Introduction to Junos Platform Automation and Devops

Module 04: XML and NETCONF

NETCONF

Originally defined by Juniper (as Junos Script). Usually tunneled over SSH. It is now used by multiple vendors. It permits configuration and operation mode commands.

• Transport (SSH, TLS, HTTP/TLS)
• Messages - framing RPC’s, replies, and notifications
• Operations - defines commands which perform operations on the network device
  • lock
  • unlock
  • get
  • get-config
  • edit-config
  • copy-config
  • commit
  • discard-changes
  • delete-config
  • validate
  • create-subscription
  • close-session
  • kill-session
• Content - configuration data, RPC input/output, notification content

Enable NETCONF

Issue;

set netconf ssh

By default, Juniper devices run NETCONF on port 22 (the same port as regular SSH traffic). Some vendors use port 830 for NETCONF. To enable NETCONF over SSH on this port, issue;

set system services netconf ssh port 830

Junos RPC’s

A NETCONF session can be started from the Junos CLI using the ‘netconf’ command.

NETCONF RPC messages should contain a ‘message-id’. The presence of ‘message-id’ is not enforced by Junos.

Example RPC request. Note the termination sequence which must be sent at the end of each message.

<rpc>
    <get-system-uptime-information></get-system-uptime-information>
</rpc>
]]>]]>

To easily find the correct RPC to use for a ‘show’ command, pipe the ‘show’ command though ‘display xml rpc’. The definitive source for RPC commands is the Junos XML schema. The Junos XML API explorer (documentation) is easier to read.

Junos XML API Programming Languages

XSLT, SLAX and Python are supported on-box. Many lanuages are supported off-box; any language which supports the NETCONF API.

Lab

Issuing RPC commands to a Junos device. SSH to the device;

ssh ...

Verify that NETCONF is enabled;

show configuration system services 

should return

ssh {
    root-login allow;
}
netconf {
    ssh;
}

Use the ‘netconf’ command to establish a NETCONF session.

Issue the ‘get-interface-information’ command to get interface information;

<rpc>
    <get-interface-information></get-interface-information>
</rpc>
]]>]]>

Issue the ‘lock-configuration’ command to lock the current configuration;

<rpc>
    <lock-configuration></lock-configuration>
</rpc>
]]>]]>

Issue the following to enable FTP;

<rpc>
    <load-configuration>
        <configuration>
            <system>
                <services>
                    <ftp/>
                </services>
            </system>
        </configuration>
    </load-configuration>
</rpc>
]]>]]>

Commit and unlock the configuration;

<rpc>
    <commit></commit>
</rpc>
]]>]]>

<rpc>
    <unlock-configuration></unlock-configuration>
</rpc>
]]>]]>

Gracefully close the session;

<rpc>
    <close-session></close-session>
</rpc>
]]>]]>

Open a new SSH session to the device. Issue ‘show configuration | compare rollback 1’ to see the change that was made in the RPC session.