Solved: Re: can cucm tftp be load balanced using a load balancer and DHCP?

vijendra Saravanamuthu · ‎04-25-2018

hi guys,

I just want to find out if a dhcp option 150 can be configured to point to an ip address which directs phone tftp request to a load balancer (ex netscaler), which then directs the traffic to an actual cucm tftp.

instead of creating more than one option 150 in the dhcp scope, I was wondering the above approach can be achieved.

pls let me know if anyone has ever done it that way.

thanks

vijay

Jonathan Schulenberg · ‎04-29-2018

I feel a bit more caution is advised here. This approach is almost surely to be painted by TAC as unsupported since none of Cisco’s product documentation suggests it. My philosophy is that coloring inside the lines today prevents finger-pointing tomorrow.

Also remember that TFTP is more of a feature name than it is a protocol at this point. Current generation endpoints use HTTP 6970 or HTTPS 6971-6972 to get firmware and config files. Putting a load balancer in-line of that is going to cause TLS handshake issues. You can probably overcome them by uploading the old balancer’s certificate to Tomcat-trust on CUCM so the TVS query from the phone approves the presented certificate; however, as far as I can tell you’re in mostly uncharted waters. I would test this extensively and be comfortable supporting it yourself.

View solution in original post

Dennis Mink · ‎04-25-2018

I cant see a reason why that wouldnt be possible.

the phone really doesnt care on whether it connnect to a VIP or not as long as it can download the config xml file.

however, this means you are going to sit a cucm behind a netscaler, I am not sure who that effects DB replication traffic. Maybe if you ONLY load balance tftp traffic through your load balancer and leave all the other traffic in tact.

Please remember to rate useful posts, by clicking on the stars below.

vijendra Saravanamuthu · ‎04-25-2018

hi Denis,

thanks for your response. basically dhcp option 150 will be configured with a VIP. phone will grab this and tries communicate with netscaler which will provide cucm tftp. I am not sure how this will impact db replication as option 150 VIP is only used by phones.

I will have to try and see if this is possible using netscaler. I will update later. thanks. vijay

Jonathan Schulenberg · ‎04-29-2018

I feel a bit more caution is advised here. This approach is almost surely to be painted by TAC as unsupported since none of Cisco’s product documentation suggests it. My philosophy is that coloring inside the lines today prevents finger-pointing tomorrow.

Also remember that TFTP is more of a feature name than it is a protocol at this point. Current generation endpoints use HTTP 6970 or HTTPS 6971-6972 to get firmware and config files. Putting a load balancer in-line of that is going to cause TLS handshake issues. You can probably overcome them by uploading the old balancer’s certificate to Tomcat-trust on CUCM so the TVS query from the phone approves the presented certificate; however, as far as I can tell you’re in mostly uncharted waters. I would test this extensively and be comfortable supporting it yourself.

vijendra Saravanamuthu · ‎04-30-2018

thanks Jonathan, I really appreciate your feedback. I am not going forward with this approach. thanks vijay.