Subject: Rare project developers
List archive
- From: David Schmitz <>
- To:
- Subject: Re: [rare-dev] netconf
- Date: Fri, 3 Mar 2023 14:04:50 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,
find attached NETCONF traffic transaction logs between FoD (ncclient library) and netconfd running with the loaded YANG model defined in
https://github.com/GEANT/FOD/blob/python3/vnet_router/configuration.yang
.
There are 3 logs,
one for adding a new BGP FlowSpec rule,
one for editing/replacing an existing rule,
and deleting/removing a rule
from a router.
Each of them contains the full NETCONF transaction log,
not only the proper edit_config/replace_config RPC call,
including locking, committing, as it is currently used by FoD code.
We will have to see how to adapt this FoD code
so not to involving committing (for reasons regarding freertr's performance),
as you mentioned in the VC today.
This code is basically method Applier::apply() in
https://github.com/GEANT/FOD/blob/python3/utils/proxy.py
apply() for adding a new rule,
apply(operation="replace") for editing an existing rule,
apply(operation="delete") for removing a rule
.
Best Regards
David
On Thu, 2 Mar 2023, mc36 wrote:
Date: Thu, 2 Mar 2023 13:52:46 +0100
From: mc36 <>
Reply-To:
To: David Schmitz <>
Cc:
Subject: Re: [rare-dev] netconf
hi
sorry for the late reply i'll fix this a bit later, i just got my asterfuston
and i also need to develop a bit for the eantc according to yesterday vc with
simon and the whole juniper development team :)
the issue is the following:
see below the config generated at each level for my ibgp toward my rrs....
also the xmlized version of the same output...
your issue is the following:
"
<config><router><bgp4><identifier-value>identifier-escape65535
</identifier-value></bgp4></router>
<router><bgp4><identifier-value><vrf><inet>
</inet></vrf>
"
this </bgp4</bgp> is here because it deserialized thet router bgp4 65535 first at level1
then it deserialized the same but at level2...
i'll add a check about if the level1.command==level2.preface then just skip the current line from deserialization...
but just after the asterfuston handoff to alex and my current main interest, preparation for a proper bgp-ct eantc plugfest....
thx,
cs
noti#show running-config router bgp4 65535 | level
info userReader.cmdEnter:userReader.java:1141 command noti#show running-config router bgp4 65535 | level from local:telnet <loop> 23 -> 127.0.0.1 41076
2023-03-02 13:48:55
|router bgp4 65535|
router bgp4 65535| vrf inet|
router bgp4 65535| local-as 65535|
router bgp4 65535| router-id 10.10.10.11|
router bgp4 65535| address-family unicast multicast ouni omlt flowspec oflw vpnuni vpnmlt vpnflw ovpnuni ovpnmlt ovpnflw vpls mspw evpn mdt nsh rpd rtfilter srte osrt linkstate mvpn omvpn|
router bgp4 65535| monitor bmp inet 10.10.10.10 17971|
router bgp4 65535| !|
router bgp4 65535| template r remote-as 65535|
router bgp4 65535| template r local-as 65535|
router bgp4 65535| template r address-family unicast multicast ouni omlt flowspec oflw vpnuni vpnmlt vpnflw ovpnuni ovpnmlt ovpnflw vpls mspw evpn mdt nsh rpd rtfilter srte osrt linkstate mvpn omvpn|
router bgp4 65535| template r distance 200|
router bgp4 65535| template r connection-mode active|
router bgp4 65535| template r compression both|
router bgp4 65535| template r additional-path-rx unicast multicast vpnuni vpnmlt|
router bgp4 65535| template r additional-path-tx unicast multicast vpnuni vpnmlt|
router bgp4 65535| template r update-source loopback0|
router bgp4 65535| template r monitor bmp|
router bgp4 65535| template r hostname domain|
router bgp4 65535| template r software|
router bgp4 65535| template r extended-open|
router bgp4 65535| template r extended-update|
router bgp4 65535| template r aigp|
router bgp4 65535| template r traffeng|
router bgp4 65535| template r pmsitun|
router bgp4 65535| template r tunenc|
