NETCONF and YANG Tutorial part2 : NETCONF

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so this is part 2 of the night go Penang tutorial part 1 gave an overview and background now we will focus purely on the Netcom protocol then later on or 3/3 of this tutorial will go into yak we will start by looking at net conf and compare it to other protocols and network management protocols that are typically mentioned in the industry and we will look it from from different perspective what kind of standard is it in what way do we identify your resources and resources I mean there could be an interface for example and that's fundamental to any network management protocol that you need to reference resources according to the data model what kind of data models exist what's the language to do the modeling what already management operations for the protocol the underlying encoding and transport again let's start with SNMP it's well defined standard by IDF being in place it's deployed then you can run test suits to validate that your device is actually adhering to standards resources in SNMP are identified by object identifiers it's it's being useful but it's sort of painful at the same time you don't say slash interfaces slash interface class sheets zero rather one look through that 13.6 etc so that's a little bit awkward but it works the data models are defined in MIPS MIPS are written in the SMI data language and we have the SNMP protocol ops get get next septet cetera I have a binary encoding and as an MP is connection-less over UDP let's start by putting Netcom parallel to SMP lon same standard organization and it's sort of an evolution where ITF realized with need a something that can do configuration management not only monitoring in that confi identify resources with path that can be read and understood so not a binary sort of the OID that slash interfaces slash interface slash it zero again so that that's an obvious improvement for humans data models there are starting to appear some core data models from IDF and of course vendor specific data models and the data modeling language is yang of course is carried over net conch soap was kind of popular a year ago or so especially driven by vendors I would say that the management interface towards the device should be soap if you compare that that's a w3c standard and how do you actually refer to resources a little bit undefined that that's not so the way soap interfaces are defined so defined functions are and are not seriously focused on on a data model and well-defined identifiers for the resources so I leave it empty here the same with data modes there are a few data models sort of in from various than organizations but not in general and there is no specific data modeling language whistle hmm it's actually not data models it's more the functions that you define in Vistal the actual management operations are or within this actual schema you need to look at the schema and then you need to search for D for the request within the schema they are not first-class citizens like in the National Vietcong one day encoding is XML and now the industry has turned to rest rest is much simpler so if you why do people leave Sao Paulo to rest instead and I would say do one primary argument is simplicity and it's certainly very easy to use REST API as if they are well defined and not well that rest is not a standard it's a set of design principles so this means that you can never interrupt test a rest server is this rest or not well sort of because it's a set of design principles good design principles to some degree but still not standardized resources over rest that's what one of the simple things that's your else so in the same way so almost like in that culture you have URLs and then you operate all the rest interface you identify the interface using a URL to that interface so that's pretty handy we have no data models for this and that also goes in line with sort of the rest simplicity there is no requirement for data modeling language the the response back can be can be text can be XML can be json encoded some use Weddell for doing some kind of data modeling and the operations in turn are these standardized HTTP operations so those are the operations you use in decoding as I said could be XML or JSON so it's it's simple to use you can use from various command line tools etc the ease of using URLs talent for resources make it easy to use what could be mentioned as a side note here is that we'll see maybe in a couple of years you see something like rest count being standardized there is being worked upon a little bit slightly to map Netcom over rest not well this is not standardized and not something you should jump into today let's see what the future brings today net conf is to think that is standardized using SNMP again - 9p we had kept in that code we have yet config as maybe we held getnext septet cetera and isn't this sort of just yet another or pc well not if you study it more carefully there are various semantics embedded in the specific operations over net code and the first thing you should notice that over SNMP there is no separation between configuration data and operational data whereas in that conf you have explicit operations to work with config data it's if you look from it from a bigger picture at the deduced cases that is easy to be supported over as a number that called can I get status fields over it over as an MP yes you do typically get next over a table but you need to iterate several times in order to get the data if you use net calls you can just do one request to get huge xml encoding or the complete table in one go and remember it's it's very efficient to overwrite or a cessation and compacted so it's not slow and we do some measurements you'll see that doing a get of operation data or net conf is typically ten times faster than the Nova SNMP because it's one request and you don't have to eat the rate over the network can you set several configuration fields in SNMP yes you need to put them into one SNMP set the limit of the UDP package in that comp you can build arbitrary large configurations over edit config and moving on the next line this can be arbitrary large everything with one added config is a transaction and you can have several edit configs and do a commit later on so or Netcom you can trust that everything will happen or not so it's a transactional edit config in SNMP devourer binds within one set or considered to be transactional but those are so few so you come to large concrete changes and even worse can you do concrete changes across several network elements in SNMP no but that's achieved by using Netcom also what you should recall here is that the Nessen and P are typically very dependent on ordering those of you that have tried to do some sets over SNMP and realize that terrors and hidden dependencies in which ordering you need to do things that is totally removed over Netcom actions in NAT cough has explicit support for doing RPC calls as a cell