Deep Dive Into Model Driven

Programmability with NETCONF and YANG

Bryan Byrne, CCIE 25607 R/S Season 1, Talk 3
Technical Solutions
Twitter: @bryan25607 https://developer.cisco.com/netdevops/live
What are we going to talk about?
• The Road to Model Driven
Programmability
• Introduction to YANG Data
Models
• Introduction to NETCONF

Note: All code samples referenced in this presentation are available at

https://github.com/CiscoDevNet/BRKDEV-1368
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Road to Model Driven
Programmability

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Network is No Longer Isolated

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What about SNMP?

SNMP works • Typical config: SNMPv2 read-only

community strings
“reasonably well for • Typical usage: interface statistics

device monitoring” queries and traps

• Empirical Observation: SNMP is
not used for configuration
RFC 3535: Overview of the 2002 IAB • Lack of Writeable MIBs
Network Management Workshop – 2003
https://tools.ietf.org/html/rfc3535 • Security Concerns
• Difficult to Replay/Rollback
• Special Applications

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
RFC 3535: What is Needed? What do
we need?
• A programmatic interface for
device configuration
• Separation of Configuration and
State Data
• Ability to configure "services"
NOT "devices"
• Integrated error checking and
recovery

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Model Driven Programmability
• NETCONF – 2006 – RFC 4741
(RFC 6241 in 2011)

• YANG – 2010 – RFC 6020

• RESTCONF – 2017 – RFC 8040
• gRPC – 2015 – OpenSource
project by Google
• Not covered in today’s session

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Transport (Protocol) vs Data (Model)

• NETCONF • YANG
• RESTCONF
• gRPC

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is YANG?

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Three Meanings of “YANG”

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG Modeling Language
• Module that is a self-contained module ietf-interfaces {
import ietf-yang-types {
top-level hierarchy of nodes prefix yang;
}
• Uses containers to group container interfaces {
list interface {
related nodes key "name";
leaf name {
• Lists to identify nodes that are type string;
stored in sequence }
leaf enabled {
• Each individual attribute of a type boolean;
default "true";
node is represented by a leaf }
}
• Every leaf must have an Example edited for simplicity and brevity

associated type
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is a Data Model?
• Person
• Gender - male, female, other
A data model is simply a well • Height - Feet/Inches or Meters

understood and agreed upon • Weight - Pounds or Kilos

method to describe "something". • Hair Color - Brown, Blond, Black,
As an example, consider this Red, other
simple "data model" for a • Eye Color - Brown, Blue, Green,
person. Hazel, other

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What might a YANG Data Model describe?

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Working with YANG Data
Models

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Where do Models Come From?

Industry Vendor
Standard Specific

• Standard definition • Vendor definition

(IETF, ITU, OpenConfig, etc.) (i.e. Cisco)

• Compliant with standard • Unique to Vendor Platforms

ietf-diffserv-policy.yang cisco-memory-stats.yang
ietf-diffserv-classifer.yang cisco-flow-monitor
ietf-diffserv-target.yang cisco-qos-action-qlimit-cfg

https://github.com/YangModels/yang
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Where to get the Models?
• For YANG modules from standard
organizations such as the IETF,
open source such as Open
Daylight or vendor specific
modules”
• https://github.com/YangModels/yang

• For OpenConfig models

• https://github.com/openconfig/public

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG Data Models
The model can be displayed and represented in any number of
formats depending on needs at the time. Some options include:
• YANG Language
• Clear Text
• XML
• JSON
• HTML/JavaScript

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Working with YANG Models
DevNet$ pyang –f tree ietf-interfaces.yang

module: ietf-interfaces
+--rw interfaces
| +--rw interface* [name]
| +--rw name string
| +--rw description? string
| +--rw type identityref
| +--rw enabled? boolean
| +--rw link-up-down-trap-enable? enumeration {if-mib}?

Example output edited for simplicity and brevity BRKDEV-1368/yang/ietf-interfaces.yang

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Using pyang module: ietf-interfaces
+--rw interfaces
Module Name
| +--rw interface* [name] Key

container
| +--rw name string Leaf

Python YANG Library | +--rw description? string

list
• | +--rw type identityref
| +--rw enabled? Optional boolean
• Validate and display YANG | +--rw link-up-down-trap-enable? enumeration {if-mib}?

files
+--ro interfaces-state
+--ro interface* [name]
+--ro name string

• Many formats for display +--ro type

+--ro admin-status
identityref
enumeration {if-mib}?

Text: tree +--ro oper-status enumeration

container
•
yang:date-and-time Data Type

list
+--ro last-change?

• HTML: jstree +--ro if-index int32 {if-mib}?

