N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.
-
Upload
elisabeth-douglas -
Category
Documents
-
view
221 -
download
0
description
Transcript of N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.
![Page 1: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/1.jpg)
NETWORK CONFIGURATION
Prepared by:Menna HamzaMohamad HeshamMona Abdel MageedYasmine Shaker
![Page 2: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/2.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 3: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/3.jpg)
OPERATIONS AND MANAGEMENT AREA Area Workgroups Examples:
CAPWAP : Control And Provisioning of Wireless Access Points.
BMWG: Benchmarking Methodology
DIME : Diameter Maintenance and Extensions
NETCONF : Network Configuration
![Page 4: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/4.jpg)
NETCONF WORKING GROUP The NETCONF Working Group is chartered to
produce a protocol suitable for network configuration. required characteristics includes: Differentiate between configuration data and
non-configuration data. Extensible. Integration with user authentication methods. Integration with configuration database systems. Wide configuration transactions with features
such as locking and rollback capability.
![Page 5: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/5.jpg)
NETCONFIG PROTOCOL The protocol provides mechanism to transfer
and manipulate configuration data in a network device
It uses an Extensible Markup Language (XML)-based data encoding for the configuration data and the protocol messages.
The NETCONF protocol operations are realized on top of a simple Remote Procedure Call (RPC) layer.
![Page 6: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/6.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Example Partial Lock RPC With Default Capability TLS
AGENDA
![Page 7: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/7.jpg)
XML DETOUR XML Why XML? XSD and Schemas Xpath XML Node XML Sub Tree Example
![Page 8: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/8.jpg)
XML EXAMPLE <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user>
</users></top>
Value of Xpath (top/users/user/name)
![Page 9: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/9.jpg)
DEFINITIONS Application / client Server / Device Data Store / Configuration file Capabilities
![Page 10: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/10.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 11: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/11.jpg)
PROTOCOL LAYERS
•Configuration Data•Status Data?
Content
•<get-config>•<edit-config>•…..
Operation
•<rpc-call>•<rpc-reply>
RPC
•SSL, SSH, BEEP, console Transport Protocol
![Page 12: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/12.jpg)
<HELLO> A way for both client and server to announce
there existence It also serves as an announcement of session
ID as well as supported features !!! Extendible protocol means that there is no
guarantee that the server and client support the same set features.
Base capability must be supported How to handle different set of features?
![Page 13: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/13.jpg)
SERVE ME The client the needed advertised capabilities
requests to the Server. The Server processes the requests on a FIFO
basis (Pipe Line) The Server sends Required Data/ request
status to the client How to associate a request with a reply? ID Client closes the session or Server terminates
session due to timeout
![Page 14: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/14.jpg)
RPC FOR LIFE Client Requests are RPC calls The data store is conceptually a list of XML
namespaces The RPC manipulates these XML namespaces Changes to the XML name spaces are
mapped by the device to actual changes in it’s internal configuration (registers, etc..)
Server reply contains requested XML data, errors, warnings and optionally execution success feedback
![Page 15: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/15.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 16: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/16.jpg)
BASIC OPERATIONS Get
get get-config
Manipulate edit-config copy-config delete-config
Parallel access control Lock unlock
End session close-session kill-session
![Page 17: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/17.jpg)
RPC BLOCKS <rpc-call> <rpc-reply>
<rpc-error> </ok> <data>
![Page 18: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/18.jpg)
FILTERS What’s a filter Using a filter <filter>
![Page 19: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/19.jpg)
DEMO
![Page 20: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/20.jpg)
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-config> <source> <running/> </source> <filter type="subtree"> <top
xmlns="http://example.com/schema/1.2/config"><users> <user><name>root</name></user></users>
</top> </filter> </get-config> </rpc>
![Page 21: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/21.jpg)
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <top xmlns="http://example.com/schema/1.2/config"> <users> <user> <name>root</name> <type>superuser</type> <full-name>Charlie Root</full-name> <company-info> <dept>1</dept> <id>1</id> </company-info> </user>
</users> </top> </data> </rpc-reply>
![Page 22: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/22.jpg)
EXTENDED CAPABILITIES CASE STUDY Partial lock With default Capabilities
![Page 23: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/23.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Example Partial Lock RPC With Default Capability TLS
AGENDA
![Page 24: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/24.jpg)
PARTIAL LOCK RPC Describes the lock and unlock operations on
parts of configuration data stores using XPath filtering mechanisms
Definition of Terms Scope of the lock Protected area
![Page 25: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/25.jpg)
PARTIAL LOCKING CAPABILITY Usage Scenarios
Multiple managers with overlapping sections Multiple managers, distinct management areas
New Operations <partial-lock> <partial-unlock>
![Page 26: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/26.jpg)
<PARTIAL-LOCK> Locking a node protects the node itself and the
complete sub-tree under the node The XPath expressions are evaluated only once at
lock time NETCONF server that supports partial locking MUST
be able to grant multiple simultaneous partial locks to a single NETCONF session
Failure Global lock Already locked User does not have access rights
![Page 27: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/27.jpg)
<PARTIAL-LOCK> (CTD.) RPC Call Parameters
Filter (Lock) ID (Unlock)
Deadlock Avoidance RPC Reply
Positive (Lock ID in case of lock) Negative
![Page 28: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/28.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 29: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/29.jpg)
WITH DEFAULT CAPABILITY A new XML child element added to the
method-name element. part of the configuration data is not set by
the NETCONF client, but rather a default value is used.
Some times NETCONF client has a prior knowledge about this default data, so the NETCONF server does not need to send it to the client.
In other situations the NETCONF client will need this data so it must be sent at the NETCONF <rpc-reply> messages.
![Page 30: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/30.jpg)
REPORTING MODES report-all:
All default data is always reported. trim:
Values are not reported if they match the default. explicit:
Default data is not reported except explicitly set default data.
![Page 31: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/31.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 32: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/32.jpg)
NETCONF OVER TLS Configuration exchange must be secure.
TLS Provide support for certificate-based mutual authentication.
TLS is application-protocol-independent.
How NETCONF can be used within a TLS session?
![Page 33: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/33.jpg)
NETCONF OVER TLS Connection Initiation
Client Hello message Handshake
Start Exchange XML
Connection Closure
Agent(NETCON
F)
Server(TLS)
Manger(NETCON
F)
Client(TLS )
![Page 34: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/34.jpg)
NETCONF OVER TLS Endpoint Authentication and Identification
Server Identity o The server hostnameo Matching is case-insensitive.o A "*" wildcard character.o multiple names is acceptable.
Client Identity
![Page 35: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/35.jpg)
OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS
AGENDA
![Page 36: N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.](https://reader035.fdocuments.net/reader035/viewer/2022062317/5a4d1b6b7f8b9ab0599b34a8/html5/thumbnails/36.jpg)
QUESTIONS!