ITKarma picture


In this article I’ll show you how to configure OpenDaylight for working with network equipment, and also show how to use Postman and simple RESTCONF Requests for this equipment can be managed. We will not work with hardware, but instead we will deploy small virtual laboratories with a single router using Vrnetlab on top of Ubuntu 20.04 LTS .


I’ll show the detailed configuration first with the example of the Juniper vMX 20.1R1.11 router, and then we will compare it with the Cisco xRV9000 7.0.2 setting.


Content


  • Essential knowledge
  • Part 1 : a brief discussion of OpenDaylight (hereinafter ODL ) , Postman and Vrnetlab /em>and why do we need them
  • Part 2 : Virtual Lab Description
  • Part 3 : customizing OpenDaylight
  • Part 4 : customizing Vrnetlab
  • Part 5 : using Postman we connect a virtual router ( Juniper vMX ) to ODL
  • Part 6 : get and change the router configuration using Postman and ODL
  • Part 7 : adding the Cisco xRV9000
  • Conclusion
  • P.S.
  • References

Essential knowledge


In order to prevent the article from turning into a sheet, I omitted some technical details (with links to the literature, where you can read about them).


In this connection, I offer you topics that it would be nice (but almost not necessary) to know before reading:



Part 1: a bit of theory


ITKarma picture


  • An open SDN platform for managing and automating all kinds of networks supported by the Linux Foundation
  • Java inside
  • Based on Model-Driven Service Abstraction Level (MD-SAL)
  • Uses the YANG model to automatically create the RESTCONF API for network devices

The main module for network management. It is through him that we will communicate with connected devices. Managed through its own API.


You can read more about OpenDaylight here .


ITKarma picture


  • API Testing Tool
  • Simple and easy to use interface

In our case, it is interesting to us as a means for sending REST requests to the OpenDaylight API. You can, of course, manually send requests, but in Postman everything looks very clear and is suitable for our purposes.


For those wishing to rummage: a lot of educational materials have been written on it ( for example ).


ITKarma picture


  • A tool for deploying virtual routers in Docker
  • Supports: Cisco XRv, Juniper vMX, Arista vEOS, Nokia VSR and others.
  • Open Source

A very interesting, but little-known tool. In our case, with it, we will launch Juniper vMX and Cisco xRV9000 on a regular Ubuntu 20.04 LTS.


You can read more about it on the project page .


Part 2: laboratory work


As part of this tutorial, we will configure the following system:


ITKarma picture


How it works


  • Juniper vMX rises in the Docker container (using the Vrnetlab means) and functions as the most ordinary virtual router.
  • ODL is connected to the router and allows you to manage it.
  • Postman is run on a separate machine and through it we send the ODL commands: to connect/remove the router, change the configuration, etc.

Comment on the system device

Juniper vMX and ODL require quite a lot of resources for their stable operation. Only vMX asks for 6 Gb of RAM and 4 cores. Therefore, it was decided to transfer all the “heavyweights” to a separate machine ( Heulett Packard Enterprise MicroServer ProLiant Gen8, Ubuntu 20.04 LTS ). The router, of course, does not "fly" on it, but for small experiments there is enough performance.


Part 3: customizing OpenDaylight


ITKarma picture


The current version of ODL at the time of writing is Magnesium SR1


1) Install Java OpenJDK 11 (for a more detailed installation here )


ubuntu:~$ sudo apt install default-jdk 

2) Find and download the latest ODL assembly from here
3) Unzip the downloaded archive
4) Go to the resulting directory
5) Launch CDMY0CDMY


At this step, ODL should start and we will be in the console (Port 8181 is used for access from outside, which we will use later).


Next, install ODL Features , designed to work with the protocols NETCONF and RESTCONF . To do this, in the ODL console, execute:


opendaylight-user@root> feature:install odl-netconf-topology odl-restconf-all 

The simplest ODL setup is now complete. (You can read more about here ).


