В данной статье разберем основные аспекты работы по протоколу NETCONF на оборудовании Eltex.
В первую очередь необходимо запустить сервер NETCONF на устройстве .
Блок кода |
---|
configure netconf server vrf mgmt-intf ssh server vrf mgmt-intf exit commit |
Подключаемся к NETCONF серверу по ssh:
ssh admin@192.168.17.207 -p 830 -s netconf
Устройство присылает нам hello, вида:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> ... </capabilities> <session-id>3</session-id> </hello>]]>]]> |
Отсылаем hello сообщение в ответ:
Блок кода |
---|
<hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability>urn:ietf:params:netconf:base:1.0</capability> </capabilities> </hello>]]>]]> |
Этим мы говорим серверу, что готовы работать с ним в режиме протокола NETCONF v1.0.
Отправим первый rpc для запроса hostname узла:
Блок кода |
---|
<rpc message-id="100" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <filter type="subtree"> <hostname xmlns="http://eltex.loc/cli-common"></hostname> </filter> </get> </rpc>]]>]]> |
В ответ получаем rpc-reply с hostname:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="100" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" last-modified="2022-10-11T03:46:58Z" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <hostname xmlns="http://eltex.loc/cli-common">Router</hostname> </data> </rpc-reply>]]>]]> |
Отправим запрос на running config:
Блок кода |
---|
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <source> <running/> </source> </get-config> </rpc>]]>]]> |
В ответ получим полную конфигурацию устройства:
Блок кода | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="1" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" last-modified="2022-10-11T03:46:58Z" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <bfd xmlns="http://metaswitch.com/yang/nbu/bfd/201512110000Z"> <global> <multiplier>3</multiplier> <rx-interval>100</rx-interval> <tx-interval>100</tx-interval> </global> </bfd> <errdisable xmlns="http://eltex.loc/errdisable"> </errdisable> <hostname xmlns="http://eltex.loc/cli-common">Router</hostname> <interface xmlns="http://eltex.loc/interfaces"> <bundle-ifaces/> <mgmt-ifaces> <mgmt> <if-num>0/fmc0/1</if-num> <vrf>mgmt-intf</vrf> </mgmt> </mgmt-ifaces> <spec-ifaces> <loopback> <if-num>1</if-num> <ipv4> <address>1.1.1.1/32</address> </ipv4> </loopback> </spec-ifaces> <tenGE> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/1</if-num> <ipv4> <address>10.0.0.1/30</address> </ipv4> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/2</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/3</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/4</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/5</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/6</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/7</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/8</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/9</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/10</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/11</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/12</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/13</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/14</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/15</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/16</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> <vrf>mgmt</vrf> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/17</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/18</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/19</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet> <duplex>auto</duplex> <if-num>0/0/20</if-num> <load-interval>300</load-interval> <mtu>1522</mtu> <speed>auto</speed> </tengigabitethernet> <tengigabitethernet-sub> <description>MGMT</description> <encapsulation> <inner-vid> <value>0</value> </inner-vid> <outer-vid> <value>3460</value> </outer-vid> </encapsulation> <if-num>0/0/20.3460</if-num> <ipv4> <address>192.168.17.207/20</address> </ipv4> <load-interval>300</load-interval> <vrf>mgmt</vrf> </tengigabitethernet-sub> </tenGE> </interface> <l3vpn