Network Configuration Management with ... - Semantic Scholar

Network Configuration Management with NETCONF and YANG J¨urgen Sch¨onw¨alder 84th IETF Meeting, Vancouver, 2012-07-29

1 / 90

Network Management Protocol Soup GDMO/CMIP [OSI]

SMI/SNMP [IETF]

SID/TAM [TMFORUM]

CMIN/WBEM [DMTF]

IE/IPFIX [IETF]

DME/DCE [OSF]

TR069/SOAP [BROADBANDFORUM] DEN/LDAP [DMTF]

TL1 [TELCORDIA]

CLI [VENDORS]

TINA/ODL/CORBA [TINA−C]

SYSLOG [BSD/IETF]

YANG/NETCONF [IETF]

SPPI/COPS−PR [IETF] POLICY/COPS [IETF]

EC2 [AMAZON]

B See RFC 6632 for further details about the IETF’s contribution to the network management protocol soup. 2 / 90

Today’s Menu . . . NETCONF The Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. [RFC 6241]

YANG YANG is a > S: S: S: urn:ietf:params:xml:ns:netconf:base:1.1 S: S: S: urn:ietf:params:xml:ns:netconf:capability:startup:1.0 S: S: S: urn:ietf:params:xml:ns:yang:ietf-interfaces? S: module=ietf-interfaces&revision=2012-04-29 S: S: S: 4 S: 24 / 90

Remote Procedure Calls (RFC6241) The Remote Procedure Call (RPC) protocol consists of a message followed by an message. C: C: C: C: C: C: C: S: Ethernet0/0 1500

33 / 90

Subtree Filtering Subtree filter expressions select XML subtrees to include in get and get-config responses (XPath expressions can be used as well if the :xpath capability is supported). B namespace selection (wildcarding) A non-null namespace of a node in a subtree filter matches the node in the given namespace. A null namespace acts as a wildcard. B attribute match expressions The set of XML attributes present in any type of filter node form an “attribute match expression”; the selected > ethernet 36 / 90

NETCONF over SSH (RFC6242) Motivation: Use an already widely deployed security protocol for CLIs, reducing the costs associated with key management. B SSH supports multiple logical channels over one transport layer association B For framing purposes, the special end of message marker ]]>]]> is used for the initiall hello message B Subsequent NETCONF 1.1 messages use a chunked framing format (if both parties use NETCONF 1.1) B SSH is the mandatory to implement NETCONF transport 37 / 90

NETCONF over SSH: End-of-Message Framing S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S:

urn:ietf:params:xml:ns:netconf:base:1.1 urn:ietf:params:xml:ns:netconf:capability:startup:1.0 urn:ietf:params:xml:ns:yang:ietf-interfaces? module=ietf-interfaces&revision=2012-04-29 4 ]]>]]>

B Server announces protocol version, startup capability, and the ietf-interfaces encoding="UTF-8"?> urn:ietf:params:xml:ns:netconf:base:1.1 ]]>]]>

B Client announces protocol version B Client and server switch to chunked framing (both announced support for NETCONF 1.1)

39 / 90

NETCONF over SSH: Chunked Framing C: C: C: C: C: C: C: C: C: C: C: C: C: C: C: C:

#350 ethernetCsmacd ##

B Messages are send in chunks (limiting buffer sizes) B Each chunk is prefixed by its length B A special marker indicates the end of a message 40 / 90

NETCONF over SSH: Chunked Framing S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S:

#165 #174 eth0ethernetCsmacd 0true 2 #174 eth1ethernetCsmacd 1false 7 #40 RPC: RPC: image.tgz RPC: RPC:

61 / 90

Core Configuration > eth0 ethernetCsmacd 0 true 2 eth1 ethernetCsmacd 1 false 7

B 214 octets in JSON format (all white space removed) B 347 octets in XML format (all white space removed) 81 / 90

RESTful API for YANG A RESTful protocol that provides a programmatic interface over HTTP for accessing data defined in YANG, using the datastores defined in NETCONF. B Configuration data and state data are exposed as resources that can be retrieved with the GET method. B Resources representing configuration data can be modified with the DELETE, PATCH, POST, and PUT methods. B Data-model specific RPC operations defined with the YANG “rpc” statement can be invoked with the POST method. B Optional transaction resource is used to allow to allow batching of edits and handling of concurrent editing transactions. 82 / 90

RESTful API for YANG Example C: GET /yang-api HTTP/1.1 C: Host: example.com S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S: S:

HTTP/1.1 200 OK Date: Mon, 23 Apr 2012 17:01:00 GMT Server: example-server Content-Type: application/vnd.yang.api+json {

"yang-api": { "capabilities": { "edit-model": "direct", "persist-model": "automatic", "transaction-model": "none" }, "modules": { "module": [ "urn:ietf:params:xml:ns:yang:ietf-yang-api?module=ietf-yang-api& ] }, "version": "1.0" } } 83 / 90

RESTful API for YANG Example C: POST /yang-api/datastore/jukebox HTTP/1.1 C: Host: example.com S: S: S: S: S: S:

HTTP/1.1 201 Created Date: Mon, 23 Apr 2012 17:01:00 GMT Server: example-server Location: http://example.com/yang-api/datastore/jukebox Last-Modified: Mon, 23 Apr 2012 17:01:00 GMT ETag: b3a3e673be2

C: C: C: C: C:

