This repository was archived by the owner on Oct 11, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
06. Openconfig demo using NetConf over SSH
Khelil Sator edited this page May 31, 2017
·
1 revision
NETCONF protocol is defined in the RFC 6241
It provides mechanisms to manipulate the configuration of network devices with remote procedure calls (RPCs).
This is a very important protocol as this is one of the main building block for network automation.
There are many NetConf implementations available.
ncclient is a Netconf Client python library.
Many tools use NetConf under the hood: PyEZ (Python library for Junos) uses ncclient, the ansible modules for Junos uses PyEZ, ...
In the below sections, we are using an SSH connection to send RPCs inside a NetConf session. So we are using low level NetConf operations (which might look complex).
As indicated above, PyEZ and Ansible use NetConf under the hood. These tools are easier to use: they provide a higher level of abstraction.
NetConf over SSH is discussed in a separate RFC (6242)
In order to open a NetConf session inside an SSH connection, there are two options:
- we can establish an SSH connection to a NetConf server, and then run the command netconf.
- we can invoke the NetConf subsystem using the following command (the -s option causes the command netconf to be invoked): ssh device -s netconf -p 830
Once the NetConf session is open, the NetConf server advertises its capabilities.
The NetConf server is the Junos device.
In the below example, the NetConf server has the candidate capability, confirmed-commit capability, validate capability ...: They are defined in the RFC 6241.
We can use the command netconf in an SSH connection (rfc 6242)
$ ssh [email protected]
Password:
lab@fabric-01> netconf
<!-- No zombies were killed during the creation of this user interface -->
<!-- user juniper, class j-super-user -->
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
<capability>http://xml.juniper.net/netconf/junos/1.0</capability>
<capability>http://xml.juniper.net/dmi/system/1.0</capability>
</capabilities>
<session-id>97792</session-id>
</hello>
]]>]]>
We can use the option -s netconf in an SSH connection (rfc 6242) (the -s option causes the command netconf to be invoked):
$ ssh [email protected] -s netconf
Password:
Password:
<!-- No zombies were killed during the creation of this user interface -->
<!-- user juniper, class j-super-user -->
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
<capability>http://xml.juniper.net/netconf/junos/1.0</capability>
<capability>http://xml.juniper.net/dmi/system/1.0</capability>
</capabilities>
<session-id>96533</session-id>
</hello>
]]>]]>
In the below example, the interface xe-0/0/0 is already configured (with the Junos model, not the OpenConfig models) on the device fabric-01.
We can use the operation get-config with a subtree filter to check if the interface xe-0/0/0 is already configured in the running (i.e active) configuration:
]]>]]>
<rpc>
<get-config>
<source>
<running/>
</source>
<filter type="subtree">
<configuration>
<interfaces>
<interface>
<name>xe-0/0/0</name>
</interface>
</interfaces>
</configuration>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" junos:commit-seconds="1475224790" junos:commit-localtime="2016-09-30 08:39:50 UTC" junos:commit-user="juniper">
<interfaces>
<interface>
<name>xe-0/0/0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>192.168.1.1/24</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
</configuration>
</data>
</rpc-reply>
]]>]]>
The routing policies configuration is not yet configured.
We will configure them using the Junos model (not the OpenConfig models).
