Latest

Zero touch Provisioning (ZTP) in Cisco Viptela SDWAN

Zero touch provisioning or so called ZTP is the way to automatic configuration on Cisco vEdge devices for which almost zero manual intervention required. If we talk about the Zero touch provisioning, it relies on services which are

  • A license file provided by Cisco for overlay network.
  • Marking of a device as valid or staging.
  • The configuration template for the device.
To make the deployment simple and scalable, Cisco Viptela SD-WAN adds zero-touch provisioning to facilitate deployment of the SD-WAN vEdge. The goal of the activation is to allow a SD-WAN vEdge/cEdge to be registered to the vManage Orchestrator such that any further device operations are centrally managed by the Orchestrator layer of SDWAN solution.

How Zero touch provisioning works?
Once you shipped the vEdge or cEdge to the remote site and connected to the WAN. The end device (vEdge or cEdge) will send the query to ztp.viptela.com which is redirected to vBond. 

Fig 1.1- ZTP in Cisco SDWAN

vBond authenticate the device with the feature called Zero trust model (we will discuss zero trust model in another article) and redirects to the registered orchestration and also inform the registered orchestration node about the vEdge/cEdge. 

Now vEdge/cEdge begins the initial control communication with vSmart/vManage (this is again done with the process of zero trust model which I will soon talk in an article) through DTLS/TLS secure tunnels. Once connection established and the device is recognized as valid device (smart account- Company ID, Device Serial number required to be valid device on vManage). 

All initial configurations will be pushed through vManage to vEdge/cEdge and the device is ready to communicate with other end devices which is already registered on the vManage.

Once received initial configuration by vManage, the full configuration will be pushed on the basis of template to the vEdge/cEdge and in this way the device is configured with the zero touch provisioning.

Device Template in Cisco Viptela SDWAN Solution

Device template is important in order to push the configuration to vEdges or cEdges. These device templates is help to ease the purpose of the Zero touch provisioning. Each section in the template is made of independent features. The device template required the following parameters

Fig 1.2- Device Template in vManage

  • Basic Information: Host name, System-IP and Site-ID
  • Transport and Management VPN information: VPN0 and VPN512
  • Service VPN: The VPN dedicated to LAN side of the branch
  • Additional Templates: Additional items such as Banners.