Scribd Logo
Upload

Welcome to Scribd!

  • Adva Netconf CallHome

    Uploaded by

    howardchoi
    176 views16 pages
    Adva

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Adva

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    176 views16 pages

    Adva Netconf CallHome

    Uploaded by

    howardchoi
    Adva

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    NETCONF Call Home

    Rajendra Nagabhushan, senior staff engineer, ADVA Optical Networking


    Vikram Darsi, senior lead engineer, ADVA Optical Networking
    Agenda

    1 Introduction
    Reverse SSH
    to
    2 NETCONF Call
    Home Overview
    3 OpenDaylight
    NETCONF Module
    (Call Home) Architecture

    4 Adding NETCONF
    Call Home Support
    5 Demo
    6 Future Works and
    Deviation
    (w.r.t. draft-ietf-netconf-
    Into OpenDaylight call-home-17)

    2 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Introduction to Reverse SSH
    (Call Home)
    PE
    Internet

    PE
    PE1

    Firewall/NAT
    Private Management
    Network Network

    Call Home or Reverse SSH is a technique where the SSH server initiates
    a request that the SSH client establish an SSH connection to the server

    3 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Introduction to Reverse SSH
    (Call Home)

    Call Home is useful where:


    • NE may be deployed behind a firewall that implements NAT
    • Dynamic IP assignment
    • Firewall prevents management access to internal network
    • NE doesn't open any ports for management system to connect to
    • The operator prefers NE to initiate management connection (easier
    to secure one open port in data center)

    4 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    NETCONF Call Home Overview

    • RFC draft: https://tools.ietf.org/html/draft-ietf-netconf-call-home-17


    • Enables a NETCONF server (network element or device) to initiate a
    secure connection to a NETCONF client (network management system)
    • Role reversal in TCP layer (while calling home, device is tcp-client)
    • Other layer roles (SSH/TLS server, NETCONF server) remain the same

    NETCONF Server NETCONF Client


    (NE) TCP Connection (Controller)
    SSH/TLS Session

    NETCONF Session

    5 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    OpenDaylight NETCONF Subsystem

    Reference: https://wiki.opendaylight.org/view/OpenDaylight_Controller:Netconf:Design

    6 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Connecting to NETCONF Device
    • Method: PUT
    • URI:
    http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-
    netconf/node/new-netconf-device
    • Headers:
    Accept: application/xml
    Content-Type: application/xml
    • Payload:
    <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
    <node-id>new-netconf-device</node-id>
    <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host>
    <port xmlns="urn:opendaylight:netconf-node-topology">17830</port>
    <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
    <password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
    <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
    <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">0</keepalive-delay>
    </node>
    Reference: https://wiki.opendaylight.org/view/OpenDaylight_Conroller:Config:Examples:Netconf

    7 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Connecting to NETCONF Device

    NetconfTopologyImpl

    NetconfDeviceSalFacade MD-SAL

    NetconfDevice Protocol Framework

    NetconfDeviceCommunicator NetconfClientDispatcherImpl

    Uses
    Channel AsyncSshHandler
    NetconfClientConfiguration

    NETCONF Device

    8 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    OpenDaylight NETCONF/NETTY

    Netty Channel Netty Channel Pipeline


    IO Requests via ChannelHandlerContext

    Reads From Buffer Channel Pipeline

    Buffer Inbound Handler N Outbound Handler 1


    Server Channel Client
    Buffer Inbound Handler N-1 Outbound Handler 2

    Inbound Handler 2 Outbound Handler M-1


    Writes Into Buffer

    Inbound Handler 1 Outbound Handler M

    Socket.read() Socket.write()

    Netty Internal IO threads (Transport Implementation)


    Reference: https://netty.io/

    9 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Adding Call Home Support to
    OpenDaylight

    NioSocketAcceptor

    NetconfCallHome

    NetconfDeviceSalFacade MD-SAL

    NetconfDevice Protocol Framework

    CallhomeDeviceCommunicator CallhomeClientDispatcherImpl

    Uses
    Channel ReversedAsyncSshHandler
    ReversedNetconfClientConfiguration
    NETCONF Device
    Reference: https://git.opendaylight.org/gerrit/#/c/14119/1

    10 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Adding Call Home Support to
    OpenDaylight

    11 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Demo

    • REST Client: Postman UI to view the auto


    REST Client
    discovered NETCONF device data, like IP: 192.168.56.1
    capabilities etc …

    • ODL Controller: Installed Call Home feature


    ODL Controller
    which starts TCP server on port 60830 (With Call Home Feature)
    IP: 192.168.56.101

    • NETCONF Simulator: ODL NETCONF project has


    a built in NETCONF simulator. This simulator is
    ODL NETCONF
    modified to initiate TCP connection to the TCP Simulator
    (Initiates TCP Connection)
    server in the ODL controller IP: 192.168.56.102

    12 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Future Works and Deviations

    • Enhancements
    • Implement security considerations according to the draft-ietf-netconf-call-
    home-17 recommendation
    • Certificate-based authentication support
    • Precautions to mitigate DoS attacks

    • Deviation
    • Keep-alive mechanism implemented in NETCONF client

    13 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    Summary

    • NETCONF Call Home can be integrated into OpenDaylight as a


    karaf deployable feature

    • Addition of Call Home doesn’t impact the functionality of any


    existing OpenDaylight features

    • Addition of Call Home feature is useful in many deployment


    scenarios of OpenDaylight controller

    14 © 2017 ADVA Optical Networking. All rights reserved. Confidential.


    References

    • NETCONF Call Home and RESTCONF Call Home RFC Draft:


    https://tools.ietf.org/html/draft-ietf-netconf-call-home-17
    • OpenDaylight Controller: Netconf: Design:
    https://wiki.opendaylight.org/view/OpenDaylight_Controller:Netco
    nf:Design
    • OpenDaylight Netconf Examples:
    https://wiki.opendaylight.org/view/OpenDaylight_Controller:Config
    :Examples:Netconf
    • Gerrit Patch by Maros Marsalek:
    https://git.opendaylight.org/gerrit/#/c/14119/1
    • Netty.io:
    https://netty.io/4.0/api/io/netty/channel/ChannelPipeline.html
    15 © 2017 ADVA Optical Networking. All rights reserved. Confidential.
    Thank You

    IMPORTANT NOTICE
    The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this
    presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.

    The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or
    implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental,
    consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.

    Copyright © for the entire content of this presentation: ADVA Optical Networking.

    You might also like