logo Cisco SD-WAN ZTP AUTO-IP NO DHCP



Zero Touch Provisioning Challenge:

In many situations the service provider PE router may not be configured with DHCP services, in other words the customer’s vEdge would require the admin to statically set the WAN IP address for VPN0 . we’d still like to get ZTP to work provided:

  • PE/GW has reachability to ztp.viptela.com
  • PE/GW can provide reachability to Google’s DNS 8.8.8.8 & 8.8.4.4



Zero Touch Provisioning AUTO-IP:

When the vEdge detects that there is no DHCP server on the network to hand over an IP to it’s WAN interface, it initiates an automatic IP addresses detection process. This is the mechanism that allows the vEdge to find a valid IP on the network and perform the following tasks:

  • Set its WAN interface statically
  • Set its default route to the PE/GW IP address
  • Resolve ztp.viptela.com using Google’s DNS 8.8.8.8 and 8.8.4.4
  • Establish DTLS connection to its corresponding vBond



Zero Touch Provisioning AUTO-IP “How to get it working”:

While AUTO-IP feature might sound straight forward there is a caveat to get it working, that is PE/GW must send an ARP request to the IP address that the vEdge is supposed to claim. The easiest way to initiate such request would be a sending an ICMP ping from the PE router. Let’s assume the interface IP on the PE router is 150.55.1.1 and let’s also assume we’d like the vEdge to claim the address of 150.55.1.2 then we’d need our service provider to send an ICMP ping to 150.55.1.2 sourced from 150.55.1.1. The process behind AUTO-IP is as follows:

  • PE Sends an ARP Request to the vEdge
  • vEdge detects the IP of the PE and set it to be its default route (VPN 0)
  • vEdge detects the destined IP and assumes it’s free to claim on its ge0/0 interface
  • vEdge ensures that the claimed IP is unique on the link



LAB Setup:

Switchport Configuration

!

interface TenGigabitEthernet1/0/11
 description Connection to vEdge-1000 Ge0/0
 no switchport
 vrf forwarding V300
 ip address 150.55.1.1 255.255.255.0
end

vEdge Factory Default Configuration:



Sending a ping from the PE Router:

C9300-24UX#ping vrf V300 150.55.1.2 source 150.55.1.1 repeat 250
Type escape sequence to abort.
Sending 250, 100-byte ICMP Echos to 150.55.1.2, timeout is 2 seconds:
Packet sent with a source address of 150.55.1.1
………………………………………….!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 80 percent (201/250), round-trip min/avg/max = 1/1/1 ms


Observation:

  • The vEdge succesfully set it’s ge0/0 IP address to that IP the PE was pinging
  • Subnet mask on ge0/0 is consistant with that of the PE which is okay for our scenario
  • No configuration change was done to ge0/0, this process was done dynamically
  • Default route has been set to the PE IP address of 150.55.1.2
  • The process does takes around ~90 seconds to complete so keep in mind it’s not instant
  • Firewall packet capture shows the vEdge trying to perform a DNS lookup for ztp.viptela.com


show interface description

show ip route vpn 0

Firewall Packet Captures:



Conclusion:

AUTO-IP could be a life savior in a many situation where DHCP is not present and you as an admin have no local access to the device. As long as the vEdge is plugged in to the PE router on it’s ge0/0 and as long as you can get the Service provider to send an icmp ping to the vEdge, you should be able to bring the control plane up within few minutes. Keep in mind we’re only interested in getting control plane up so that our device could pull its permeant configuration from vManage. Such configuration includes ge0/0 proper IP address / Subnet Mask and default route.



Watch ZTP AUTO-IP  on my youtube channel: 























Published: 19-10-16