NETCONF, YANG, RESTCONF - Cisco
NETCONF, YANG, RESTCONFTECH-SDN-SP: Software Defined Networking for Service ProvidersMartin Kramolis,Systems Engineer,CCIE #4738
Agenda§ Brief Overview of XML§ Introduction to NETCONF§ Introduction to YANG§ Introduction to RESTCONFTECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public3
Brief Overview of XML
What is XML?§ eXtensible Markup Language§ A language to describe data§ Useful for serialization and data classification§ Not a complete programming language or database§ Compare to [traditional] HTML– XML: describe data, case-sensitive (similar to: JSON, YAML)– HTML: display data, case-insensitive (similar to: TeX, troff)TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public5
Sample XML Data person name first Thomas /first middle Alva /middle last Edison /last /name occupation Inventor and businessman /occupation /person TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
XML Prolog ?xml version "1.0" encoding "UTF-8" standalone "yes"? § version – Currently, only 1.0 is valid (mandatory)§ encoding – Character set of the data to follow (optional, UTF-8 is default)§ standalone – yes if no external DTD is required, no otherwise (optional, no isdefault)TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
XML Elements§ XML tags are called elements§ Data between start and end tags are the element’s content§ Element content, including white space are character data where as tags aremarkup§ All elements must have start and end tags ocupation Inventor and businessman /occupation § Attributes can further describe elements name first "Thomas" last "Edison" /name § Empty elements can simply end with a “/ ” name first "Thomas" last "Edison" / TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
XML Comments§ § § § Further explain to the reader what the XML code is trying to describeSingle and multi-line comments supportedComments can be inline with parsed XMLAll comments start with !-- and end with -- !-- This is a single line comment -- !-This is a multi-line comment.A multi-line comment spans multiple lines.-- example name "Comment Example" content This text will be parsed as #PCDATA !-- This text will not. -- /content /example TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
XML Namespaces§ Disambiguates elements and attributes from different vocabularies with thesame name§ Groups together related elements and attributes for easy processing§ Namespace objects start with a prefix followed by a colon (:) followed by theelement or attribute name lab:annotation lab:documentation Lab File Version /lab:documentation lab:docinfo LabFileMajorVersion 1 /LabFileMajorVersion LabFileMinorVersion 3 /LabFileMinorVersion /lab:docinfo /lab:annotation TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
Introduction to NETCONF
Why NETCONF?§ Typical Network configuration/monitoring still seen in majority of networks– Manual typing/scripting proprietary CLIs backup repository to track changes, labor intensive, expensive, error prone– SNMP extensively used for fault handling and monitoring, but failed for configuration tasks§ Some operator’s requirements that paved the way for NETCONF and YANG (detailed in RFC 3535 –“Overview of the 2002 IAB Network Management Workshop”)– Must be easy to use– Clear distinction between configuration and operational data– Must scale to network-wide configurations rather than being focused on single devices– Must provide a way to backup and restore configurations– Must provide error-checking to ensure consistent configurations– Desirable to be able to process and store results using text-management tools like diff and VCS– Distinguish between modifying configuration and activating those modifications– Desirable to have multiple configuration stores on devices§ Need for move from “The Network is the Record” approach to “Network-wide” configuration databaseTECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public12
