Managing NetVisor OS Switch Using RESTCONF

RESTCONF


NetVisor OS 7.1.1 introduces support for the Representational State Transfer Configuration (RESTCONF) protocol, as defined in RFC 8040. RESTCONF is an HTTP-based network management protocol used for configuring data models defined in YANG. It does so by using the data store concepts defined in the NETCONF functionality. RESTCONF supports both XML and JSON data formats.


RESTCONF needs to be compatible with the NETCONF protocol by implementing a subset of its interaction capabilities. It uses HTTP methods to implement the equivalent of NETCONF operations enabling basic CRUD operations on a hierarchy of conceptual resources. The HTTP POST and DELETE methods are used to modify data resources represented by YANG data models. These basic operations allow a generic RESTCONF client to modify the running device configuration.


Note: The RESTCONF protocol is supported only over HTTPS using the custom TCP port 8443.


For details on NETCONF, refer to the Managing NetVisor switch via NETCONF section.


Pre-requisites


Ensure the following prior to enabling RESTCONF services on a NetVisor OS switch:


  • The switch should have valid web certificates.
  • The switch should have NETCONF enabled.


For further information on the web-cert related commands, refer to the Configuring REST API Access section. 


Note: To enable RESTCONF, there is no need to enable or disable web-ssl service.

Configuring RESTCONF


Use the following command to enable RESTCONF (if NETCONF is previously enabled):


CLI (network-admin@switch) > admin-service-modify if <mgmt|data> restconf


Note: By default, the RESTCONF admin service is disabled.


Use the following command to enable both NETCONF and RESTCONF simultaneously (if NETCONF was not enabled previously) :


CLI (network-admin@switch) > admin-service-modify if <mgmt|data> netconf restconf


Note: As shown in the example above, NETCONF and RESTCONF can also be enabled simultaneously in the same command on the in-band (data) interface or on the out-of-band management interface.


Use the following command to display the RESTCONF status:


CLI (network-admin@switch) >  admin-service-show


switch if   ssh nfs web web-ssl web-ssl-port web-port vrrp snmp netconf restconf icmp

------ ---- --- --- --- ------- ------------ -------- ---- ---- ------- -------- ----

switch mgmt on  off on  off     443          80       off  off  on      on       on

switch data on  off on  off     443          80       off  off  off     off      on 


For more information on the list of supported operations for RESTCONF in NetVisor OS version 7.1.1, refer to the NETCONF support in NetVisor OS sub-section in the Managing NetVisor switch via NETCONF section.


Examples


Below are a few sample requests of supported operations using the RESTCONF services:

GET /restconf (xml)


$ curl -k -s -u network-admin:pluribus_password -X GET -H "Accept: application/yang-data+xml" https://switch:8443/restconf

<ietf-restconf:restconf><data></data><operations></operations><yang-library-version>2019-01-04</yang-library-version></ietf-    restconf:restconf>


GET /restconf (json)


$ curl -k -s -u network-admin:pluribus_password -X GET -H "Accept: application/yang-data+json" https://switch:8443/restconf

{"ietf-restconf:restconf": {"data": {}, "operations": {}, "yang-library-version": "2019-01-04"}}


$ curl -k -s -u network-admin:pluribus_password -X GET -H "Accept: application/yang-data+json" https://switch:8443/restconf | python -m json.tool

{

"ietf-restconf:restconf": {

"data": {},

"operations": {},

"yang-library-version": "2019-01-04"

}

}


GET /restconf/operations

     

$ curl -k -s -u network-admin:pluribus_password -X GET -H "Accept: application/yang-data+json" https://switch:8443/  restconf/operations | python -m json.tool

{

"nvOS:port-config-modify": {},

"nvOS:port-config-modify-by-description": {},

"nvOS:vlan-create": {},

"nvOS:vlan-create-by-range": {},

"nvOS:vlan-modify": {},

"nvOS:vlan-delete": {},

"nvOS:vlan-delete-by-range": {}

}


GET /restconf/data/ietf-yang-library:modules-state


$ curl -k -s -u network-admin:pluribus_password -X GET -H "Accept: application/yang-data+json" https://switch:8443/restconf/data/ietf-yang-library:modules-state|python -m json.tool

{

   "ietf-yang-library:modules-state": {

            "module": [

                {

                    "namespace": "urn:sysrepo:nvOS",

                    "name": "nvOS",

                    "revision": "2022-10-13"

                }

            ]

    }

}


GET requests (xml)


$ curl -k -s -u network-admin:pluribus_password -X GET --header "Accept: application/yang-data+xml" https://switch:8443/restconf/data/nvOS:vlans?content=nonconfig

 

