Onboarding vEdge device using Zero-Touch-Provisioning
Onboarding vEdge device using Zero-Touch-Provisioning
It is important to understand the Zero-Touch-Provisioning while using Cisco Viptela vEdge device and wants that to be the part of the SDWAN fabric.
Fig 1.1- ZTP |
Step 1: Implement WAN transport that supports ZTP on the vEdge device interface
Step 2: As soon as the router is powered on, it dynamically acquires an IP-address, default gateway, and DNS information from the upstream WAN transport device by means of the DHCP process.
Step 3: VEdge sends a DNS request to resolve ztp.viptela.com to the ZTP server. The ZTP server authenticates with the ZTP device using the chassis and serial number.
Step 4: Once authenticated, the ZTP server sends information to the vEdge device about the vBond orchestrator, the organization name, and root certificates. When the vEdge device receives these details, it tears down the control connection and establishes a transient connection to the orchestrator.
Step 5: Following authentication with the vBond orchestrator, the vEdge device is provided with vManage and vSmart information to register and establish a secure connection
Step 6: The device then attempts to establish a secure control connection with the vManage NMS. It is important to note that the device has no configuration and to build the connection, it uses 0.0.0.0 as the system-ip to bring up the initial control connection with the vManage.
Step 7: Post authentication, vManage responds to the vEdge with the device’s System IP address and forces the device to re-authenticate using the shared system-ip information.
Step 8: The WAN Edge device then re-initiates control connections to all the SD-WAN controllers (vBond, vManage and vSmart controller) using the configured system-ip IP address in order to join the SD-WAN overlay network.
Step 9: Upon loading the selected software version and re-authenticating with the SD-WAN controller, the vEdge device joins the SD-WAN overlay network.
No comments