04-25-2018 02:27 PM - edited 03-17-2019 12:42 PM
hi guys,
I just want to find out if a dhcp option 150 can be configured to point to an ip address which directs phone tftp request to a load balancer (ex netscaler), which then directs the traffic to an actual cucm tftp.
instead of creating more than one option 150 in the dhcp scope, I was wondering the above approach can be achieved.
pls let me know if anyone has ever done it that way.
thanks
vijay
Solved! Go to Solution.
04-29-2018 09:59 AM - edited 04-30-2018 10:40 AM
I feel a bit more caution is advised here. This approach is almost surely to be painted by TAC as unsupported since none of Cisco’s product documentation suggests it. My philosophy is that coloring inside the lines today prevents finger-pointing tomorrow.
Also remember that TFTP is more of a feature name than it is a protocol at this point. Current generation endpoints use HTTP 6970 or HTTPS 6971-6972 to get firmware and config files. Putting a load balancer in-line of that is going to cause TLS handshake issues. You can probably overcome them by uploading the old balancer’s certificate to Tomcat-trust on CUCM so the TVS query from the phone approves the presented certificate; however, as far as I can tell you’re in mostly uncharted waters. I would test this extensively and be comfortable supporting it yourself.
04-25-2018 06:07 PM
I cant see a reason why that wouldnt be possible.
the phone really doesnt care on whether it connnect to a VIP or not as long as it can download the config xml file.
however, this means you are going to sit a cucm behind a netscaler, I am not sure who that effects DB replication traffic. Maybe if you ONLY load balance tftp traffic through your load balancer and leave all the other traffic in tact.
04-25-2018 08:34 PM
hi Denis,
thanks for your response. basically dhcp option 150 will be configured with a VIP. phone will grab this and tries communicate with netscaler which will provide cucm tftp. I am not sure how this will impact db replication as option 150 VIP is only used by phones.
I will have to try and see if this is possible using netscaler. I will update later. thanks. vijay
04-29-2018 09:59 AM - edited 04-30-2018 10:40 AM
I feel a bit more caution is advised here. This approach is almost surely to be painted by TAC as unsupported since none of Cisco’s product documentation suggests it. My philosophy is that coloring inside the lines today prevents finger-pointing tomorrow.
Also remember that TFTP is more of a feature name than it is a protocol at this point. Current generation endpoints use HTTP 6970 or HTTPS 6971-6972 to get firmware and config files. Putting a load balancer in-line of that is going to cause TLS handshake issues. You can probably overcome them by uploading the old balancer’s certificate to Tomcat-trust on CUCM so the TVS query from the phone approves the presented certificate; however, as far as I can tell you’re in mostly uncharted waters. I would test this extensively and be comfortable supporting it yourself.
04-30-2018 10:22 AM
thanks Jonathan, I really appreciate your feedback. I am not going forward with this approach. thanks vijay.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide