Module 2: Why NETCONF and YANG
Download as PPTX, PDF•3 likes•5,153 views
The document discusses the importance of NETCONF and YANG protocols in network management, emphasizing their ability to configure, monitor, and administer network devices. It outlines specific operator requirements for ease of use, configuration management, and role-based access control to enhance management efficiency. The document also highlights the historical context and motivations for adopting these standards in light of the limitations of SNMP.
Module 2: Why NETCONF and YANG
- 1. Why NETCONF and YANG Presented by Tail-f
- 2. MAY 27, 2013 2©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG NETCONF and YANG in Context NETCONF Manager EMS / NMS / OSS NETCONF protocol RFC 6241 Yang Models YANG Model Device Type B v2.3 YANG Model Device Type A v1.1 Yang Models The YANG models describe everything there is to … • Configure • Monitor • Admin actions • Notifications … for each device type and version (much like a MIB) YANG Model Device Type A v1.2 The NETCONF protocol allows a manager to set configuration, query configuration and state and execute actions on the device (much like SNMP)
- 3. Standards background, motivation and history RFC 3535: Operators’ problems and requirements on network management
- 4. MAY 27, 2013 4©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Informational RFC 3535 • SNMP had failed • For configuration, that is • Extensive use in fault handling and monitoring • CLI scripting • “Market share” 70%+ • Cisco drives • Juniper joins Abstract This document provides an overview of a workshop held by the Internet Architecture Board (IAB) on Network Management. The workshop was hosted by CNRI in Reston, VA, USA on June 4 thru June 6, 2002. The goal of the workshop was to continue the important dialog started between network operators and protocol developers, and to guide the IETFs focus on future work regarding network management.
- 5. MAY 27, 2013 5©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #1/14 #1: Ease of use – for the operator 1. Ease of use is a key requirement for any network management technology from the operators point of view.
- 6. MAY 27, 2013 6©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #2-3/14 • Clearly separating configuration • Ability to compare across devices 2. It is necessary to make a clear distinction between configuration data, data that describes operational state and statistics. 3. It is required to be able to fetch separately configuration data, operational state data, and statistics from devices, and to be able to compare these between devices.
- 7. MAY 27, 2013 7©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #4-5/14 • Service and Network management, not device management • Network wide transactions 4. It is necessary to enable operators to concentrate on the configuration of the network as a whole rather than individual devices. 5. Support for configuration transactions across a number of devices would significantly simplify network configuration management.
- 8. MAY 27, 2013 8©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #6-7/14 • Devices figure out ordering • No unnecessary changes • Finally: backup/restore of configuration 6. Given configuration A and configuration B, it should be possible to generate the operations necessary to get from A to B with minimal state changes and effects on network and systems. It is important to minimize the impact caused by configuration changes. 7. A mechanism to dump and restore configurations is a primitive operation needed by operators. Standards for pulling and pushing configurations from/to devices are desirable.
- 9. MAY 27, 2013 9©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG 8. It must be easy to do consistency checks of configurations over time and between the ends of a link in order to determine the changes between two configurations and whether those configurations are consistent. 10. It is highly desirable that text processing tools such as diff, and version management tools such as RCS or CVS, can be used to process configurations, which implies that devices should not arbitrarily reorder data such as access control lists. Operator Requirement #8, 10/14 • Validation of configuration • Validation at network level • Text based configuration
- 10. MAY 27, 2013 10©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #9/14 • Standardized data models9. Network wide configurations are typically stored in central master databases and transformed into formats that can be pushed to devices, either by generating sequences of CLI commands or complete configuration files that are pushed to devices. There is no common database schema …, although the models used by various operators are probably very similar. It is desirable to extract, document, and standardize the common parts of these network wide configuration database schemas.
- 11. MAY 27, 2013 11©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Operator Requirement #13/14 • Support for multiple configuration sets • Delayed, orchestrated activation 13. It is important to distinguish between the distribution of configurations and the activation of a certain configuration. Devices should be able to hold multiple configurations.
- 12. MAY 27, 2013 12©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG 11. … Typical requirements are a role- based access control model and the principle of least privilege, where a user can be given only the minimum access necessary to perform a required task. 12. It must be possible to do consistency checks of access control lists across devices. 14. SNMP access control is data-oriented, while CLI access control is usually command (task) oriented. … As such, it is a requirement to support both data- oriented and task-oriented access control Operator Requirement #11,12,14/14 • Role-Based Access Control (RBAC) • Data oriented • Task oriented
- 13. MAY 27, 2013 13©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Cost and complexity Cost Information leakage • Lack of atomicity • Ordering problem OSS NMS EMS ImplicationsofRFC3535,legacysituation
- 14. MAY 27, 2013 14©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG Reduced Cost and complexity Cost/ Value Require transactions OSS NMS EMS ImplicationsofRFC3535,withtransactions
- 15. MAY 27, 2013 15©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG 0 20 40 60 80 100 1 2 3 4 5 OPEX CAPEX decreases over the years OPEX does not OPEX per taskOPEX/CAPEX p.a. TCO for 5 years OPEX is often around 80% of 5 years TCO 45% of OPEX is typically Configuration & Activation Change mgmt. Fault management Other Configuration/ ActivationOPEX CAPEX Implications of RFC 3535, in $
- 16. MAY 27, 2013 16©2013 TAIL-F all rights reserved TUTORIAL: NETCONF AND YANG NETCONF was designed to conform to RFC 3535. Today many operators require NETCONF and YANG in devices. NETCONF makes a difference on the bottom line.