Module 3 - NETCONF
Module 3 - NETCONF
Module 3 - NETCONF
Roque Gagliano
Origins of NETCONF and YANG (the
Beginning)
• Several meetings at events in 2001 (NANOG-22, RIPE-40, LISA-XV,
IETF 52)
• Operators expressing opinion that the developments in IETF do not really
address requirements configuration management.
• June of 2002, the Internet Architecture Board (IAB) held invitational
workshop on Network Management [RFC3535] to
• Identify a list of technologies relevant for network management with their
strengths and weaknesses
• Identify the most important operator needs.
2
RFC 3535: Results from IAB Workshop
RFC3535: Operator requirements for a new
configuration protocol
• Ease of use
• Separation between configuration and state data
• Ability to compare across-devices, across-vendors
• Service and network management, not device management
• Network-wide transactions
• Devices figure out order of commands(ACID…anyways)
• No unnecessarily changes
• Backup/restore configuration
• Validation of configuration
• Standardized data models
• Support for multiple configuraiton sets
• Delayed, orchestrated activation
• Role-based access control
Implications of RFC 3535, legacy situation
OSS
NMS
EMS
Information leakage
Cost and complexity Cost
• Lack of atomicity
• Ordering problem
Implications of RFC 3535, with transactions
OSS
NMS
EMS
Reduced
Require Cost/
Cost and
transactions Value
complexity
Best Practices Coming Together
CLI Best Practices
Operator Requirements
SNMP Experience
NETCONF and
YANG
7
YANG – A Data Modeling Language for
Networking Why you should care:
YANG is a full, formal contract
language with rich syntax and
• Human readable, and easy to learn representation semantics to build applications on
• Hierarchical configuration data models
• Reusable types and groupings (structured types)
• Extensibility through augmentation mechanisms
• Supports definition of operations (RPCs)
• Formal constraints for configuration validation
• Data modularity through modules and sub-modules
• Well defined versioning rules
8
YANG standard models
• Base document: RFC 6020
• YANG + NETCONF: RFC 6241
• IETF approved documents: • Standard content library still small
• Common types (RFC 6991) but rapidly growing
• IANA Interface types (RFC 7224)
• Interface management (RFC 7223) • Most foundational models are in place
• IP management (RFC 7277)
• Complement “top-down” definitions with models that
• System management (RFC 7317)
• IPFIX configuration (RFC 6728)
are synthetically generated (think Google Translate)
• SNMP configuration (RFC 7407)
• In the making:
• Syslog configuration
• ACL configuration
• Network topology, L3 topology
• BGP, OSPF
• Netconf monitoring, Netconf access control (NACM)
• L2VPN, PIM, MPLS-LDP,
NETCONF Protocol Introduction
NETCONF – A Protocol to Manipulate
Configuration
• IETF network management protocol
• Distinction between configuration and state data
• Multiple configuration data stores (candidate, running, startup)
• Configuration change validations
Why you should care:
• Configuration change transactions NETCONF provides the fundamental
• Selective data retrieval with filtering programming features for
comfortable and robust automation
• Streaming and playback of event notifications of network services
• Extensible remote procedure call mechanism
• NETCONF Notifications support
• New work on pushing pub/subs to expand NETCONF into telemetry
11
Self-service
portal Call center Service Fulfillment and related
parts of OSS/BSS (except
Order Product
CPQ Service Assurance)
Customers & capture configuration
accounts engine
Products &
Price Catalog Customer Knowledge Contracts &
care base SLAs
Order Installed
Management assets
Field Service
Service
Supply Chain
provisioning
Billing
Service Resource
activation inventory
What is NETCONF?
NETCONF (Network Configuration Protocol) is an IETF configuration management protocol
not only config access, also operational state data
NETCONF uses XML (as you are going to see)
Why NETCONF?
Easy to Use
Requirements
Management
Next-Gen Configuration
Separates Config and Operational Data
RFC3535
Lots of Tooling
Accessible Format
Error Checking
Backup/Restore Capability
Content Server
SSH
Client
Operations
Reason:
• Connection-oriented (TCP)
Messages • Authenticated
• Reliable
• Secure
Transport
NETCONF Protocol Stack
<rpc>
Content
<rpc- Server
reply>
Client
Operations
NETCONF Messages:
• Remote Procedure Call (RPC)
Messages
nc:error-option!
stop-on-error (default)
continue-on-error!
rollback-on-error (:rollback-on-error)!
NETCONF Call Flow (5): Confirmed commit
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id=”3">
<commit><confirmed/>
</commit>
</rpc>
Server
Client
Transport SSH
NETCONF Opensource tools
• Python NETCONF Client library: https://github.com/ncclient/ncclient
• Java NETCONF Client library: https://github.com/tail-f-systems/JNC
• C NETCONF Client library: https://github.com/CESNET/libnetconf
• More: http://www.netconfcentral.org/
ResTful:Representational state transfer
• Characteristics
• Stateless operations: server does not keep any state between requests
• Textual representation: typically JSON or XML
• Resources specified in URI
• Pre-defined Verbs: GET, POST, PUT, DELETE, PATCH, …
HTTP/1.1 200 OK Date: Mon, 23 Apr 2016 17:02:00 GMT Server: example-server Cache-Control: no-cache Last-
Modified: Sun, 22 Apr 2016 01:00:14 GMT Content-Type: application/yang-data+xml Bierman, et al. Expires
April 30, 2017 [Page 115] Internet-Draft RESTCONF October 2016 <capabilities
xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring"> <capability>\
urn:ietf:params:restconf:capability:defaults:1.0?\ basic-mode=explicit\ </capability> <capability>\
urn:ietf:params:restconf:capability:with-defaults:1.0\ </capability> <capability>\
urn:ietf:params:restconf:capability:depth:1.0\ </capability> <capability></capabilities>
Example DATA Operations
Creating a new resource
module example-jukebox {
namespace "http://example.com/ns/example-jukebox";
prefix "jbox"; YANG
container jukebox {
list artist {
key name;
leaf name { type string { length "1 .. max"; }
}
}}
HTTP/1.1 201 Created Date: Mon, 23 Apr 2016 17:02:00 GMT Server: example-server Location: RESTCONF
https://example.com/restconf/data/example-jukebox:jukebox/library/artist=Foo%20Fighters Last-Modified: Mon, 23 Apr 2016 Response
17:02:00 GMT ETag: "b3830f23a4c"
Example Operation Resource
module example-ops {
namespace "https://example.com/ns/example-ops";
prefix "ops";
rpc reboot {
input {
leaf delay { units seconds; type uint32; default 0; }
leaf message { type string; }
leaf language { type string; } }
}
rpc get-reboot-info {
output {
leaf reboot-time { units seconds; type uint32; }
leaf message { type string; }
leaf language { type string; }
}
}
}
Example Operation Resource
POST /restconf/operations/example-ops:reboot HTTP/1.1 Host: example.com Content-Type:
application/yang-data+json
{ "example-ops:input" :
{
"delay" : 600,
"message" : "Going down for system maintenance",
"language" : "en-US"
}
}
HTTP/1.1 200 OK Date: Mon, 25 Apr 2016 11:10:30 GMT Server: example-server Content-Type:
application/yang-data+json
{
"example-ops:output" : {
"reboot-time" : 30,
"message" : "Going down for system maintenance",
"language" : "en-US"
}
}