router bgp4 65535| template r linkstate|
router bgp4 65535| template r attribset|
router bgp4 65535| template r unknowns-out all|
router bgp4 65535| template r unknowns-in all|
router bgp4 65535| template r segrout|
router bgp4 65535| template r bier|
router bgp4 65535| template r role attrib|
router bgp4 65535| template r send-community all|
router bgp4 65535| !|
router bgp4 65535| neighbor 10.5.1.10 template r|
router bgp4 65535| !|
router bgp4 65535| neighbor 10.26.26.2 template r|
router bgp4 65535| !|
router bgp4 65535| afi-vrf nmaas enable|
router bgp4 65535| afi-vrf nmaas redistribute connected|
router bgp4 65535| afi-vrf nmaas redistribute static|
router bgp4 65535| !|
router bgp4 65535| !|
router bgp4 65535| redistribute connected route-policy prefer|
router bgp4 65535| redistribute static route-policy prefer|
router bgp4 65535| ecmp|
router bgp4 65535| exit|
|!|
noti#
noti#show running-config router bgp4 65535 | xml
info userReader.cmdEnter:userReader.java:1141 command noti#show running-config router bgp4 65535 | xml from local:telnet <loop> 23 -> 127.0.0.1 41076
2023-03-02 13:50:11
<config><router><bgp4><identifier-value>identifier-escape65535
</identifier-value></bgp4></router>
<router><bgp4><identifier-value><vrf><inet>
</inet></vrf>
<local-as><identifier-value>identifier-escape65535
</identifier-value></local-as>
<router-id><identifier-value>identifier-escape10.10.10.11
</identifier-value></router-id>
<address-family><unicast><multicast><ouni><omlt><flowspec><oflw><vpnuni><vpnmlt><vpnflw><ovpnuni><ovpnmlt><ovpnflw><vpls><mspw><evpn><mdt><nsh><rpd><rtfilter><srte><osrt><linkstate><mvpn><omvpn>
</omvpn></mvpn></linkstate></osrt></srte></rtfilter></rpd></nsh></mdt></evpn></mspw></vpls></ovpnflw></ovpnmlt></ovpnuni></vpnflw></vpnmlt></vpnuni></oflw></flowspec></omlt></ouni></multicast></unicast></address-family>
<monitor><bmp><inet><identifier-value>identifier-escape10.10.10.10
<identifier-value>identifier-escape17971
</identifier-value></identifier-value></inet></bmp></monitor>
<template><r><remote-as><identifier-value>identifier-escape65535
</identifier-value></remote-as></r></template>
<template><r><local-as><identifier-value>identifier-escape65535
</identifier-value></local-as></r></template>
<template><r><address-family><unicast><multicast><ouni><omlt><flowspec><oflw><vpnuni><vpnmlt><vpnflw><ovpnuni><ovpnmlt><ovpnflw><vpls><mspw><evpn><mdt><nsh><rpd><rtfilter><srte><osrt><linkstate><mvpn><omvpn>
</omvpn></mvpn></linkstate></osrt></srte></rtfilter></rpd></nsh></mdt></evpn></mspw></vpls></ovpnflw></ovpnmlt></ovpnuni></vpnflw></vpnmlt></vpnuni></oflw></flowspec></omlt></ouni></multicast></unicast></address-family></r></template>
<template><r><distance><identifier-value>identifier-escape200
</identifier-value></distance></r></template>
<template><r><connection-mode><active>
</active></connection-mode></r></template>
<template><r><compression><both>
</both></compression></r></template>
<template><r><additional-path-rx><unicast><multicast><vpnuni><vpnmlt>
</vpnmlt></vpnuni></multicast></unicast></additional-path-rx></r></template>
<template><r><additional-path-tx><unicast><multicast><vpnuni><vpnmlt>
</vpnmlt></vpnuni></multicast></unicast></additional-path-tx></r></template>
<template><r><update-source><loopback0>
</loopback0></update-source></r></template>
<template><r><monitor><bmp>
</bmp></monitor></r></template>
<template><r><hostname><domain>
</domain></hostname></r></template>
<template><r><software>
</software></r></template>
<template><r><extended-open>
</extended-open></r></template>
<template><r><extended-update>
</extended-update></r></template>
<template><r><aigp>
</aigp></r></template>
<template><r><traffeng>
</traffeng></r></template>
<template><r><pmsitun>
</pmsitun></r></template>
<template><r><tunenc>
</tunenc></r></template>
<template><r><linkstate>
</linkstate></r></template>
