendor Model Key cisco_cat296024TCS

Interfaces fa0/{1-24},gi0/{1-2}


16

TAE BMP Site Settings

Column Value

Site Settings Name SmallBranch

Site Code Site A

Mgmt VLAN ID 2

Mgmt VLAN Name VLAN2

Mgmt VLAN Port fa0/{1-12}

Domain Name domainname.com

Syslog 172.16.30.3

NTP 172.16.30.2

VLAN1 ID 100

VLAN1 Name VLAN100

VLAN1 Ports fa0/{13-24}

VLAN2 ID 200

VLAN2 Name VLAN200

VLAN2 Ports gi0/{1-2}

TAE BMP Device Provisioning

Column Value

MAC-you must create an entry for each deployed switch.

From the back of the switch (change last hex block form :00 to :40)

Mgmt IP 172.16.30.250

Hostname bmpswitch

Mgmt Mask Bits 24

Gateway 172.16.30.1

Site Settings Name SmallBranch

Configuration Template The lists provide parameters to the configuration template. A new template will be required for the switch to be provisioned. To do this we will start with an existing template. The template we will use will need to be modified. Create the new template as follows:

1. Copy the cisco_catalyst37xxstack template and rename the copy cisco_cat296024TCS

2. Edit the config template to remove the lines:

• switch 1 provision ws-c3750-48p


17

• no ip classless

3. Save and close the template Library Script Under Configuration Management -> Job Management -> Library is a script, TAE_Cisco, that controls how NetMRI interacts with Cisco devices. Out of the box, this script contains a configuration setting that is not recognized by this switch.

1. Edit the TAE_Cisco script and remove the following line:

• $interfaces_config .= " no ip mroute-cache \r";

2. Save and close the script 3. Enable DHCP Services in NIOS.

4. Press and hold the ‘Mode’ button on the left front of the 2960 switch. The three lights will start to blink. When they stop blinking and show solid green, release the Mode button. This resets the script to factory default. The following should now happen automatically:

• The switch will boot and, since it has been reset to factory default, it will perform and DHCP Request.

• The switch will download the TFTP config file specified in the DHCP range (DHCP Option 66)

• NIOS will send syslog messages to NetMRI, one of which is the DHCPACK message for the lease request

• On receipt of the DHCPACK, NetMRI will start a ‘Discover Now’ on the IP address assigned to the switch

• NetMRI will find that the switch name is ‘autoconfig’ which will raise the issue ‘Bare Metal Device Found’

• The issue will start the triggered job called ‘Provision Bare Metal Device’. This job is scheduled to run at a future time.


18

5. In NetMRI, look under Network Explorer -> Discovery. You should see the switch appear in about 2-3 minutes under the name of autoconfig (you will need to manually refresh the screen from time to time). You will know when the discovery process is complete when the Configuration has been collected by NetMRI. This will appear as a check mark in the ‘CC’ column.

Summary Bare Metal Provisioning is automatically triggered task to detect and provision new switches and routers on the network. Bare Metal Provisioning is most useful for bringing up many new deployments of the same device model with very similar configurations.

Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security, reliability and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the Fortune 500.

Corporate Headquarters | 3111 Coronado Dr. | Santa Clara, CA | 95054

+1.408.986.4000 | 1.866.463.6256 (toll-free, U.S. and Canada) | [email protected] | www.infoblox.com

© 2018 Infoblox, Inc. All rights reserved. Infoblox logo, and other marks appearing herein are property of Infoblox, Inc. All other marks are the property of their respective owner(s).

Infoblox Deployment Guide - Infoblox Bare Metal Provisioning · 2019-12-16 · 20. Close the...

Documents

Transcript of Infoblox Deployment Guide - Infoblox Bare Metal Provisioning · 2019-12-16 · 20. Close the...