xmlns="http://metaswitch.com/yang/nbu/l3vpn/201511130000Z"> <vrf> <name>mgmt</name> <rd>0:1</rd> </vrf> <vrf> <name>mgmt-intf</name> <rd>0:0</rd> </vrf> </l3vpn> <load-balancing xmlns="http://eltex.loc/interfaces"> <hash-fields> <ip-dst/> <ip-src/> <mac-dst/> <mac-src/> </hash-fields> </load-balancing> <monitor-session xmlns="http://eltex.loc/mirror"> <destination> <interface> <tengigabitethernet>0/0/16</tengigabitethernet> </interface> </destination> <name>1</name> <source> <interface> <tengigabitethernet> <direction>both</direction> <name>0/0/20</name> </tengigabitethernet> </interface> </source> </monitor-session> <nacm xmlns="http://netconfcentral.org/ns/yuma-nacm"> <enable-nacm>true</enable-nacm> <exec-default>permit</exec-default> <read-default>permit</read-default> <write-default>deny</write-default> </nacm> <netconf xmlns="http://eltex.loc/ssh"> <server> <vrf> <vrf_name>mgmt</vrf_name> </vrf> </server> </netconf> <ntp xmlns="http://eltex.loc/ntp"> <vrf> <dscp>0</dscp> <name>mgmt</name> <server> <ip_key>1.2.3.5</ip_key> <maxpoll>10</maxpoll> <minpoll>6</minpoll> <version>NTPv4</version> </server> </vrf> </ntp> <router xmlns="http://metaswitch.com/yang/nbu/bgp/201512020000Z"> <bgp> <as-num>100</as-num> <confederation-identifier>0</confederation-identifier> <global> <address-family> <ipv4> <unicast> <additional-paths>disable</additional-paths> <max-ebgp-ecmp-paths>0</max-ebgp-ecmp-paths> <max-ibgp-ecmp-paths>0</max-ibgp-ecmp-paths> <maximum-paths>1</maximum-paths> <network> <network-prefix>1.1.1.1/32</network-prefix> </network> <redistribution> <local> <name>l</name> <priority>2147483646</priority> </local> </redistribution> </unicast> </ipv4> </address-family> <bgp> <max-ebgp-ecmp-paths>8</max-ebgp-ecmp-paths> <max-ibgp-ecmp-paths>8</max-ibgp-ecmp-paths> <router-id>2.2.2.2</router-id> <update-delay>120</update-delay> </bgp> <neighbor> <address>1.2.2.2</address> <address-family> <ipv4> <unicast/> </ipv4> </address-family> <remote-as>200</remote-as> <update-source>10.0.0.1</update-source> </neighbor> <neighbor> <address>1.3.2.2</address> <address-family> <ipv4> <unicast/> </ipv4> </address-family> <remote-as>200</remote-as> <update-source>10.0.0.12</update-source> </neighbor> <neighbor> <address>2.2.2.2</address> <address-family> <ipv4> <unicast/> </ipv4> </address-family> <remote-as>100</remote-as> <update-source>10.0.0.1</update-source> </neighbor> </global> </bgp> </router> <router xmlns="http://metaswitch.com/yang/nbu/igmp-router/201511040000Z"/> <router xmlns="http://metaswitch.com/yang/nbu/isis/201512220000Z"/> <router xmlns="http://eltex.loc/msdp"/> <router xmlns="http://metaswitch.com/yang/nbu/ospfv2/201511050000Z"> <ospfv2> <global> <area> <area-id>0.0.0.0</area-id> <custom-interfaces> <interface> <bundle-ifaces> <bundle-ether> <authentication-type>none</authentication-type> <fast-hello-multiplier>5</fast-hello-multiplier> <hello-interval>10</hello-interval> <if-num>1</if-num> <network>broadcast</network> <priority>1</priority> <retransmit-interval>5</retransmit-interval> <transmit-delay>1</transmit-delay> <update-delay>30</update-delay> </bundle-ether> </bundle-ifaces> <spec-ifaces> <loopback> <authentication-type>none</authentication-type> <fast-hello-multiplier>5</fast-hello-multiplier> <hello-interval>10</hello-interval> <if-num>1</if-num> <passive/> <priority>1</priority> <retransmit-interval>5</retransmit-interval> <transmit-delay>1</transmit-delay> <update-delay>30</update-delay> </loopback> </spec-ifaces> <tenGE> <tengigabitethernet> <authentication-type>none</authentication-type> <fast-hello-multiplier>5</fast-hello-multiplier> <hello-interval>10</hello-interval> <if-num>0/0/1</if-num> <network>broadcast</network> <priority>1</priority> <retransmit-interval>5</retransmit-interval> <transmit-delay>1</transmit-delay> <update-delay>30</update-delay> </tengigabitethernet> </tenGE> </interface> </custom-interfaces> </area> <external-lsa-refresh-interval>1800</external-lsa-refresh-interval> <maximum-paths>5</maximum-paths> <time-to-advertise>600</time-to-advertise> </global> <name>ospf</name> </ospfv2> </router> <router