Part 4: configure Vrnetlab


ITKarma picture


Preparing the system


Before installing Vrnetlab , you need to install the packages required for its operation. Like Docker , git , sshpass :


ubuntu:~$ sudo apt update ubuntu:~$ sudo apt -y install python3-bs4 sshpass make ubuntu:~$ sudo apt -y install git ubuntu:~$ sudo apt install -y \ apt-transport-https ca-certificates \ curl gnupg-agent software-properties-common ubuntu:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - ubuntu:~$ sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" ubuntu:~$ sudo apt update ubuntu:~$ sudo apt install -y docker-ce docker-ce-cli containerd.io 

Installing Vrnetlab


To install Vrnetlab , clone the corresponding repository from github:


ubuntu:~$ cd ~ ubuntu:~$ git clone https://github.com/plajjan/vrnetlab.git 

Go to the vrnetlab directory:


ubuntu:~$ cd ~/vrnetlab 

Here you can see all the scripts needed to run. Please note that for each type of router the corresponding directory is made:


ubuntu:~/vrnetlab$ ls CODE_OF_CONDUCT.md config-engine-lite openwrt vr-bgp CONTRIBUTING.md csr routeros vr-xcon LICENSE git-lfs-repo.sh sros vrnetlab.sh Makefile makefile-install.include topology-machine vrp README.md makefile-sanity.include veos vsr1000 ci-builder-image makefile.include vmx xrv common nxos vqfx xrv9k 

Create an image router


Each router supported by Vrnetlab has its own unique configuration procedure. In the case of Juniper vMX , we just need to upload the.tgz archive with a router (you can download it from the official website ) to the vmx directory and run the command CDMY1CDMY:


ubuntu:~$ cd ~/vrnetlab/vmx ubuntu:~$ # Копируем в эту директорию.tgz архив с роутером ubuntu:~$ sudo make 

Building the vMX image will take about 10-20 minutes.It's time to go make some coffee!


Why so long, you ask?

Translation of answer of the author to this question:


"This is due to the fact that the first time VCP (Control Plane) is launched, it reads a configuration file that determines whether it will work as a VRR VCP in vMX. Previously, this launch was performed during the launch of Docker, but this meant that VCP always restarted once before the virtual router became available, resulting in a long boot time (about 5 minutes).Now VCP starts for the first time during the build of the Docker image, and since the Docker build cannot be started with the --privileged option, this means that qemu runs without KVM hardware acceleration and thus takes a lot of time to build, and a lot of logs are output during this process, so at least you can see what happens. so scary, because we create the image once, and run many. "


After you can see the image of our router in Docker :


ubuntu:~$ sudo docker image list REPOSITORY TAG IMAGE ID CREATED SIZE vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 3 weeks ago 4.43GB debian stretch 614bb74b620e 7 weeks ago 101MB 

Run the vr-vmx container


Run the command:


ubuntu:~$ sudo docker run -d --privileged --name jun01 b1b2369b453c 

Next, we can see information about active containers:


ubuntu:~$ sudo docker container list CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 120f882c8712 b1b2369b453c "/launch.py" 2 minutes ago Up 2 minutes (unhealthy) 22/tcp, 830/tcp, 5000/tcp, 10000-10099/tcp, 161/udp jun01 

Connect to the router


The IP address of the network interface of the router can be obtained with the following command:


ubuntu:~$ sudo docker inspect --format '{{.NetworkSettings.IPAddress}}' jun01 172.17.0.2 

By default, Vrnetlab creates the user vrnetlab/VR-netlab9 on the router.
Connecting with CDMY2CDMY:


ubuntu:~$ ssh vrnetlab@172.17.0.2 The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established. ECDSA key fingerprint is SHA256:g9Sfg/k5qGBTOX96WiCWyoJJO9FxjzXYspRoDPv+C0Y. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts. Password: --- JUNOS 20.1R1.11 Kernel 64-bit JNPR-11.0-20200219.fb120e7_buil vrnetlab> show version Model: vmx Junos: 20.1R1.11 

This completes the configuration of the router.


Installation recommendations for routers of various vendors can be found on the github project in the appropriate directories.


Part 5: Postman - connect the router to OpenDaylight


Install Postman


To install, just download the application from here .