We can use the operation get-config with a filter to retrieve the policy-options subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<configuration>
<policy-options>
</policy-options>
</configuration>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration>
</configuration>
</data>
</rpc-reply>
]]>]]>
Let's use the lock operation in order to lock the candidate configuration:
]]>]]>
<rpc><lock><target><candidate/></target></lock></rpc>]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's use the edit-config operation to load a configuration (Junos policy-options details) on the candidate configuration:
]]>]]>
<rpc>
<edit-config>
<target>
<candidate/>
</target>
<default-operation>merge</default-operation>
<config>
<configuration>
<policy-options>
<policy-statement>
<name>bgp-in</name>
<then>
<accept/>
</then>
</policy-statement>
<policy-statement>
<name>bgp-out</name>
<then>
<accept/>
</then>
</policy-statement>
</policy-options>
</configuration>
</config>
</edit-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the policy-options subtree from the candidate configuration:
<rpc>
<get-config>
<source><candidate/></source>
<filter type="subtree">
<configuration>
<policy-options>
</policy-options>
</configuration>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" junos:changed-seconds="1475225602" junos:changed-localtime="2016-09-30 08:53:22 UTC">
<policy-options>
<policy-statement>
<name>bgp-in</name>
<then>
<accept/>
</then>
</policy-statement>
<policy-statement>
<name>bgp-out</name>
<then>
<accept/>
</then>
</policy-statement>
</policy-options>
</configuration>
</data>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the policy-options subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<configuration>
<policy-options>
</policy-options>
</configuration>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration>
</configuration>
</data>
</rpc-reply>
]]>]]>
Let's perform a commit operation to commit the candidate configuration:
]]>]]>
<rpc><commit/></rpc>]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the policy-options subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<configuration>
<policy-options>
</policy-options>
</configuration>
</filter>
</get-config>
</rpc>
]]>]]><rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" junos:commit-seconds="1475226093" junos:commit-localtime="2016-09-30 09:01:33 UTC" junos:commit-user="juniper">
<policy-options>
<policy-statement>
<name>bgp-in</name>
<then>
<accept/>
</then>
</policy-statement>
<policy-statement>
<name>bgp-out</name>
<then>
<accept/>
</then>
</policy-statement>
</policy-options>
</configuration>
</data>
</rpc-reply>
]]>]]>
BGP is not yet configured. We will configure it using the OpenConfig models.
Let's use the operation get-config with a filter to retrieve the BGP (OpenConfig) subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<configuration>
</configuration>
</data>
</rpc-reply>
]]>]]>
Let's use the edit-config operation to load a configuration (BGP OpenConfig) on the candidate configuration:
]]>]]>
<rpc>
<edit-config>
<target>
<candidate/>
</target>
<default-operation>merge</default-operation>
<config>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
<config>
<peer-as>110</peer-as>
<peer-group>OC</peer-group>
</config>
</neighbor>
</neighbors>
<peer-groups>
<peer-group>
<peer-group-name>OC</peer-group-name>
<config>
<local-as>104</local-as>
<peer-type>EXTERNAL</peer-type>
</config>
<apply-policy>
<config>
<import-policy>bgp-in</import-policy>
<export-policy>bgp-out</export-policy>
</config>
</apply-policy>
</peer-group>
</peer-groups>
</bgp>
</config>
</edit-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's perform a commit operation:
]]>]]>
<rpc>
<commit/>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the BGP (OpenConfig) subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
</neighbors>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
<config>
<peer-as>110</peer-as>
<peer-group>OC</peer-group>
</config>
</neighbor>
</neighbors>
</bgp>
</data>
</rpc-reply>
]]>]]>
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
</neighbor>
</neighbors>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
<config>
<peer-as>110</peer-as>
<peer-group>OC</peer-group>
</config>
</neighbor>
</neighbors>
</bgp>
</data>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the ip address of the BGP neighbors configured in the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address/>
</neighbor>