+--ro phys-address? yang:phys-address
+--ro higher-layer-if* interface-state-ref
Read +--ro lower-layer-if* interface-state-ref
Only +--ro speed? yang:gauge64
+--ro statistics
+--ro discontinuity-time yang:date-and-time
+--ro in-octets? yang:counter64
[OUTPUT REMOVED]
Example edited for simplicity and brevity
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Device Data in
YANG

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Actual Device Data Modeled in YANG

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Use NETCONF to Retrieve ietf-interfaces data
DevNet$ python example1.py

<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> Namespace = Capability = Model

<interface>
<name>GigabitEthernet1</name>
Leaf
<description>DON'T TOUCH ME</description>
interface node

<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>true</enabled>
interfaces container

<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address>
<ip>10.10.10.48</ip>
<netmask>255.255.255.0</netmask>
</address>
</ipv4>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
<interface>
<name>GigabitEthernet2</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
</interfaces>
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDEV-1368/yang/device_info.py
BRKDEV-1368/yang/example1.py
YANG Summary

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
YANG Summary
• YANG is a Data Modeling Language
• YANG Modules are constructed to create standard data models for
network data
• YANG Data sent to or from a network device will be formatted in
either XML or JSON depending on the protocol (ex: NETCONF or
RESTCONF)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Understanding NETCONF

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing the NETCONF Protocol
Some key details:
• Initial standard in 2006
with RFC4741
• Latest standard
is RFC6241 in 2011
• Does NOT explicitly define
content

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Protocol Stack

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Transport - SSH
$ ssh [email protected] -p 830 -s netconf
[email protected]'s password: SSH Login
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
Server (Agent)
<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability> sends hello
[output omitted and edited for clarity]
</capabilities>
<session-id>19150</session-id></hello>]]>]]>

<?xml version="1.0" encoding="UTF-8"?>

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
Client (Manager)
<capability>urn:ietf:params:netconf:base:1.0</capability> sends hello
</capabilities> Example edited for simplicity and brevity
</hello>]]>]]>
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Transport - SSH
$ ssh [email protected] -p 830 -s netconf
[email protected]'s password: SSH Login
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
Server (Agent)
sends hello
Don’t NETCONF Like this!
<capability>urn:ietf:params:xml:ns:yang:ietf-interfaces</capability>
[output omitted and edited for clarity]
</capabilities>
<session-id>19150</session-id></hello>]]>]]>

<?xml version="1.0" encoding="UTF-8"?>

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> Client (Manager)
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
sends hello
</capabilities> Example edited for simplicity and brevity
</hello>]]>]]>
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Messages - Remote Procedure Call (RPC)

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Operations - NETCONF Actions
Operation Description
<get> Retrieve running configuration and device state information
<get-config> Retrieve all or part of specified configuration data store
<edit-config> Loads all or part of a configuration to the specified configuration data
store
<copy-config> Replace an entire configuration data store with another
<delete-config> Delete a configuration data store
<commit> Copy candidate data store to running data store
<lock> / <unlock> Lock or unlock the entire configuration data store system
<close-session> Graceful termination of NETCONF session
<kill-session> Forced termination of NETCONF session

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Data Stores
Data Store Key Points
• Entire or partial configuration
• "running" is the only mandatory data
store
• Not all data stores are writeable
• A "URL" data store is supported by IOS
to enable <config-copy>
• Every NETCONF message must target
a data store

result = m.get_config('running')

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Communications

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF in Code with
Python

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF and Python: ncclient
• Full NETCONF Manager
implementation in Python
• https://ncclient.readthedocs.io
• Simplifies connection and
communication.
• Deals in raw XML

From: http://ncclient.readthedocs.io/en/latest/
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Saying <hello> with Python and ncclient
• example1.py: Saying <hello>
• manager.connect() opens
NETCONF session with device
• Parameters: host & port, user &
password
• hostkey_verify=False

Trust cert
• Stores capabilities

BRKDEV-1368/netconf/device_info.py
BRKDEV-1368/netconf/example1.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Understanding the Capabilities List
DevNet$ python example1.py
Here are the NETCONF Capabilities

urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:base:1.1
.
urn:ietf:params:xml:ns:yang:ietf-interfaces?module=ietf-interfaces&revision=2014-05-08&features=pre-
provisioning,if-mib,arbitrary-names&deviations=ietf-ip-devs

http://cisco.com/ns/ietf-ip/devs?module=ietf-ip-devs&revision=2016-08-10

http://cisco.com/ns/yang/Cisco-IOS-XE-native?module=Cisco-IOS-XE-native&revision=2017-02-07

Example edited for simplicity and brevity

Two General Types

• Base NETCONF capabilities
• Data Models Supported

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Understanding the Capabilities List
urn:ietf:params:xml:ns:yang:ietf-interfaces
? module=ietf-interfaces
& revision=2014-05-08
& features=pre-provisioning,if-mib,arbitrary-names
& deviations=ietf-ip-devs
.
http://cisco.com/ns/ietf-ip/devs
? module=ietf-ip-devs
& revision=2016-08-10

Data Model Details Example edited for simplicity and brevity

• Model URI
• Module Name and Revision Date
• Protocol Features
• Deviations – Another model that modifies this one
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Automate Your Network
with NETCONF

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting Interface Details with XML Filter
• example2.py: Retrieving info
with ncclient
• Send <get> to retrieve config
and state data
• Process and leverage XML
within Python
• Report back current state of
interface

