A Python Module for NETCONF Clients

Similar documents
NCClient: A Python library for NETCONF clients

NETCONF Interoperability Testing

NETCONF Interoperability Testing

NETCONF Design and Implementation of a Prototype

NETCONF Protocol. Restrictions for the NETCONF Protocol. Information About the NETCONF Protocol

Implementing Network Configuration Protocol

NETCONF Interoperability Testing

Request for Comments: Tail-f Systems December Partial Lock Remote Procedure Call (RPC) for NETCONF

Category: Standards Track December 2006

Design and Implementation of XML-based Configuration Management System for Distributed Systems

Internet Engineering Task Force (IETF) Juniper Networks K. Watsen Watsen Networks R. Wilton Cisco Systems March 2019

NETCONF Access Control

Internet Engineering Task Force (IETF) Request for Comments: 6470 Category: Standards Track February 2012 ISSN:

XML-based Configuration Management for IP Network Devices

Internet Engineering Task Force (IETF) Category: Informational. Cisco Systems, Inc. July 2017

Expires: February 25, 2004 August 27, Using the NETCONF Configuration Protocol over Secure Shell (SSH) draft-wasserman-netconf-over-ssh-00.

Implementing the Network Configuration Protocol

Grid Services and the Globus Toolkit

Cisco Configuration Engine 2.0

YANG-Based Configuration Modeling - The SecSIP IPS Case Study

Network Configuration Protocol

XML Transport and Event Notifications

Multi-domain Service Orchestration with Cisco Network Service Orchestrator. Gabor Szabo Version 1.2

This chapter describes the StarOS NETCONF interface and the ConfD engine. It contains the following sections:

XML Transport and Event Notifications

Data Model-Driven Management: Latest Industry and Tool Developments

Web Services Interoperability Organization. Accelerating Web Services Adoption May 16, 2002

Technologies for the future of Network Insight and Automation

ncclient Documentation

Cisco XML API Overview

NSO Essentials for Programmers and Network Architects (NSO201) v3.0

RESTCONF Protocol. draft-ietf-netconf-restconf-03 NETCONF WG IETF #91 Honolulu, HI, USA

Cisco IOS XR Programmability for Cloud-Scale Networking

Alliance Key Manager A Solution Brief for Partners & Integrators

ActiveVOS Technologies

Components to Use Data Models

I2RS Protocol. I2RS built for High performance. Sue Hares. Not the Pizza box CLI

Perspectives on Network Management Jürgen Schönwälder International University Bremen, Germany

YANG language parser for Libsmi

Network Automation using modern tech. Egor Krivosheev 2degrees

Programmatic Interface to Routing

One Platform Kit: The Power to Innovate

Internet Engineering Task Force (IETF) Obsoletes: 4742 June 2011 Category: Standards Track ISSN:

Hands On Exploration of NETCONF and YANG

Automated Deployment Services

Using the YANG Development Kit (YDK) with Cisco IOS XE

Cisco TelePresence Exchange System

Configuring Embedded Event Manager

Cisco Unified Presence 8.0

Empower your testing with Cisco Test Automation Solution Featuring pyats & Genie

Web Services Based Configuration Management for IP Network Devices *

Web Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review

WebSphere 4.0 General Introduction

Develop Unified SNMP, XML, CLI, and Web-based Management for Embedded Real-Time Systems with MIBGuide

Management Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:

Network Programmability with Cisco Application Centric Infrastructure

Optimizing the Usability of YANG Models for Network Automation

NETWORK AUTOMATION AND PROGRAMMABILITY: Reality Versus The Vendor Hype When Considering Legacy And NFV Networks P. Moore NANOG 70 June 7, 2017

Components to Use Data Models

On the Potential of Web Services in Network Management

Vortex Whitepaper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

RUGGEDCOM NETCONF. Preface. Introducing NETCONF 1. NETCONF Capabilities and Namespaces 2. NETCONF Sessions 3. Getting Data 4

I2rs Requirements for NETCONF

Device Management Interface Profile and Requirements. Version 1.0info, 1 st of October 2018 TR-545

SilverCreek The World s Best-Selling SNMP Test Suite

This Statement of Work describes tasks to be performed by the RFC Production Center (RPC).

