Download - NETCONF Call Home
![Page 1: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/1.jpg)
NETCONF Call Home
Rajendra Nagabhushan, senior staff engineer, ADVA Optical Networking
Vikram Darsi, senior lead engineer, ADVA Optical Networking
![Page 2: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/2.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.2
1 2 3
4 5 6
Agenda
Introduction to
Reverse SSH
(Call Home)
NETCONF Call
Home Overview
OpenDaylight
NETCONF Module
Architecture
Adding NETCONF
Call Home Support
Into OpenDaylight
Demo Future Works and Deviation (w.r.t. draft-ietf-netconf-call-home-17)
![Page 3: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/3.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.3
Introduction to Reverse SSH (Call Home)
Call Home or Reverse SSH is a technique where the SSH server initiates
a request that the SSH client establish an SSH connection to the server
PE1
InternetPE
PE
Firewall/NAT
Private Network
Management Network
![Page 4: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/4.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.4
Call Home is useful where:
• NE may be deployed behind a firewall that implements NAT
• Dynamic IP assignment
• Firewall prevents management access to internal network
• NE doesn't open any ports for management system to connect to
• The operator prefers NE to initiate management connection (easier
to secure one open port in data center)
Introduction to Reverse SSH (Call Home)
![Page 5: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/5.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.5
NETCONF Call Home Overview
NETCONF Server (NE) TCP Connection
SSH/TLS Session
NETCONF Session
NETCONF Client (Controller)
• RFC draft: https://tools.ietf.org/html/draft-ietf-netconf-call-home-17
• Enables a NETCONF server (network element or device) to initiate a
secure connection to a NETCONF client (network management system)
• Role reversal in TCP layer (while calling home, device is tcp-client)
• Other layer roles (SSH/TLS server, NETCONF server) remain the same
![Page 6: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/6.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.6
OpenDaylight NETCONF Subsystem
Reference: https://wiki.opendaylight.org/view/OpenDaylight_Controller:Netconf:Design
![Page 7: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/7.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.7
Connecting to NETCONF Device
• Method: PUT
• URI:http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device
• Headers:Accept: application/xmlContent-Type: application/xml
• Payload:<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
<node-id>new-netconf-device</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host> <port xmlns="urn:opendaylight:netconf-node-topology">17830</port><username xmlns="urn:opendaylight:netconf-node-topology">admin</username> <password xmlns="urn:opendaylight:netconf-node-topology">admin</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">0</keepalive-delay>
</node>
Reference: https://wiki.opendaylight.org/view/OpenDaylight_Conroller:Config:Examples:Netconf
![Page 8: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/8.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.8
Connecting to NETCONF Device
NetconfTopologyImpl
NetconfDeviceSalFacade
NetconfDevice
NetconfDeviceCommunicator
MD-SAL
NETCONF Device
Channel
Protocol Framework
NetconfClientDispatcherImpl
NetconfClientConfiguration
UsesAsyncSshHandler
![Page 9: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/9.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.9
Netty Channel Netty Channel Pipeline
OpenDaylight NETCONF/NETTY
Reads From Buffer
Writes Into Buffer
Buffer
Buffer
ClientChannelServer
Channel Pipeline
Outbound Handler 1
Outbound Handler 2
Outbound Handler M-1
Outbound Handler M
Inbound Handler 2
Inbound Handler N-1
Inbound Handler 1
Inbound Handler N
Socket.read() Socket.write()
Netty Internal IO threads (Transport Implementation)
IO Requests via ChannelHandlerContext
Reference: https://netty.io/
![Page 10: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/10.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.10
Adding Call Home Support to OpenDaylight
NetconfDeviceSalFacade
NetconfDevice
CallhomeDeviceCommunicator
MD-SAL
NETCONF Device
Channel
Protocol Framework
CallhomeClientDispatcherImpl
NioSocketAcceptor
NetconfCallHome
ReversedNetconfClientConfiguration
UsesReversedAsyncSshHandler
Reference: https://git.opendaylight.org/gerrit/#/c/14119/1
![Page 11: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/11.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.11
Adding Call Home Support to OpenDaylight
![Page 12: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/12.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.12
Demo
• REST Client: Postman UI to view the auto
discovered NETCONF device data, like
capabilities etc …
• ODL Controller: Installed Call Home feature
which starts TCP server on port 60830
• NETCONF Simulator: ODL NETCONF project has
a built in NETCONF simulator. This simulator is
modified to initiate TCP connection to the TCP
server in the ODL controller
REST ClientIP: 192.168.56.1
ODL Controller(With Call Home Feature)
IP: 192.168.56.101
ODL NETCONF Simulator
(Initiates TCP Connection)
IP: 192.168.56.102
![Page 13: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/13.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.13
Future Works and Deviations
• Enhancements
• Implement security considerations according to the draft-ietf-netconf-call-
home-17 recommendation
• Certificate-based authentication support
• Precautions to mitigate DoS attacks
• Deviation
• Keep-alive mechanism implemented in NETCONF client
![Page 14: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/14.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.14
Summary
• NETCONF Call Home can be integrated into OpenDaylight as a
karaf deployable feature
• Addition of Call Home doesn’t impact the functionality of any
existing OpenDaylight features
• Addition of Call Home feature is useful in many deployment
scenarios of OpenDaylight controller
![Page 15: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/15.jpg)
© 2017 ADVA Optical Networking. All rights reserved. Confidential.15
References
• NETCONF Call Home and RESTCONF Call Home RFC Draft:
https://tools.ietf.org/html/draft-ietf-netconf-call-home-17
• OpenDaylight Controller: Netconf: Design:
https://wiki.opendaylight.org/view/OpenDaylight_Controller:Netco
nf:Design
• OpenDaylight Netconf Examples:
https://wiki.opendaylight.org/view/OpenDaylight_Controller:Config
:Examples:Netconf
• Gerrit Patch by Maros Marsalek:
https://git.opendaylight.org/gerrit/#/c/14119/1
• Netty.io:
https://netty.io/4.0/api/io/netty/channel/ChannelPipeline.html
![Page 16: NETCONF Call Home](https://reader033.vdocument.in/reader033/viewer/2022061418/587ed61e1a28abdb198b6263/html5/thumbnails/16.jpg)
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.
Thank You
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.