Tecnms-2401 (2018)

TECNMS-2401
NETCONF/YANG:
Programming Networks and
Model-Based Management
Mike Mikhail, Solutions Architect

mamikhai@cisco.com
Einar Nilsen-Nygaard, Principal Engineer
einarnn@cisco.com
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#TECNMS-2401
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• New software controls

• YANG models and language
• NETCONF protocol and tools
• RESTCONF and tools
• Applications
• Programming and automation
Introduction
• Mike Mikhail, Solutions Integration Architect, email: mamikhai@cisco.com

• Available at “Meet the Engineer” for 1:1 discussions
• Interests: SP routing platforms, SP technologies, QoS, SDN, NFV
• Einar Nilsen-Nygaard, Principal Engineer, email: einarnn@cisco.com

• Available at “Meet the Engineer” for 1:1 discussions
• Interests: Network programmability and manageability, Python, Access
Policy, Telemetry
TECNMS-2401 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Agenda

• Applications
New Software Controls:
SDx and API’s
Drivers for Software Controls
Scale, efficiency, speed, machine to machine
Configuration Management Today: CLI
Human Task Easy To No Special

Friendly Oriented Replay Tools
Syntax No Limited Focused on

format Structured Error 1:1
changes output Reporting interactions
What about SNMP?
• SNMP works “reasonably well for Device Monitoring”
• Do you use SNMP for configuration management???
Lack of Hard to Requires

Security
Writeable Replay / special
Concerns application
MIBs Rollback
Lousy Hard to Scalability Transport

Models Parse Issues Issues
NETCONF
RESTCONF
NETCONF, RESTCONF and YANG
New world equivalents for SNMP and MIBs
TELEMETRY
NMS
TELEMETRY
Controller
Terminology
Components of a working system
YANG
Modules
Management Yang
Applications
Models
Client
NETCONF
Session
NETCONF
Data Stores Server
Config & Oper YANG YANG YANG
Data Modules Modules Modules
APIs – Application Programming Interfaces
“a set of functions and procedures that allow the creation of applications which
access the features or data of an operating system, application, or other service”
• Building blocks for automation

• APIs can have various properties:
• Transport (SSH, HTTP)
• Encoding (XML, JSON, Protobuf)
• Data structure (Data Models)
• Some examples of APIs:

• The Twitter REST API
• The Java Software Development Kit
NETCONF and the API’s
Where does it fit?
Orchestrators (NSO), Controllers (DNAC), Applications, Management, Analytics (NDP)
Protocols C, Java, Py NETCONF RESTCONF DevOps OpenFlow ACI Fabric OpenStack
Management Puppet/Ansible
Orchestration Neutron
Network Services BGP, PCEP, …
Control I2RS OpFlex
Forwarding IPSE OpenFlow

SSH HTTP
YANG Data Models Plug-ins

Device
Operating Systems: IOS / NX-OS / IOS-XR / …

Agenda

• Applications
YANG models and language
Data Models
Explicitly and precisely define “data”
• Structure
• Syntax
• Semantics
Why Data Models?
• Objects become self-describing, including constraints
• Models let us apply tool chains and build automation
• Separation of models from protocols and encodings
Source: Google Maps on an iPhone
What is YANG
Data Modeling Language
• Yet Another Next Generation
• Text-based, readable
• Hierarchical, modular, and extensible
• Allows us to describe:
• Configuration data
• Operational data
• Actions (RPCs)
• Notifications
• Vendor neutral (e.g. IETF, OpenConfig) and vendor/device specific models

• IETF https://datatracker.ietf.org/wg/netmod/documents/
Data Models: Open/Vendor Neutral vs Native
“A Data-Model defines Data Structure, Syntax and Semantics”
Open Native
Models Models
Industry definition Vendor definition

Compliant with standard Unique to a Vendor operating
(IETF, ITU, OpenConfig, etc) system or platform
May have Vendor extensions
Example: ietf-diffserv-policy.yang Example: Cisco-IOS-XR-ipv4-bgp-cfg.yang
(IETF Diffserv data model) (IOS-XR BGP data model)
Today Open Models are a functional subset of Native Models

Native and Open Models
Benefits:
Client Application
• Use open models where available,
giving commonality across platforms
• Use native models for functionality
not yet in open models Open Models
• Platforms can advance native models Map
as required while still maintaining
open model compatibility Platform Native Models
Platform Config & Oper Data Stores
YANG Model Structure
Example: Cisco XR OSPFv3 module
$ pyang -f tree Cisco-IOS-XR-ipv6-ospfv3-oper@2015-11-09.yang
module: Cisco-IOS-XR-ipv6-ospfv3-oper
+--ro ospfv3
+--ro processes Downloaded from server (router)
+--ro process* [process-name]
+--ro vrfs
| +--ro vrf* [vrf-name]
| +--ro vrf-name xr:Cisco-ios-xr-string Module
| +--ro summary-prefixes
| | +--ro summary-prefix*
| | +--ro prefix? inet:ipv6-address-no-zone
| | +--ro prefix-length? xr:Ipv6-prefix-length Defined in another module
| | +--ro prefix-metric? uint32
| | +--ro prefix-metric-type? Ospfv3-default-metric
| | +--ro tag? Uint32
... ... ...
| | +--ro lsa-info
| | +--ro lsa-summary-info
| | | +--ro lsa-header
| | | | +--ro lsa-type? uint16 • Model = modules and sub-modules
| | | | +--ro lsa-area-id? string
| | | | +--ro lsa-age? uint16
| | | | +--ro is-do-not-age-lsa? boolean • Hierarchical tree of nodes
| | | | +--ro ls-id? uint32
• Nodes: Leaf – leaf-list – container – list
• Config - oper data – RPC’s - notifications
YANG Model Structure
Example: IETF NETCONF module
$ pyang -f tree ietf-netconf@2011-06-01.yang
module: ietf-netconf
rpcs: Module
+---x get-config
| +---w input
| | +---w source
| | | +---w (config-source) RPC definition
| | | +--:(candidate)
| | | | +---w candidate? empty {candidate}?
| | | +--:(running)
| | |
| | |
| +---w running?
+--:(startup)
empty Config data store types
| | | +---w startup? empty {startup}?
| | +---w filter?
| +--ro output RPC definition
| +--ro data?
+---x edit-config
| +---w input
| +---w target • Model = modules and sub-modules
| | +---w (config-target)
| | +--:(candidate)
| | | +---w candidate? empty {candidate}? • Hierarchical tree of nodes
| | +--:(running)
.
• Nodes: Leaf – leaf-list – container – list
• Config - oper data – RPC’s - notifications
What’s in a YANG Module?
Header, and data declarations
module ietf-ipv4-unicast-routing { /* Configuration data */
augment "/rt:routing/rt:control-plane-protocols/"
yang-version "1.1"; + "rt:control-plane-protocol/rt:static-routes" {
description
namespace "urn:ietf:params:xml:ns:yang:ietf-ipv4-unicast-routing";
"This augment defines the configuration of the 'static'
pseudo-protocol with data specific to IPv4 unicast.";
prefix "v4ur";
namespace container ipv4 { Data
import ietf-routing {
prefix "rt"; description declarations
} "Configuration of a 'static' pseudo-protocol instance
Import other consists of a list of routes.";
import ietf-inet-types { module definitions list route {
prefix "inet";
key "destination-prefix";
}
description
organization "A list of static routes.";
"IETF NETMOD (NETCONF Data Modeling Language)
Working Group"; leaf destination-prefix {
contact type inet:ipv4-prefix;