APIs and API Design with Python

SilverCreek SNMP Test Suite

Overview SENTINET 3.1

Cisco Elastic Service Controller 3.0 Netconf API Guide

OMA-ETS-DL-OTA-v1_ a Page 1 (24)

Apica ZebraTester. Advanced Load Testing Tool and Cloud Platform

Agent-Enabling Transformation of E-Commerce Portals with Web Services

Coding Intro to APIs and REST

[MS10961]: Automating Administration with Windows PowerShell

Intended status: Standards Track Expires: April 27, 2015 Q. Zhao Huawei Technology D. King Old Dog Consulting J. Hardwick Metaswitch October 24, 2014

Internet Engineering Task Force (IETF) Request for Comments: Cisco Systems D. Bogdanovic X. Liu Volta Networks March 2019

Jay Lofstead under the direction of Calton Pu

October Choosing a "Common IGP" for the IP Internet (The IESG s Recommendation to the IAB) Status of this Memo

SilverCreek Compare Versions

Manage resource-constrained IoT devices through dynamically generated and deployed YANG models

NETCONF WG. IETF 96 Berlin, Germany WEDNESDAY, July 20, Hours. Mehmet Ersue Mahesh Jethanandani

Design and Implementation of Cost Effective MIS for Universities

Development of web applications using Google Technology

Chapter 10 Web-based Information Systems

YumaPro Quickstart Guide

MONitoring Agents using a Large Integrated Services Architecture. Iosif Legrand California Institute of Technology

Oracle Service Bus. 10g Release 3 (10.3) October 2008

(9A05803) WEB SERVICES (ELECTIVE - III)

This Statement of Work describes tasks to be performed by the RFC Production Center (RPC).

7210 SAS E OS Routing Protocols Guide. Software Version: 7210 SAS OS 2.0 Rev. 02 July 2010 Document Part Number: * *

Continues the Technical Activities Originated in the SyncML Initiative

Enabling Network Automation with Junos OS

Cisco Elastic Service Controller 1.1 NETCONF API Guide

SSQA Seminar Series. Server Side Testing Frameworks. Sachin Bansal Sr. Quality Engineering Manager Adobe Systems Inc. February 13 th, 2007

Managing Learning Objects in Large Scale Courseware Authoring Studio 1

DISTRIBUTED TRANSACTION PROCESSING STANDARDS AND THEIR APPLICATIONS

Configuring Security for the ML-Series Card

Enterprise Directories and Security Management: Merging Technologies for More Control

TN3270 AND TN5250 INTERNET STANDARDS

Transcription:

A Python Module for NETCONF Clients Shikhar Bhushan Computer Science Jacobs University Bremen Campus Ring 1 28759 Bremen Germany Type: Guided Research Proposal Date: March 8, 2009 Supervisor: Prof. J. Schönwälder Executive Summary Networks have rapidly increased in size, complexity, and the number of services dependent on them. However, network management tools have not kept pace with this dizzying growth. NETCONF is an answer to the problems of heterogeneity and scale inherent in computer networks. It is a new network management protocol, developed with broad participation of the industry. It provides secure and robust facilities for automating configuration operations. Network services providers have much to gain by the realization of economies around NET- CONF. In this document, I propose developing a free software library for NET- CONF in the Python programming language. The deliverable will be modular and extensible. It will abstract protocol details and expose an intuitive, object-oriented Application Programming Interface (API) for the development of network management applications.

1 Summary The Network Configuration protocol (NETCONF) is a network management protocol developed by the Netconf Working Group [1] of the IETF. It is a proposed internet standard since December 2006. [2, RFC 4741] [NETCONF] provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NET- CONF protocol operations are realized on top of a simple Remote Procedure Call (RPC) layer. [2] NETCONF has quickly positioned itself as the superior standard for network configuration. There has been good industry adoption of the protocol, and most network equipment vendors have either implemented or plan to implement it. It is a significant improvement over proprietary command line interfaces commonly used for configuring network devices. Efforts are underway to create standard data models for NETCONF and data manipulated by it. [3] This will enable a degree of interoperability that has not been possible so far. I herein propose the the development of a Python module for NETCONF clients. Python is already in common use as a scripting language in networked environments, as well as within the NETCONF community, e.g. EnSuite [4], Yang [5]. 2 Statement and Motivation of Research The Simple Network Management Protocol (SNMP) is an early network management standard has served important monitoring functions. However, its configuration facilities are rarely utilized in practice and users have preferred working with proprietary command line interfaces. Despite its name, SNMP is not a simple protocol to implement. I find the following text, emanating from an internet draft of the Netmod Working Group, to be a fitting quote: Networks are increasing in complexity and capacity, as well as the density of the services deployed upon them. Uptime, reliability, and predictable latency requirements drive the need for automation. The problems with network management are not simple. They are complex and intricate. But these problems must be 2

