zero-touch - cisco - cisco - global home · pdf fileprimary components include autoinstall...

Zero-Touch
1

Commonly Used Acronyms
Acronym Description
IOS Cisco Internetwork Operating System
CCE Cisco Configuration Engine
CNS AgentCisco Networking Services. IOS embedded agent on the used to communicate with CCE
CNR Cisco Network Registrar
3
CNR Cisco Network Registrar
CPE Customer Premise Equipment
ACE Application Control Engine
EEM Embedded Event Manager
SDP Secure Device Provisioning
CX Cisco Configuration Express
TFTP Trivial File Transfer Protocol
DHCP Dynamic Host Configuration Protocol
AI AutoInstall an IOS Embedded feature

Primary components include
AutoInstall a Cisco IOS software
The router has the smarts to auto configure without human
intervention
Zero Touch Deployment Models
eToken: a USB-based smartcard device;
Cisco True Zero Touch Cisco Near Zero Touch
Requires some degree of manual intervention
4
AutoInstall a Cisco IOS software feature/component
CNS Agent in Cisco CPEs
CCE Server to manage/administer the CPE configuration templates
Cisco Network Registrar to provide the TFTP and DHCP functionality
For HA, Redundancy and Load Balancing of the CCE servers are used
device;
CX: Cisco Configuration Express;
Cisco EEM: Cisco Embedded Event Manager
Cisco SDP: Secure Device Provisioning
Validated Model

True Zero Touch Solution Highlights (contd)
Uses common network protocols for automatic CPE deployment
CPE connectivity to SP network is done automatically via Autoinstall
High volume of CPE deployment automatically using templatebased configurations
CNS agents on CPEs allow for further automation capabilities
5
CNS agents on CPEs allow for further automation capabilities when used with CCE
IOS image upgrades, Configuration changes
Solution enables managed connectivity and additionally facilitates rollout of managed services like FW, VPN, CME etc on the CPE.
CCE provides CPE management (i.e. Moves, Adds, Changes) as well as configuration template management
Integration with CCE provides Day-1 and Day-2 services capabilities
Solution Tested

CCO Ordering ProcessEnabling AI on the ISRs shipped from factory
For Autoinstall to work, there must be NO configuration in the NVRAM
Ordering process defaults to this option. CCP is installed by default on all ISRs shipped out of factory
i.e. CCP in Flash and NVRAM
6
i.e. CCP in Flash and NVRAM
Select CCP-CD-NOCF option. During configuration of the ISRs, the customer must select the option highlighted in order to enable Zero touch on the ISRs out of the box
PS: Hitting the reset button on the 8xx series ISR routers, results in the default config being copied from Flash to NVRAM. This will break Zero Touch deployed configuration in the field. See Troubleshooting section for manual override steps
Solution Tested

True Zero Touch Solution Components
1. Embedded Cisco IOS Auto Install feature (AI)
2. Cisco CCE
Linux/Solaris based deployment
3. Embedded CNS Agent in Cisco IOS
7
4. Cisco Network Registrar (CNR)
Provides DNS, DHCP and TFTP services
5. LDAP Server
6. ACE Load Balancer
7. Hardware/Software Matrix
Solution Tested

True Zero Touch Solution Components1. Auto Install Underlying Pre-requisites
No configuration file resides in NVRAM on the CPE device (See next slide #21))
i.e. Cisco Configuration Professional (CCP) is NOT present on the device
A DHCP server/services is available on the network to provide IP addresses to the CPE
CPE device is powered on and WAN
In ZT Solution
Auto Install Support
Ethernet Y Y
Cable Interface N Y
WIC-1DSU-T1-V2 N Y
VWIC2-1MFT-T1/E1 N N
* List of validated ISR WAN interfaces for ZT
8
CPE device is powered on and WAN interface* (Eth) is physically connected to the network
The network has the IP connectivity necessary to permit the CPE networking device to load the configuration files from the TFTP server during the Autoinstall process.
The default/generic configuration file, and where necessary host specific config files to be loaded on the devices resides on a TFTP server that is available on the network
HWIC-1T1 N N
NM-1CE1T1-PRI N N
NM-2CE1T1-PRI N N
V.35 Serial N N
Solution Tested

