Preface RUGGEDCOM NETCONF Reference Guide For RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX5000, MX5000, MX5000RE 06/2017 RC1065-EN-03 Introduction 1 NETCONF Capabilities and Namespaces 2 NETCONF Sessions 3 Getting Data 4 Changing Configuration Data 5 RUGGEDCOM ROX II Actions 6 Examples 7 NETCONF XML Elements 8 RUGGEDCOM NETCONF Reference Guide Copyright (c) 2017 Siemens Canada Ltd All rights reserved. Dissemination or reproduction of this document, or evaluation and communication of its contents, is not authorized except where expressly permitted. Violations are liable for damages. All rights reserved, particularly for the purposes of patent application or trademark registration. This document contains proprietary information, which is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Siemens Canada Ltd. Disclaimer Of Liability Siemens has verified the contents of this document against the hardware and/or software described. However, deviations between the product and the documentation may exist. Siemens shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material. The information given in this document is reviewed regularly and any necessary corrections will be included in subsequent editions. We appreciate any suggested improvements. We reserve the right to make technical improvements without notice. Registered Trademarks RUGGEDCOMTM and ROSTM are trademarks of Siemens Canada Ltd. Linux(R) is the registered trademark of Linus Torvalds in the United States and other countries. The registered trademark Linux(R) is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. Other designations in this manual might be trademarks whose use by third parties for their own purposes would infringe the rights of the owner. Open Source RUGGEDCOM ROX II is based on Linux(R). Linux(R) is made available under the terms of the GNU General Public License Version 2.0 [http:// www.gnu.org/licenses/gpl-2.0.html]. RUGGEDCOM NETCONF contains additional Open Source Software. For license conditions, refer to the associated License Conditions document. Security Information Siemens provides products and solutions with industrial security functions that support the secure operation of plants, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens' products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates. For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity. To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit http:// support.automation.siemens.com. Contacting Siemens Address Siemens Canada Ltd Industry Sector 300 Applewood Crescent Concord, Ontario Canada, L4K 5C7 ii Telephone Toll-free: 1 888 264 0006 Tel: +1 905 856 5288 Fax: +1 905 856 1995 E-mail ruggedcom.info.i-ia@siemens.com Web www.siemens.com/ruggedcom RUGGEDCOM NETCONF Table of Contents Reference Guide Table of Contents Preface ............................................................................................................ ix How This Guide Is Organized ............................................................................................................... ix Alerts .................................................................................................................................................. x Related Documents .............................................................................................................................. x Accessing Documentation ..................................................................................................................... x Training .............................................................................................................................................. xi Customer Support ............................................................................................................................... xi Chapter 1 Introduction ..................................................................................................... 1 1.1 What is NETCONF? ........................................................................................................................ 1 1.2 What Can NETCONF Do? ............................................................................................................... 3 1.3 Who Should Use This Guide ........................................................................................................... 3 1.4 Supported IETF RFCs ..................................................................................................................... 3 1.5 Sample NETCONF sessions ............................................................................................................ 3 1.5.1 Sample Session: Getting Data ............................................................................................. 4 1.5.2 Sample Session: Performing an Action ................................................................................. 6 1.5.3 Sample Session: Editing Data .............................................................................................. 9 Chapter 2 NETCONF Capabilities and Namespaces ........................................................... 15 2.1 IETF Capabilities .......................................................................................................................... 15 2.2 Vendor-Defined Capabilities ......................................................................................................... 17 2.3 IETF Namespaces ........................................................................................................................ 17 2.4 Vendor-Defined Namespaces ....................................................................................................... 18 2.5 RUGGEDCOM Namespaces ........................................................................................................... 18 2.6 Viewing the Capabilities on a Device ............................................................................................ 20 Chapter 3 NETCONF Sessions .......................................................................................... 23 3.1 Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF ......................................................... 23 3.2 Connecting to the NETCONF Service ............................................................................................ 23 3.3 Saying Hello ............................................................................................................................... 24 3.3.1 RUGGEDCOM ROX II NETCONF Message ................................................................. 25 3.4 Closing the Session ..................................................................................................................... 26 iii Table of Contents RUGGEDCOM NETCONF Reference Guide 3.5 Killing a Session .......................................................................................................................... 26 Chapter 4 Getting Data ................................................................................................... 29 4.1 Using the Command .......................................................................................................... 29 4.2 Using the Command ................................................................................................ 30 4.3 Using XPaths with and ................................................................................... 31 4.4 Getting Information for a Specific Object ...................................................................................... 33 4.4.1 Specifying Objects with Hierarchical XML Elements ............................................................. 33 4.4.2 Specifying Objects with XPaths ......................................................................................... 34 4.5 Getting Default Values ................................................................................................................ 34 4.6 Getting Data Models from the Device ........................................................................................... 35 4.6.1 Getting Schemas from the Device ..................................................................................... 36 4.6.2 Getting YIN and YANG Files from the Device ...................................................................... 37 4.6.3 Using pyang .................................................................................................................... 38 4.6.3.1 Using the Text-Based Tree ...................................................................................... 39 Chapter 5 Changing Configuration Data .......................................................................... 41 5.1 Changing Data in the Running Configuration ................................................................................ 41 5.2 Changing Data in the Candidate Configuration .............................................................................. 42 5.2.1 Locking Data Stores ......................................................................................................... 43 5.2.2 Copying Data ................................................................................................................... 44 5.2.3 Replacing Data ................................................................................................................. 46 5.2.4 Deleting Data ................................................................................................................... 48 5.2.5 Validating Changes .......................................................................................................... 50 5.2.6 Committing Changes ........................................................................................................ 51 Chapter 6 RUGGEDCOM ROX II Actions ............................................................................ 53 6.1 Admin Namespace Actions .......................................................................................................... 54 6.1.1 snmp-discover .................................................................................................................. 55 6.1.2 launch-upgrade ................................................................................................................ 55 6.1.3 decline-upgrade ............................................................................................................... 56 6.1.4 rollback-reboot ................................................................................................................. 56 6.1.5 roxflash ........................................................................................................................... 57 6.1.6 clear-all-alarms ................................................................................................................. 57 6.1.7 acknowledge-all-alarms .................................................................................................... 57 6.1.8 shutdown ........................................................................................................................ 58 6.1.9 reboot ............................................................................................................................. 58 6.1.10 set-system-clock ............................................................................................................. 58 iv RUGGEDCOM NETCONF Reference Guide Table of Contents 6.1.11 restore-factory-defaults ................................................................................................... 59 6.1.12 delete-logs ..................................................................................................................... 59 6.1.13 install-files ..................................................................................................................... 59 6.1.14 backup-files (Backup Files) .............................................................................................. 60 6.1.15 full-configuration-save .................................................................................................... 60 6.1.16 full-configuration-load .................................................................................................... 61 6.2 Interfaces Namespace Actions ...................................................................................................... 61 6.2.1 reset (Modem) ................................................................................................................. 62 6.2.2 at (Modem) ..................................................................................................................... 62 6.2.3 reset (Cellular Modem) ..................................................................................................... 63 6.2.4 at (Cellular Modem) ......................................................................................................... 63 6.2.5 reset (Serial Port) ............................................................................................................. 64 6.2.6 clear-serial-port-stats ........................................................................................................ 64 6.2.7 restart-serserver ............................................................................................................... 65 6.2.8 reset-port (Switch Port) .................................................................................................... 65 6.2.9 clear-port-stats (Switch Port) ............................................................................................. 66 6.2.10 start-cable-test (Switch Port) ........................................................................................... 66 6.2.11 clear-cable-stats-port (Switch Port) .................................................................................. 67 6.3 Services Namespace Actions ........................................................................................................ 67 6.3.1 ntp-status ........................................................................................................................ 