POST /yang-api/datastore/jukebox/artist HTTP/1.1 Host: example.com Content-Type: application/vnd.yang.data+json

S: S: S: S: S: S:

HTTP/1.1 201 Created Date: Mon, 23 Apr 2012 17:02:00 GMT Server: example-server Location: http://example.com/yang-api/datastore/jukebox/artist/1 Last-Modified: Mon, 23 Apr 2012 17:02:00 GMT ETag: b3830f23a4c

{ "artist" : { "name" : "The Foo Fighters" } }

84 / 90

Discussion

[20 min]

1

Configuration Management

[15 min]

2

NETCONF Protocol

[20 min]

3

YANG Data Modeling Language

[20 min]

4

Core Configuration Data Models

[15 min]

5

Implementations, Tools, and Usage

[10 min]

6

Future Directions

[10 min]

7

Discussion

[20 min]

85 / 90

Summary and Advice. . . B If you are working on configuration of something, consider NETCONF seriously before rolling your own protocol B NETCONF is based on years of experience B NETCONF over BEEP or SOAP may disappear B There are solid (open source) implementations B Writing data models in YANG can actually be fun B There are very good (open source) tools around B Review existing YANG modules to see how your model fits into the core set of data models being defined B Check RFC 6087: Guidelines for Authors and Reviewers B Ask YANG doctors for help as needed 86 / 90

Reading Material I [1]

J. Sch¨ onw¨ alder, M. Bj¨ orklund, and P. Shafer. Network Configuration Management Using NETCONF and YANG. IEEE Communications Magazine, 48(9):166–173, September 2010.

[2]

P. Shafer. An Architecture for Network Management Using NETCONF and YANG. RFC 6244, Juniper Networks, June 2011.

[3]

J. Sch¨ onw¨ alder. Overview of the 2002 IAB Network Management Workshop. RFC 3535, International University Bremen, May 2003.

[4]

L. Sanchez, K. McCloghrie, and J. Saperia. Requirements for Configuration Management of IP-based Networks. RFC 3139, Megisto, Cisco, JDS Consultant, June 2001.

[5]

M. Ersue and B. Claise. An Overview of the IETF Network Management Standards. RFC 6632, Nokia Siemens Networks, Cisco Systems, June 2012.

[6]

M. Bjorklund. YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF). RFC 6020, Tail-f Systems, October 2010.

[7]

J. Sch¨ onw¨ alder. Common YANG Data Types. RFC 6021, Jacobs University, October 2010.

[8]

A. Bierman. Guidelines for Authors and Reviewers of YANG Data Model Documents. RFC 6087, Brocade, January 2011.

87 / 90

Reading Material II [9]

L. Lhotka. Mapping YANG to Document Schema Definition Languages and Validating NETCONF Content. RFC 6110, CESNET, February 2011.

[10] J. Sch¨ onw¨ alder. Translation of Structure of Management Information Version 2 (SMIv2) MIB Modules to YANG Modules. RFC 6643, Jacobs University, July 2012. [11] B. Linowski, M. Ersue, and S. Kuryla. Extending YANG with Language Abstractions. RFC 6095, Nokia Siemens Networks, 360 Treasury Systems, March 2011. [12] R. Enns, M. Bjorklund, J. Sch¨ onw¨ alder, and A. Bierman. Network Configuration Protocol (NETCONF). RFC 6241, Juniper Networks, Tail-f Systems, Jacobs University, Brocade, June 2011. [13] M. Wasserman. Using the NETCONF Protocol over Secure Shell (SSH). RFC 6242, Painless Security, June 2011. [14] A. Bierman and B. Lengyel. With-defaults Capability for NETCONF. RFC 6243, Brocade, Ericsson, June 2011. [15] A. Bierman. Network Configuration Protocol (NETCONF) Base Notifications. RFC 6470, Brocade, February 2012. [16] A. Bierman and M. Bjorklund. Network Configuration Protocol (NETCONF) Access Control Model. RFC 6536, YumaWorks, Tail-f Systems, March 2012.

88 / 90

Reading Material III [17] S. Chisholm and H. Trevino. NETCONF Event Notifications. RFC 5277, Nortel, Cisco, July 2008. [18] M. Scott and M. Bjorklund. YANG Module for NETCONF Monitoring. RFC 6022, Ericsson, Tail-f Systems, October 2010. [19] B. Lengyel and M. Bjorklund. Partial Lock Remote Procedure Call (RPC) for NETCONF. RFC 5717, Ericsson, Tail-f Systems, December 2009. [20] M. Bjorklund. A YANG Data Model for Interface Configuration. Internet-Draft (work in progress) , Tail-f Systems, July 2012. [21] M. Bjorklund. A YANG Data Model for IP Configuration. Internet-Draft (work in progress) , Tail-f Systems, July 2012. [22] L. Lhotka. A YANG Data Model for Routing Configuration. Internet-Draft (work in progress) , CZ.NIC, July 2012. [23] A. Bierman and M. Bjorklund. YANG Data Model for System Management. Internet-Draft (work in progress) , YumaWorks, Tail-f Systems, July 2012. [24] L. Lhotka. Modeling JSON Text with YANG. Internet-Draft (work in progress) , CZ.NIC, June 2012.

89 / 90

Reading Material IV [25] A. Bierman and M. Bjorklund. YANG-API Protocol. Internet-Draft (work in progress) , YumaWorks, Tail-f Systems, May 2012.

90 / 90