NETCONF – high level conceptYANGdefinedNETCONF Protocol (RFC xampleContentConfiguration DataOperations(methods) get-config , edit-confi Messages rpc , rpc-reply SecureTransportYANGdefinedNotification Data notification SSH, TLS, .Cisco and/or its affiliates. All rights reserved.NETCONFConfigurationDatastoreServerCisco Public
NETCONF Data Stores and Transaction modelsRunningStartup§ Data stores are named contains that mayhold an entire copy of the configuration§ Not all data stores are supported by alldevices§ Running is the only mandatory data store§ Not all data stores are writable§ Check the device’s capabilities§ To make changes to a non-writeable datastore, copy from a writable one§ URL is supported by IOS (for dateURL Direct model edit-config RunningCandidate model (optional) edit-config Candidate commit RunningDistinct Startup model (optional) edit-config commit Cisco and/or its affiliates. All rights reserved.RunningStartup copy-config Cisco Public14
NETCONF Capabilities§ Capabilities are exchanged in hello messages§ RFC 6241 defines some base capabilities– :writable-running – the running data store can be modified directly– :candidate – the candidate data store is supported– :confirmed-commit – the NETCONF server will support the cancel-commit and the confirmed , confirm-timeout , persist , and persist-id parameters for the commit operation– :rollback-on-error – server will rollback the configuration to the previous state if an error isencountered– :validate – the server will validate the requested data store or config– :startup – the startup data store is supported– :url – the URL data store is supported– :xpath – filtering can be done using XPATH notation– :notification – NETCONF asynchronous event messages (RFC 5277)TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public15
NETCONF CapabilitiesS: ?xml version "1.0" encoding "UTF-8"? !S: hello xmlns "urn:ietf:params:xml:ns:netconf:base:1.0" !S: capabilities !S: capability !S:urn:ietf:params:netconf:base:1.1!S: /capability !S: capability .0!S: /capability !S: /capabilities !S: session-id 4 /session-id !S: /hello !S: ]] ]] !!C: ?xml version "1.0" encoding "UTF-8"? !C: hello xmlns "urn:ietf:params:xml:ns:netconf:base:1.0" !C: capabilities !C: capability !C:urn:ietf:params:netconf:base:1.1!C: /capability !C: /capabilities !C: /hello !C: ]] ]] !TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
NETCONF Protocol OperationsOPERATIONREQ. CAPABILITYDESCRIPTION get-config :baseRetrieve data from the running configuration database get :baseRetrieve data from the running configuration database and/or devicestatistics edit-config :baseModify a configuration database copy-config :baseCopy a configuration database delete-config :baseDelete a configuration database discard-changes :base and :candidateClear all changes from the candidate/ configuration database andmake it match the running/ configuration database create-subscription :notificationCreate a NETCONF notification subscription lock :baseLock a configuration database so only my session can write unlock :baseUnlock a configuration database so any session can write commit :base and :candidateCommit the contents of the candidate/ configuration database tothe running/ configuration database cancel-commit DATAMANIPULATIONNOTIFICATIONMGMT.Cancels an ongoing confirmed commit. close-session :base kill-session :baseTECH-SDN-SP-NETCONF-YANG-RESTCONFTerminate this sessionTRANSACTIONMGMT.SESSION MGMT.Terminate another sessionCisco and/or its affiliates. All rights reserved.LOCKINGCisco Public17
NETCONF Protocol Operations§ Client initiates session (typically over SSH) to Server§ Both sides exchange capabilities using hello message§ Operations are wrapped in XML-encoded RPC§ Client performs tasks using set of RPC transactions§ Example: Edit-config for device with running and startup datastore– Lock running , lock startup , edit-config running , copy running to startup ,unlock startup ,unlock running § Example: Edit-config for device with candidate datastore– Lock running , lock candidate , edit-config candidate , commit candidate ,unlock candidate ,unlock running TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public18
