Configuring NETCONF
NETCONF is a network configuration and management protocol based on XML.
NETCONF protocol uses XML for configuration data and protocol message encoding, using RPC and Client/Server mechanism to update, install or delete the relevant part of the device configuration or all the management information.
- Currently, we support <get>, <get-config>, <get-schema> and <edit-config>.
- Authenticated RADIUS/TACACS+ users can access to PicOS switch via NETCONF.
Enable NETCONF on switch:
admin@XorPlus# set protocols netconf admin@XorPlus# commit Commit OK. Save done. admin@XorPlus#
Delete NETCONF configuration on switch:
admin@XorPlus# delete protocols netconf Deleting: netconf { } OK admin@XorPlus# commit Commit OK. Save done.
YANG is a data modeling language used to model configuration and state data manipulated by NETCONF.
You can find the YANG module file of different modules on your switch under the directory "/pica/etc/common/data-models".
admin@XorPlus$pwd /pica/etc/common/data-models admin@XorPlus$ls -lt *.yang -rw-rw-r-- 1 root xorp 2288 Jul 9 16:14 arp.yang -rw-rw-r-- 1 root xorp 4075 Jul 9 16:14 bfd.yang -rw-rw-r-- 1 root xorp 6950 Jul 9 16:14 cos-with-pfc.yang -rw-rw-r-- 1 root xorp 6062 Jul 9 16:14 cos-without-pfc.yang -rw-rw-r-- 1 root xorp 3031 Jul 9 16:14 dhcp.yang -rw-rw-r-- 1 root xorp 5173 Jul 9 16:14 dot1x.yang -rw-rw-r-- 1 root xorp 14261 Jul 9 16:14 firewall-no-icmp-type-code.yang -rw-rw-r-- 1 root xorp 14857 Jul 9 16:14 firewall.yang -rw-rw-r-- 1 root xorp 16760 Jul 9 16:14 ietf-inet-types.yang -rw-rw-r-- 1 root xorp 18034 Jul 9 16:14 ietf-yang-types.yang -rw-rw-r-- 1 root xorp 4814 Jul 9 16:14 igmpsnooping.yang -rw-rw-r-- 1 root xorp 3320 Jul 9 16:14 lacp.yang -rw-rw-r-- 1 root xorp 6944 Jul 9 16:14 lldp.yang -rw-rw-r-- 1 root xorp 4492 Jul 9 16:14 mlag.yang -rw-rw-r-- 1 root xorp 25632 Jul 9 16:14 mstp.yang -rw-rw-r-- 1 root xorp 4825 Jul 9 16:14 neighbour.yang -rw-rw-r-- 1 root xorp 1052 Jul 9 16:14 routing.yang -rw-rw-r-- 1 root xorp 5123 Jul 9 16:14 sflow.yang -rw-rw-r-- 1 root xorp 4904 Jul 9 16:14 snmp.yang -rw-rw-r-- 1 root xorp 13185 Nov 4 10:44 static-routes.yang -rw-rw-r-- 1 root xorp 50887 Jul 9 16:14 system.yang -rw-rw-r-- 1 root xorp 4126 Jul 9 16:14 udld.yang -rw-rw-r-- 1 root xorp 871 Jul 9 16:14 version.yang -rw-rw-r-- 1 root xorp 10137 Nov 4 10:44 vlan-interface.yang -rw-rw-r-- 1 root xorp 8000 Jul 9 16:14 vlans.yang -rw-rw-r-- 1 root xorp 11145 Nov 4 10:44 vrrp.yang -rw-rw-r-- 1 root xorp 8679 Nov 4 10:44 vxlans.yang -rw-rw-r-- 1 root xorp 4515 Jul 9 16:14 xovs.yang
Example of VLAN configuration via NETCONF use <edit-config>:
Step 1: Create an XML file according the vlan.yang for RPC request to create VLAN136:
<vlans xmlns="http://pica8.com/xorplus/vlans"> <vlan-id> <id>136</id> <description/> <vlan-name>default</vlan-name> <l3-interface>vlan136</l3-interface> </vlan-id> </vlans>
Step 2: Display the configuration on switch after the client sending an RPC request.
The configuration has been changed by user root DELTAS: vlans { vlan-id 136 { description: "" vlan-name: "default" l3-interface: "vlan136" } } admin@XorPlus# show | display set set protocols netconf set vlans vlan-id 136 l3-interface "vlan136"
Now, we only support get the system's version information and vxlan information via NETCONF <get> function.
Example of get the system's version information via NETCONF use <get>:
Display the RPC reply after the client sending an RPC request.
<version xmlns="http://pica8.com/xorpplus/version"> <mac_address>48:0f:cf:af:70:3b</mac_address> <hardware_mode>HP5712</hardware_mode> <system_version>2.8.0/aeec598</system_version> <system_released_date>10/13/2016</system_released_date> <L2_L3_version>2.8.0/aeec598</L2_L3_version> <L2_L3_released_date>10/13/2016</L2_L3_released_date> </version>
NETCONF client
About NETCONF client, you can use ncclient which is python lib now.
If you use ncclient, you must modify the rpc.py : add two lines codes to work with pica8 switch.
Edit the rpc.py
file to contain the followings before the statement ‘self._session.send(req)’:
req = req.replace('nc:','')
req = req.replace(':nc','')
Get .yang or .yin File
The administrator can use get-schema operation to retrieve the .yang or .yin data file information on the PICA8 switch. For details about get-schema operation, see RFC6022 YANG Module for NETCONF Monitoring.
In the following example, the user builds the testgetschema.py script on ncclient. The script uses the get-schema operation to get the information from the vlans.yang file on the PICA8 switch.
[ncclient] $ vi testgetschema.py from ncclient import manager import sys host=sys.argv[1] mgr = manager.connect(host=host, port=830, username='admin', password='pica8', hostkey_verify=False) elem = mgr.get_schema(identifier='vlans') with open("%s.xml" % host, 'w') as f: f.write(str(elem)) mgr.close_session()
Run the testgetschema.py script on ncclient. By issuing the get-schema command and receiving the reply from the PICA8 switch, we can get the vlans.yang module file information displayed as follows:
module vlans { namespace "http://pica8.com/xorplus/vlans"; prefix vlans; // import some basic types import ietf-yang-types { prefix yang; } organization "PICA8, Inc"; description "This module is data model for vlans configuration"; revision 2015-12-25 { description "Initial revision."; } container vlans { description "Vlan configuration."; list vlan-id { description "VLAN tag identifier, range 1-4094, e.g. 2,3,5-100."; key "id"; leaf id { type string; } leaf description { description "Vlan description."; type string; default ""; } leaf vlan-name { description "VLAN name, up to 32 alphanumeric characters in length."; type string; default "default"; } leaf l3-interface { description "Associate a Layer 3 interface with an existing VLAN."; type string; default ""; } leaf open-flow-enable { description "Vlan will be used by open flow, maximum of 200 vlans enabled."; type boolean; default 'false'; } } ........ } }
Copyright © 2024 Pica8 Inc. All Rights Reserved.