xmlns="http://metaswitch.com/yang/nbu/ospfv3/201511060000Z"/> <router xmlns="http://metaswitch.com/yang/nbu/pim/201511040000Z"/> <router xmlns="http://metaswitch.com/yang/nbu/rip/201609090000Z"/> <router xmlns="http://metaswitch.com/yang/nbu/routing/201512140000Z"> </router> <ssh xmlns="http://eltex.loc/ssh"> <server> <vrf> <dscp>0</dscp> <port>22</port> <session-limit>10</session-limit> <vrf_name>mgmt</vrf_name> </vrf> </server> </ssh> <telnet xmlns="http://eltex.loc/telnet"> <server> <vrf> <dscp>0</dscp> <port>23</port> <session-limit>10</session-limit> <vrf_name>default</vrf_name> </vrf> <vrf> <dscp>0</dscp> <port>23</port> <session-limit>10</session-limit> <vrf_name>mgmt</vrf_name> </vrf> </server> </telnet> <user xmlns="http://eltex.loc/priv"> <name>admin</name> <password>$6$whrJ4tPDyBDKZplj$fOia5ONoyy8m9WDH4GT4V8uG5Nv0.7dqIvPRmulBzzOcJUW6zYT.CUFQEJc1X9t5T7l8ewMQVmbgAy4HFBhFG1</password> <privilege>p15</privilege> </user> </data> </rpc-reply>]]>]]> |
Так же для примера выполним запрос на получение ipv4 маршрутов:
Блок кода |
---|
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <filter type="subtree"> <router xmlns="http://metaswitch.com/yang/nbu/routing/201512140000Z"> <ipv4-state/> </router> </filter> </get> </rpc>]]>]]> |
В ответ получаем:
Блок кода | ||
---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="2" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" last-modified="2022-10-11T03:46:58Z" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <router xmlns="http://metaswitch.com/yang/nbu/routing/201512140000Z"> <ipv4-state> <route-state-list> <route-state> <prefix>1.1.1.1/32</prefix> <nexthop>0.0.0.0</nexthop> <if-base-name>loopback</if-base-name> <if-ext-id>1</if-ext-id> <metric>0</metric> <protocol>local</protocol> <route-type>local</route-type> <age>84834</age> <connected>false</connected> <dynamic>false</dynamic> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-distance>0</admin-distance> <admin-tag>0</admin-tag> <path-type>i3-local</path-type> <protection>none</protection> </route-state> <route-state> <prefix>10.0.0.0/30</prefix> <nexthop>10.0.0.1</nexthop> <if-base-name>tengigabitethernet</if-base-name> <if-ext-id>0/0/1</if-ext-id> <metric>0</metric> <protocol>local</protocol> <route-type>local</route-type> <age>84826</age> <connected>true</connected> <dynamic>false</dynamic> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-distance>0</admin-distance> <admin-tag>0</admin-tag> <path-type>i3-connected</path-type> <protection>none</protection> </route-state> <route-state> <prefix>10.0.0.1/32</prefix> <nexthop>0.0.0.0</nexthop> <if-base-name>tengigabitethernet</if-base-name> <if-ext-id>0/0/1</if-ext-id> <metric>0</metric> <protocol>local</protocol> <route-type>local</route-type> <age>84826</age> <connected>false</connected> <dynamic>false</dynamic> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-distance>0</admin-distance> <admin-tag>0</admin-tag> <path-type>i3-local</path-type> <protection>none</protection> </route-state> </route-state-list> <rib-state-list> <rib-state> <prefix>1.1.1.1/32</prefix> <nexthop>0.0.0.0</nexthop> <if-base-name>loopback</if-base-name> <if-ext-id>1</if-ext-id> <protocol>local</protocol> <dynamic>false</dynamic> <metric>0</metric> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-tag>0</admin-tag> <route-type>local</route-type> <age>84834</age> <connected>false</connected> <admin-distance>0</admin-distance> <path-type>i3-local</path-type> <protection>none</protection> <loose-next-hop>false</loose-next-hop> <fib-route>true</fib-route> </rib-state> <rib-state> <prefix>10.0.0.0/30</prefix> <nexthop>0.0.0.0</nexthop> <if-base-name>tengigabitethernet</if-base-name> <if-ext-id>0/0/1</if-ext-id> <protocol>ospf</protocol> <dynamic>false</dynamic> <metric>1</metric> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-tag>0</admin-tag> <route-type>local</route-type> <age>84821</age> <connected>true</connected> <admin-distance>30</admin-distance> <path-type>ospf-intra-area</path-type> <protection>none</protection> <loose-next-hop>false</loose-next-hop> <fib-route>false</fib-route> </rib-state> <rib-state> <prefix>10.0.0.0/30</prefix> <nexthop