Connect the router to ODL


Create a PUT request:


ITKarma picture


  1. Query string:
    PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 
  2. Request body (Body tab):
    <node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> <node-id>jun01</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">172.17.0.2</host> <port xmlns="urn:opendaylight:netconf-node-topology">22</port> <username xmlns="urn:opendaylight:netconf-node-topology">vrnetlab</username> <password xmlns="urn:opendaylight:netconf-node-topology">VR-netlab9</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> <schema-cache-directory xmlns="urn:opendaylight:netconf-node-topology">jun01_cache</schema-cache-directory> </node> 
  3. On the Authorization tab, you must set the CDMY3CDMY parameter and login/password: admin/admin. This is required to access ODL:
    ITKarma picture
  4. On the Headers tab, you need to add two headers:
    • Accept application/xml
    • Content-Type application/xml

Our request has been generated. We send. If everything was configured correctly, then we should return the status of "201 Created":


ITKarma picture


What does this request do?

We create a node inside the ODL with the parameters of the real router we want to access.


xmlns="urn:TBD:params:xml:ns:yang:network-topology" xmlns="urn:opendaylight:netconf-node-topology" 

These are the internal XML namespaces ( XML namespace ) for the ODL according to which it creates the node.


Further, accordingly, the name of the router is node-id , the address of the router is host and so on.


The most interesting line is the last one. Schema-cache-directory creates a directory into which all YANG Schema files of the connected router are pumped out. You can find them at CDMY4CDMY.


Check the connection of the router


Create a GET request:


  1. Query string:
    GET http://10.132.1.202:8181/restconf/operational/network-topology:network-topology/topology/topology-netconf/ 
  2. On the Authorization tab, you must set the CDMY5CDMY parameter and login/password: admin/admin.

Submit. Must get the status "200 OK" and a list of all supported devices YANG Schema :


ITKarma picture


Comment : In order to see the latter, in my case it was necessary to wait about 10 minutes after performing PUT until all YANG shema were unloaded on ODL . Until this moment, when executing this GET request, the following will be displayed:


ITKarma picture


Delete the router


Create a DELETE query:


  1. Query string:
    DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 
  2. On the Authorization tab, you must set CDMY6CDMY parameter and login/password: admin/admin.

Part 6: Changing the configuration of the router


Get the configuration


Create a GET request:


  1. Query string:
    GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/ 
  2. On the Authorization tab, you must set the CDMY7CDMY parameter and login/password: admin/admin.

Submit. Must get the status "200 OK" and router configuration:


ITKarma picture


Create the configuration


As an example, create the following configuration and modify it:


protocols { bgp { disable; shutdown; } } 

Create a POST request:


  1. Query string:
    POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols 
  2. Request body (Body tab):
    <bgp xmlns="http://yang.juniper.net/junos/conf/protocols"> <disable/> <shutdown> </shutdown> </bgp> 
  3. On the Authorization tab, you need to set CDMY8CDMY parameter and login/password: admin/admin.
  4. On the Headers tab, you need to add two headers:
    • Accept application/xml
    • Content-Type application/xml

After sending, you should receive the status "204 No Content"


To verify that the configuration has changed, you can use the previous request. But for an example, we will create another one that displays information only about the protocols configured on the router.


Create a GET request:


  1. Query string:
    GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols 
  2. On the Authorization tab, you must set the CDMY9CDMY parameter and login/password: admin/admin.

After completing the request, we will see the following:


ITKarma picture


Change the configuration


Change the BGP protocol information. After our actions, it will look like this:


protocols { bgp { disable; } } 

Create a PUT request:


  1. Query string:
    PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols 
  2. Request body (Body tab):
    <protocols xmlns="http://yang.juniper.net/junos/conf/protocols"> <bgp> <disable/> </bgp> </protocols> 
  3. On the Authorization tab, you must set the CDMY10CDMY parameter and login/password: admin/admin.
  4. On the Headers tab, you need to add two headers:
    • Accept application/xml
    • Content-Type application/xml

Using the previous GET request, we see the changes:


ITKarma picture


Delete the configuration


Create a DELETE query:


  1. Query string:
    DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols 
  2. On the Authorization tab, you must set the CDMY11CDMY parameter and login/password: admin/admin.

When you call the GET request with protocol information, we will see the following:


ITKarma picture


Addition:


In order to change the configuration, it is not necessary to send the request body in XML format. You can do this in JSON format.


