Лекция 8. Programmability сoncepts with NETCONF YANG
Описание файла
PDF-файл из архива "Лекция 8. Programmability сoncepts with NETCONF YANG", который расположен в категории "". Всё это находится в предмете "программно-конфигурируемые сети (sdn)" из 10 семестр (2 семестр магистратуры), которые можно найти в файловом архиве МГУ им. Ломоносова. Не смотря на прямую связь этого архива с МГУ им. Ломоносова, его также можно найти и в других разделах. .
Просмотр PDF-файла онлайн
Текст из PDF
Programmability Conceptswith NETCONF/YANGCraig HillDistinguished SE, U.S. FederalVers 1.1CCIE #1628© 2014 Cisco and/or its affiliates. All rights reserved.Cisco Confidential1Hybrid SDN ModelDistributed and Centralized (via controller) Control Plane + Standards Data PlaneSDN Control Plane Architecture(Hybrid)AppAppAppApp“North Bound”control and APINB API’sControllerCommunicationChannelToNetworkElement“South Bound” controland APIIP/MPLSBGP/OSPFPacketForwardingHardware + CPPacketForwardingHardware + CP© 2013 Cisco Systems, Inc. All rights reserved.PacketForwardingHardware + CPApplications layeredon topOperating System controllingspecific functions of thenetworkNETCONF, BGPLS, PCEP,OpenFlow, OVSDB, CLINetwork Element (Phy,Virt), with DistributedCP + programmingcapabilities throughSouthbound APIHybrid SDN ModelOpen Protocols and Direct Device ProgrammabilitySDN Control Plane Architecture(Hybrid)NB API’sAppAppAppAppApplications layerOpen protocols and DeviceProgrammabilityNETCONF, RESTCONF,REST, SSH/CLICommunicationChannelToNetworkElementIP/MPLSBGP/OSPFPacketForwardingHardware + CPPacketForwardingHardware + CP© 2013 Cisco Systems, Inc.
All rights reserved.PacketForwardingHardware + CPNetwork Element (Phy,Virt), with DistributedCP + programmingcapabilities throughSouthbound APIWhy Programmability?Evolution of Network Configuration1990sTodayCAT6K>enableCAT6K# config terminalCAT6K(config)# interface fastethernet 1/1CAT6K(config-if)# ip address 1.1.1.1 255.255.255.0CAT6K(config-if)# no shutdownCAT6K(config-if)# exitCAT6K(config)# router eigrpCAT6K(config-router)# network 1.1.1.0CAT6K(config-router)# exitCAT6K(config)# exitCAT6K# copy run startNEXUS>enableNEXUS# config terminalNEXUS(config)# interface ethernet 1/1NEXUS(config-if)# no switchportNEXUS(config-if)# ip address 1.1.1.1 255.255.255.0NEXUS(config-if)# no shutdownNEXUS(config-if)# exitNEXUS(config)# feature eigrpNEXUS(config)# router eigrp Test1NEXUS(config)# interface ethernet 1/1NEXUS(config-if)# ip router eigrp Test1NEXUS(config-if)# no shutdownNEXUS(config-if)# endNEXUS# copy run startWe need to better manage network devices programmaticallyWhy Programmability is important?Save TimeHuman ErrorCustomizeInnovate7Application Frameworks, Management Systems, Controllers, ...OnePK C/JavaPythonNETCONFRESTOpenFlow ACI Fabric OpenStackPuppetProtocols…RESTfulManagementPuppetOrchestrationNeutron“Protocols”Network ServicesBGP, PCEP,...ControlOpFlexForwardingOpenFlowNetwork Device Plug-InsAPI (on device) and Data Models (YANG)Operating Systems – IOS / NX-OS / IOS-XRYANGDevice…XML/JSONWhy NETCONF/YANG? - Informational RFC 3535AbstractThis document provides an overview of aworkshop held by the Internet Architecture Board(IAB) on Network Management.