so doing self-tests rebuild those are explicit operations there are tweaks to support that over SNMP typically a set the specific variable but that creates very old hot models notifications well yes of course the famous SNMP traps over UDP in Netcom they are connection oriented so there are pros and cons I mean if you have a large network and probably you don't want to stay connected to every device in case they want to send the Netcom notification one year later so this is a trade off what's the purpose of the notifications and so UDP notifications still is very useful I would say can you use SNMP for backup or restore now you know one does that to be honest perfect fit for net conf you can you can get to config you can store it and you can restore it by United config secure yes net conference or SSH well established security framework version 3 SNMP is okay but it's it's complex so that the complexity of r3 typically pushes people back to version 1 and 1/3 to remember the requirements initially from the operators being able to distribute configurations before committing them to validate them etc and as an MP everything is takes immediate action whatever set you do it immediately takes effect in that configure you can send another config and you can validate it then you can't commit it later on so let's deep dive in turn into transactions because that's fundamentally Netcom that was the primary requirement from the operators and err the typical acid the four properties that defines intersection the acid properties atomicity means that it's all or nothing it's an atomic change set so when you do something or Netcom in another conflict it's all-or-nothing consistency this means that there is no ordering requirement for from the client a client can send create a crate be or creepy create or a these are identical operations so it's you can see this as one consistent change so if a specific device requires ordering it's not a transaction advice independence if you have ongoing transactions data do not destroy each other they do not interfere so from an external observation point of view it looks as though things happen in sequence of course things are paralyzed internally but but to the effect at the end is an S if they appeared in sequence durability it means that if you commit the data it's there it's persistent so if you reboot a system the the configuration is still there just to take an example if you give an interface a name or a number some of you that are listening in her might recall some interesting scenarios where you reboot the system and the - Dixey knife table suddenly is renumber or if you remove an interface and stick another interface in and the interface numbers are remembered configuration data is part of the transaction is persistent if it sticks so taking this into more of an example consider intersection what you would like to add an interface e5 and add around to that if you do it a drought over if five and then if five or vice versa in a transactional context over net call it doesn't matter you can do any order and it's up to the device to perform the intersection correctly so this releases the burden for management system just prepare the config and send it we talked about backup restore so if you have a true transaction system you can just dump the config that can be huge and it looks like an ordering but you can you should be able to take that same config and paste it in to the same or another system and it will appear the same way and you shouldn't be able to restore the data it should be all or nothing and no it you exercise limits and then let the transaction spam devices imagine you would need to create the service across several devices and applications so in the network management system in the OCS you should be able to prepare the configuration changes some edits on the IPTV servers routers firewalls and building and the OCS can can just send that to be for devices without considering ordering it's an all or nothing across all devices every device validates its configuration and dimensional system can utilize validation and roll backs that are supported intersection systems to make sure that if one of the involved devices fail it's easy to roll back on the other ones so Network wide transaction this is fundamental and this is makes Netcom stand out especially to SNMP but to RPC mechanisms in general etc you need to have transactional semantics on top of the network management protocol to make it easy for the national system to use it so that was a little bit of the characteristics let's now move on to the explicit net operations Network messages are encoded in XML so it's sort of an XML RPC request the responses with XML tags and there's a framing mechanisms in 1.0 there was a character sequence ever identified some corner cases where this actually didn't fly in XML so there is an other framing in 1.1 where the actual number of characters to read or specified they are encrypted and carried over SSH so the SSH framework is reused so authentication and everything it just runs over SSH there were some historic mappings including soap but those are all dedicated Netcom is SSH today that's it and it gives you authentication integrity and confidence which is of course fundamental the net confess connection-oriented so well did that sort of the contrast between you to be has an ambient ECB in this case and there's a tcp and you don't have to take care of all the missed requests the reasons i managed automatically under its efficient use of the medium as well it's always a balance when you specify a protocol and if you release one one protocol today after the creativity needs some some new features so that's built internet confer whenever a net comply internet server connects they exchange their capabilities by the hello message so the both the client-server exchanges hello messages where the capabilities are expressed and that can be both which standard things they support but also private extensions some the the Netcom specification itself defines a couple of capabilities that are published in st hello and interestingly enough and very important the net conserver exposes its yang data models to native client that's also capability so which data models are supported by device say hello you'll get a list of the data models back so this tells the management system explicitly which data models to use also for example can i drive to the running database or do i need to write to the candidate database commit that to drowning that's its support validation etc all of that is part of the hello and the all extensions have separate XML namespaces so let's make it easy to avoid clashes I didn't mention the exam pasta logical data stores I might use the term database sometimes that that's little sloppy in this tutorial the correct name should be data storage remember these are pure logical data stores and that they are named and this is something typical for working devices that they have a start-up database they have a