Unpacking the technologies behind the Zero-Touch Provisioning of a universal CPE

Explore the combination of technologies that enable remote provisioning and management of the uCPE and the VNFs this powerful new device supports.

A Universal Customer Premises Equipment (uCPE) consists of both software and hardware components to create a small virtualization platform at the customer premises and which is capable of running multiple Virtual Network Functions (VNFs) in a local service chain. This is similar to running Virtualized Network Functions in the datacentre but at a smaller scale. This enables Communication Service Providers (CSPs) to disaggregate software and hardware at the CPE level and provides them with unprecedented flexibility to run any type of service on the same commoditized hardware platform.

The services delivered by this programmable end-user device are in general controlled by Next Generation Service Orchestrators, who take care of the service configuration aspects of the delivered services. Another level of Orchestration concerns the deployment of the uCPE in the field. One of the challenges is to minimize its deployment cost using zero-touch provisioning. Pushing a new configuration to a uCPE is more complicated than to legacy CPEs because not only the configuration of the uCPE needs to be pushed to the device, but also the service chaining topology and the VNF images with their initial configurations. Using the NETCONF/YANG protocol however it is possible to push the complete initial configuration to the uCPE including the service chaining configuration and the VNF images with their initial start-up configuration. The initial communication with the provisioning server can be achieved using the NETCONF Call Home functionality, which allows the CPE to identify itself to the provisioning server and receive the correct configuration associated with the customer where the device is installed.

With zero-touch provisioning it is possible to install a uCPE and its configuration in an automated way. In many cases, however, end-to-end orchestration systems don’t support zero-touch provisioning yet or provisioning systems are not in place or sufficiently mature to support this level of automation.

In addition to the OneAccess-branded uCPE hardware (OVP or Open Virtualized Platform) and software (LIM or Local Infrastructure Manager), EKINOPS also offers OneManage to provide a solution for zero-touch provisioning of uCPEs based on a service catalog. OneManage supports a northbound interface to interface with OSS/BSS systems to receive customer-related data associated with a new uCPE deployment. In this way OneManage is an infrastructure orchestrator or sub-orchestrator, taking care of the provisioning of the uCPEs and the management of the installed uCPE base.

Building a service based on a service chain of multiple VNFs can be a time-consuming task and requires often a level of expertise that is hard to get. With OVP Design Studio it is possible to build local service chains in an intuitive way using a user-friendly Web GUI that enables users to build a service chain by dragging and dropping graphical representations of VNFs, interfaces and connectors. The same interface can also be used to debug a service chain with the possibility to intercept and analyse data on the virtual interfaces between VNFs. Once the service chain is ready for deployment, it is possible to export and parametrize the XML configuration and publish it as a service template. This service template can then be used by OneManage or any other infrastructure orchestrator to push the configuration to a new uCPE when it is installed.

A real world example of this approach is the zero-touch provisioning of uCPEs with a service chain of SD-WAN and Firewall. With the OVP design studio we create, with a Web GUI, a service chain of SD-WAN and Firewall VNFs and connect them to physical interfaces on the SD-WAN underlay network (usually MPLS and Internet) and the customer LAN. We also define the configuration parameters for each end-point and publish this XML service template to OneManage. OneManage can hold a list of service templates and depending on the customer, a different service template can be applied. The northbound interface with a OSS/BSS (Operation/Business Support System) allows the registration of a new customer in OneManage and to associate a service with this customer. Upon installation, the factory configuration instructs the new uCPE to contact the configuration server and provide more specific information related to the customer where it will be installed (such as a serial number). If a customer match can be found, a corresponding service configuration will be loaded into the uCPE, including the required VNF images and the initial configuration of these VNFs. After a successful push of configuration and images, the VNFs are launched in a well-known state. This state allows the respective VNFs (SD-WAN and firewall) to connect to their respective Orchestrator or EMS system. If applicable they can also be controlled by an umbrella service orchestrator, taking care of specific parameters associated with the end-to-end service delivered to the end-customer.

As a uCPE vendor, EKINOPS offers operators an open solution to host and chain Virtual Network Functions. In order to shorten the service design cycle, OVP Design Studio offers a straightforward way to design local service chains and to build network service templates, which can be used by a provisioning system. OneManage is a zero-touch provisioning system for uCPEs that can be used as infrastructure orchestrator or a sub-orchestrator for provisioning comprehensive service chains, including VNFs. In this way operators can already start to deploy virtualized network functions today, without the need to have a comprehensive orchestration solution ready. In a later stage operators can move this open zero-touch provisioning mechanism to a specialized orchestrator, once they are ready for operations.