BRKDEV-1368/netconf/example2.py
BRKDEV-1368/netconf/filter-ietf-interfaces.xml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting Interface Details with XML Filter
• example2.py: Retrieving info
with ncclient
• Send <get> to retrieve config
and state data
• Process and leverage XML
within Python
• Report back current state of
interface

BRKDEV-1368/netconf/example2.py
BRKDEV-1368/netconf/filter-ietf-interfaces.xml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting Interface Details with XML Filter
• example2.py: Retrieving info
with ncclient
• Send <get> to retrieve config
and state data
• Process and leverage XML
within Python
• Report back current state of
interface

BRKDEV-1368/netconf/example2.py
BRKDEV-1368/netconf/filter-ietf-interfaces.xml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting Interface Details
DevNet$ python example2.py

Interface Details:
Name: GigabitEthernet2
Description: DON'T TOUCH ME
Type: ianaift:ethernetCsmacd
MAC Address: 00:50:56:bb:74:d5
Packets Input: 592268689
Packets Output: 21839

BRKDEV-1368/netconf/example2.py
BRKDEV-1368/netconf/filter-ietf-interfaces.xml
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting Interface Details with XPath
• example_xpath.py: Retrieving
info with ncclient and XPath
• Send <get> to retrieve and
state data
• Process the data
• Report back current state of
interface DevNet$python example_xpath.py

Interface Details:
Name: GigabitEthernet1
Packets Output: 415200
BRKDEV-1368/netconf/example_xpath.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring Interface Details
• example3.py: Editing
configuration with ncclient
• Constructing XML Config
Payload for NETCONF
• Sending <edit-config>
operation with ncclient
• Verify result

BRKDEV-1368/netconf/config-temp-ietf-interfaces.xml
BRKDEV-1368/netconf/example3.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring Interface Details
config-temp-ietf-interfaces.xml

• example3.py: Editing
configuration with ncclient
• Constructing XML Config
Payload for NETCONF
• Sending <edit-config>
operation with ncclient
• Verify result

BRKDEV-1368/netconf/config-temp-ietf-interfaces.xml
BRKDEV-1368/netconf/example3.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring Interface Details
• example3.py: Editing
configuration with ncclient
• Constructing XML Config
Payload for NETCONF
• Sending <edit-config>
operation with ncclient
• Verify result

BRKDEV-1368/netconf/config-temp-ietf-interfaces.xml
BRKDEV-1368/netconf/example3.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring Interface Details
DevNet$ python -i example3.py
Configuration Payload:
----------------------
<config>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet2</name>
<description>Configured by NETCONF</description>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">
ianaift:ethernetCsmacd
</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address>
<ip>10.255.255.1</ip>
<netmask>255.255.255.0</netmask>
</address>
</ipv4>
</interface>
</interfaces>
</config>

<?xml version="1.0" encoding="UTF-8"?>

<rpc-reply xmlns=”urn.." message-id=”..9784" xmlns:nc="urn..">
<ok/>
</rpc-reply> BRKDEV-1368/netconf/config-temp-ietf-interfaces.xml
Example edited for simplicity and brevity
BRKDEV-1368/netconf/example3.py
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Summary

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF Summary
• The elements of the NETCONF transport protocol
• How to leverage ncclient to use NETCONF in Python
• Examples retrieving and configuring data from a NETCONF Agent

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summing up

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What did we talk about?
• The Road to Model Driven
Programmability
• Introduction to YANG Data
Models
• Introduction to NETCONF

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Webinar Resource List
• Docs and Links
• https://developer.cisco.com/netconf

• Learning Labs
• Model Driven Programmability http://cs.co/lab-mdp
• NETCONF/YANG on Nexus http://cs.co/lab-mdp-nexus

• DevNet Sandboxes
• IOS Always On http://cs.co/sbx-iosxe
• NX-OS Always On http://cs.co/sbx-nxos
• IOS XR Reserved http://cs.co/sbx-iosxr

• Code Samples
• https://github.com/CiscoDevNet/BRKDEV-1368
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NetDevOps Live! Code Exchange Challenge
developer.cisco.com/codeexchange
Use NETCONF to configure basic
routing using your favorite
protocol.

Hint: Configure the device with CLI the first

time, and use m.get_config(“running”)
to retrieve the NETCONF configuration to
build a template.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Looking for more about NetDevOps?
• NetDevOps on DevNet
developer.cisco.com/netdevops
• NetDevOps Live!
developer.cisco.com/netdevops/live
• NetDevOps Blogs
blogs.cisco.com/tag/netdevops
• Network Programmability Basics Video Course
developer.cisco.com/video/net-prog-basics/

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Got more questions? Stay in touch!

Bryan Byrne developer.cisco.com

[email protected] @CiscoDevNet
@brybyrne25607 facebook.com/ciscodevnet/
http://github.com/brybyrne http://github.com/CiscoDevNet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
https://developer.cisco.com/netdevops/live
@netdevopslive