The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Enabling RESTCONF in IOS-XE
  • RESTCONF on IOS-XR
  • Using RESTCONF with CSR1000v
  • RESTCONF HTTP Operations
  • Further Reading
  1. Misc
  2. Automation and Assurance

RESTCONF

RESTCONF is a relatively new extension to NETCONF, with RFC8040 published in 2017. RESTCONF uses the same YANG models as NETCONF but with an HTTP-based interface instead of SSH-based.

RESTCONF allows for data to be encoded in JSON or XML. However, instead of application-type/json you use application/yang-data+json or application/yang-data+xml for Content-Type and Accept headers.

RESTCONF uses common REST verbs such as GET, POST, PUT, DELETE instead of NETCONF RPC actions.

Because RESTCONF is essentially a sub-set of NETCONF, not all NETCONF features are supported with RESTCONF. RESTCONF is stateless and lacks the ability to configure multiple datastores and preform datastore locking. There is no candidate config or commit operation. Because of this there is also no ability to preform network-wide transactions, in which a single change that fails on one device rolls back the change on all devices. However, the tradeoff for losing these stateful features is a RESTful API that uses familiar HTTP operations and JSON data encoding. Put simply, RESTCONF is not a replacement for NETCONF.

Enabling RESTCONF in IOS-XE

To enable RESTCONF we simply need to turn on the feature and enable HTTPS server:

restconf
ip http secure-server

To verify that RESTCONF is running we can use the following show command:

Router#show platform software yang-management process
confd            : Running    
nesd             : Running    
syncfd           : Running    
ncsshd           : Not Running
dmiauthd         : Running    
nginx            : Running    
ndbmand          : Running    
pubd             : Running

confd I believe is the same ConfD YANG agent that was developed by Tail-F. This is a web server that processes RESTCONF requests. nginx is essentially a proxy server that proxies HTTPS and transfers traffic to confd on the “backend.” ncsshd is the only process which isn’t running, which is the netconfd SSH daemon. Interestingly, nginx will be running whether or not RESTCONF is enabled.

RESTCONF on IOS-XR

RESTCONF is not supported on IOS-XR. YANG can only use NETCONF or gRPC on IOS-XR.

Using RESTCONF with CSR1000v

In this short lab we will use Postman to examine how RESTCONF works on a CSR1000v. Every HTTP request must have basic authorization which won’t be included in the screenshots.

RESTCONF URIs follow this format:

https://<device>/restconf/data/<yang module>/<leaf>

To look at the ietf-interfaces:interfaces model we use the following URI:

https://{{csr1000v_ipaddress}}/restconf/data/ietf-interfaces:interfaces

Let’s filter this output to only Gi3 by appending /interface=GigabitEthernet3

Now let’s configure an IP address by using Gi1 as a model from the previous output, pasting it to our body and editing it. We will need to set a header for Content-Type:application/yang-data+json and change the HTTP method to PUT. This is because the interface already exists on the router and we are editing it, not creating it. If we created a new interface like Loopback99 then we would POST.

  • A 204 No Content means the change was accepted.

If we do a GET on the interface again, we can see our change was applied:

To preform a wr mem we can POST to https://{{csr1000v_ipaddress}}/restconf/operations/cisco-ia:save-config/ with an empty body.

RESTCONF HTTP Operations

Operation
NETCONF RPC Operation
Use

GET

<get> and <get-config>

Get data from a resource

POST

<edit-config>

Create a resource

PUT

<edit-config>

Create or replace a resource

PATCH

<edit-config>

Merge configuration with target resource

DELETE

<edit-config>

Delete a resource

The difference between POST, PUT, and PATCH can be a little confusing. In general, POST is only used to create a new resource. But what about PUT vs. PATCH? PUT is used to completely replace a configuration, and PATCH is used to add configuration alongside existing configuration. An example will help.

Let’s say we have the following configuration on Lo99:

interface Loopback99
 no ip address
 ipv6 address 2001:DB8:1::99/128
end

We can also see this from Postman:

If we use a PATCH, we will add another IPv6 address alongside the existing IPv6 address:

  • The only IPv6 address listed here is 2001:db8:2::99

If we do another GET we now see two IPv6 addresses:

If we do the same thing again, but using PUT, we will only see a single IPv6 address. PUT replaces the entire object, while PATCH adds configuration alongside what is already existing.

Further Reading

PreviousNETCONF In-DepthNextModel-Driven Telemetry

Last updated 2 years ago

(Source: )

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/programmability/configuration/guide/b-programmability-cg-asr9000-64x/b-programmability-cg-asr9000-64x_chapter_011.html#id_21589
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/172/b_172_programmability_cg/restconf_protocol.html
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/programmability/configuration/guide/b-programmability-cg-asr9000-64x/b-programmability-cg-asr9000-64x_chapter_011.html#id_21589
https://developer.cisco.com/learning/tracks/netprog-eng/intro-device-level-interfaces/intro-restconf/introduction/
PUT to the Lo99 interface with a new IPv6 address
A GET shows that the previous PUT operation completely replaced the Lo99 config