NETCONF - Flow Breakdown – Request (IOS –XR) ?xml version "1.0" encoding "UTF-8"? rpc message-id "101" xmlns "urn:ietf:params:xml:ns:netconf:base:1.0" NETCONF RPC(Message) LayerOperation Layer get-config source running/ /source filter Configuration /Configuration /filter Content Layer /get-config /rpc Framing Marker]] ]] TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
NETCONF - Flow Breakdown – Response (IOS XR) ?xml version "1.0" encoding "UTF-8"? rpc-reply message-id "11" xmlns "urn:ietf:params:netconf:base:1.0" data xml-config-data Device-Configuration xmlns "urn:cisco:xml-pi" version Param 15.2 /Param /version service timestamps debug datetime msec/ /datetime /debug /timestamps /service /rpc-reply ]] ]] TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
Introduction to YANG
Why YANG?§ In order for NETCONF to be useful as a network-wide protocol, it must have acommon data model§ Simply wrapping CLI in XML is not enough as each vendor has its own CLI§ YANG provides the common data model necessary for to consume NETCONFdata from any network device§ Each vendor must implement common YANG modules§ Work on defining these modules is happening in the NETMOD group in theIETFTECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public22
What is YANG?§ YANG is a modeling language defined in RFC 6020§ Used by NETCONF to define the objects and data in requests and replies§ Analogous to XML schema and SMI for SNMP (but more powerful)§ Models configuration, operational, and RPC data§ Provides semantics to better define NETCONF data– Constraints (i.e., “MUSTs”)– Reusable structures– Built-in and derived types§ YANG is extensible and modular§ YANG modules are for NETCONF what MIBs are for SNMPTECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public23
NETCONF concept versus ition language:YANGInformation model:YANG modulesInstantiated info/ transfer syntax:XMLManagement services:Netconfor possibly other(no inherent dependency butwill require different bindings)TECH-SDN-SP-NETCONF-YANG-RESTCONFAbility to express hierarchy(compare MIBs: flat tables)Richer conditions, constraintsFacilities for easier reuseRPC/Action supportImport conversion rules exist(MIBs à YANG)“instant content”SMIv2Information model:MIB modulesHuman readabilityDynamic extensibilityB2B, Web toolkitsInstantiated info/ transfer syntax:ASN.1 BERBulk vs only incremental ops(manipulation of config files,e.g. edit-config)Transaction supportConfiguration vs monitoringCisco and/or its affiliates. All rights reserved.Definition language:Cisco PublicManagement services:SNMP
Example of YANG Modulegrouping time date { !leaf Year { !type uint16; !moduleSystemTime { !!description "Year [0.65535]"; !! namespace "urn:cisco:params:xml:ns:yang:SystemTime"; !} !! prefix "Cisco-SystemTime"; !leaf Month { !! organization "CISCO"; !type uint8; !container SystemTime { !! contact "MKRAMOLI@CISCO.COM"; !description "Month [1.12]"; !description "System time"; !"2014-06-16" { !!} !description !!!leaf Day { !”Example of YANG Schema”; !!container Clock { !type uint8; !! }!description "Day [1.31]"; !config false; !!} !uses"time date";!typedeftime source { !!Hour { !description "System clock"; ! leaf! type enumeration { !type uint8; !}!!enum TIME SOURCE ERROR { !description "Hour [0.23]"; !container Uptime { !!value 0; !} !config false; !!leaf Minute { !description "Error"; !!uses "system uptime"; !type uint8; !} !!description "Minute [0.59]"; !description "Sys. uptime";!enum TIME SOURCE NONE { !!} !} !value1;!!leaf Second { !description "Unsynchronized"; ! } !!type uint8; !}!!description "Second [0.60]"; !enumTIME SOURCE NTP{!!} !value2;!!leaf Millisecond { !description "NTP protocol"; ! grouping system uptime { !!type uint16; !} !!description "Millisecond [0.999]"; !leaf Hostname { !enum TIME SOURCE MANUAL { !!} !typestring;!value 3; !!leaf TimeZone { !description "Host name"; !!description "User configured"; !type string; !} !!} !description "Time zone"; !leaf Uptime { !!} !enum TIME SOURCE CALENDAR { !type uint32; !!leaf TimeSource { !value 4; !!description "Seconds Up"; !type time source; !description "HW calendar"; !!description "Time source"; !} !} !! } !description "System uptime"; ! } !! description "Time source"; !description "Date and time"; !}!!}!}!TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public25