</neighbors>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
</neighbor>
</neighbors>
</bgp>
</data>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve a specific neighbor subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>10.10.0.2</neighbor-address>
</neighbor>
</neighbors>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<neighbors>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
<config>
<peer-as>110</peer-as>
<peer-group>OC</peer-group>
</config>
</neighbor>
</neighbors>
</bgp>
</data>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve a specific BGP group subtree from the active configuration:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<peer-groups>
<peer-group>
<peer-group-name>OC</peer-group-name>
</peer-group>
</peer-groups>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<peer-groups>
<peer-group>
<peer-group-name>OC</peer-group-name>
<config>
<local-as>104</local-as>
<peer-type>EXTERNAL</peer-type>
</config>
<apply-policy>
<config>
<import-policy>bgp-in</import-policy>
<export-policy>bgp-out</export-policy>
</config>
</apply-policy>
</peer-group>
</peer-groups>
</bgp>
</data>
</rpc-reply>
]]>]]>
Let's use the operation get-config with a filter to retrieve the policies applied to a specific BGP group:
]]>]]>
<rpc>
<get-config>
<source><running/></source>
<filter type="subtree">
<bgp xmlns="http://openconfig.net/yang/bgp">
<peer-groups>
<peer-group>
<peer-group-name>OC</peer-group-name>
<apply-policy/>
</peer-group>
</peer-groups>
</bgp>
</filter>
</get-config>
</rpc>
]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp xmlns="http://openconfig.net/yang/bgp">
<peer-groups>
<peer-group>
<peer-group-name>OC</peer-group-name>
<apply-policy>
<config>
<import-policy>bgp-in</import-policy>
<export-policy>bgp-out</export-policy>
</config>
</apply-policy>
</peer-group>
</peer-groups>
</bgp>
</data>
</rpc-reply>
]]>]]>
Let's use the unlock operation to unlock the candidate configuration
]]>]]>
<rpc><unlock><target><candidate/></target></unlock></rpc>]]>]]>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<ok/>
</rpc-reply>
]]>]]>
Let's use the get operation to audit the BGP operationnal states
<rpc><get><filter type="xpath" source="/bgp"/></get></rpc>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/16.1I0/junos">
<data>
<bgp>
<global>
<state>
<as>0</as>
<router-id>100.0.0.1</router-id>
<total-paths>43</total-paths>
<total-prefixes>43</total-prefixes>
</state>
<route-selection-options>
<state>
<always-compare-med>false</always-compare-med>
<ignore-as-path-length>false</ignore-as-path-length>
<external-compare-router-id>false</external-compare-router-id>
<advertise-inactive-routes>false</advertise-inactive-routes>
</state>
</route-selection-options>
<confederation>
<state>
<enabled>false</enabled>
<identifier>0</identifier>
</state>
</confederation>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>0</restart-time>
<stale-routes-time>0</stale-routes-time>
<helper-only>true</helper-only>
</state>
</graceful-restart>
</global>
<neighbors>
<neighbor>
<neighbor-address>172.16.0.8</neighbor-address>
<state>
<peer-as>65011</peer-as>
<local-as>65001</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<session-state>ESTABLISHED</session-state>
<supported-capabilities>
MPBGP
</supported-capabilities>
<supported-capabilities>
ROUTE_REFRESH
</supported-capabilities>
<supported-capabilities>
GRACEFUL_RESTART
</supported-capabilities>
<peer-group>underlay-ipfabric</peer-group>
<session-status>RUNNING</session-status>
<session-admin-status>START</session-admin-status>
<session-established-transitions>1</session-established-transitions>
<interface-error>false</interface-error>
<neighbor-address>172.16.0.8</neighbor-address>
<enabled>true</enabled>
<messages>
<sent>
<UPDATE>54</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</sent>
<received>
<UPDATE>19</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</received>
</messages>
<queues>
<input>0</input>
<output>0</output>
</queues>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
<uptime>6104700</uptime>
<negotiated-hold-time>90</negotiated-hold-time>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>true</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>172.16.0.9</local-address>
<local-port>54393</local-port>
<remote-address>172.16.0.8</remote-address>
<remote-port>179</remote-port>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
