Skip to Content.

rare-dev - Re: [rare-dev] netconf

Subject: Rare project developers

List archive


Re: [rare-dev] netconf


Chronological Thread 
    < Chronological >      < Thread >
  • From: David Schmitz <>
  • To: mc36 <>
  • Cc:
  • Subject: Re: [rare-dev] netconf
  • Date: Mon, 13 Feb 2023 09:56:47 +0100 (CET)
  • Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,

On Sat, 11 Feb 2023, mc36 wrote:

Date: Sat, 11 Feb 2023 04:24:48 +0100
From: mc36 <>
To: , David Schmitz <>
Subject: Re: [rare-dev] netconf

thanks for sharing all this, i have now an vm running fod from your guide...
btw we can narrow this down pretty quickly imho the brute-force way:
so as i added "sho running-config [something] | xml" and knowing that
this converts the stuff in a linear way line by line starting from the
beginning, we can have educated guesses about which xml parser complains
for what... so if your yangctl stops after a crypto blob (happened here)
then its obvious that i need to fix freerouter's xml writer when it comes
to special characters... :) one brute-force solution could be what i did
here: https://github.com/rare-freertr/freeRtr/blob/master/misc/native/tapInt.c#L124
Such brute force way might be - at least in the beginning - a way to go.

A bit ugly to parse for humans in case any character is escaped,
but at least it could work.

Best Regards
David

thx,
cs

On 2/10/23 09:55, David Schmitz wrote:
Hi,

On Fri, 10 Feb 2023, mc36 wrote:

Date: Fri, 10 Feb 2023 08:02:17 +0100
From: mc36 <>
Reply-To:
To: , David Schmitz <>
Subject: Re: [rare-dev] netconf

and well, we arrived to a territory i'm completely unfamiliar with...
tbh i was pretty unsure on what to do here so apologies if it's still not what you need...
so i came up with this: https://github.com/rare-freertr/freeRtr/commit/b4119ef04dd2ab7ef5b6b56ae6a31e371741e9af

now i see the proper (?) namespace in the rpc-reply...

debug userNetconf.doSend:userNetconf.java:439 tx: <?xml version="1.0" encoding="UTF-8"?>
debug userNetconf.doSend:userNetconf.java:439 tx: <rpc-reply message-id="1"


xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
debug userNetconf.doSend:userNetconf.java:439 tx: <data><config><hostname><sid>
debug userNetconf.doSend:userNetconf.java:439 tx: </sid></hostname>
debug userNetconf.doSend:userNetconf.java:439 tx: <buggy>
debug userNetconf.doSend:userNetconf.java:439 tx: </buggy>
debug userNetconf.doSend:userNetconf.java:439 tx: <no><locale>
debug userNetconf.doSend:userNetconf.java:439 tx: </locale></no>

btw how you start the ncclient library inside fod? just in case, imho it's a thing i need to know for furher testing...:)
I started a testing branch https://github.com/GEANT/FOD/tree/testing/freertr1
for this.

Very rudimentary yet.
Find a)
./vnet_router/rtr/init_env (to be run from top level directory of the checkout)
for a rudimentary initialization of python packages (in ./venv/)
and basic FoD configuration
+
b)
./vnet_router/rtr/fodtest_netconf_get a script for standalone testing of the get-config query with FoD's code.

Usage of the latter:
./vnet_router/rtr/fodtest_netconf_get NETCONF_HOST NETCONF_PORT NETCONF_USER NETCONF_PASS
(these command line parameters override the respective values set in FoD config file flowspy/settings.py to allow for more flexible testing)

I still need a bit of time to provide you with my little debug additions to ./venv/lib/python3.8/site-packages/ncclient/transport/session.py etc.
to easier see and understand what is going on.

Best Regards
David

thanks,
cs


On 2/9/23 17:09, David Schmitz wrote:
Hi,

as yangcli now basically is able to understand the get-config results from freertr's
netconf sensor stuff,
I am now trying to test the basic netconf communication (only the RPC communication itself, not the YANG level yet)
with FoD, i.e., actually with the python ncclient library used by FoD.

It seems that ncclient library is a bit strict about xml namespace stuff, specifically regarding the namespace of the <rpc-reply> XML element in the get-config response from freertr:

# request from ncclient/FoD:
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bacdc701-c3f8-422e-93a8-1bf906cad31f"><nc:close-session/></nc:rpc>

# response from freertr:
<rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bacdc701-c3f8-422e-93a8-1bf906cad31f"><ok></ok></rpc-reply>

On receiving that response, ncclient library's rpc reponse handler is ignoring it,
bause in the python code:

...
if tag != qualify("rpc-reply"):

return
...

the condition matches and aborts from the handler function.

I think that ncclient library expects a response like this:
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bacdc701-c3f8-422e-93a8-1bf906cad31f"><ok></ok></rpc-reply>
or simply
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:bacdc701-c3f8-422e-93a8-1bf906cad31f"><ok></ok></rpc-reply> .
I.e. the namespace declaration for the "rpc-reply" element is missing.


Best Regards
David

On Mon, 6 Feb 2023, David Schmitz wrote:

Date: Mon, 6 Feb 2023 16:27:56 +0100 (CET)
From: David Schmitz <>
Reply-To:
To:
Subject: Re: [rare-dev] netconf

Hi,

On Sat, 4 Feb 2023, mc36 wrote:

Date: Sat, 4 Feb 2023 10:55:07 +0100
From: mc36 <>
Reply-To:
To: , David Schmitz <>
Subject: Re: [rare-dev] netconf

some more hacking, now it seems better indented in firefox... :)
https://github.com/rare-freertr/freeRtr/commit/db7b32db4c01b76507b16f28590562ce34dbb40d

sid#show running-config interface loopback0 | xml
<config><interface><loopback0>
</loopback0></interface>
<interface><loopback0><description><management>
</management></description>
<vrf><forwarding><v1>
</v1></forwarding></vrf>
<ipv4><address><identifier-value>10.10.10.227
<identifier-value>255.255.255.255

</identifier-value></identifier-value></address></ipv4>
<ipv6><address><identifier-value>2001:db8:1101::227:227
<ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>
</ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff></identifier-value></address></ipv6>
<template><template1>
</template1></template>
<no><shutdown>
</shutdown></no>
</loopback0></interface></config>
Great!

Best Regards
David


sid#


On 2/4/23 09:50, mc36 wrote:
hi,
to ease debugging this, https://github.com/rare-freertr/freeRtr/commit/4d5c20e2bad3f91c119603ae2783942b84d11830 added a new filter to xml-ize the show outputs... :)
br,
cs


sid#show running-config interface loopback0 | xml
<config><interface><loopback0>
</loopback0></interface>
<description><management>
</management></description>
<vrf><forwarding><v1>
</v1></forwarding></vrf>
<ipv4><address><identifier-value>10.10.10.227
<identifier-value>255.255.255.255
</identifier-value></identifier-value></address></ipv4>
<ipv6><address><identifier-value>2001:db8:1101::227:227
<ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>
</ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff></identifier-value></address></ipv6>
<template><template1>
</template1></template>
<no><shutdown>
</shutdown></no>
<identifier-value>!
</identifier-value>
</config>

sid#show running-config interface loopback0 | setdel
set interface loopback0
set interface loopback0 description management
set interface loopback0 vrf forwarding v1
set interface loopback0 ipv4 address 10.10.10.227 255.255.255.255
set interface loopback0 ipv6 address 2001:db8:1101::227:227 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
set interface loopback0 template template1
delete interface loopback0 shutdown
set interface loopback0 exit
set !

sid#show running-config interface loopback0
interface loopback0
description management
vrf forwarding v1
ipv4 address 10.10.10.227 255.255.255.255
ipv6 address 2001:db8:1101::227:227 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
template template1
no shutdown
exit
!

sid#



On 2/4/23 08:49, mc36 wrote:
hi,
with https://github.com/rare-freertr/freeRtr/commit/aa0bb8a11a6bc4d5bd3f2c228ae36e5f926214f2
now yangcli accepts the config, at least partially... see attached the document i sent it...
br,
cs



yangcli > get-config source=running

Warning: 'data' has no child node 'config'. Using anyxml
Warning: 'data' has no child node 'rpc-reply'. Using anyxml
Warning: 'rpc-reply' has no child node 'rpc-reply'. Using anyxml
mgr_rpc: got invalid reply on session 1 (wrong node depth)
RPC Data Reply 1 for session 399134541:

rpc-reply {
data {
config {
hostname {
netconf
}
buggy
no {

password-encrypt
}
no {
enable
}
banner {
encoded
}
identifier-value !
client {
label-range {
identifier-value 32
}
}
}
rpc-reply
}
rpc-reply
}

yangcli >



On 2/3/23 16:56, mc36 wrote:
hi,
with this https://github.com/rare-freertr/freeRtr/commit/b604046291beb58d3f04079364f859edd2f57fec
i get now a different error message... maybe it's just my config, could you please give it a try?

yangcli > get-config source=running

mgr_top: get node failed (xml reader EOF); session dropped
yangcli>

the latest jar is at src.freertr.org/src/rtr.jar
thx,
cs


On 2/3/23 16:21, David Schmitz wrote:
Hi,

On Fri, 3 Feb 2023, mc36 wrote:

Date: Fri, 3 Feb 2023 16:18:45 +0100
From: mc36 <>
Reply-To:
To: David Schmitz <>
Cc: "" <>
Subject: [rare-dev] netconf

hi,
i tried to bring up your environment but i found too many missing parts from freerouter netconf...
right now, only these are implemented: https://github.com/rare-freertr/freeRtr/blob/master/src/net/freertr/user/userNetconf.java#L29
this is all what i needed to bring up https://github.com/CiscoDevNet/yang-explorer in a vm and query/configure...

but when you issue sget-config / source=running in yangcli see that it tries to access the /?xml/rpc/get-config/source/running
which is not there yet... so the question is, how you spawn your yangcli and what command do you try to execute there?
"get-config source=running" would be enough.
"sget-config source=running" is not needed.

Best Regards
David

thx,
cs










--

David Schmitz

Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:



Archive powered by MHonArc 2.6.19.

Top of Page