YANG models and structureUML diagrammodule: SystemTime --rw SystemTime --ro Clock --ro Year?uint16 --ro Month?uint8 --ro Day?uint8 --ro Hour?uint8 --ro Minute?uint8 --ro Second?uint8 --ro Millisecond?uint16 --ro TimeZone?string --ro TimeSource?time source --ro Uptime --ro Hostname?string --ro Uptime?uint32Compact Tree§ YANG modules– Can be Automatically Validated– Can be Visualized to UML diagrams, compact Trees, etc.– Can be Translated to schemas like DSDL, XSD, etc.– Can be Converted to YIN– Can be Derived from YIN– Can drive Code GenerationTECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public26
YANG model execution in NETCONFS: ?xml version "1.0" encoding "UTF-8"? !S: rpc-reply message-id "1" xmlns "urn:ietf:params:xml:ns:netconf:base:1.0" !§ Query/Response for SystemS: data !Time aligned with YANGS: Operational !S: SystemTime MajorVersion "1" MinorVersion "0" !module definitionS: Clock !ResponseS: Year !§ Note: screenshots taken fromS:2014!S: /Year !IOS XRv 5.1.1S: Month !S:6!S: /Month !S: Day !!S: /Month !S: Day !C: ?xml version "1.0" encoding "UTF-8"? !S:16!C: rpc message-id "1" xmlns "urn:ietf:params:xml:ns:netconf:base:1.0" !S: /Day !S:.!C: get !S:.!C: filter !QueryS:.!C: Operational !S:.!S: Millisecond ! C: SystemTime !S:476! Clock/ !S: /Millisecond ! C:S: TimeZone !C: /SystemTime !S:UTC!C: /Operational !S: /TimeZone ! /filter !S: TimeSource ! C:S:Calendar! C: /get !S: /TimeSource !C: /rpc !S: /Clock !C:]] ]] !S: /SystemTime !S: /Operational !S: /data !S: /rpc-reply !S:]] ]] !!TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public
YANG models – Industry and Cisco§ Cisco: PIM, IPSLA, L2VPN, VLAN, DNA, Syntheticmodels XR§ IETF– Interface management [RFC 7223]– IP management [draft-ietf-netmod-ip-cfg]§ Cablelabs: CCAP (Converged Cable Access Point)– System management [draft-ietf-netmod-system-mgmt]§ ONF: Openflow Switch Configuration (OF-Config)– SNMP configuration [draft-ietf-netmod-snmp-cfg]§ MIBs (for monitoring data) via SMIv2 - YANGconversion– Generic OAM [Cisco Involvement, draft-tissa-netmod-oam]– OSPF [Cisco Involvement, draft-yeung-netmod-ospf-01]– BGP [Cisco Involvement, draft-zhdankin-netmod-bgp-cfg-00]– IPFIX configuration [Cisco involvement, RFC6728]– ACL configuration [Cisco involvement, draft-huang-netmodacl-03]§ YANG@CISCO to be supported over NETCONF,REST, or XMPP§ YANG modules of interest– Network topology [Cisco involvement, draft-clemm-i2rs-yangnetwork-topo-00.txt]– draft-ietf-netmod-system-mgmt– Routing management [draft-ietf-netmod-routing-cfg]– draft-ietf-netmod-ip-cfg– RIB [I2RS] [Cisco involvement, draft-clemm-i2rs-yangnetwork-topo-00]– draft-ietf-netmod-routing-cfg– draft-ietf-netmod-interfaces-cfg– draft-ietf-ipfix-configuration-model– Netconf monitoring [RFC6022], Netconf access control[RFC6536]§ Customer-driven modules for VLAN, QoS,environment, and ACL o and/or its affiliates. All rights reserved.Cisco Public28
Introduction to RESTCONF
RESTCONF§ Still an emerging story (draft-bierman-netconf-restconf-4)§ RESTful protocol to access YANG defined data§ Representational State Transfer, i.e. server maintains no session state§ URIs reflect data hierarchy in a Netconf datastore§ HTTP as transport§ Data encaded with either XML or JSON§ OperationsRESTCONFNetconfGET get-config , get POST edit-config (“create”)PUT edit-config (“replace”)PATCH edit-config (“merge”)DELETE edit-config (“delete”)OPTIONS(discover supported operations)HEAD(get without body)TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public30