67 6.3.2 log (Link-Failover) ............................................................................................................ 68 6.3.3 start-test (Link Failover) .................................................................................................... 68 6.3.4 cancel-test (Link Failover) ................................................................................................. 69 6.3.5 show-active-leases (DHCP Server) ...................................................................................... 69 6.4 Switch Namespace Actions .......................................................................................................... 69 6.4.1 clear-stp-stats (Switch) ..................................................................................................... 70 6.4.2 flush-dynamic-rules (Switch) ............................................................................................. 70 6.4.3 reset-all-switch-ports (Switch) ........................................................................................... 70 6.4.4 clear-all-switch-stats (Switch) ............................................................................................ 71 6.4.5 clear-cable-stats-all (Switch) .............................................................................................. 71 6.5 Tunnel Namespace Actions .......................................................................................................... 71 6.5.1 display-public-key (IPSEC) ................................................................................................. 72 6.5.2 status (IPSEC) .................................................................................................................. 72 6.5.3 install-certificate (IPSEC) ................................................................................................... 72 6.5.4 install-ca-certificate (IPSEC) ............................................................................................... 73 6.5.5 install-crl-file (IPSEC) ........................................................................................................ 74 6.5.6 remove-ca-certificate (IPSEC) ............................................................................................. 75 6.5.7 remove-certificate (IPSEC) ................................................................................................. 75 6.5.8 remove-crl (IPSEC) ............................................................................................................ 76 v Table of Contents RUGGEDCOM NETCONF Reference Guide Chapter 7 Examples ........................................................................................................ 77 7.1 Getting the System Name ........................................................................................................... 80 7.2 Getting the ROX Release ............................................................................................................. 80 7.3 Getting the Chassis Status ........................................................................................................... 81 7.4 Setting the System Clock ............................................................................................................. 81 7.5 Acknowledging Alarms ................................................................................................................ 81 7.6 Clearing All Alarms ..................................................................................................................... 82 7.7 Viewing Alarms ........................................................................................................................... 82 7.8 Restoring Factory Defaults ........................................................................................................... 82 7.9 Changing the System Name by Locking and Committing ............................................................... 83 7.10 Changing the System Name Directly ........................................................................................... 84 7.11 Creating a Static VLAN .............................................................................................................. 85 7.12 Assigning a PVID on a Port ........................................................................................................ 86 7.13 Disabling Spanning Tree on a Specific Port .................................................................................. 87 7.14 Configuring an IP Address on a Specific Port ............................................................................... 88 7.15 Deleting an IP Address .............................................................................................................. 90 7.16 Setting a Static Route ................................................................................................................ 91 7.17 Disabling Spanning Tree Globally ............................................................................................... 92 7.18 Retrieving all IP Addresses from the Running Configuration .......................................................... 94 7.19 Retrieving the Active Routes on a Device .................................................................................... 94 7.20 Configuring Static Multicast Routing on a Layer 3 Device ............................................................. 95 7.21 Enabling Static Multicast Routing on a Layer 3 Device .................................................................. 96 7.22 Retrieving Static Multicast Status on a Layer 3 Device .................................................................. 97 7.23 Replacing an IP Address ............................................................................................................. 98 7.24 Configuring a Port to Dynamically Obtain an IP Address ............................................................... 99 7.25 Configuring OSPF Area and Network on a Layer 3 Device ........................................................... 100 7.26 Enabling the OSPF Passive-Default Option ................................................................................. 102 7.27 Configure an OSPF Non-Passive Port ......................................................................................... 103 7.28 Configuring OSPF Parameters ................................................................................................... 104 7.29 Enabling the OSPF redistribute-connected Option ...................................................................... 106 7.30 Enabling OSPF on a Layer 3 Device .......................................................................................... 107 7.31 Retrieving OSPF Status ............................................................................................................ 108 7.32 Retrieving All Data from the Routing Namespace ....................................................................... 109 7.33 Configuring DHCP Server ......................................................................................................... 109 7.34 Configure the DHCP Server Port Listening for DHCP Client Requests ............................................. 110 7.35 Enabling the DHCP Server Service ............................................................................................. 112 7.36 Disabling an Ethernet Port ....................................................................................................... 113 7.37 Enabling an Ethernet Port ........................................................................................................ 114 7.38 Checking an IP Address on a Specific Port using the Interfaces Namespace ................................... 115 vi RUGGEDCOM NETCONF Reference Guide Table of Contents 7.39 Retreiving All Data From Running Database Including Default Values ........................................... 116 7.40 Retreiving All Data From Running Database Including Default Tags and Values ............................. 116 7.41 Changing a User's Password ..................................................................................................... 117 7.42 Displaying the Status of the IPsec Service ................................................................................. 118 7.43 Selecting a Certificate for an IPSec Tunnel ................................................................................ 118 7.44 Installing a CA Certificate ......................................................................................................... 120 7.45 Configuring a Signed CA Certificate .......................................................................................... 121 7.46 Installing a Private Key to a Signed CA Certificate ...................................................................... 121 7.47 Installing a CRL File ................................................................................................................. 122 7.48 Removing a Certificate ............................................................................................................ 123 7.49 Removing a CA certificate ........................................................................................................ 123 7.50 Removing a CRL File ................................................................................................................ 124 Chapter 8 NETCONF XML Elements ................................................................................ 125 8.1 ]]>]]> ....................................................................................................................................... 125 8.2 ........................................................................................................................ 126 8.3 ................................................................................................................................. 126 8.4 ........................................................................................................................... 127 8.5 ..................................................................................................................................... 127 8.6 .................................................................................................................... 128 8.7 ............................................................................................................................ 128 8.8 .............................................................................................................................. 128 8.9 ............................................................................................................................. 129 8.10 ................................................................................................................................... 129 8.11 .......................................................................................................................... 131 8.12 .................................................................................................................................... 131 8.13 ..................................................................................................................................... 132 8.14 ..................................................................................................................................... 132 8.15 ............................................................................................................................. 132 8.16 ............................................................................................................................. 133 8.17 ................................................................................................................................. 134 8.18 ................................................................................................................................ 134 8.19 .............................................................................................................................. 