何がやりたい?
ネットワーク機器の設定を取得する際に、telnetでログインして、'show run'コマンドを実行するのではなく、NETCONF/YANGを使って設定情報を取得する。
「なんでそんなことすんねん?」という意見もあるでしょうが、どう役に立つかは後で議論するとして、とりあえずやってみる。
この後の大まかな流れ
- 事前準備
- ルータ側の設定
- 'show run'の確認 (NETCONF/YANGで取得した結果と比較するため)
- NETCONG/YANGで取得
- 実行結果についての説明
- 機器のアドレス/username/passwordについて
- payload部分について <== ここが重要です。
- YangExplorer
- 最後に
前提条件
テスト環境
- MacBook のみを使用しています。
- ルータは、CSR1000V を使用しています。(VMware Fusion)
show version
CSR1kv_R1#show version
Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Mon 20-Nov-17 18:57 by mcpre
python
$ python -V
Python 2.7.10
ncclient
下記のバージョンがインストールされていることとします。
$ pip list | grep ncclient
ncclient (0.5.3)
事前準備
ルータ側の設定
まず最初に、SSH の設定が必要です。
line vty 0 4
login local
hostname hogehoge
ip domain-name cisco.com
ip ssh version 2
crypt key generate rsa
NETCONF/YANG を利用する際に必要となるルータの設定です。
username cisco privilege 15 password 0 cisco
aaa new-model
aaa authorization exec default local
netconf-yang
'show run'の確認
config
CSR1kv_R1#show run
Building configuration...
Current configuration : 10964 bytes
!
version 16.7
service config
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CSR1kv_R1
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
ip domain name cisco.com
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3557997392
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3557997392
revocation-check none
rsakeypair TP-self-signed-3557997392
!
!
crypto pki certificate chain TP-self-signed-3557997392
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353537 39393733 3932301E 170D3137 31323031 32303230
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353739
39373339 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100EB05 255BF628 60C20F9D 8C7A494E 876CBA31 8933C315 97EA9BCB
007AB8D3 4D6CEB2F 88402146 337592EF 58CEC6CC 4E20848E E7CED7C6 C033D244
7D9CFB75 5AC70932 0A33D6F6 0B140A9F E26648F4 C241A9B9 20258415 3FC769B4
FD797928 E6D2324A 5B7997E4 572F799B 047AE200 74ECAD79 AF9F9553 5F99AF14
46DE70A1 D4561622 11FF8974 54991E1F E0829F3E 73B80F55 4D065B4F E8FF18B5
6B8C511F 7173E636 DD3FE78D BF20A0E2 6D52C926 31078977 EC16A394 ADAF37FF
AC6021A6 0015527C CB2B168F 067F3377 00426B9E CB656BAC E4E717CC DF9AA955
92DACC02 31C4C897 147EFBEF EBFC36B6 C8CA4C09 9776C522 C2ACD622 DB874029
312CA086 E1F50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14FD2801 14A11673 8F9B0B57 E8BA0F25 2917A56F
DB301D06 03551D0E 04160414 FD280114 A116738F 9B0B57E8 BA0F2529 17A56FDB
300D0609 2A864886 F70D0101 05050003 82010100 3E7508DB 431AEB66 557C1D73
E4E9FF47 838F02AA 24B812B2 50A13C62 CC343F9D 29285838 18EA42EC 99F5F21A
83153286 0FC057D4 88294C95 7155EE16 CFF6C9D3 15808645 402E628F 12EB16F3
EA956ADF A7AEB03C 30399453 C3674383 4F015044 A86E9615 8A2CEB22 974647C9
7E1B39A4 2AF732FB 3EC64B57 1EE5ACC7 C18B9E59 13EC9361 F0394D9C 2FEE8653
5B9AA1AE 78A05816 DB6AA517 8B3409DC AD6D5EE6 8143E801 D2748ED8 A1AF1A0A
FF63E408 F2B9EE3D 8D6FB875 7FC80579 1FD406D0 515B67BB 76434C9C 8A4143FD
08A527B6 27D0616B 0A867AE1 6295D300 17F84118 ACD9A4E3 20FBEBD3 671B2CB6
7E1E96A7 B6A8517E 9FFB4140 0D94F174 D2D48C90
quit
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9X9HKZK2QUX
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
netconf-yang cisco-ia snmp-community-string tomato
netconf-yang cisco-odm actions OSPF
netconf-yang cisco-odm actions IPRoute
netconf-yang cisco-odm actions BFDNeighbors
netconf-yang cisco-odm actions BridgeDomain
netconf-yang cisco-odm actions VirtualService
netconf-yang cisco-odm actions MPLSLDPNeighbors
netconf-yang cisco-odm actions MPLSStaticBinding
netconf-yang cisco-odm actions MPLSForwardingTable
netconf-yang cisco-odm polling-enable
netconf-yang
!
!
username cisco privilege 15 password 0 cisco
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet1
ip address dhcp
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
description configured by hogehoge
ip address 192.168.12.1 255.255.255.0
no ip redirects
standby version 2
standby 5 ip 192.168.12.254
standby 5 priority 200
standby 5 preempt
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
router ospf 1
router-id 1.1.1.1
redistribute connected subnets
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet1
ip route 88.88.88.88 255.255.255.255 Null0
ip route 99.99.99.99 255.255.255.255 Null0
!
ip ssh version 2
!
logging history debugging
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
logging snmp-trap notifications
logging snmp-trap informational
logging snmp-trap debugging
!
