Presentation is loading. Please wait.

Presentation is loading. Please wait.

N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker.

Published byElisabeth Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker."— Presentation transcript:

1 N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker

2 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

3 OPERATIONS AND MANAGEMENT AREA Area Workgroups Examples: CAPWAP : Control And Provisioning of Wireless Access Points. BMWG: Benchmarking Methodology DIME : Diameter Maintenance and Extensions NETCONF : Network Configuration

4 NETCONF WORKING GROUP The NETCONF Working Group is chartered to produce a protocol suitable for network configuration. required characteristics includes: Differentiate between configuration data and non- configuration data. Extensible. Integration with user authentication methods. Integration with configuration database systems. Wide configuration transactions with features such as locking and rollback capability.

5 N ET C ONFIG P ROTOCOL The protocol provides mechanism to transfer and manipulate configuration data in a network device It uses an Extensible Markup Language (XML)- based data encoding for the configuration data and the protocol messages. The NETCONF protocol operations are realized on top of a simple Remote Procedure Call (RPC) layer.

6 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Example Partial Lock RPC With Default Capability TLS A GENDA

7 XML D ETOUR XML Why XML? XSD and Schemas Xpath XML Node XML Sub Tree Example

8 XML E XAMPLE root superuser Charlie Root 1 Value of Xpath (top/users/user/name)

9 D EFINITIONS Application / client Server / Device Data Store / Configuration file Capabilities

10 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

11 P ROTOCOL L AYERS Configuration Data Status Data? Content ….. Operation RPC SSL, SSH, BEEP, console Transport Protocol

12 A way for both client and server to announce there existence It also serves as an announcement of session ID as well as supported features !!! Extendible protocol means that there is no guarantee that the server and client support the same set features. Base capability must be supported How to handle different set of features?

13 S ERVE M E The client the needed advertised capabilities requests to the Server. The Server processes the requests on a FIFO basis (Pipe Line) The Server sends Required Data/ request status to the client How to associate a request with a reply? ID Client closes the session or Server terminates session due to timeout

14 RPC F OR L IFE Client Requests are RPC calls The data store is conceptually a list of XML namespaces The RPC manipulates these XML namespaces Changes to the XML name spaces are mapped by the device to actual changes in it’s internal configuration (registers, etc..) Server reply contains requested XML data, errors, warnings and optionally execution success feedback

15 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

16 B ASIC O PERATIONS Get get get-config Manipulate edit-config copy-config delete-config Parallel access control Lock unlock End session close-session kill-session

17 RPC BLOCKS

18 F ILTERS What’s a filter Using a filter

19 D EMO

20 <rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> root

21 <rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> root superuser Charlie Root 1

22 E XTENDED C APABILITIES C ASE S TUDY Partial lock With default Capabilities

23 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Example Partial Lock RPC With Default Capability TLS A GENDA

24 P ARTIAL L OCK RPC Describes the lock and unlock operations on parts of configuration data stores using XPath filtering mechanisms Definition of Terms Scope of the lock Protected area

25 P ARTIAL L OCKING C APABILITY Usage Scenarios Multiple managers with overlapping sections Multiple managers, distinct management areas New Operations

26 Locking a node protects the node itself and the complete sub-tree under the node The XPath expressions are evaluated only once at lock time NETCONF server that supports partial locking MUST be able to grant multiple simultaneous partial locks to a single NETCONF session Failure Global lock Already locked User does not have access rights

27 ( CTD.) RPC Call Parameters Filter (Lock) ID (Unlock) Deadlock Avoidance RPC Reply Positive (Lock ID in case of lock) Negative

28 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

29 W ITH DEFAULT CAPABILITY A new XML child element added to the method- name element. part of the configuration data is not set by the NETCONF client, but rather a default value is used. Some times NETCONF client has a prior knowledge about this default data, so the NETCONF server does not need to send it to the client. In other situations the NETCONF client will need this data so it must be sent at the NETCONF messages.

30 R EPORTING MODES report-all: All default data is always reported. trim: Values are not reported if they match the default. explicit: Default data is not reported except explicitly set default data.

31 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

32 NETCONF OVER TLS Configuration exchange must be secure. TLS Provide support for certificate-based mutual authentication. TLS is application-protocol-independent. How NETCONF can be used within a TLS session?

33 NETCONF OVER TLS Connection Initiation Client Hello message Handshake Start Exchange XML Connection Closure Agent (NETCO NF) Server (TLS) Manger (NETCO NF) Client (TLS )

34 NETCONF OVER TLS Endpoint Authentication and Identification Server Identity o The server hostname o Matching is case-insensitive. o A "*" wildcard character. o multiple names is acceptable. Client Identity

35 OPS NetConfig Work Group NetConfig Protocol XML Detour Definitions Protocol Layers Protocol Main Scenario Basic Operations Filters Demo Partial Lock RPC With Default Capability TLS A GENDA

36 Q UESTIONS !

37 C ONTACTS Group Mail : 4-team-Group@yahoogroups.com4-team-Group@yahoogroups.com Menna Hamza: hamza.menna@gmail.comhamza.menna@gmail.com Mohamad Hesham : iris_lastdance@yahoo.comiris_lastdance@yahoo.com Mona AbdelMageed : monaabdelmageed@yahoo.commonaabdelmageed@yahoo.com Yasmine Sahker : engineer.jessy@yahoo.comengineer.jessy@yahoo.com

Download ppt "N ETWORK C ONFIGURATION Prepared by: Menna Hamza Mohamad Hesham Mona Abdel Mageed Yasmine Shaker."

Similar presentations

XCAP Tutorial Jonathan Rosenberg.

XCAP Tutorial Jonathan Rosenberg.
Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
SOAP.

SOAP.
XML in the real world (2) SOAP. What is SOAP? ► SOAP stands for Simple Object Access Protocol ► SOAP is a communication protocol ► SOAP is for communication.

XML in the real world (2) SOAP. What is SOAP? ► SOAP stands for Simple Object Access Protocol ► SOAP is a communication protocol ► SOAP is for communication.
Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.

Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
111 XMLCONF Introduction Strategy Protocol Layering Session Management RPC Mechanism Capabilities Exchange Operational Model Protocol Operations Standard.

111 XMLCONF Introduction Strategy Protocol Layering Session Management RPC Mechanism Capabilities Exchange Operational Model Protocol Operations Standard.
XMLCONF IETF 57 – Vienna Rob Enns

XMLCONF IETF 57 – Vienna Rob Enns
NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.

NETCONF Light. Motivation To support devices unable to implement the full NETCONF protocol – The “-00” draft noted hardware-based resource constraints.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.

DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.
Wireless Application Protocol (WAP) Reference: Chapter 12, section 2, Wireless Communications and Networks, by William Stallings, Prentice Hall.

Wireless Application Protocol (WAP) Reference: Chapter 12, section 2, Wireless Communications and Networks, by William Stallings, Prentice Hall.
Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even

Slide #1 Minneapolis, March 10, 2005XCON WG, IETF62 draft-levin-xcon-cccp-02.txt Orit Levin Roni Even
IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.

IT 424 Networks2 IT 424 Networks2 Ack.: Slides are adapted from the slides of the book: “Computer Networking” – J. Kurose, K. Ross Chapter 2: Application.
Application Layer Protocols Simple Mail Transfer Protocol.

Application Layer Protocols Simple Mail Transfer Protocol.

Similar presentations

Ads by Google