The workshopwas hosted by CNRI in Reston, VA, USA fromJune 4 thru June 6, 2002. The goal of theworkshop was to continue the important dialogstarted between network operators and protocoldevelopers, and to guide the IETFs focus onfuture work regarding network management.• SNMP had failed(For configuration, that is, NOT mgmt)Extensive use in fault handling andmonitoring• CLI scripting“Market share” 70%+configurationImplications of RFC3535 – Legacy SituationOSSNMSNETCONFEMSManagerCost andcomplexity• No well-defined protocols and datamodels• Lack of atomicity• Ordering problemImplications of RFC3535, with transactionsOSSNMSNETCONFEMSManagerReducedCost andcomplexity• Transactions• Models• Standardized ProtocolsCost/ValueNETCONF and YANG in ContextYang YANG ModelsManagementModelsApplicationsNETCONFManagerNETCONFYANG ModelsYANG ModelsYANG ModelsNETCONF ProtocolIntroductionWhat is NETCONF?NETCONF (Network Configuration Protocol) is an IETF configurationmanagement protocol••Not only configuration access, but operational state dataNETCONF uses XML (as you are going to see)Why NETCONF?Lots of ToolingAccessible FormatError CheckingBackup/Restore CapabilityHuman and Machine FriendlyRFC3535Separates Config and Operational DataNext-Gen ConfigurationManagementRequirementsEasy to UseNETCONF IETF Standard InformationV 1.0V 1.1ExtensionRFC 6535Background andRequirementsRFC 62411.1 Base NETCONF ProtocolRFC 5277NotificationsRFC 47411.0 Base NETCONF ProtocolRFC 6242NETCONF over SSHRFC 5717Partial LockingRFC 4742NETCONF over SSHRFC 6243With defaultsRFC 6244NETCONF + YANGArchitectural OverviewNETCONF Protocol StackContentServerSSHClientOperationsReason:MessagesTransport••••Connection-oriented (TCP)AuthenticatedReliableSecureNETCONF Protocol Stack<rpc>ContentOperationsMessagesTransport<rpcreply>ServerClientNETCONF Messages:•Remote Procedure Call (RPC)RPC Client’s Request Methods:••••ControllerNMSScriptManualNETCONF Protocol StackContentOPERATIONDESCRIPTION<get-config>Retrieve data from the runningconfiguration<get>Retrieve running configuration ordevice statistic<edit-config>Modify a configuration database- operation = merge (default),delete, create, replace, remove- test-option (:validate), erroroption<copy-config>Copy a configuration database<delete-config>Delete a configuration database<commit>Commit candidate configuration tothe running db<lock>/<unlock>Lock or unlock a configurationdatastore system<close-session>Terminate this session<kill-session>Force Termination of sessionOperationsMessagesTransportNETCONF Protocol StackContentOperationsMessagesTransport<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:candidate:1.0</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability></capabilities><session-id>285212672</session-id></hello>]]>]]>NETCONF Configuration Data StoresStartupRunningCandidateFiles… / URLs…• Named configuration stores–Each data store may hold a full copy of the configuration• Running is mandatory, Startup and Candidate optional (capabilities :startup,:candidate)• Running may or may not be directly writable (:writable-running)NETCONF Protocol Stack SummaryConfig data, Notification (XML)Operations<get>, <get-config>,<edit-config> etcMessages<rpc>, <rpc-reply>TransportSSHServerClientContentYANG LanguageIntroductionOverview• YANGData definition language for management data...
Original focus on configuration information, but not any more restricted to it... Original context: NETCONF... Can be separated from NETCONF (not an original goal but important!)Consistent data enabled through models defined in a common languageModel-driven Interfaces• NETCONFNetwork Configuration ProtocolFill the void between SNMP (monitoring) and CLI (geared towards humans)• Standardization through IETF (mainly netconf and netmod WGs)What can you do with YANG• Define data models for something that you need to manage. Example:Interfaces and their configurationAccess Control Lists (rules that govern policies how to handle packets)Topology• Specify semantics that allow to validate and maintain consistencyOperational or configuration – “read-only” or “read-write”Conditions and constraints – value dependencies, referential integrity, …Units, defaults, ranges, alternatives, …• Extend data models previously definedSimply “insert” new data where applicable (“augmentation”)Add a new sub-tree into the existing model• Instantiate the data as “conceptual datastore” and manage your device by accessingand manipulating contents of that datastoreDatastore: an abstraction of a “real resource” – what you are managingYANG-based Management ArchitectureNetconf client(manager)Netconf server(agent)YANG(Schema)Data(Instance)ConceptualDataStoreAn NMS, an SDN Controllermessage exchanges includedata encoded per transfersyntax (e.g.
XML)Operations retrieve + modifydatastore contentsData defined per YANG(the “schema”)Internal API callsReal ResourcesInterfaces, ACLs, BGP, …Note: a device can have severaldatastores“Running”, “Startup”, “Candidate”Only “running” contains operational dataOperations can target specific datastores- as a whole (e.g. copy) or data items in itYANG structureAn index, so a list+--rw if:interfaces+--rw if:interface [name]Data type, indicative of a leaf item+--rw namestring+ ...+--rw ipv4?| +--rw enabled?boolean| +--rw ip-forwarding?boolean| +--rw address [ip]| | +--rw ipinet:ipv4-address| | +--rw (subnet)?“()” indicates a choice of alternatives| |+--:(prefix-length)| || +--rw ip:prefix-length?uint8| |+--:(netmask)| |+--rw ip:netmask?inet:ipv4-address| +--rw neighbor [ip]|+--rw ipinet:ipv4-address|+--rw phys-address?yang:phys-address“?” indicates it may or may not be included+--rw ipv6?+--rw enabled?boolean+--rw ip-forwarding?boolean“rw” means it’s writable+--rw address [ip]| +--rw ipinet:ipv6-address| +--rw prefix-length?uint8+--rw neighbor [ip]| +--rw ipinet:ipv6-addressprefix indicates definition source| +--rw phys-address?yang:phys-address+--rw dup-addr-detect-transmits?uint32+--rw autoconf+--rw create-global-addresses?boolean+--rw create-temporary-addresses?boolean+--rw temporary-valid-lifetime?uint32+--rw temporary-preferred-lifetime?uint32Cisco Confidential© 2014 Cisco and/or its affiliates.
