Blueprint Focus: Trivial File Transport Protocol

The Trivial File Transfer Protocol (TFTP) is used to facilitate the transfer of configuration files to Cisco telephony devices, i.e., phones, in Cisco telephony solutions that utilize either CUCM or CUCME.  The TFTP server is typically running on an IOS router (in the case of CUCME), or on a CUCM server within a full-blown unified communications cluster.  When preparing to take the CCIE Voice Written exam, you'll need to have good knowledge of how TFTP is used with both CUCM and CUCME.

Using TFTP with Call Manager Express (CUCME)

The function of TFTP as it pertains to CUCME can become a rather lengthy discussion and ultimately several posts by itself.  In order to keep this somewhat contained within this blog, I recommend you review the CUCME System Administrators Guide for information about how it uses TFTP.  Pay attention to the HTTP File-Fetch Server (HFS) as an alternative to using TFTP.  I've listed a couple of the more interesting tidbits below.

From the CUCME System Administrators Guide,

Using External TFTP Server Possible
In Cisco Unified CME 4.0 and later versions, you can use an external TFTP server to off load the TFTP server function on the Cisco Unified CME router. Using flash memory or slot 0 memory on the Cisco Unified CME router allows you to use different configuration files for each phone type or for each phone, permitting you to specify different user locales and network locales for different phones.  Before Cisco Unified CME 4.0 , you could specify only a single default user and network locale for a Cisco Unified CME system.

File Binding and Fetching
File binding and fetching using the HTTP server can be classified into two:
  1. Explicit binding - The create profile command triggers the system to generate the configuration and firmware files and store them in RAM or a flash memory. The system asks the new internal application programming interfaces (APIs) implemented by the HFS download service to bind the filename and alias that an IP phone wants to access to their corresponding URL.
  2. Loose binding - The HFS download service enables the Cisco Unified CME system to configure a home path from where any requested firmware file that has no explicit binding can be searched and fetched. The files can be stored on any device (such as flash memory or NVRAM) under a root directory or a suitable subdirectory.

No matter how the system is configured, if there is no explicit binding, the files will go to the home path.

An advantage of the HFS service over the TFTP service is that only the absolute path where the firmware files are located needs to be configured in telephony-service configuration mode.

For example:

Router(config-telephony)# hfs home-path flash:/cme/loads/

In contrast, the TFTP service requires that each file be explicitly bound to its URL using the following tftp-server command:

tftp-server flash:SCCP70.8-3-3-14S.loads

Using TFTP with Unified CM Clusters

The TFTP function within the Unified CM environment is an essential service.  As such, there are many different angles you should consider when preparing for the CCIE Voice Written exam.  I've tried to capture many of the more testable concepts below.

Per Cisco's CUCM 7.x SRND:
The TFTP server performs two main functions:
  1. The serving of files for services such as MoH, configuration files for devices such as phones and gateways, binary files for the upgrade of phones as well as some gateways, and various security files.
  2. Generation of configuration and security files. Most files generated by the Cisco TFTP service are signed and in some cases encrypted before being available for download.
TFTP Implementation Recommendations
The TFTP service can be enabled on any server in the cluster. However, in a cluster with more than 1250 users, other services might be impacted by configuration changes that can cause the TFTP service to regenerate configuration files. Therefore, Cisco recommends that you dedicate a specific server to the TFTP service in a cluster with more than 1250 users, with Extension Mobility, or with other features that cause configuration changes.
TFTP Load Balancing
The TFTP server is used by phones and MGCP gateways to obtain configuration information. There is no restriction on the number of servers that can have TFTP service enabled, however Cisco recommends deploying 2 TFTP servers for a large cluster, thus providing redundancy for TFTP service. More than 2 TFTP servers can be deployed in a cluster, but this can result in an extended period for rebuilding of all TFTP files on all TFTP servers. When configuring the TFTP options using DHCP or statically, you can normally define an IP address array (more than one IP address) for a TFTP server. Therefore, you can assign half of the devices to use TFTP server A as the primary and TFTP server B as the backup, and the other half to use TFTP server B as the primary and TFTP server A as the backup. To improve performance on dedicated TFTP servers, you can set service parameters to increase the number of simultaneous TFTP sessions allowed on the server.
TFTP Implications During Unified CM Cluster Upgrades
When upgrading a Unified CM cluster, Cisco highly recommends that you upgrade the TFTP servers after the publisher and before any other server, also allowing additional time following the upgrade for the TFTP server to rebuild all the configuration files. Either use the typical Cisco TFTP - BuildDuration time or use the real-time monitoring tool to monitor the Cisco TFTP - DeviceBuildCount until it stops incrementing. This upgrade order ensures that any new binaries and configuration changes are available before the upgrade of other services in the cluster. If you are manually adding a specific binary or firmware load for a phone or gateway, be sure to copy the file to each TFTP server in the cluster.
TFTP Hardware Recommendations
Cisco recommends that you use the same hardware platform for the TFTP servers as used for the call processing subscribers.
Essential TFTP Reading