running database which corresponds to how they behave currently they might have a candidate database and you can use URLs etc for data stores as well by supporting Epcon you must support the rounding date of data store startup and candidate they are optional and those are capabilities we will do a Hello exchange pretty soon see how our device responds with data stores can you write directly so right people running means that you could write directly to the random data store and if you can't write directly you need to use the net cone operation copy config program data store to another so this every Netcom corporation refers to a data store specify the target the name of the logical data store and then the operation you would like to achieve now connecting back to the discussion around transactions when when you do an a transactional change the manager can prepare a set of configuration changes or just a complete bulk configuration and you put that into one operation the edit config at it completely sort of very fundamental here you put that into the edit convicting it can create a completely new configuration or much a little bit to bits and pieces into an existing config and remember probably this is the fourth or fifth time I say but it's well worth repeating there is no need for a manager to figure out ordering that's that's up to the device and the device should also be able to recover so it's not up to the manager to realize that half of that the conflict went through it's no lore or nothing but that's very important so from a management perspective it's an all-or-nothing remember the acid characteristics and so this makes it possible for a network manager to actually do a network wide transaction as we did did see previously you send a configuration change to every device Kandra datastore then you can ask each candidate the store to validate itself if everyone says ok you can then commit it to devices that's the simplest way of doing that required transaction and there is also another more advanced so to speak commit operation which is called confirmed commit one use of the confirmed committee is that cover cases where USA Network admin actually configures yourself away from the box well if you commit something and then suddenly you lose connection to it the confirmed commit Austin device to commit the change in the running go activated configuration but if the device does not receive sort of an ACK but in the specified time it will automatically go back to previous one so that covers the case where you configure save yourself away from the device but you can also have other tests running in you can monitor KPIs etc and if you're not happy if you can just drop the connection and the devices will automatically roll back so that's the requirement in a confirmed commit the devices should roll back if you drop the connection ok let's go to the details now what are the actual operations these are the net configurations get a kept operation point somewhere in the data model tree data store tree and receives everything configuration data as well as operational data get config however will only retrieve the configuration data and this is fundamental just take the scenario book backup and restore you don't have to yourself sort of remove the operational attributes out of the response get config gives you the config edit config obviously that's the way to manipulate the config and you can delete an add and modify it it goes with a couple of operas there so you can have the test option out what should happen should you test and then set or should you just blindly set or should you only test and then return some eruptions and you can also say let's define explicit operation such as delete copy convey cease to cope with configuration data from one data storage another for example from running to startup and commit commit is actually a operation towards the candidate data store so if the device supports candidate you can do several edit conflicts towards the candidate database then at the later stage you do a commit the commit copies the candidate data store to the run so that what it does you don't commit towards the rounding you commit towards the the candidate if you down a step set of edit conflicts towards the candidate and want to get rid of those discard changes empties the candidate tables delete config that's deleting a complete data store you can lock and unlock data store to make sure that you have exclusive access to it and there are two ways of either gracefully or tough killing a session how does this look actually this is an example of an net called conversation the manager sends a request there's a message ID field that is used to correlate requests and responses so they they can go in parallel so you match the message ID to match the requests and responses so here we have an operation towards the candidate data store test then set rollback at one error transactional behavior we set the attributes of an interface and the payload is always within the confi so there is a target section and there is a config section the config is the actual data and this must correspond to data model in this specific case must correspond to the gang data model is there okay then the management system ask the device to validate the candidate okay finally the management system performs a commit confirmed okay typical sequence and this this was a confirmed commit to make this happen and not rollback automatically there the imaginal systems also send a final commit within the time frame there are a couple of optional capabilities here so right the Browning means that you can write directly to the running data store that's still possible even though a device that has a candidate you might still be allowed to write it to the running directly candidate we mentioned that a couple of times confirm commit to just talked about that meaning you can commit to the time out roll back an error gives if you do a complete le config the device will roll back if you have problems validate you can send the convict and then ask the device to validate it start up database URL meaning you can use URL since data store this is of course handy to have a config on and TFTP server or something and you can copy that directly to datastore will indeed device X both X both is a complex filtering language so device it's optional to support it and if it's supported dimensional system can send complex queries to select specific parts of the config let mine receiving the configuration and there are some known base standards and notification you need to leave meaning these spontaneous notifications port your lock to deport you lots of data store and default values and an interesting one network monitoring I would say the most important part of that is that if a device supports network monitoring the management system can dynamically retrieve the data models over the wire I didn't show that in the introduction to this tutorial and so the hello message gives you the name of a data