In this article, I will show you how to set up opendaylight to work with network equipment, and also show how to use Postman and simple RESTCONF requests, this equipment can be controlled. We will not work with hardware, but instead we will deploy small virtual laboratories with a single router using Vrnetlab over Ubuntu LTS 20.04.
I will show the detailed settings first using the example of a router Juniper vMX 20.1R1.11, and then we compare it with the setting Cisco xRV9000 7.0.2.
Content
- Required knowledge
- Part 1: discuss briefly OpenDaylight (hereinafter ODL), Postman и Vrnetlab and why do we need them
- Part 2: description of the virtual laboratory
- Part 3: customize opendaylight
- Part 4: customize Vrnetlab
- Part 5: by using Postman connect virtual router (Juniper vMX) to ODL
- Part 6: get and change the router configuration using Postman и ODL
- Part 7: add Cisco xRV9000
- Conclusion
- PS
- Bibliography
Required knowledge
In order for the article not to turn into a sheet, I omitted some technical details (with links to literature where you can read about them).
In this connection, I offer you topics that it would be good (but almost not necessary) to know before reading:
- ,
- /
Part 1: some theory
- An open SDN platform for managing and automating all kinds of networks, supported by Linux Foundation
- Java inside
- Based on Model-Driven Service Abstraction Level (MD-SAL)
- Uses YANG models to automatically generate RESTCONF APIs for network devices
The main module for network management. It is through it that we will communicate with connected devices. Managed through its own API.
You can read more about OpenDaylight .
- API testing tool
- Simple and easy to use interface
In our case, we are interested in it as a means for sending REST requests to the OpenDaylight API. You can, of course, send requests manually, but in Postman everything looks very clear and suits our purposes perfectly.
For those who want to dig: a lot of training materials have been written on it ().
- Tool for deploying virtual routers in Docker
- Supports: Cisco XRv, Juniper vMX, Arista vEOS, Nokia VSR, etc.
- Open Source
A very interesting but little known instrument. In our case, we will use it to run Juniper vMX and Cisco xRV9000 on a regular Ubuntu 20.04 LTS.
You can read more about it at .
Part 2: Lab
In this tutorial, we will set up the following system:
How it works
- Juniper vMX rises in Docker container (by means Vrnetlab) and functions as the most common virtual router.
- ODL connected to the router and allows you to control it.
- Postman launched on a separate machine and through it we send commands ODL: to connect / remove the router, change the configuration, etc.
Commentary on the device of the system
Juniper vMX и ODL require quite a lot of resources for their stable operation. One only vMX asks for 6 Gb of RAM and 4 cores. Therefore, it was decided to move all the "heavyweights" to a separate machine (Heulett Packard Enterprise MicroServer ProLiant Gen8, Ubuntu 20.04 LTS). The router, of course, does not "fly" on it, but the performance is enough for small experiments.
Part 3: Set up OpenDaylight
The current version of ODL at the time of this writing is Magnesium SR1
1) Install Java Open JDK 11 (for more detailed installation )
ubuntu:~$ sudo apt install default-jdk2) Find and download the latest build ODL
3) Unzip the downloaded archive
4) Go to the resulting directory
5) Run ./bin/karaf
At this step ODL should start and we will find ourselves in the console (Port 8181 is used for access from the outside, which we will use later).
Next, install ODL Featuresdesigned to work with protocols NETCONF и RESTCONF. To do this in the console ODL we execute:
opendaylight-user@root> feature:install odl-netconf-topology odl-restconf-allThis is the simplest setup. ODL completed. (For more details, see ).
Part 4: Setting up Vrnetlab
System preparation
Before installation Vrnetlab you need to install the packages required for its operation. Such as , , :
ubuntu:~$ sudo apt update
ubuntu:~$ sudo apt -y install python3-bs4 sshpass make
ubuntu:~$ sudo apt -y install git
ubuntu:~$ sudo apt install -y
apt-transport-https ca-certificates
curl gnupg-agent software-properties-common
ubuntu:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
ubuntu:~$ sudo add-apt-repository
"deb [arch=amd64] https://download.docker.com/linux/ubuntu
$(lsb_release -cs)
stable"
ubuntu:~$ sudo apt update
ubuntu:~$ sudo apt install -y docker-ce docker-ce-cli containerd.ioInstalling Vrnetlab
For installation Vrnetlab clone the corresponding repository from github:
ubuntu:~$ cd ~
ubuntu:~$ git clone https://github.com/plajjan/vrnetlab.gitGo to the directory vrnetlab:
ubuntu:~$ cd ~/vrnetlabHere you can see all the scripts needed to run. Please note that a corresponding directory has been made for each type of router:
ubuntu:~/vrnetlab$ ls
CODE_OF_CONDUCT.md config-engine-lite openwrt vr-bgp
CONTRIBUTING.md csr routeros vr-xcon
LICENSE git-lfs-repo.sh sros vrnetlab.sh
Makefile makefile-install.include topology-machine vrp
README.md makefile-sanity.include veos vsr1000
ci-builder-image makefile.include vmx xrv
common nxos vqfx xrv9kCreate an image of the router
Each router that is supported Vrnetlab, has its own unique setup procedure. When Juniper vMX we just need to upload the .tgz archive with the router (you can download it from ) to the vmx directory and run the command make:
ubuntu:~$ cd ~/vrnetlab/vmx
ubuntu:~$ # Копируем в эту директорию .tgz архив с роутером
ubuntu:~$ sudo makeBuilding an image vMX will take about 10-20 minutes. It's time to go get some coffee!