135 vii Table of Contents viii RUGGEDCOM NETCONF Reference Guide RUGGEDCOM NETCONF Reference Guide Preface Preface This guide describes how to use RUGGEDCOM NETCONF - the Network Configuration Protocol - to manipulate configuration data on RUGGEDCOM devices running RUGGEDCOM NETCONF v. CONTENTS * "How This Guide Is Organized" * "Alerts" * "Related Documents" * "Accessing Documentation" * "Training" * "Customer Support" How This Guide Is Organized * Chapter 1, Introduction introduces RUGGEDCOM NETCONF and demonstrates what a typical NETCONF session with RUGGEDCOM NETCONF looks like. Read this section for a quick introduction to RUGGEDCOM NETCONF on RUGGEDCOM NETCONF. * Chapter 2, NETCONF Capabilities and Namespaces describes the RUGGEDCOM NETCONF functions and data models supported by RUGGEDCOM NETCONF. Read this section to learn about the RUGGEDCOM NETCONF functions supported by RUGGEDCOM NETCONF. * Chapter 3, NETCONF Sessions describes how to connect to and communicate with a device with RUGGEDCOM NETCONF. Read this section to learn about connecting to your device, responding to the device's initial NETCONF message, locking and unlocking datastores, and signing off from the device. * Chapter 4, Getting Data describes how to retrieve configuration data from RUGGEDCOM NETCONF. Read this section to learn how to retrieve individual configuration elements, subsections of configuration data, or the entire configuration from the device. * Chapter 5, Changing Configuration Data describes how to change RUGGEDCOM NETCONF configuration data. Read this section to learn how to set configuration data and perform actions. * Chapter 6, RUGGEDCOM ROX II Actions describes how to activate NETCONF actions on a device. Read this section to learn how to activate NETCONF commands, such as rebooting and clearing statistics, on the device. * Chapter 7, Examples describes many examples of how to configure RUGGEDCOM NETCONF data. Read this section to learn how to perform common network configuration tasks through RUGGEDCOM NETCONF. * Chapter 8, NETCONF XML Elements describes the XML elements unique to NETCONF commands. Read this section to learn about the XML elements used to build NETCONF commands and for information on what the elements mean when they are returned in a message from the server. How This Guide Is Organized ix RUGGEDCOM NETCONF Preface Reference Guide Alerts The following types of alerts are used when necessary to highlight important information. DANGER! DANGER alerts describe imminently hazardous situations that, if not avoided, will result in death or serious injury. WARNING! WARNING alerts describe hazardous situations that, if not avoided, may result in serious injury and/or equipment damage. CAUTION! CAUTION alerts describe hazardous situations that, if not avoided, may result in equipment damage. IMPORTANT! IMPORTANT alerts provide important information that should be known before performing a procedure or step, or using a feature. NOTE NOTE alerts provide additional information, such as facts, tips and details. Related Documents Other documents that may be of interest include: * RUGGEDCOM NETCONF Web Interface User Guide for the RUGGEDCOM RX1400 * RUGGEDCOM NETCONF Web Interface User Guide for the RUGGEDCOM RX1500/RX1501/RX1510/RX1511/ RX1512 * RUGGEDCOM NETCONF Web Interface User Guide for the RUGGEDCOM RX5000 * RUGGEDCOM NETCONF CLI User Guide for the RUGGEDCOM RX1400 * RUGGEDCOM NETCONF CLI User Guide for the RUGGEDCOM RX1500/RX1501/RX1510/RX1511/RX1512 * RUGGEDCOM NETCONF CLI User Guide for the RUGGEDCOM RX5000 Most documents are available on Siemens' Industry Online Support portal [https://support.industry.siemens.com] or mobile application. For all others, contact a Siemens Sales representative or Siemens Customer Support. Accessing Documentation The latest user documentation for RUGGEDCOM NETCONF v is available online at www.siemens.com/ruggedcom. To request or inquire about a user document, contact Siemens Customer Support. x Alerts RUGGEDCOM NETCONF Preface Reference Guide Training Siemens offers a wide range of educational services ranging from in-house training of standard courses on networking, Ethernet switches and routers, to on-site customized courses tailored to the customer's needs, experience and application. Siemens' Educational Services team thrives on providing our customers with the essential practical skills to make sure users have the right knowledge and expertise to understand the various technologies associated with critical communications network infrastructure technologies. Siemens' unique mix of IT/Telecommunications expertise combined with domain knowledge in the utility, transportation and industrial markets, allows Siemens to provide training specific to the customer's application. For more information about training services and course availability, visit www.siemens.com/ruggedcom or contact a Siemens Sales representative. Customer Support Customer support is available 24 hours, 7 days a week for all Siemens customers. For technical support or general information, contact Siemens Customer Support through any of the following methods: Online Visit http://www.siemens.com/automation/support-request to submit a Support Request (SR) or check on the status of an existing SR. Telephone Call a local hotline center to submit a Support Request (SR). To locate a local hotline center, visit http:// www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx. Mobile App Install the Industry Online Support app by Siemens AG on any Android, Apple iOS or Windows mobile device and be able to: * * * * Training Access Siemens' extensive library of support documentation, including FAQs and manuals Submit SRs or check on the status of an existing SR Contact a local Siemens representative from Sales, Technical Support, Training, etc. Ask questions or share knowledge with fellow Siemens customers and the support community xi Preface xii RUGGEDCOM NETCONF Reference Guide Customer Support RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction Introduction Welcome to the RUGGEDCOM NETCONF Reference Guide. This document aims to describe the Network Configuration Protocol (NETCONF) and how it can be used to control the configuration of a device running RUGGEDCOM ROX II. All versions of RUGGEDCOM ROX II supports NETCONF sessions. CONTENTS * Section 1.1, "What is NETCONF?" * Section 1.2, "What Can NETCONF Do?" * Section 1.3, "Who Should Use This Guide" * Section 1.4, "Supported IETF RFCs" * Section 1.5, "Sample NETCONF sessions" Section 1.1 What is NETCONF? The Network Configuration Protocol (NETCONF) is a network configuration protocol developed by the Internet Engineering Task Force (IETF). NETCONF provides functions to download, upload, change, and delete the configuration data on network devices. Devices running the RUGGEDCOM ROX II operating system also support the ability to collect data and perform direct actions on the device, such as rebooting the device, clearing statistics, and restarting services. NETCONF actions and data are described using Extensible Markup Language (XML). NETCONF uses a collection of XML elements to identify functions and operations. Configuration data is represented as a hierarchy of XML elements that describe the path to a configurable setting and its data. The NETCONF protocol can be thought of as having four conceptual layers: What is NETCONF? 1 Chapter 1 Introduction RUGGEDCOM NETCONF Reference Guide Figure 1: NETCONF Concepts and Implementation * The Transport Protocol layer provides connectivity between the device and the NETCONF client. RUGGEDCOM ROX II supports the use of Secure Shell (SSH) for the connection. * The Remote Procedure Call layer represents NETCONF requests and responses. Requests from the client to the device are wrapped within elements in the XML query text. Responses from the device to the client are wrapped within elements in the XML response text. * The Operations layer represents actions and functions performed on the RUGGEDCOM ROX II server. The operations available for use are defined by the NETCONF capabilities advertised by the device. * The Content layer represents the configuration data on the device. NETCONF can query, manipulate, and monitor the configuration data on the device. The configuration data is defined by the RUGGEDCOM namespaces. The configuration data is structured in NETCONF in the same way as it is in the RUGGEDCOM ROX II web interface and command line interface (CLI). The NETCONF protocol is defined in several Internet Engineering Task Force Request For Comment (RFC) documents. It is not necessary to read the RFCs to use NETCONF with devices, but this guide provides links to the RFCs for those interested in the design details of the NETCONF protocol. For more general background information on NETCONF, refer to the Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. This RFC, published in June 2011, is the current main defining document for the NETCONF protocol. For historical interest, refer to Internet Engineering Task Force RFC 4741 [http://tools.ietf.org/html/rfc4741]. This RFC, published in 2006, contains the initial definition of the NETCONF protocol. Note that RFC 6241 obsoletes RFC 4741. Several additional RFCs define the NETCONF capabilities and namespaces. Links to these documents appear throughout Chapter 2, NETCONF Capabilities and Namespaces, where this guide discusses the capabilities and namespaces supported by devices. 2 What is NETCONF? RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction Section 1.2 What Can NETCONF Do? NETCONF provides an easy-to-use application programming interface (API) for RUGGEDCOM NETCONF. It provides the ability to view and manipulate configuration data, monitor device status, and perform device management commands. Use NETCONF to develop custom configuration management tools and applications, such as: * shell scripts for common device management tasks * custom device management interfaces * custom configuration management applications and databases * integrating devices into existing configuration management applications and databases Section 1.3 Who Should Use This Guide This guide is for network administrators and programmers tasked with the configuration management of network devices. Readers should be familiar with the following: * general use and function of the RUGGEDCOM ROX II software. * network design and network management concepts and tasks. * using Secure Shell (SSH) to connect to RUGGEDCOM ROX II. * how to create well-formed and valid XML documents. Section 1.4 Supported IETF RFCs RUGGEDCOM ROX II supports the following IETF Request For Comments (RFC): * Internet Engineering Task Force RFC 5277 [http://tools.ietf.org/html/rfc5277] * Internet Engineering Task Force RFC 5717 [http://tools.ietf.org/html/rfc5217] * Internet Engineering Task Force RFC 6021 [http://tools.ietf.org/html/rfc6021] * Internet Engineering Task Force RFC 6022 [http://tools.ietf.org/html/rfc6022] * Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241] * Internet Engineering Task Force RFC 6243 [http://tools.ietf.org/html/rfc6243] Section 1.5 Sample NETCONF sessions This section provides a walk-through of three typical types of NETCONF sessions: What Can NETCONF Do? 3 Chapter 1 RUGGEDCOM NETCONF Introduction Reference Guide * Section 1.5.1, "Sample Session: Getting Data" describes a simple session where you connect to a device, get data from the device, and close the session * Section 1.5.2, "Sample Session: Performing an Action" describes a simple session where you connect to a device, perform an action on the device, and close the session * Section 1.5.3, "Sample Session: Editing Data" describes a more complex session where you connect to a device, prepare the device data-stores for editing, edit the data, commit the data, and close the session Each sample provides an overview of the primary steps in the session, a schematic illustration of the primary steps, and the actual NETCONF code sent to and received from the device. Read these sections to become familiar with the general flow of typical NETCONF sessions. Also, review these sections to become familiar with examples of working NETCONF XML code. The text in these examples can be copied and tested on an operating RUGGEDCOM NETCONF device. The XML code in these examples has been formatted for legibility. Line breaks and white space have been added to the XML text to make the lines easier to read and to show the element hierarchy. When sending XML text to the device, the line breaks and whitespace are not required. You can send XML text to the device in a single line, as long as the XML is well-formed. Text returned from the device has also been formatted for legibility. The text returned from the device typically appears in a single line, without whitespace between the elements. In these examples, the message from the device has been truncated for clarity. CONTENTS * Section 1.5.1, "Sample Session: Getting Data" * Section 1.5.2, "Sample Session: Performing an Action" * Section 1.5.3, "Sample Session: Editing Data" Section 1.5.1 Sample Session: Getting Data To retrieve data from a device, do the following: Figure 2: Getting Data 4 Sample Session: Getting Data RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction Basic Steps 1. 2. 3. Connect to the device and exchange messages. Issue or commands to retrieve data from the device. You determine the data to retrieve by stating the RUGGEDCOM namespace from which you want to retrieve the data, and then stating the path through the data model to the information you want to return. Close the session. Closing the session ensures that the NETCONF session closes gracefully without incomplete processes or locked datastores. Detailed Steps 1. Log in to the device via ssh: $ ssh {user}@{ipAddress} -p 830 -s netconf * {user} is a user name on the device. Typically, the user should be assigned the administrative user role. * {ipAddress} is an address on the device listening for NETCONF activity. The -p parameter indicates the port listening for NETCONF activity. Port 830 is the default NETCONF port. The -s parameter indicates the subsystem. All NETCONF communication must be identified with -s netconf. You can configure the IP addresses and ports on which RUGGEDCOM NETCONF listens for NETCONF. For more information, refer to Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF". The device responds with its statement: . . . 797 ]]>]]> 2. Respond to the device with the client's statement. The client's statement can describe the client's capabilities, or it can respond with just the base NETCONF capability. This example shows the minimal response: urn:ietf:params:netconf:base:1.0 ]]>]]> 3. Issue an request to retrieve data from the device: ]]>]]> Sample Session: Getting Data 5 Chapter 1 RUGGEDCOM NETCONF Introduction Reference Guide * All commands must be enclosed within tags. The message-id attribute is not required but is recommended. The message-id attribute is returned in the device response, allowing you to match responses with requests. * The element indicates the datastore from which we are requesting data. In this example we are requesting data from the running configuration database. * The element encloses the data model tags. The type="subtree" attribute is mandatory. * The element is the root of the RUGGEDCOM admin namespace. Within the element, additional elements navigate down to the desired element. In this example, we are navigating to admin/ system-name in the RUGGEDCOM NETCONF data model. * The ]]>]]> string indicates the end of the NETCONF message. Each NETCONF message must end with ]]>]]> The device responds with the requested data: Substation Ethernet Switch 2 ]]>]]> 4. * The element contains the response. Notice the message-id attribute returned with the element; it corresponds to the sent in the request. After receiving the data, close the session: ]]>]]> The device responds with the following and closes the session: ]]>]] Section 1.5.2 Sample Session: Performing an Action To perform an action on a device, do the following: 6 Sample Session: Performing an Action RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction Figure 3: Performing an Action Basic Steps 1. 2. 3. Connect to the device and exchange messages. Issue an command with the action to perform. The request must contain the element referring to the action namespace. You determine the action to perform by stating the RUGGEDCOM namespace where the command is found, and then stating the path through the data model to the command. Close the session. Closing the session ensures that the NETCONF session closes gracefully without incomplete processes or locked datastores. Detailed Steps 1. Log in to the device via ssh: $ ssh {user}@{ipAddress} -p 830 -s netconf * {user} is a user name on the device. Typically, the user should be assigned the administrative user role. * {ipAddress} is an address on the device listening for NETCONF activity. The -p parameter indicates the port listening for NETCONF activity. Port 830 is the default NETCONF port. The -s parameter indicates the subsystem. All NETCONF communication must be identified with -s NETCONF. You can configure the IP addresses and ports on which RUGGEDCOM NETCONF listens for NETCONF. For more information, refer to Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF". The device responds with its statement: . . . 797 ]]>]]> Sample Session: Performing an Action 7 Chapter 1 RUGGEDCOM NETCONF Introduction 2. Reference Guide Respond to the device with the client's statement. The client's statement can describe the client's capabilities, or it can respond with just the base NETCONF capability. This example shows the minimal response: urn:ietf:params:netconf:base:1.0 ]]>]]> 3. Issue an request with the action to perform: ]]>]]> * All commands must be enclosed within tags. The message-id attribute is not required but is recommended. The message-id attribute is returned in the device response, allowing you to match responses with requests. * The element indicates that this request is to perform an action on the device. The element must refer to the action namespace in the xmlns attribute. * The element is the root of the RUGGEDCOM admin namespace. Within the element, additional elements navigate down to the desired command. In this example, we are navigating to admin/ set-system-clock in the RUGGEDCOM NETCONF data model. * The ]]>]]> string indicates the end of the NETCONF message. Each NETCONF message must end with ]]>]]> The device responds with the results of the command: Mon Mar 26 18:00:01 2012 ]]>]]> 4. * The element contains the response. Notice the message-id attribute returned with the element; it corresponds to the sent in the request. After receiving the response, close the session: ]]>]]> The device responds with the following and closes the session: 8 Sample Session: Performing an Action RUGGEDCOM NETCONF Chapter 1 Reference Guide Introduction ]]>]] Section 1.5.3 Sample Session: Editing Data To edit data on the device, do the following: Say ml> > data data >dat a dat data data data ml> >dat a >dat adat datastores data data data data data data data data data data datastores data data data data data data data data data data * Figure 4: Session Schematic: Editing Data Basic Steps 1. 2. 3. Connect to the device and exchange messages. Issue an command to discard changes. Discarding changes removes changes that are incomplete and not yet committed to the datastores. It is strongly recommended that you discard any such stray changes before making changes to the device configuration. Discarding changes helps to ensure that you are making changes to a known state of the configuration. Issue an command to lock the candidate and running datastores. Locking the datastores prevents other users in other sessions from editing the database while the NETCONF session is working with it. It is strongly recommended that you lock the datastores before making changes to the device configuration. Sample Session: Editing Data 9 Chapter 1 Introduction RUGGEDCOM NETCONF Reference Guide 4. Issue an command to edit the configuration. You determine which data to edit by stating the RUGGEDCOM namespace where the data to be changed is found, and then stating the path through the data model to the items to change. 5. Issue an command to validate the changes. Validating the changes ensures that the syntax of the changes is correct. 6. Issue an command to commit the changes. Committing the changes applies the changes to the running configuration, making the changes take effect on the running device. 7. Issue an command to unlock the datastores. Unlock the datastores to allow other users in other sessions to modify the configuration data. 8. Close the session. Closing the session ensures that the NETCONF session closes gracefully without incomplete processes or locked datastores. Detailed Steps The following procedure provides more details: 1. Log in to the device via ssh: $ ssh {user}@{ipAddress} -p 830 -s netconf * {user} is a user name on the device. Typically, the user should be assigned the administrative user role. * {ipAddress} is an address on the device listening for NETCONF activity. The -p parameter indicates the port listening for NETCONF activity. Port 830 is the default NETCONF port. The -s parameter indicates the subsystem. All NETCONF communication must be identified with -s NETCONF. You can configure the IP addresses and ports on which RUGGEDCOM NETCONF listens for NETCONF. For more information, refer to Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF". The device responds with its statement: . . . 797 ]]>]]> 2. Respond to the device with the client's statement. The client's statement can describe the client's capabilities, or it can respond with just the base NETCONF capability. This example shows the minimal response: urn:ietf:params:netconf:base:1.0 ]]>]]> 3. Issue an request to discard configuration changes: ]]>]]> 10 Sample Session: Editing Data RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction * The command discards any uncommitted changes that may be present in the configuration. It is recommended that you perform this step to ensure that the changes you make are made to a known state of the configuration. The device responds with the following: ]]>]]> Any uncommitted changes are removed from the configuration. 4. Issue an request to lock the running configuration: ]]>]]> * All commands must be enclosed within tags. The message-id attribute is not required but is recommended. The message-id attribute is returned in the device response, allowing you to match responses with requests. * The element indicates that this request is to lock a configuration. * The element specifies the configuration to lock. In this , the lock target is the configuration. * The ]]>]]> string indicates the end of the NETCONF message. Each NETCONF message must end with ]]>]]> The device responds with the following: ]]>]]> The running configuration is now locked. 5. Issue an request to lock the candidate configuration: ]]>]]> The device responds with the following: ]]>]]> The candidate configuration is now locked. 6. Issue an request to edit the candidate configuration: Sample Session: Editing Data 11 Chapter 1 RUGGEDCOM NETCONF Introduction Reference Guide Substation Ethernet: Switch 01 ]]>]]> * The element indicates that this request is to edit the configuration. * The element specifies the configuration to be edited. In this example, the configuration is to be edited. * The element contains the path to the value to be edited. * The element specifies that the value to be edited is in the RUGGEDCOM admin namespace. In this example, the value is being edited. The device responds with the following: ]]>]]> 7. The edit is applied to the configuration. Issue an request to validate the candidate configuration: ]]>]]> * The element indicates that this request is to validate a specified configuration. * The element specifies the configuration to be validated. In this example, the configuration is to be validated. The device responds with the following: ]]>]]> 8. The candidate configuration is validated and its syntax is found to be correct. Had there been syntax errors, the device would return a message with , , , , , and elements to describe and identify the syntax error. Issue an request to commit the changes: ]]>]]> The device responds with the following: 12 Sample Session: Editing Data RUGGEDCOM NETCONF Reference Guide Chapter 1 Introduction ]]>]]> The changes made to the configuration are committed and promoted to the configuration. 9. Issue an request to unlock the candidate configuration: ]]>]]> The device responds with the following: ]]>]]> 10. Issue an request to unlock the running configuration: ]]>]]> The device responds with the following: ]]>]]> 11. Close the session: ]]>]]> The device responds with the following and closes the session: ]]>]] Sample Session: Editing Data 13 Chapter 1 Introduction 14 RUGGEDCOM NETCONF Reference Guide Sample Session: Editing Data RUGGEDCOM NETCONF Chapter 2 Reference Guide NETCONF Capabilities and Namespaces NETCONF Capabilities and Namespaces This section describes the NETCONF capabilities supported by RUGGEDCOM ROX II. NETCONF capabilities describe the functions and namespaces supported by a NETCONF peer. When you connect to the NETCONF service on a device, the device advertises its capabilities in a message. Capabilities and namespaces are reported within elements in the message. A element describes a capability or a namespace: * a capability is a function or service provided by the device. For example, the ability to commit changes to the database or to lock a portion of the database are capabilities. * a namespace is a definition of data elements. For example, the definition of standard Internet address elements and the definition of NETCONF configuration parameters are namespaces. NETCONF supports both standard IETF NETCONF capabilities and vendor-defined capabilities that are unique to the product platform. NETCONF uses namespaces that define the NETCONF configuration data model and that support various capabilities. CONTENTS * Section 2.1, "IETF Capabilities" * Section 2.2, "Vendor-Defined Capabilities" * Section 2.3, "IETF Namespaces" * Section 2.4, "Vendor-Defined Namespaces" * Section 2.5, "RUGGEDCOM Namespaces" * Section 2.6, "Viewing the Capabilities on a Device" Section 2.1 IETF Capabilities The following are the standard IETF capabilities supported by NETCONF. These capabilities define most of the actions that can be performed through NETCONF on a device. Capabilities Description urn:ietf:params:netconf:base:1.0 This is the base NETCONF capability. When replying to the message from a device, the NETCONF client must respond with at least this capability. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. IETF Capabilities 15 Chapter 2 RUGGEDCOM NETCONF NETCONF Capabilities and Namespaces Reference Guide Capabilities Description urn:ietf:params:netconf:capability:writablerunning:1.0 Supports writing to the running configuration: you can update configuration data in the running configuration. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:candidate:1.0 Supports a candidate configuration: you can make changes to a candidate configuration, validate and review the changes, and then commit the candidate to make it the running configuration. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:confirmedcommit:1.0 Supports the confirmed commit operation: you can require that a commit be confirmed before a candidate configuration is promoted to become the running configuration. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:XPath:1.0 Supports the use of XPath expressions: you can used XPath expressions in the element to define the path to the configuration item to be retrieved or set. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:url:1.0? scheme=ftp,sftp,file Supports file transfer for configuration data: you can upload or download configuration data as a file through a specified protocol. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:validate:1.0 Supports the validate operation: you can validate a specified configuration for syntax errors. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:rollback-onerror:1.0 Supports the rollback-on-error operation: you can require the configuration to roll back to its previous state if a commit fails. For more information on this capability, see Internet Engineering Task Force RFC 6241 [http://tools.ietf.org/html/rfc6241]. urn:ietf:params:netconf:capability:notification:1.0 Supports the notification operation: you can have the NETCONF server advise a NETCONF client of changes to the configuration data or device state. For more information on this capability, see Internet Engineering Task Force RFC 5277 [http://tools.ietf.org/html/rfc5277]. urn:ietf:params:netconf:capability:interleave:1.0 Supports the interleave capability: the device handles NETCONF notification messages and other NETCONF operations asynchronously. For more information on this capability, see Internet Engineering Task Force RFC 5277 [http://tools.ietf.org/html/rfc5277]. urn:ietf:params:netconf:capability:partial-lock:1.0 Supports the partial-lock capability: you can lock a specified portion of the configuration database for updating. For more information on this capability, see Internet Engineering Task Force RFC 5717 [http://tools.ietf.org/html/rfc5717]. urn:ietf:params:netconf:capability:with-defaults:1.0? basic-mode=trim&also-supported=report-all-tagged Supports the with-defaults capability: you can control how the NETCONF server reports default data in the data model. For more information on this capability, see Internet Engineering Task Force RFC 6243 [http://tools.ietf.org/html/rfc6243]. 