Introduction
This document describes how to onboard a new vEdge device by the SD-WAN Zero-touch provisioning (ZTP) process.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- A network device with ZTP
- Service provider connection
Components Used
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
1. Dynamic host configuration protocol server must be configured on the service provider side.
2. Device serial number must be added to the Cisco plug-and-play portal.
3. Predefined configuration must be attached to the device in vManage.
Onboard New vEdge Device by SD-WAN ZTP Process
Onboard new vEdge Device by SD-WAN ZTP Process
What is ZTP?
ZTP is a method to provision new devices that automatically get configured without the console of the device. ZTP helps IT teams quickly deploy network devices in a large-scale environment, eliminate most of the manual labor involved with ZTP.
Process Involved in ZTP
Step 1. The device gets connected to the Service provider.
Step 2. The vEdge device receives the IP address from the Internet Service Provider (ISP). The Dynamic host configuration protocol server must be configured at the Service provider end.
Step 3. There is a predefined ZTP URL that is configured in the vEdge box.
Step 4. Now it reaches out to the viptela dnsserver.
Step 5. After redirection to the ZTP server, the serial number must be checked and verified and the ZTP server redirects it to the vBond orchestrator and verifies the serial number and certificate, the control plane connection between vEdge and vBond gets formed.
Step 6. Once the authentication of the vEdge is done, vEdge gets the IP address of vManage and vSmart given by vBond. Parallelly vBond informs other controllers about the new device.
Step 7. The vEdge gets authenticated by vManage and gets the Systemip address.
Step 8. vManage pushes the predefined configuration to vEdge and parallely vSmart pushes the policy to vEdge.
Step 9. vEdge gets successfully onboarded to the SD-WAN overlay and is ready to exchange omp messages.
Step 10. Now vEdge establishes IPsec tunnels for the data plane traffic with other vEdges within the overlay.