API on Cisco: IOS-XE 使ってみる (NETCONF)

CiscoのAPI関連はDEVNET(https://developer.cisco.com/)に情報が集まっている。

このエントリーはNETCONFの概要と、ルータから情報を引きだせるところまで。

ビデオで概要を知る

Getting the “YANG” of it with Standard Data Models … YANGとは何者か。RPC, NETCONFとの関係
Goodbye SNMP <hello> NETCONF! … NETCONFの仕様。PythonでNETCONFを使ってみる

ラボ環境を作る

DEVNETにログインすると、Always-On Sandbox(Cisco各種機能が試せるラボ)にアクセスできるはずだが、接続できなかったので、AWSでCSR1000Vを立ち上げてみる。小さいインスタンスであれば1時間10c以下なので、問題なし。

1. CSR1000Vを立ち上げる
2. sshでCSR1000Vにアクセス
3. NETCONFでアクセスできる設定

ip-172-31-2-170#
ip-172-31-2-170#sh ip int brie
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       172.31.2.170    YES DHCP   up                    up      
ip-172-31-2-170#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ip-172-31-2-170(config)#int g1
ip-172-31-2-170(config-if)#ip address 172.31.2.170 255.255.255.0
ip-172-31-2-170(config-if)#netconf-yang                           
ip-172-31-2-170(config)#user netconf-user priv 15 pass ******
ip-172-31-2-170(config)#
ip-172-31-2-170(config)#exit
ip-172-31-2-170#show platform softwa yang-management process
confd            : Running 
nesd             : Running 
syncfd           : Running 
ncsshd           : Running 
dmiauthd         : Running 
vtyserverutild   : Running 
opdatamgrd       : Running 
nginx            : Running 
ndbmand          : Running 

ip-172-31-2-170#

ip-172-31-2-170#

ip-172-31-2-170#sh ip int brie

Interface IP-Address OK? Method Status Protocol

GigabitEthernet1 172.31.2.170 YES DHCP up up

ip-172-31-2-170#conf t

Enter configuration commands, one per line. End with CNTL/Z.

ip-172-31-2-170(config)#int g1

ip-172-31-2-170(config-if)#ip address 172.31.2.170 255.255.255.0

ip-172-31-2-170(config-if)#netconf-yang

ip-172-31-2-170(config)#user netconf-user priv 15 pass ******

ip-172-31-2-170(config)#

ip-172-31-2-170(config)#exit

ip-172-31-2-170#show platform softwa yang-management process

confd : Running

nesd : Running

syncfd : Running

ncsshd : Running

dmiauthd : Running

vtyserverutild : Running

opdatamgrd : Running

nginx : Running

ndbmand : Running

ip-172-31-2-170#

NETCONFを使ってみる

参考モジュール：Introduction to Device Level Interfaces (ex: NETCONF/YANG)

YANGモデル(ietf-interfaces-model)の例を見てみる… このような形で、編集できる部分(設定)と読み込みのみの部分(状態やパケット統計)が別れている。

(venv) shogokobayashi (master) 02-introducing-yang-data-modeling $ pyang -f tree ietf-interfaces.yang 
module: ietf-interfaces
    +--rw interfaces
    |  +--rw interface* [name]
    |     +--rw name                        string
    |     +--rw description?                string
    |     +--rw type                        identityref
    |     +--rw enabled?                    boolean
    |     +--rw link-up-down-trap-enable?   enumeration {if-mib}?
    +--ro interfaces-state
       +--ro interface* [name]
          +--ro name               string
          +--ro type               identityref
          +--ro admin-status       enumeration {if-mib}?
          +--ro oper-status        enumeration
          +--ro last-change?       yang:date-and-time
          +--ro if-index           int32 {if-mib}?
          +--ro phys-address?      yang:phys-address
          +--ro higher-layer-if*   interface-state-ref
          +--ro lower-layer-if*    interface-state-ref
          +--ro speed?             yang:gauge64
          +--ro statistics
             +--ro discontinuity-time    yang:date-and-time
             +--ro in-octets?            yang:counter64
             +--ro in-unicast-pkts?      yang:counter64
             +--ro in-broadcast-pkts?    yang:counter64
             +--ro in-multicast-pkts?    yang:counter64
             +--ro in-discards?          yang:counter32
             +--ro in-errors?            yang:counter32
             +--ro in-unknown-protos?    yang:counter32
             +--ro out-octets?           yang:counter64
             +--ro out-unicast-pkts?     yang:counter64
             +--ro out-broadcast-pkts?   yang:counter64
             +--ro out-multicast-pkts?   yang:counter64
             +--ro out-discards?         yang:counter32
             +--ro out-errors?           yang:counter32

(venv) shogokobayashi (master) 02-introducing-yang-data-modeling $ pyang -f tree ietf-interfaces.yang

module: ietf-interfaces

+--rw interfaces

| +--rw interface* [name]

| +--rw name string

| +--rw description? string

| +--rw type identityref

| +--rw enabled? boolean

| +--rw link-up-down-trap-enable? enumeration {if-mib}?

+--ro interfaces-state

+--ro interface* [name]

+--ro name string

+--ro type identityref

+--ro admin-status enumeration {if-mib}?

+--ro oper-status enumeration

+--ro last-change? yang:date-and-time

+--ro if-index int32 {if-mib}?

+--ro phys-address? yang:phys-address

+--ro higher-layer-if* interface-state-ref

+--ro lower-layer-if* interface-state-ref

+--ro speed? yang:gauge64

+--ro statistics

+--ro discontinuity-time yang:date-and-time

+--ro in-octets? yang:counter64

+--ro in-unicast-pkts? yang:counter64

+--ro in-broadcast-pkts? yang:counter64

+--ro in-multicast-pkts? yang:counter64

+--ro in-discards? yang:counter32

+--ro in-errors? yang:counter32

+--ro in-unknown-protos? yang:counter32

+--ro out-octets? yang:counter64

+--ro out-unicast-pkts? yang:counter64

+--ro out-broadcast-pkts? yang:counter64

+--ro out-multicast-pkts? yang:counter64

+--ro out-discards? yang:counter32

+--ro out-errors? yang:counter32

CSR1000Vに対して実行したところ。インタフェースの情報が取得できた。

(venv) shogokobayashi (master *) 02-introducing-yang-data-modeling $ python3 get_interfaces_yang.py 
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
	<interface>
		<name>GigabitEthernet1</name>
		<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
		<enabled>true</enabled>
		<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
			<address>
				<ip>172.31.2.170</ip>
				<netmask>255.255.255.0</netmask>
			</address>
		</ipv4>
		<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
	</interface>
</interfaces>

(venv) shogokobayashi (master *) 02-introducing-yang-data-modeling $ python3 get_interfaces_yang.py

<name>GigabitEthernet1</name>

<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>

</address>

</ipv4>

</interface>

</interfaces>

ビデオで概要を知る

ラボ環境を作る

NETCONFを使ってみる

Share this:

Related