!
snmp-server community tomato RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps pfr
snmp-server enable traps flowmon
snmp-server enable traps ds1
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps casa
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps license
snmp-server enable traps smart-license
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps ether-oam
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps entity-qfp mem-res-thresh throughput-notif
snmp-server enable traps entity-state
snmp-server enable traps diameter
snmp-server enable traps dlsw
snmp-server enable traps entity-sensor
snmp-server enable traps resource-policy
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps ipsla
snmp-server enable traps cnpd
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps bfd
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ip local pool
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps atm subif
snmp-server enable traps pki
snmp-server enable traps firewall serverstatus
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps dsp video-usage
snmp-server enable traps dsp video-out-of-resource
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps syslog
snmp-server enable traps otn
snmp-server enable traps dial
snmp-server enable traps sbc adj-status
snmp-server enable traps sbc blacklist
snmp-server enable traps sbc congestion-alarm
snmp-server enable traps sbc h248-ctrlr-status
snmp-server enable traps sbc media-source
snmp-server enable traps sbc radius-conn-status
snmp-server enable traps sbc sla-violation
snmp-server enable traps sbc sla-violation-rev1
snmp-server enable traps sbc svc-state
snmp-server enable traps sbc qos-statistics
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-conflict
snmp-server enable traps lisp
snmp-server enable traps aaa_server
snmp-server enable traps dhcp
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps pw vc
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps mpls rfc traffic-eng
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps rsvp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps mvpn
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps isis
snmp-server enable traps bgp cbgp2
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps gdoi ks-role-change
snmp-server enable traps gdoi ks-gm-deleted
snmp-server enable traps gdoi ks-peer-reachable
snmp-server enable traps gdoi ks-peer-unreachable
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps alarms informational
snmp-server enable traps rf
snmp-server enable traps transceiver all
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mpls vpn
snmp-server enable traps mpls rfc vpn
snmp-server enable traps voice
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
exec-timeout 0 0
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end
スクリプト本体
get_config.py
#!/usr/bin/env python
from ncclient import manager
from xml.dom import minidom
import lxml.etree as ET
import xmltodict
import json
payload = """
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"/>
</filter>
"""
# connect to netconf agent
m = manager.connect(host='172.16.62.152', port=830, username='cisco', password='cisco', hostkey_verify=False, device_params={'name': 'iosxe'})
#response = m.get_config(source='running', filter=payload)
print '###########################################################################'
print '### XML'
print '###########################################################################'
response = m.get(payload).xml
print response
print '###########################################################################'
print '### XML Formatstring'
print '###########################################################################'
data = ET.fromstring(response)
print(ET.tostring(data, pretty_print=True))
print '###########################################################################'
print '### Convert to Dictionary'
print '###########################################################################'
data_dict = xmltodict.parse(response)
print(data_dict)
print '###########################################################################'
print '### Convert to JSON'
print '###########################################################################'
data_jason = json.dumps(data_dict, indent=4)
print(data_jason)
NETCONG/YANGで取得
XML
###########################################################################
### XML
###########################################################################
