POAP Deployments

I recently had to deploy a couple of Nexus 9k switches in a couple of new DC's at work which has been setup as a greenfield environment utilising VXLAN and BGP EVPN which is all managed by DCNM. This means that instead of being able to quickly and easily deploy and configure switches you have to use the GUI garbage that is supposedly the way of the future. If you can't tell, I'm not a fan of SDN. In my opinion, any half decent network engineer knows that while SDN has its place and benefits, its 100% not in the day to day operations of a network. SDN should only be used for repetitive simple tasks that you can actually trust a piece of software with. Not managing an entire network infrastructure. Anyway, SDN rant is over. Let's get back to POAP. 

This was actually the first time I'd had any hands on experience with deploying switches using POAP, and I will say that while POAP isn't exactly SDN, most of the scripts out there are python based (and didn't work in my lab environment which I'll post about in the near future) so I call it SDN and I will admit I can see the benefits of zero touch deployments like these. 

POAP stands for Power On Auto Provisioning and is Cisco's ZTP (Zero Touch Protocol) . With the Cisco Nexus platforms, when you boot them up for the first time, they will go into what's called POAP mode. Essentially, if there's no configuration found the switch will use DHCP and POAP in order to obtain an IP and base configuration file. When you power on a Nexus switch, the switch will send out DHCP requests on all active interfaces looking for an IP including the management interface. If the switch receives a response, and you have your network setup for it, it will then take the provided TFTP option details and boot file name from the DHCP lease and attempt to boot. There is of course a bit more to it but that's the basics. 

The boot file that is downloaded, will contain the paths and commands required in order for the switch to determine if a NX-OS upgrade is needed and where/how to download the NX-OS image and also the configuration file to use for that switch. There's quite a few POAP scripts out there and Cisco devnet even has one published on their GIT page but I couldn't get any of them to work in my lab environment and I'm not a programmer so don't have the skills to read through the script and work out what's broken. I'm also using virtual Nexus switches in my lab so it could simply be that too. I did however find a very very basic POAP script, and modified it slightly so that it will determine if a NX-OS image update is required and also the switch serial number and then supply the correct configuration file name etc.  

While POAP isn't exactly a one stop you don't need to configure a switch anymore solution, it will give a basic enough configuration for you to be able to manage your device. And depending on your POAP script, you still need to know the device serial number, and if you're using DCNM, you'll also need the switch model, and the NX-OS version that it's running in order to deploy it. While that is still much easier than booting a switch up, connecting a console cable, configuring management etc and doing an NX-OS upgrade,  It also means that if you need to replace a switch at a remote office you can ship one straight to site and as long as someone can rack it in, plug in some cables and turn it on, then you don't need to do anything else before you can manage the switch. 

To setup a simple POAP deployment in your home lab or at work even, all you need is a basic Linux Server (or Windows if you prefer) that has been configured as a DHCP server and a TFTP server. Or alternatively, you can also setup SCP, HTTPS, or FTP for file transfers, but I haven't had any success getting FTP or SCP to work correctly in my home lab yet but it should work none the less. Again, not a programmer so it could very easily be my POAP script that's the issue or the fact I'm using a virtual switches. In my lab environment I am running ESXi 7 which hosts my Linux POAP server which is a very minimal install of Centos 9. This server has been configured for DHCP and TFTP for the POAP deployment and my Nexus switch is also a N9000v image which runs on the same ESXi host. That's it, that's all that's needed to test POAP. I'll run through a build for POAP in a future post. 

While my experience using DCNM and POAP wasn't a great one due to issues with the configuration that was setup by contractors, once I'd found all of the little issues and resolved them, it was a pretty seamless install and I do quite like how it works and how simple it is to plug a switch in and then get access to the CLI to manage it. 

 See my post here on how to setup your own POAP deployment.