<erroneous-update-messages>0</erroneous-update-messages>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>true</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>true</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
<received>true</received>
<advertised>true</advertised>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<active>true</active>
<prefixes>
<received>7</received>
<sent>13</sent>
<installed>3</installed>
</prefixes>
<prefix-limit-exceeded>false</prefix-limit-exceeded>
<total-paths>7</total-paths>
<total-prefixes>7</total-prefixes>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
<peer-restart-time>120</peer-restart-time>
<peer-restarting>false</peer-restarting>
<local-restarting>false</local-restarting>
<mode>HELPER_ONLY</mode>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-ipclos-in
</import-policy>
<export-policy>
bgp-ipclos-out
</export-policy>
</state>
</apply-policy>
</neighbor>
<neighbor>
<neighbor-address>172.16.0.12</neighbor-address>
<state>
<peer-as>65012</peer-as>
<local-as>65001</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<session-state>ESTABLISHED</session-state>
<supported-capabilities>
MPBGP
</supported-capabilities>
<supported-capabilities>
ROUTE_REFRESH
</supported-capabilities>
<supported-capabilities>
GRACEFUL_RESTART
</supported-capabilities>
<peer-group>underlay-ipfabric</peer-group>
<session-status>RUNNING</session-status>
<session-admin-status>START</session-admin-status>
<session-established-transitions>1</session-established-transitions>
<interface-error>false</interface-error>
<neighbor-address>172.16.0.12</neighbor-address>
<enabled>true</enabled>
<messages>
<sent>
<UPDATE>54</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</sent>
<received>
<UPDATE>19</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</received>
</messages>
<queues>
<input>0</input>
<output>0</output>
</queues>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
<uptime>6105500</uptime>
<negotiated-hold-time>90</negotiated-hold-time>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>true</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>172.16.0.13</local-address>
<local-port>55346</local-port>
<remote-address>172.16.0.12</remote-address>
<remote-port>179</remote-port>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
<erroneous-update-messages>0</erroneous-update-messages>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>true</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>true</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
<received>true</received>
<advertised>true</advertised>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<active>true</active>
<prefixes>
<received>7</received>
<sent>11</sent>
<installed>3</installed>
</prefixes>
<prefix-limit-exceeded>false</prefix-limit-exceeded>
<total-paths>7</total-paths>
<total-prefixes>7</total-prefixes>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
<peer-restart-time>120</peer-restart-time>
<peer-restarting>false</peer-restarting>
<local-restarting>false</local-restarting>
<mode>HELPER_ONLY</mode>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-ipclos-in
</import-policy>
<export-policy>
bgp-ipclos-out
</export-policy>
</state>
</apply-policy>
</neighbor>
<neighbor>
<neighbor-address>172.16.0.16</neighbor-address>
<state>
<peer-as>65013</peer-as>
<local-as>65001</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<session-state>ESTABLISHED</session-state>
<supported-capabilities>
MPBGP
</supported-capabilities>
<supported-capabilities>
ROUTE_REFRESH
</supported-capabilities>
<supported-capabilities>
GRACEFUL_RESTART
</supported-capabilities>
<peer-group>underlay-ipfabric</peer-group>
<session-status>RUNNING</session-status>
<session-admin-status>START</session-admin-status>
<session-established-transitions>1</session-established-transitions>
<interface-error>false</interface-error>
<neighbor-address>172.16.0.16</neighbor-address>
<enabled>true</enabled>
<messages>
<sent>
<UPDATE>60</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</sent>
<received>
<UPDATE>19</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</received>
</messages>
<queues>
<input>0</input>
<output>0</output>
</queues>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
<uptime>6105100</uptime>
<negotiated-hold-time>90</negotiated-hold-time>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>true</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>172.16.0.17</local-address>
<local-port>57688</local-port>
<remote-address>172.16.0.16</remote-address>
<remote-port>179</remote-port>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