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:688ec47f-5aa0-4062-a9e5-fec5343b19ab" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><data><native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"><version>16.7</version><boot-start-marker/><boot-end-marker/><service><timestamps><debug><datetime><msec></msec></datetime></debug><log><datetime><msec/></datetime></log></timestamps><config/></service><platform><console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform"><output>virtual</output></console></platform><hostname>CSR1kv_R1</hostname><username><name>cisco</name><privilege>15</privilege><password><encryption>0</encryption><password>cisco</password></password></username><ip><domain><name>cisco.com</name></domain><forward-protocol><protocol>nd</protocol></forward-protocol><route><ip-route-interface-forwarding-list><prefix>88.88.88.88</prefix><mask>255.255.255.255</mask><fwd-list><fwd>Null0</fwd></fwd-list></ip-route-interface-forwarding-list><ip-route-interface-forwarding-list><prefix>99.99.99.99</prefix><mask>255.255.255.255</mask><fwd-list><fwd>Null0</fwd></fwd-list></ip-route-interface-forwarding-list></route><ssh><version>2</version></ssh><http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http"><authentication><local/></authentication><server>true</server><secure-server>true</secure-server><client><source-interface>GigabitEthernet1</source-interface></client></http></ip><interface><GigabitEthernet><name>1</name><ip><address><dhcp></dhcp></address></ip><mop><enabled>false</enabled><sysid>false</sysid></mop><negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet"><auto>true</auto></negotiation></GigabitEthernet><GigabitEthernet><name>2</name><description>configured by hogehoge</description><ip><address><primary><address>192.168.12.1</address><mask>255.255.255.0</mask></primary></address><redirects>false</redirects></ip><mop><enabled>false</enabled><sysid>false</sysid></mop><standby><version>2</version><standby-list><group-number>5</group-number><ip><address>192.168.12.254</address></ip><preempt></preempt><priority>200</priority></standby-list></standby><negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet"><auto>true</auto></negotiation></GigabitEthernet><GigabitEthernet><name>3</name><shutdown/><ip><no-address><address>false</address></no-address></ip><mop><enabled>false</enabled><sysid>false</sysid></mop><negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet"><auto>true</auto></negotiation></GigabitEthernet><Loopback><name>0</name><ip><address><primary><address>1.1.1.1</address><mask>255.255.255.255</mask></primary></address></ip></Loopback></interface><control-plane></control-plane><logging><history><severity-level>debugging</severity-level></history><snmp-trap><alerts/><critical/><debugging/><emergencies/><errors/><informational/><notifications/><warnings/></snmp-trap></logging><aaa><new-model xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"/><authorization xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"><exec><name>default</name><a1><local/></a1></exec></authorization><session-id xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">common</session-id></aaa><multilink><bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name></multilink><redundancy></redundancy><spanning-tree><extend xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree"><system-id/></extend></spanning-tree><subscriber><templating/></subscriber><crypto><pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto"><certificate><chain><name>TP-self-signed-3557997392</name><certificate><serial>01</serial><certtype>self-signed</certtype></certificate></chain></certificate><trustpoint><id>TP-self-signed-3557997392</id><enrollment><selfsigned/></enrollment><revocation-check>none</revocation-check><rsakeypair><key-label>TP-self-signed-3557997392</key-label></rsakeypair><subject-name>cn=IOS-Self-Signed-Certificate-3557997392</subject-name></trustpoint></pki></crypto><router><ospf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ospf"><id>1</id><router-id>1.1.1.1</router-id><redistribute><connected><redist-options><subnets/></redist-options></connected></redistribute><network><ip>0.0.0.0</ip><mask>255.255.255.255</mask><area>0</area></network></ospf></router><snmp-server><community xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-snmp"><name>tomato</name><RO/></community><enable xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-snmp"><enable-choice><traps><aaa_server/><ospfv3><state-change/><errors/></ospfv3><ike><policy><add/><delete/></policy><tunnel><start/><stop/></tunnel></ike><alarms><alarm-type>informational</alarm-type></alarms><atm><subif></subif></atm><auth-framework><sec-violation/></auth-framework><bfd/><bulkstat><collection/><transfer/></bulkstat><call-home><message-send-fail/><server-fail/></call-home><casa/><cef><resource-failure/><peer-state-change/><peer-fib-state-change/><inconsistency/></cef><cnpd/><config/><config-copy/><config-ctid/><cpu><threshold/></cpu><dial/><dlsw/><ds1/><dsp><card-status/><oper-state/></dsp><eigrp/><entity/><entity-diag><boot-up-fail/><hm-test-recover/><hm-thresh-reached/><scheduled-test-fail/></entity-diag><ether-oam/><ethernet><cfm><alarm/><cc><config/><cross-connect/><loop/><mep-down/><mep-up/></cc><crosscheck><mep-missing/><mep-unknown/><service-up/></crosscheck></cfm><evc><create/><delete/><status/></evc></ethernet><event-manager/><firewall><serverstatus/></firewall><flowmon/><frame-relay><multilink><bundle-mismatch/></multilink><subif/></frame-relay><fru-ctrl/><hsrp/><ipmulticast/><ipsec><cryptomap><add/><attach/><delete/><detach/></cryptomap><tunnel><start/><stop/></tunnel><too-many-sas/></ipsec><ipsla/><isis/><l2tun><session/><pseudowire><status/></pseudowire></l2tun><license></license><memory><bufferpeak/></memory><mpls><traffic-eng></traffic-eng><fast-reroute><protected/></fast-reroute><rfc><ldp/></rfc><ldp></ldp><vpn/></mpls><msdp/><mvpn/><nhrp><nhs/><nhc/><nhp/><quota-exceeded/></nhrp><ospf><state-change></state-change><errors/><retransmit></retransmit><lsa></lsa><cisco-specific><state