>10.0.0.1</nexthop> <if-base-name>tengigabitethernet</if-base-name> <if-ext-id>0/0/1</if-ext-id> <protocol>local</protocol> <dynamic>false</dynamic> <metric>0</metric> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-tag>0</admin-tag> <route-type>local</route-type> <age>84826</age> <connected>true</connected> <admin-distance>0</admin-distance> <path-type>i3-connected</path-type> <protection>none</protection> <loose-next-hop>false</loose-next-hop> <fib-route>true</fib-route> </rib-state> <rib-state> <prefix>10.0.0.1/32</prefix> <nexthop>0.0.0.0</nexthop> <if-base-name>tengigabitethernet</if-base-name> <if-ext-id>0/0/1</if-ext-id> <protocol>local</protocol> <dynamic>false</dynamic> <metric>0</metric> <igp-shortcut-nexthop>false</igp-shortcut-nexthop> <admin-tag>0</admin-tag> <route-type>local</route-type> <age>84826</age> <connected>false</connected> <admin-distance>0</admin-distance> <path-type>i3-local</path-type> <protection>none</protection> <loose-next-hop>false</loose-next-hop> <fib-route>true</fib-route> </rib-state> </rib-state-list> </ipv4-state> </router> </data> </rpc-reply>]]>]]> |
Одной из важнейших функций является изменение конфигурации устройства. Добавим neighbor в BGP. Для этого необходимо добавить neighbor в Candidate конфигурацию, а далее сделать commit.
Блок кода |
---|
<rpc message-id="12" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config> <target> <candidate/> </target> <config> <router xmlns="http://metaswitch.com/yang/nbu/bgp/201512020000Z"> <bgp operation="merge"> <as-num>100</as-num> <confederation-identifier>0</confederation-identifier> <global> <bgp> <router-id>2.2.2.2</router-id> </bgp> <neighbor> <address>1.2.2.2</address> <address-family> <ipv4> <unicast/> </ipv4> </address-family> <remote-as>200</remote-as> <update-source>10.0.0.1</update-source> </neighbor> </global> </bgp> </router> </config> </edit-config> </rpc> ]]>]]> |
В ответ должен прийти rpc-reply вида:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="1" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>]]>]]> |
Сделаем commit:
Блок кода |
---|
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <commit/> </rpc> ]]>]]> |
В ответ должен прийти rpc-reply вида:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>]]>]]> |
Создадим запрос на просмотр show running router bgp:
Блок кода |
---|
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <source> <running/> </source> <filter type="subtree"> <router xmlns="http://metaswitch.com/yang/nbu/bgp/201512020000Z"> <bgp/> </router> </filter> </get-config> </rpc>]]>]]> |
Интересующие нас строки:
Блок кода |
---|
<neighbor> <address>1.2.2.2</address> <address-family> <ipv4> <unicast/> </ipv4> </address-family> <remote-as>200</remote-as> <update-source>10.0.0.1</update-source> </neighbor> |
Так же реализована функция <lock/unlock>:
Блок кода |
---|
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <lock> <target> <running/> </target> </lock> </rpc> ]]>]]> |
В ответ получаем rpc-reply:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> |
Сделаем попытку поменять hostname через CLI с активной сессией NETCONF:
Блок кода |
---|
0/ME5100:Router(config)# hostname R1 0/ME5100:Router(config)# commi Error: config locked |
Для закрытия сессии и вместе с тем lock отправляем rpc:
Блок кода |
---|
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <close-session/> </rpc> ]]>]]> |
В ответ получаем:
Блок кода |
---|
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply message-id="101" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ok/> </rpc-reply>]]>]]><?xml version="1.0" encoding="UTF-8"?> <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> <eventTime>2022-10-11T04:59:46Z</eventTime> <sysSessionEnd xmlns="http://netconfcentral.org/ns/yuma-system"> <userName>admin</userName> <sessionId>1</sessionId> <remoteHost>192.168.16.26</remoteHost> <terminationReason>closed</terminationReason> </sysSessionEnd> |
Далее мы можем поменять hostname:
Блок кода |
---|
0/ME5100:Router(config)# hostname R1 0/ME5100:Router(config)# commi Tue Oct 11 05:29:00 2022 Commit successfully completed in 0.223727 sec 0/ME5100:R1(config)# |