Zero-touch provisioning promises that you can install new devices without moving your hands. To someone who is used to connecting a console cable to each and every device, this can seem like wondrous magic. The process of installing a new device with ZTP instead of doing the same thing manually is a breeze. One thing that a lot of people forget about this process is that all the hard work lies in the preparation.
When I was a kid I learned how to ride my bike without holding any hands. I thought it was pretty cool. Everything just worked and I didn’t have to think about what I was doing, just lean my body a bit different and the bike would turn. In order to do this, I had of course been practicing to ride my bike while using the handlebars and I did it to the extent that everything just flowed. When people are used to provisioning devices manually that kind of flow is often just not there. A well-defined process is generally missing in organizations where devices are manually installed. Typically people just know how to configure devices, you don’t need to write anything down. If you are installing a new switch you log in to an existing one and copy the config from there, paste the parts which are needed and swap out the parts that need to be replaced. If you are unsure about some part of the configuration you ask around until you find an answer. Basically, you solve problems as they arise. This can be time-consuming but generally works. Occasionally you might ship out a device where the uplink is in admin shut or you forgot to generate the ssh keys.
The problem is that the above scenario wouldn’t be acceptable in an automated world. You have to have an answer to questions such as what the configuration should look like before the installation starts. This can be quite a big leap if you don’t have anything to generate configurations in place, or you don’t have any data source which describes what your topology looks like.
It made me sad when I heard that one of our customers ordered network devices to one country, but wanted the service contract to be registered in another country. The reason was that the equipment was first to be shipped to a staging facility and once configured it was shipped again to the final destination. A lot of companies still seem to send devices to a central location for configuration. It’s not a surprise that people are complaining that network people are slow. I’ve also been contacted by quite a few “headhunters” from LinkedIn where they are looking for an engineer for an urgent assignment. Typically they want someone who has a laptop, a charged phone, an internet connection, a console cable, and TeamViewer. It’s actually quite funny that their provisioning plan seems fairly well documented, but no one has addressed the fact that part of their plan requires them to contact some random dude on LinkedIn to make it happen.
It’s the type of situations described above that I want you to avoid having to live through after reading this guide. While the above is perhaps the worst case scenarios it could also just be that you are setting up a new network the goal is to avoid having to console into each device to configure it from scratch.
After completing this tutorial you will end up with a system which allows you to provision new devices of the shelf without having to touch a console cable and hand it over to your current automation solution. While this guide is written with Cisco IOS in mind this concept could easily be extended to any other device.