"WG Web: <https://datatracker.ietf.org/wg/netmod/>
mandatory "true";
. Reusable
description description
"This YANG module augments the 'ietf-routing' module with Data type
"IPv4 destination prefix.";
basic configuration and state data for IPv4 unicast routing.”; }
. .
container next-hop {
.
What’s in a YANG Module?
RPC and notification declarations
rpc clear-interfaces-statistics { notification link-failure {
description "Clear interface statistics"; RPC description "A link failure has been detected";
input { declaration leaf if-index { Notification

leaf interface-name { type int32 { range "1 .. max"; }
description "Name of physical or logical interface"; } declaration
type string; leaf if-name {
mandatory true; type keyref {
} path "/interfaces/interface/name";
} }
}
output {
container interface-information { }
container normal {
container physical-interface {
description "Information about a single physical interface";
leaf cascade-port-satellite-device-slot-identifier {
type int32;
description "Slot id of a Satellite Device on a Cascade Port";
}
leaf lcp-state {
type string;
...
YANG: Where to find the models
IETF, IEEE, BBF & MEF models on github.com
OpenConfig models on github.com
TECNMS-2401
TECNMS-2401 © 2018 Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco
Cisco Public
Public 36
32
Vendor models on github.com
…and Cisco models on github.com
Cisco models on github.com – per-version-per-OS
TECNMS-2401
TECNMS-2401 © 2018 Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco
Cisco Public
Public 40
35
Validate & Display YANG Modules With pyang
https://github.com/mbj4668/pyang
$ pyang -f tree --tree-depth 5 Cisco-IOS-XR-l2-eth-infra-oper@2015-11-09.yang
Cisco-IOS-XR-l2-eth-infra-oper-sub1@2015-11-09.yang:11: warning: imported module Cisco-IOS-XR-types not used
Cisco-IOS-XR-l2-eth-infra-oper-sub3@2015-11-09.yang:11: warning: imported module Cisco-IOS-XR-types not used
module: Cisco-IOS-XR-l2-eth-infra-oper
+--ro mac-accounting
| +--ro interfaces Also have --tree-path
| +--ro interface* [interface-name]
| +--ro interface-name xr:Interface-name
| +--ro state
| | +--ro is-ingress-enabled? boolean
Or try jstree instead?
| | +--ro is-egress-enabled? boolean
| | +--ro number-available-ingress? uint32
| | +--ro number-available-egress? uint32
| | +--ro number-available-on-node? uint32
| +--ro ingress-statistic*
| | +--ro mac-address? yang:mac-address To <get>: Cisco-IOS-XR-l2-eth-infra-oper:mac-accounting
| | +--ro packets? uint64
| | +--ro bytes? uint64
| +--ro egress-statistic*
| +--ro mac-address? yang:mac-address
| +--ro packets? uint64
| +--ro bytes? uint64
+--ro vlan
| +--ro nodes
| +--ro node* [node-id]
To <get>: Cisco-IOS-XR-l2-eth-infra-oper:vlan
DEMO
pyang
Build Your Own pyang Plugins!
• Anyone can build their own plugins
• Simple Python interface
• Example to generate xpaths with
type information from a model:
• https://github.com/einarnn/pyang-
plugins
• What could you do?
• Generate code?
• Validate models?
• Discover data in your own way?
• Mine models for statistics?
YANG Explorer and YANG Catalog
Getting To Know YANG With YANG Explorer
• YANG Explorer is an open source tool built by Cisco, using tools like pyang and
ncclient
• Client/server web-based application
• Available from https://github.com/CiscoDevNet/yang-explorer:
• git clone https://github.com/CiscoDevNet/yang-explorer.git
• Graphically interact (i.e., grab data, send configuration) with your devices
• Navigate YANG models with ease
DEMO
YANG Explorer
https://yangcatalog.org A repository of YANG tools and
the metadata around YANG
models with the purpose of
driving collaboration between
authors and adoption with
consumers.
BRKNMS-2032 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
YANG Catalog
Web-Based Searching of YANG Models
REST
queries
Search for Display

nodes model trees
View model
relationships
Yang Search
http://yangcatalog.org/yang-search/
DEMO
YANG Catalog
Agenda

• Applications
NETCONF Protocol
What is NETCONF
Network management protocol
• Uses RPC’s with XML encoding, usually over SSH, to:
• Read/write/edit configuration
• Read operational state and parameters
• Instruct administrative actions
• Transactional: all or nothing (atomic) with confirmation/test/rollback

• Extensible through YANG data model augmentation and its mapping into XML
• Concept of config data stores: Candidate, Running, Start-up
• IETF https://datatracker.ietf.org/wg/netconf/documents/
Why NETCONF
Instead of SNMP and CLI
• SNMP deficiencies:
• Needs complex expensive apps
• Performance
• Transactional complexity
• Poor configuration coverage
• Service definition/activation friendly

• Performance: Faster, cheaper bulk data transfers than SNMP
• Machine-to-machine friendly, whereas most CLI scripting lacks inherent
transaction and error management exposed in a machine-friendly way
• Scalable
Netconf Operations
For configuration and operational data
<get-config> <copy-config>
source: target & source:
running/candidate/startup startup/running/url/...
filter: <delete-config>
subtree/xpath match target:
<get> startup/url
filter: <lock>/<unlock>
subtree/xpath match target:
<edit-config> running/candidate/startup
target: <close-session>
running/candidate/startup
operation: <kill-session>
merge/replace/create/delete/remove
options:
test-option/error-option
NETCONF Protocol Capabilities
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:startup:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-ip</capability>
</capabilities>
<session-id>4</session-id>
</hello>
Client Server
NETCONF YANG Module Capabilities (Hello message)
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:startup:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-ip</capability>
</capabilities>
<session-id>4</session-id>
</hello>
Client Server
NETCONF YANG Module Capabilities (YANG library)
GET request on well-known path /modules-state
<modules>
<module>
<name>ietf-interfaces</name>
<revision>2014-05-08</revision>
<schema>http://localhost:8008/restconf/tailf/modules/[…]
<namespace>urn:ietf:params:xml:ns:yang:ietf-interfaces</namespace>
<feature>pre-provisioning</feature>
<feature>if-mib</feature>
<feature>arbitrary-names</feature>
<conformance-type>implement</conformance-type>
[…]
Client Server
Getting YANG Modules
<rpc message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-schema xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
<identifier>ietf-interfaces</identifier>
</get-schema>
</rpc>
[...]
<rpc-reply message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
module ietf-interfaces { //default format (yang) returned
//ietf-interfaces yang module
//contents here ... }
</data>
</rpc-reply>
Client Server
NETCONF Mechanism
Data requests/manipulation, and actions [RFC 6241]
Apps
XML RPC’s
NETCONF Client <get>, <get-config>, <edit-config>, <lock>,
NETCONF Server
<commit>, ..., action, +data
Control
YANG
schema
XML reply
Config & Oper
data
NETCONF Mechanism
Notifications and subscription [RFC 5277]
Apps
XML RPC’s
NETCONF Client <create-subscription>, <stream>, <filter>,
NETCONF Server
<startTime>, <stopTime>, …
Control
YANG XML RPC response

schema
Events
XML event notification data
NETCONF Layers
RFC 6241 Figure 1
Layer Example
+-------------+ +-----------------+ +----------------+
(4) | Content | | Configuration | | Notification |
| | | data | | data |
+-------------+ +-----------------+ +----------------+
| | |
+-------------+ +-----------------+ |
(3) | Operations | | <edit-config> | |
| | | | |
+-------------+ +-----------------+ |
| | |
+-------------+ +-----------------+ +----------------+
(2) | Messages | | <rpc>, | | <notification> |
| | | <rpc-reply> | | |
+-------------+ +-----------------+ +----------------+
| | |
+-------------+ +-----------------------------------------+
(1) | Secure | | SSH, TLS |
| Transport | | |
+-------------+ +-----------------------------------------+
NETCONF Stack
Message - RPC
<get-config>
<source><running/><source> Operation
<filter>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> Content
<interface>
<name>GigabitEthernet3</name>
</interface>
</interfaces>
</filter>
</get-config>
</rpc>
<get-config> Response
Message - RPC
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<data>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface> Content
<description>tor1 e1/47</description>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address>
<ip>172.200.200.100</ip>
<netmask>255.255.255.0</netmask>
</address>
</ipv4>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"></ipv6>
</interface>
</interfaces>
</data>
</rpc-reply>
<edit-config>

