programovatelnost asr platforem s možností využití nso · standard/oss ietf ietf apache w3c...

1© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

Programovatelnost ASR platforem s možností využití NSO• SP3

Stanislav Kraus, SE


Agenda• Motivace pro orchestraci služeb

• NETCONF/RESTCONF & YANG

• YANG – detailnější pohled

• YANG - přispěvovatelé

• Nástroj NSO (NCS)

• Ukázka


Motivace pro orchestracislužeb


Current State

Metro and Access WAN Data Center

EMSEMS EMS

NMSNMS

CLICLICLI

CLICLI

CLI

Provisioning A

Provisioning B

Activation C

Provisioning D

Activation E

Customer Orders


Current State - Pain Points


EMSEMS EMS

NMSNMS

CLICLICLI

CLICLI

CLI

Provisioning A

Provisioning B

Activation C

Provisioning D

Activation E

Customer Orders

INTE

GRA

TIO

NTA

XAD

APTE

RTA

X

• Complex & Expensive

• Slow & Error prone

• Always the bottleneck


Network Services


It should ALWAYS be about the SERVICES

L2VPN L3VPN NFV SECURITY BOD Service X

• Time to Market• Order to Activation• Configuration Data Quality


Best Practices Coming Together

NETCONF,RESTCONFandYANG

CLIBestPractices

SNMPExperience

OperatorRequirements


NETCONF/RESTCONF & YANG


Timeline

NETCONF Protocol• Network management

protocol• RFC 4741 (1.0)• RFC 6241 (1.1 June,

2011

YANG Language• Data modeling

language• RFC 6020 (1.0)• Oct 2010• 1.1 currently in Last

Call

RESTCONF Protocol• REST mapping of

NETCONF data• IETF Last Call

Dec 2006 Oct 2010 Now


• YANG: A Data Model• Explicitly and precisely determines

the structure, syntax and semantics of the data…

• …that is externally visible• Consistent and complete

• NETCONF and RESTCONF: Protocols• Provides primitives to view and

manipulate data• Encoding of the data as defined by

the data model

Data, Data Model and Protocols

DataModel

Instance Data

Protocols


• IETF network management protocol

• Distinction between configuration and state data

• Multiple configuration data stores (candidate, running, startup)

• Configuration change validations and transactions

• Selective data retrieval with filtering

• Streaming and playback of event notifications

• Extensible remote procedure call mechanism

Why you should care:NETCONF provides the fundamental programming features for comfortable and robust automation of network services

NETCONF – Protocol to Manipulate Configuration


RESTCONF – HTTP API for NETCONF datastores• IETF network management protocol

• Not intended to replace NETCONF, but rather provide an additional simplified interface

• Defines HTTP-based Create, Retrieve, Update, Delete (CRUD) operations

• Configuration data and state data exposed as resources

• Operations defined with the YANG rpc invoked with the POST method

• A simplified transaction model

Why you should care:RESTCONF provides a lighter-weight interface to NETCONF data stores leveraging the well known combination of HTTP and JSON/XML


• Human readable and easy to learn

• Hierarchical configuration data models

• Reusable types and groupings (structured types)

• Extensibility through augmentation • Formal constraints for configuration

validation

• Data modularity through modules and sub-modules

• Well defined versioning rulesWhy you should care:YANG is a full, formal contract language with rich syntax and semantics to build applications on

YANG – A Data Modeling Language for Networking


Terminology• Client = NMS/Orchestrator

• Server = Network Element

• Datastore

• Configuration Data

• State Data

NETCONFManager

YangModels

ManagementApplications

YANG Modules

YANG Modules

YANG Modules

YANG Modules

NETCONF,RESTCONF


NETCONF and YANG Architecture

ClientContent

Operations

RPC

Transport

Modeled in YANG

Content

Operations

RPC

Transport

Server

Configuration Data Storage

NETCONF NETCONF


NETCONF Operations

• Base Operations• Additional Operations (Capabilities)

<rpc message-id="101"xmlns="urn:ietf:params:xml:ns:netconf:base:1.0

"><get-config>

<source><running/>

</source></get-config>

</rpc>

Content

Operations

RPC

Transport


Base Operations

Data Manipulation• <get>

• <get-config>

• <edit-config>

• <copy-config>

• <delete-config>

Session Mgmt• <close-session>

• <kill-session>

Base NETCONF specification provides restricted set of operations

Locking• <lock>

• <unlock>


Advertising CapabilitiesCapabilities are advertised by server and client at start of session

<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities>

<capability>urn:ietf:params:netconf:base:1.1</capability>

<capability>urn:ietf:params:netconf:capability:startup:1.0</capability></capabilities><session-id>4</session-id>

</hello>

Client Server


Datastore Capabilities

Example:– :candidate, – :writable-running,– :startup

Configuration loaded by the device at startup

Complete and active configuration

Working copy to manipulate with no impact on current configuration

Capabilities supporting multiple configuration datastores

Additional operations and content supported on a device

Candidate Running Startup

<copy>

<commit>

<copy>


NETCONF RESTCONF

• Arbitrarily complex operations on the data tree

• Locking, validation, transactions

• Extensible capabilities-based model

• Resource-level operations on the data tree

• Single operation, single data store (two phase-commit not possible)

• Limited support for capabilities


NETCONF RESTCONF Thrift SOAP

Standard/OSS IETF IETF Apache W3CResources Paths URLs Code -

Data models YANG Modules - -

Data Modeling Language

YANG IDL, not data WSDL, not data

Management Operations

NETCONF Explicit HTTP operations mapping

Defined in IDL Defined in WSDL

Wire Encoding XML XML, JSON Binary XML

Transport Stack

SSHTLSTCP

SSLHTTPTCP

TCP, SASL SSLHTTPTCP


YANG – detailnější pohled


• Human readable and easy to learn

• Hierarchical configuration data models

• Reusable types and groupings (structured types)

• Extensibility through augmentation • Formal constraints for configuration

validation

• Data modularity through modules and sub-modules

• Well defined versioning rulesWhy you should care:YANG is a full, formal contract language with rich syntax and semantics to build applications on

YANG – A Data Modeling Language for Networking


Basic YANG StatementsYANG Programming Equivalent DescriptionLeaf Variable Contains a single value of a specific type

Leaf-List Array Contains a list of values of the same type

Container Record Contains a single structure containing zero or more values or other statements (hierarchy)

List Array of Records Contains a list of zero or more sets of values and other statements (hierarchy)

Leafref Pointer Contains a link to another statement elsewhere in the file


Container

Leaf

ContainerLeaf-List

ContainerList

Leaf

Container Leaf Leaf Leaf-Ref

Leaf


Leaf


YANG Model Statements and Hierarchy

§ Leaf: single value of a defined type

§ Leaf-list: multiple values of the same type

§ List: multiple records containing at least one leaf (key) and an arbitrary hierarchy of other statements

§ Container: groups other statements; has no value

§ Leafref: is a reference to another leaf


YANG Supports a Number of Data TypesName Descriptionint8/16/32/64 Integeruint8/16/32/64 Unsigned integerdecimal64 Non-integerstring Unicode stringenumeration Set of alternativesboolean True or falsebits Boolean arraybinary Binary BLOBleafref Referenceidentityref Unique identityempty No value, voidunion Choice of member types

instance-identifier References a data tree node

Built-in Types Derived Typestypedef my-base-int32-type {

type int32 {range "1..4 | 10..20";

}}

typedef derived-int32 {type my-base-int32-type {range "11..max";

}}

typedef string255 {type string {length "1..255";

}}

typedef derived-str {type string255 {length "11 | 42..max"; pattern "[0-9a-fA-F]*";

}}


Common YANG Data Types (RFC 6991)Name Descriptioncounter32 non-negative 32-bit integer that monotonically increaseszero-based-counter32 a counter32 that has the defined initial value zerocounter64 non-negative 64-bit integer that monotonically increaseszero-based-counter64 a counter64 that has the defined initial value zerogauge32 non-negative integer, which may increase or decreasegauge64 non-negative integer, which may increase or decreasedate-and-time ISO 8601 standard for representation of dates and timesphys-address colon-separated hexadecimal pairs (e.g. 1a:ba:da:ba:d0)mac-address six colon-separated hexadecimal pairs (e.g. 1a:ba:da:ba:d0:00)xpath1.0 XPATH 1.0 expressionhex-string colon-separated hexadecimal pairs of arbitrary lengthuuid universally unique identifier (RFC 4122)…

import ietf-yang-types {prefix yang;

}

IETF YANG Types Using Types


Common YANG Data Types (RFC 6991)(Cont.)