<vlans xmlns="urn:sysrepo:nvOS"><vlan><id>1</id><vnet>0:0</vnet><type>public</type><vxlan><vxlan>0</vxlan><auto-vxlan>false</auto-vxlan><vxlan-mode>standard</vxlan-mode><vxlan-hybrid-mode>standard</vxlan-hybrid-mode><hw-vpn>0</hw-vpn><hw-mcast-group>0</hw-mcast-group><repl-vtep>::</repl-vtep></vxlan><public-vlan>0</public-vlan><scope>local</scope><description>default-1</description><active>true</active><stats>true</stats><vrg>0:0</vrg><ports>1-72,272-275</ports><untagged-ports>1-72,272-275</untagged-ports><send-ports>none</send-ports><active-edge-ports>12,69,274</active-edge-ports><ports-specified>false</ports-specified><flags></flags><hw-member-ports>none</hw-member-ports></vlan><vlan><id>4093</id><vnet>0:0</vnet><type>public</type><vxlan><vxlan>0</vxlan><auto-vxlan>false</auto-vxlan><vxlan-mode>standard</vxlan-mode><vxlan-hybrid-mode>standard</vxlan-hybrid-mode><hw-vpn>0</hw-vpn><hw-mcast-group>0</hw-mcast-group><repl-vtep>::</repl-vtep></vxlan><public-vlan>0</public-vlan><scope>local</scope><description>vlan-4093</description><active>true</active><stats>true</stats><vrg>0:0</vrg><ports>397</ports><untagged-ports>397</untagged-ports><send-ports>none</send-ports><active-edge-ports>none</active-edge-ports><ports-specified>false</ports-specified><flags></flags><hw-member-ports>none</hw-member-ports></vlan></vlans>


GET requests (json)


$ curl -k -s -u network-admin:pluribus_password -X GET --header "Accept: application/yang-data+json" https://switch:8443/restconf/data/nvOS:vlans?content=nonconfig | python -m json.tool

{

"vlans": {

"@xmlns": "urn:sysrepo:nvOS",

"vlan": [

{

"active": "true",

"active-edge-ports": "0",

"description": "default-1",

"flags": null,

"hw-member-ports": "none",

"id": "1",

"ports": "0-104",

"ports-specified": "false",

"public-vlan": "0",

"scope": "local",

"send-ports": "none",

"stats": "true",

"type": "public",

"untagged-ports": "0-104",

"vnet": "0:0",

"vrg": "0:0",

"vxlan": {

"auto-vxlan": "false",

"hw-mcast-group": "0",

"hw-vpn": "0",

"repl-vtep": "::",

"vxlan": "0",

"vxlan-hybrid-mode": "standard",

"vxlan-mode": "standard"

}

},

{

"active": "true",

"active-edge-ports": "none",

"description": "vlan-modified-description-33_via_user-rpc_ncclient",

"flags": null,

"hw-member-ports": "none",

"id": "33",

"ports": "0-104",

"ports-specified": "false",

"public-vlan": "0",

"scope": "local",

"send-ports": "none",

"stats": "true",

"type": "public",

"untagged-ports": "0-104",

"vnet": "0:0",

"vrg": "0:0",

"vxlan": {

"auto-vxlan": "false",

"hw-mcast-group": "0",

"hw-vpn": "0",

"repl-vtep": "::",

"vxlan": "0",

"vxlan-hybrid-mode": "standard",

"vxlan-mode": "standard"

}

},


....

{

"active": "true",

"active-edge-ports": "none",

"description": "vlan-4093",

"flags": null,

"hw-member-ports": "none",

"id": "4093",

"ports": "397",

"ports-specified": "false",

"public-vlan": "0",

"scope": "local",

"send-ports": "none",

"stats": "true",

"type": "public",

"untagged-ports": "397",

"vnet": "0:0",

"vrg": "0:0",

"vxlan": {

"auto-vxlan": "false",

"hw-mcast-group": "0",

"hw-vpn": "0",

"repl-vtep": "::",

"vxlan": "0",

"vxlan-hybrid-mode": "standard",

"vxlan-mode": "standard"

}

}

]

}

}


GET request  (port configs)


$ curl -k -s -u network-admin:pluribus_password -X GET --header "Accept: application/yang-data+xml" https://switch:8443/restconf/ data/nvOS:port-configs?content=nonconfig

....


vlan-create


$ curl -k -s -u network-admin:pluribus_password -X POST -H "Accept: application/yang-data+json" -H "Content-Type: application/yang-data+json" --data '{"id": 36, "scope": "local", "@xmlns": "urn:sysrepo:nvOS"}'  https://switch:8443/restconf/operations/nvOS:vlan-create

{"urn:sysrepo:nvOS:result_status": "SUCCESS", "urn:sysrepo:nvOS:result_code": "0", "urn:sysrepo:nvOS:result_msg": "Vlans 36 created"}


vlan-modify


$ curl -k -s -u network-admin:pluribus_password -X POST -H "Accept: application/yang-data+json" -H "Content-Type: application/yang-data+xml" --data "<input xmlns=\"urn:sysrepo:nvOS\"><id>33</id><description>its_me_netconf </description></input>" https://switch:8443/restconf/operations/nvOS:vlan-modify {"urn:sysrepo:nvOS:result_status": "SUCCESS", "urn:sysrepo:nvOS:result_code": "0", "urn:sysrepo:nvOS:result_msg": null}


north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south