<template><r><attribset>
</attribset></r></template>
<template><r><unknowns-out><all>
</all></unknowns-out></r></template>
<template><r><unknowns-in><all>
</all></unknowns-in></r></template>
<template><r><segrout>
</segrout></r></template>
<template><r><bier>
</bier></r></template>
<template><r><role><attrib>
</attrib></role></r></template>
<template><r><send-community><all>
</all></send-community></r></template>
<neighbor><identifier-value>identifier-escape10.5.1.10
<template><r>
</r></template></identifier-value></neighbor>
<neighbor><identifier-value>identifier-escape10.26.26.2
<template><r>
</r></template></identifier-value></neighbor>
<afi-vrf><nmaas><enable>
</enable></nmaas></afi-vrf>
<afi-vrf><nmaas><redistribute><connected>
</connected></redistribute></nmaas></afi-vrf>
<afi-vrf><nmaas><redistribute><static>
</static></redistribute></nmaas></afi-vrf>
<redistribute><connected><route-policy><prefer>
</prefer></route-policy></connected></redistribute>
<redistribute><static><route-policy><prefer>
</prefer></route-policy></static></redistribute>
<ecmp>
</ecmp>
</identifier-value></bgp4></router></config>
noti#
On 3/1/23 16:17, David Schmitz wrote:
Hi,
On Wed, 22 Feb 2023, mc36 wrote:
Date: Wed, 22 Feb 2023 09:05:25 +0100
From: mc36 <>
To: , David Schmitz <>
Subject: Re: [rare-dev] netconf
hi,
On 2/22/23 08:32, David Schmitz wrote:
The "-" can also not be the first character of a XML element name.
here we goo:
https://github.com/rare-freertr/freeRtr/commit/16b65de6b33b29d732d2615cd0ddeec8cc247955
Now, just after having accomplished a working test-wise BGP FlowSpec exchange between an extended version of test bed https://github.com/rare-freertr/validated-design/tree/main/000-man/004a-run-bgp-rr
and my own freertr router having a network connection to my test FoD,
I continued to look at the XML NETCONF data.
It still seems to have a strange bug:
...
</script>
<access-list>
<rule1 />
</access-list>
<access-list>
<rule1>
<sequence>
<identifier-value>identifier-escape10
<permit>
<identifier-value>identifier-escape58
<any>
<all>
<any>
<all />
</any>
</all>
</any></identifier-value>
</permit></identifier-value>
</sequence>
</rule1>
<rule10 />
</access-list>
<access-list>
<rule10>
<sequence>
...
This snippet is from own freertr router, with the the following access list config:
sh ru rule
access-list rule1
sequence 10 permit 58 any all any all
exit
access-list rule10
sequence 10 permit 58 any all any all
exit
access-list rule20
sequence 10 deny 6 12.12.12.12 255.255.255.255 3 13.13.13.13 255.255.255.255 13
exit
access-list rule21
sequence 10 deny 6 any 789 any 0
exit
access-list rule3
sequence 10 permit 58 any all any all
exit
access-list rule5
sequence 10 permit 6 10.1.11.1 255.255.255.255 7-19 10.1.1.1 255.255.255.255 33-78
exit
access-list rule9
sequence 10 permit 1 any all any all
exit
So, as you can see, there is defined in the config a single access list named "rule1",
but in the XML above
the XML element
<access-list>
<rule1 />
</access-list>
precedes
the actual <access-list>
<rule1 ...
XML element.
This seems to happen for all the access lists.
And, it happens as well for policy-maps:
...
</asdf>
<policy-map-p4 />
</policy-map>
<policy-map>
<policy-map-p4>
<sequence>
<identifier-value>identifier-escape1
<description /></identifier-value>
</sequence>
<sequence>
<identifier-value>identifier-escape1
<action>
<drop />
...
Best Regards
David
br,
cs
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
Attachment:
celery.log.delete.netconf
Description: Binary data
Attachment:
celery.log.replace.netconf
Description: Binary data
Attachment:
celery.log.add.netconf
Description: Binary data
- Re: [rare-dev] netconf, David Schmitz, 03/01/2023
- Re: [rare-dev] netconf, mc36, 03/02/2023
- Re: [rare-dev] netconf, David Schmitz, 03/03/2023
- Re: [rare-dev] netconf, mc36, 03/02/2023
Archive powered by MHonArc 2.6.24.