-change><nssa-trans-change/><shamlink><interface/><neighbor/></shamlink></state-change><errors/><retransmit/><lsa></lsa></cisco-specific></ospf><pim><invalid-pim-message/><neighbor-change/><rp-mapping-change/></pim><pppoe/><pw><vc/></pw><resource-policy/><rf/><rsvp/><snmp><authentication/><coldstart/><linkdown/><linkup/><warmstart/></snmp><syslog/><transceiver><all/></transceiver><tty/><voice/><vrfmib><vrf-up/><vrf-down/><vnet-trunk-up/><vnet-trunk-down/></vrfmib><vrrp/></traps></enable-choice></enable></snmp-server><license><udi><pid>CSR1000V</pid><sn>9X9HKZK2QUX</sn></udi></license><line><console><first>0</first><stopbits>1</stopbits></console><vty><first>0</first><last>4</last><exec-timeout><minutes>0</minutes><seconds>0</seconds></exec-timeout></vty></line><diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics"><bootup><level>minimal</level></bootup></diagnostic></native></data></rpc-reply>
XML(Formatstring)
###########################################################################
### XML Formatstring
###########################################################################
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:688ec47f-5aa0-4062-a9e5-fec5343b19ab">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<version>16.7</version>
<boot-start-marker/>
<boot-end-marker/>
<service>
<timestamps>
<debug>
<datetime>
<msec/>
</datetime>
</debug>
<log>
<datetime>
<msec/>
</datetime>
</log>
</timestamps>
<config/>
</service>
<platform>
<console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<output>virtual</output>
</console>
</platform>
<hostname>CSR1kv_R1</hostname>
<username>
<name>cisco</name>
<privilege>15</privilege>
<password>
<encryption>0</encryption>
<password>cisco</password>
</password>
</username>
<ip>
<domain>
<name>cisco.com</name>
</domain>
<forward-protocol>
<protocol>nd</protocol>
</forward-protocol>
<route>
<ip-route-interface-forwarding-list>
<prefix>88.88.88.88</prefix>
<mask>255.255.255.255</mask>
<fwd-list>
<fwd>Null0</fwd>
</fwd-list>
</ip-route-interface-forwarding-list>
<ip-route-interface-forwarding-list>
<prefix>99.99.99.99</prefix>
<mask>255.255.255.255</mask>
<fwd-list>
<fwd>Null0</fwd>
</fwd-list>
</ip-route-interface-forwarding-list>
</route>
<ssh>
<version>2</version>
</ssh>
<http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http">
<authentication>
<local/>
</authentication>
<server>true</server>
<secure-server>true</secure-server>
<client>
<source-interface>GigabitEthernet1</source-interface>
</client>
</http>
</ip>
<interface>
<GigabitEthernet>
<name>1</name>
<ip>
<address>
<dhcp/>
</address>
</ip>
<mop>
<enabled>false</enabled>
<sysid>false</sysid>
</mop>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>2</name>
<description>configured by hogehoge</description>
<ip>
<address>
<primary>
<address>192.168.12.1</address>
<mask>255.255.255.0</mask>
</primary>
</address>
<redirects>false</redirects>
</ip>
<mop>
<enabled>false</enabled>
<sysid>false</sysid>
</mop>
<standby>
<version>2</version>
<standby-list>
<group-number>5</group-number>
<ip>
<address>192.168.12.254</address>
</ip>
<preempt/>
<priority>200</priority>
</standby-list>
</standby>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>3</name>
<shutdown/>
<ip>
<no-address>
<address>false</address>
</no-address>
</ip>
<mop>
<enabled>false</enabled>
<sysid>false</sysid>
</mop>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<Loopback>
<name>0</name>
<ip>
<address>
<primary>
<address>1.1.1.1</address>
<mask>255.255.255.255</mask>
</primary>
</address>
</ip>
</Loopback>
</interface>
<control-plane/>
<logging>
<history>
<severity-level>debugging</severity-level>
</history>
<snmp-trap>
<alerts/>
<critical/>
<debugging/>
<emergencies/>
<errors/>
<informational/>
<notifications/>
<warnings/>
</snmp-trap>
</logging>
<aaa>
<new-model xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"/>
<authorization xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<exec>
<name>default</name>
<a1>
<local/>
</a1>
</exec>
</authorization>
<session-id xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">common</session-id>
</aaa>
<multilink>
<bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name>
</multilink>
<redundancy/>
<spanning-tree>
<extend xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree">
<system-id/>
</extend>
</spanning-tree>
<subscriber>
<templating/>
</subscriber>
<crypto>
<pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
<certificate>
<chain>
<name>TP-self-signed-3557997392</name>
<certificate>
<serial>01</serial>
<certtype>self-signed</certtype>
</certificate>
</chain>
</certificate>
<trustpoint>
<id>TP-self-signed-3557997392</id>
<enrollment>
<selfsigned/>
</enrollment>
<revocation-check>none</revocation-check>
<rsakeypair>
<key-label>TP-self-signed-3557997392</key-label>
</rsakeypair>
<subject-name>cn=IOS-Self-Signed-Certificate-3557997392</subject-name>
</trustpoint>
</pki>
</crypto>
<router>
<ospf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ospf">
<id>1</id>
<router-id>1.1.1.1</router-id>
<redistribute>
<connected>
<redist-options>
<subnets/>
</redist-options>
</connected>
</redistribute>
<network>
<ip>0.0.0.0</ip>
<mask>255.255.255.255</mask>
<area>0</area>
</network>
</ospf>
</router>
<snmp-server>
<community xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-snmp">
<name>tomato</name>
<RO/>
</community>
<enable xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-snmp">
<enable-choice>
<traps>
<aaa_server/>
<ospfv3>
<state-change/>
<errors/>
</ospfv3>
<ike>
<policy>
<add/>
<delete/>
</policy>
<tunnel>
<start/>
<stop/>
</tunnel>
</ike>
<alarms>
<alarm-type>informational</alarm-type>
</alarms>
<atm>
<subif/>
</atm>
<auth-framework>
<sec-violation/>
</auth-framework>
<bfd/>
<bulkstat>
<collection/>
<transfer/>
</bulkstat>
<call-home>
<message-send-fail/>
<server-fail/>
</call-home>
<casa/>
<cef>
<resource-failure/>
<peer-state-change/>
<peer-fib-state-change/>
<inconsistency/>
</cef>
<cnpd/>
<config/>
<config-copy/>
<config-ctid/>
<cpu>
<threshold/>
</cpu>
<dial/>
<dlsw/>
<ds1/>
<dsp>
<card-status/>
<oper-state/>
</dsp>
<eigrp/>
<entity/>
<entity-diag>
<boot-up-fail/>
<hm-test-recover/>
<hm-thresh-reached/>
<scheduled-test-fail/>
</entity-diag>
<ether-oam/>
<ethernet>
<cfm>
<alarm/>
<cc>
<config/>
<cross-connect/>
<loop/>
<mep-down/>
<mep-up/>
</cc>
<crosscheck>
<mep-missing/>
<mep-unknown/>
<service-up/>
</crosscheck>
</cfm>
<evc>
<create/>
<delete/>
<status/>
</evc>
</ethernet>
<event-manager/>
<firewall>
<serverstatus/>
</firewall>
<flowmon/>
<frame-relay>
<multilink>
<bundle-mismatch/>
</multilink>
<subif/>
</frame-relay>
<fru-ctrl/>
<hsrp/>
<ipmulticast/>
<ipsec>
<cryptomap>
<add/>
<attach/>
<delete/>
<detach/>
</cryptomap>
<tunnel>
<start/>
<stop/>
</tunnel>
<too-many-sas/>
</ipsec>
<ipsla/>
<isis/>
<l2tun>
<session/>
<pseudowire>
<status/>
</pseudowire>
</l2tun>
<license/>
<memory>
<bufferpeak/>
</memory>
<mpls>
<traffic-eng/>
<fast-reroute>
<protected/>
</fast-reroute>
<rfc>
<ldp/>
</rfc>
<ldp/>
<vpn/>
</mpls>
<msdp/>
<mvpn/>
<nhrp>
<nhs/>
<nhc/>
<nhp/>
<quota-exceeded/>
</nhrp>
<ospf>
<state-change/>
<errors/>
<retransmit/>
<lsa/>
<cisco-specific>
<state-change>
<nssa-trans-change/>
<shamlink>
<interface/>
<neighbor/>
</shamlink>
</state-change>
<errors/>
<retransmit/>
<lsa/>
</cisco-specific>
</ospf>
<pim>
<invalid-pim-message/>
<neighbor-change/>
<rp-mapping-change/>
</pim>
<pppoe/>
<pw>
<vc/>
</pw>
<resource-policy/>
<rf/>
<rsvp/>
<snmp>
<authentication/>
<coldstart/>
<linkdown/>
<linkup/>
<warmstart/>
</snmp>
<syslog/>
<transceiver>
<all/>
</transceiver>
<tty/>
<voice/>
<vrfmib>
<vrf-up/>
<vrf-down/>
<vnet-trunk-up/>
<vnet-trunk-down/>
</vrfmib>
<vrrp/>
</traps>
</enable-choice>
</enable>
</snmp-server>
<license>
<udi>
<pid>CSR1000V</pid>
<sn>9X9HKZK2QUX</sn>
</udi>
</license>
<line>
<console>
<first>0</first>
<stopbits>1</stopbits>
</console>
<vty>
<first>0</first>
<last>4</last>
<exec-timeout>
<minutes>0</minutes>
<seconds>0</seconds>
</exec-timeout>
</vty>
</line>
<diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics">
<bootup>
<level>minimal</level>
</bootup>
</diagnostic>
</native>
</data>
</rpc-reply>
Dictionary
###########################################################################
### Convert to Dictionary
###########################################################################
OrderedDict([(u'rpc-reply', OrderedDict([(u'@xmlns', u'urn:ietf:params:xml:ns:netconf:base:1.0'), (u'@message-id', u'urn:uuid:688ec47f-5aa0-4062-a9e5-fec5343b19ab'), (u'@xmlns:nc', u'urn:ietf:params:xml:ns:netconf:base:1.0'), (u'data', OrderedDict([(u'native', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-native'), (u'version', u'16.7'), (u'boot-start-marker', None), (u'boot-end-marker', None), (u'service', OrderedDict([(u'timestamps', OrderedDict([(u'debug', OrderedDict([(u'datetime', OrderedDict([(u'msec', None)]))])), (u'log', OrderedDict([(u'datetime', OrderedDict([(u'msec', None)]))]))])), (u'config', None)])), (u'platform', OrderedDict([(u'console', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-platform'), (u'output', u'virtual')]))])), (u'hostname', u'CSR1kv_R1'), (u'username', OrderedDict([(u'name', u'cisco'), (u'privilege', u'15'), (u'password', OrderedDict([(u'encryption', u'0'), (u'password', u'cisco')]))])), (u'ip', OrderedDict([(u'domain', OrderedDict([(u'name', u'cisco.com')])), (u'forward-protocol', OrderedDict([(u'protocol', u'nd')])), (u'route', OrderedDict([(u'ip-route-interface-forwarding-list', [OrderedDict([(u'prefix', u'88.88.88.88'), (u'mask', u'255.255.255.255'), (u'fwd-list', OrderedDict([(u'fwd', u'Null0')]))]), OrderedDict([(u'prefix', u'99.99.99.99'), (u'mask', u'255.255.255.255'), (u'fwd-list', OrderedDict([(u'fwd', u'Null0')]))])])])), (u'ssh', OrderedDict([(u'version', u'2')])), (u'http', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-http'), (u'authentication', OrderedDict([(u'local', None)])), (u'server', u'true'), (u'secure-server', u'true'), (u'client', OrderedDict([(u'source-interface', u'GigabitEthernet1')]))]))])), (u'interface', OrderedDict([(u'GigabitEthernet', [OrderedDict([(u'name', u'1'), (u'ip', OrderedDict([(u'address', OrderedDict([(u'dhcp', None)]))])), (u'mop', OrderedDict([(u'enabled', u'false'), (u'sysid', u'false')])), (u'negotiation', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet'), (u'auto', u'true')]))]), OrderedDict([(u'name', u'2'), (u'description', u'configured by hogehoge'), (u'ip', OrderedDict([(u'address', OrderedDict([(u'primary', OrderedDict([(u'address', u'192.168.12.1'), (u'mask', u'255.255.255.0')]))])), (u'redirects', u'false')])), (u'mop', OrderedDict([(u'enabled', u'false'), (u'sysid', u'false')])), (u'standby', OrderedDict([(u'version', u'2'), (u'standby-list', OrderedDict([(u'group-number', u'5'), (u'ip', OrderedDict([(u'address', u'192.168.12.254')])), (u'preempt', None), (u'priority', u'200')]))])), (u'negotiation', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet'), (u'auto', u'true')]))]), OrderedDict([(u'name', u'3'), (u'shutdown', None), (u'ip', OrderedDict([(u'no-address', OrderedDict([(u'address', u'false')]))])), (u'mop', OrderedDict([(u'enabled', u'false'), (u'sysid', u'false')])), (u'negotiation', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet'), (u'auto', u'true')]))])]), (u'Loopback', OrderedDict([(u'name', u'0'), (u'ip', OrderedDict([(u'address', OrderedDict([(u'primary', OrderedDict([(u'address', u'1.1.1.1'), (u'mask', u'255.255.255.255')]))]))]))]))])), (u'control-plane', None), (u'logging', OrderedDict([(u'history', OrderedDict([(u'severity-level', u'debugging')])), (u'snmp-trap', OrderedDict([(u'alerts', None), (u'critical', None), (u'debugging', None), (u'emergencies', None), (u'errors', None), (u'informational', None), (u'notifications', None), (u'warnings', None)]))])), (u'aaa', OrderedDict([(u'new-model', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-aaa')])), (u'authorization', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-aaa'), (u'exec', OrderedDict([(u'name', u'default'), (u'a1', OrderedDict([(u'local', None)]))]))])), (u'session-id', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-aaa'), ('#text', u'common')]))])), (u'multilink', OrderedDict([(u'bundle-name', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-ppp'), ('#text', u'authenticated')]))])), (u'redundancy', None), (u'spanning-tree', OrderedDict([(u'extend', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree'), (u'system-id', None)]))])), (u'subscriber', OrderedDict([(u'templating', None)])), (u'crypto', OrderedDict([(u'pki', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-crypto'), (u'certificate', OrderedDict([(u'chain', OrderedDict([(u'name', u'TP-self-signed-3557997392'), (u'certificate', OrderedDict([(u'serial', u'01'), (u'certtype', u'self-signed')]))]))])), (u'trustpoint', OrderedDict([(u'id', u'TP-self-signed-3557997392'), (u'enrollment', OrderedDict([(u'selfsigned', None)])), (u'revocation-check', u'none'), (u'rsakeypair', OrderedDict([(u'key-label', u'TP-self-signed-3557997392')])), (u'subject-name', u'cn=IOS-Self-Signed-Certificate-3557997392')]))]))])), (u'router', OrderedDict([(u'ospf', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-ospf'), (u'id', u'1'), (u'router-id', u'1.1.1.1'), (u'redistribute', OrderedDict([(u'connected', OrderedDict([(u'redist-options', OrderedDict([(u'subnets', None)]))]))])), (u'network', OrderedDict([(u'ip', u'0.0.0.0'), (u'mask', u'255.255.255.255'), (u'area', u'0')]))]))])), (u'snmp-server', OrderedDict([(u'community', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-snmp'), (u'name', u'tomato'), (u'RO', None)])), (u'enable', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-snmp'), (u'enable-choice', OrderedDict([(u'traps', OrderedDict([(u'aaa_server', None), (u'ospfv3', OrderedDict([(u'state-change', None), (u'errors', None)])), (u'ike', OrderedDict([(u'policy', OrderedDict([(u'add', None), (u'delete', None)])), (u'tunnel', OrderedDict([(u'start', None), (u'stop', None)]))])), (u'alarms', OrderedDict([(u'alarm-type', u'informational')])), (u'atm', OrderedDict([(u'subif', None)])), (u'auth-framework', OrderedDict([(u'sec-violation', None)])), (u'bfd', None), (u'bulkstat', OrderedDict([(u'collection', None), (u'transfer', None)])), (u'call-home', OrderedDict([(u'message-send-fail', None), (u'server-fail', None)])), (u'casa', None), (u'cef', OrderedDict([(u'resource-failure', None), (u'peer-state-change', None), (u'peer-fib-state-change', None), (u'inconsistency', None)])), (u'cnpd', None), (u'config', None), (u'config-copy', None), (u'config-ctid', None), (u'cpu', OrderedDict([(u'threshold', None)])), (u'dial', None), (u'dlsw', None), (u'ds1', None), (u'dsp', OrderedDict([(u'card-status', None), (u'oper-state', None)])), (u'eigrp', None), (u'entity', None), (u'entity-diag', OrderedDict([(u'boot-up-fail', None), (u'hm-test-recover', None), (u'hm-thresh-reached', None), (u'scheduled-test-fail', None)])), (u'ether-oam', None), (u'ethernet', OrderedDict([(u'cfm', OrderedDict([(u'alarm', None), (u'cc', OrderedDict([(u'config', None), (u'cross-connect', None), (u'loop', None), (u'mep-down', None), (u'mep-up', None)])), (u'crosscheck', OrderedDict([(u'mep-missing', None), (u'mep-unknown', None), (u'service-up', None)]))])), (u'evc', OrderedDict([(u'create', None), (u'delete', None), (u'status', None)]))])), (u'event-manager', None), (u'firewall', OrderedDict([(u'serverstatus', None)])), (u'flowmon', None), (u'frame-relay', OrderedDict([(u'multilink', OrderedDict([(u'bundle-mismatch', None)])), (u'subif', None)])), (u'fru-ctrl', None), (u'hsrp', None), (u'ipmulticast', None), (u'ipsec', OrderedDict([(u'cryptomap', OrderedDict([(u'add', None), (u'attach', None), (u'delete', None), (u'detach', None)])), (u'tunnel', OrderedDict([(u'start', None), (u'stop', None)])), (u'too-many-sas', None)])), (u'ipsla', None), (u'isis', None), (u'l2tun', OrderedDict([(u'session', None), (u'pseudowire', OrderedDict([(u'status', None)]))])), (u'license', None), (u'memory', OrderedDict([(u'bufferpeak', None)])), (u'mpls', OrderedDict([(u'traffic-eng', None), (u'fast-reroute', OrderedDict([(u'protected', None)])), (u'rfc', OrderedDict([(u'ldp', None)])), (u'ldp', None), (u'vpn', None)])), (u'msdp', None), (u'mvpn', None), (u'nhrp', OrderedDict([(u'nhs', None), (u'nhc', None), (u'nhp', None), (u'quota-exceeded', None)])), (u'ospf', OrderedDict([(u'state-change', None), (u'errors', None), (u'retransmit', None), (u'lsa', None), (u'cisco-specific', OrderedDict([(u'state-change', OrderedDict([(u'nssa-trans-change', None), (u'shamlink', OrderedDict([(u'interface', None), (u'neighbor', None)]))])), (u'errors', None), (u'retransmit', None), (u'lsa', None)]))])), (u'pim', OrderedDict([(u'invalid-pim-message', None), (u'neighbor-change', None), (u'rp-mapping-change', None)])), (u'pppoe', None), (u'pw', OrderedDict([(u'vc', None)])), (u'resource-policy', None), (u'rf', None), (u'rsvp', None), (u'snmp', OrderedDict([(u'authentication', None), (u'coldstart', None), (u'linkdown', None), (u'linkup', None), (u'warmstart', None)])), (u'syslog', None), (u'transceiver', OrderedDict([(u'all', None)])), (u'tty', None), (u'voice', None), (u'vrfmib', OrderedDict([(u'vrf-up', None), (u'vrf-down', None), (u'vnet-trunk-up', None), (u'vnet-trunk-down', None)])), (u'vrrp', None)]))]))]))])), (u'license', OrderedDict([(u'udi', OrderedDict([(u'pid', u'CSR1000V'), (u'sn', u'9X9HKZK2QUX')]))])), (u'line', OrderedDict([(u'console', OrderedDict([(u'first', u'0'), (u'stopbits', u'1')])), (u'vty', OrderedDict([(u'first', u'0'), (u'last', u'4'), (u'exec-timeout', OrderedDict([(u'minutes', u'0'), (u'seconds', u'0')]))]))])), (u'diagnostic', OrderedDict([(u'@xmlns', u'http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics'), (u'bootup', OrderedDict([(u'level', u'minimal')]))]))]))]))]))])
JSON
###########################################################################
### Convert to JSON
###########################################################################
{
"rpc-reply": {
"@xmlns": "urn:ietf:params:xml:ns:netconf:base:1.0",
"@message-id": "urn:uuid:688ec47f-5aa0-4062-a9e5-fec5343b19ab",
"@xmlns:nc": "urn:ietf:params:xml:ns:netconf:base:1.0",
"data": {
"native": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-native",
"version": "16.7",
"boot-start-marker": null,
"boot-end-marker": null,
"service": {
"timestamps": {
"debug": {
"datetime": {
"msec": null
}
},
"log": {
"datetime": {
"msec": null
}
}
},
"config": null
},
"platform": {
"console": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-platform",
"output": "virtual"
}
},
"hostname": "CSR1kv_R1",
"username": {
"name": "cisco",
"privilege": "15",
"password": {
"encryption": "0",
"password": "cisco"
}
},
"ip": {
"domain": {
"name": "cisco.com"
},
"forward-protocol": {
"protocol": "nd"
},
"route": {
"ip-route-interface-forwarding-list": [
{
"prefix": "88.88.88.88",
"mask": "255.255.255.255",
"fwd-list": {
"fwd": "Null0"
}
},
{
"prefix": "99.99.99.99",
"mask": "255.255.255.255",
"fwd-list": {
"fwd": "Null0"
}
}
]
},
"ssh": {
"version": "2"
},
"http": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-http",
"authentication": {
"local": null
},
"server": "true",
"secure-server": "true",
"client": {
"source-interface": "GigabitEthernet1"
}
}
},
"interface": {
"GigabitEthernet": [
{
"name": "1",
"ip": {
"address": {
"dhcp": null
}
},
"mop": {
"enabled": "false",
"sysid": "false"
},
"negotiation": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet",
"auto": "true"
}
},
{
"name": "2",
"description": "configured by hogehoge",
"ip": {
"address": {
"primary": {
"address": "192.168.12.1",
"mask": "255.255.255.0"
}
},
"redirects": "false"
},
"mop": {
"enabled": "false",
"sysid": "false"
},
"standby": {
"version": "2",
"standby-list": {
"group-number": "5",
"ip": {
"address": "192.168.12.254"
},
"preempt": null,
"priority": "200"
}
},
"negotiation": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet",
"auto": "true"
}
},
{
"name": "3",
"shutdown": null,
"ip": {
"no-address": {
"address": "false"
}
},
"mop": {
"enabled": "false",
"sysid": "false"
},
"negotiation": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet",
"auto": "true"
}
}
],
"Loopback": {
"name": "0",
"ip": {
"address": {
"primary": {
"address": "1.1.1.1",
"mask": "255.255.255.255"
}
}
}
}
},
"control-plane": null,
"logging": {
"history": {
"severity-level": "debugging"
},
"snmp-trap": {
"alerts": null,
"critical": null,
"debugging": null,
"emergencies": null,
"errors": null,
"informational": null,
"notifications": null,
"warnings": null
}
},
"aaa": {
"new-model": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"
},
"authorization": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-aaa",
"exec": {
"name": "default",
"a1": {
"local": null
}
}
},
"session-id": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-aaa",
"#text": "common"
}
},
"multilink": {
"bundle-name": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-ppp",
"#text": "authenticated"
}
},
"redundancy": null,
"spanning-tree": {
"extend": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree",
"system-id": null
}
},
"subscriber": {
"templating": null
},
"crypto": {
"pki": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-crypto",
"certificate": {
"chain": {
"name": "TP-self-signed-3557997392",
"certificate": {
"serial": "01",
"certtype": "self-signed"
}
}
},
"trustpoint": {
"id": "TP-self-signed-3557997392",
"enrollment": {
"selfsigned": null
},
"revocation-check": "none",
"rsakeypair": {
"key-label": "TP-self-signed-3557997392"
},
"subject-name": "cn=IOS-Self-Signed-Certificate-3557997392"
}
}
},
"router": {
"ospf": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-ospf",
"id": "1",
"router-id": "1.1.1.1",
"redistribute": {
"connected": {
"redist-options": {
"subnets": null
}
}
},
"network": {
"ip": "0.0.0.0",
"mask": "255.255.255.255",
"area": "0"
}
}
},
"snmp-server": {
"community": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-snmp",
"name": "tomato",
"RO": null
},
"enable": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-snmp",
"enable-choice": {
"traps": {
"aaa_server": null,
"ospfv3": {
"state-change": null,
"errors": null
},
"ike": {
"policy": {
"add": null,
"delete": null
},
"tunnel": {
"start": null,
"stop": null
}
},
"alarms": {
"alarm-type": "informational"
},
"atm": {
"subif": null
},
"auth-framework": {
"sec-violation": null
},
"bfd": null,
"bulkstat": {
"collection": null,
"transfer": null
},
"call-home": {
"message-send-fail": null,
"server-fail": null
},
"casa": null,
"cef": {
"resource-failure": null,
"peer-state-change": null,
"peer-fib-state-change": null,
"inconsistency": null
},
"cnpd": null,
"config": null,
"config-copy": null,
"config-ctid": null,
"cpu": {
"threshold": null
},
"dial": null,
"dlsw": null,
"ds1": null,
"dsp": {
"card-status": null,
"oper-state": null
},
"eigrp": null,
"entity": null,
"entity-diag": {
"boot-up-fail": null,
"hm-test-recover": null,
"hm-thresh-reached": null,
"scheduled-test-fail": null
},
"ether-oam": null,
"ethernet": {
"cfm": {
"alarm": null,
"cc": {
"config": null,
"cross-connect": null,
"loop": null,
"mep-down": null,
"mep-up": null
},
"crosscheck": {
"mep-missing": null,
"mep-unknown": null,
"service-up": null
}
},
"evc": {
"create": null,
"delete": null,
"status": null
}
},
"event-manager": null,
"firewall": {
"serverstatus": null
},
"flowmon": null,
"frame-relay": {
"multilink": {
"bundle-mismatch": null
},
"subif": null
},
"fru-ctrl": null,
"hsrp": null,
"ipmulticast": null,
"ipsec": {
"cryptomap": {
"add": null,
"attach": null,
"delete": null,
"detach": null
},
"tunnel": {
"start": null,
"stop": null
},
"too-many-sas": null
},
"ipsla": null,
"isis": null,
"l2tun": {
"session": null,
"pseudowire": {
"status": null
}
},
"license": null,
"memory": {
"bufferpeak": null
},
"mpls": {
"traffic-eng": null,
"fast-reroute": {
"protected": null
},
"rfc": {
"ldp": null
},
"ldp": null,
"vpn": null
},
"msdp": null,
"mvpn": null,
"nhrp": {
"nhs": null,
"nhc": null,
"nhp": null,
"quota-exceeded": null
},
"ospf": {
"state-change": null,
"errors": null,
"retransmit": null,
"lsa": null,
"cisco-specific": {
"state-change": {
"nssa-trans-change": null,
"shamlink": {
"interface": null,
"neighbor": null
}
},
"errors": null,
"retransmit": null,
"lsa": null
}
},
"pim": {
"invalid-pim-message": null,
"neighbor-change": null,
"rp-mapping-change": null
},
"pppoe": null,
"pw": {
"vc": null
},
"resource-policy": null,
"rf": null,
"rsvp": null,
"snmp": {
"authentication": null,
"coldstart": null,
"linkdown": null,
"linkup": null,
"warmstart": null
},
"syslog": null,
"transceiver": {
"all": null
},
"tty": null,
"voice": null,
"vrfmib": {
"vrf-up": null,
"vrf-down": null,
"vnet-trunk-up": null,
"vnet-trunk-down": null
},
"vrrp": null
}
}
}
},
"license": {
"udi": {
"pid": "CSR1000V",
"sn": "9X9HKZK2QUX"
}
},
"line": {
"console": {
"first": "0",
"stopbits": "1"
},
"vty": {
"first": "0",
"last": "4",
"exec-timeout": {
"minutes": "0",
"seconds": "0"
}
}
},
"diagnostic": {
"@xmlns": "http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics",
"bootup": {
"level": "minimal"
}
}
}
}
}
}
実行結果についての説明
機器のアドレス/username/passwordについて
スクリプトの中では、ルータに接続するためのアドレスとして、172.16.62.152を指定していますが、これはルータ上でshow ip int briを実行して確認できるアドレスを使っています。このテスト環境のマネージメントインタフェースは、DHCPでアドレスを取得するように設定されているため、実際の環境に合わせて変更してください。
機器にログインするためのユーザー名とパスワードは、ciscoを使用しています。
payload部分について
今回の重要なポイントとして、payloadで記述されている内容だと思います。この部分がshow runと実行するコマンドと同じような内容となります。
payload = """
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"/>
</filter>
"""
「なんや、何言うてるか全然分からへん…」という感じになりますが、このpayload部分を変更すれば、「色々な情報が取得できそうだ」というくらいにしておきましょう。
ここでは、IOS-XEを使用していますので、Cisco-IOS-XE-nativeのような文字が記述されていますが、YANG データモデルとして分類すると、大きく下記の2つに分かれます。
- Open Models
- IETF
- Native Models
- IOS-XR platforms
- NX-OS platforms
- IOS-XE platforms
特定のメーカーに依存しない 標準的なデータモデル と 各OS専用のデータモデル がありますので、取得する機器と対象となる値によって変更する必要があることを意識してください。
「急に、データモデルとか言われても、どないしたらええねん…」
とりあえずは、実際に試してから考えましょうか。
この後で紹介しますが、YangExplorerというツールを使うと、payload部分が簡単に確認できます。
これを利用すれば、スクリプトを書かなくても NETCONF/YANG の動作が確認できますし、[Python]というボタンをクリックすれば、ncclientを使って動作するサンプルスクリプトを生成してくれます。
生成されたサンプルスクリプトをローカルに保存してから実行しても良いですし、payload部分を参考にすれば、どのように記述すれば良いかが理解し易いと思います。
YangExplorer
インストール手順などの詳細については、下記のDevNetで確認してみてください。
https://github.com/CiscoDevNet/yang-explorer
最後に
ネットワーク機器にログインして、コマンドを入力して状態の確認や設定を変更するような対話形式が一般的な操作方法ですが、例えば、show interfaceコマンドの結果からカウンター値を確認しようとすると、コマンドの出力結果はテキストですので、正規表現を駆使して必要な値を抽出するような場合を想定すると、データモデルとして定義されている方が使い勝手が良い場合もあると思います。
「SNMP の MIB で get したらええんちゃうの」
もちろん、それも良いですね。