vEdge devices can be onboarded via two methods: Zero Touch Provisioning (ZTP) or manual configuration. ZTP does require some initial steps on Cisco’s Plug and Play (PnP) Connect portal:
Step 1. Use the PnP Connect portal, which is linked to Cisco Commerce Workspace (CCW), to place an order for SD-WAN devices with PnP licenses.
Step 2. Configure the vBond controller IP address or domain name.
Step 3. Define the vBond controller in PnP Connect.
Step 4. PnP will automatically send the data to ZTP.
Step 5. Upload a provisioning file to vManage.
After these steps are complete, the device is available in vManage for ZTP.
Zero Touch Provisioning (ZTP)
Cisco makes its ZTP automatic provisioning software available as a service (SaaS). The ZTP process involves the following considerations:
- The edge or gateway router at the site where the hardware vEdge router is located must be able to reach public DNS servers. It is recommended that they be configured to reach the Google public DNS servers 8.8.8.8 and 8.8.4.4.
- The edge or gateway router at the site must be able to reach ztp.viptela.com.
- A network cable must be plugged into the interface that the hardware router uses for ZTP. These interfaces are
- For vEdge 1000 routers: ge0/0
- For vEdge 2000 routers: ge2/0
- For vEdge 100 series routers: ge0/4
Onboarding vEdge routers involves the following steps:
Step 1. Build a configuration template on vManage for the vEdge routers that will be joining the SD-WAN overlay network.
Step 2. Cable and power on the vEdge routers. The vEdge devices use their circuits to connect with the Cisco-hosted PnP Connect server, which redirects the vEdge devices to the vBond server to authenticate these devices. The template configuration from vManage is then loaded onto the vEdge routers.
Step 3. Once configured, the vEdge routers build secure channels to the vSmart controller.
Step 4. The vEdge routers set up OMP peering with vSmart controllers.
Step 5. After OMP peers are established, the vEdge routers learn routing information to other sites and information required to establish IPsec connections to other locations.
Step 6. IPsec tunnels are established to other locations to form the SD-WAN overlay network, based on the configured policies the vEdge routers for BFD adjacencies with each other.
Onboarding a vEdge Router via Manual Configuration
With the manual configuration method, a site network administrator manually configures minimal information that allows the vEdge devices to connect with the vBond orchestrator. The following information is configured:
- IP address and gateway IP address (or use DHCP)
- The vBond IP address or the vBond hostname (if in DNS) and DNS server IP address
- The organization name, system IP address, and site ID