model and that's required but if you support this capability you can also get the the actual data model and vendors can define their own capabilities now when we look at the individual net corporations one by one see the payload of the request and response first we have the famous hello operation so in this case decline tells the server that he speaks 1.1 so the yellow star tag hello and tag and the capabilities part we have a response from the server or the agent if you want to speak as an appellee in geo lingo says that call 1.1 it tells the measurement system it has a writable running as well as it candidate it can support confirmed commit the client can ask the server to validate the data and it can roll back an error tells the client that it has a specific angular model called DHCP D and also a IDF data model so this is the response which tells the management system how to interact which data models which data stores which that covers and strategies now we can do some get config so I get config get config stop start the source is running and a field so in this case it's a filter to pick the Triple A sub tree the response back is Triple A and down the tree here see the contents and get the lists of users so the configured users in the system is responded back and edit config I'm targeting the running data store the config part and I would like to edit the default least time would like to much this this time so merge merges into existing rather than replacing and the server can responding okay if you look at the added config you can specify test options test and set is a default set without testing and test round setting the eruptions stop an error not to continue continue or rollback on error would go back to the previous state the actual operations you can do is to march replace create delete and remove and delete will fail if the item does not exist remove this okay you don't item does not exist in stop here and look at some live net conf conversations using these operations so I will illustrate the metric of operations we just looked at the get config and edit config again I will reuse the received example we created in the part 1 of this tutorial simple device that has the properties container with name for device and state these are configurable States no dwell and an interfaces section were couple of interfaces and you can appoint one of the interfaces as being the dimensional interface so as you see here this is the way our device is configured and displaying that on the local scene I let's do the same thing over net conf so here I have a net called browser and as I didn't show you in this introduction I could actually discover the data model and load the data model so where's the the tree structure of the same data model let's first connect to device what did you we say hello so the client sends the hello to server what's interesting here is that the server namely my device with box data bottle response to capabilities back so you see one thing here that the device tells the netbook browser this is the data model and a couple of other interesting here we see that it supports a candidate database there is no Brad table running as you see so there's candidate we have to write to the candidate it can do roll back an error it can do validation it has a built-in export so we can send export expressions and see some other modules here as well from from standard high def models let's start by doing a get config so let's get the property section get from running notes the structure up here the source is running have a filter of type subtree and the subtree is properties the property section from the data model here we have the response properties name can state we can do the same for interfaces now getting from running doing a subtree field drink for interfaces let me get a complete XML response back with the three interfaces and we want to see the management interface that was appointed to the management interface e2 we can edit data we would like to change this date so remember this was a comfortable configurable States not the read-only operation state let's change the state and need to do an edit config note well that running is grayed out by the network browser because the hello exchange told the network processor that there's candidate database and there was no bride to be running if the capability of writable running would have been published we could have done it directly to run so let's modify the candidate database so we're starting to build and edit config pay down here edit config target candidate config slash config this is the extra configuration changes we would like to do it would like to set it to good night if that's okay goodbye fine let's sound as an RPC let's send the edit config as an RPC Tappin in the back here the Edit conflict was sent away the device is responded within okay so what we did here is that we modified the candidate so the rounding is not yet changed in order to have this to take effect we can send the commit operation so commit copies candidate to run and we can commit it was committed let's go back to see lie see if state was changed state is changed to get previously it was fast so that was a successful operation over napkin and we can of course do the same thing on a text-based netskope client we can start by doing the hello returns the capabilities from our device again for example from CD data model we can to get the interfaces or we can get the properties you can also get a specific interface by doing the power of interfaces / interface square brackets name equal with 0 remember name that was the key in the data model the list of interfaces this gives us is zero interface so we will end the demo with deleting and creating interfaces so what you have in front of you here we say not called edit config.xml snippet so we have the Edit conflict tag and tag we're targeting the candidate database and interfaces interface eath one but with a operation delete so we can send that in a D Network line tool here I prepared the same piece of configuration in the neck of browser same thing here and we could validate but let's go send this is an RPC is now sending the delete towards my box simulator here and we got an old K back so this is now in the candidate remember so this was an added conflict towards the candidate and we can commit the candidate to the running changes were committed and the interface was deleted so if I get all the interfaces but it's zero and if two while if one was removed let's go and restore so creating config let's just prepare the config and ask the net con server to apply the config well send this guy send it we can commit it commit and the interface should be back here each one is back so that was a very simple scenario deleting and creating config this ends the net concession

Info

Channel: Tail-f Systems

Views: 18,921

Rating: 5 out of 5

Keywords: NETCONF, YANG

Id: xoPZO1N-x38

Channel Id: undefined

Length: 38min 10sec (2290 seconds)

Published: Sat Oct 18 2014