| Name | Organization | Role | |
|---|---|---|---|
| Andrea Campanella | ONF | Developer | andrea@opennetworking.us |
| Helen Wu | Developer |
This section provides an overview on the NETCONF protocol implementation in ONOS.
NetconfController.java implemented by NetconfControllerImpl.java: tracks all the NETCONF devices, serves as a one stop for connecting and obtaining a device and (un)register listeners on device events.
Through implementing the NetconfDeviceOutputEventListener.java and adding the listener to the session anybody who needs to obtain device notifications can listen on device generated messages that are picked up by the listeners implementations that is in the set of to be notified listeners in the StreamHandler implementation, right now NetconfStreamThread.java.
For more background on NETCONF operations, refer to this reference source about NETCONF protocol operations.
Currently, ONOS is made aware of NETCONF devices through the use of a Network Configuration Service JSON file, which represents the configuration of and provides information about devices. An example of such a file is provided here on GitHub if you don't have the source code checked out or in the ONOS source code in ${ONOS_ROOT}/tools/test/configs/netconf-cfg.json. This JSON file informs ONOS of the existence of such devices when it is pushed, but the confirmation of their reachability and availability occurs in the device provider, NetconfDeviceProvider. For more information about the device subsystem, refer to the Device Subsystem wiki page. When the NETCONF devices from the JSON files are pushed to ONOS, the devices are created with the default availability set to false, indicating inability to use the device. Shortly after (approximately 3 seconds after devices configuration is pushed to ONOS), and at intervals of 30 seconds afterwards, the reachability of all devices in the configuration is checked, and according to the information collected, the devices are either marked online (available=true), marked offline (available=false), or the availability state is left unchanged.
If you have your own device that talks NETCONF protocol follow this section. Otherwise, if you want to try ONOS NETCONF implementation out with a test VM proceed to the Example section.
Once you have your device Running on some IP address and some port, in order to make ONOS see it you should follow these steps.
activate the netconf app :
onos> app activate org.onosproject.netconf |
if you wrote your own driver for your device activate that specific driver (i.e.) :
onos> app activate org.onosproject.drivers.fujitsu |
give ONOS the information to connect to the device and which driver to use for you device in a json file. You need to specify username, password, ip and port. If you wrote a specific driver that has also to be changed form the standard "netconf" one.
{
"devices": {
"netconf:<ip>:<port>": {
"netconf": {
"ip": "<ip>",
"port": <port>,
"username": "<username>",
"password": "<password>"
},
"basic": {
"driver": "<driver-name>"
}
}
}
}
|
A working example is here on GitHub or in $ONOS_ROOT/tools/test/configs/netconf-cfg.json if you have the source code. Change the IP both in the DeviceId at the top and in the devices array. The port number by default on NETCONF is 830, so unless you made any changes to that leave it as is. For passwordless ssh, don't provide password field in the netconf-cfg.json and generate ssh keys on onos host machine at path /root/.ssh/ with name id_rsa using ssh-keygen -m PEM -t rsa -N "" -f /root/.ssh/id_rsa. ONOS will automatically pick up private key from this path and use it for authenticating ssh session.
You can also add other information, more than the driver, to the basic device configuration information: "type": "<device-type>", "manufacturer": "<device-manufacturer>","hwVersion": "<hw-version>","swVersion": "<sw-version>".
If you don't specify any driver-name in the basic configuration ONOS will assign the default one. Being the default one very much related to OpenFlow devices. It's suggested to always specify the driver-name with yours or the "netconf" one.
upload the configuration you just wrote to the instance of ONOS you are running, in our case localhost:
<your_machine>~$ curl -X POST -H "content-type:application/json" http://localhost:8181/onos/v1/network/configuration -d @<path_to_your_json_configuration_file> --user onos:rocks |
or
<your_machine>~$ onos-netcfg localhost <path_to_your_json_configuration_file> |
Check if the device is present in ONOS:
onos> devices |
should return, among other devices also something like:
onos> id=netconf:10.1.9.24:830, available=true, role=MASTER, type=SWITCH, mfr=unknown, hw=unknown, sw=unknown, serial=unknown, ipaddress=10.1.9.24, driver=ovs-netconf, name=netconf:10.1.9.24:830 |
If the device is not present then it could have been and error and you have to check the logs.
for localhost logs
<your_machine>~$ tl |
or for remote logs
<your_machine>~$ ol <IP Address with ONOS instance> |
verify that the logs don't contain NETCONF related exceptions and this warning does not appear:
WARN | event-dispatch-0 | ListenerRegistry <.....> org.onosproject.netconf.NetconfException: Can't connect to NETCONF device on 10.1.9.24:830 |
In case the log is present it means that the device was not able to reply on the given IP and Port. Verify Ip and Port in the Json file you posted and retry. If any other exception is present, such as no device name, please read the log and react to it accordingly.
The NETCONF controller has 3 timeout parameters which control how the underlying SSH client connects to the remote NETCONF device
These 3 parameters are changeable both system wide through the Configuration Service and individually per NETCONF device through the Network Configuration Service.
