Table of Contents
YANG based network automation using NETCONF, RESTCONF and gNMI protocols are the discussion of this course.
In the first lesson of the course, we will have a review and compare these three protocols.
CLI-based vs YANG-based Network Automation
In the previous course, “CLI based network automation using python nornir”, we have used netmiko, scrapli and napalm plugins to send CLI commands to many devices at the same time and automate the network.
But one challenge with CLI based automation is that different vendors and event different devices of the same vendor use different CLI syntax.
Also the output of show commands are text-based, which requires using regular expressions to parse the output and get some information.
However, Google and Cisco have already prepared TextFSM and Genie parsers that help us convert the text format of the output into a structured format that can be easily processed by programming languages.
However, YANG-based network automation uses a YANG hierarchical data structure that is natively structured, and therefore provides the capability to programmatically configure and also monitor network devices.
In other words, in YANG based network automation, we do not send CLI commands anymore but we update or read the data inside YANG data structure.
If you don’t have any background knowledge about the YANG protocol, don’t worry, in the next few lessons we will discuss the YANG data structure in more detail.
But just to get a first feel, the YANG data structure is something like the SNMP MIB structure, which is hierarchical and can be standard or vendor specific.
SNMP MIBs are mostly used only to monitor operational status of network devices, but YANG data structure was invented to add and update configurations, monitor configuration and also monitor operational data.
One advantage of YANG data structure is that If devices from multiple vendors use the same standard YANG structure, we configure the devices in the same way and independently of the vendor without worrying about the CLI syntax.
The other advantage of using YANG in network automation is that the output of show commands are always structured and can be easily processed with programming languages. Therefore, we don’t need a parser to process the output of show commands to access a specific piece of information.
YANG based Automation Protocols, NETCONF, RESTCONG and gNMI
There are three protocols, “netconf”, “restconf” and “gnmi” which use YANG data structure to monitor and configure network devices.
The NETCONF protocol is the oldest and the most mature protocol used to automate the network.
The RESTCONF is used to programmatically read or update the configuration of a network device and network softwares, but is still not suitable for bulk network automation.
But the trend is in the favor of restconf protocol and in addition to network devices, most networking softwares like cisco ACI, cisco ISE and Cisco DNA center has the capability to be programmed through RESTCONF protocol.
But gNMI is the latest protocol that also uses the YANG data structure.
At the time of writing (February 2023) there are a few vendors and devices that support this protocol. Arista EOS and Cisco IOS-XR fall between these devices, which only have limited support for gNMI.
NETCONF
This table shows the key differences between these protocols.
The protocol NETCONF uses RPC commands over SSH protocol to send and receive data to or the YANG data structure in network devices. RPC is an old protocol to send remote commands over the network.
In NETCONF, data must be encoded in XML format. If you have no prior knowledge of data encoding methods such as XML, JSON, Protobuf or YAML, we will cover them throughout the course.
With NETCONF it is possible to configure network devices, update or delete the configuration of network devices, monitor the configuration and also monitor the operational data such as interface statistics.
The GET, GET-CONFIG, and EDIT-CONFIG commands are the main commands sent through RPC and over SSH on the NETCONF protocol.
As the names suggest, these commands are used to retrieve operational data, get configuration, or add, update, and delete configuration of network devices.
In summary, NETCONF protocol is the most usable and mature YANG-based protocol used in network automation and most of network devices support this protocol.
RESTCONF
RESTCONF is another YANG-based network automation protocol but with some limitations in compare to NETCONF which makes it unsuitable to be used as a bulk network automation protocol.
To give some limitation of RESTCONF, It does not support multiple data stores such as running-configuration, candidate-configuration, and startup-configuration. Therefore, the commit capability of IOS XR and JUNOS devices is not supported by this protocol.
It also doesn’t support rollback to revert back the configuration and it is also not possible to configure multiple devices at the same time simultaneously and devices are configured one by one.
However, RESTCONF is the most trend automation protocol, especially that today’s networks are SDN-based and the entire network is configured through one management software. Examples are Cisco ACI in data centers and Cisco DNA Center and Cisco ISE in LAN networks.
These software are fully programmable and REST API is the most common method of programming these softwares. Therefor the entire network can be programmed through RESTCONF and SDN controller.
RESTCONF communicate with network devices or network softwares through HTTPS protocol and through normal HTTP commands.
GET, POST, PUT, PATCH and DELETE are the most common HTTP commands to get the configuration, get operational data or add, change and delete the configuration.
In RESTCONF, data can be encoded either XML or JSON in compare to NETCONF that data is encoded only with XML. The difference of XML and JSON are discussed through the course.
gNMI
The latest and most modern YANG-based network automation protocol is gNMI, which uses Google RPC to send commands over HTTP/2.0.
gRPC is Google’s version of RPC, which is more efficient and has high communication speed that uses Google-invented “Protobuf” messaging format to send and receive data.
This protocol has also GET and SET commands to get configuration and operational data and also add, change and delete the configuration.
Another interesting command in the gNMI protocol that differentiates it from NETCONF and RESTCONF is the SUBSCRIBE command.
With the SUBSCRIBE command you can subscribe your automation script to receive any interesting data in real time.
It is typically used with the open source Telegraf Collector software to collect subscribed real-time data and the open source Grafana software to create the graphs, which provides real-time network visibility to the network.
The biggest challenge with gNMI is that most network devices still do not support or only partially support gNMI. But it seems to be the next-generation automation protocol.
All three protocols will be discussed and demonstrated during the course using Python libraries.