Switch to model-driven mode and enable NETCONF

Learn

Aim


This article describes how to move from classic configuration mode to model-driven configuration mode in SR OS. It also details the basic configurations needed to start using one of the model-driven management interfaces on SR OS, i.e.: NETCONF


Equipment and tools


This article is written in the form of a tutorial. It assumes that you have access to one or more Nokia SR OS 7750/7950 routers (or vSIMs) and that you have a valid license for these products (if you need any of these, please contact your Nokia representative).


The following elements were used in this article:


Item Version
SR OS 20.10.R1

Let's get started!


Let's get to it. This article is divided into the following sections:

  1. Enabling model-driven configuration mode
  2. Enabling SR OS NETCONF


Enabling model-driven configuration mode


From classic CLI (the commands can be entered if already in model-driven mode as well) select the YANG modules to use on SR OS. The available options are:


/configure system management-interface yang-modules base-r13-modules
/configure system management-interface yang-modules nokia-combined-modules
/configure system management-interface yang-modules nokia-modules
/configure system management-interface yang-modules openconfig-modules


For example, to use the Nokia combined YANG modules only you would configure the following:


/configure system management-interface yang-modules nokia-combined-modules true
/configure system management-interface yang-modules nokia-modules false
/configure system management-interface yang-modules base-r13-modules false
/configure system management-interface yang-modules openconfig-modules false

Note

  • Setting the nokia-combined-modules to true, means that all configuration data is modeled using a single YANG file (i.e. nokia-conf-combined.yang) and all state data is modeled using a single YANG file (i.e. nokia-state-combined.yang).
  • Setting the nokia-modules to true, means that all configuration data is modeled using multiple YANG files (i.e. One nokia-conf.yang file that includes many domain specific sub-modules) and all state data is modeled using multiple YANG files (i.e. One nokia-state.yang file that includes many domain specific sub-modules)
  • The nokia-combined-modules and the nokia-modules cannot be both set to true at the same time. If both are configured to be true at the same time, the configuration is accepted at configuration time but will fail at commit time.
  • These configuration changes impact the following:
  1. the SR OS NETCONF server hello message
  2. the reply of a /get/filter/netconf-state/schemas/ request
  3. the reply of a /get/filter/modules-state/ request

If your network device is not currently set to model-driven mode, this can be achieved by entering the following SR OS configuration command using classic CLI:


/configure system management-interface configuration-mode model-driven


The SR OS device is now setup in model-driven mode, however, to make configuration changes you will need to be in the model-driven CLI (MD-CLI).  To switch into MD-CLI type the following:


//


That's it!  You are now in SR OS model-driven mode.


Note

The next time you log into the device you will automatically be placed into MD-CLI and do not need to type // each time


Enabling SR OS NETCONF

Mandatory configuration


The below is a list of mandatory configuration commands that you should configure to use SR OS NETCONF:


  • Ensure the SR OS SSH server is enabled
/configure system security ssh server-admin-state enable
  • Ensure the SR OS NETCONF server is enabled
/configure system management-interface netconf admin-state enable
  • Setup a NETCONF user with the appropriate access permissions. For example, a “netconf” user (password "nokia123") that has access to use netconf and is a member of the "administrative" user profile:
/configure system security user-params local-user user “netconf"
/configure system security user-params local-user user “netconf" password "nokia123"
/configure system security user-params local-user user “netconf" access netconf true
/configure system security user-params local-user user “netconf" console member ["administrative"]
  • Commit all the configuration changes
/commit

Recommended configuration


The below is a list of recommended configuration commands that can impact the bahvior of SR OS NETCONF:

  • Ensure the auto-config-save element is set to true. This configuration element controls whether SR OS NETCONF shall automatically save the running configurations post every successful commit (or not)
/configure system management-interface netconf auto-config-save true
  • Ensure the writeable-running capability is set to false. This configuration element controls using/advertising the writeable-running capability in SR OS.
/configure system management-interface netconf capabilities writable-running false
  • Ensure the base-r13-modules is set to false. This configuration element controls using/advertising the base-r13 YANG modules. These YANG modules are not transactional and not recommended to be used.
/configure system management-interface yang-modules base-r13-modules false
  • Commit all the configuration changes
/commit

Optional configuration


The below is a list of optional configuration commands that can impact the bahvior of SR OS NETCONF:

  • Determine whether a local user profile can lock/unlock a datastore using the NETCONF's <lock>/<unlock> RPCs
/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization lock true
  • Determine whether a local user profile can end active NETCONF sessions using NETCONF's <kill-session> RPC
/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization kill-session true
  • Determine which port to use for interaction with the SR OS NETCONF server.
/configure system management-interface netconf port 22

Note

By default, port 830 is used. Port 22 can be used if needed. One port can be used at a time.

  • Commit the configuration changes
/commit

Conclusion


You now have an SR OS router running in model-driven mode with the NETCONF interface enabled and ready for operational use.

You will notice that a small number of "one-time" mandatory configurations are needed prior to using the SR OS NETCONF server. There are some recommended configurations and a small number of optional configurations.  These can improve your operaitonal experience.


Author: WE

On this page