YANG Mapping to JSON§ JSON is a popular compact and easy to parse data format used by many RESTAPIs§ Subset of YANG compatible XML documents can be translated to JSON text§ Translation driven by YANG data model (must be known in advance)§ YANG datatype information is used to translate leaf values to the mostappropriate JSON representation§ Slightly more compact (irrelevant with compression)§ Increased human readability (less noise)TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco Public31
YANG mapping to JSON vs XMLJSON – 214 octets*XML – 347 octets*{!"ietf-interfaces:interfaces": {!"interface": [!{!"name": "eth0”,!"type": "ethernetCsmacd”,!"location": "0”,!"enabled": true,!"if-index": 2!},!{!"name": "eth1”,!"type": "ethernetCsmacd”,!"location": "1”,!"enabled": false,!"if-index": 2!}!]!}! interfaces xmlns: “urn:ietfparams:xml:ns:yang:ietf-interfaces” ! interface ! name eth0 /name ! type ethernetCsmacd /type ! location 0 /location ! enabled true /enabled ! if-index 2 /if-index ! /interface ! interface ! name eth1 /name ! type ethernetCsmacd /type ! location 1 /location ! enabled false /enabled ! if-index 7 /if-index ! /interface ! /interfaces !}!TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.*all white space removedCisco Public32
RESTCONF ExampleC:GET /restconf/operational/opendaylight-inventory:nodes HTTP/1.1!!C:Host: example.com!!!S:HTTP/1.1 200 OK!!S:Date: Fri, 6 June 2014 17:01:00 GMT!!S:Server: example-server!!S:Content-Type: application/json!!S:!S:{!S: "nodes": {!S:"node": [!S:{!S:"flow-node-inventory:hardware": ”Test vSwitch",!S:"flow-node-inventory:software": "1.1.0",!S:"id": es": {!S:"flow-node-inventory:capabilities": y:max buffers": 256,!S:"flow-node-inventory:max tables": 255!S:}!S:}!S:]!S: }!TECH-SDN-SP-NETCONF-YANG-RESTCONFCisco and/or its affiliates. All rights reserved.Cisco PublicS:}!
Jun 16, 2014 · XML Comments ! Further explain to the reader what the XML code is trying to describe ! Single and multi-line comments supported ! Comments can be inline with parsed XML ! All comments start with !-- and end with -- !-- This is a single line comment -- !-- This is a multi-line c
Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser
Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se
Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single
Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .
Sep 11, 2017 · Note: Refer to the Getting Started with Cisco Commerce User Guide for detailed information on how to use common utilities for a record in Cisco Commerce. See Cisco Commerce Estimates and Configurations User Guide for more information.File Size: 664KBPage Count: 5Explore furtherSolved: Cisco Serial Number Lookups - Cisco Communitycommunity.cisco.comHow to view and/or update your CCO profilewww.cisco.comSolved: How do I associate a contract to my Cisco.com .community.cisco.comHow do I find my Cisco Contract Number? - Ciscowww.cisco.comPower calculator tool - Cisco Communitycommunity.cisco.comRecommended to you b
Apr 05, 2017 · Cisco 4G LTE and Cisco 4G LTE-Advanced Network Interface Module Installation Guide Table 1 Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Description Mode Operating Region Band NIM-4G-LTE-LA Cisco 4G LTE NIM module (LTE 2.5) for LATAM/APAC carriers. This SKU is File Size: 2MBPage Count: 18Explore furtherCisco 4G LTE Software Configuration Guide - GfK Etilizecontent.etilize.comSolved: 4G LTE Configuration - Cisco Communitycommunity.cisco.comCisco 4G LTE Software Configuration Guide - Ciscowww.cisco.comCisco 4G LTE-Advanced Configurationwww.cisco.com4G LTE Configuration - Cisco Communitycommunity.cisco.comRecommended to you b
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS
Cisco 2951 2 2 Cisco 3925 4 4 Cisco 3945 4 4 Cisco 3925E 3 3 Cisco 3945E 3 3 Cisco 1841 1 1 Cisco 2801 2 1 Cisco 2811 2 1 Cisco 2821 2 1 Cisco 2851 2 1 Cisco 3825 4 2 Cisco 3845 4 4 Table 1A provides relevant software information Router Chassis Software Release Minimum Software Package Cisco 1921 15.0(1)M2 IP Base