<erroneous-update-messages>0</erroneous-update-messages>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>true</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>true</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
<received>true</received>
<advertised>true</advertised>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<active>true</active>
<prefixes>
<received>7</received>
<sent>13</sent>
<installed>3</installed>
</prefixes>
<prefix-limit-exceeded>false</prefix-limit-exceeded>
<total-paths>7</total-paths>
<total-prefixes>7</total-prefixes>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
<peer-restart-time>120</peer-restart-time>
<peer-restarting>false</peer-restarting>
<local-restarting>false</local-restarting>
<mode>HELPER_ONLY</mode>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-ipclos-in
</import-policy>
<export-policy>
bgp-ipclos-out
</export-policy>
</state>
</apply-policy>
</neighbor>
<neighbor>
<neighbor-address>172.16.0.20</neighbor-address>
<state>
<peer-as>65014</peer-as>
<local-as>65001</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<session-state>ESTABLISHED</session-state>
<supported-capabilities>
MPBGP
</supported-capabilities>
<supported-capabilities>
ROUTE_REFRESH
</supported-capabilities>
<supported-capabilities>
GRACEFUL_RESTART
</supported-capabilities>
<peer-group>underlay-ipfabric</peer-group>
<session-status>RUNNING</session-status>
<session-admin-status>START</session-admin-status>
<session-established-transitions>1</session-established-transitions>
<interface-error>false</interface-error>
<neighbor-address>172.16.0.20</neighbor-address>
<enabled>true</enabled>
<messages>
<sent>
<UPDATE>45</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</sent>
<received>
<UPDATE>19</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</received>
</messages>
<queues>
<input>0</input>
<output>0</output>
</queues>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
<uptime>6105900</uptime>
<negotiated-hold-time>90</negotiated-hold-time>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>true</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>172.16.0.21</local-address>
<local-port>61761</local-port>
<remote-address>172.16.0.20</remote-address>
<remote-port>179</remote-port>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
<erroneous-update-messages>0</erroneous-update-messages>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>true</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>true</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
<received>true</received>
<advertised>true</advertised>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<active>true</active>
<prefixes>
<received>7</received>
<sent>11</sent>
<installed>3</installed>
</prefixes>
<prefix-limit-exceeded>false</prefix-limit-exceeded>
<total-paths>7</total-paths>
<total-prefixes>7</total-prefixes>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
<peer-restart-time>120</peer-restart-time>
<peer-restarting>false</peer-restarting>
<local-restarting>false</local-restarting>
<mode>HELPER_ONLY</mode>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-ipclos-in
</import-policy>
<export-policy>
bgp-ipclos-out
</export-policy>
</state>
</apply-policy>
</neighbor>
<neighbor>
<neighbor-address>192.168.1.2</neighbor-address>
<state>
<peer-as>110</peer-as>
<local-as>104</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<session-state>ESTABLISHED</session-state>
<supported-capabilities>
MPBGP
</supported-capabilities>
<supported-capabilities>
ROUTE_REFRESH
</supported-capabilities>
<supported-capabilities>
GRACEFUL_RESTART
</supported-capabilities>
<peer-group>OC</peer-group>
<session-status>RUNNING</session-status>
<session-admin-status>START</session-admin-status>
<session-established-transitions>1</session-established-transitions>
<interface-error>false</interface-error>
<neighbor-address>192.168.1.2</neighbor-address>
<enabled>true</enabled>
<messages>
<sent>
<UPDATE>11</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</sent>
<received>
<UPDATE>12</UPDATE>
<NOTIFICATION>0</NOTIFICATION>
</received>
</messages>
<queues>
<input>0</input>
<output>0</output>
</queues>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
<uptime>4774700</uptime>
<negotiated-hold-time>90</negotiated-hold-time>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>false</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>192.168.1.1</local-address>
<local-port>179</local-port>
