After completion of the lab

· Enable NETCONF Protocol on Cisco IOS XR and IOS XE devices

· Verify the NETCONF Protocol by using CLI

· Verify the NETCONF Protocol by using a SSH session

· Explore the NETCONF YANG data model

· List different NETCONF RPC requests.

· List different framing NETCONF framing mechanism in Cisco IOS XR and IOS XE devices

· Read and write NETCONF Database in a raw session

Topology

Out-of-Band Management Network

All routers and StudentPC connect to an out-of-band management network, as shown in the following management network topology. The management interface in routers is assigned to the VRF Mgmt-intf to isolate the management network.

Access Credentials Table

DEVICE INFORMATION TABLE

VRF ASSIGNMENTS

STEP 1 : Enable and Verify RESTCONF in Cisco IOS XE Devices

In this task we will enable RESTCONF support in cisco IOS XE devices, verify the RESTCONF configuration with the show command, and start a raw session with SSH Protocol. The task starts on the PE1 router, which runs Cisco IOS XR Software.

 You will then continue the PE3 router, which runs Cisco IOS XE software.

STEP 1.1 : 

Enter and then provide login information to enter privilege EXEC mode.

User Access Verification

 Username: cisco 

Password: 

RP/0/RP0/CPU0:Mar 26 18:21:07.829 UTC: exec[69085]: %SECURITY-LOGIN-6-AUTHEN_SUCCESS : Successfully authenticated user 'cisco' from 'console' on 'con0_RP0_CPU0' RP/0/RP0/CPU0:PE1#

STEP 1.2 : 

On PE1 router, enable SSH Version 2, enable SSH NETCONF support, and configure the Mgmt-intf VRF as the source VRF for NETCONF traffic, stay in global configuration mode.

NOTE : PE1 router initial configuration includes a management VRF that is named Mgmt-intf

RP/0/RP0/CPU0:PE1#configure 

Tue Mar 26 18:24:18.466 UTC

RP/0/RP0/CPU0:PE1(config)#ssh server v2 

RP/0/RP0/CPU0:PE1(config)#ssh server netconf 

RP/0/RP0/CPU0:PE1(config)#ssh server netconf vrf Mgmt-intf 

RP/0/RP0/CPU0:PE1(config)#

STEP 1.3: 

On PE1 router, enable NETCONF SSH transport and configure the NETCONF agent to run on tty lines, Return to global configuration mode and apply your changes

Note : In global configuration mode, use the Netconf-yang agent ssh command to enable NETCONF SSH Transport. Use the Netconf agent tty command to enable the NETCONF agent on tty lines. Use the root command to return to global configuration mode. Use the commit command to apply your changes.

RP/0/RP0/CPU0:PE1(config)#netconf-yang agent ssh 

RP/0/RP0/CPU0:PE1(config)#netconf

 netconf netconf-yang 

RP/0/RP0/CPU0:PE1(config)#netconf agent tty 

RP/0/RP0/CPU0:PE1(config-netconf-tty)#root 

RP/0/RP0/CPU0:PE1(config)#commit 

Tue Mar 26 18:34:56.117 UTC

STEP 1.4: 

On PE1 router, display the NETCONF status and verify that the state is ready Use the do show netconf-yang status command to display NETCONF status

RP/0/RP0/CPU0:P1(config)#do show netconf-yang status 

Thu Dec 28 15:41:27.099 UTC 

Netconf status summary: 

     state: ready

STEP 1.5:

Connect to the Ubuntu/Windows PC, and open the terminal

Note : The NETCONF protocol identifies the network device (such as a router) as the NETCONF protocol server and the management station as the NETCONF client. To start a NETCONF session, the client need to starts an SSH session to default NETCONF port 830 in the server. After the client authenticates, the NETCONF server sends a hello message that includes all server capabilities. The client responds also with a hello message that includes its own capabilities. At this point the session is open, and the client may send any RPC request to the server (such as get, get-config, edit-config, commit and others )

The hello message is delimited by a “hello” text at the beginning and end of the message.

Press the ctrl+c keys at the same time to return to the BASH command prompt.

STEP 1.6:

Open the PE3 session

Enter and provide login information to enter privileged EXEC mode. Use the access credentials that are provided.

User Access Verification 

Username: cisco 

Password: 

PE3#

 *Mar 26 18:55:22.581: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [Source: UNKNOWN] [localport: 0] at 18:55:22 UTC Tue Mar 26 2024 

PE3#

STEP 1.7:

On PE3 router, enable SSH version 2 and configure the GigabitEthernet6 interface (which is used as the management interface) as the SSH source interface.

