gNXI provisioning process
The network element is removed from its package and racked. The MAC address of the management interface is scanned from a QR code displayed in the chassis of the network element. Via this action, this MAC address is associated with the identifier for this network element in the system that provisions and operates it.
The network element is at factory default when removed from its package. Once the gNxI bootstrapping process takes place, the network element is in the provisioned state.
The network element at factory default state:
- Management interface with DHCP client
- Running any OS that supports the gNxI bootstrapping process
The network element in provisioned state:
- Desired OS running
- Desired certificates installed
- gNOI & gNMI services enabled
- Desired configuration in place
The gNxI bootstrapping process is a sequence of 3 other processes.
This process enables the gNOI and gNMI services with valid certificates. The management interface uses the MAC address that is stamped in the chassis. This MAC address is scanned during the racking process. The provisioning system IDs the network element via this MAC address.
The network element has its certificates installed using the Simplified Bootstrapping process for gNOI and gNMI. A certificate is installed by using the gNOI cert service Install RPC. Only case 1 is required: Target generates the CSR.
The OS installation process uses the gNOI os service. It progresses through the installation, activation and verification stages as described in the proto service documentation.
The Configuration process uses the gNMI service to configure the network element. The network element must support the read write paths defined in this list of OpenConfig YANG models.
The network element uses the Simplified security model for the gNOI Certificate service.
A certificate is installed by using the gNOI cert service Install RPC. Only case 1 is required: Target generates the CSR. The certificate ID is used to assign the certificate to a particular service using gNMI paths (example).
A certificate is rotated by using the gNOI cert service Rotate RPC. Only case 1 is required: Target generates the CSR.
A certificate is revoked (deleted) by using the gNOI cert service RevokeCertificates RPC. All services using the revoked certificate must fail further authentications for that certificate.
The factory reset is performed using the gNOI Factory Reset service. The optional zero_fill and factory_os features are not required.