Question for ISP folks:
I’m involved in a non-profit ISP and we use MikroTik. We’re wondering how other small shops do initial device provisioning.
How do you handle initial unboxing and provisioning devices before taking them to a site?
Do you use flashfig? netinstall? shell scripts? python? ansible? terraform?
How about config and secret management? Do you use netbox? How about with a distributed team?
Do you have a bench or area for this?
What are you provisioning?
When you provision, how do you develop config? Is it per device, or per config type e.g. snmp, firewall and combined per deployment?
Additional rambling and context:
I’ve personally tried a lot with Ansible and shell/expect scripts to bypass the out-of-box questionnaire, but Ansible’s routeros integration relies on parsing the CLI which can be fragile. I don’t think this is a good way go to because there are too many ROS versions to account for with various quirks and we’d be endlessly writing ansible code. Similarly Terraform seems like it’d be great once you’re up and running, however importing state seems to require writing a lot of code centering around the internal ids (e.g *1, *2, *C) of routeros config entries and it seems like we’d again be writing a ton of code to import state on each new piece of hardware, and we don’t even know if the ids are deterministic upon resetting a device.
About us:
we’re all volunteers and part-time
we’re new to this, accustomed to doing mikrotik config by hand on cli and webfig
we have a bunch of new sites this summer
many of us are software and networking people, but not service provider people
we use linux, mac, none of us use windows on the go
I’m a one-man shop, so this may not be as exciting to you. But I take my hAP’s and netinstall them to whatever version I feel most comfortable (presently 7.14.x) with my stock config. When I do the install at the customer, I put on the finishing touches, like AP SSID and WPA password, hostname, etc. I did use flashfig on one box a few months ago, and while it was super fast, the routers all had versions much older than I wanted to be running.
Some people have gotten netinstall working inside a container on RB4011/RB5009. I imagine if you had the RB5009 with POE out on all ports that you could configure several netinstall containers (one per port), unbox and plug in the routers to the 5009, let it do it’s thing for a few minutes, then collect the routers and put them back in the box with whatever stickers/labels/instructions you want.
As far as cataloging, automating signup, onboarding customers, etc., I’m afraid I’m too small to have anything done for that. But I foresee building some kind of probing server that logs into newly discovered CPE and adds them to the management system.
How does the transport medium look like to the actual customer? Wireless? FTTH?
We perform the first provisioning with a shell-script and mac-telnet (from adjacent node) - then the finishing and customization with Ansible.
We usually provision them in-place, but occationally in lab/bench. Then we use a HTML/JS based generator that outputs the basics and it’s just copy-pasted via telnet or console.
Some of our sites are FTTH or LTE, but via another major regional carrier. Our handoff to the mikrotik is typically copper ethernet with DHCP or PPPOE on a vlan.
Hi! We are a community network so we have users but not customers. That’s also why we handle both the inside and outside of the CPE’s. There are multiple users per CPE and we also handle site wifi in addition to the CPE gateways. One of the main things we offer is installation and management of devices along with monitoring. Monitoring is also how we’re able to get grants to generate revenue. With a small number of folks helping out automation and leveraging modern tools is key to being efficient enough.