PE3#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

PE3(config)#ip ssh vers 

PE3(config)#ip ssh version 2 

PE3(config)#ip ssh 

PE3(config)#ip ssh sou 

PE3(config)#ip ssh source-interface gi 

PE3(config)#ip ssh source-interface gigabitEthernet 6 

PE3(config)#

STEP 1.8:

On PE3 router enable NETCONF

Note : Several log messages will display with some pauses in between them. In sample output for this step, some lines with text PE3(config) are intentionally removed.

PE3(config)#netconf-yang 

PE3(config)#

*Mar 26 19:01:23.000: yang-infra: netconf-yang server has been notified to start

PE3(config)# 

*Mar 26 19:01:26.855: %ONEP_BASE-6-SS_ENABLED: ONEP: Service set Vty was enabled by Platform

*Mar 26 19:01:27.261: %ONEP_BASE-6-CONNECT: [Element]: ONEP session Application:com.cisco.nesd Host:PE3 ID:3832 User:NETCONF has connected.

PE3(config)#

*Mar 26 19:01:32.466: %ONEP_BASE-6-CONNECT: [Element]: ONEP session Application:com.cisco.syncfd Host:PE3 ID:3449 User:a has connected.

PE3(config)#

*Mar 26 19:01:34.603: %NDBMAN-5-ACTIVE: R0/0: ndbmand: All data providers active.

STEP 1.9:

On PE3 router, display the status of the YANG management processes and verify that all NETCONF services are running. The only process that will not be running is ngnix, which is RESTCONF agent.

STEP 1.10:

Resume from the PC, start a NETCONF session over SSH to the PE3 router management interface with IP address 172.21.116.30.

Log in with the credentials

$ ssh cisco@172.21.116.30 -p 830 -s netconf

cisco@172.21.116.30's password: cisco

<?xml version="1.0" encoding="UTF-8"?>

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<capabilities>

<capability>urn:ietf:params:netconf:base:1.0</capability>

<capability>urn:ietf:params:netconf:base:1.1</capability>

<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability>

< output-ommited >

Activity Verification

Now the task completed. 

You enabled the NETCONF protocol on Cisco IOS XR and IOS XE devices. You verify the NETCONF protocol status on Cisco IOS XR and IOS XE devices by using a CLI command.

You Verify the NETCONF protocol and started a NETCONF session over SSH to the Cisco IOS XR and IOS XE devices that point to each management interfaces. 

You verify the Cisco IOS XR and IOS XE devices sent a hello message that include NETCONF capabilities after client login to the NETCONF service.

2.0: Understanding NETCONF Protocol

In the task we will explore the NETCONF YANG data model and use the pyang tool to analyze NETCONF RPCs. Also, you can describe how to map a YANG tree view to the XML language to construct RPC request. 

The Task on the PE1 router that runs Cisco IOS XR software because it supports the listing of NETCONF capabilities with CLI commands. 

Also you can perform such listing in Cisco IOS-XE software by using external tool such as netconf-console to retrieve the information of the device. The main purpose of this task is to explore the NETCONF data model, which is a standard IETF model with similar support for Cisco IOS XR and Cisco IOS XE software.

2.1:

NETCONF DATA Models and Capabilities.

Data model are the programmatic way to configure and collect the operational data of a network device. They replace the process of manual configuration.

You can use data model to automate configuration tasks across heterogeneous device in network. 

Data Models provide a well-defined hierarchy of the configurational and operation data of a router and NETCONF actions. The data models and programmed to provide a common framework of configuration to deploy across networks. The common framework helps you to program and manage network with ease. 

Data Models help you manipulate configuration data, retrieve operational data and perform actions. The data models replace the process of manual configuration and are written in an industry-defined language. Although configurations that use CLIs are easier and human readable, automating the configuration with data model results in scalability.

The Data Models provide access to the NETCONF capabilities of the devices in a network by using the NETCONF protocol. If a device supports capabilities, it means that it is possible to use a data model to configure the specified capability. 

The list of capabilities or data models that a device supports is included in the hello messages at the initiation of the NETCONF protocol exchange. Usually each capability associated with a data model. For example : the OSPF capability has a corresponding OSPF data model. The NETCONF capability has an associated data model.

STEP 2.2:

In PE1 router console session, display NETCONF capabilities and apply a filter that includes only OPENCONFIG capabilities. Verify that the router supports several OpenConfig capabilities.

