What Is DHCP-based Deployment?
DHCP-based deployment is a simple zero touch provisioning (ZTP) technology, but a DHCP server needs to be deployed. After an unconfigured device is powered on, the device automatically starts the DHCP-based deployment process. The device, functioning as a DHCP client, sends DHCP request messages to the DHCP server and completes automatic deployment using the deployment information carried in the DHCP reply messages.
Why Do We Need DHCP-based Deployment?
After devices are installed, engineers usually need to commission software onsite. When a large number of devices need to be sparsely deployed, engineers need to manually configure each device or import configurations to deploy the devices. This lowers the deployment efficiency and increases labor costs. ZTP addresses these issues. ZTP enables devices to automatically obtain and load deployment files, freeing engineers from onsite configuration and deployment. As such, ZTP reduces labor costs and improves deployment efficiency. DHCP-based deployment is one way for implementing ZTP.
DHCP-based deployment implements plug-and-play of devices. Users only need to deploy a DHCP server, connect cables, and power on the devices. No deployment terminal or additional actions are required. Compared with other ZTP modes, DHCP-based deployment is flexible and does not require strict matching between devices and sites. Therefore, it is suitable for carriers or enterprises that have permissions to configure a DHCP server.
Although DHCP-based deployment is simple and flexible, security risks exist, such as data leakage and interception. Therefore, to ensure data reliability during DHCP-based deployment, users can deploy a dedicated bootstrap server, and use two-way authentication and data encryption to ensure data security. This DHCP-based deployment mode is called secure zero touch provisioning (SZTP), which applies to scenarios that require high security. SZTP and DHCP-based deployment are both implemented through exchange of DHCP messages, but the implementation details are slightly different. DHCP-based deployment in this document refers to DHCP-based ZTP. For details about SZTP, see "Configuring SZTP".
How Does DHCP-based Deployment Work?
Before describing how DHCP-based deployment works, this section introduces the components required for DHCP-based deployment and their functions.
Components Required for DHCP-based Deployment
As shown in following figure, DHCP-based deployment requires the following components: device to be deployed, DHCP relay agent, DHCP server, syslog server, DNS server, intermediate file server, and deployment file server. Successful DHCP-based deployment depends on the cooperation of all components.
Figure 1-2 Components required for DHCP-based deployment
Functions of each component required for DHCP-based deployment:
- DHCP server: allocates a temporary management IP address, default gateway, DNS server address, and intermediate file server address to the device to be deployed.
- Syslog server: uploads user logs recorded during the DHCP-based deployment process to the network management system (NMS).
- DHCP relay agent: forwards DHCP messages when the device to be deployed and the DHCP server are on different network segments.
- Intermediate file server: stores the intermediate file required by the device to be deployed. The server parses the intermediate file to allow the device to obtain the IP address of the deployment file server and deployment files. The intermediate file server must be an SFTP server.
- Deployment file server: stores the deployment files to be loaded to the device to be deployed, including the system software, configuration files, and patch files. The deployment file server also must be an SFTP server and can be deployed on the same file server as the intermediate file server.
- DNS server: provides mappings between domain names and IP addresses. Through the DNS server, the device to be deployed can resolve the domain names of the file servers to IP addresses to obtain the required files.
DHCP-based Deployment Process
The DHCP-based deployment process is simple and consists of two phases: deployment preparation and onsite deployment. The deployment preparation phase is complex and needs to be completed by engineers. Before the deployment, engineers need to make the following preparations:
- Prepare and configure a DHCP server. During the deployment, the DHCP server sends network configuration parameters carried in Option fields to DHCP clients. Therefore, the DHCP server needs to be configured before the deployment. For details, see "Configuring a DHCP Server".
- Prepare a PC to make an intermediate file for DHCP-based deployment. The intermediate file can be in the Editing the Intermediate File".
- Prepare an SFTP file server to store files to be downloaded to the device to be deployed, such as the intermediate file and deployment files. For details about how to configure an SFTP file server, see "Configuring the SFTP File Server".
Figure 1-3 DHCP-based deployment process
In the site deployment phase, the device starts the DHCP-based deployment process after being cabled and powered on. As shown in the preceding figure, the DHCP-based deployment process consists of the following phases:
- Power on the device. After an unconfigured device is powered on, the device automatically starts the DHCP-based deployment process.
- The device obtains DHCP information. The device broadcasts a DHCP request message on the management network interface, then high-bandwidth Ethernet interfaces, and finally low-bandwidth Ethernet interfaces. Then, the DHCP server sends a DHCP reply message to the device. The Option fields in the message carry DHCP information, including the device IP address, intermediate file server address, syslog server address, default gateway, and intermediate file name. The device parses the DHCP reply message to obtain the IPv4 address of the syslog server. The device records important information generated during DHCP-based deployment in user logs and uploads the logs to the NMS through the syslog server.
- The device obtains an intermediate file. The device obtains the IP address of the intermediate file server from the DHCP reply message, and then downloads the intermediate file in the Python format.
- The device obtains deployment files. If the intermediate file is an Python script, the device automatically runs the script to download deployment files from the deployment file server.
- The device sets the startup files and restarts. The device automatically sets the downloaded deployment files as the files for next startup, and then restarts to complete DHCP-based deployment.
DHCP-based Deployment in SD-WAN Scenarios
In the SD-WAN Solution, large enterprises usually have thousands of branch sites that are widely distributed. Site deployment is complex, and it is impossible for professional engineers to deploy devices at each site. If an enterprise has permissions to configure a DHCP server, network engineers only need to configure a DHCP server and then deploy devices in batches in DHCP mode, which is convenient and flexible.
- Author： Liu Qiaoqiao
- Updated on： 2021-11-04
- Views： 3480
- Average rating：