Why so long, you ask?
Translate author to this question:
"This is because the first time the VCP (Control Plane) is started, it reads a config file that determines whether it will run as a VRR VCP in vMX. Previously, this launch was done during Docker startup, but this meant that the VCP was always restarted once before the virtual router became available, resulting in a long boot time (about 5 minutes) Now the first run of the VCP is done during the build of the Docker image, and since the Docker build cannot be run with the --privileged option, this means that qemu works without KVM hardware acceleration and thus the build takes a very long time.During this process, a lot of logs are output, so at least you can see what is going on.I think a long build is not so scary because that we create an image once, but we launch many."
After you can see the image of our router in Docker:
ubuntu:~$ sudo docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 3 weeks ago 4.43GB
debian stretch 614bb74b620e 7 weeks ago 101MBLaunch vr-vmx container
We start with the command:
ubuntu:~$ sudo docker run -d --privileged --name jun01 b1b2369b453cNext, we can see information about active containers:
ubuntu:~$ sudo docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
120f882c8712 b1b2369b453c "/launch.py" 2 minutes ago Up 2 minutes (unhealthy) 22/tcp, 830/tcp, 5000/tcp, 10000-10099/tcp, 161/udp jun01Connecting to the router
The IP address of the network interface of the router can be obtained with the following command:
ubuntu:~$ sudo docker inspect --format '{{.NetworkSettings.IPAddress}}' jun01
172.17.0.2Default, Vrnetlab creates a user on the router vrnetlab/VR-netlab9.
Connecting with ssh:
ubuntu:~$ ssh [email protected]
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:g9Sfg/k5qGBTOX96WiCWyoJJO9FxjzXYspRoDPv+C0Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
Password:
--- JUNOS 20.1R1.11 Kernel 64-bit JNPR-11.0-20200219.fb120e7_buil
vrnetlab> show version
Model: vmx
Junos: 20.1R1.11This completes the router setup.
Installation recommendations for routers of various vendors can be found at in the respective directories.
Part 5: Postman - connect the router to OpenDaylight
Postman installation
To install, just download the application .
Connecting a router to ODL
Let's create PUT inquiry:
- Query string:
PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 - Request body (Body tab):
<node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> <node-id>jun01</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">172.17.0.2</host> <port xmlns="urn:opendaylight:netconf-node-topology">22</port> <username xmlns="urn:opendaylight:netconf-node-topology">vrnetlab</username> <password xmlns="urn:opendaylight:netconf-node-topology">VR-netlab9</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> <schema-cache-directory xmlns="urn:opendaylight:netconf-node-topology">jun01_cache</schema-cache-directory> </node> - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin. This is required to access the ODL:
- On the Headers tab, you need to add two headers:
- Accept application/xml
- Content-Type application/xml
Our request has been made. We send. If everything was configured correctly, then we should return the status "201 Created":
What does this request do?
We create node inside ODL with the parameters of the real router we want to access.
xmlns="urn:TBD:params:xml:ns:yang:network-topology"
xmlns="urn:opendaylight:netconf-node-topology"These are internal namespaces XML (XML namespace) for ODL according to which it creates node.
Further, respectively, the name of the router is node-id, router address - host and so on.
The most interesting line is the last one. Schema-cache-directory creates a directory where all files are downloaded YANG Schema connected router. You can find them in $ODL_ROOT/cache/jun01_cache.
Checking the connection of the router
Let's create GET inquiry:
- Query string:
GET http://10.132.1.202:8181/restconf/operational/network-topology:network-topology/topology/topology-netconf/ - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
We send. Should receive a status of "200 OK" and a list of all supported by the device YANG Schema:
Comment: To see the latter, in my case it was necessary to wait about 10 minutes after the execution PUTuntil all YANG schema unload on ODL. Up to this point, when performing this GET query will display the following:
Delete the router
Let's create DELETE inquiry:
- Query string:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
Part 6: Change the router configuration
Getting the configuration
Let's create GET inquiry:
- Query string:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/ - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
We send. Should receive the status "200 OK" and the router configuration:
Create a configuration
As an example, let's create the following configuration and modify it:
protocols {
bgp {
disable;
shutdown;
}
}Let's create POST inquiry:
- Query string:
POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Request body (Body tab):
<bgp xmlns="http://yang.juniper.net/junos/conf/protocols"> <disable/> <shutdown> </shutdown> </bgp> - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin. - On the Headers tab, you need to add two headers:
- Accept application/xml
- Content-Type application/xml
After sending, they should receive the status "204 No Content"
To check that the configuration has changed, you can use the previous query. But for example, we will create another one that will display information only about the protocols configured on the router.
Let's create GET inquiry:
- Query string:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
After executing the request, we will see the following:
Change the configuration
Let's change the information about the BGP protocol. After our actions, it will look like this:
protocols {
bgp {
disable;
}
}Let's create PUT inquiry:
- Query string:
PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Request body (Body tab):
<protocols xmlns="http://yang.juniper.net/junos/conf/protocols"> <bgp> <disable/> </bgp> </protocols> - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin. - On the Headers tab, you need to add two headers:
- Accept application/xml
- Content-Type application/xml
Using the previous GET request, we see the changes:
Delete the configuration
Let's create DELETE inquiry:
- Query string:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
On call GET request with information about the protocols, we will see the following:
Supplement:
In order to change the configuration, it is not necessary to send the request body in the format XML. This can also be done in the format JSON.
To do this, for example, in the query PUT to change the configuration, replace the request body with:
{
"junos-conf-protocols:protocols": {
"bgp": {
"description" : "Changed in postman"
}
}
}Don't forget to change the headers on the Headers tab to:
- Accept application/json
- Content-Type application/json
After sending, we will get the following result (We look at the answer using GET request):
Part 7: Adding the Cisco xRV9000
What are we all about Juniper, yes Juniper? Let's talk about Cisco!
I found xRV9000 version 7.0.2 (a beast that needs 8Gb RAM and 4 cores. It is not freely available, so contact ) - let's run it.
Running a container
The process of creating a Docker container is practically no different from Juniper. Similarly, we drop the .qcow2 file with the router into the directory corresponding to its name (in this case, xrv9k) and execute the command make docker-image.
After a few minutes, we see that the image has been created:
ubuntu:~$ sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
vrnetlab/vr-xrv9k 7.0.2 54debc7973fc 4 hours ago 1.7GB
vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 4 weeks ago 4.43GB
debian stretch 614bb74b620e 7 weeks ago 101MBWe start the container:
ubuntu:~$ sudo docker run -d --privileged --name xrv01 54debc7973fcAfter a while, we look that the container has started:
ubuntu:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
058c5ecddae3 54debc7973fc "/launch.py" 4 hours ago Up 4 hours (healthy) 22/tcp, 830/tcp, 5000-5003/tcp, 10000-10099/tcp, 161/udp xrv01Connect via ssh:
ubuntu@ubuntu:~$ ssh [email protected]
Password:
RP/0/RP0/CPU0:ios#show version
Mon Jul 6 12:19:28.036 UTC
Cisco IOS XR Software, Version 7.0.2
Copyright (c) 2013-2020 by Cisco Systems, Inc.
Build Information:
Built By : ahoang
Built On : Fri Mar 13 22:27:54 PDT 2020
Built Host : iox-ucs-029
Workspace : /auto/srcarchive15/prod/7.0.2/xrv9k/ws
Version : 7.0.2
Location : /opt/cisco/XR/packages/
Label : 7.0.2
cisco IOS-XRv 9000 () processor
System uptime is 3 hours 22 minutesConnecting the router to OpenDaylight
Adding occurs in a completely similar way with vMX. We just need to change the names.
PUT inquiry:
Call after a while GET query to check that everything is connected:
Change the configuration
Let's set up the following configuration:
!
router ospf LAB
mpls ldp auto-config
!Let's create POST inquiry:
- Query string:
POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - Request body (Body tab):
{ "processes": { "process": [ { "process-name": "LAB", "default-vrf": { "process-scope": { "ldp-auto-config": [ null ] } } } ] } } - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin. - On the Headers tab, you need to add two headers:
- Accept application/json
- Content-Type application/json
After its execution, they should receive the status "204 No Content".
Let's check what we got.
To do this, we will create GET inquiry:
- Query string:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
After execution, you should see the following:
To remove the configuration use DELETE:
- Query string:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - On the Authorization tab, you must set the parameter
Basic Authand login/password: admin/admin.
Conclusion
In total, as you may have noticed, the procedures for connecting Cisco and Juniper to OpenDaylight do not differ - this opens up quite a wide scope for creativity. Starting from configuration management of all network components and ending with the creation of your own network policies.
In this tutorial, I have given the simplest examples of how you can interact with network equipment using OpenDaylight. Without a doubt, the queries from the above examples can be made much more complex and set up entire services with one click of the mouse - everything is limited only by your imagination *
To be continued ...
PS
If you suddenly already know all this or, on the contrary, have gone through and sunk into the soul of ODL, then I recommend looking towards developing applications on the ODL controller. You can start .
Successful experiments!
References
- /Brian Linkletter
- OpenDaylight Cookbook / Mathieu Lemay, Alexis de Talhouet, Et al
- Network Programmability with YANG / Benoît Claise, Loe Clarke, Jan Lindblad
- Learning XML, Second Edition / Erik T. Ray
- Effective DevOps / Jennifer Davis, Ryn Daniels
Source: habr.com