Name Descriptionip-version IP protocol version: 1=IPv4, 2=IPv6, 0=unknowndscp Differentiated Services Code Point value: 0 to 63ipv6-flow-label 32-bit integer in the range from 0 to 1048575port-number 16-bit integer in the range from 0 to 65535

as-number 32-bit integer representing 2 or 4 octet BGP AS numbersip-address IPv4 or IPv6 addressipv4-address IPv4 address (e.g. 10.1.2.3)ipv6-address IPv6 address (e.g. fd85:b310:6513:194b::1)ip-prefix IPv4 or IPv6 prefixipv4-prefix IPv4 prefix (e.g. 10.1.2.0/24)ipv6-prefix IPv6 prefix (e.g. fd85:b310:6513:194b::/64)domain-name DNS domain namehost IP address or DNS domain nameuri uniform resource identifier…

import ietf-inet-types {prefix inet;

}

Using TypesIETF INET Types


YANG – přispěvovatelé


IETF YANG Models Growth

http://claise.be/IETFYANGPageCompilation.png

Tool: YANG validator

Tool: pyang patch

pyang 1.6 (YANG 1.1)

Active help to authors

TREND


Cisco IETF YANG Models Growth

Cisco is committed to YANG model standardization and development


• “The MEF develops Carrier Ethernet architectural, service and managementtechnical specifications and implementation agreements to promote interoperability and deployment of Carrier Ethernet worldwide.”

• Working on EVC and UNI services YANG models

• YANG: MEF 38 and 39 for OAM Fault Monitoring and Performance Measurement

• Committed YANG Models: EVC and OVC based services

• MEF link to track YANG model development there (must be a MEF member):• https://wiki.metroethernetforum.com/display/MTA/AdHoc+-+YANG+Models

Metro Ethernet Forum


• Operators-led YANG models• Google, AT&T, British Telecom, Microsoft, Facebook, Comcast, Verizon,

Level3, Cox Communications, Yahoo!, Apple, Jive Communications, Deutsche Telekom / TeraStream, Bell Canada

• “an informal working group of network operators sharing the goal of moving our networks toward a more dynamic, programmable infrastructure by adopting software-defined networking principles such as declarative configuration and model-driven management and operations.”

• Some YANG models not completely aligned with the IETF (https://github.com/openconfig/public)

OPENCONFIGwww.openconfig.net


XR 6.0(Nov ‘15)

XR 6.0.1(March ’16)

CO

MM

ON • OC-BGP

• OC-RPL• OC-Optical• OC-MPLS• OC-Interface

• OC-Interface Aggregate• OC-Interface Ethernet

NAT

IVE

• QoS• OSPF• MPLS-Label• MPLS-LDP• RSVP-TE• ECMP• PCEP/PCE• Segment Routing

(IGP)

• BGP-LU and SR• BGP-LS, BMP• BFD• NetFlow• EoMPLS

• LLDP • E-OAM/CFM/Y1731 • L3VPN: vrf manager • L3VPN: Route-Policy

Support • Multicast - PIM/IGMP

• L3VPN: RFC 2547 -Basic MPLS L3 VPN Support

• ACLv4 • ACLv6 • BGP: LU + SR • BGP: SR-EPE • BGP: LinkState• Inventory Model

IOS-XR YANG Data Model


XE 3.17 (Nov ‘15)

CO

MM

ON •IETF-Interfaces

•IETF-VRF Infra•IETF-IPv4/IPv6 Static Routing•IETF-IPv4 ACL•IETF-OSPF v2/v3

•ITEF-IPv4/IPv6 RIB•IETF-Policy•IETF-QoS (shape, bandwidth and priority)

•Cisco-MPLS static•Cisco-VxLAN

NAT

IVE

•BFD•G8032•MPLS-TE•E-OAM•VPLS•ISIS•ACL•GRE•CFM•Interfaces•BGP•Static Routing•MPLS Static

•EVPN•VLAN•L2VPN•OTV•Inter-AS•Bridge Domain/ EVC•LISP•IPSec•PTV•DMVPN•RPL•OSPF•VRF

•Policy/QoS•NHRP•PfR•EIGRP•WAAS•AVC-NBAR•AVC-ART•ESON•Snort•SourceFire•ZBFW•FNF•RIB

IOS-XE YANG Data Model (Controlled Availability)


NX-OS YANG Data Model

Coming ….


