Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.

Published byElfreda Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1."— Presentation transcript:

1 Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic deanb@juniper.netdeanb@juniper.net v0.1

2 Definitions Persistent data store – data store on network element where management system writes configuration data. The persistent data has to survive reboot process, as well it has to provide access to historical config changes Ephemeral data store – data store where management system writes temporary configuration data. The ephemeral data store doesn’t survive reboot process, as well doesn’t provide access to historical config changes. Ephemeral config data isn’t verified. Operational state – state of control daemon. It can be changed by reading persistent or ephemeral config store, control protocols or through exposed APIs.

3 Intro Reviewing RESTCONF and NETCONF capabilities for I2RS use YANG is assumed as Data Language for I2RS Assumptions: I2RS Agent and Clients have access to YANG DM

4 I2RS Agent and Client architecture daemon Management daemon NETCONF Network admin Cfg store

5 Configuration model Need mechanism to define service templates to be exposed to the clients via agents agents{ routing{ routing-services-template; } filtering{ filtering-services-template; }

6 I2RS Agent and Client architecture routing daemon Management daemon firewall agent routing agent daemon firewall daemon NETCONF Network admin Cfg store agent

7 Client policy definition Define policy for clients which agents they can access clients { client-Anne{ authentication local; access { filtering; routing; analytics; } client-Bill{ authentication RADIUS; access { filtering; analytics; }

8 I2RS Agent and Client architecture routing daemon Management daemon firewall agent routing agent daemon firewall daemon NETCONF Network admin Cfg store Client Bill Client Anne RESTCONF analytics agent

9 Filter model (simple) filter id match_func action_func address_family IP protocol src port dest port accept discard policer count log inet_v4 inet_v6

10 Device configuration vs modifying operational state NETCONF and RESTCONF provide mechanism to configure devices, but not to change operational state

11 NETCONF Network Configuration Protocol (RFC 6241) Operations are realized on top of RPCs Uses XML for configuration data as well as protocol messages The NETCONF protocol can be conceptually partitioned into four layers: 1.The Content layer consists of configuration data and notification data 2.The Operations layer defines a set of base protocol operations to retrieve and edit the configuration data. 3.The Messages layer provides a mechanism for encoding remote procedure calls (RPCs) and notifications 4.The Secure Transport layer provides a secure and reliable transport of messages between a client and a server.

12 NETCONF cnt’d Content Operations RPC Transport Configuration data allow, SSH, SSL Notification data

13 Pros Can’t modify operational daemon state directly Multiple configuration data stores Commit model RPC based Cons IETF Standards track configuration protocol Selective data retrieval with filtering Provides data validation and verification NETCONF

14 RESTCONF IETF draft draft-bierman-netconf-restconf-04 defined as simplified interface to resource-oriented device abstractions not intended to provide full capabilities as NETCONF

15 Cons No network locking model Can’t modify operational state of network device Using JSON only simple meta-data is supported Pros Unified data store Provides atomicity of transaction Simplified defaults handling Allows multiple edits (with PATCH) within single message Providing abstracted simplified config model Supports XML and JSON Streaming via Server-Sent- Events Edit collision detection RESTCONF

16 RESTCONF and NETCONF Gaps Both protocols will need some new mechanism in order to be able to install operational state on the device: in NETCONF or PUT/POST/PATCH to the operational resource in RESTCONF

Download ppt "Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Www.opendaylight.org Device Driver Framework Project October 2014.

Device Driver Framework Project October 2014.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
SSL From Your Smartphone Support for Android Smartphones www.sharetech.com.twwww.sharetech.com.tw / www.higuard.comwww.higuard.com.

SSL From Your Smartphone Support for Android Smartphones /
Sun NFS Distributed File System Presentation by Jeff Graham and David Larsen.

Sun NFS Distributed File System Presentation by Jeff Graham and David Larsen.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even

Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even
FLIP Architecture & Requirements Roger Cummings Symantec

FLIP Architecture & Requirements Roger Cummings Symantec
1 Weijing Chen Keith Allen XML Network Management Interface (draft-weijing-netconf-interface-01.txt) NETCONF Interim.

1 Weijing Chen Keith Allen XML Network Management Interface (draft-weijing-netconf-interface-01.txt) NETCONF Interim.
Model-based Programmable Networks

Model-based Programmable Networks
Draft-shafer-netconf-syslog-00.txt Phil Shafer July 2006 IETF 66, Montreal.

Draft-shafer-netconf-syslog-00.txt Phil Shafer July 2006 IETF 66, Montreal.
draft-ietf-netconf-call-home-01

draft-ietf-netconf-call-home-01
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman

Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman
Introducing CoMI Aligned with RestCONF (draft-ietf-netconf-restconf-04) Common data modeling language (YANG defined in RFC 6020) Protocol (CoAP instead.

Introducing CoMI Aligned with RestCONF (draft-ietf-netconf-restconf-04) Common data modeling language (YANG defined in RFC 6020) Protocol (CoAP instead.
© Hitachi, Ltd. 2007. All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.

© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
Abierman-netconf-mar03 1 NETCONF BOF 56th IETF San Francisco, California March 17, 2003 Discussion: Admin:

Abierman-netconf-mar03 1 NETCONF BOF 56th IETF San Francisco, California March 17, 2003 Discussion: Admin:
Syslog (1) The purpose of syslog is to write system messages to a log The purpose of syslog is to write system messages to a log Syslog messages can include.

Syslog (1) The purpose of syslog is to write system messages to a log The purpose of syslog is to write system messages to a log Syslog messages can include.

Similar presentations

Ads by Google