SD-WAN Zero-Touch Provisioning (ZTP)

How does Zero-Touch Provisioning work? SD-WAN devices are assigned by Cisco to the Smart Account and Virtual Account of customer. This is reflected in Plug and Play connect portal (PnP). In the background, the SDWAN cloud provisioning process assigns the identity of the customer organization and starts the sd-wan controllers provisioning. After device unboxing router is connected with the WAN port to the network ensuring the IP settings from DHCP including address, mask, gateway and DNS. Device looks for Zero-Touch-Provisioning server (ZTP is aware of PnP portal inventory), is authenticated by server and redirected to right vBond controller. Onboarding process is fully-automated and ends with device presence in vManage orchestrator.

The process in detail:

After assigning IP information, sd-wan router looks for ztp.viptela.com which is general ZTP server.

• ZTP server redirects the router to right vBond controller
• Router authenticates with vBond based on certificates and gets the IP address of vManage and vSmart
• Parallely, vBond informs other controllers about new device
• Router authenticates with vManage and can get the config file
• Router authenticates with vSmart (SD-WAN routing policy controller)
• Router is successfully onboarded to the SD-WAN overlay and is ready to exchange OMP messages
• Router now establishes IPSec tunnels for the data plane traffic with other routers within overlay
• BFD messages start to flow between the routers and particular TLOCs