The system-wide adjustment can be made through the ONOS CLI "cfg get" shows the values and "cfg set" changes the values:
onos> cfg get org.onosproject.netconf.ctl.impl.NetconfControllerImpl
org.onosproject.netconf.ctl.impl.NetconfControllerImpl
name=sshLibrary, type=string, value=apache-mina, defaultValue=apache-mina, description=Ssh Library instead of apache_mina (i.e. ethz-ssh2
name=netconfIdleTimeout, type=integer, value=300, defaultValue=300, description=Time (in seconds) SSH session will close if no traffic seen
name=netconfConnectTimeout, type=integer, value=5, defaultValue=5, description=Time (in seconds) to wait for a NETCONF connect.
name=netconfReplyTimeout, type=integer, value=5, defaultValue=5, description=Time (in seconds) waiting for a NetConf reply
onos>
|
Values for individual devices are settable through the Network Configuration Service. Under the "netconf" grouping the following additional attributes can be optionally added in any order
If individual device settings exist for a device, they will take priority over system wide settings for that device. It is at the creation of the NETCONF session that the values are taken in to account and changing them after that will have no effect on that session. If the session is closed however, and a new session opened, then any new values are taken in to account.
"devices": {
<device-id>: {
"netconf": {
"username": <user>,
"password": <pw>,
"ip": <ip>,
"port": <port>,
"connect-timeout": 20,
"reply-timeout": 25
},
|
Two different SSH Client libraries are available in ONOS for NETCONF connections - Apache Mina SSH Client and Ganymede SSH Client - Apache Mina is the default library.
Again the client library may be set system wide or individually per device. To set it per device use the following when provisioning the device through the Network Configuration Service.
NOTE : ethz-ssh2 has been removed from ONOS 1.10 onwards.
An example of NETCONF infrastructure usage is getting and setting controllers on a device. These operations are defined in an ONOS Behaviour, in our case the NetconfControllerConfig.java, that implements ControllerConfig general behaviour. To do in the Behaviour operations on the devices, you need the NetconfController, which you can obtain through the DriverHandler. The NetconfController instance now gives you access to all the device or a single device. Once you have the device you are interested in based upon the deviceId you can get the NetconfSession object to communicate with the device and do operations on the physical devices, like getting the configuration in the get controllers methods or setting a pre-built new one for the setControllers. XmlConfigParser.java offers a method to extract the desired information from an devices's XML response and another method to produce the correct XML to set one or more controller on a specific device.
You can take a look at the actual implementation of the get and set controllers operation in the NetconfControllerConfig.java class. For an example of other operations that can be implemented the OVSDB infrastructure provides a good starting point.
To call the getControllers and setControllers methods you need to obtain the ControllerConfig Behaviour and then call on this instance the methods. The set and get commands are implemented, as an example, in DeviceControllersCommand.java and DeviceSetControllersCommand.java that provide, in two CLI commands
onos> device-controllers |
onos> device-setcontrollers |
To test locally (not on real switches) the NETCONF implementation you need the Mininet machine with of-config installed (link to mininet machine).
| VM | Description | Comments |
|---|---|---|
| onos-ofconfig-mininet.ova | Mininet machine with of-config installed | Username / Password: mininet / mininet |
of-config is wrapper for an openvswitch instance, that uses NETCONF protocol and translates it to OVSDB in order to use that database implementation.
Infrastructure Setup:
[Optional] If you are running one ONOS instance outside of localhost (127.0.0.1), set a controller with the set controller command. For example, you will have a different IP for your ONOS instance.
mininet-vm:~$ sudo ovs-vsctl set-controller ofc-bridge tcp:10.128.12.1:6653 |
[Optional] If you are running multiple external ONOS instances,
mininet-vm:~$ sudo ovs-vsctl set-controller ofc-bridge tcp:10.128.12.1:6653 tcp:10.128.12.2:6653 tcp: 10.128.12.3:6653 |
Start the ofc-server in the Mininet machine
mininet-vm:~$ sudo ofc-server -v 3 -f |
activate the netconf app :
onos> app activate org.onosproject.netconf |
activate the netconf drivers :
onos> app activate org.onosproject.drivers.netconf |
give ONOS the information to connect to the device and which driver to use for it in the $ONOS_ROOT/tools/test/configs/netconf-cfg.json file. Change the IP both in the DeviceId at the top and in the devices array. The port number by default on NETCONF is 830, so unless you made any changes to that leave it as is.
upload the configuration you just modified to the instance of ONOS you are running, in our case localhost:
<your_machine>~$ curl -X POST -H "content-type:application/json" http://localhost:8181/onos/v1/network/configuration -d @$ONOS_ROOT/tools/test/configs/netconf-cfg.json --user onos:rocks |
or
<your_machine>~$ onos-netcfg localhost $ONOS_ROOT/tools/test/configs/netconf-cfg.json |
open the onos logs
for localhost logs
<your_machine>~$ tl |
or for remote logs
<your_machine>~$ ol |
verify that the logs don't contain NETCONF related exceptions and this warning does not appear:
| WARN | event-dispatch-0 | NetconfDeviceProvider | 186 - org.onosproject.onos-netconf-provider-device - 1.4.0.SNAPSHOT | Can't connect to NETCONF device on <ip>:<port> |
In case the log is preset it means that the device was not able to reply on the given IP and Port. Verify Ip and Port in the Json file you posted and retry. If any other exception is present, such as no device name, please read the log and react to it accordingly.
Call the command or run the app you have written. For example:
onos> device-controllers netconf:@10.1.9.24:830 |
If you start a subscription to a device with createSubscription, ONOS will receive <notification> XML messages from the NETCONF device. NetconfAlarmProvider and NetconfAlarmTranslator translate these notification messages into alarms, as they are defined in Alarm.java, and notifies the core about the new alarms. For more information about fault management, refer to NETCONF Fault Management.
There is much room for improvement and testing, this is only a basic skeleton of the infrastructure. The improvement should be focused on extracting the XML that is now encoded in the NetconfSessionImpl's methods and testing each operation. In the future the XML can be generated through YANG models so it can be specific for every type of device we want to connect.