ncclient通过NetConf对接Juniper虚拟交换机

其实主要目的是验证Juniper的虚拟交换机netconf是否ready

Testbed搭建

  • 基于EVE-NG平台
  • Juniper的虚拟交换机vmx使用vmx-14.1.R1来启动
  • 一台CentOS主机通过EVE上的net与vmx的em0连通

交换机配置

  • 启动交换机后,通过点击Web图标串口登录
  • 初始密码是root/root123
  • 进入配置模式
root@vMX-1% cli
root@vMX-1> configure 
Entering configuration mode

[edit]
root@vMX-1# 
  • 下发配置
set interfaces em0 unit 0 family inet address 192.168.122.102/24 
set system login user netops uid 203
set system login user netops class super-user
set system login user netops authentication plain-text-password
 > 要求输入密码:Test123
 > 要求再次输入同样的密码:Test123
set system services ftp
set system services ssh root-login allow
set system services ssh protocol-version v2
set system services netconf ssh port 830
  • 关于Juniper JUNOS plain-text-password vs. encrypted-password的区别,可以看这里

CentOS主机

  • 接口IP为:192.168.122.211/24,与vmx的带外管理口在同一个网段
  • 尝试使用netops/Testing来登录
[root@deployer juniper]# ssh netops@192.168.122.102
Password:
--- JUNOS 14.1R1.10 built 2014-06-07 09:37:07 UTC
netops@vMX-1> exit 

Connection to 192.168.122.102 closed.
[root@deployer juniper]# 
  • 安装ncclient这个python包
pip install ncclient
  • 获取GitHub上的相关代码
[root@deployer ~]# git clone https://github.com/ncclient/ncclient
...
[root@deployer ~]# cd /root/ncclient/examples/juniper
[root@deployer juniper]# 

对接

  • 该文件夹下已经有很多适配Juniper交换机的脚本

通过netconf获取信息

  • 选取一个获取端口状态的脚本get-interface-status.py,修改最后一行
connect('192.168.122.102', 830, 'netops', 'Test123')
  • 运行脚本,可以获取到vmx的所有接口状态
[root@deployer juniper]# python get-interface-status.py
2020-03-30 17:38:17,083 INFO transport.py:1819 Connected (version 2.0, client OpenSSH_6.4)
2020-03-30 17:38:17,255 INFO transport.py:1819 Authentication (publickey) failed.
2020-03-30 17:38:17,281 INFO transport.py:1819 Authentication (password) successful!
2020-03-30 17:38:17,422 INFO ssh.py:506 [host 192.168.122.102 session 0x7f0e4c5bce90] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:capabilities><nc:capability>urn:ietf:params:netconf:capability:writable-running:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:with-defaults:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</nc:capability><nc:capability>urn:liberouter:params:netconf:capability:power-control:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file,https,sftp</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.1</nc:capability><nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:notification:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:xpath:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:startup:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:interleave:1.0</nc:capability></nc:capabilities></nc:hello>]]>]]>
2020-03-30 17:38:18,060 INFO ssh.py:125 [host 192.168.122.102 session 0x7f0e4c5bce90] Received message from host
2020-03-30 17:38:18,094 INFO session.py:125 [host 192.168.122.102 session-id 7303] initialized: session-id=7303 | server_capabilities=<dictionary-keyiterator object at 0x7f0e4c569cb0>
2020-03-30 17:38:18,097 INFO rpc.py:325 [host 192.168.122.102 session-id 7303] Requesting 'ExecuteRpc'
2020-03-30 17:38:18,165 INFO ssh.py:506 [host 192.168.122.102 session-id 7303] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:864fe5a3-7b2b-47a7-b165-ba7ba9b49169"><get-interface-information><terse/></get-interface-information></nc:rpc>]]>]]>
2020-03-30 17:38:19,155 INFO ssh.py:125 [host 192.168.122.102 session-id 7303] Received message from host
2020-03-30 17:38:19,223 INFO get-interface-status.py:26 ge-0/0/0 - up
2020-03-30 17:38:19,224 INFO get-interface-status.py:26 lc-0/0/0 - up
2020-03-30 17:38:19,226 INFO get-interface-status.py:26 pfe-0/0/0 - up
2020-03-30 17:38:19,227 INFO get-interface-status.py:26 pfh-0/0/0 - up
2020-03-30 17:38:19,227 INFO get-interface-status.py:26 ge-0/0/1 - up
2020-03-30 17:38:19,228 INFO get-interface-status.py:26 ge-0/0/2 - up
2020-03-30 17:38:19,228 INFO get-interface-status.py:26 ge-0/0/3 - up
2020-03-30 17:38:19,229 INFO get-interface-status.py:26 ge-0/0/4 - up
2020-03-30 17:38:19,230 INFO get-interface-status.py:26 ge-0/0/5 - up
2020-03-30 17:38:19,230 INFO get-interface-status.py:26 ge-0/0/6 - up
2020-03-30 17:38:19,231 INFO get-interface-status.py:26 ge-0/0/7 - up
2020-03-30 17:38:19,231 INFO get-interface-status.py:26 ge-0/0/8 - up
2020-03-30 17:38:19,232 INFO get-interface-status.py:26 ge-0/0/9 - up
2020-03-30 17:38:19,232 INFO get-interface-status.py:26 cbp0 - up
2020-03-30 17:38:19,233 INFO get-interface-status.py:26 demux0 - up
2020-03-30 17:38:19,234 INFO get-interface-status.py:26 dsc - up
2020-03-30 17:38:19,234 INFO get-interface-status.py:26 em0 - up
2020-03-30 17:38:19,234 INFO get-interface-status.py:26 em1 - up
2020-03-30 17:38:19,235 INFO get-interface-status.py:26 em2 - up
2020-03-30 17:38:19,235 INFO get-interface-status.py:26 em3 - up
2020-03-30 17:38:19,235 INFO get-interface-status.py:26 em4 - up
2020-03-30 17:38:19,236 INFO get-interface-status.py:26 em5 - up
2020-03-30 17:38:19,236 INFO get-interface-status.py:26 gre - up
2020-03-30 17:38:19,236 INFO get-interface-status.py:26 ipip - up
2020-03-30 17:38:19,236 INFO get-interface-status.py:26 irb - up
2020-03-30 17:38:19,237 INFO get-interface-status.py:26 lo0 - up
2020-03-30 17:38:19,237 INFO get-interface-status.py:26 lsi - up
2020-03-30 17:38:19,237 INFO get-interface-status.py:26 mtun - up
2020-03-30 17:38:19,237 INFO get-interface-status.py:26 pimd - up
2020-03-30 17:38:19,238 INFO get-interface-status.py:26 pime - up
2020-03-30 17:38:19,238 INFO get-interface-status.py:26 pip0 - up
2020-03-30 17:38:19,238 INFO get-interface-status.py:26 pp0 - up
2020-03-30 17:38:19,238 INFO get-interface-status.py:26 tap - up
2020-03-30 17:38:19,239 INFO get-interface-status.py:26 vtep - up
[root@deployer juniper]# 

通过netconf设置

  • 选取一个获取端口状态的脚本set-description.py,修改最后一行
connect('192.168.122.102', 830, 'netops', 'Test123', 'set interfaces %s description example' % interface)
  • 运行
[root@deployer juniper]# python set-description.py
2020-03-30 17:52:34,827 INFO transport.py:1819 Connected (version 2.0, client OpenSSH_6.4)
2020-03-30 17:52:35,054 INFO transport.py:1819 Authentication (publickey) failed.
2020-03-30 17:52:35,095 INFO transport.py:1819 Authentication (password) successful!
2020-03-30 17:52:35,276 INFO ssh.py:506 [host 192.168.122.102 session 0x7f6b8e54cd10] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:capabilities><nc:capability>urn:ietf:params:netconf:capability:writable-running:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:with-defaults:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</nc:capability><nc:capability>urn:liberouter:params:netconf:capability:power-control:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file,https,sftp</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.1</nc:capability><nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:notification:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:xpath:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:startup:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:interleave:1.0</nc:capability></nc:capabilities></nc:hello>]]>]]>
2020-03-30 17:52:36,323 INFO ssh.py:125 [host 192.168.122.102 session 0x7f6b8e54cd10] Received message from host
2020-03-30 17:52:36,349 INFO session.py:125 [host 192.168.122.102 session-id 7522] initialized: session-id=7522 | server_capabilities=<dictionary-keyiterator object at 0x7f6b8e4f9cb0>
2020-03-30 17:52:36,350 INFO rpc.py:325 [host 192.168.122.102 session-id 7522] Requesting 'Lock'
2020-03-30 17:52:36,426 INFO ssh.py:506 [host 192.168.122.102 session-id 7522] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:65594085-b60e-4acb-b4fd-2f00c46cf530"><nc:lock><nc:target><nc:candidate/></nc:target></nc:lock></nc:rpc>]]>]]>
2020-03-30 17:52:36,434 INFO ssh.py:125 [host 192.168.122.102 session-id 7522] Received message from host
2020-03-30 17:52:36,469 INFO rpc.py:325 [host 192.168.122.102 session-id 7522] Requesting 'LoadConfiguration'
2020-03-30 17:52:36,536 INFO ssh.py:506 [host 192.168.122.102 session-id 7522] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c4e117ec-466c-406a-8a6a-97b4b5627734"><nc:load-configuration action="set" format="text"><nc:configuration-set>set interfaces em0 description example</nc:configuration-set></nc:load-configuration></nc:rpc>]]>]]>
2020-03-30 17:52:36,550 INFO ssh.py:125 [host 192.168.122.102 session-id 7522] Received message from host
2020-03-30 17:52:36,585 INFO set-description.py:20 <rpc-reply message-id="urn:uuid:c4e117ec-466c-406a-8a6a-97b4b5627734">
  <load-configuration-results>
    <ok/>
  </load-configuration-results>
</rpc-reply>

2020-03-30 17:52:36,586 INFO rpc.py:325 [host 192.168.122.102 session-id 7522] Requesting 'Commit'
2020-03-30 17:52:36,652 INFO ssh.py:506 [host 192.168.122.102 session-id 7522] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:7d525141-affc-4b11-b0d0-320c20eb9c88"><commit-configuration/></nc:rpc>]]>]]>
2020-03-30 17:52:37,873 INFO ssh.py:125 [host 192.168.122.102 session-id 7522] Received message from host
2020-03-30 17:52:37,911 INFO set-description.py:22 <rpc-reply message-id="urn:uuid:7d525141-affc-4b11-b0d0-320c20eb9c88">
  <ok/>
</rpc-reply>

2020-03-30 17:52:37,912 INFO rpc.py:325 [host 192.168.122.102 session-id 7522] Requesting 'Unlock'
2020-03-30 17:52:37,975 INFO ssh.py:506 [host 192.168.122.102 session-id 7522] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:04a87be2-50bd-4a0a-a864-3401514305f6"><nc:unlock><nc:target><nc:candidate/></nc:target></nc:unlock></nc:rpc>]]>]]>
2020-03-30 17:52:38,009 INFO ssh.py:125 [host 192.168.122.102 session-id 7522] Received message from host
2020-03-30 17:52:38,029 INFO rpc.py:325 [host 192.168.122.102 session-id 7522] Requesting 'CloseSession'
2020-03-30 17:52:38,110 INFO ssh.py:506 [host 192.168.122.102 session-id 7522] Sending:
<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:ffdeecf8-29d9-4a7b-a518-40e41b648d27"><nc:close-session/></nc:rpc>]]>]]>
2020-03-30 17:52:38,118 INFO ssh.py:125 [host 192.168.122.102 session-id 7522] Received message from host
[root@deployer juniper]# 
  • 对比前后em0接口的配置,发现多了接口描述,和预期相同
    set_port_desc.png

一些记录

简单验证netconf对接并获取JUNOS的capabilities

[root@master01 ~]# ssh netops@192.168.122.103 -s netconf
The authenticity of host '192.168.122.103 (192.168.122.103)' can't be established.
ECDSA key fingerprint is SHA256:a2sYd8IAm2pmHBaaeYlkzX9HzLNsa819vWYRWtexQCs.
ECDSA key fingerprint is MD5:8a:eb:c1:b1:25:33:11:05:8f:cd:f8:e0:b3:16:6b:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.122.103' (ECDSA) to the list of known hosts.
Password:
<!-- No zombies were killed during the creation of this user interface -->
<!-- user netops, class j-super-user -->
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <capabilities>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
    <capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability>
    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>
    <capability>http://xml.juniper.net/dmi/system/1.0</capability>
  </capabilities>
  <session-id>52452</session-id>
</hello>
]]>]]>


^CKilled by signal 2.
[root@master01 ~]# 

这里提供了一个输入RPC的接口,在本例中直接按ctrl+c强制退出了

获取show命令对应的RPC指令

root@vMX-3> show route | display xml rpc 
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/18.2R2/junos">
    <rpc>
        <get-route-information>
        </get-route-information>
    </rpc>
    <cli>
        <banner></banner>
    </cli>
</rpc-reply>

root@vMX-3> 

直接执行rpc命令

# step 1:建立netconf连接
[root@master01 ~]# ssh netops@192.168.122.103 -s netconf
...
# step 2:直接在终端粘贴
    <rpc>
        <get-route-information>
        </get-route-information>
    </rpc>
# step 3:查看输出
]]>
    <rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/18.2R2/junos">
        <get-route-information>
        </get-route-information>
    </rpc><route-information xmlns="http://xml.juniper.net/junos/18.2R2/junos-routing">
<!-- keepalive -->
<route-table>
<table-name>inet.0</table-name>
<destination-count>3</destination-count>
<total-route-count>3</total-route-count>
<active-route-count>3</active-route-count>
<holddown-route-count>0</holddown-route-count>
<hidden-route-count>0</hidden-route-count>
<rt junos:style="brief">
<rt-destination>3.3.3.3/32</rt-destination>
<rt-entry>
<active-tag>*</active-tag>
<current-active/>
<last-active/>
<protocol-name>Direct</protocol-name>
<preference>0</preference>
<age junos:seconds="430369">4d 23:32:49</age>
<nh>
<selected-next-hop/>
<via>lo0.0</via>
</nh>
</rt-entry>
</rt>
<rt junos:style="brief">
<rt-destination>192.168.122.0/24</rt-destination>
<rt-entry>
<active-tag>*</active-tag>
<current-active/>
<last-active/>
<protocol-name>Direct</protocol-name>
<preference>0</preference>
<age junos:seconds="428538">4d 23:02:18</age>
<nh>
<selected-next-hop/>
<via>vtnet2.0</via>
</nh>
</rt-entry>
</rt>
<rt junos:style="brief">
<rt-destination>192.168.122.103/32</rt-destination>
<rt-entry>
<active-tag>*</active-tag>
<current-active/>
<last-active/>
<protocol-name>Local</protocol-name>
<preference>0</preference>
<age junos:seconds="428538">4d 23:02:18</age>
<nh-type>Local</nh-type>
<nh>
<nh-local-interface>vtnet2.0</nh-local-interface>
</nh>
</rt-entry>
</rt>
</route-table>
<route-table>
<table-name>inet6.0</table-name>
<destination-count>1</destination-count>
<total-route-count>1</total-route-count>
<active-route-count>1</active-route-count>
<holddown-route-count>0</holddown-route-count>
<hidden-route-count>0</hidden-route-count>
<rt junos:style="brief">
<rt-destination>ff02::2/128</rt-destination>
<rt-entry>
<active-tag>*</active-tag>
<current-active/>
<last-active/>
<protocol-name>INET6</protocol-name>
<preference>0</preference>
<age junos:seconds="484564">5d 14:36:04</age>
<nh-type>MultiRecv</nh-type>
</rt-entry>
</rt>
</route-table>
<route-table>
<table-name>bgp.rtarget.0</table-name>
<destination-count>13</destination-count>
<total-route-count>13</total-route-count>
<active-route-count>0</active-route-count>
<holddown-route-count>0</holddown-route-count>
<hidden-route-count>13</hidden-route-count>
</route-table>
</route-information>

通过netconf这个channel同样可以下发配置,只要贴入正确的XML格式的rpc请求的内容。

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值