DHCP-based Deployment

What Is DHCP-based Deployment?

DHCP-based deployment represents a straightforward zero-touch provisioning (ZTP) method, requiring the setup of a DHCP server. When an unconfigured device is activated, it initiates the DHCP-based deployment process automatically. Operating as a DHCP client, the device sends DHCP request messages to the DHCP server, which provides deployment information in the DHCP reply messages, thereby facilitating automatic deployment.

Why Do We Need DHCP-based Deployment?

Upon installation, engineers typically face the task of onsite software commissioning. When deploying a large number of devices across various locations, engineers often resort to manual configuration or importing settings, which diminishes deployment efficiency and escalates labor expenses. ZTP addresses these challenges by automating the retrieval and loading of deployment files by devices, liberating engineers from onsite setup. Consequently, ZTP diminishes labor costs and streamlines deployment processes. DHCP-based deployment emerges as a ZTP solution, facilitating plug-and-play functionality for devices. Users only need to establish a DHCP server, connect cables, and power on devices, without requiring additional setup steps or deployment terminals. Unlike other ZTP methods, DHCP-based deployment offers flexibility and doesn't demand strict device-site matching, making it suitable for carriers or enterprises with DHCP server configuration permissions.

However, despite its simplicity and flexibility, DHCP-based deployment exposes security vulnerabilities like data leakage and interception. To ensure data integrity during DHCP-based deployment, users can employ a dedicated bootstrap server, implement two-way authentication, and utilize data encryption to safeguard data. This security-enhanced DHCP-based deployment, known as secure zero-touch provisioning (SZTP), is particularly suited for high-security scenarios. While SZTP and DHCP-based deployment both utilize DHCP message exchange, they differ in implementation details. In this context, DHCP-based deployment specifically refers to DHCP-based ZTP. For more information on SZTP, please refer to the "Configuring SZTP" documentation.

How Does DHCP-based Deployment Work?

This section provides an overview of the components essential for DHCP-based deployment and their respective roles before delving into the operational details of how DHCP-based deployment functions.

Components Required for DHCP-based Deployment

The successful implementation of DHCP-based deployment relies on the collaboration of several essential components, including the device to be deployed, DHCP relay agent, DHCP server, syslog server, DNS server, intermediate file server, and deployment file server, as illustrated in the diagram below.

Here are the functions of each component required for DHCP-based deployment:

• DHCP server: Assigns a temporary management IP address, default gateway, DNS server address, and intermediate file server address to the device being deployed.

• Syslog server: Uploads user logs generated during the DHCP-based deployment process to the network management system (NMS).

• DHCP relay agent: Forwards DHCP messages when the device being deployed and the DHCP server are on different network segments.

• Intermediate file server: Stores the intermediate file needed by the device being deployed. This server parses the intermediate file to enable the device to obtain the IP address of the deployment file server and the deployment files. It must be an SFTP server.

• Deployment file server: Stores the deployment files, including system software, configuration files, and patch files, to be loaded onto the device being deployed. It also must be an SFTP server and can be deployed on the same server as the intermediate file server.

• DNS server: Provides mappings between domain names and IP addresses. Through the DNS server, the device being deployed can resolve the domain names of the file servers to IP addresses to obtain the required files.

DHCP-based Deployment Process

The DHCP-based deployment process involves two phases: deployment preparation and onsite deployment.

During the deployment preparation phase, engineers need to:

• Set up and configure a DHCP server. As part of the deployment process, the DHCP server transmits network configuration parameters contained in Option fields to DHCP clients. Thus, configuring the DHCP server is necessary prior to deployment.

• Prepare a PC to create an intermediate file for DHCP-based deployment.

• Prepare an SFTP file server to host files intended for download onto the deployment device, including the intermediary file and deployment files.

In the onsite deployment phase, the device initiates the DHCP-based deployment process after being powered on and cabled. This process includes:

• Powering on the device, which automatically triggers the DHCP-based deployment process.

• The device obtaining DHCP information by broadcasting a DHCP request message and receiving a DHCP reply message from the DHCP server. This message contains vital network configuration details.

• The device acquires an intermediate file from the intermediate file server.

• If the intermediate file is a Python script, the device automatically runs the script to download deployment files from the deployment file server.

• The device setting the downloaded deployment files as the startup files and then restarting to complete the DHCP-based deployment.

DHCP-based Deployment in SD-WAN Scenarios

In SD-WAN scenarios, particularly in large enterprises with numerous widely distributed branch sites, site deployment can be intricate. Given this complexity, deploying devices at each site manually is impractical. However, if the enterprise has the authority to configure a DHCP server, network engineers can streamline the process by setting up a DHCP server and deploying devices in batches using DHCP mode. This approach offers convenience and flexibility, significantly simplifying the deployment process.