Module 1: ConfD Technical Introduction

1©2015 Tail-f Systems all rights reservedFebruary 13, 2015
ConfD Technical Introduction

What is ConfD?
ConfD provides a data-model driven management plane framework which provides a
variety of standards-based northbound management interfaces for use in building
network elements:
Physical Network Devices
Virtual Network Devices
(VNF in NFV)
Network Appliances
etc.

How is ConfD different?
SNMP agent
CLI engine
NETCONF server
…
Protocol Focused Agents
Stove-pipe
Feature-lag
Just the protocol layer
Data-model driven
Any protocol
ConfD
All protocols
No feature lag
Core engine

ConfD Overview
Network
Element
NETCONF SNMP REST CLI Web
Database Data Provider API
Managed Object API
Management Agent API
OSS/BSS
MO MOMO
ConfD Core Engine
MO
External
DatabaseOperational
Data
MO

ConfD Overview
Network
Element
CDB
Database
Data Provider API
CDB API
OSS/BSS
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App
Auto-rendered management interfaces and data schema
YANG
Data Models

True Model-Driven
• Information models (UML, SID, …)
• Important for communication between domain experts
• Needs “mapping” to data-models
• Data Models
• Concrete
• Means something in reality
• Tail-f story
• Core-engine driven by data-models
• No stubs!
• Translators to information models, UML, SID, …
• You can execute with the data-model only
• CLI
• WebUI
• Database
• …
• YANG – RFC 6020
• IETF greybeards
• Concrete, precise, semantically rich
• Clarity – “anyone” can read
• Precision – self documenting
• Modular data models
• Extensible language
• Code generation

YANG Example
module sys {
namespace "urn:sys";
prefix sys;
import tailf-common {
prefix tailf;
}
typedef interface-name {
type string {
length "min .. 30";
pattern "[A-Za-z][^/:.]*";
}
}

YANG Example (cont.)
container sys {
container numbers {
leaf odd {
type int32;
default 1;
must "(. mod 2) = 1" {
error-message "can only be an odd number";
tailf:dependency ".";
}
} }
list ifc {
key name;
max-elements 1024;
leaf name {
type interface-name;
}
leaf enabled {
type boolean;
default true;
}

YANG Example (cont.)
list labels {
key string;
max-elements 16;
description
"A label is an alphanumeric string assigned to an
interface. Each interface can have many labels. The
purpose here is simply to show a must validation that
requires the labels to be unique for all interfaces.”;
leaf string {
type string {
length "1..31";
pattern "[a-zA-Z][a-zA-Z0-9_-]*";
}
must "not(/sys:sys/sys:ifc[name = current()])" {
error-message
"A label can not be the same as an interface name";
tailf:dependency "/sys/ifc/name";
}
must "count(/sys/ifc/labels[string = current()]) = 1" {
error-message "All labels must be unique";
tailf:dependency ".";
}

ConfD Overview
ConfD
ConfD Core Engine
CDB
Database
Transaction Management
Session Management / Authentication
Role-based Access Control
Audit Trailing
Redundancy / Replication
Validation (syntactic and semantic)
Rollback Management
Upgrades and Downgrades
Data Provider API CDB API
Operational
Data
Counters
Alarms
StatisticsMO
External
Database Operational
Data
MO
Validation
API
Authentication
API
Radius
PAM
TACACS
Others
Operational Data
Operational
Data API
App AppApp

ConfD Overview
API lib
App
IPC (via TCP Sockets)
Application Blades
Management Blade
= Unix/Linux process
NETCONF
ConfD
SNMP REST CLI WEB
API lib
App
API lib
App
API lib
App
API libraries available for: C, Erlang, Java, and Python (limited coverage)

High Availability
NETCONF
Management Blade
ConfD
Configuration
Datastore
SNMP
REST
CLI
Web
“Standby”
NETCONF
Management Blade
ConfD
Configuration
Datastore
SNMP
REST
CLI
Web
Data Replication
“Active”
Application
Blade

