Methods of Device Onboarding in SD-WAN
There are two methods of device onboarding with initial configuration so that it can reach vBond.
- First method is to manually apply minimal configuration to the device.
- The second method is automatically discovery of device in the network using Zero Touch Provisioning (ZTP) or Plug and Play (PNP).
If the device having Viptela OS, it will use ZTP to boot up. If the device is an IOS XE-based, then sd-wan Plug and Play feature used to boot up. ZTP and PNP mostly similar in operation.
- When a WAN Edge join the SD-WAN fabric, the WAN Edge first needs to establish connectivity to the vBond controller.
- The vBond facilitate vEdge about the vSmart and vManage controllers.
- WAN Edge establishes connectivity to each of these controllers, mutual authentication performed and the device will receive its full configuration from vManage.
1. Manual Bootstrapping of a WAN Edge
To manually boot up a WAN Edge device, the network administrator will begin by applying a minimal configuration to the device. Minimal configuration is as IP addressing, vBond addressing (either DNS hostname or IP), and system identification information. Few parameters required to configure to establish initial connectivity and authentication. The process to manually boot up a device is as follows:
Step 1. Configure an IP address and default gateway otherwise DHCP will assign IP address and gateway automatically.
Step 2. Configure the vBond IP or hostname, hostname, DNS server address must be provided, and the device must have reachability from VPN 0.
Step 3. Configure device with the system IP, site ID, and organization name.
Minimal Configuration for a Viptela OS–based Device | Minimal Configuration for an IOS-XE based Device |
| Device# config Device (config)# Device (config)# system host-name hostname Device (config-system)#system-ip ip-address Device (config-system)# site-id site-id Device (config-system)# organization-name organization-name Device (config-system)# vbond (dns-name | ip-address) Device (config)# vpn 0 Device (config-vpn-0)# interface interface-name Device (config-interface)# (ip dhcp-client | ip address prefix/length) Device (config-interface)# no shutdown Device (config-interface)# tunnel-interface Device (config-tunnel-interface)# color color Device (config-vpn-0)# ip route 0.0.0.0/0 next-hop Device (config)# commit and-quit
| Device# config-transaction Device(config)# Device(config)# system host-name hostname Device(config-system)# system-ip ip-address Device(config-system)# site-id site-id Device(config-system)# vbond (dns-name | ip-address) Device(config-system)# organization-name name Device(config)# interface Tunnel # Device(config-if)# ip unnumbered wan-physical-interface Device(config-if)# tunnel source wan-physical-interface Device(config-if)# tunnel mode sdwan Device(config)# interface GigabitEthernet # Device(config)# ip address ip-address mask Device(config)# no shut Device(config)# exit Device(config)# sdwan Device(config-sdwan)# interface WAN-interface-name Device(config-interface-interface-name)# tunnel-interface Device(config-tunnel-interface)# color color Device(config-tunnel-interface)# encapsulation ipsec Device(config)# ip route 0.0.0.0 0.0.0.0 next-hop-ip-address Device(config)# ip domain lookup Device(config)# ip name-server dns-server-ip-address Device(config)# commit Device# exit |
2. Automatic Provisioning with PNP or ZTP
The second method of provisioning devices allows the automatically bring the devices online with minimal effort and involvement.
- Once powered on, the default configuration in the device tries to receive an IP address via DHCP.
- Device reach out to vBond for automatic provisioning (hosted by Cisco). The process is similar as the manual bootstrapping process.
- The device will connect and authenticate to the vBond, learn of vManage and vSmart, and then receive its configuration.
- Device template attached in vManage for the automatic provisioning process. The device template consists the system IP and site ID for the device populated as well. If none of this is completed, the process will not succeed.
- Once vManage discover the device, it will push the template that is assigned to the matching serial number of the device performing ZTP or PNP. If the device is using Viptela OS–based device, ZTP will be used.
- To get configuration from ZTP server, two parameters should be full filled by edge device i.e. DHCP should be available on the WAN facing interface and the device must be able to resolve ztp.viptela.com. Viptela OS based device has the specific interfaces that are to be used to contact ZTP server.
- The vEdge device queries ztp.viptela.com. The ZTP server verifies that the device’s serial number and organization exist in the ZTP database.
- ZTP server responds telling the vEdge what the connectivity information is for the organization’s vBond controller.
- vEdge establish connectivity with vBond and goes through the authentication process. If successful, the vBond facilitate vEdge about the vSmart and vManage controllers in the overlay. At this point, vManage will push the configuration template to the device.
For Cisco IOS-XE based devices Plug and Play workflow:
- PNP operates almost similar to ZTP, except instead of building a DTLS tunnel to the PNP server (devicehelper.cisco.com), the device will communicate to the server via HTTPS.
- When PNP server validates the device, it will redirect the IOS-XE based WAN Edge to the relevant vBond for the organization.
- IOS-XE based devices have the same requirements as ZTP devices in that they must get an IP address and DNS server via DHCP and be able to resolve devicehelper.cisco.com.
Continue Reading:
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