16 IETF Capabilities RUGGEDCOM NETCONF Chapter 2 Reference Guide NETCONF Capabilities and Namespaces Section 2.2 Vendor-Defined Capabilities The following capabilities are provided by the vendor of the development tools used to create the RUGGEDCOM NETCONF software. These vendor-defined capabilities complement and extend the standard IETF capabilities. Capabilities Description http://tail-f.com/ns/netconf/with-defaults/1.0 This vendor-defined capability extends the standard IETF withdefaults capability. http://tail-f.com/ns/netconf/actions/1.0 This vendor-defined capability supports the execution of actions on the device: you can issue direct commands through NETCONF, such as reboot, clear-all-alarms, restore-factory-defaults, and others. http://tail-f.com/ns/netconf/commit/1.0 This vendor-defined capability extends the commit capability: you can make changes to a candidate configuration and commit the changes to promote them to the running configuration. http://tail-f.com/yang/common-monitoring? module=tailf-common-monitoring&revision=2013-06-14 These vendor-defined capabilities support NETCONF monitoring on the device. http://tail-f.com/yang/confd-monitoring? module=tailf-confd-monitoring&revision=2013-06-14 http://tail-f.com/yang/netconf-monitoring? module=tailf-netconf-monitoring&revision=2012-06-14 Section 2.3 IETF Namespaces NETCONF uses several namespaces to data types and configuration data models. Some namespaces are associated with and provide support for specific NETCONF capabilities. The following are the standard IETF namespaces supported by NETCONF: Capabilities Description urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietfinet-types&revision=2010-09-24 Defines data types for Internet addresses and related items. urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring? module=ietf-netconf-monitoring&revision=2010-10-04 Defines data types for NETCONF monitoring. urn:ietf:params:xml:ns:yang:ietf-yang-types? module=ietf-yang-types&revision=2010-09-24 Defines data types for general YANG data types. YANG is the data modeling language used to develop the RUGGEDCOM NETCONF software. For more information on this namespace, see Internet Engineering Task Force RFC 6021 [http://tools.ietf.org/html/rfc6021]. For more information on this namespace, see Internet Engineering Task Force RFC 6022 [http://tools.ietf.org/html/rfc6022]. For more information on this namespace, see Internet Engineering Task Force RFC 6022 [http://tools.ietf.org/html/rfc6022]. urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults? revision=2010-11-11&module=ietf-with-defaults Vendor-Defined Capabilities Defines items used by the with-defaults capability. For more information on this namespace, see Internet Engineering Task Force RFC 6243 [http://tools.ietf.org/html/rfc6243]. 17 Chapter 2 RUGGEDCOM NETCONF NETCONF Capabilities and Namespaces Reference Guide Section 2.4 Vendor-Defined Namespaces The following namespaces support vendor-defined NETCONF capabilities: Namespace Description http://tail-f.com/ns/netconf/with-defaults/1.0 Supports and extends the IETF with-defaults capability. http://tail-f.com/ns/netconf/actions/1.0 Supports the vendor-defined actions capability. http://tail-f.com/ns/netconf/commit/1.0 Supports the vendor-defined commit capability. Section 2.5 RUGGEDCOM Namespaces The RUGGEDCOM namespaces define the configuration data model on the device. Depending on the physical configuration of your device, not all RUGGEDCOM namespaces may be present. For example, if your device does not have switch interfaces, the switch namespace will not be present. * http://ruggedcom.com/ns/rmf?module=rmf&revision=2012-11-28 The parent container for all RUGGEDCOM ROX II configuration data. * http://ruggedcom.com/ns/rmf_admin?module=rmf_admin&revision=2012-11-28 The admin namespace contains administrative configuration data. The admin namespace is the equivalent of the admin menu level in the RUGGEDCOM ROX II web user interface, and the admin command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_chassis?module=rmf_chassis&revision=2012-11-28 The chassis namespace contains chassis configuration data. The chassis namespace is the equivalent of the chassis menu level in the RUGGEDCOM ROX II web user interface, and the chassis command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_crossbow?module=rmf_crossbow&revision=2013-10-10 The crossbow namespace contains CROSSBOW configuration data. The crossbow namespace is the equivalent of the apps/crossbow menu level in the RUGGEDCOM ROX II web user interface, and the crossbow command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_elan?module=rmf_elan&revision=2012-11-28 The elan namespace contains ELAN configuration data. The elan namespace is the equivalent of the apps/elan menu level in the RUGGEDCOM ROX II web user interface, and the elan command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_events?module=rmf_events&revision=2012-11-28 The events namespace contains event configuration data. * http://ruggedcom.com/ns/rmf_global?module=rmf_global&revision=2012-11-28 The global namespace contains global configuration data. The global namespace is the equivalent of the global menu level in the RUGGEDCOM ROX II web user interface, and the global command in the RUGGEDCOM ROX II command line interface. 18 Vendor-Defined Namespaces RUGGEDCOM NETCONF Reference Guide Chapter 2 NETCONF Capabilities and Namespaces * http://ruggedcom.com/ns/rmf_if?module=rmf_if&revision=2012-11-28 The interface namespace contains interface configuration data. The interface namespace is the equivalent of the interface menu level in the RUGGEDCOM ROX II web user interface, and the interface command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_ifs?module=rmf_ifs&revision=2012-11-28 The interfaces namespace contains interfaces read-only data. The interface namespace is the equivalent of the interfaces menu level in the RUGGEDCOM ROX II web user interface, and the interfaces command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_ifswitch?module=rmf_ifswitch&revision=2012-11-28 The switch namespace contains switch configuration data. The switch namespace is the equivalent of the switch menu level in the RUGGEDCOM ROX II web user interface, and the switch command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_iftunnel?module=rmf_iftunnel&revision=2012-11-28 The tunnel namespace contains tunnel configuration data. The tunnel namespace is the equivalent of the tunnel menu level in the RUGGEDCOM ROX II web user interface, and the tunnel command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_ip?module=rmf_ip&revision=2012-11-28 The ip namespace contains ip address configuration data. The ip namespace is the equivalent of the ip menu level in the RUGGEDCOM ROX II web user interface, and the ip command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_mpls?module=rmf_mpls&revision=2012-11-28 The mpls namespace contains mpls configuration data. The mpls namespace is the equivalent of the mpls menu level in the RUGGEDCOM ROX II web user interface, and the mpls command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_qos?module=rmf_qos&revision=2012-11-28 The qos namespace contains quality of service configuration data. The qos namespace is the equivalent of the qos menu level in the RUGGEDCOM ROX II web user interface, and the qos command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_routing?module=rmf_routing&revision=2012-11-28 The routing namespace contains routing configuration data. The routing namespace is the equivalent of the routing menu level in the RUGGEDCOM ROX II web user interface, and the routing command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_security?module=rmf_security&revision=2012-11-28 The security namespace contains security configuration data. The security namespace is the equivalent of the security menu level in the RUGGEDCOM ROX II web user interface, and the security command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rmf_services?module=rmf_services&revision=2012-11-28 The services namespace contains services configuration data. The services namespace is the equivalent of the services menu level in the RUGGEDCOM ROX II web user interface, and the services command in the RUGGEDCOM ROX II command line interface. * http://ruggedcom.com/ns/rox_apps?module=rox_apps&revision=2012-11-28 The apps namespace contains apps configuration data. The apps namespace is the equivalent of the apps menu level in the RUGGEDCOM ROX II web user interface, and the apps command in the RUGGEDCOM ROX II command line interface. RUGGEDCOM Namespaces 19 Chapter 2 NETCONF Capabilities and Namespaces RUGGEDCOM NETCONF Reference Guide * http://ruggedcom.com/ns/rmf_mpls?module=rmf_mpls&revision=2012-11-28 The mpls namespace contains mpls configuration data. The mpls namespace is the equivalent of the mpls menu level in the RUGGEDCOM ROX II web user interface, and the mpls command in the RUGGEDCOM ROX II command line interface. Section 2.6 Viewing the Capabilities on a Device To view the capabilities on a device, do the following: 1. Log in to the device's NETCONF service via Secure Shell (SSH): $ ssh {user}@{ipAddress} -p 830 -s netconf * {user} is an administrative role user on the device. * {ipAddress} is an address on the device listening for NETCONF activity. The -p parameter indicates the port listening for NETCONF activity. Port 830 is the default NETCONF port. The -s parameter indicates the subsystem. All NETCONF communication must be identified with -s NETCONF. You can configure the IP addresses and ports on which RUGGEDCOM ROX II listens for NETCONF. For more information, refer to Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF". 2. When prompted, provide the user's password. 3. The device responds with a message, listing its capabilities. urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:base:1.1 urn:ietf:params:netconf:capability:writable-running:1.0 urn:ietf:params:netconf:capability:candidate:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.1 urn:ietf:params:netconf:capability:XPath:1.0 urn:ietf:params:netconf:capability:url:1.0?scheme=ftp,sftp,file urn:ietf:params:netconf:capability:validate:1.0 urn:ietf:params:netconf:capability:validate:1.1 urn:ietf:params:netconf:capability:rollback-on-error:1.0 urn:ietf:params:netconf:capability:notification:1.0 urn:ietf:params:netconf:capability:interleave:1.0 urn:ietf:params:netconf:capability:partial-lock:1.0 http://tail-f.com/ns/netconf/with-defaults/1.0 http://tail-f.com/ns/netconf/actions/1.0 http://tail-f.com/ns/netconf/commit/1.0 urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=trim&alsosupported=report-all-tagged urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults? revision=2010-11-11&module=ietf-with-defaults http://ruggedcom.com/ns/rmf?module=rmf&revision=2012-03-07 http://ruggedcom.com/ns/rmf_admin?module=rmf_admin&revision=2012-03-07 http://ruggedcom.com/ns/rmf_chassis?module=rmf_chassis&revision=2012-03-07 http://ruggedcom.com/ns/rmf_events?module=rmf_events&revision=2012-03-07 http://ruggedcom.com/ns/rmf_global?module=rmf_global&revision=2012-03-07 http://ruggedcom.com/ns/rmf_if?module=rmf_if&revision=2012-03-07 http://ruggedcom.com/ns/rmf_ifs?module=rmf_ifs&revision=2012-03-07 20 Viewing the Capabilities on a Device RUGGEDCOM NETCONF Reference Guide Chapter 2 NETCONF Capabilities and Namespaces http://ruggedcom.com/ns/rmf_iftunnel?module=rmf_iftunnel&revision=2012-03-07 http://ruggedcom.com/ns/rmf_ip?module=rmf_ip&revision=2012-03-07 http://ruggedcom.com/ns/rmf_qos?module=rmf_qos&revision=2012-03-07 http://ruggedcom.com/ns/rmf_routing?module=rmf_routing&revision=2012-03-07 http://ruggedcom.com/ns/rmf_security?module=rmf_security&revision=2012-03-07 http://ruggedcom.com/ns/rmf_services?module=rmf_services&revision=2012-03-07 http://tail-f.com/yang/common-monitoring?module=tailf-commonmonitoring&revision=2011-09-22 http://tail-f.com/yang/confd-monitoring?module=tailf-confdmonitoring&revision=2011-09-22 http://tail-f.com/yang/netconf-monitoring?module=tailf-netconfmonitoring&revision=2011-09-22 urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inettypes&revision=2010-09-24 urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconfmonitoring&revision=2010-10-04 urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yangtypes&revision=2010-09-24 1020 ]]>]]> Viewing the Capabilities on a Device 21 Chapter 2 NETCONF Capabilities and Namespaces 22 RUGGEDCOM NETCONF Reference Guide Viewing the Capabilities on a Device RUGGEDCOM NETCONF Reference Guide Chapter 3 NETCONF Sessions NETCONF Sessions This section describes how to do the following: * connect to the NETCONF service on a device via Secure Shell (SSH). You must do this each time you connect to the device to start a NETCONF session. * respond to the device's message. You must do this each time you start a NETCONF session. * close the session gracefully with the command. Closing the session with the command is recommended, but is optional. * kill the session with the command. Closing the session with the command is optional. CONTENTS * Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF" * Section 3.2, "Connecting to the NETCONF Service" * Section 3.3, "Saying Hello" * Section 3.4, "Closing the Session" * Section 3.5, "Killing a Session" Section 3.1 Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF Before sending NETCONF XML messages to any RUGGEDCOM NETCONF device, make sure NETCONF sessions are enabled and configured. For more information, refer to either the RUGGEDCOM ROX II Web Interface or CLI User Guides for the device. The RUGGEDCOM ROX II User Guides also detail how to look up important statistics, such as the number of bad hellos, the total number of dropped sessions, etc. Section 3.2 Connecting to the NETCONF Service RUGGEDCOM ROX II supports the use of Secure Shell (SSH) to connect to the NETCONF service on the device. To connect to the NETCONF service, specify an IP address, port, and subsystem: $ ssh {user}@{ipAddress} -p 830 -s netconf Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF 23 Chapter 3 NETCONF Sessions RUGGEDCOM NETCONF Reference Guide * {user} A user name on the device assigned the administrative user role. * {ipAddress} The IP address or hostname of the device. * -p 830 Specifies port 830. The default NETCONF port is port 830. * -s netconf Specifies the NETCONF subsystem. You must always specify the NETCONF subsystem when initiating a NETCONF session. You can configure the IP addresses and ports on which RUGGEDCOM ROX II listens for NETCONF. For more information, refer to Section 3.1, "Configuring/Monitoring NETCONF in RUGGEDCOM NETCONF". When prompted, provide the user password. When you connect to the device, the device responds with a message, listing its NETCONF capabilities. For more information on the message and on how to respond to it, refer to Section 3.3, "Saying Hello". Section 3.3 Saying Hello When you open a NETCONF