Kaspersky SD-WAN
- About Kaspersky SD-WAN
- Architecture of the solution
- Redundancy and fault tolerance
- Ensuring security
- User interface of the solution
- Authentication in Kaspersky SD-WAN
- Setting and resetting the default page
- Switching between light and dark theme
- Limiting the duration of a user session when idle
- Viewing active user sessions
- Configuring the Docker container log verbosity
- Navigating to the orchestrator API
- Changing the language of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- Managing Kaspersky SD-WAN domains
- Managing data centers
- Managing VIMs
- Managing subnets
- Viewing logs
- Service Requests
- Managing network services
- User roles and actions with network services
- Uploading a VNF or PNF package to the orchestrator
- Network service template
- Creating a network service
- Configuring network service topology components
- Editing a network service topology
- Deploying a network service
- Checking the consistency of a network service
- Redeploying a network service and its components
- Auto-Healing
- Managing VNFs and VDUs in a network service
- Viewing the network service log
- Deleting a network service
- Managing confirmation requests
- Managing users
- Creating an LDAP connection
- Editing an LDAP connection
- Changing the password of an LDAP connection
- Deleting an LDAP connection
- Creating access permissions
- Editing access permissions
- Cloning access permissions
- Removing an access permission
- Creating a user
- Editing a user
- Changing user password
- Activating or blocking a user
- Deleting a user
- Creating a user group
- Editing a user group
- Deleting a user group
- Managing tenants
- Creating a tenant
- Assigning a VIM to a tenant
- Assigning topology components to a tenant
- Assigning compute resources to a tenant
- Assigning a user to a tenant
- Assigning a user group to a tenant
- Authenticating as an administrator in the tenant's orchestrator web interface
- Editing a tenant
- Deleting a tenant
- Managing SD-WAN instances
- Creating an SD-WAN instance template
- Setting the default SD-WAN instance template
- Deleting an SD-WAN instance template
- Adding a tenant to an SD-WAN instance template
- Removing a tenant from an SD-WAN instance template
- Configuring high availability
- Choosing a transport strategy
- Adding a tenant to an SD-WAN instance
- Removing a tenant from an SD-WAN instance
- Viewing devices assigned to an SD-WAN Instance
- Deleting an SD-WAN instance
- Creating a pool of SD-WAN instances
- Adding an SD-WAN instance to a pool
- Removing an SD-WAN instance from a pool
- Deleting a pool of SD-WAN instances
- Managing CPE devices
- Composition of CPE devices
- Composition of uCPE devices
- SD-WAN managementTunnel management transport service
- Automatic configuration of CPE (ZTP) devices
- CPE device statuses and states
- Ensuring connectivity of CPE devices with SD-WAN Controllers
- Automatically updating the link cost based on maximum speed of the interface
- CPE template
- Creating a CPE device
- Specifying the address of a CPE device
- Registering a CPE device
- Activating or deactivating a CPE device
- Using a web address to activate a CPE device
- Connecting to the CPE device console
- Deleting a CPE device
- Viewing the password of a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Exporting settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Searching for CPE devices
- Automatic removal and deactivation of a CPE device
- Two-factor authentication of a CPE device
- Orchestrator certificates
- Tags
- Out-of-band management of CPE devices
- Managing CPE devices in SD-WAN controller menu
- Viewing the OpenFlow table of a CPE device
- Viewing statistics of OpenFlow interfaces
- Viewing statistics of queues on LAN interfaces
- Navigating to service interfaces on a CPE device
- Viewing the specifications of a CPE device
- Viewing the usage of a CPE device
- Changing the status of a CPE device in the SD-WAN Controller
- Changing the MAC address of a CPE device
- Terminating the TCP session between a CPE device and the SD-WAN Controller
- Scripts
- Network interfaces
- Configuring the connection of a CPE device to the SD-WAN network
- SD-WAN interfaces
- OpenFlow interfaces
- Service interfaces and UNIs