Use do show netconf-yang capabilities | include /openconfig command to display the supported capabilities that related to OpenConfig

RP/0/RP0/CPU0:PE1(config)#do show netconf-yang capabilities | include /openconfig 

Thu Aug 29 09:38:28.209 UTC 

http://openconfig.net/yang/acl

 |2017-05-26|* 

http://openconfig.net/yang/aft

 |2017-05-10| 

http://openconfig.net/yang/aft/ni

 |2017-01-13| 

<output omitted>

http://openconfig.net/yang/types/yang

 |2017-04-03| 

http://openconfig.net/yang/vlan

 |2016-05-26|* 

http://openconfig.net/yang/vlan-types

 |2016-05-26| 

RP/0/RP0/CPU0:PE1(config)#

STEP 2.3: 

On PE1 router, display NETCONF capabilities and apply a filter to display only the configuration capabilities, which include the word cfg. Verify that the router supports several cfg capabilities. Also notice that all shown capabilities start with the Cisco-IOS-XR prefix.

RP/0/RP0/CPU0:PE1(config)#do show netconf-yang capabilities | include cfg 

Thu Aug 29 09:43:09.846 UTC 

http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-aaacore-cfg

 |2018-09-04| 

http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-diameter-base-mib-cfg

 |2015-11-09| 

http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-diameter-cfg

 |2018-09-16| 

<output omitted> 

http://cisco.com/ns/yang/Cisco-IOS-XR-vservice-cfg

 |2017-09-07| 

http://cisco.com/ns/yang/Cisco-IOS-XR-wanphy-ui-cfg

 |2015-11-09| 

http://cisco.com/ns/yang/Cisco-IOS-XR-watchd-cfg

 |2015-11-09| 

RP/0/RP0/CPU0:PE1(config)#

STEP 2.4: 

On the PE1 router, display NETCONF capabilities and apply a filter to display only operational capabilities, which include the term oper. Verify that the router supports operational capabilities.

RP/0/RP0/CPU0:PE1(config)#do show netconf-yang capabilities | include oper 

Thu Aug 29 09:40:51.392 UTC

http://cisco.com/ns/yang/Cisco-IOS-XR-Subscriber-infra-subdb-oper  |2015-11-09| 

http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-diameter-oper

|2017-09-07| 

http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-locald-oper 

|2015-11-09| 

<output omitted> 

http://cisco.com/ns/yang/Cisco-IOS-XR-wanphy-ui-oper 

|2015-11-09| 

http://cisco.com/ns/yang/Cisco-IOS-XR-wd-oper 

|2015-11-09| http://cisco.com/ns/yang/Cisco-IOS-XR-wdsysmon-fd-oper 

|2015-11-09| 

http://www.cisco.com/ns/yang/Cisco-IOS-XR-sysadmin-instmgr-oper 

|2017-10-13| 

http://www.cisco.com/panini/calvados/opertest1 

|2016-10-12| 

RP/0/RP0/CPU0:PE1(config)#

STEP 2.5: 

On PE1 router, display NETCONF capabilities and apply a filter to show only the capabilities that include the word netconf. Verify that the router supports both netconf:base capabilities versions (1.0 and 1.1) Also verify that the router supports other NETCONF capabilities such as candidate confirmed commit, validate and others.

All these capabilities are defined in the NETCONF data model, which you will explore the following steps : 

RP/0/RP0/CPU0:PE1(config)#do show netconf-yang capabilities | include netconf 

Fri Aug 23 04:38:46.810 UTC 

urn:ietf:params:netconf:base:1.1

 | - | 

urn:ietf:params:netconf:capability:candidate:1.0

 | - | 

urn:ietf:params:netconf:capability:confirmed-commit:1.1

 | - | 

urn:ietf:params:netconf:capability:interleave:1.0

 | - | 

urn:ietf:params:netconf:capability:notification:1.0

 | - | 

urn:ietf:params:netconf:capability:rollback-on-error:1.0

 | - | 

urn:ietf:params:netconf:capability:validate:1.1 

| - | 

http://cisco.com/ns/yang/Cisco-IOS-XR-man-netconf-cfg

 |2018-05-04| 

http://cisco.com/ns/yang/cisco-xr-ietf-netconf-acm-deviations

 |2017-08-02| 

http://cisco.com/ns/yang/cisco-xr-ietf-netconf-monitoring-deviations

 |2018-04-09| 

http://tail-f.com/ns/netconf/actions/1.0

 |2017-02-28| 

urn:ietf:params:xml:ns:netconf:base:1.0

 |2011-06-01| 

urn:ietf:params:xml:ns:netconf:notification:1.0

 |2008-07-14| 

urn:ietf:params:xml:ns:yang:ietf-netconf-acm

 |2012-02-22|* 

urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring

 |2010-10-04|* 

RP/0/RP0/CPU0:PE1(config)#

3.0 YANG DATA MODEL and GitHub

After you know that a device supports a capability, the next step is to explore the YANG model where that capabilities is defined to learn how to configure that capability. However, before exploring the YANG model, you must download the model from the GitHub repository. 

