In the late 90’s, end to end service provisioning became popular, wherein connection requests were raised at one end, post which a full automated path delivered network elements via a Network Management System (NMS) or an equivalent platform to provide the path. No manual intervention was required. But for network engineers, it was a cumbersome task. Each site had to be manually configured. The paths needed to be provisioned among all networking assets (hardware) such as switches, end devices, edge equipments, routers and so on. However today, in the era of cloud, provisioning networking assets and a plethora of devices manually, not only sounds irrelevant, but it is cumbersome and prone to errors. Thus, with the evolution of virtual networking, the idea of Zero Touch Provisioning also evolved. The idea that a switch/router or rather a series of switches/routers (or other network elements) could be configured with minimal manual intervention, and, hopefully, without any errors.
What is Zero Touch Provisioning (ZTP)?
Networking traditionally has been a complex and manual for IT. The advent of SDN changed it all. Out of all benefits of SD-WAN, ZTP is among the top three. With ZTP, networking is automated and an intent driven process. Zero touch provisioning is a switch, that simplifies provisioning and configuration of devices automatically without any manual intervention. The switch (ZTP) downloads and runs the centrally stored configuration, which it acquires by sending a request through DHCP or TFTP. ZTP seamlessly allows IT to update OSs, deploy patches and bug fixes and embed additional features prior to connection. Using Scripts, ZTP can also connect to configuration management platforms or a custom tool.
ZTP on Lavelle Networks SD-WAN
When using ZTP with Lavelle networks CloudStation (orchestrator) and CloudPort (device), each CloudPort (network node) at a branch or DC location, needs to know the web service URL of its CloudStation (parent SD-WAN controller). The service URL is pre-configured on the CloudPort, prior to shipping the device to the location. An alternate method is to use a factory default service URL – “bootstrap.cloudstation.io”. Either way, the CloudPort on first power up, attempts to establish an HTTPS connection to the preconfigured CloudStation service URL. At this time, the only prerequisite is that there be a functional WAN connection to the CloudStation. In case any or all of the WAN interfaces use an automatic IP assignment protocol like DHCP, this is really simple. In case a static IP address, or a site specific network IP assignment is needed, then this has to be entered at the site using the CloudPort local web interface (which is served over the LAN interface using a default URL – “local.cloudport.io”). The CloudPort uses one of the forms of authentication parameters:
- Device based unique identifier, using the MAC address of the ethernet ports.
- The identifier also uses an internal algorithm to combine hardware model numbers, device serial numbers, etc.
- Username, and password, which are pre-configured on the appliance, or can be configured at run time using the local web interface
Successful authentication and generation of the authorization token is mandatory for any further communication or transaction. Typically, the CloudStation already has been provisioned with the new CloudPort device and configuration details, including any SD-WAN Network segments it belongs to, policies and anything else which completes the device specific configuration at the CloudStation. And this provisioning is done, prior to dispatching the CloudPort to the branch location. Do note that as a design principle, the CloudPort reports its LAN state, before applying the LAN configuration. Since we support multiple hardware models, and at times it is possible that there might be operational errors in the device on site vis-a-vis the device required per CloudStation configuration, this is helpful in preventing failures.
The CloudPort sends all the discovered LAN information (number of ethernet ports, any network discovery et al). The CloudStation sends all the required LAN configurations, which is applied at the CloudPort and one reboot is performed to ensure all parameters are in the right state. Upon second power up (first power up is for dialing home and fetching LAN configuration), the CloudPort completes the fetch of all policies, configuration state, and follows an internal algorithmic series of steps to connect to the overlay WAN network, and set up forwarding plane as per the latest state programmed by CloudStation. All set up is automatic from here for the lifetime of this branch location. The configuration is done using established data models to separate basic provisioning, routing, network segmentation, data plane information into separate API transactions.
An increasing number of edge devices, the surge of the internet and cloud requires enterprises to rapidly implement and deploy network elements. Zero touch provisioning allows IT to automatically update, pre-configure initial configuration and update scripts. With Zero touch Provisioning, enterprises can cater to new emerging challenges rising due to the high usage of network functions virtualization (NFV). Only with Zero touch provisioning, enterprise ITs can configure new virtual functions. From India’s 2nd largest retail network, to the fifth largest insurance network, from production locations, ranging from the largest cities to the smallest towns, covering several regions in India, Lavelle Networks SD-WAN solution has proven its ZTP architecture across the nation. To know more on how Lavelle Networks SD-WAN platform can help your enterprise stand out get in touch with us.