To do this, for example, in the PUT request for a configuration change, replace the request body with:


{ "junos-conf-protocols:protocols": { "bgp": { "description" : "Changed in postman" } } } 

Remember to change the headers in the Headers tab to:


  • Accept application/json
  • Content-Type application/json

After sending, we will get the following result (We look at the response using the GET request):


ITKarma picture


Part 7: add the Cisco xRV9000


What are we all about Juniper, and what about Juniper? Let's talk about Cisco!
I found xRV9000 version 7.0.2 (a beast that needs 8Gb RAM and 4 cores. It does not lie in the public domain, so please contact Cisco ) - and run it.


Launch container


The process of creating a Docker container is practically no different from Juniper. Similarly, we drop the.qcow2 file with the router into the directory corresponding to its name (in this case xrv9k) and execute the CDMY12CDMY command.


After a few minutes, we see that the image was created:


ubuntu:~$ sudo docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE vrnetlab/vr-xrv9k 7.0.2 54debc7973fc 4 hours ago 1.7GB vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 4 weeks ago 4.43GB debian stretch 614bb74b620e 7 weeks ago 101MB 

We launch the container:


ubuntu:~$ sudo docker run -d --privileged --name xrv01 54debc7973fc 

After a while, we see that the container has started:


ubuntu:~$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 058c5ecddae3 54debc7973fc "/launch.py" 4 hours ago Up 4 hours (healthy) 22/tcp, 830/tcp, 5000-5003/tcp, 10000-10099/tcp, 161/udp xrv01 

Connect via ssh:


ubuntu@ubuntu:~$ ssh vrnetlab@172.17.0.2 Password: RP/0/RP0/CPU0:ios#show version Mon Jul 6 12:19:28.036 UTC Cisco IOS XR Software, Version 7.0.2 Copyright (c) 2013-2020 by Cisco Systems, Inc. Build Information: Built By : ahoang Built On : Fri Mar 13 22:27:54 PDT 2020 Built Host : iox-ucs-029 Workspace :/auto/srcarchive15/prod/7.0.2/xrv9k/ws Version : 7.0.2 Location :/opt/cisco/XR/packages/Label : 7.0.2 cisco IOS-XRv 9000 () processor System uptime is 3 hours 22 minutes 

Connect the router to OpenDaylight


Adding happens in a completely similar way with vMX. You just need to change the names.
PUT request:
ITKarma picture


After a while, we call the GET request to check that everything is connected:
ITKarma picture


Change the configuration


Set up the following configuration:


! router ospf LAB mpls ldp auto-config ! 

Create a POST request:


  1. Query string:
    POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf 
  2. Request body (Body tab):
    { "processes": { "process": [ { "process-name": "LAB", "default-vrf": { "process-scope": { "ldp-auto-config": [ null ] } } } ] } } 
  3. On the Authorization tab, you must set CDMY13CDMY parameter and login/password: admin/admin.
  4. On the Headers tab, you need to add two headers:
    • Accept application/json
    • Content-Type application/json

After its implementation should receive the status of "204 No Content".


Let's check what we did.
To do this, create a GET request:


  1. Query string:
    GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf 
  2. On the Authorization tab, you need to set CDMY14CDMY parameter and login/password: admin/admin.

After execution you should see the following:


ITKarma picture


To delete the configuration, use DELETE :


  1. Query string:
    DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf 
  2. On the Authorization tab, you need to set CDMY15CDMY parameter and login/password: admin/admin.

Conclusion


In total, as you may have noticed, the procedures for connecting Cisco and Juniper to OpenDaylight are no different - this opens up a fairly wide scope for creativity. Starting from managing configurations of all network components and ending with creating your own network policies.
In this tutorial, I gave the simplest examples of how you can interact with network equipment using OpenDaylight.Without a doubt, requests from the above examples can be made much more difficult and you can configure entire services with one click - everything is limited only by your imagination *


To be continued.


P.S.


If you suddenly already know all this, or, conversely, have passed and you have a crush on ODL, then I recommend looking in the direction of developing applications on the ODL controller. You can start from here /a>.


Successful experiments!


References


  1. Vrnetlab: Emulate networks using KVM and Docker /Brian Linkletter
  2. OpenDaylight Cookbook/Mathieu Lemay, Alexis de Talhouet, Et al
  3. Network Programmability with YANG/Benoît Claise, Loe Clarke, Jan Lindblad
  4. Learning XML, Second Edition/Erik T. Ray
  5. Effective DevOps/Jennifer Davis, Ryn Daniels
.

Source