From GitHub you can download YANG models from standard organizations such as IETF, the IEEE, the metro Ethernet forum, open source such as Open Daylight, or vendor specific modules such as Cisco IOS-XR or Cisco IOS XE software. 

Cisco Data Models on GitHub are organised by platform (including the CISCO XR, XE and NX Platform) and by software release number such as 6.5.3 for Cisco IOS XR software or 16.9.3 for Cisco IOS XE software. 

Download to the PC. 

Navigate to the directory, which contains all the supported Cisco IOS XR release 6.5.3 data model. From this directory you explore the Netconf data model.

STEP 3.1 Clone the repository

Git clone https://github.com/CiscoDevNet/yang-explorer.git

STEP 3.2 Display all the files in the current directory that contain openconfig in their filename. Verify that the output displays several YANG files that corresponds to openconfig. These files contains the models to configure all the capabilities that related to openconfig

vm:~/653$ ls openconfig* 

openconfig-acl.yang 

openconfig-aft-common.yang 

openconfig-aft-ethernet.yang 

<output-omitted> 

openconfig-vlan-types.yang 

openconfig-vlan.yang 

openconfig-yang-types.yang

STEP 3.3: 

Display all files in the current directory that contains cfg in their filename. Verify that the output displays several YANG files that corresponds to Cisco Vendor specific configuration models. These files contain the models to configure all capabilities that related to Cisco IOS XR configuration.

STEP 3.4:

Display all files in the current directory that contains oper in their filename. Verify that the output displays several YANG files that correspond to cisco vendor-specific operation models. These files contain the models to retrieve information that related to Cisco IOS XR operations.

STEP 3.5: 

Display all files in the current directory that contain netconf in their filename. Verify that the output displays several YANG files that correspond to NETCONF specific configuration models. Form the list ietf-netconf.yang (which is highlighted) includes the NETCONF model definition, and you will use it in following steps to explore NETCONF Protocol features.

4.0 Use the pyang tool

The pyang tool is a YANG validator, transformer and code generator that was written in Python. You can use to validate YANG modules for correctness, transform YANG modules into other formats, and generate code from the modules.

The pyang tool can have a following feature : 

• Validate the YANG module
•  Generates a compact tree representation of YANG models for quick visualization
•  Generate a skeleton XML instance document from the data model
• Provides schema-aware translation documents that are encoded in XML or JSON and vice versa.
• Feature a plugin framework for simple development of other output tasks, such as code generation.  
  

STEP 4.1: 

Use pyang to display the tree view of the ietf-netconf.yang model

Observe that the output lists the NETCONF RPC methods.

STEP 4.2:

Mapping to YANG Tree view to XML

From the pyang tree view, it is possible to create an XML file where YANG containers and leaves become XML tags. Use pyang to display the tree view of get-config RPC in the ietf-netconf.yang model

STEP 4.3:

Use pyang to display the tree view of the get RPC in the ietf-netconf.yang model

STEP 4.4:

Use pyang to display the tree view of edit-config RPC in the ietf-netconf.yan

After completion of the lab

• You have completed this task when you attain the result 
• You verify the openconfig capabilities the Cisco IOS XR Software support. 
• You verify that supported capabilities that related to Cisco IOS XR configuration. 
• You verify the supported capabilities that related to Cisco IOS XR operation. 
• You verify the supported capabilities that related to NETCONF for Cisco IOS XR software. 
• You listed the Cisco IOS XR data model - You listed the NETCONF data model 
• You explored different RPCs that the NETCONF data model defines.

5.0 Use NETCONF in Cisco IOS XE Device

In this task, you will interact with the NETCONF protocol in a raw session to use the framing format that Cisco IOS XR device use. Also you will identify the necessary steps to perform changes in the NETCONF configuration database.

STEP 5.1 

NETCONF Framing in Cisco IOS-XR Software.

After the client sends a hello message with the listed capabilities to the NETCONF server, the server is ready to listen to RPC requests. You will test NETCONF over an SSH session, which provides a raw session. In a raw session, RPCs must follow NETCONF chuck format framing. 

This requirement means that every RPC must be preceded by the # character that is followed by a number of bytes that the client is going to send. In addition the RPC must end with a couple of # characters. Next you see an example of an RPC that uses chunk format framing.

You will use the raw session only in this lab for learning processes. In following we will explore more on powerful tools, such as netconf-console, yang-explorer and ncclient.

