Managing NetVisor switch via NETCONF

NETCONF


NetVisor OS 7.0.2 introduces support for the Network Configuration Protocol (NETCONF) (originally defined in RFC 6241). NETCONF is a network management protocol that provides a mechanism to install, view, manage, and delete the configuration of network devices. Operations are implemented over a Remote Procedure Call (RPC) layer using an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages.


Note: The NETCONF protocol is supported over Secure Shell (SSH) using (TCP) port 830 as defined in RFC 6242.


YANG


Yet Another Next Generation (YANG) is a data modeling language used for NETCONF-based operations as defined in RFC 6020. It provides network descriptions for the network nodes and resources.

NetVisor OS uses YANG to specify NETCONF data models and protocol operations.


NETCONF support in NetVisor OS 


To support NETCONF services on NetVisor OS, you must first enable NETCONF services by using the admin-service-modify command. When you enable the NETCONF services, all configuration services or service requests made through NETCONF services are routed to NetVisor OS, where the service requests are processed.


In NetVisor version 7.0.2, the following operations are supported:

  • get-schema --model nvOS
  • get --filter-xpath /nvOS:vlans
  • get --filter-xpath /nvOS:port-configs
  • user-rpc
    • vlan-create
    • vlan-create-by-range
    • vlan-modify
    • vlan-delete
    • vlan-delete-by-range
    • port-config-modify
    • port-config-by-description


Configuring NETCONF:


Use the following command to enable NETCONF:


CLI (network-admin@switch) > admin-service-modify if mgmt netconf


Note: By default, NETCONF service is disabled. You can enable NETCONF admin service by using the admin-service-modify command.



Use the following command to display NETCONF status:


CLI (network-admin@switch) > admin-service-show

switch if   ssh nfs web web-ssl web-ssl-port web-port vrrp snmp netconf icmp

------ ---- --- --- --- ------- ------------ -------- ---- ---- ------- ----

switch mgmt on  off on  off     443          80       off  off  on      on      

switch data on  off off off     443          80       off  off  off     on


Examples of NETCONF supported operations

In NetVisor, the NETCONF services can be leveraged by using any of the supported clients. Below is a sample output by using one of the supported clients (ncclient):


get-schema --model nvOS: 


root@VNV-7000119597:~# nvOS_ncclient.py --host switch --username network-admin --get-schema --model nvOS

Password:

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:7ac4c700-899e-4335-97f1-d79b5929ad52"><data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module nvOS {

  namespace "urn:sysrepo:nvOS";

  prefix nvOS;


  revision 2022-09-28 {

    description

      "nvOS version: 7000219751";

  }


  typedef boolean_t {

    type boolean;

  }


  typedef int8_t {

    type int8;

  }


  typedef int16_t {

    type int16;

  }


  typedef int32_t {

    type int32;

  }


  typedef int64_t {

    type int64;

  }

….

    output {

      uses nvOS_result_t;

    }

  }

}

</data></rpc-reply>


get:

root@VNV-7000119597:~# nvOS_ncclient.py --host switch --username network-admin --get /vlans/vlan[id=1098]

Password:

<?xml version="1.0" ?>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:ec78121f-33a2-4af3-9d42-6ebaab79b8f5">

root@VNV-7000119597:~# nvOS_ncclient.py --host switch --username network-admin --rpc  /root/vlan33.xml

Password:

<?xml version="1.0" ?>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:2858d646-f04c-4ef9-b8c3-0c7ee07c3b5a">

       <result_status xmlns="urn:sysrepo:nvOS">SUCCESS</result_status>

       <result_code xmlns="urn:sysrepo:nvOS">0</result_code>

       <result_msg xmlns="urn:sysrepo:nvOS">Vlans 33 created</result_msg>

</rpc-reply>


root@VNV-7000119597:~#


User-rpc: vlan modify 

root@VNV-7000119597:~# cat test.xml

<vlan-modify xmlns="urn:sysrepo:nvOS">

     <id>33</id>

     <description>vlan-modified-description-33_via_user-rpc_ncclient</description>

</vlan-modify>

root@VNV-7000119597:~#

root@VNV-7000119597:~# nvOS_ncclient.py --host switch --username network-admin --rpc  test.xml

Password:

<?xml version="1.0" ?>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:96d18e6f-63f3-495d-a3a3-e89fd0a0f5d5">

    <result_status xmlns="urn:sysrepo:nvOS">SUCCESS</result_status>

    <result_code xmlns="urn:sysrepo:nvOS">0</result_code>

    <result_msg xmlns="urn:sysrepo:nvOS"/>

</rpc-reply>


root@VNV-7000119597:~#

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south