- Creating a service interface
- Creating an ACL interface
- Viewing the usage of a service interface and an ACL interface
- Deleting a service interface and an ACL interface
- Creating a UNI template
- Creating a UNI in a template
- Editing a UNI in a template
- Deleting a UNI in a template
- Deleting a UNI template
- Creating a UNI
- Editing a UNI
- Deleting a UNI
- Filtering routes
- The BGP dynamic routing protocol
- The OSPF dynamic routing protocol
- The BFD protocol
- Creating or deleting a static IPv4 route
- The VRRP protocol
- Viewing the settings of the CPE device connection to the service provider network
- Configuring the connection of a CPE device to a Syslog server
- Configuring the connection of a CPE device to an NTP server
- Firmware
- Monitoring solution components
- Tunnels, segments, and paths
- Configuring topology
- Quality of Service (QoS)
- Transport services
- Point-to-Point (P2P) transport service
- Point-to-Multipoint (P2M) transport service
- Multipoint-to-Multipoint (M2M) transport service
- Adding a transport service in a CPE template
- Editing a transport service in a CPE template
- Deleting a transport service from a CPE template
- Scenario: Directing application traffic to a transport service
- Traffic mirroring
- Task scheduler
- Configuring the SD-WAN Controller
- Editing the SD-WAN Controller
- Restarting the SD-WAN Controller
- Downloading a backup SD-WAN Controller configuration file
- Restoring the SD-WAN Controller
- Deleting the SD-WAN Controller
- SD-WAN Controller properties
- Viewing information about SD-WAN Controller nodes
- Viewing the topology of a deployed SD-WAN instance
- Contacting Technical Support
- Appendices
- Glossary
- Control plane
- Customer Premise Equipment (CPE)
- Data plane
- DSCP values
- Graceful restart
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- SD-WAN Controller
- SD-WAN Gateway
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Universal CPE (uCPE)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function (VNF)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Information about third-party code
- Trademark notices
Managing CPE devices > Automatic configuration of CPE (ZTP) devices
Automatic configuration of CPE (ZTP) devices
Automatic configuration of CPE (ZTP) devices
Each CPE device has a unique DPID (Datapath Identifier). It is a 64-bit number that is generated based on a unique characteristic of the CPE device, such as the MAC address of the WAN0 interface or a serial number.
To use a CPE device, you must first create an entry for it in the web interface, and then connect the device itself to the orchestrator. Alternatively, you can connect the device to the orchestrator (in this case, it is displayed in the web interface with the Unknown status) and then create an entry. In both cases, the entry is associated with the device based on its DPID.
Two main scenarios exist for registering CPE devices: Zero Touch Provisioning (ZTP) or with additional configuration. Additional configuration includes, for example, assigning static IP addresses and creating routes, uploading security certificates, and generating tokens.
The CPE device is configured as follows:
- If additional configuration is needed, URL activation is used.
- The CPE device receives IP addresses of WAN interfaces and DNS servers as well as default routes from the service provider via DHCP.
- The CPE device uses the FQDN or IP address of the orchestrator to connect to it, passes its own DPID, and obtains the public IP addresses of the SD-WAN Controller and SD-WAN gateways (if any). Certificates are also uploaded to the CPE device.
- The CPE device establishes a TLS connection with the SD-WAN controller over the IP network using the service provider's network or the internet.
- The SD-WAN Controller programs the CPE device to create links from each WAN interface.
To automatically configure a CPE device over the internet, you must configure public IP addresses of the orchestrator, controller, and SD-WAN gateways. NAT is supported for the following interfaces as an alternative to public IP addresses:
- tcp 443, 81 for the orchestrator
- tcp 6653 to 6656 for the SD-WAN Controller
- udp 4800 to 4803 for SD-WAN gateways
|
See also |
Article ID: 237777, Last review: Aug 21, 2024