ZTP Optimization

Switches with factory default configuration have basic configuration for all ports that are required for obtaining an IP address and ZTP. During ZTP, the switches can join Central only if they are running the factory default configuration, and have a valid IP address and DNS settings from a DHCP server.

Initially, the switch boots up and obtains IP address for the interface VLAN 1 from the DHCP server. Interface VLAN 1 is part of the factory default configuration. If the DHCP reply has the DNS parameters included, the switch tries to resolve DNS and get the current time and date from the NTP server (pool.ntp.org). The switch will then attempt to resolve the Activate server URL (devices-v2.arubanetworks.com) to an IP address, and if successful, will attempt to reach the Activate service for initial provisioning.

The Activate server URL (devices-v2.arubanetworks.com) supports mutual authentication and uses HP CA signed certificate in TLS handshake.

During ZTP, there are chances that the switch is unable to establish a connection with Activate when the DNS server is not able to resolve the domain names or the DHCP is not providing any DNS server addresses. The ZTP process is optimized to recover and complete provisioning in such cases.

To optimize provisioning using ZTP, the switch performs the following:

  • Attempts to resolve the NTP server URL (pool.ntp.org) and Activate server URL (devices-v2.arubanetworks.com) to an IP address, and if successful, caches the obtained IP addresses and attempts to reach Activate for initial provisioning.

    • If the switch fails to obtain the IP addresses, then it performs DNS resolution of the NTP and Activate addresses using the global DNS server.

    • Repeatedly attempts to resolve NTP and Activate addresses from the local DNS server at an interval of 60 seconds for a maximum of 10 retries.

    • Caches the IP addresses obtained from the local DNS server and removes the global DNS address.

  • Attempts to synchronize its clock with the Activate time server (even if the time is already synchronized from a local time server configured through DHCP; in this case, the local time synchronization should prevail).

  • Performs the following time-sync tasks if the initial time synchronization with NTP fails:

    • Starts a one-minute timer to synchronize time from NTP until it receives a successful time update from the time server or user.
    • Initiates HTTP time-sync operation in parallel to NTP time-sync operation.

    • If NTP successfully updates the system time before HTTP time-sync, the HTTP time-sync operation is aborted.

    • If NTP successfully updates the system time after HTTP time-sync, the time updated from HTTP time-sync operation is replaced with the time update from NTP.

  • Starts provisioning through Activate after the time sync operation is completed. If the switch is unable to contact Activate or does not receive the provisioning information, then till it receives the information, the switch attempts to retry at the following intervals:

    • First three retries at 30-seconds intervals

    • Next three retries at 60-seconds intervals

    • Fall back to 300 seconds intervals for further retries