Nástroj NSO (NCS)


Orchestration Platform Architecture


Services Orchestration Platform

Customer Orders

• Concept to production in weeks.• Instant Activation • Surgical precision

L2VPN L3VPN NFV SECURITY

Network Abstraction - YANG Data Models

Domain Controller

EMS

VNF-MNMS

SDNc

BOD Service X


ServiceModels

DeviceModels

BSS

Multivendor Layer 2, Layer 3, and Layer 4-7 Network

Tail-f NSONo hard-coding of:• Network services• Network architecture• Network devices

Instead:• Data models for everything

Model-Based Architecture


BSS

Multivendor Layer 2, Layer 3, and Layer 4-7 Network

Tail-f NSO

Transactional Integrity

Transactional guaranteesAutomatic rollback

Transactional Guarantees


Service Model examplesaugment /ncs:services {list l2vpn {key name;leaf name {}

list endpoint {key device;

leaf device {}

leaf intf-number {}

leaf remote-ip {}

}

leaf pw-id {}

}}

container vpn {list l3vpn {key name;leaf name {}

leaf as-number {}

list endpoint {key "id";leaf id{}leaf ce-device {}leaf ce-interface {}leaf ip-network {}leaf bandwidth {}

}}

}


Network Element Driver (NED)Cisco IOS Device Model...

// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;

}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";

}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;

}

Cisco IOSNED Engine

South Bound Protocol: CLI

YANG Model


South-Bound Integration - NEDs (1/3)Vendor Device/Platform

Cisco Catalyst 6900 Series Ethernet Interface Module for Cisco Catalyst 6500 Series Switches

Cloud Services Router 1000V SeriesME 3400 Series Ethernet Access SwitchesME 3600X Series Ethernet Access SwitchesME 3800X Series Carrier Ethernet Switch RoutersME 4900 Series Ethernet SwitchesuBR10000 Series Universal Broadband Routers

ASR 900 Series Aggregation Services RoutersASR 1000 Series Aggregation Services RouterscBR Series Converged Broadband RoutersCloud Services Router 1000V SeriesRF Gateway Series

IOS XR12000 Series RoutersASR 9000 SeriesCarrier Routing SystemIOS XRv Router

Vendor Device/Platform

Cisco IOS/IOSXE3900 Series Integrated Services Routers7200 Series Routers7600 Series RoutersCatalyst 2900 Series SwitchesCatalyst 2960 Series SwitchesCatalyst 2960-X Series SwitchesCatalyst 3550 Series Intelligent Ethernet SwitchesCatalyst 3750 Metro Series SwitchesCatalyst 3850 Series SwitchesCatalyst 4500 Series SwitchesCatalyst 4500E Series • Supervisor Engine 7-E• Supervisor Engine 8-ECatalyst 4500-X Series Fixed 10 Gigabit Ethernet

Aggregation SwitchCatalyst 4900 Series SwitchesCatalyst 6500 Series • 10 Gigabit Ethernet Modules• Mixed Media Gigabit Ethernet Modules• Supervisor Engine 2T• SwitchesCatalyst 6500-E Series Chassis

Not all supported NEDs are listed!



Huawei ATN SeriesNetEngine40E Series Universal Service RouterNetEngine5000E Cluster RouterQuidway S3300 Series Switches

Juniper EX Series Ethernet Switches Firefly Perimeter (Virtual SRX) M Series Multiservice Edge Routers MX Series 3D Universal Edge Routers QFX Series SRX Series Services Gateways


Overture 14002200500051006000

Palo Alto Networks

PA-2000 Series PA-3000 SeriesPA-5000 SeriesVirtualized Firewalls

Procera Networks

PacketLogic 9000 Platform

Quagga Quagga Routing Software Suite (BGP module)




F5 Networks BIG-IQ

H3C S5800 series

Infinera DTN-X Multi-Terabit Packet Optical NetworkPlatform

Juniper Contrail Controller

MRV Communications

Master-OSOptiSwitch 9000 series

NEC iPASOLINK family

Netfilter Iptables (Linux)

Nominum DCS

OneAccess OneOS for RoutersOne540

Open vSwitch OVSDB (shell)


OpenDaylight ControllerLithium

Openstack Cloud Operating SystemIdentity (Keystone)Networking Service (Neutron)Image Service (Glace)Compute (Nova)

Pulsecom SuperG

Riverbed Steelhead Series

Silver Peak VXOA Virtual Appliance

Sonus SBC 5000 Series

Telco Systems BiNOXT-Marc Family

VMware vSphere

ZenOSS Service Dynamics

ZTE xPON OLT



Device ModelsCisco IOS Device Model...