session, the device responds with a message. The elements in the message list the NETCONF commands, functions, and namespaces supported on the device. The message also includes a element, containing a numeric identifier for the new session. Before you can issue NETCONF requests, you must respond to the message. The minimal response is to reply with a message listing just the netconf:base capability from the client. You can also reply with the client's actual capabilities, or reply by returning the device's capabilities back to the device. In all examples in this guide, we respond to the message with the minimal response. NOTE Your reply to the message must not contain a . Including a in your response results in a bad element error and the device closes the session. If you choose to return the device's message as the response, make sure that only one version of each capability is present in your response. RUGGEDCOM ROX II advertises two versions of the following capabilities: urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:base:1.1 urn:ietf:params:netconf:capability:confirmed-commit:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.1 urn:ietf:params:netconf:capability:validate:1.0 urn:ietf:params:netconf:capability:validate:1.1 You must return either version 1.0 or version 1.1 of each capability. Do not return both versions of each capability. CONTENTS * Section 3.3.1, "RUGGEDCOM ROX II NETCONF Message" 24 Saying Hello RUGGEDCOM NETCONF Reference Guide Chapter 3 NETCONF Sessions Section 3.3.1 RUGGEDCOM ROX II NETCONF Message The following is the hello message returned when you connect to the NETCONF service on a device running the RUGGEDCOM ROX II operating system: urn:ietf:params:netconf:base:1.0 urn:ietf:params:netconf:base:1.1 urn:ietf:params:netconf:capability:writable-running:1.0 urn:ietf:params:netconf:capability:candidate:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.0 urn:ietf:params:netconf:capability:confirmed-commit:1.1 urn:ietf:params:netconf:capability:xpath:1.0 urn:ietf:params:netconf:capability:url:1.0?scheme=ftp,sftp,file urn:ietf:params:netconf:capability:validate:1.0 urn:ietf:params:netconf:capability:validate:1.1 urn:ietf:params:netconf:capability:rollback-on-error:1.0 urn:ietf:params:netconf:capability:notification:1.0 urn:ietf:params:netconf:capability:interleave:1.0 urn:ietf:params:netconf:capability:partial-lock:1.0 http://tail-f.com/ns/netconf/with-defaults/1.0 http://tail-f.com/ns/netconf/actions/1.0 http://tail-f.com/ns/netconf/commit/1.0 urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=trim&alsosupported=report-all-tagged urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?revision=2010-11-11&module=ietfwith-defaults http://ruggedcom.com/ns/rmf?module=rmf&revision=2012-03-07 http://ruggedcom.com/ns/rmf_admin?module=rmf_admin&revision=2012-03-07 http://ruggedcom.com/ns/rmf_chassis?module=rmf_chassis&revision=2012-03-07 http://ruggedcom.com/ns/rmf_events?module=rmf_events&revision=2012-03-07 http://ruggedcom.com/ns/rmf_global?module=rmf_global&revision=2012-03-07 http://ruggedcom.com/ns/rmf_if?module=rmf_if&revision=2012-03-07 http://ruggedcom.com/ns/rmf_ifs?module=rmf_ifs&revision=2012-03-07 http://ruggedcom.com/ns/rmf_iftunnel?module=rmf_iftunnel&revision=2012-03-07 http://ruggedcom.com/ns/rmf_ip?module=rmf_ip&revision=2012-03-07 http://ruggedcom.com/ns/rmf_qos?module=rmf_qos&revision=2012-03-07 http://ruggedcom.com/ns/rmf_routing?module=rmf_routing&revision=2012-03-07 http://ruggedcom.com/ns/rmf_security?module=rmf_security&revision=2012-03-07 http://ruggedcom.com/ns/rmf_services?module=rmf_services&revision=2012-03-07 http://tail-f.com/yang/common-monitoring?module=tailf-commonmonitoring&revision=2011-09-22 http://tail-f.com/yang/confd-monitoring?module=tailf-confdmonitoring&revision=2011-09-22 http://tail-f.com/yang/netconf-monitoring?module=tailf-netconfmonitoring&revision=2011-09-22 urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2010-09-24 urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconfmonitoring&revision=2010-10-04 urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2010-09-24 1020 ]]>]]> The following is the minimal hello response required from the NETCONF client: RUGGEDCOM ROX II NETCONF Message 25 Chapter 3 NETCONF Sessions RUGGEDCOM NETCONF Reference Guide urn:ietf:params:netconf:base:1.0 ]]>]]> The device does not reply to the response unless there is an error. After issuing the response, you can begin sending NETCONF requests. Section 3.4 Closing the Session Closing a session requests the graceful termination of a NETCONF session. It is recommended that you use the command to close each NETCONF session. Upon closing the session, the device also terminates the SSH connection. When the server receives a request, it does the following: * gracefully closes the session * releases any locks and resources associated with the session * gracefully closes any associated connections * ignores any NETCONF requests received after the request If the NETCONF device can complete the request, it sends an document containing the element. If the NETCONF device cannot complete the request, it sends an document containing the element. To close a NETCONF session, send the following: ]]>]]> Upon successfully closing the session, the device responds with the following: ]]>]]> Section 3.5 Killing a Session Killing a session terminates a specified NETCONF session, cancelling any operations in progress and releasing all locks, resources, and connections for the session. Use the command to close NETCONF sessions other than the current session. You cannot use to close the session from which the command is used. does not roll back the configuration or state changes made by the configuration being terminated. If the session being terminated is performing a confirmed commit when the is issued, the NETCONF server restores the configuration to its state before the confirmed commit was issued. 26 Closing the Session RUGGEDCOM NETCONF Reference Guide Chapter 3 NETCONF Sessions To kill a session, you need to know its . To determine the of another session, attempt to a configuration. If the configuration is already locked by another session, the for the session is reported in the message received from the unsuccessful attempt. To kill a session where you know the , issue the following: 1968 >>>]]> The device responds with the following message and kills the session: To kill a session where you do not know the , first attempt to a configuration. In this example, we attempt to lock the already locked configuration: ]]>]]> The device responds with the following: protocol lock-denied error 1968 ]]>]]> Incorporate the into the command: 1968 The device responds with the following message and kills the specified session: Killing a Session 27 Chapter 3 RUGGEDCOM NETCONF NETCONF Sessions Reference Guide 28 Killing a Session RUGGEDCOM NETCONF Reference Guide Chapter 4 Getting Data Getting Data This section describes how to use NETCONF to retrieve configuration data from RUGGEDCOM ROX II. NETCONF features two get commands to retrieve data from the device: * retrieves device state data and information from the running configuration. For more information, refer to Section 4.1, "Using the Command". * retrieves information from a either the candidate or running configuration. For more information, refer to Section 4.2, "Using the Command". When getting information, you specify the information to retrieve by stating the path through the RUGGEDCOM ROX II data model. You can specify the path with a series of hierarchical XML elements, or with an XPath to the desired content. To determine the path to the desired data, you can retrieve XML files containing the RUGGEDCOM ROX II data model from the device. The RUGGEDCOM ROX II database is modelled using YANG, an IETF standard for NETCONF data modelling. The data model for RUGGEDCOM ROX II is defined in several YANG files. Typically, each RUGGEDCOM namespace is defined in a single YANG file. YANG files contain structured content, but they are not in XML. YIN files are XML versions of YANG data model files. YIN files are well-formed XML files, making them easily parseable and able to be programmatically traversed and manipulated. You can use YIN files to find the path to every data element in the RUGGEDCOM ROX II data model. For more information on the YANG data modelling language, see Internet Engineering Task Force RFC 6020 [http://tools.ietf.org/html/rfc6020]. CONTENTS * Section 4.1, "Using the Command" * Section 4.2, "Using the Command" * Section 4.3, "Using XPaths with and " * Section 4.4, "Getting Information for a Specific Object" * Section 4.5, "Getting Default Values" * Section 4.6, "Getting Data Models from the Device" Section 4.1 Using the Command Use the command to retrieve information from the running configuration. The element contains the path to the information to retrieve. You can specify the path with hierarchical XML elements, or with an XPath. When using hierarchical elements, do the following: Using the Command 29 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide * specify the element's type attribute as subtree * construct the path to the desired element within the element * specify the namespace for the root element in the path You can use an XPath in the element, instead of the hierarchical XML element structure. For information on how to use an XPath, refer to Section 4.3, "Using XPaths with and ". The following example shows how to return the state of the Developer Log Enabled setting using hierarchical XML elements. In this example, the Developer Log is enabled, so the value for the Enabled setting is returned as true. ]]>]]> The device returns the following: true ]]>]]> Section 4.2 Using the Command Use the command to retrieve information from a specified configuration, either the running configuration or the candidate configuration. The element contains the path to the information to retrieve. You can specify the path with hierarchical XML elements, or with an XPath. When using hierarchical elements, do the following: * use the element to specify the configuration to query. The configuration can be either or . * specify the element's type attribute as subtree 30 Using the Command RUGGEDCOM NETCONF Reference Guide Chapter 4 Getting Data * construct the path to the desired element within the element * specify the namespace for the root element in the path You can also use an XPath in the element, instead of the hierarchical XML element structure. For information on how to use an XPath, refer to Section 4.3, "Using XPaths with and ". The following example shows how to return the list of users from the running configuration: ]]>]]> The device returns the following: admin $1$z6HPcW$nIHgNp6EXWzN.l9SlhAVE1 administrator guest $1$YEkflk$EEEV0mzCClp9oFVWVAiba1 guest oper $1$1iSWr$S64yY2AzheWLDhSdbwfQP0 operator ]]>]]> Section 4.3 Using XPaths with and Instead of using a structure of hierarchical XML elements, you can use XPaths with the and commands. XPaths are easy to construct and remove the need to specify the namespace of the data path's root element in the query. When using an XPath, do the following: * specify the element's type attribute as xpath. * specify the element's select attribute with the XPath to the desired element. Using XPaths with and 31 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide The following example shows how to return the state of the Developer Log Enabled setting using an XPath. In this example, the Developer Log is enabled, so the value for the Enabled setting is returned as true. ]]>]]> The device returns the following: true ]]>]]> The following example shows how to use an XPath with the command. ]]>]]> The device returns the following: true ]]>]]> 32 Using XPaths with and RUGGEDCOM NETCONF Reference Guide Chapter 4 Getting Data Section 4.4 Getting Information for a Specific Object To retrieve information for a specific object, such as a user, an interface, or other identified object, specify the identification for the item item in the XML element hierarchy or XPath. CONTENTS * Section 4.4.1, "Specifying Objects with Hierarchical XML Elements" * Section 4.4.2, "Specifying Objects with XPaths" Section 4.4.1 Specifying Objects with Hierarchical XML Elements When using hierarchical XML elements, enclose the identifying data within its element. For example: {element} ... {element}{data}{/element} ... {/element} Where: * {element} is an element in the data model. * ... represents multiple elements in the data model to the target element. * {data} is the identifying data for the object whose information you want to retrieve. For example, to return the role for a specific user, send an rpc-message similar to the following: oper ]]>]]> The device returns the following rpc-reply: oper operator Getting Information for a Specific Object 33 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide ]]>]]> Section 4.4.2 Specifying Objects with XPaths When using XPath, use the following syntax in the select statement: select="{element}/.../{element}[{element}='{data}']/{element}"/> * {element} is an element in the data model. * ... represents multiple elements in the data model to the target element. * {data} is the identifying data for the object whose information you want to retrieve. For example, to return the role for a specific user, send an rpc-message similar to the following: ]]>]]> The device returns the following: oper operator ]]>]]> Section 4.5 Getting Default Values The NETCONF standard does not require NETCONF servers to return the default values from the database. If you query an object that has a default value, the server may return just the data structure and not the default value. For example, the NETCONF Trace Log Enabled setting is disabled by default. When you query this value, NETCONF does not return the default setting. When you issue this query: 34 Specifying Objects with XPaths RUGGEDCOM NETCONF Reference Guide Chapter 4 Getting Data ]]>]]> The device returns the following: ]]>]]> Note that the element is not returned. To return the default values for elements, add a with-defaults attribute to the element, and set the attribute to true. When you issue this query: ]]>]]> The device returns the