NETCONF Edit Configuration Database Best Practice. 

Cisco IOS XR software uses the candidate configuration as the edit configuration database. This usage means that you should make every edit-config RPC in the candidate database and follow it with a commit RPC. 

As a best practice, Cisco recommendation that you use the lock and unlock RPC before the edit-config and after the commit, respectively.

STEP 5.2:

Start the NETCONF session over SSH to the PE1 router with IP address

Use ssh cisco@172.21.116.10 -p 830 -s Netconf 

Note : xml response from the NETCONF server displays.

$ ssh cisco@172.21.116.10 -p 830 -s netconf 

Password: cisco 

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<capabilities> 

<capability>urn:ietf:params:netconf:base:1.1</capability>

<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability> 

< output-ommited > 

<capability>http://openconfig.net/yang/bgp-policy?module=openconfig-bgp-policy&amp;revision=2017-02-02</capability> </capabilities> 

<session-id>578585380</session-id> 

</hello> 

]]>]]>

STEP 5.3:

Copy hello RPC XML block and return to the NETCONF terminal and paste.

STEP 5.4:

Select and copy the get-config RPC XML block

Return to NETCONF session in Terminal and paste the content. Verify that the PE1 router responds with its whole configuration. 

Note : The purpose of the get-config RPC to get the running configuration on the device.

Make sure from router to initiate the connection you should send Hello RPC XML.

Get-config RPC XML block example

STEP 5.5:

Select and copy the get RPC XML block.

Return to the terminal paste the content. Verify the PE1 returns on RPC-Reply response that includes a summary of IP access-list and prefix-list configurations.

Select and copy the get RPC (the third XML block in the file) 

Output that you will get:

STEP 5.6:

Select and copy the edit-config RPC XML block.

Make sure copy the text from line that starts with the #958 characters to the next line that contains the ## character. The RPC creates an access list in the candidate configuration. Then return to Terminal. 

In NETCONF session, press Enter and then paste the edit-config RPC content. Observe the OK message in the RPC-Reply at the end of the output.

STEP 5.7:

Select and copy the commit RPC XML block

Select and copy the commit RPC XML block. Return to the NETCONF session in the terminal press enter. And paste the content. Observe that the PE1 router returns an rpc-reply response that includes the OK tag.

Make sure you copy text from the line that starts with #111 characters to the next line that contains the ## characters. This RPC applies the candidate configuration to the running configuration. 

Return to Terminal. In the NETCONF session, press Enter and then paste the commit RPC content.

STEP 5.8:

Select and close the close-session RPC XML block. Return the Netconf session in Terminal and press Enter and paste the content.

NETCONF session return the rpc-reply

After completion of the lab ·

• You explored the Cisco IOS XR NETCONF chunk framing format in raw sessions
  
• You used several RPCs that the NETCONF data model defines 
• You verify NETCONF operation over a raw session by using SSH

6.0 Use NETCONF in Cisco IOS XE Device

In this task you will interact with the NETCONF protocol in a raw session to use the framing format that Cisco IOS XE device use. 

Also you will enumerate the steps to perform changes in the NETCONF configuration database.

 NETCONF Framing in Cisco IOS XE Software 

After the client sends a hello message with the listed capabilities to the NETCONF server, the server is ready to listen to RPC requests. 

In a raw session like the NETCONF session that SSH provides, RPC requests must end with the ]]>]]> characters

STEP 6.1:

Start a NETCONF session over SSH to the PE3 (IOS XE) and verify that the router responds with a hello message and lists device capabilities.

STEP 6.2:

Select and copy the Hello RPC XML block. Return to NETCONF session in terminal, press enter and paste the content and verify that the NETCONF sessions stay established.

STEP 6.3:

Select and copy the get RPC. Make sure to include, in the copied text, the line with ]]>]]> characters. Return to terminal and in the NETCONF session press enter and then paste the get RPC content.

As a response from the device, you will see that PE3 router interface lookback 0 configuration

RPC-Reply

STEP 6.4:

Select and copy the edit-config RPC XML block. Return the NETCONF session in terminal and press enter.

Observe OK message in the rpc-reply at the end of the output. 

After completion of the lab

• You explored the Cisco IOS XE NETCONF chunk framing format in raw sessions 
• You used several RPCs that the NETCONF data model defines 
• You verify NETCONF operation over a raw session by using SSH

Appendix

The table describes the commands that you will use in this activity. The commands list in alphabetical order so that you can easily locate the information that you need. Refer to this list if you need configuration command assistance during the lab activity.

CISCO IOS XR COMMANDS

CISCO IOS-XE

LINUX COMMANDS