// interface GigabitEthernet *list GigabitEthernet {tailf:info "GigabitEthernet IEEE 802.3z";tailf:cli-allow-join-with-key {tailf:cli-display-joined;

}tailf:cli-mode-name "config-if";tailf:cli-suppress-key-abbreviation;key name;leaf name {type string {pattern "[0-9]+.*";

}}uses interface-common-pre-grouping;uses interface-ethernet-pre-grouping;uses interface-switch-grouping;uses interface-ethernet-grouping;uses interface-common-grouping;uses interface-zone-member-grouping;

}

Huawei VRP Device Model...// interface GigabitEthernet *list GigabitEthernet {

tailf:info "GigabitEthernet interface";tailf:cli-full-command;key name;

leaf name {}

// interface GigabitEthernet * / descriptionuses interface-description;

// interface GigabitEthernet * / vlan-typeuses interface-vlan-type;

// interface GigabitEthernet * / speedleaf speed {}

// interface GigabitEthernet * / duplexleaf duplex {}

// interface GigabitEthernet * / mtuuses interface-mtu;

// interface GigabitEthernet * / ipcontainer ip {}

Juniper Junos Device Model...grouping top-configuration {

leaf version {type string;description "Software version information";

}container system {

description "System parameters";uses juniper-system;

}list logical-systems {

key "name";description "Logical systems";uses juniper-logical-system;

}container chassis {

description "Chassis configuration";uses chassis-type;

}container interfaces {

description "Interface configuration";uses apply-group;uses apply-macro;list pic-set {key "name";ordered-by user;

ALU-SR Device Model...list port {

tailf:info "Configure physical ports";key port-id;leaf port-id {}leaf description {}container access {

}container egress {}container ingress {}

}container ethernet {

leaf mode {}container access {}container autonegotiate {}

leaf dot1q-etype {}leaf duplex {}container efm-oam {}


Service-Model to Device-Model Mapping

A

ServiceCREATIONmapping

UPDATE, DELETE and REDEPLOY

INFERRED

FASTMAP


Service-Model to Device-Model Mapping

A

B

ServiceCREATIONmapping

UPDATE, DELETE and REDEPLOY

INFERRED

FASTMAP


Slow - Traditional Workflow

ServiceANY Infra-structure Change

ANY Service Change

How many workflows do you need?Complexity growths exponentially

Focus on how


Model Based State-Convergence

ServiceANY Infra-structure Change

ANY Service Change

Service Data-Model

Device Data-Model

Single Mapping: “intent” ConvergenceAlgorithm

• One Single Definition• Complexity growths linearly• Arbitrarily complex scenarios• Focus on what, intent

Constant (iterative) Convergence


Precision & Traceability

A

access-list 101 permit ip any 10.1.1.0 0.0.0.255

FASTMAP

NEDENGINE

Volvo


Precision & Reverse Traceability

A

access-list 101 permit ip any 10.1.1.0 0.0.0.255

FASTMAP

NEDENGINE

Volvo


Tail-f NSO Overview

DeviceModelsNetwork Element Drivers

Device Manager

Service Manager

Tail-f NSO ServiceModels

Networkwide CLI and Web UIREST, NETCONF, JSON-RPC, Java…

Network Engineer

ManagementApplications

NETCONF, CLI, SNMP, REST, etc.

• EMS• Applications• Controllers

Open & Modular Platform

UtilityModels

Runtime Package Directory


Utility Packages

1. Discovery2. Plug-and-Play3. Resource Manager

• ID Allocator (VLAN, RD etc.)• IP Address Allocator

4. Virtual-Machine Manager


NCS for Network Engineers – User InterfacesAuto-rendered Web UI with powerful extensibility features

Cisco or Juniper-style CLI for network-wide configuration changes


Netsim Overview• ncs-netsim is a network devices simulation

tool

• Used to test NSO with simulated devices

• Uses NED device packages• A NED package contains netsim directory• Represents device configuration and CLI

• The same YANG for models are used for simulated and real devices

Netsim simulateddevices (ConfD)

Physical or virtual non-simulated devices


Ukázka


ACE - Agile Carrier Ethernet / Next generation L2/L3 VPN - EVPN

Následuje

programovatelnost asr platforem s možností využití nso · standard/oss ietf ietf apache w3c...

Documents