following: false ]]>]]> Section 4.6 Getting Data Models from the Device Most data available in RUGGEDCOM ROX II can be accessed using NETCONF. To access data within in RUGGEDCOM ROX II, the user only need to provide the path the target parameter from which data will be retrieved or updated. To determine the path to a parameter, refer to the following references: * RUGGEDCOM ROX II User Guide User Guides for RUGGEDCOM ROX II detail each parameter in the RUGGEDCOM ROX II user interface. Make sure to reference the User Guide specific to the target device. Getting Data Models from the Device 35 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide * RUGGEDCOM ROX II CLI Paths to parameters in the RUGGEDCOM ROX II CLI are a direct representation of the underlying data model. * YANG/YIN Files YANG and YIN files detail the RUGGEDCOM ROX II data model in formats that can be parsed and transformed as needed. YANG files are based on the IETF standard for NETCONF data modeling. YIN files are well-formed XML versions of the YANG files. Typically, each RUGGEDCOM namespace is defined in one or more separate YANG/YIN files. These files can be downloaded directly from the device and then opened in the open-source pyang utility to create human-readable tree diagrams of the elements in each file. For information about using pyang, refer to the Section 4.6.3, "Using pyang". For information on how to download YANG and YIN files, refer to Section 4.6.2, "Getting YIN and YANG Files from the Device". NOTE Paths to NETCONF action commands can be determined from the YANG files. However, YANG files can be difficult to decipher for some users. For a list of commonly used NETCONF actions and their paths, refer to Chapter 6, RUGGEDCOM ROX II Actions. NOTE For more information on the YANG data modeling language, refer to RFC 6020 [http://tools.ietf.org/ html/rfc6020]. CONTENTS * Section 4.6.1, "Getting Schemas from the Device" * Section 4.6.2, "Getting YIN and YANG Files from the Device" * Section 4.6.3, "Using pyang" Section 4.6.1 Getting Schemas from the Device This section describes how to download a list of schemas from RUGGEDCOM ROX II. This general list of schemas provides information needed to download specific schemas from the device. To get a list of schemas from the device, do the following: 1. Log in to the device and start a NETCONF session. For instructions on how to initiate a NETCONF session, refer to Section 3.2, "Connecting to the NETCONF Service" 2. Issue this command: The device responds with a list of schemas. 36 Getting Schemas from the Device RUGGEDCOM NETCONF Reference Guide 3. Chapter 4 Getting Data Review the list and locate the entries for items you want to retrieve. For example, shown here are the entries for the rmf_admin namespace: rmf_admin 2012-03-07 yin http://ruggedcom.com/ns/rmf_admin NETCONF rmf_admin 2012-03-07 yang http://ruggedcom.com/ns/rmf_admin NETCONF 4. Make a note of the , , and data. You need this information to retrieve the YIN or YANG file from the device. 5. After finding the , , and for the schema you want to download, you can retrieve the YIN and YANG files. For instructions, refer to Section 4.6.2, "Getting YIN and YANG Files from the Device". Section 4.6.2 Getting YIN and YANG Files from the Device To retrieve a specific YIN or YANG file, do the following: 1. Log in to the device and start a NETCONF session. For instructions on how to initiate a NETCONF session, refer to Section 3.2, "Connecting to the NETCONF Service". 2. Download a list of schemas from RUGGEDCOM NETCONF and determine the identifier, version and format of the schema associated with the target YIN or YANG file. For more information, refer to Section 4.6.1, "Getting Schemas from the Device". 3. Issue this command: {identifier} {version} {format} ]]>]]> * {identifier} Specifies the schema name. * {version} Specifies the schema version number. * {format} Specifies the schema format: yin or yang. For example, this command retrieves the rmf_admin YIN file: rmf_admin Getting YIN and YANG Files from the Device 37 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide 2012-03-07 yin ]]>]]> The device returns the text from the specified YIN or YANG file. Section 4.6.3 Using pyang pyang is an open-source utility used to validate and transform YANG and YIN files. pyang is particularly useful for transforming YANG and YIN files into text-based output that clearly illustrated the hierarchy of the elements in the RUGGEDCOM ROX II data model files. Download pyang from the pyang project site [http://code.google.com/p/pyang/]. pyang is a Python-based application. If you do not already have Python installed, download it from python.org [http://www.python.org/]. This section describes how to us pyang to convert a YANG or YIN file to a text-based tree diagram of a RUGGEDCOM ROX II schema. To convert a YANG or YIN file to a text-based tree diagram, do the following: 1. Before beginning, download one or more YANG or YIN files from RUGGEDCOM ROX II. For instructions on downloading schemas, refer to Section 4.6.2, "Getting YIN and YANG Files from the Device". 2. At a command line prompt; type this command: pyang {inputFile} -o {outputFile} -f tree * {inputFile} The path to and filename of the YANG or YIN file that you want to convert. * {outputFile} The path to and filename of the text-based tree diagram that you want to create. For example, to convert the rmf_services.yan file to a text-based tree diagram, type the following command. This example assumed that you are issuing the command in the same directory as where the rmf_services.yang file is located. pyang rmf_services.yang -o rmf_services.txt -f tree 3. pyang creates the rmf_services.txt file. Open the output file in a text editor. This example shows a portion of the rmf_services.yang file rendered as a text-based tree: module: rmf_services +--rw services +--rw time +--rw ntp +--rw enabled? +--rw server [name] | +--rw name | +--rw enabled? | +--rw peer? | +--rw minpoll? | +--rw maxpoll? | +--rw iburst? | +--rw ntp-version? | +--rw prefer? 38 boolean inet:host empty empty ntpPollType ntpPollType empty ntpVersionType empty Using pyang RUGGEDCOM NETCONF Chapter 4 Reference Guide Getting Data | . . . +--rw key? leafref * rw indicates a read-write node. * ro indicates a read-only node. * [square braces] indicate an identifier or name for a data object. * text following the node name indicates the data type for the node, such as boolean, string, and so on. CONTENTS * Section 4.6.3.1, "Using the Text-Based Tree" Section 4.6.3.1 Using the Text-Based Tree Refer to the text-based tree to help build paths and element references in your NETCONF commands. Use the structure shown in the text-based tree diagram to build the XML used in your NETCONF messages. For example, to enable the NTP service on a device, locate the ntp/enabled field in the tree: +--rw services +--rw time +--rw ntp +--rw enabled? . . . boolean In the XML, this tree structure looks like the following: To set the Enabled field to true, the XML in your NETCONF looks like the following: true ]]>]]> Note that you need to add the XML namespace to the root element in the data structure. To address an identified object, you need to refer to the object's identifying name or key. In this example, we want to set a peer IP address for the NTP server named ntp_server_01. Using the Text-Based Tree 39 Chapter 4 RUGGEDCOM NETCONF Getting Data Reference Guide Again, refer to the text-based tree diagram to locate the services/ntp/server(name)/peer field in the tree: +--rw services +--rw time +--rw ntp +--rw enabled? +--rw server [name] | +--rw name | +--rw enabled? | +--rw peer? . . . boolean inet:host empty empty In the XML, this tree structure looks like the following: To set a peer for the NTP server, the XML in your NETCONF rpc looks like the following: ntp_server_01 192.168.0.100 ]]>]]> 40 Using the Text-Based Tree RUGGEDCOM NETCONF Chapter 5 Reference Guide Changing Configuration Data Changing Configuration Data This section describes how to change configuration data and perform actions on your device through NETCONF. You can edit configuration data in two ways: * You can edit the running configuration directly. In this approach, any changes you make to the running configuration take effect immediately. You do not need to use the command to apply the changes. You cannot use the command to check the syntax of the changes before they take effect. However, you can use the command after making the changes to confirm that they are correct. Obviously, making changes to the running configuration is potentially risky. It is recommended that you use this approach only after gaining experience with NETCONF and confirming that your scripts and procedures work reliably. * You can edit the candidate configuration and then commit the changes to the running configuration. In this approach, you make changes to a safe workspace called the candidate configuration. After making changes, you can use the command to confirm the syntax of the candidate configuration. If necessary, you can discard the changes with the command, allowing you to cancel the editing process and clear any errors. After reviewing and validating the changes, you apply the changes to the running configuration with the command. Editing the candidate configuration and then committing the changes is the recommended approach for editing configuration data. CONTENTS * Section 5.1, "Changing Data in the Running Configuration" * Section 5.2, "Changing Data in the Candidate Configuration" Section 5.1 Changing Data in the Running Configuration To edit data in the running configuration, simply specify the running configuration as the target in the edit-config command. You do not need to commit the change with the commit command. You cannot validate the syntax of the change with the validate command before the change takes effect. If you want to validate the change, use the validate commands on the running configuration after making the change. CAUTION! Making changes directly to the running configuration is potentially risky: you may interrupt service on the device, or your changes may conflict with those of other users working on other management interfaces. Making changes to the running configuration should only be done by those with sufficient system expertise and experience to make sure that such changes are performed properly. To edit the running configuration, do the following: 1. Connect to and log in to the device. 2. Issue the command: Changing Data in the Running Configuration 41 Chapter 5 RUGGEDCOM NETCONF Changing Configuration Data Reference Guide {path} ]]>]]> * {path} The XML elements describing the path to and the data for the element to be edited. For example, to create a static VLAN: 0086 ]]>]]> After making changes to the running configuration, you can use the validate command to check the syntax on the configuration. For instructions on how to validate a configuration, refer to Section 5.2.5, "Validating Changes". Section 5.2 Changing Data in the Candidate Configuration The recommended approach for changing data is to make your changes to the candidate configuration before committing the changes to the running configuration. Making changes to the candidate configuration provides the opportunity to validate the syntax of the configuration and to discard the changes if required. As illustrated in Section 1.5.3, "Sample Session: Editing Data", editing data in the candidate configuration and committing it involves a multi-step workflow: 1. Connect to the device and say hello. 2. Lock the candidate and running configuration datastores. 3. Discard any stray changes to restore the configurations to a known state. 4. Edit the candidate configuration. 5. Validate the candidate configuration. 6. Commit the changes. 7. Unlock the datastores. 8. Close the session. 42 Changing Data in the Candidate Configuration RUGGEDCOM NETCONF Reference Guide Chapter 5 Changing Configuration Data This section describes how to lock the datastores, edit and delete data, validate the configuration, commit the changes, and lock the datastores. For instructions on how to initiate a NETCONF session, refer to Section 3.2, "Connecting to the NETCONF Service". For instructions on how to close a NETCONF session, refer to Section 3.4, "Closing the Session". CONTENTS * Section 5.2.1, "Locking Data Stores" * Section 5.2.2, "Copying Data" * Section 5.2.3, "Replacing Data" * Section 5.2.4, "Deleting Data" * Section 5.2.5, "Validating Changes" * Section 5.2.6, "Committing Changes" Section 5.2.1 Locking Data Stores To lock the candidate and running datastores, do the following: 1. Issue an request to lock the running configuration: ]]>]]> * All commands must be enclosed within tags. The message-id attribute is not required but is recommended. The message-id attribute is returned in the device response, allowing you to match responses with requests. * The element indicates that this request is to lock a configuration. * The element specifies the configuration to lock. In this , the lock target is the configuration. * The ]]>]]> string indicates the end of the NETCONF message. Each NETCONF message must end with ]]>]]> The device responds with the following: ]]>]]> The running configuration is now locked 2. Issue an request to lock the candidate configuration: Locking Data Stores 43 Chapter 5 Changing Configuration Data RUGGEDCOM NETCONF Reference Guide ]]>]]> The device responds with the following: ]]>]]> The candidate configuration is now locked. Section 5.2.2 Copying Data You can use the copy-config command to do the following: * copy a specified configuration to an XML file on the device. Do this when you want to save a configuration to a file and then download the file through the web interface or command line interface. * copy an XML file on the device to a specified configuration. Do these when you want to overwrite a specified configuration with a file that has been uploaded to the device through the web interface or through the command line interface. When using copy-config to save the configuration to an XML file, the file is saved in the /var/lib/config directory on the device. You can download the through the RUGGEDCOM ROX II Web interface or through the command line interface. To save a configuration to an XML file, do the following: 1. Connect to and log in to the device. 2. Issue the copy-config command: file:///{filename.xml} <{configuration}/> ]]>]]> * {filename.xml} Specify a filename for the new XML file. * {configuration} Specify the configuration to save: running or candidate. For example, this command saves the running configuration to a file named running_config_01.xml: file:///running_config_01.xml 44 Copying Data RUGGEDCOM NETCONF Reference Guide Chapter 5 Changing Configuration Data ]]>]]> The file is saved to the /var/lib/config directory on the device. To overwrite a configuration with a configuration file, do the following: 1. Upload an XML configuration file to the device. For instructions on how to upload a configuration file, refer to the RUGGEDCOM NETCONF v Web Interface User Guide or RUGGEDCOM NETCONF v CLI User Guide for the device. 2. Connect to and log in to the device. 3. Lock the running configuration: ]]>]]> 4. Lock the target configuration: ]]>]]> 5. Discard any configuration changes: ]]>]]> 6. Use copy-config to copy the file to a specified configuration: <{configuration}/> file:///{filename} ]]>]]> * {configuration} The target configuration: can be candidate or running. * {filename} The name of the configuration file uploaded to /var/lib/config For example, this command loads the configuration file standard_config.xml to the running configuration: Copying Data 45 Chapter 5 Changing Configuration Data RUGGEDCOM NETCONF Reference Guide file:///standard_config.xml ]]>]]> 7. Commit the changes: ]]>]]> 8. Unlock the candidate configuration: ]]>]]> 9. Unlock the running configuration: ]]>]]> Section 5.2.3 Replacing Data To replace an existing configuration value with a new value, do the following: 1. Connect to and log in to the device. 2. Lock the running configuration: ]]>]]> 3. Lock the target configuration: ]]>]]> 4. 46 Discard any configuration changes: Replacing Data RUGGEDCOM NETCONF Reference Guide Chapter 5 Changing Configuration Data ]]>]]> 5. Issue an request with the replace operation: <{root element} xmlns="{namespace URL}" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> {configuration data with nc:operation="replace" attribute} ]]>]]> * {root element} The top level element in the data model under which the data is located. Note that you need to declare the xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" namespace at this point. * {namespace} The URL to the RUGGEDCOM namespace for the top level element. * {configuration data with nc:operation="replace" attribute} The path to the data to be replaced, with the nc:operation="replace" attribute on the element containing the data to be replaced. For example, to replace an existing IP address with a new address, issue the following request. fe-cm-1
192.168.1.42/24
]]>]]> 6. Commit the change: ]]>]]> 7. Unlock the candidate configuration: Replacing Data 47 Chapter 5 Changing Configuration Data RUGGEDCOM NETCONF Reference Guide ]]>]]> 8. Unlock the target configuration: ]]>]]> Section 5.2.4 Deleting Data To delete a specific configuration setting, do the following: 1. Connect to and log in to the device. 2. Lock the running configuration: ]]>]]> 3. Lock the target configuration: ]]>]]> 4. Discard any configuration changes: ]]>]]> 5. Issue an request with the delete operation: <{root element} xmlns="{namespace URL}" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> {configuration data with nc:operation="delete" attribute} 48 Deleting Data RUGGEDCOM NETCONF Reference Guide Chapter 5 Changing Configuration Data ]]>]]> * {root element} The top level element in the data model under which the data is located. Note that you need to declare the xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" namespace at this point. * {namespace} The URL to the RUGGEDCOM namespace for the top level element. * {configuration data with nc:operation="delete" attribute} The path to the data to be deleted, with the nc:operation="delete" attribute on the element containing the data to be deleted. For example, to clear the Passive Interface setting on an interface in OSPF, issue the following request. switch.0022 ]]>]]> 6. Commit the change: ]]>]]> 7. Unlock the candidate configuration: ]]>]]> 8. Unlock the target configuration: ]]>]]> Deleting Data 49 Chapter 5 Changing Configuration Data RUGGEDCOM NETCONF Reference Guide Section 5.2.5 Validating Changes You can validate the syntax of a specified configuration with the validate comment. Validation confirms the syntax of the specified configuration. After making extensive changes to the candidate configuration, it is recommended that your validate the candidate configuration before committing it. To validate a configuration, do the following: 1. Connect to and log in to the device. 2. Issue an request with the validation command: <{configuration}/> ]]>]]> * {configuration} The configuration to validate: candidate or running. For example, to validate the candidate configuration, issue this command: ]]>]]> If the configuration syntax is correct, the device responds with the following: ]]>]]> If the configuration syntax is not correct, the device responds with an message. For example: application operation-failed error /rmf_admin:admin/rmf_admin:authentication /admin/authentication: admin/timezone must be set authentication ]]>]]> * The , , and elements provide information about the nature of the syntax error. 50 Validating Changes RUGGEDCOM NETCONF Reference Guide Chapter 5 Changing Configuration Data * The element indicates where in the configuration the syntax error is found. * The element provides a message, when one is available, describing the error. * The element indicates the element related to the error. For more information on NETCONF errors, see Internet Engineering Task Force RFC 6241 Appendix A. NETCONF Error List [http://tools.ietf.org/html/rfc6241#appendix-A]. Section 5.2.6 Committing Changes After making changes to the candidate configuration, you can commit the changes to make the changes active in the running configuration. It is recommended that you first validate the candidate configuration before issuing the commit command. For instructions on how to validate a configuration, refer to Section 5.2.5, "Validating Changes". To commit changes made to the candidate configuration, issue this command: ]]>]]> Committing Changes 51 Chapter 5 Changing Configuration Data 52 RUGGEDCOM NETCONF Reference Guide Committing Changes RUGGEDCOM NETCONF Chapter 6 Reference Guide RUGGEDCOM ROX II Actions RUGGEDCOM ROX II Actions This section describes how to activate RUGGEDCOM ROX II actions on the device with an message through NETCONF. Actions perform functions directly on the device, such as shutting down the device, rebooting, clearing port statistics, and more. To activate most actions, the simply specifies the path to the action in the RUGGEDCOM ROX II data model. Some actions require parameters, such as module and port numbers, object identifiers, and other settings. Where required, this section describes the parameters for each action. This section organizes the actions by the RUGGEDCOM namespace in which the actions are found. Table: Actions and RUGGEDCOM ROX II Web Interface Equivalents Action Path to Action in RUGGEDCOM ROX II Section 6.1.1, "snmp-discover" admin snmp snmp-discover Section 6.1.2, "launch-upgrade" admin software-upgrade launch-upgrade Section 6.1.3, "decline-upgrade" admin software-upgrade decline-upgrade Section 6.1.4, "rollback-reboot" admin software-upgrade rollback-reboot Section 6.1.5, "roxflash" admin rox-imaging roxflash Section 6.1.6, "clear-all-alarms" admin clear-all-alarms Section 6.1.7, "acknowledge-all-alarms" admin acknowledge-all-alarms Section 6.1.8, "shutdown" admin shutdown Section 6.1.9, "reboot" admin reboot Section 6.1.10, "set-system-clock" admin set-system-clock Section 6.1.11, "restore-factory-defaults" admin restore-factory-defaults Section 6.1.12, "delete-logs" admin delete-logs Section 6.1.13, "install-files" admin install-files Section 6.1.14, "backup-files (Backup Files)" admin install-files Section 6.1.15, "full-configuration-save" admin full-configuration-save Section 6.1.16, "full-configuration-load" admin full-configuration-load Section 6.2.5, "reset (Serial Port)" interfaces serial port{interface} reset Section 6.2.6, "clear-serial-port-stats" interfaces serial port{interface} clear-serial-port-stats Section 6.2.7, "restart-serserver" interfaces serial restart-serserver Section 6.2.8, "reset-port (Switch Port)" interfaces switch{interface} reset-port Section 6.2.9, "clear-port-stats (Switch Port)" interfaces switch{interface} clear-port-stats Section 6.2.10, "start-cable-test (Switch Port)" interfaces switch{interface} diagnostics start-cable-test 53 Chapter 6 RUGGEDCOM NETCONF RUGGEDCOM ROX II Actions Reference Guide Action Path to Action in RUGGEDCOM ROX II Section 6.2.11, "clear-cable-stats-port (Switch Port)" interfaces switch{interface} diagnostics clear-cable-statsport Section 6.3.1, "ntp-status" services time ntp ntp-status Section 6.3.2, "log (Link-Failover)" services link-failover{interface} log Section 6.3.3, "start-test (Link Failover)" services link-failover{interface} start-test Section 6.3.4, "cancel-test (Link Failover)" services link-failover{interface} cancel-test Section 6.3.5, "show-active-leases (DHCP Server)" services dhcpserver show-active-leases Section 6.4.1, "clear-stp-stats (Switch)" switch spanning-tree clear-stp-stats Section 6.4.2, "flush-dynamic-rules (Switch)" switch layer3-switching flush-dynamic-rules Section 6.4.3, "reset-all-switch-ports (Switch)" switch reset-all-switch-ports Section 6.4.4, "clear-all-switch-stats (Switch)" switch clear-all-switch-stats Section 6.4.5, "clear-cable-stats-all (Switch)" switch clear-cable-stats-all CONTENTS * Section 6.1, "Admin Namespace Actions" * Section 6.2, "Interfaces Namespace Actions" * Section 6.3, "Services Namespace Actions" * Section 6.4, "Switch Namespace Actions" * Section 6.5, "Tunnel Namespace Actions" Section 6.1 Admin Namespace Actions This section describes how to perform actions related to administration namespaces using messages through NETCONF. CONTENTS * Section 6.1.1, "snmp-discover" * Section 6.1.2, "launch-upgrade" * Section 6.1.3, "decline-upgrade" * Section 6.1.4, "rollback-reboot" * Section 6.1.5, "roxflash" * Section 6.1.6, "clear-all-alarms" * Section 6.1.7, "acknowledge-all-alarms" * Section 6.1.8, "shutdown" * Section 6.1.9, "reboot" * Section 6.1.10, "set-system-clock" 54 Admin Namespace Actions RUGGEDCOM NETCONF Reference Guide Chapter 6 RUGGEDCOM ROX II Actions * Section 6.1.11, "restore-factory-defaults" * Section 6.1.12, "delete-logs" * Section 6.1.13, "install-files" * Section 6.1.14, "backup-files (Backup Files)" * Section 6.1.15, "full-configuration-save" * Section 6.1.16, "full-configuration-load" Section 6.1.1 snmp-discover This action discovers the SNMP engine ID for a given IP address and port. Parameters include the {ip address}, {port}, and {trap-port}.
{ipAaddress}
{port} {trapPort} ]]>]]> * {ipAddress} The SNMP IP address the device listens on. * {port} The SNMP data port the device listens on (if any). * {trapPort} The SNMP trap port the device listens on (if any). Section 6.1.2 launch-upgrade This action launches a RUGGEDCOM ROX II software upgrade to the alternate partition on the device. The repository address and target release must be configured in admin/software-upgrade/upgrade-settings. A reboot is required to run the new software release in the alternate partition. All configurations are locked from the start of the upgrade to the subsequent reboot. This action does not take any parameters. snmp-discover 55 Chapter 6 RUGGEDCOM ROX II Actions RUGGEDCOM NETCONF Reference Guide ]]>]]> Section 6.1.3 decline-upgrade This action declines a RUGGEDCOM ROX II software upgrade. After an upgrade occurs and while the system is awaiting a reboot to the upgraded partition, use the action to cancel the attempt to run the upgraded partition. This action also unlocks all configurations locked by the process. If no update has been applied, or if the device is not awaiting a reboot after applying an update, this action has no effect. This action does not take any parameters. ]]>]]> Section 6.1.4 rollback-reboot This action boots the device to a previous software release on the alternate partition. This action does not take any parameters. ]]>]]> 56 decline-upgrade RUGGEDCOM NETCONF Chapter 6 Reference Guide RUGGEDCOM ROX II Actions Section 6.1.5 roxflash This action flashes a RUGGEDCOM ROX II image to the alternate partition. On rebooting, the device boots from the flashed partition. Configurations are not transferred. This action takes a single parameter: {url}. {url} ]]>]]> NOTE To determine which file transfer protocol is supported, refer to the RUGGEDCOM ROX II User Guide for the device. * {url} The URL of the RUGGEDCOM NETCONF image to download. The URL format is protocol:// user:password@host:port/path-to-file. If the server does not require authentication, user:password can be omitted. When using the default port for the protocol, :port may also be omitted. Section 6.1.6 clear-all-alarms This action clears all clearable alarms in the active list. Note that not all alarms can be cleared. This action does not take any parameters. ]]>]]> Section 6.1.7 acknowledge-all-alarms This action acknowledges all alarms in the active list. The alarms remain in the active list, but Alarm LED and critical alarm relay are shut off. This action does not take any parameters. roxflash 57 Chapter 6 RUGGEDCOM ROX II Actions RUGGEDCOM NETCONF Reference Guide ]]>]]> Section 6.1.8 shutdown This action shuts down the device. After using this action, the device shuts down and provides a time-out period during which you can remove power from the device. The default time-out period is 300 seconds (five minutes). At the end of the time-out period, the device reboots and restarts. This action does not take any parameters. ]]>]]> Section 6.1.9 reboot This action reboots the device. This action does not take any parameters. ]]>]]> Section 6.1.10 set-system-clock This action sets the date and time on the system. This action takes a single parameter: