Topic: tech juniper jaut prev next

tech juniper jaut > Junos Platform Automation and DevOps (JAUT)

Junos Platform Automation and DevOps (JAUT)

Module 13: YANG

The actual content of the configuration data passed by NETCONF is not standardised. YANG provides a way to look at the content layer of the NETCONF connection. It is a step on the way to standardising the configuration format between vendors, but allows of each vendor’s custom format. Below the NETCONF content layer are the operation, message and transport layers.

YANG is a protocol-independent human-readable language. It supports built-in types and derived types. Data is validated by a YANG validator or NETCONF server. Juniper Networks provides YANG modules that define the Junos configuration herarchy and operatational commands.

The YANG schema is comparable to the XML schema (XSD), but is considered more human-readable.

YANG is used to verify configuration and to verify interoperability. Working groups publish YANG models for certain features, which vendors implement, providing a standard way to configure those features on devices from multiple vendors.

YANG Modules

The namespace is a URI, it does not link to a web address. The namespace is defined to resolve clashes with similarly named items from other modules. Prefixes are defined to avoid typing the whole namespace URI.

module clear {
    namespace "http://yang.juniper.net/yang/1.1/jrpc";
    prefix jrpc;
    import junos-extension {
        prefix junos;
    }
    organization "Juniper Networks, Inc.";
    description "Junos YANG module for RPC";
    revision 2017-06-09 {
        description "Initial revision.";
    }
}

Module Definitions

The YANG module’s main content is in the form of definition statement.

typedef ipaddr {
    type string;
}

An example to define an allowed RPC call, with an input;

rpc clear-mac-rewrite-error {
    description "Clear mac-rewrite error on an interface";
    input {
        leaf interface-name {
            description "Name of interface";
            type interface-device
        }
    }
}

There are four types of node available to build the data model:

Leaf nodes contain simple data types (integer or string) and cannot contain leaf nodes. YANG comes with a wide range of built-in types. Types can also be typedef’ed as above. Typedefs are lexically scoped, so they can be limited to the hierarchy in which they appear.

The ‘enumeration’ type is used as;

type enumeration {
    enum "detail" {
        description "Display detailed output";
    }
    ...
}

The leaf-list nodes contain multiple values of the same type.

leaf-list interface {
description ...;
    type interface-name;
    min-elements 1;
    max-elements 5;
}

Container nodes do not contain values themselves. They are used to describe the hierarchy, and contain other nodes. They can map neatly to hierarchical languages such as XML;

rpc ... {
    output {
        container statistics {
            container packet-statistics {
                ...

A list node contains a set of child nodes. The ‘key’ specifies the leaf to be used as a unique key and is enforced;

list user {
    key "name";
    leaf name {
        ...
    }
    leaf class {
        ...

Grouping

Groupings create a reusable set of nodes that can be referenced elsewhere. Hierarchy scoping works for groupings as it does for types;

group inet_filter {
    leaf {
        ...

list filter {
    key name;
    ordered-by user;
    uses inet_filter;
    ...

Choice and Case Statements

Choice statements allow only one of several cases to be configured;

choice protocol_choice {
    case tcp {
        leaf {
            ...
    }
    case ucp {
        leaf {
            ...
    }
}

Augment Statement

Add nodes to an existing model;

augment /system/login/user {
    when "vendor != 'Juniper'";
    leaf uid {
        ...

Including and Importing Modules

A module can include modules using the same namespace as the parent module. A module can import modules using a different namespace to the parent module. When importing a module, the namespace of the imported statements will be that of the imported module, so any reference to them must be qualified.

Junos Extension Modules

Juniper publishes modules describing the Junos configuration and operational mode commands on Github. The modules can also be generated on a Junos device with the following command. ‘all-conf’ can be substituted with an individual module name;

show system schema format yang module all-conf output-directory /var/tmp

The operational mode commands’ YANG modules can be generated with;

show system schema format yang module all-rpc output-directory /var/tmp

By default, the modules are generated without extensions. To enable extensions, use the configuration;

set system services netconf yang-modules emit-extensions

YANG and Custom Junos Configuration Syntax

YANG can be used to define configuration syntax and data models that are not native to Junos. For instance, an organisation can choose to use its own data model, or choose an OpenConfig data model for standard features such as BGP. A translation script, written in SLAX or Python, must be used to translate from the custom model to the Junos model. Translated data is loaded into the configuration as a transient change at commit time. Juniper provides translation scripts for OpenConfig data models.

The process of adding YANG modules to the system is triggered using the ‘request system yang add’ command. This validates the module and the translation script, invokes pyang for the module compilation, and translates YIN files into Junos’s native TLV format.

Creating a YANG Package in Junos

Custom YANG modules can be loaded.

Download the YANG modules and scripts. Ensure the correct file permissions for scripts according to the usual Junos rules. Optionally, validate the syntax of the modules and scripts with ‘request system yang validate module [modules] action-script [scripts] translation-script [scripts]’. Create a YANG package with a unique identifier, specifying the modules and scripts that are a part of that package, with ‘request system yang add package package-name module [modules] deviation-module [modules] translation-script [scripts] action-script [scripts]’.

When a package is created, the action and translation scripts are copied to /var/db/scripts/action and /var/db/scripts/translation. Whenever the scripts are updated, it must be updated with ‘request system yan update package-name’. To delete a YANG package, run ‘request system delete package-name’. All configuration statements referencing the package must be deleted first.

To verify that the package was created correctly, and includes all of the modules and scripts, run ‘show system yang package [package-name]’. If no package name is specified, all YANG packages are shown.

Example

Example omitted (TODO).

To see the configuration before and after it is run through the translation scripts, in Junos and XML formats, run;

show | compare
show | display translation-scripts configured-delta

show | display translation-scripts translated-config
show | display translation-scripts translated-delta

Configurations can also be deleted. The translation script is called again, and the result of the translation script is deleted from the configuration.