Integrated Database (CDB)
CDB
Database
Data Provider API
CDB API
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App
• Hierarchical database
• ACID test compliant
• Atomicity, consistency, isolation, durability
• Fast, lightweight, fault-tolerant
• Compact binary XML format
• Memory resident with journal in persistent storage
• Schema automatically derived from YANG
• Supports 1:N data replication
• Supports automatic schema version
up/downgrades
• CDB can hold some or all data
• Configuration data and/or Operational data
• External database can be used in addition to or instead of
• Automatic loading of initial data
• Applications read data, then subscribe to relevant
configuration changes
• Subscription notifications with priority level
ordering
• Multiple datastores per NETCONF standards
• Startup, running, candidate, operational

NETCONF Interface
• IETF RFC 4741/6241
• Full implementation
• All mandatory and all optional capabilities
• RFC 4742/6242 NETCONF over SSH
• Streams XML over SSH
• Separates operational data
from configuration
• Distributed transactions
• RFC 5277 NETCONF notifications
• Support included for various IETF standardized
YANG data models
<get-config>
<edit-config>
<delete-config>
<lock>
<unlock>
<get>
<close-session>
<kill-session>
<commit>
<discard-changes>
:writeable-running
:candidate
:confirmed-commit
:rollback-on-error
:validate
:startup
:URL
:XPath
NETCONF
OPERATIONS
NETCONF
CAPABILITIES
CDB
Database
Data Provider API
CDB API
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App

SNMP Agent
• SNMP machine interface
• Any combination of v1, v2c, v3
• Supports all operations
• Send SNMP notifications (traps)
• MIBs implemented by ConfD include:
• RFC-3411 (SNMP-FRAMEWORK-MIB)
• RFC-3414 (USM)
• RFC-3415 (VACM)
• RFC-3418 (SNMPv2-MIB)
• MIB to YANG translator
• YANG to MIB translator
CDB
Database
Data Provider API
CDB API
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App

Command Line Interface (CLI)
• Auto rendering of three CLI styles:
• Cisco – XR style
• Cisco – legacy IOS style
• Juniper – JUNOS style
• Rich editing with tab-completion for
commands,
static elements and dynamic instances
• History, hints, help
• Extensible with custom/external
commands, wizards
• Typically runs over SSH
CDB
Database
Data Provider API
CDB API
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App

Web
• JSON RPC API
• Access data
• Run transactions and rollbacks
• Do validation
• Execute actions
• Access data model schema information
• Customer choice of toolsets and
frameworks
• Preserve existing Web content
• Example of how to implement an auto-
rendered Web UI provided
• Supports HTTP and HTTPS

REST
• Relies on verbs of transport layer:
• HTTP 1.1
• GET : get resources
• Selectors : shallow, deep
• PUT : replace existing resource
• POST : create resource
• DELETE : delete resource
• PATCH (RFC5789) : modify existing resource
• HEAD, OPTIONS
• Stateless, client-server
• Hyperlinked, just like the web
• XML or JSON as data containers
• Links to available data-stores and operations
CDB
Database
Data Provider API
CDB API
App AppApp
ConfD Core Engine
App
External
DatabaseOperational
Data
App
$curl –u admin:admin –s http://localhost:8008/api
• /api/running
• /api/candidate
• /api/operations
• /api/operational
• /api/rollback

Why ConfD
Make your customer happy
Make your device
• Manageable
• Programmable
• Standards -compliant
Save time
• Render management interfaces
• Model-driven
• Iterative development
• NETCONF, CLI, SNMP, REST, Web
• Transactions and rollbacks
• Validations
• Configuration and monitoring
• No feature lag
• Core components
• Embedded database
• Domain-specific functions
• Rich APIs
• Well-tested, 70+ customers

Data ProviderAPI
A transaction can be viewed as a conceptual state machine
• Phases of a transaction correspond to states
• API transaction callback function invocations are state transitions
Start
Read
Prepare
Write
Validate
Abort Commit
init()
commit()
prepare()
write_start()
trans_lock()trans_unlock()
finish()
abort()
finish()
finish()
get_next()
get_elem()
finish()
finish()
set_elem()
create()
remove()
get_next()
get_elem()

Module 1: ConfD Technical Introduction

In this document