StarOS provides a
northbound NETCONF interface that supports a YANG data model for transferring
configuration and operational data with the Cisco Network Service Orchestrator
(NSO). It also incorporates a ConfD manager (confdmgr) to communicate with the
NSO management console.
NETCONF (Network
Configuration Protocol) is a network management protocol developed and
standardized by the IETF (RFC 6241). It provides mechanisms to install,
manipulate, and delete the configuration of network devices. Its operations are
realized on top of a simple remote procedure call (RPC) layer. The NETCONF
protocol uses XML-based data encoding for the configuration data as well as the
protocol messages. The protocol messages are exchanged on top of a secure
transport protocol.
ConfD is an
on-device management framework that provides a set of interfaces to manage a
device. The ConfD framework automatically renders all the management interfaces
from a data model. ConfD implements the full NETCONF specification and runs
over SSH with content encoded in XML.
ConfD is configured
to allow only authenticated/authorized access through external authentication.
The confdmgr provides a standalone CLI module for ConfD to invoke when
authenticating/authorizing any new users. ConfD is configured to allow only
authorized access through StarOS authentication. Upon authentication, the user
is given a privilege level (0-15) which is mapped to StarOS
secure admin,
admin,
operator, and
inspector, as
defined in the YANG model. StarOS logs CLI authentication event/status messages
for each ConfD authentication request.
On the southbound
side, ConfD communicates with a StarOS process called via a set of APIs
provided by the ConfD management agent. The ConfD Configuration Database (CDB)
is used by ConfD to store objects. StarOS accesses the database through the
ConfD-supplied APIs. Any updates via StarOS CLI are automatically synced back
to the CDB.
YANG is a data
modeling language for the NETCONF network configuration protocol. It can be
used to model both configuration data as well as state data of network
elements. YANG can also be used to define the format of event notifications
emitted by network elements and it allows data modelers to define the signature
of remote procedure calls that can be invoked on network elements via the
NETCONF protocol (RFC 6020). The YANG file is compiled as part of StarOS and
incorporates existing StarOS supported CLI commands.
ConfD may also
collect bulkstats operational data. When enabled, StarOS will send schema
information to confdmgr while gathering statistics. Collected bulkstats are
stored in the ConfD CDB for later retrieval over REST (Representational State
Transfer) interface. RESTCONF is an IETF draft
(draft-bierman-netconf-restconf-4) that describes how to map a YANG
specification to a RESTful interface using HTTP as transport. REST and RESTCONF
are only enabled internally when a valid certificate and key are configured. If
client authentication is enabled, CA-certificates may be required as well.
For additional NSO
information, refer to the NSO user documentation.
Figure 1. NETCONF
System Flow