Set up device in Cisco Configuration Engine before device deployment
Add Cisco Network Services ID: Unique device identifier
Cisco Network Services ID can be
Step 1: Staging of CPE
9
hostname, IP address, MAC address, hardware serial number, unique device identifier (UDI)), or any string
Associate configuration template with device

Bootstrap configuration is initial set of dynamic startup configuration commands
Specific to the customer
Service, location, etc., agnostic
Few lines of IOS Cisco Network Services agent commands to execute the one-time initial configuration download
Could point to a Virtual IP address on load balancer instead of actual CCE host
Step 2: Load Bootstrap Configuration on CPE
10
Several mechanisms to get bootstrap on CPE
Router # ip host cns-ce 10.1.3.99
Router # cns config initial 10.1.3.99 80
Router # cns config partial 10.1.3.99 80
Router # cns id hardware-serial
Router # cns id hardware-serial event
Router # cns id hardware-serial image
Router # cns event cns-ce 11011 keepalive 60 3
Router # cns exec 80

1. CPE sends Dynamic Host Configuration Protocol (DHCP) Discover
2. DHCP server replies with Offer
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
CPE DHCP TFTPCisco
Configuration Engine
DHCP Discover
DHCP Offer2
DHCP Request
1
3
Step 2: contdBootstrap Options: AutoInstall* Call flows
Warehouse and Service
Provider Network
11
with Offer
3. CPE sends DHCP Request
4. DHCP server replies with Option 150
5. CPE requests bootstrap file over TFTP
6. TFTP server sends CPE bootstrap file
Bootstrap Configuration
Config Send
5
4
6
DHP AckOption 150
Provider Network
*Requires CCP NOCF SKUs during ordering process

Post Bootstrap Call flows
1. CPE sends Dynamic Host Configuration Protocol (DHCP) Discover
2. DHCP server replies with Offer
3. CPE sends DHCP Request
4. DHCP server replies with
Provider Network
DHCP TFTPCisco
Configuration Engine
DHCP Discover
DHCP Offer2
DHCP Request
1
3
4DHP AckOption 150
CPE
12
4. DHCP server replies with Option 150
5. CPE requests bootstrap file over TFTP
6. TFTP server sends CPE bootstrap file
7. CPE requests config template
8. CE responds with the template
9. CPE is operational
Provider Network
Bootstrap Configuration
Config Send
5
4
6
DHP AckOption 150
HTTP Get for Template
Response for Template8
7
CPE becomes Operational9

Zero-Touch Deployment Illustration(view in presentation mode)
Branch Office or Customer Premises
Warehouse
Can I have my configuration?OK. Here is your configuration.
Network
SSL
Host-a
13
1. Device (CPE-A) is selected from warehouse and loaded without configuration
2. CNS ID and template for CPE-A is entered in the configuration engine
4. CPE-A powers up and calls home to the DHCP/TFTP/Configuration Engine
5. Upon authentication, configuration engine sends configuration to CPE-A
6. CPE-A applies configuration and becomes operational
3. CPE-A is shipped to the customer premises or branch office
Premises
Cisco IOS Software Network Services Agent Device
Configuration Engine Server
Blah
Blah
Blah
Host-a

True Zero Touch Solution Components2. CCE Architecture
DeviceModule
IMGW
Publish/Subscribe Event Bus
DynamicNSM
VelocityTemplateEngine
XML/SOAP
CustomerApplication
ConfigurationServices
ImageServices
EventGateway
Configuration Service
Delivers initial (partial) configuration
Image Service

zero-touch - cisco - cisco - global home · pdf fileprimary components include autoinstall...

Documents