solved for networks to meet the stability needs of existing services while incorporating new services in a world where the growth of the networks is exhausting the supply of qualified networking engineers. We need to move from a CLI world into a world of automation, but that automation must be robust and trustworthy. [6] The NETCONF protocol is designed for robust and trustworthy automation. It is a secure, connection-oriented protocol. Its use of XML as a data encoding language gives a rich, flexible, hierarchical, standard representation of data that matches the needs of networking devices. [6] The Netconf Working Group has focused its efforts on defining the base NETCONF standard, explicitly leaving out of its charter data modeling issues. The Netmod Working Group came about to fill in this gap, and has developed YANG, a language to model configuration and state data manipulated by the NETCONF protocol, NETCONF remote procedure calls, and NETCONF notifications. [7] The realization of NETCONF s promise would be greatly aided by a software library that makes it easy to create network management applications around it. Through this guided research project, I want to address this with an open source implementation in Python. My aim for this project is that it should be easy to write a simple script that deploys a configuration change across routers from different vendors, and at the same time possible to implement more complex applications like web interfaces and management consoles. In the time span of this project, it will not be possible to incorporate data modeling features. My primary focus will be creating an intuitive, stable API for the base NETCONF specification set out in RFC 4741 [2]. It is worthwhile to note that there has already been a free software implementation of NETCONF in Python called EnSuite [4]. Besides a NET- CONF server, EnSuite includes a client called YencaP Manager. However, this is geared towards a web-based management interface. I determined that adapting YencaP Manager towards this project s aims would require refactoring or rewriting major sections of the code, and consequently I propose to start from scratch with a cleaner architecture. Proprietary implementations of NETCONF clients include a Java implementation from Tail-f Systems called ConfM and a Windows-only application called NETCONF Client GUI from Cisco Systems, Inc. The latter is intended for didactic purposes rather than use in production. Juniper Networks documents a Perl module Net::Netconf::Manager on its website, but download access is restricted to Juniper customers. 3

3 Planned Approach Figure 1: NETCONF protocol overview [2] Layer Example (4) Content Configuration data (3) Operations <get-config>, <edit-config> (2) RPC <rpc>, <rpc-reply> (1) Transport BEEP, SSH, SSL, console Protocol Figure 1 illustrates how NETCONF may be conceptually partitioned into logical layers. This is in fact an excellent architecture for our purpose. It mirrors the actual protocol and minimizes the degree of coupling between the different layers. The ncclient module will be organized into three submodules based on these layers: session, operations and content. The high-level API will start with the creation of a Manager object. This will provide syntactic sugar that abstracts how the different modules interact. For more direct control, it will be possible to compose the modules manually. Code listing 1 and 2 are illustrative of the general API that I would like to work towards. 3.1 Capabilities Capabilities introduce new protocol operations and modify existing operations, when mutually understood by server and client. In addition to the :base NETCONF capability, the capabilities listed in Table 1 will be supported. A plug-in manner to support additional capabilities will be investigated and implemented. 4

import ncclient Code Listing 1: A simple example using Manager config = "" # using the new with..as syntax introduced in Python 2.5 with ncclient.manager(host="10.0.0.1", user="x", passwd="x") as device: try: config = device.getconfig(source="running") except RPCError as e: print(e.message) Code Listing 2: Manually composing different modules import ncclient from ncclient import session, operations, content try: s = session.ssh(host="10.0.0.1", port=99) try: # by default use local key files / ssh agent s.connect(ncclient.capabilities) assert(":url" in session.peercapabilities) op = operations.copyconfig() op.params["source"] = "running" op.params["target"] = "https://user@example.com:passphrase/backup" op.responsehandler = content.responsehandler op.execute(s) except RPCError as e: pass # handle except UnknownHost as e: pass # handle finally: operations.closesession().execute(s) 3.2 Submodules session NETCONF is designed to be independent of session-layer and transport. Currently NETCONF has transport mappings defined for SSH [9, RFC 4742], SOAP [10, RFC 4743] and BEEP [11, RFC 4744]. Of these, a NETCONF server has to mandatorily implement SSH. [2] This, and the ubiquity of SSH, makes it the best choice for initial development. Programmatically establishing and utilizing a SSH session would be preferable to forking a ssh subprocess, since this gives finer control over authentication and host verification. paramiko [12] is a SSH library for Python that was evaluated and found to be very suitable for this purpose. RFC 4742 [9] makes note of several security considerations which will be taken 5

Capability Table 1: Planned capability support Description :writable-running [2] <running/> configuration can be directly modified. :candidate [2] Utilize <candidate/> configuration database. :confirmed-commit [2] Server waits for a timeout period for client s confirmation before committing. :rollback-on-error [2] All-or-nothing edit mode. :startup [2] Distinct <startup/> configuration database. :url [2] URL permissible as source or target of operations. :validate [2] Request validation of configuration data. :xpath [2] Filtering using XPath expressions. :notification [8] NETCONF event notifications. :interleave [8] Interleave active notification subscription with other operations. into account. Extensibility with respect to other transport protocol mappings will be ensured by creating a base class that implements and exposes common functionality. Effort will be made to limit the protocol-specific API. Only supporting blocking operation would greatly reduce the benefits of this library. It is important that the transport channel is used asynchronously to take advantage of NETCONF s pipelining support. Asynchronous operation is also required for supporting the :interleave capability. Therefore, all transport layer code will run in a separate thread. Doing this right will be challenging, but with the payoff that there will be a sound base for application development. Functions Establish session: authentication, host verification, and capability exchange. Pipelining of requests. Distinguish incoming messages. 6

