Network service providers including incumbent local exchange carriers (ILEC), competitive local exchange carriers (CLECs), cable operators, managed service operators, and others who offer managed internet protocol (IP) virtual private network (VPN) service wish to achieve network provisioning solutions that provide “zero-touch” or automatic configuration of VPN devices, such as customer edge (CE) routers and provider edge (PE) routers. In a zero-touch provisioning approach, when a CE router is powered on and establishes a communications link to a PE router, the CE router is able to communicate with remote CE routers and become part of an any-to-any VPN.
Existing mechanisms for zero-touch CE provisioning assume that the CE router has working internet protocol (IP) reachability to the zero-touch provisioning server, for purposes of downloading CE configuration files. These mechanisms also assume that the PE router is already configured with a PE-CE interface IP address, VRF data values, the PE-CE routing protocol, MP-BGP VRF instance, and other configuration values that are essential to support IP reachability.
In current practice, manual steps are required to accomplish configuration of PE routers with these values. Alternatively, service providers can use a configuration tool such as Internet Service Center (ISC), commercially available from Cisco Systems, Inc., San Jose, Calif., but this approach requires the administrator to manually identify routers and values, perform multiple steps and consequently extensive knowledge about how to use the tool is necessary. Manual configuration is inefficient, time-consuming, costly and involves potential human error.
The assumptions and manual identification steps described above pose significant limitations for the effective deployment of managed service with zero-touch CE routers.
Certain service providers have attempted to address the problem using flow-through provisioning, but this approach is limited by the foregoing assumptions, and becomes handicapped when automatic PE provisioning is desired. The time involved in performing CE-PE router provisioning is a serious barrier to achieving automated VPN service activation.
Cisco Configuration Engine (CCE), commercially available from Cisco Systems, Inc., San Jose, Calif., facilitates provisioning CE routers. However, CCE requires a CE router to have IP reachability to the CCE server, which may be within in or outside the SP network. Moreover, CCE assumes that the PE router is already configured to provide IP connectivity to the CE router; this assumption is invalid in many deployments. Cisco also offers an auto-install feature for router configuration.
Dynamic Host Configuration Protocol (DHCP), as defined in Request for Comments (RFC) 2131 and RFC 3315 of the Internet Engineering Task Force, provides techniques for configuring network addresses (IP addresses) on IP devices. The Data Over Cable Service Interface Specification (DOCSIS) uses DHCP at a cable modem to obtain IP addresses of various servers including a TFTP server. The cable modem then unicasts a request to the TFTP server to download a configuration file. However, both the DOCSIS approach and the Cisco approaches discussed above have the assumptions and issues described above.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.