Cisco Viptela ZTP (Zero Touch

Provisioning)
Rashmi Bhardwaj  |   |  Blog, BUZZ, Config & Troubleshoot

Introduction to Zero Touch Provisioning(ZTP)

Viptela provides the automatic provisioning of the vEdge routers by a process called Zero touch
provisioning where the vEdge router join the overlay network without the manual intervention. Only
pre-requisite to get the ZTP working on vEdge is to have internet connectivity so that we can
get DHCP address from that internet circuit and also get public DNS reachability.

By default factory setting when a vEdge router boots it will try to contact to a
URL ztp.viptela.com which is a service hosted by Cisco on the public cloud/internet.

Advertisements

How Zero Touch Provisioning works?

The complete steps for the ZTP process on Hardware vEdge routers are listed as below:

vEdge router after having internet connectivity boots up.

The router then sends a DHCP discover message and tries to get an IP from the DHCP server of
internet service provider.

1. If the DHCP server is reachable the router will get an IP address for its ZTP interface.
2. If no DHCP server is reachable the router will then initiate a process called automatic IP
detection to get its ZTP interface address.
 Once the ZTP interface gets the IP address from DHCP or auto IP, router will send a DNS
resolution request for ztp.viptela.com to public DNS server.
The DNS server on receiving this request will verify the vEdge router and will send back the IP
address of the vBond orchestrator of particular organization.
The router then tries to reach the vBond public IP and authenticates itself with vBond by
sharing its chassis number and serial number. vBond is also authenticated at the vEdge router
side.
Post the successful authentication and validation, vBond shares the IP address of vManage and
vSmart with vEdge.
The vEdge router then proceeds to connect to vManage and mutual authentication & validation
takes place. Once the authentication and validation is complete vManage gives the vEdge its
system IP address.
The router re-establishes a connection to the vBond orchestrator using its system IP address.
The router re-establishes a connection to the vManage NMS using its system IP address and
downloads its full configuration.
The vEdge router also does mutual authentication and validation with vSmart controllers using
its system IP.
Once the authentication and validation succeeds the vEdge router successfully joins the Viptela
overlay network.

Note: For the ZTP process to succeed, the vManage NMS must contain a device configuration
template for the vEdge router. If the NMS has no template, the ZTP process fails.