From Cisco's CUCM System Guide, there is an extensive discussion of how TFTP interacts with various devices in the Unified CM environment.  Folks, if you only read one article about TFTP to prepare for the CCIE Voice written exam - make it this one!
TFTP Process Overview for SCCP Devices
TFTP Process Overview for Cisco Unified IP Phones Using SIP
Understanding How Devices Use DHCP and Cisco TFTP
Understanding How Devices Access the TFTP Server
Understanding How Devices Identify the TFTP Server
Configuring a Redundant or Load-Sharing TFTP Server
Alternate Cisco File Servers
Centralized TFTP in a Multiple Cluster Environment
Master TFTP Server
Sending Files to the Master TFTP Server
Centralized TFTP with Secure Clusters
Configuration Tips for Centralized TFTP
Customizing and Modifying Configuration Files
TFTP Configuration Checklist
Key Concepts For Review
  1. It is possible to specify an external TFTP server when using CUCME, instead of local storage on the router.
  2. No more than two TFTP servers are recommended in a single cluster
  3. Cisco recommends using a dedicated server for TFTP if more than 1250 users exist in a single Unified CM Cluster.
  4. TFTP generally uses UDP Port 69 to initiate connections.  See the CUCM 7.x Port List for more details.
TFTP Protocol Details

TFTP generally uses UDP as it's IP transport protocol.  When the connection is initiated, UDP Port 69 used.  The actual data transfer, however, uses ports that are negotiated during the initiation and will fall within the range of ephemeral ports configured.

Per Wikipedia, see the following RFCs for all the nitty gritty details:
  1. RFC 906 – Bootstrap loading using TFTP, R. Finlayson, June 1984.
  2. RFC 1350 – TFTP Protocol (revision 2), K. R. Sollins, July 1992. (This superseded the preceding, RFC 783 and earlier FTP RFCs back to the original IEN 133)
  3. RFC 1785 – TFTP Option Negotiation Analysis, G. Malkin, A. Harkin, March 1995.
  4. RFC 2090 – TFTP Multicast Option, A. Emberson, February 1997. (Status: Experimental)
  5. RFC 2347 – TFTP Option Extension, G. Malkin, A. Harkin, May 1998. (This superseded the preceding, RFC 1782)
  6. RFC 2348 – TFTP Blocksize Option, G. Malkin, A. Harkin, May 1998. (This superseded the preceding, RFC 1783)
  7. RFC 2349 – TFTP Timeout Interval and Transfer Size Options, G. Malkin, A. Harkin, May 1998 (This superseded the preceding, RFC 1784).
  8. RFC 3617 – Uniform Resource Identifier (URI) Scheme and Applicability Statement for the Trivial File Transfer Protocol (TFTP), E. Lear, October 2003.
Suggested Reading
  1. CUCME System Guide, Configuring System-Level Parameters
  2. CUCM 7.x System Guide, Cisco TFTP 
  3. CUCM 7.x SRND, TFTP Servers
  4. Wikipedia - TFTP
  5. CUCM SRND 7.x, Full PDF
  6. CUCME "TFTP Not Authorized" Message
  7. CUCM 7.x Port List 
  8. Changing Cisco IP Phone Background Images 
CCIE Voice Written Blueprint

The relevant section of the blueprint that includes this topic is shown below.

1.00    Infrastructure Protocols   
1.01    DNS   
1.02    TFTP   
1.03    NTP   
1.04    Power over Ethernet   
1.05    Voice and Data VLAN   
1.06    Troubleshooting Infrastructure Protocols

Full Cisco CCIE Voice Written Blueprint

No comments:

Post a Comment