In the world of SD-WAN nirvana, The decoupled control and data plane architecture offers us many advantages, one of which is Day 0 or Day 1 deployments of new routers into our networks.
But what exactly IS "Day 0" or "Day 1" deployment? This Cisco community forum post provides a pretty good definition in the table shown below.
In an ideal world, SD-WAN should liberate us from the tedious Day(-1) activities defined in the table above and not require engineers to paste config into the router in advance of rolling it out. It allows us to ship routers straight to site, rather than having to ship them to some central location so our engineers can connect their console cable and use a pitiful 9600 serial connection to copy in our carefully crafted configurations.
Day -1 (Welcome Year Zero)
For day -1 device discovery, Cisco have a process they call "Bootstrap'...
The
intent behind using the Bootstrap option is to provide the
factory-shipped default configured WAN Edge device the configuration
needed to securely onboard, In other words, Cisco will ship you the
router with the orchestration plane (vBond IP Address) and other details
like organization name etc. you need for onboarding, already filled in!
How very helpful.
So bootstrap is perfect for a greenfield scenario, but what about when I'm converting my existing routers to SD-WAN? In this case, you're looking at Day 0. Incidentally, this is why they call the bootstrap method a "Day -1" solution, because it's a solution for devices that only exist in like, your future man. What a mind trip!
Day 0 - PnP, The network brownfield solution.
No, What we aim for is Day 0, followed quickly (and automatically) by Day 1.
Day 0? The new router should use some networking magic to find our networks control plane or "orchestration" layer. It has to work completely securely, ensuring no unauthorized device can join our network fabric, while also using the most robust and fool proof discovery method to find out exactly WHICH controller with WHICH IP address it should connect to in order to join our network with an almost Star Trek "Borg" like efficiency.
For this, Cisco have two solutions, one of which is ZTP which we will not be covering as this is used by vEdge devices (which for all intents and purposes, are the "old" Cisco SD-WAN Devices, Viptela devices, so I suspect we will see less and less of them over time.)
Instead, we will be covering Cisco Plug and Play (PNP). Let's get started.
If you've been running any sort of recent IOS XE Image, you may have seen the words "PnP" flash up in your console screens before, probably when you just reloaded a router, or where installing a new router.
For a lot of Cisco devices, The PNP service, along with call-home is often running by default.
Go ahead and try this command out for size:
c8000vLab#show pnp task
------------------ show pnp tasks ---------------------
<-- output ommited -->
Discovery Task - Run-ID:1, Stat-Type:7001, Result:Failed, Time=[08:01:38 UTC Sat Jun 15 2024] (elapsed 1 ms)
Src:[Startup Config Present], Dst:[PID:C8000V,VID:V00,SN:9535GTS0U94]
Error Code:0, Msg:[PnP Discovery Manager]
Monitoring Task - Never Run
Swift-UT Task - Run-ID:2, Stat-Type:8301, Result:Failed, Time=[-] (elapsed 1 ms)
Src:[Startup Config Present], Dst:[PID:C8000V,VID:V00,SN:9535GTS0U94]
Error Code:0, Msg:[PnP Discovery Manager]
Device-Setup Task - Never Run
Others Task - Never Run
To Control _HOW_ PNP connects to this "devicehelper.cisco.com" it's important to remember a few things.
First of all, Do you have an IP and gateway for Gi0/0/0 and can reach the internet? Does your DNS work? Do you have the right time on your router?
Can you even ping devicehelper.cisco.com? What IP address is returned, is it IPv4 or IPv6? Does it actually reply? Can you telnet to it on port 80 and get a response?
A lot of this you can check
yourself, but sometimes you might not have DNS for some reason, or you
can't use HTTP but you CAN use HTTPS due to your proxy, or maybe you can
do IPv4 but can't do IPv6. In this case, Unfortunately you have to
No comments:
Post a Comment