<remote-address>192.168.1.2</remote-address>
<remote-port>61327</remote-port>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
<erroneous-update-messages>0</erroneous-update-messages>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>false</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>false</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
<received>true</received>
<advertised>true</advertised>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<active>true</active>
<prefixes>
<received>15</received>
<sent>15</sent>
<installed>5</installed>
</prefixes>
<prefix-limit-exceeded>false</prefix-limit-exceeded>
<total-paths>15</total-paths>
<total-prefixes>15</total-prefixes>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
<peer-restart-time>120</peer-restart-time>
<peer-restarting>false</peer-restarting>
<local-restarting>false</local-restarting>
<mode>HELPER_ONLY</mode>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-in
</import-policy>
<export-policy>
bgp-out
</export-policy>
</state>
</apply-policy>
</neighbor>
</neighbors>
<peer-groups>
<peer-group>
<peer-group-name>underlay-ipfabric</peer-group-name>
<state>
<peer-as>65014</peer-as>
<local-as>65001</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<peer-group-name>underlay-ipfabric</peer-group-name>
<total-paths>28</total-paths>
<total-prefixes>28</total-prefixes>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>true</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>172.16.0.21</local-address>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>true</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>true</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-ipclos-in
</import-policy>
<export-policy>
bgp-ipclos-out
</export-policy>
</state>
</apply-policy>
</peer-group>
<peer-group>
<peer-group-name>OC</peer-group-name>
<state>
<peer-as>110</peer-as>
<local-as>104</local-as>
<peer-type>EXTERNAL</peer-type>
<auth-password>(null)</auth-password>
<remove-private-as>0</remove-private-as>
<route-flap-damping>false</route-flap-damping>
<description>(null)</description>
<peer-group-name>OC</peer-group-name>
<total-paths>15</total-paths>
<total-prefixes>15</total-prefixes>
</state>
<timers>
<state>
<connect-retry>0</connect-retry>
<hold-time>90</hold-time>
<keepalive-interval>30</keepalive-interval>
<minimum-advertisement-interval>0</minimum-advertisement-interval>
</state>
</timers>
<transport>
<state>
<tcp-mss>0</tcp-mss>
<mtu-discovery>false</mtu-discovery>
<passive-mode>false</passive-mode>
<local-address>192.168.1.1</local-address>
</state>
</transport>
<error-handling>
<state>
<treat-as-withdraw>false</treat-as-withdraw>
</state>
</error-handling>
<logging-options>
<state>
<log-neighbor-state-changes>true</log-neighbor-state-changes>
</state>
</logging-options>
<ebgp-multihop>
<state>
<enabled>false</enabled>
<multihop-ttl>0</multihop-ttl>
</state>
</ebgp-multihop>
<route-reflector>
<state>
<route-reflector-cluster-id>zero-len</route-reflector-cluster-id>
<route-reflector-client>false</route-reflector-client>
</state>
</route-reflector>
<as-path-options>
<state>
<allow-own-as>1</allow-own-as>
<replace-peer-as>false</replace-peer-as>
</state>
</as-path-options>
<use-multiple-paths>
<state>
<enabled>false</enabled>
</state>
<ebgp>
<state>
<allow-multiple-as>false</allow-multiple-as>
<maximum-paths>16</maximum-paths>
</state>
</ebgp>
<ibgp>
<state>
<maximum-paths>16</maximum-paths>
</state>
</ibgp>
</use-multiple-paths>
<afi-safis>
<afi-safi>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<graceful-restart>
<state>
<enabled>true</enabled>
</state>
</graceful-restart>
<state>
<afi-safi-name>IPV4_UNICAST</afi-safi-name>
<enabled>false</enabled>
<prefix-limit>
<state>
<max-prefixes>0</max-prefixes>
<shutdown-threshold-pct>0</shutdown-threshold-pct>
<restart-timer>0</restart-timer>
</state>
</prefix-limit>
</state>
<add-paths>
<receive>false</receive>
<send-max>0</send-max>
</add-paths>
</afi-safi>
</afi-safis>
<graceful-restart>
<state>
<enabled>false</enabled>
<restart-time>120</restart-time>
<stale-routes-time>300</stale-routes-time>
<helper-only>true</helper-only>
</state>
</graceful-restart>
<apply-policy>
<state>
<import-policy>
bgp-in
</import-policy>
<export-policy>
bgp-out
</export-policy>
</state>
</apply-policy>
</peer-group>
</peer-groups>
</bgp>
<database-status-information>
</database-status-information>
</data>
</rpc-reply>
]]>]]>
Let's gracefully close the NetConf session:
<rpc><close-session></close-session></rpc>]]>]]>