Message - RPC
<edit-config>
<target> Operation
<running/>
</target>
<config> Content
<interface>
<address>
<ip>1.1.1.1</ip>
</address>
</ipv4>
</interface>
</interfaces>
</config>
</edit-config>
</rpc>
<edit-config> Response
Message - RPC
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id=”102">
<ok/> Content
</rpc-reply>
<edit-config>
Message - RPC
<edit-config>
<target> Operation
<running/>
</target>
<config> Content
<interface>
<description>DID-ROLLBACK-WORK</description>
<address>
<ip>NOT_A_VALID_IP</ip>
</address>
</ipv4>
</interface>
</interfaces>
</config>
</edit-config>
</rpc>
<edit-config> Response
Message - RPC
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="103">
<rpc-error> Content
<error-type>application</error-type>
<error-tag>invalid-value</error-tag>
<error-severity>error</error-severity>
<error-path xmlns:ip="urn:ietf:params:xml:ns:yang:ietf-ip"
xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
/rpc/edit-
config/config/if:interfaces/if:interface[if:name='GigabitEthernet3']/ip:ipv4/ip:address/ip:ip
</error-path>
<error-message xml:lang="en">"NOT_A_VALID_IP" is not a valid value.
</error-message>
<error-info>
<bad-element>ip</bad-element>
</error-info>
</rpc-error>
</rpc-reply>
Enabling NETCONF & YANG
On Cisco Platforms
Enable Netconf over SSH
IOS-XR
RP/0/RP0/CPU0:PE125#show install package xrv9k-xr- RP/0/RP0/CPU0:PE125#show running-config | begin ssh
6.1.3
Fri Mar 31 19:00:32.151 EDT Fri Mar 31 19:06:56.710 EDT
This may take a while ... Building configuration...
ISO Name: xrv9k-xr-6.1.3 ssh server v2
ISO Type: xr ssh server netconf vrf default
rpms in xr ISO: netconf-yang agent
. ssh
xrv9k-mgbl-3.0.0.0-r613 !
xrv9k-common-pd-fib-1.1.0.0-r613 end
xrv9k-gcp-fwding-3.0.0.0-r613 RP/0/RP0/CPU0:PE125#show tcp brief | include 830
xrv9k-os-support-2.0.0.0-r613
xrv9k-base-1.0.0.0-r613 Fri Mar 31 19:07:26.312 EDT
0x00007fca2c006eb8 . 0 0 :::830 :::0 LISTEN
xrv9k-fwding-1.2.0.0-r613 0x00007fca50034788 . 0 0 :::830 :::0 LISTEN
xrv9k-k9sec-2.2.0.0-r613 0x00007fca7400c2b8 . 0 0 10.101.125.1:830 192.168.30.101:33398 ESTAB
0x00007fca2c006c58 . 0 0 0.0.0.0:830 0.0.0.0:0 LISTEN
. 0x00007fca500304e8 . 0 0 0.0.0.0:830 0.0.0.0:0 LISTEN
RP/0/RP0/CPU0:PE125#show crypto key mypubkey rsa
Fri Mar 31 19:04:36.250 EDT RP/0/RP0/CPU0:PE125#
Key label: the_default
Type : RSA General purpose
Size : 2048
Created : 19:04:04 EDT Fri Mar 31 2017
Data :
30820122 300D0609 2A864886 F70D0101 01050003
.
Connection Established
IOS-XR
RP/0/0/CPU0:PE178#show netconf-yang clients
Thu Mar 23 11:40:42.526 EDT
Netconf clients
client session ID| NC version| client connect time| last OP time| last OP type| <lock>|
19123| 1.1| 0d 0h 0m 26s| 11:40:16| get| No|
32648| 1.1| 2d 20h 59m 3s| 14:42:20| get-schema| No|
RP/0/RP0/CPU0:P107#show netconf-yang statistics
Fri Mar 24 12:53:22.835 EDT
Summary statistics
# requests| total time| min time per request| max time per request| avg time per request|
other 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
close-session 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
kill-session 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
get-schema 32| 0h 0m 0s 618ms| 0h 0m 0s 0ms| 0h 0m 0s 65ms| 0h 0m 0s 19ms|
get 2| 0h 0m 0s 21ms| 0h 0m 0s 10ms| 0h 0m 0s 11ms| 0h 0m 0s 10ms|
get-config 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
edit-config 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
commit 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
cancel-commit 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
lock 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
unlock 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
discard-changes 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
validate 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
xml parse 34| 0h 0m 0s 246ms| 0h 0m 0s 1ms| 0h 0m 0s 42ms| 0h 0m 0s 7ms|
netconf processor 34| 0h 0m 0s 639ms| 0h 0m 0s 1ms| 0h 0m 0s 65ms| 0h 0m 0s 18ms|
YFW 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
pending requests 0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
0| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms| 0h 0m 0s 0ms|
.
Enable Netconf over SSH
IOS-XE
rtr1#sh ver
Cisco IOS XE Software, Version 16.03.03
Cisco IOS Software [Denali], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.3.3, RELEASE
SOFTWARE (fc3)
...
rtr1#sh cry key mypubkey rsa
...
% Key pair was generated at: 19:49:12 UTC Apr 14 2017Key name: TP-self-signed-928046640.server
Key type: RSA KEYS
Temporary key Usage: Encryption Key
Key is not exportable.
Key Data: 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00BE65F7 E36F75D6 27C28AF6
...
rtr1#show running-config | include netconf
netconf-yang
Verify Netconf over SSH
IOS-XE
rtr1#sh onep session all
ID Username State ReconnectTimer ConnectTime ApplicationName
2775 Connected 0 Fri Apr 14 19:49:14.664 com.cisco.nesd
9570 Connected 0 Fri Apr 14 19:49:18.226 com.cisco.vtyserverutild
9887 Connected 0 Fri Apr 14 19:49:29.600 com.cisco.syncfd
rtr1#show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
vtyserverutild : Running
opdatamgrd : Running
nginx : Running
ndbmand : Running
$ ssh -p 830 vagrant@172.20.20.10 -s netconf

vagrant@172.20.20.10's password:
<?xml version="1.0" encoding="UTF-8"?>
<capabilities>
…
Now Can Play
22:45 $ python ncc.py --host=127.0.0.1 --port=2223 -u vagrant -p vagrant –g
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<version>16.8</version>
<boot-start-marker/>
<boot-end-marker/>
<service>
<timestamps>
<debug>
<datetime>
<msec/>
</datetime>
</debug>
<log>
<datetime>
<msec/>
</datetime>
</log>
</timestamps>
</service>
...SNIPPED...
NCCLIENT
Python Library for NETCONF
NCCLIENT: Introduction
https://pypi.python.org/pypi/ncclient
• A Python library for NETCONF client initiated RPC’s
• If you prefer Python syntax over XML
• Download, install, doc: https://pypi.python.org/pypi/ncclient
$ ./get-config.py host username password
import sys, os, warnings, time Capture running

warnings.simplefilter("ignore", DeprecationWarning)
from ncclient import manager
config to XML file
today=time.strftime("%y%m%d")
def get_config(host, user, password):

with manager.connect(host=host, port=830, username=user, password=password, hostkey_verify=False) as m:
c = m.get_config(source='running').data_xml
with open("config-" + today + "-" + "%s.xml" % host, 'w') as f:
f.write(c)
if __name__ == '__main__':
get_config(sys.argv[1], sys.argv[2], sys.argv[3])
NCCLIENT RPC <get> Example
Capture node running config to file
$ ./get-config.py 10.101.124.1 cisco cisco
$ ll config-170502-10.101.124.1.xml
-rw-rw-r-- 1 cisco cisco 65444 May 2 13:43 config-170502-10.101.124.1.xml
$ more config-170502-10.101.124.1.xml
<?xml version="1.0" encoding="UTF-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<crypto xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-crypto-sam-cfg">
<ssh xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-crypto-ssh-cfg">
<server>
<v2/>
<netconf>830</netconf>
<netconf-vrf-table>
<vrf>
<vrf-name>default</vrf-name>
<enable/>
</vrf>
</netconf-vrf-table>
</server>
</ssh>
</crypto>
<mac-sec-keychains xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-lib-keychain-macsec-cfg">
<mac-sec-keychain>
<chain-name>CISCO</chain-name>
...SNIPPED...
NCCLIENT RPC <edit> Example
Change interface configuration
import sys, os, warnings
warnings.simplefilter("ignore", DeprecationWarning)
import datetime
from ncclient import manager
from lxml import etree
config_e = etree.Element("config")
configuration = etree.SubElement(
config_e, "interface-configurations",
nsmap = {None: 'http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg'})
interface_cfg = etree.SubElement(configuration, "interface-configuration")
etree.SubElement(interface_cfg, "active").text = 'act'
etree.SubElement(interface_cfg, "interface-name").text = 'GigabitEthernet0/0/0/3'
etree.SubElement(interface_cfg, "description").text = 'NEW INTERFACE DESCRIPTION'
def interface(host, user, password):

