Subject: Rare project developers
List archive
- From: David Schmitz <>
- To: , mc36 <>
- Subject: Re: [rare-dev] how to activate netconf
- Date: Mon, 30 Jan 2023 16:56:13 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,
On Mon, 30 Jan 2023, mc36 wrote:
Date: Mon, 30 Jan 2023 16:47:30 +0100Ok, I will check both options.
From: mc36 <>
Reply-To:
To: , David Schmitz <>
Subject: Re: [rare-dev] how to activate netconf
hi,
i see in the repo have an exabgp folder... imho that should be explored further... :)
if that is what im guessing then the easiest way is to bring up that repo and peer exabgp to freerouter...
that is the best way to communicate to a router, and it's universal across routing platforms...
but if you still want to netconf freerouter, and originate the rules from freerouter, then here we go:
Great! Thanks a lot!
noti(cfg-server)#show running-config this
server telnet tel
security authentication access
security rsakey rsa
security dsakey dsa
security ecdsakey ecdsa
second-port 22
exec timestamp
exec colorize header
exec tablemode table
exec logging
exec autocommand netconf <----------------- this is the magic
exec monitor
no exec authorization
login authentication access
login logging
login last global
vrf inet
exit
!
noti(cfg-server)#
everything else just the surrounding to have the ssh and tacacs authed users, etc...
Ok, I will try.
this is what i see issuing that command alone in the cli:
noti#netconf
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:startup:1.0</capability><capability>http://www.freertr.org/yang/freertr-bfd4?module=freertr-bfd4</capability><capability>http://www.freertr.org/yang/freertr-bfd6?module=freertr-bfd6</capability><capability>http://www.freertr.org/yang/freertr-bgp4peer?module=freertr-bgp4peer</capability><capability>http://www.freertr.org/yang/freertr-bgp4perf?module=freertr-bgp4perf</capability><capability>http://www.freertr.org/yang/freertr-bgp6peer?module=freertr-bgp6peer</capability><capability>http://www.freertr.org/yang/freertr-bgp6perf?module=freertr-bgp6perf</capability><capability>http://www.freertr.org/yang/freertr-bmp?module=freertr-bmp</capability><capability>http://www.freertr.org/ya ng/freertr-check?module=freertr-check</capability><capability>http://www.freertr.org/yang/freertr-disk?module=freertr-disk</capability><capability>http://www.freertr.org/yang/freertr-dvigp4int?module=freertr-dvigp4int</capability><capability>http://www.freertr.org/yang/freertr-dvigp4peer?module=freertr-dvigp4peer</capability><capability>http://www.freertr.org/yang/freertr-dvigp6int?module=freertr-dvigp6int</capability><capability>http://www.freertr.org/yang/freertr-dvigp6peer?module=freertr-dvigp6peer</capability><capability>http://www.freertr.org/yang/freertr-flash?module=freertr-flash</capability><capability>http://www.freertr.org/yang/freertr-gc?module=freertr-gc</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/ yang/freertr-ifaces?module=freertr-ifaces</capability><capability>http://www.freertr.org/yang/freertr-ldp4nul?module=freertr-ldp4nul</capability><capability>http://www.freertr.org/yang/freertr-ldp4sum?module=freertr-ldp4sum</capability><capability>http://www.freertr.org/yang/freertr-ldp6nul?module=freertr-ldp6nul</capability><capability>http://www.freertr.org/yang/freertr-ldp6sum?module=freertr-ldp6sum</capability><capability>http://www.freertr.org/yang/freertr-lsigp4int?module=freertr-lsigp4int</capability><capability>http://www.freertr.org/yang/freertr-lsigp4peer?module=freertr-lsigp4peer</capability><capability>http://www.freertr.org/yang/freertr-lsigp4perf?module=freertr-lsigp4perf</capability><capability>http://www.freertr.org/yang/freertr-lsigp6int?module=freertr-lsigp6int</capability><capability>http://www.freertr.org/yang/freertr-lsigp6peer?module=freertr-lsigp6peer</capability><capability>http://www.freertr.org/yang/freertr-lsigp6perf?module=freertr-lsigp6perf</capa bility><capability>http://www.freertr.org/yang/freertr-routing4?module=freertr-routing4</capability><capability>http://www.freertr.org/yang/freertr-routing6?module=freertr-routing6</capability><capability>http://www.freertr.org/yang/freertr-sensor?module=freertr-sensor</capability><capability>http://www.freertr.org/yang/freertr-sys?module=freertr-sys</capability><capability>http://www.freertr.org/yang/freertr-tracker?module=freertr-tracker</capability><capability>http://www.freertr.org/yang/freertr-vrf?module=freertr-vrf</capability></capabilities><session-id>650056842</session-id></hello>
]]>]]>
it is believed to be browseable/configurable by https://github.com/CiscoDevNet/yang-explorer
you can generate any part of the parser to have the yang models, then you can import them to the explorer...
some are already there: https://github.com/rare-freertr/freeRtr/tree/master/misc/netconf
imho you'll quickly pick up your head around it and be able to do the same for policy-map and access-list...
and really thats all what is needed to originate flowspec rules from freerouter, if that's the desire... :)
Yes, I got that one.
btw, have you got my previous email about the topic?
Just was not fully sure whether this new question about the netconf server
would fit very well to the general subject.
Best Regards
David
-------- Forwarded Message --------
Subject: about the current flowspec state
Date: Fri, 27 Jan 2023 12:06:48 +0100
From: mc36 <>
To: , <>
br,
cs
On 1/30/23 16:24, David Schmitz wrote:
Hi,
I am new to the RARE community.
I will be working on a DDoS mitigation use case
involving BGP FlowSpec.
There, BGP FlowSpec routes are going to be injected to freertr via NETCONF/ssh, if possible;
E.g., as currently supported by Firewall-On-Demand (https://github.com/GEANT/FOD).
The exact details are still to be defined
(still investigating freertr).
Now I have the question how to configure netconf/ssh as a server in freertr?
Thanks in Advance
Best Regards
David
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, Frédéric LOUI, 01/31/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/31/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, David Schmitz, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
- Re: [rare-dev] how to activate netconf, mc36, 01/30/2023
Archive powered by MHonArc 2.6.19.