Tearing down the session. operations This module corresponds to the RPC and Operations layers in Figure 1. Each NETCONF operation will correspond to an Operation object. All the operations specified in RFC 4741 [2] and RFC 5277 [8] will be implemented. Functions Interact with session layer. Wrap operations as RPC requests taking into account available capabilities. Map response or notification to pertinent Operation object. content This module will have the most to do with XML processing. A suitable XML library remains to be determined. I expect that the Python standard library s facilities for XML should prove sufficient. Going this route will also reduce external dependencies. As a rule of thumb, everything that involves looking into NECONF messages will be handled by this module. It will provide generic classes that may be extended. Functions Interact with operations layer. Provide facilities for creating valid XML documents and parsing responses/notifications. It is proposed that data modeling features be taken up at a future date once the ground for YANG [7] is set. This will be facilitated by the existence of a Python module for YANG that is actively developed. [5] 3.3 Licensing and Distribution All code will be licensed under the BSD license. A permissive license was chosen to remove barriers for the use and future development of this library. The module will be packaged using the Python distribution utilities. 7

3.4 Testing Each module will have unit tests that make use of the Python unit testing framework. Interoperability testing is also important in light of the fact that there can be many different implementations of NETCONF servers. ncclient will be thoroughly tested against the Cisco, Juniper and Tail-f implementations. 3.5 Network-wide configuration The above discussion has focused on configuring individual network devices. The true potential of NETCONF is realized in configuring entire networks of heterogeneous devices. To this end a MultiManager class will be implemented on top of the ncclient module. This will also serve as sample code of API usage. 4 Evaluation criteria The deliverable is a Python module that makes it easy to develop configuration network management applications for NETCONF. Thus the criteria for evaluation is rather subjective. Architecture Sound code organization and object-oriented design, exposure of an intuitive and flexible high-level API. Code quality Idiomatic Python. Distributability Conformance to standard packaging practice. Documentation Quality of documentation and provision of sample code. Extensibility Ease of implementing new functionality without requiring rewrites. Standards-compliance With regard to requirements and recommendations of relevant standards - RFC 4741 [2], RFC 4742 [9], and RFC 5277 [8]. Testing Tested to work, what it works with, and test coverage. 5 Work plan There are essentially 6 weeks available for the execution of the project. Here I describe how long I expect to spend on various aspects. 8

March 17-31, 2009 Implement and test session module. April 1-10, 2009 Implement and test operations and content modules. April 10-30, 2009 Integration, interoperability testing, MultiManager, and documentation. References [1] Network Configuration (netconf) Charter. http://www.ietf.org/ html.charters/netconf-charter.html. [2] R. Enns (Ed.). NETCONF Configuration Protocol. RFC 4741, Internet Engineering Task Force, December 2006. [3] NETCONF Data Modelling Language (netmod) Charter. http:// www.ietf.org/html.charters/netmod-charter.html. [4] J. Bourdellon V. Cridlig, H. Abdelnur and R. State. A NetConf Network Management Suite: ENSUITE. In 5th IEEE International Workshop on IP Operations & Management, volume 3751 of Lecture Notes in Computer Science, pages 152 161. Springer, October 2005. [5] pyang - An extensible YANG validator and converter in Python. http://code.google.com/p/pyang/. [6] P. Shafer. An Architecture for Network Management. Internet draft, Internet Engineering Task Force, March 2009. Work in progress. [7] YANG - A data modeling language for NETCONF. Internet draft, Internet Engineering Task Force, March 2009. Work in progress. [8] S. Chisholm and H. Trevino. NETCONF Event Notifications. RFC 5277, Internet Engineering Task Force, July 2008. [9] M. Wasserman and T. Goddard. Using the NETCONF Configuration Protocol over Secure SHell (SSH). RFC 4742, Internet Engineering Task Force, December 2006. [10] T. Goddard. Using NETCONF over the Simple Object Access Protocol (SOAP). RFC 4742, Internet Engineering Task Force, December 2006. [11] E. Lear and K. Crozier. Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP). RFC 4744, Internet Engineering Task Force, December 2006. [12] paramiko - SSH2 protocol for Python. http://www.lag.net/ paramiko/. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback