什么是Yang ?
Yang是一种基于标准的数据建模语言,它是定义数据模型的语言,而不是数据语言;通俗点可以理解为SNMP中的MIB文件,主要用于创建设备配置请求或操作的数据请求
什么是Netconf ?
Netconf可以理解为当下的网络工程师,你让他干啥,他就给你干啥,你让他配置或者查看某些信息都可以;
Netconf使用XML数据格式,使用SSH通信,默认端口830
环境准备
本文以Cisco设备CSR1000v为例,服务器使用Ubuntu18.04.1;关于在服务器上YangExplorer怎么搭建,这里不再赘述,那玩意挺难搭建的,按官方的操作步骤,70%的成功几率
1、Cisco CSR设备上的操作
- 配置用户名和密码
CSR_1(config)#username admin privilege 15 password 0 admin
- 开启SSH登陆
CSR_1(config)#ip domain name alex.com
CSR_1(config)#crypto key generate rsa modulus 1024
CSR_1(config)#line vty 0 4
CSR_1(config-line)#login local
CSR_1(config-line)#transport input all
- 开启Netconf
CSR_1(config)#netconf ssh
CSR_1(config)#netconf-yang
CSR_1(config)#ip http server
CSR_1(config)#ip http authentication local
CSR_1(config)#ip http secure-server
- 查看Netconf配置
CSR_1#show netconf-yang statistics
CSR_1#show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running
- 在服务器上测试Netconf服务是否ok
alex@Strive:~$ ssh -s admin@10.32.133.138 -p 830 netconf
2、服务器上的操作
-
开启YangExplorer并通过浏览器登陆
-
创建设备模板
-
测试连通性
连接OK -
将下载好的Yang文件上传至服务器,通过本地方式导入yang模型
root@Strive:/home/alex# cd yang-explorer/
root@Strive:/home/alex/yang-explorer# source v/bin/activate
(v) root@Strive:/home/alex/yang-explorer# cd server/
(v) root@Strive:/home/alex/yang-explorer/server# python2 manage.py bulkupload --user guest --dir /home/alex/yang-master/yang-1/
依次将本次使用到的yang文件进行编译上传
根据使用的设备以及版本导入对应的设备和版本yang文件
注意一定要按以下顺序加载编译yang文件,因为这其中牵扯到了依赖模块
- 登陆YangExplorer进行订阅
OK,以上,是我们的前戏
通过Netconf获取设备配置信息
- 在设备上创建一个环回口的IP地址
CSR_1(config)#interface loopback 0
CSR_1(config-if)#ip address 1.1.1.1 255.255.255.255
CSR_1(config-if)#description alex-test
- 在YangExplorer上Get设备接口信息
<rpc-reply message-id="urn:uuid:c6bdde36-56e0-4e46-af6a-23baca53db19" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet1</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
<interface>
<name>GigabitEthernet2</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>false</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
<interface>
<name>GigabitEthernet3</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<enabled>false</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
<interface>
<name>Loopback0</name>
<description>alex-test</description>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback</type>
<enabled>true</enabled>
<ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
<address>
<ip>1.1.1.1</ip>
<netmask>255.255.255.255</netmask>
</address>
</ipv4>
<ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
</interface>
</interfaces>
</data>
</rpc-reply>
- Get接口的State信息
<rpc-reply message-id="urn:uuid:43347368-9233-4d1d-bfdc-ced014ec5b85" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<interfaces-state xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>Control Plane</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:other</type>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<last-change>2021-01-20T06:04:45.000057+00:00</last-change>
<if-index>0</if-index>
<phys-address>00:00:00:00:00:00</phys-address>
<speed>10240000000</speed>
<statistics>
<discontinuity-time>2021-01-20T06:03:09.000089+00:00</discontinuity-time>
<in-octets>0</in-octets>
<in-unicast-pkts>0</in-unicast-pkts>
<in-broadcast-pkts>0</in-broadcast-pkts>
<in-multicast-pkts>0</in-multicast-pkts>
<in-discards>0</in-discards>
<in-errors>0</in-errors>
<in-unknown-protos>0</in-unknown-protos>
<out-octets>0</out-octets>
<out-unicast-pkts>0</out-unicast-pkts>
<out-broadcast-pkts>0</out-broadcast-pkts>
<out-multicast-pkts>0</out-multicast-pkts>
<out-discards>0</out-discards>
<out-errors>0</out-errors>
</statistics>
</interface>
<interface>
<name>GigabitEthernet1</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<last-change>2021-01-20T06:05:09.000677+00:00</last-change>
<if-index>1</if-index>
<phys-address>00:0c:29:68:20:ea</phys-address>
<speed>1024000000</speed>
<statistics>
<discontinuity-time>2021-01-20T06:03:09.000089+00:00</discontinuity-time>
<in-octets>8890262</in-octets>
<in-unicast-pkts>76656</in-unicast-pkts>
<in-broadcast-pkts>0</in-broadcast-pkts>
<in-multicast-pkts>0</in-multicast-pkts>
<in-discards>0</in-discards>
<in-errors>0</in-errors>
<in-unknown-protos>0</in-unknown-protos>
<out-octets>2194041</out-octets>
<out-unicast-pkts>4909</out-unicast-pkts>
<out-broadcast-pkts>0</out-broadcast-pkts>
<out-multicast-pkts>0</out-multicast-pkts>
<out-discards>0</out-discards>
<out-errors>0</out-errors>
</statistics>
</interface>
<interface>
<name>GigabitEthernet2</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<admin-status>down</admin-status>
<oper-status>down</oper-status>
<last-change>2021-01-20T06:05:06.000394+00:00</last-change>
<if-index>2</if-index>
<phys-address>00:0c:29:68:20:f4</phys-address>
<speed>1024000000</speed>
<statistics>
<discontinuity-time>2021-01-20T06:03:09.000088+00:00</discontinuity-time>
<in-octets>4242</in-octets>
<in-unicast-pkts>44</in-unicast-pkts>
<in-broadcast-pkts>0</in-broadcast-pkts>
<in-multicast-pkts>0</in-multicast-pkts>
<in-discards>0</in-discards>
<in-errors>0</in-errors>
<in-unknown-protos>0</in-unknown-protos>
<out-octets>770</out-octets>
<out-unicast-pkts>7</out-unicast-pkts>
<out-broadcast-pkts>0</out-broadcast-pkts>
<out-multicast-pkts>0</out-multicast-pkts>
<out-discards>0</out-discards>
<out-errors>0</out-errors>
</statistics>
</interface>
<interface>
<name>GigabitEthernet3</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd</type>
<admin-status>down</admin-status>
<oper-status>down</oper-status>
<last-change>2021-01-20T06:05:06.000399+00:00</last-change>
<if-index>3</if-index>
<phys-address>00:0c:29:68:20:fe</phys-address>
<speed>1024000000</speed>
<statistics>
<discontinuity-time>2021-01-20T06:03:09.000088+00:00</discontinuity-time>
<in-octets>3882</in-octets>
<in-unicast-pkts>38</in-unicast-pkts>
<in-broadcast-pkts>0</in-broadcast-pkts>
<in-multicast-pkts>0</in-multicast-pkts>
<in-discards>0</in-discards>
<in-errors>0</in-errors>
<in-unknown-protos>0</in-unknown-protos>
<out-octets>770</out-octets>
<out-unicast-pkts>7</out-unicast-pkts>
<out-broadcast-pkts>0</out-broadcast-pkts>
<out-multicast-pkts>0</out-multicast-pkts>
<out-discards>0</out-discards>
<out-errors>0</out-errors>
</statistics>
</interface>
<interface>
<name>Loopback0</name>
<type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback</type>
<admin-status>up</admin-status>
<oper-status>up</oper-status>
<last-change>2021-01-20T09:34:09.000082+00:00</last-change>
<if-index>6</if-index>
<phys-address>00:1e:e6:ea:05:00</phys-address>
<speed>8192000000</speed>
<statistics>
<discontinuity-time>2021-01-20T06:03:09.000088+00:00</discontinuity-time>
<in-octets>0</in-octets>
<in-unicast-pkts>0</in-unicast-pkts>
<in-broadcast-pkts>0</in-broadcast-pkts>
<in-multicast-pkts>0</in-multicast-pkts>
<in-discards>0</in-discards>
<in-errors>0</in-errors>
<in-unknown-protos>0</in-unknown-protos>
<out-octets>0</out-octets>
<out-unicast-pkts>0</out-unicast-pkts>
<out-broadcast-pkts>0</out-broadcast-pkts>
<out-multicast-pkts>0</out-multicast-pkts>
<out-discards>0</out-discards>
<out-errors>0</out-errors>
</statistics>
</interface>
</interfaces-state>
</data>
</rpc-reply>
- 获取设备Hostname
<rpc-reply message-id="urn:uuid:be566484-7cdf-4e63-929a-da7ca3d100be" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<hostname>CSR_1</hostname>
</native>
</data>
</rpc-reply>
- 获取用户配置信息
<rpc-reply message-id="urn:uuid:e59b6312-06db-463e-bb72-31c9b5f25cf9" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<username>
<name>admin</name>
<privilege>15</privilege>
<password>
<encryption>0</encryption>
<password>admin</password>
</password>
</username>
</native>
</data>
</rpc-reply>
通过Netconf下发设备配置信息
-
通过Netconf在交换机上创建用户名alex 等级10 密码alex666
-
在交换机上查看配置
-
通过Netconf在交换机上创建Loopback 1 IP地址为6.6.6.6/32
Cisco-IOS-XE-native/interface目录
Cisco-IOS-XE-native/interface/Loopback/ip目录
-
在交换机上查看IP地址
通过Netconf配置OSPF
拓扑环境
通过Netconf,下发配置使得两台设备之间建立OSPF
- 两台设备配置IP地址以及Netconf
CSR_1(config)#username admin privilege 15 password 0 admin
CSR_1(config)#ip domain name alex.com
CSR_1(config)#crypto key generate rsa modulus 1024
CSR_1(config)#line vty 0 4
CSR_1(config-line)#login local
CSR_1(config-line)#transport input all
CSR_1(config)#netconf ssh
CSR_1(config)#netconf-yang
CSR_1(config)#ip http server
CSR_1(config)#ip http authentication local
CSR_1(config)#ip http secure-server
CSR_2(config)#username admin privilege 15 password 0 admin
CSR_2(config)#ip domain name alex.com
CSR_2(config)#crypto key generate rsa modulus 1024
CSR_2(config)#line vty 0 4
CSR_2(config-line)#login local
CSR_2(config-line)#transport input all
CSR_2(config)#netconf ssh
CSR_2(config)#netconf-yang
CSR_2(config)#ip http server
CSR_2(config)#ip http authentication local
CSR_2(config)#ip http secure-server
-
查看设备配置
-
在YangExplorer上测试连通性
-
通过YangExplorer配置Loopback接口IP地址(以CSR_1为例)
-
通过YangExplorer配置G2接口IP地址(以CSR_1为例)
-
此时IP地址已经配置上去了,但是端口还没有开启。开启端口(以CSR_1为例)
-
以同样的方法配置CSR_2,这里不再赘述
-
通过Netconf下发OSPF配置(以CSR_1为例)
Cisco-IOS-XE-native/interface/目录
Cisco-IOS-XE-native/router/目录
-
在设备上查看配置
-
在设备上查看OSPF邻居信息
-
通过Netconf查看你路由表
<rpc-reply message-id="urn:uuid:e8e6754d-1505-468f-9c8d-83513e36e097" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<routing-state xmlns="urn:ietf:params:xml:ns:yang:ietf-routing">
<routing-instance>
<ribs>
<rib>
<routes>
<route>
<destination-prefix>0.0.0.0/0</destination-prefix>
<route-preference>254</route-preference>
<metric>254</metric>
<next-hop>
<outgoing-interface/>
<next-hop-address>10.32.133.254</next-hop-address>
</next-hop>
<source-protocol>static</source-protocol>
<active/>
</route>
<route>
<destination-prefix>1.1.1.1/32</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>Loopback0</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
<route>
<destination-prefix>10.32.132.0/23</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>GigabitEthernet1</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
<route>
<destination-prefix>10.32.133.138/32</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>GigabitEthernet1</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
<route>
<destination-prefix>12.1.1.0/24</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>GigabitEthernet2</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
<route>
<destination-prefix>12.1.1.1/32</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>GigabitEthernet2</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
</routes>
</rib>
</ribs>
</routing-instance>
<routing-instance>
<ribs>
<rib>
<routes>
<route>
<destination-prefix>192.168.1.4/30</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>LIIN0</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
<route>
<destination-prefix>192.168.1.6/32</destination-prefix>
<route-preference>0</route-preference>
<metric>0</metric>
<next-hop>
<outgoing-interface>LIIN0</outgoing-interface>
<next-hop-address>0.0.0.0</next-hop-address>
</next-hop>
<source-protocol>direct</source-protocol>
<active/>
</route>
</routes>
</rib>
</ribs>
</routing-instance>
</routing-state>
</data>
</rpc-reply>
- 保存配置