with manager.connect(host=host, port=830, username=user, password=password,
hostkey_verify=False, device_params={'name':'default'},
look_for_keys=False, allow_agent=False) as m:
with m.locked(target="candidate"):
m.edit_config(config=config_e, default_operation="merge", target="candidate")
m.commit()
if __name__ == '__main__':
interface(sys.argv[1], sys.argv[2], sys.argv[3])
ncc.py
Using NCCLIENT to Run XML RPC’s
ncc.py : Python NETCONF Client
A simple Python script to run XML RPC’s
• Available with sample RPC’s @ https://github.com/CiscoDevNet/ncc
• NETCONF over SSH (830 default) with username/password authentication
• XML requests easy to read and modify for both <get> and <edit-config>
• Clear responses, commit, rollback on error
• Directly with nodes (NETCONF servers), or modify to go through controller
$ python ncc.py –help
usage: ncc.py [-h] [--host HOST] [-u USERNAME] [-p PASSWORD] [--port PORT]
[--timeout TIMEOUT] [-v] [--default-op DEFAULT_OP]
[--device-type DEVICE_TYPE] [-w] [--snippets SNIPPETS]
[--params PARAMS] [--params-file PARAMS_FILE]
[-f FILTER | --named-filter NAMED_FILTER [NAMED_FILTER ...] | -x
XPATH]
(-c | --is-supported IS_SUPPORTED | --list-templates | --list-filters |
-g | --get-oper | --do-edits DO_EDITS [DO_EDITS ...])
ncc.py Functions
Check the help file
$ python ncc.py -h
usage: ncc.py [-h] [--host HOST] [-u USERNAME] [-p PASSWORD] [--port PORT]
[--timeout TIMEOUT] [-v] [--default-op DEFAULT_OP] [-w]
[--snippets SNIPPETS] [--params PARAMS]
[--params-file PARAMS_FILE]
[-f FILTER | --named-filter NAMED_FILTER | -x XPATH]
(-c | --is-supported IS_SUPPORTED | --list-templates | --list-filters | -g | --get-oper | --do-edits
DO_EDITS [DO_EDITS ...])
Select your NETCONF operation and parameters:
optional arguments:
-h, --help show this help message and exit
--host HOST The IP address for the device to connect to (default
localhost)
-u USERNAME, --username USERNAME
Username to use for SSH authentication (default
'cisco')
-p PASSWORD, --password PASSWORD
Password to use for SSH authentication (default
'cisco')
--port PORT Specify this if you want a non-default port (default
830)
--timeout TIMEOUT NETCONF operation timeout in seconds (default 60)
-v, --verbose Exceedingly verbose logging to the console
--default-op DEFAULT_OP
The NETCONF default operation to use (default 'merge')
-w, --where Print where script is and exit
--snippets SNIPPETS Directory where 'snippets' can be found; default is
location of script
ncc.py Functions – Cont.
Check the help file
--params PARAMS JSON-encoded string of parameters dictionaryfor
templates
--params-file PARAMS_FILE
JSON-encoded file of parameters dictionary for
templates
-f FILTER, --filter FILTER
NETCONF subtree filter
--named-filter NAMED_FILTER
Named NETCONF subtree filter
-x XPATH, --xpath XPATH
NETCONF XPath filter
-c, --capabilities Display capabilities of the device.
--is-supported IS_SUPPORTED
Query the server capabilities to determine whether the
device claims to support YANG modules matching the
provided regular expression. The regex provided is not
automatically anchored to start or end. Note that the
regex supplied must be in a format valid for Python
and that it may be necessary to quote the argument.
--list-templates List out named edit-config templates
--list-filters List out named filters
-g, --get-running Get the running config
--get-oper Get oper data
--do-edits DO_EDITS [DO_EDITS ...]
Execute a sequence of named templates with an optional
default operation and a single commit when candidate
config supported. If only writable-running support,
ALL operations will be attempted.
DEMO
ncc.py
ncc.py Get Capabilities
Example: Query capabilities of a router
$ python ncc.py --host=10.101.112.1 --capabilities
IETF NETCONF Capabilities:
urn:ietf:params:netconf:capability:rollback-on-error:1.0
urn:ietf:params:netconf:base:1.1
urn:ietf:params:netconf:capability:candidate:1.0
urn:ietf:params:netconf:capability:validate:1.1
urn:ietf:params:netconf:capability:confirmed-commit:1.1
IETF Models:
ietf-netconf (urn:ietf:params:xml:ns:netconf:base:1.0)
ietf-syslog-types (urn:ietf:params:xml:ns:yang:ietf-syslog-types)
ietf-netconf-monitoring (urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring)
ietf-yang-types (urn:ietf:params:xml:ns:yang:ietf-yang-types)
ietf-inet-types (urn:ietf:params:xml:ns:yang:ietf-inet-types)
OpenConfig Models:
openconfig-bgp-multiprotocol (http://openconfig.net/yang/bgp-multiprotocol)
openconfig-bgp-types (http://openconfig.net/yang/bgp-types)
openconfig-local-routing (http://openconfig.net/yang/local-routing)
openconfig-bgp (http://openconfig.net/yang/bgp)
openconfig-platform (http://openconfig.net/yang/platform)
openconfig-types (http://openconfig.net/yang/openconfig-types)
openconfig-platform-transceiver (http://openconfig.net/yang/platform/transceiver)
openconfig-telemetry (http://openconfig.net/yang/telemetry)
openconfig-vlan (http://openconfig.net/yang/vlan)
openconfig-routing-policy (http://openconfig.net/yang/routing-policy)
openconfig-mpls-rsvp (http://openconfig.net/yang/rsvp)
.
ncc.py RPC Get Filter
Example: <get> Interface stats
$ more snippets/filters/intf-stats-limited.tmpl $ python ncc.py --host=10.101.112.1 --get-oper \
<interfaces xmlns=”Cisco-IOS-XR-pfi-im-cmd-oper"> --named-filter intf-stats –params \
<interface-xr> '{"INTF_NAME":"GigabitEthernet0/0/0/0.1212"}'
<interface> <data
<interface-name> xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
{{INTF_NAME}} xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
</interface-name> >
<interface-statistics> <interfaces
<full-interface-stats> xmlns=”Cisco-IOS-XR-pfi-im-cmd-oper">
<interface-xr>
<packets-received/>
<interface>
<bytes-received/> <interface-name>
<packets-sent/> GigabitEthernet0/0/0/0.1212
<bytes-sent/> </interface-name>
</full-interface-stats> <interface-statistics>
</interface-statistics> <stats-type>full</stats-type>
</interface> <full-interface-stats>
</interface-xr> <packets-received>20242</packets-received>
</interfaces> <bytes-received>2909440</bytes-received>
<packets-sent>221473</packets-sent>
<bytes-sent>141622416</bytes-sent>
...SNIPPED...
ncc.py RPC Edit Template
Example: <edit-config> Enable interface for OSPF
cisco@mamikhai-ubuntu:/opt/netconf/ncc$ more snippets/editconfigs/simple_ospf.tmpl
<config>
<ospf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-ospf-cfg">
<processes>
<process>
<process-name>apphost</process-name>
<default-vrf>
<area-addresses>
<area-area-id>
<area-id>0</area-id>
<name-scopes>
<name-scope>
<interface-name>GigabitEthernet0/0/0/0</interface-name>
<cost>30</cost>
</name-scope>
</name-scopes>
</area-area-id>
</area-addresses>
</default-vrf>
</process>
</processes>
</ospf>
</config>
Example: <edit-config> Add BGP neighbor
$ more snippets/editconfigs/add_bgp_neighbor.tmpl
<config>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor nc:operation='create'>
<neighbor-address>{{NEIGHBOR_ADDR}}</neighbor-address>
<config>
<neighbor-address>{{NEIGHBOR_ADDR}}</neighbor-address>
<peer-as>{{REMOTE_AS}}</peer-as>
<description>{{DESCRIPTION}}</description>
</config>
<afi-safis>
<afi-safi>
<afi-safi-name xmlns:idx="http://openconfig.net/yang/bgp-types">idx:{{AF}}</afi-safi-name>
<config>
<afi-safi-name xmlns:idx="http://openconfig.net/yang/bgp-types">idx:{{AF}}</afi-safi-name>
<enabled>true</enabled>
</config>
</afi-safi>
</afi-safis>
</neighbor>
</neighbors>
</bgp>
</config>
$ python ncc.py --host=10.101.112.1 --do-edits add_bgp_neighbor --params
'{"NEIGHBOR_ADDR":"172.20.20.20","REMOTE_AS":"65333","DESCRIPTION":"ADDED USING NCC.PY","AF":"ipv4-unicast"}'
Example: <edit-config> Add BGP neighbor : resulting config on router
RP/0/RP0/CPU0:PE112#show running-config router RP/0/RP0/CPU0:PE112#show configuration commit
bgp 65001 neighbor 172.20.20.20 changes last 1
Thu Jun 15 12:12:27.987 EDT Thu Jun 15 12:13:54.304 EDT
router bgp 65001 Building configuration...
neighbor 172.20.20.20 !! IOS XR Configuration version = 6.2.1
remote-as 65333 router bgp 65001
description ADDED USING NCC.PY neighbor 172.20.20.20
address-family ipv4 unicast remote-as 65333
! description ADDED USING NCC.PY
! address-family ipv4 unicast
! !
!
!
end
DEMO
YANG Explorer Revisited

Agenda

• NETCONF pprotocol and tools
• Applications
RESTCONF Protocol
Where REST and RESTCONF
Machine to machine [app2app] XML over SSH
RESTCONF N S
NETCONF
RESTCONF
App1 RESTCONF
REST
App2 RESTCONF
JSON/XML over
HTTPS
App3 Controller
What is RESTCONF
NETCONF “behavior” in RESTful protocol
• REST is REpresentational State Transfer URIs
 Web-age protocol to manipulate textual representation of resources

 JSON or XML encoded over HTTPS transport
• RESTCONF: RESTful API for manipulating YANG data in NETCONF-defined data stores!
• Mapping RESTCONF  NETCONF:
RESTCONF NETCONF
Transport HTTPS SSH
Manipulation Method Operation
Data encoding JSON or XML XML
Locator URI XML namespace
Use App  app App [client]  net dev [server]
• IETF https://tools.ietf.org/html/rfc8040
RESTful
GET |PUT | POST | DELETE
REST (REpresentational State Transfer)
“A framework for client-server communications”
GET
• New standard
POST
• Architectural constraints
PUT
API • Client–server
• Stateless
DELETE
• Cacheable
• Layered system
• Uniform interface
RESTCONF Methods vs. NETCONF Operations
RESTCONF As compared to NETCONF

GET <get-config>, <get>
POST <edit-config> (operation=“create”)
PUT <edit-config> (operation=“create/replace”)
PATCH <edit-config> (operation="merge")
DELETE <edit-config> (operation=“delete”)
RESTCONF Request URI Structure
<OP> /<api-entry>/<path>?<query>#<fragment>
M M O O I
Method Entry Resource Query Fragment

M=mandatory, O=optional, I=ignored
GET Method Path

API
/restconf/operational/Cisco-IOS-XR-infra-statsd-oper:infra-
statistics/interfaces/interface/GigabitEthernet0%2F0%2F0%2F0%2E1412
/latest/generic-counters
= read operational counters of subinterface GigabitEthernet0/0/0/0.1412
RESTCONF Request URI Structure
<OP> /<api-entry>/<path>?<query>#<fragment>
M M O O I
Method Entry Resource Query Fragment

M=mandatory, O=optional, I=ignored
GET Method Path

API
/restconf/operational/Cisco-IOS-XR-infra-statsd-oper:infra-
statistics/interfaces/interface/GigabitEthernet0%2F0%2F0%2F0%2E1412
/latest/generic-counters
= read operational counters of subinterface GigabitEthernet0/0/0/0.1412
RESTCONF URI from YANG Module - XR
cisco@mamikhai-ubuntu:/opt/odl/Boron-SR2/cache/schema$ pyang -f tree Cisco-IOS-XR-infra-statsd-oper@2015-11-
09.yang
Cisco-IOS-XR-infra-statsd-oper-sub1@2015-11-09.yang:9: warning: imported module Cisco-IOS-XR-types not used
module: Cisco-IOS-XR-infra-statsd-oper
+--ro infra-statistics
+--ro interfaces
+--ro interface* [interface-name] GET
+--ro cache
| +--ro protocols /restconf/operational/Cisco-IOS-XR-infra-
| | +--ro protocol* [protocol-name]
| | +--ro protocol-name statsd-oper:infra-
xr:Cisco-ios-xr-string
. statistics/interfaces/interface/GigabitEther
| +--ro seconds-since-packet-received? uint32
|
net0%2F0%2F0%2F0%2E1412/latest/generic-
+--ro seconds-since-packet-sent? uint32
+--ro latest counters
| +--ro protocols
| | +--ro protocol* [protocol-name]
= read operational counters of subinterface
| | +--ro protocol-name xr:Cisco-ios-xr-string
. GigabitEthernet0/0/0/0.1412
| | +--ro input-load? uint8
| | +--ro reliability? uint8
| +--ro generic-counters
| +--ro packets-received? uint64
| +--ro bytes-received? uint64
| +--ro packets-sent? uint64
.
RESTCONF URI from YANG Module - XE
cisco@mamikhai-ubuntu:/opt/odl/Boron-SR2/cache/schema/XE$ pyang -f tree Cisco-IOS-XE-native.yang | more
module: Cisco-IOS-XE-native
+--rw native
+--rw default
| +--rw crypto
| +--rw ikev2
| +--rw proposal? empty GET
| +--rw policy? empty
+--rw bfd /restconf/data/native/interface/GigabitEther
+--rw version? string
+--rw stackwise-virtual! net=0%2F0%2F0.101?content=config
+--rw boot-start-marker? empty
. = read configuration of subinterface Query
+--rw policy
+--rw interface GigabitEthernet0/0/0.101
| +--rw AppNav-Compress* [name]
| | +--rw name uint16
| | +--rw description? string
| | +--rw switchport-conf {ios-features:switching-platform}?
| | | +--rw switchport? boolean
| | +--rw switchport {ios-features:switching-platform}?
| | +--rw stackwise-virtual
| | | +--rw link? uint8
| | | +--rw dual-active-detection? empty
| | +--rw mac-address? string
.
Response in JSON Format - XE
https://172.26.170.253:443/restconf/data/native/interface/GigabitEthernet=0%2F0%2F0.101?co
ntent=config
'Accept: application/yang-data+json'
{
"Cisco-IOS-XE-native:GigabitEthernet": {
"name": "0/0/0.101",
"encapsulation": {
"dot1Q": {
"vlan-id": 1234
}
},
"ip": {
"address": {
"primary": {
"address": "192.168.1.1",
"mask": "255.255.255.0"
}
}
}
}
}
HTTPS: You can use a browser!
TECNMS-2401 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Postman
RESTCONF API Client
Postman: The API “Pen and Paper”!
To configure, read, and test calls … in REST
RESTCONF call to controller
My/our
saved calls
RESTful NETCONF YANG Response

method mounted node sub-tree status
Info: <get> response, or <put> /

<post> sent changes
Chrome Postman
Why and how?
• RESTCONF ≈ NETCONF on HTTP
• Use to read [GET], configure [POST, PUT], delete [DELETE]
• Typically between apps/controllers, and nodes through controllers
• Postman: https://www.getpostman.com/
• Try, modify, and save the calls
• Methods: http://www.restapitutorial.com/lessons/httpmethods.html
 GET: Read response: “200 OK”
 POST: Create response: “204 No Content”
 PUT: Update/replace response: “200 OK” or “201 Created”
 Delete: Delete response: “200 OK”
Postman RESTCONF <Edit-Config> Example
POST a loopback interface in a VRF
POST http://10.82.66.101:8181/restconf/config/network-topology:network-topology/topology/topology-
netconf/node/PE125/yang-ext:mount/Cisco-IOS-XR-ifmgr-cfg:interface-configurations
Headers: content-type: application/xml, accept: application/xml, Authorization: Basic YWRtaW46YWRtaW4=
Body:
<interface-configuration xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">
<active>act</active>
<interface-name>Loopback55</interface-name>
<ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">
<addresses>
<primary>
<address>10.55.55.1</address>
</primary>
</addresses>
</ipv4-network>
<interface-virtual></interface-virtual>
<ipv6-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg">
<addresses>
<regular-addresses>
Postman RESTCONF <Edit-Config> Example, Cont.
POST a loopback interface in a VRF
<regular-address>
<address>2001:db8:55::1</address>
<prefix-length>128</prefix-length>
<zone>0</zone>
</regular-address>
</regular-addresses>
</addresses>
</ipv6-network>
<vrf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-infra-rsi-cfg">CU-5</vrf>
</interface-configuration>
Status: 204 no content
RP/0/RP0/CPU0:PE125#show netconf-yang clients
Tue Apr 11 17:09:50.743 EDT
Netconf clients
145528637| 1.1| 3d 23h 39m 0s| 00:16:02| unlock| No|
RP/0/RP0/CPU0:PE125#show running-config interface loopback 55
Tue Apr 11 17:09:37.976 EDT
interface Loopback55
vrf CU-5
ipv4 address 10.55.55.1 255.255.255.255
ipv6 address 2001:db8:55::1/128
Postman RESTCONF <Get> Example
GET operational TE tunnel data
Agenda

• Applications
Applications
Telemetry
YANG Data Streaming
Telemetry
YANG Model Data Push
Controller, apps, analytics
Controller, apps, analytics

Initiate
Initiate GPB
NETCONF
TCP
SSH TCP830
YANG YANG
Send
RPC data <data>
data
<get>
Every n msec
Response
<data>
NETCONF Client Telemetry

Subscriber
Telemetry: Node Configuration
IOS-XR example
RP/0/RP0/CPU0:PE125#show running-config telemetry model-driven
Fri Apr 21 21:10:32.469 EDT
telemetry model-driven
destination-group COLL1
address family ipv4 192.168.30.101 port 2103
encoding self-describing-gpb
protocol tcp
!
protocol tcp
!
!
destination-group COLL-ROUTING
protocol tcp
!
.
Telemetry: Node Configuration - Continued
IOS-XR example
.
!
sensor-group YD1
sensor-path Cisco-IOS-XR-infra-statsd-oper:infra-statistics/interfaces
sensor-path Cisco-IOS-XR-infra-statsd-oper:infra-
statistics/interfaces/interface/latest/generic-counters
!
sensor-group YD-ROUTING
sensor-path Cisco-IOS-XR-fib-common-oper:fib
sensor-path Cisco-IOS-XR-ip-rib-ipv4-oper:rib/vrfs/vrf/afs/af/safs/saf/ip-rib-route-
table-names/ip-rib-route-table-name/routes
!
subscription SUB1
sensor-group-id YD1 sample-interval 30000
destination-id COLL1
!
subscription SUB-ROUTING
sensor-group-id YD-ROUTING sample-interval 30000
destination-id COLL-ROUTING
!
!
Telemetry: Node Operation
IOS-XR example
RP/0/RP0/CPU0:PE125#show telemetry model-driven subscription SUB-ROUTING
Fri Apr 21 21:31:27.002 EDT
Subscription: SUB-ROUTING
-------------
State: ACTIVE
Sensor groups:
Id: YD-ROUTING
Sample Interval: 30000 ms
Sensor Path: Cisco-IOS-XR-fib-common-oper:fib
Sensor Path State: Resolved
Sensor Path: Cisco-IOS-XR-ip-rib-ipv4-oper:rib/vrfs/vrf/afs/af/safs/saf/ip-rib-route-table-
names/ip-rib-route-table-name/routes
Sensor Path State: Resolved
Destination Groups:
Group Id: COLL-ROUTING
Destination IP: 192.168.30.101
Destination Port: 2103
Encoding: self-describing-gpb
Transport: tcp
State: Active
No TLS
Total bytes sent: 2256783989
Total packets sent: 32568
Last Sent time: 2017-04-21 21:31:20.1422343376 -0400
.
Telemetry: Node Operation - Continued
IOS-XR example
.
Collection Groups:
------------------
Id: 7
Num of collection: 607
Collection time: Min: 48 ms Max: 559 ms
Total time: Min: 280 ms Avg: 18724 ms Max: 21364 ms
Total Deferred: 0
Total Send Errors: 0
Total Send Drops: 0
Total Other Errors: 4248
Last Collection Start:2017-04-21 21:30:55.1397666376 -0400
Last Collection End: 2017-04-21 21:31:15.1417238376 -0400
Sensor Path: Cisco-IOS-XR-fib-common-oper:fib
Id: 8
Num of collection: 450
Collection time: Min: 44 ms Max: 180 ms
Total time: Min: 103 ms Avg: 154 ms Max: 590 ms
Total Deferred: 0
Total Send Errors: 0
.
Telemetry: Collectors and Renderers
Example: ELK [Elasticsearch + Logstash + Kibana]
• ELK stack + Cisco proto @ https://github.com/cisco/bigmuddy-network-
telemetry-stacks
• 3 programs:
1. Logstash: Data/log receiver << data goes there
2. Elasticsearch: Data extractor << the engine indexing and sorting
3. Kibana: Data visualization << rendering in several formats
• Easy steps:
1. Clone the code
2. Script installs in 3 Docker “containers”
3. Run, Logstash listens on TCP 2103 (default)
4. Customize Kibana “visualizations”, save, accessible via http: links
5. Optionally organize dashboards, save
ELK Stack Components
Elasticsearch/Logstash/Kibana containers, and receiving port
cisco@mamikhai-ubuntu:/var/local/stack_elk/logstash_data$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94d64b0f0523 logstash:2.3.1 "/bin/sh -c '/star..." 27 hours ago Up 27 hours stack_elk_logstash
daad55f9db47 kibana:4.5.0 "/bin/sh -c '/star..." 27 hours ago Up 27 hours 0.0.0.0:5601->5601/tcp stack_elk_kibana
8f4c4ec193fc elasticsearch:2.3.1 "/docker-entrypoin..." 27 hours ago Up 27 hours stack_elk_elasticsearch
cisco@mamikhai-ubuntu:/var/local/stack_elk/logstash_data$ netstat -n | grep 2103

tcp6 0 0 192.168.30.101:2103 10.100.25.25:18566 ESTABLISHED
tcp6 0 0 192.168.30.101:2103 10.100.25.25:22514 ESTABLISHED
tcp6 0 0 192.168.30.101:2103 10.100.24.24:46247 ESTABLISHED
cisco@mamikhai-ubuntu:/var/local/stack_elk/logstash_data$ netstat -ln | grep 2103

tcp6 0 0 :::2103 :::* LISTEN
udp6 0 0 :::2103 :::*
ELK Stack to Process Telemetry
How the data looks like in Logstash data log
cisco@mamikhai-ubuntu:/var/local/stack_elk/logstash_data$ tail --lines 1 logstash.log
{:timestamp=>"2017-04-22T02:40:45.937000+0000", :message=>"Failed action. ", :status=>400,
:action=>["index", {:_id=>nil, :_index=>"logstash-2017.04.22", :_type=>"logs", :_routing=>nil},
#<LogStash::Event:0x10bc023d @metadata_accessors=#<LogStash::Util::Accessors:0x1de6adbe @store={},
@lut={}>, @cancelled=false, @data={"timest"=>1492828836165, "content"=>[{"timest"=>1492828836165,
"content"=>[{"timest"=>1492828836165, "vrf-name"=>"CU-5"}, {"timest"=>1492828836165, "af-
name"=>"IPv4"}, {"timest"=>1492828836165, "saf-name"=>"Unicast"}, {"timest"=>1492828836165,
"route-table-name"=>"default"}, {"timest"=>1492828836165, "address"=>"10.55.55.1"},
{"timest"=>1492828836165, "prefix-length"=>32}]}, {"timest"=>1492828836165,
"content"=>[{"timest"=>1492828836165, "prefix"=>"10.55.55.1"}, {"timest"=>1492828836165, "prefix-
length"=>32}, {"timest"=>1492828836165, "route-version"=>2}, {"timest"=>1492828836165, "protocol-
id"=>0}, {"timest"=>1492828836165, "protocol-name"=>"local"}, {"timest"=>1492828836165,
"instance"=>""}, {"timest"=>1492828836165, "client-id"=>3}, {"timest"=>1492828836165, "route-
type"=>1}, {"timest"=>1492828836165, "priority"=>3}, {"timest"=>1492828836165, "svd-type"=>1},
{"timest"=>1492828836165, "flags"=>4225}, {"timest"=>1492828836165, "extended-flags"=>0},
{"timest"=>1492828836165, "tag"=>0}, {"timest"=>1492828836165, "distance"=>0},
{"timest"=>1492828836165, "diversion-distance"=>0}, {"timest"=>1492828836165, "metric"=>0},
{"timest"=>1492828836165, "paths-count"=>1}, {"timest"=>1492828836165, "attribute-identity"=>0},
{"timest"=>1492828836165, "traffic-index"=>0}, {"timest"=>1492828836165, "route-precedence"=>255},
{"timest"=>1492828836165, "qos-group"=>255}, {"timest"=>1492828836165, "flow-tag"=>0},
{"timest"=>1492828836165, "fwd-class"=>0}, {"timest"=>1492828836165, "pic-count"=>0},
{"timest"=>1492828836165, "active"=>"true"}, {"timest"=>1492828836165, "diversion"=>"false"},
.
Visualization
How the data looks like in Kibana
Visualization
Visualizing statistics: Interfaces egress PPS line graph example
Shareable/embeddable
URL
Customize/save views:
line/bar/stacked/pie/table
charts, time and update
intervals
Visualization
Visualizing statistics: Multicast + Unicast stacked example
Time period
Shareable/embed
dable URL
Update interval
Design/change Y-axis
graph/table components
Visualization
Visualizing tables: FIB table chart example
Saved
graph
name
Table
columns
[YANG
leaves]
Dashboards
Organize and share
Dashboards
Share/access/imbed with the http: link..
Open DayLight
Open Source SDN Controller
Controllers
What are they? Do I need them?
• The “middleware” between management applications and infra nodes
• Provide single point of view and control
• Provide single interface to apps
• Some are “open” (e.g. Open DayLight), some are platform or environment
specific (e.g. Cisco APIC)
• Can have multiple controllers for: areas, architecture layers, device types, scale
Open DayLight: An Open SDN Controller
Platform architecture
Applications
REST
NETCONF, OpenFlow,
SNMP, BGP, PCEP, …
Open DayLight
Easy to install and use
• A Java VM, runs on Linux/Unix
• Pre-built at
https://opendaylight.org/downloads
• Optional interfaces and apps
• Cisco DevNet apps at
https://github.com/search?q=org%3
ACiscoDevNet+opendaylight
• Northbound: usually RESTCONF
• Southbound: NETCONF, SNMP,
OpenFlow, BGP, PCEP, CAPWAP
Open DayLight: NETCONF Mounting Nodes
Setting up network nodes to be controlled by the controller “mounted”
Controller-Node NETCONF Established
Indefinite NETCONF/SSH on TCP 830
cisco@mamikhai-ubuntu:~$ netstat -n | grep 10.101.124.1
tcp6 0 0 192.168.30.101:57442 10.101.124.1:830 ESTABLISHED
cisco@mamikhai-ubuntu:~$ netstat -n | grep 830

tcp6 0 0 192.168.30.101:41208 10.101.125.1:830 ESTABLISHED
tcp6 0 0 192.168.30.101:57442 10.101.124.1:830 ESTABLISHED
tcp6 0 0 127.0.0.1:1830 127.0.0.1:45160 ESTABLISHED
tcp6 0 0 127.0.0.1:45160 127.0.0.1:1830 ESTABLISHED
tcp6 0 0 192.168.30.101:39626 10.100.107.1:830 ESTABLISHED
.
RP/0/RP0/CPU0:PE124#show tcp brief | include 830

Thu Apr 13 08:32:22.975 EDT
0x00007f4674006eb8 0x60000000 0 0 :::830 :::0 LISTEN
0x00007f46a8034788 0x00000000 0 0 :::830 :::0 LISTEN
0x00007f46d8010bf8 0x60000000 0 0 10.101.124.1:830 192.168.30.101:57442 ESTAB
0x00007f4674006c58 0x60000000 0 0 0.0.0.0:830 0.0.0.0:0 LISTEN
0x00007f46a80304e8 0x00000000 0 0 0.0.0.0:830 0.0.0.0:0 LISTEN
RP/0/RP0/CPU0:PE124#show netconf-yang clients

Thu Apr 13 08:32:40.573 EDT
Netconf clients
2022628678| 1.1| 0d 5h 58m 27s| 05:54:31| get-config| No|
Open DayLight: NETCONF Connected Nodes
Using Dlux Yang UI to <get> mounted nodes
Open DayLight YANG UI
Example: Read BGP link-state
Open DayLight: RESTCONF to NETCONF
Using Postman to <get>/<put>/<post>/<delete>
Cisco NSO
Network Services Orchestrator
NSO Architecture
A game of robust database and API’s!
NSO Funtions
Configuration management and service provisioning, in hybrid environment!
• Configuration database: YANG model-based
 ConfD XML database
• Flexible interfaces: NETCONF/SSH, REST, CLI, CLI/SSH

 Interface with users, apps, any device in any language!
• Drivers tailored for any network device over any interface [NED’s]
 The translation interfaces: YANG  device_native_config
• Service provisioning templates

 Customize and standardize service provisioning/change/decommision
• Service/configuration testing, multi-node commit, rollback

 Test configuration/service_change, commit all confirm or rollback
NSO Configuration
Using native or Cisco cli-like
ssh -l admin 10.82.66.101 -p 2024
MAMIKHAI:~ mamikhai$ admin@ncs> switch cli
admin@198.18.134.28's password: admin@ncs# show running-config devices device ce1
devices device PE124
admin connected from 10.16.36.181 using ssh on address 10.101.124.1
nso-44vpn port 22
admin@ncs> show configuration devices device ce1 ssh host-key ssh-rsa
address 10.101.124.1; .
port 22; state admin-state unlocked
ssh { config
. .
} ios:ip route 198.18.128.0 255.255.192.0
state { 198.18.1.1
admin-state unlocked; ios:ip route 10.0.0.0 255.255.0.0 Null0 254
} ios:ipv6 unicast-routing
config { .
ios:tailfned { ios:router bgp 65301
police cirmode; neighbor 10.1.0.17 remote-as 100
} neighbor 10.1.0.17 activate
ios:version 15.6; address-family ipv4 unicast
ios:service { network 192.168.1.0 mask 255.255.255.0
timestamps { neighbor 10.1.0.17 activate
debug { exit-address-family
datetime { !
msec; !
} .
. admin@ncs#
NSO & Node/Sevice Configuration
Using admin GUI: L3VPN service example
NSO Config Translation
Review and verify config changes: native & IOS
NSO Config Translation
Or convert to XML!
admin@ncs(config)# commit dry-run outformat xml
result-xml {
local-node {
data <devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>ce1</name>
<config>
<policy-map xmlns="urn:ios">
<name>LIVE-L3</name>
<class>
<name>class-default</name>
<shape>
<average>
<bit-rate>600000</bit-rate>
</average>
</shape>
</class>
</policy-map>
<interface xmlns="urn:ios">
<GigabitEthernet>
<name>0/1</name>
<description>LIVE-L3 local network</description>
<ip>
<address>
<primary>
.
NSO Administration using REST
Can use REST as admin/app interface: Postman <get> L3VPN
Agenda

• Applications
Sample python
if_modify using ncclient
Sample Script : Read, Evaluate, and Change
Using NETCONF XML RPCs
Constructed a simple Python routine, using ncclient, and customized XML calls:
 Read operational data: IGP adjacencies; and global routing table
 Check conditions: Number of adjacencies; and a specific prefix in RIB
 If conditions are met: edit configuration; or no action
 Logs in both brief and detailed traces
 Repeat every n seconds
RPC Filter to <get> Operational Parmeters
Read IGP adjacencies
cisco@mamikhai-ubuntu:/opt/ncclient/live$ more filter-oper-router-isis-neighbors.xml
<isis xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-clns-isis-oper">
<instances>
<instance>
<instance-name>ISIS</instance-name>
<neighbors>
<neighbor>
<neighbor-state>isis-adj-up-state</neighbor-state>
</neighbor>
</neighbors>
</instance>
</instances>
</isis>
RPC Filter to <get> Operational Parmeters
… and global IPv4 routing table
cisco@mamikhai-ubuntu:/opt/ncclient/live$ more filter-oper-rib-ipv4-default.xml
<rib xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ip-rib-ipv4-oper">
<vrfs>
<vrf>
<vrf-name>default</vrf-name>
<afs>
<af>
<af-name>IPv4</af-name>
<safs>
<saf>
<saf-name>Unicast</saf-name>
<ip-rib-route-table-names>
<ip-rib-route-table-name>default</ip-rib-route-table-name>
</ip-rib-route-table-names>
</saf>
</safs>
</af>
</afs>
</vrf>
</vrfs>
</rib>
RPC Body to <edit-config>
Add an interface
cisco@mamikhai-ubuntu:/opt/ncclient/live$ more edit-config-add-loopback55.xml
<config>
<interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">
<interface-configuration>
<interface-virtual/>
<description>ENABLED ONLY IF NEIGHBOR ADJACENCY FAILS</description>
<ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">
<addresses>
<primary>
<address>172.16.255.55</address>
</primary>
</addresses>
</ipv4-network>
</interface-configurations>
</config>
RPC Body to <edit-config>
… or delete it!
cisco@mamikhai-ubuntu:/opt/ncclient/live$ more edit-config-delete-loopback55.xml
<config>
<interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">
<interface-configuration nc:operation="delete">
</interface-configurations>
</config>
Script Part A
Imports, XML bodies, and conditions
#! /usr/bin/env python # target NETCONF server
# Sample if_modify routine. This uses server = '10.101.112.1'
ncclient to send NETCONF XML RPC's # time between checks in seconds
# Reads ISIS adjacency status and an IPv4 t = 300.000
prefix every cycle from XR # filters and responses
filter1 = 'filter-oper-router-isis-
# If conditions are met, a loopback is neighbors.xml'
added/deleted or no change filter2 = 'filter-oper-rib-ipv4-default.xml'
# Two logs appended, one detailed, the response1 = 'isis.xml'
other is a one liner per interval response2 = 'rib.xml'
# mamikhai@cisco.com action1 = 'edit-config-delete-loopback55.xml'
action2 = 'edit-config-add-loopback55.xml'
import sys, os, warnings
warnings.simplefilter("ignore", # minimum IGP adjacencies for no need for
DeprecationWarning) loopback
from ncclient import manager min_adj = 2
import time
logfile = 'if_modify.log'
from datetime import datetime tracefile = 'if_modify.trace.log'
user ='cisco'
password ='cisco'
Script Part B
Function to: Read, check info, log
def check_oper(subtree_filter, response, trace_string, count_string):
count = 0
trace = open(tracefile,'a')
op_time = str(datetime.now())
trace.write(op_time + ' ' + str(trace_string) + ' ' + str(count_string) + '\n')
# Get data, record

c = m.get(filter = ('subtree', open(subtree_filter, 'r').read()))
with open(response, 'w') as f:
f.write(str(c))
# Check for target data, record, count

with open(response, 'r') as f:
for line in f:
if trace_string and (trace_string in line):
trace.write(line)
if count_string in line:
count +=1
trace.close()
return count
Script Part C
Call read, act? …
if __name__ == '__main__':
# Log start time
trace = open(tracefile,'a')
log = open(logfile,'a')
trace.write(op_time + ' start' + '\n')
log.write(op_time + ' start' + '\n')
trace.close()
log.close()
with manager.connect(host=server, port=830, username=user, password=password) as m:

# Endless cycle
while True:
log = open(logfile, 'a')
# Read ISIS adjacencies

adj = check_oper(filter1, response1, '<system-id>’,
'<neighbor-state>isis-adj-up-state</neighbor-state>’)
log.write(op_time + ' adjacencies: ' + str(adj))
Script Part C - Continued
Call read, act? …
# Check for presence of a specfic interface in IPv4 global RIB
route = check_oper(filter2, response2, None,
'<interface-name>Loopback55</interface-name>')
# If adjacencies back to normal and loopback is in RIB, delete loopback55
if adj>= min_adj:
if route:
m.edit_config(open(action1, 'r').read(), format='xml’,
target='candidate', default_operation='merge')
m.commit()
log.write('; loopback55 deleted')
# If adjacencies drop and loopback is not in RIB, configure loopback55
elif not route:
m.edit_config(open(action2, 'r').read(), format='xml', target='candidate’,
default_operation='merge')
m.commit()
log.write('; loopback55 configured')
log.write('\n')
log.close()
# Wait for next cycle
time.sleep(t)
And Logs
A summary log, and a detailed trace
cisco@mamikhai-ubuntu:/opt/ncclient/live$ tail -n 11 if_modify.log
2018-01-24 19:36:06.168655 start
2018-01-24 19:36:07.969928 adjacencies: 2
2018-01-24 19:41:09.386943 adjacencies: 2
2018-01-24 19:46:10.112325 adjacencies: 2
2018-01-24 19:51:11.302043 adjacencies: 2
2018-01-24 19:56:13.023289 adjacencies: 2
2018-01-24 20:01:14.860292 adjacencies: 1; loopback55 configured
2018-01-24 20:06:18.217079 adjacencies: 1
2018-01-24 20:11:19.275329 adjacencies: 1
2018-01-24 20:16:20.168785 adjacencies: 2; loopback55 deleted
2018-01-24 20:21:22.977216 adjacencies: 2
cisco@mamikhai-ubuntu:/opt/ncclient/live$ tail -n 20 if_modify.trace.log

.
2018-01-24 20:11:19.275401<system-id><neighbor-state>isis-adj-up-state</neighbor-state>
<system-id>0101.0010.1001</system-id>
2018-01-24 20:11:19.396763 None<interface-name>Loopback55</interface-name>
2018-01-24 20:16:20.168861<system-id><neighbor-state>isis-adj-up-state</neighbor-state>
2018-01-24 20:16:20.465473 None<interface-name>Loopback55</interface-name>
.
We have covered..

• Applications
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#TECNMS-2401
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Network Programmability Cisco Education Offerings
Course Description Cisco Certification
Developing with Cisco Network Programmability Provides Application Developers with comprehensive curriculum to Cisco Network Programmability
(NPDEV) develop infrastructure programming skills; Developer (NPDEV) Specialist
Addresses needs of software engineers who automate network Certification
infrastructure and/or utilize APIs and toolkits to interface with SDN
controllers and individual devices
Designing and Implementing Cisco Network Provides network engineers with comprehensive soup-to-nuts curriculum Cisco Network Programmability
Programmability (NPDESI) to develop and validate automation and programming skills; Design and Implementation
Directly addresses the evolving role of network engineers towards more (NPDESI) Specialist Certification
programmability, automation and orchestration
Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming – within the context of Recommended pre-requisite for
performing functions relevant to network engineers. Use Network NPDESI and NPDEV Specialist
Programming to simplify or automate tasks Certifications
Cisco Digital Network Architecture This training provides students with the guiding principles and core None
Implementation Essentials (DNAIE) elements of Cisco’s Digital Network Architecture (DNA) architecture and its
solution components including; APIC-EM, NFV, Analytics, Security and
Fabric.
For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth
Schema Tools, Libraries and Other
References
YANG Schema Tools
• pyang (open source)
• pip install pyang
• https://github.com/mbj4668/pyang
• goyang (open source)

• https://github.com/openconfig/goyang
• YANG Design Studio (open source, AT&T)
• https://github.com/openconfig/yang-design-studio
• YANG Catalog
• https://yangcatalog.org
Code Generation Tools
• Yang Development Kit (open source)
• http://cs.co/ydk-gen and http://cs.co/ydk-py
• Python today, C++ later this year
• Netconf only today, but restconf later this year (transparent to developer)
• pyangbind (open source)

• pip install pyangbind
• https://github.com/robshakir/pyangbind
• ODL Yangtools (open source)

• https://github.com/opendaylight/yangtools
NETCONF Libraries & Tools
• ncclient (open source)
• pip install ncclient
• https://github.com/ncclient/ncclient
• Python Scripts using ncclient (open source)

• https://github.com/CiscoDevNet/ncc
• libnetconf (open source)
• https://github.com/CESNET/libnetconf
• JNC (open source)
• https://github.com/tail-f-systems/JNC
More Offerings
• netopeer (open source)
• https://github.com/CESNET/netopeer
• ConfD Basic (freemium)
• https://developer.cisco.com/site/confD/
• MG-Soft (commercial)
• http://www.mg-soft.com/mgProductsNetConf.html
• YANG Forge (open source)
• https://www.npmjs.com/package/yangforge
• Yang Explorer (open source)
• https://github.com/CiscoDevNet/yang-explorer

Tecnms-2401 (2018)

Uploaded by

Copyright:

Available Formats

You might also like

Tecnms-2401 (2018)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tecnms-2401 (2018)

Uploaded by

Copyright:

Available Formats

TECNMS-2401

Mike Mikhail, Solutions Architect

• New software controls

• Mike Mikhail, Solutions Integration Architect, email: mamikhai@cisco.com

• Einar Nilsen-Nygaard, Principal Engineer, email: einarnn@cisco.com

• New software controls

Human Task Easy To No Special

Syntax No Limited Focused on

Lack of Hard to Requires

Lousy Hard to Scalability Transport

• Building blocks for automation

• Some examples of APIs:

Protocols C, Java, Py NETCONF RESTCONF DevOps OpenFlow ACI Fabric OpenStack

Network Services BGP, PCEP, …

Control I2RS OpFlex

Forwarding IPSE OpenFlow

YANG Data Models Plug-ins

Operating Systems: IOS / NX-OS / IOS-XR / …

• New software controls

Source: Google Maps on an iPhone

• Vendor neutral (e.g. IETF, OpenConfig) and vendor/device specific models

Industry definition Vendor definition

Today Open Models are a functional subset of Native Models

Platform Config & Oper Data Stores

• Config - oper data – RPC’s - notifications

• Config - oper data – RPC’s - notifications

contact type inet:ipv4-prefix;

input { declaration leaf if-index { Notification

Search for Display

• New software controls

• Transactional: all or nothing (atomic) with confirmation/test/rollback

• Service definition/activation friendly

YANG XML RPC response

<rpc message-id="102" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

$ ssh -p 830 vagrant@172.20.20.10 -s netconf

import sys, os, warnings, time Capture running

def get_config(host, user, password):

def interface(host, user, password):

YANG Explorer Revisited

• New software controls

 Web-age protocol to manipulate textual representation of resources

RESTCONF As compared to NETCONF

POST <edit-config> (operation=“create”)

PUT <edit-config> (operation=“create/replace”)

PATCH <edit-config> (operation="merge")

DELETE <edit-config> (operation=“delete”)

Method Entry Resource Query Fragment

GET Method Path

Method Entry Resource Query Fragment

GET Method Path

RESTCONF call to controller

RESTful NETCONF YANG Response

Info: <get> response, or <put> /

Headers: content-type: application/xml, accept: application/xml, Authorization: Basic YWRtaW46YWRtaW4=

• New software controls

Controller, apps, analytics

NETCONF Client Telemetry

cisco@mamikhai-ubuntu:/var/local/stack_elk/logstash_data$ netstat -n | grep 2103