# Device Programmability

Hello Rene,

I have been watching videos about Device Programmability and Automation for last two months. It seems Netconf and Restconf more complicated compared to Netmiko or Ansible. Besides that I see a lot of companies asking for Restconf. I think we can do a lot of configurations easily by using Ansible. In presence of Ansible or other tools, why do companies still use Restconf and Netconf?

Thanks

Hi Sinasi,

NETCONF/RESTCONF don’t have to exclude Ansible/Netmiko. In fact, Ansible is a great way to work with NETCONF/RESTCONF.

With network automation, the CLI doesn’t work very well. It was created for humans, not scripts. You can use Ansible with regular CLI commands but you can also use it with NETCONF or RESTCONF.

Even if you use NETCONF/RESTCONF, you still need tools to talk with a device somehow. You could use a python script or something like postman. That’s great for some quick examples but not the best way to work with it every day. You could use Ansible and talk with your routers using NETCONF/RESTCONF.

https://docs.ansible.com/ansible/latest/modules/netconf_config_module.html

https://docs.ansible.com/ansible/latest/modules/restconf_get_module.html

RESTCONF/NETCONF are a better way to talk with your router/switch, Ansible is the tool you use.

Does that help?

Rene

1 Like

Hi Rene,

I created a netmiko script to do sh run on IOS-XE router and it works with Visual Studio. Can I use the same script with Postman or do I have to convert it to json first?

in other words, how can we get python scripts to work with Restconf.

Thanks

Hany

Hi Hany,

Netmiko is a library to interact with network devices through SSH. You can use it to automate things that you would normally do yourself with SSH.

Postman is (simply said) an API client. If you want to interact with your router through postman, you’ll have to use something that both postman and the router support (like RESTCONF).

If you want to use Python with RESTCONF, you can use the requests library.

Cisco DevNet has some examples. Here’s one to get the hostname of a router:

Here’s one to create a static route:

This works, but building python scripts with the requests library like this can be a pain. I looked, but there aren’t any good RESTCONF python libraries. NETCONF is probably easier, because of the excellent ncclient library.

Rene

Hi Rene,
i have a very basic question,i know from github we can get scripts,and they need to run on a linux based server to change the config on network kit.My point of confusion is, how does the linux box know to reach the network kit,is it all down to routing /static route in a vmware environment or is there a setting i have missed which points the linux box to the router eg.

Hello Naila

It simply comes down to the network connection that your Linux based Git server has to the particular network device. You create credentials for a user in the device itself (either locally or via RADIUS) and then provide those credentials to your configuration on the Linux box. Then using various options such as those described in the lesson, you can access the device and manipulate the configuration as you see fit.

I hope this has been helpful!

Laz

Edited: Just a clarification. The GIT server simply stores the code. It is where the repositories with scripts and codes are kept. If however you use something like Ansible, then you create and run your code or scripts locally, then push them to the Git server to store them. More about Ansible can be found here:

1 Like

Hi Rene,
I don’t see in ASR1001, netconf-yang or rest api container service, no solution to manage it alternative to cli. Some technology to do it?. info:

Cisco IOS XE Software, Version 03.13.04.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S4, RELEASE SOFTWARE (fc3)

cisco ASR1001 (1RU) processor (revision 1RU) with 3751503K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
8388608K bytes of physical memory.
7741439K bytes of eUSB flash at bootflash:.

thanks!!

Hello Jorge

It could be that the specific IOS doesn’t support this functionality. Looking at the Cisco Feature Navigator for your particular version of IOS, it depends on the feature set and licence that you have as shown:

However, it seems that the programmbility documentation that Cisco offers is from IOS XE Fuji 16.X and later. In order to fully take advantage of it you’ll require the newer IOS.

I hope this has been helpful!

Laz

Hi everyone,
I am quite new in RESTCONF so I would appreciate detailed instructions. I was trying to configure it using YANG models from GitHub, ( https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1693 )
My cisco ios is 16.9.3

I would like to configure a basic topology, see picture below. I know how to configure RIP using Cisco CLI, but I dont know how to do it using RESTCONF.

Thank you for you assistance.
Kristina

Hello Kristina

I suggest you first go over RESTCONF as a concept as described in the Device Programmability lesson. There you will find examples as well as practical implementations of RESTCONF for configuration. Some additional helpful content can be found at this Cisco documentation.

Once you go over those you should be in a position to begin implementation of your topology. If you run into any specific problems or issues with your configuration, please let us know more specifically about what we can help you with.

I hope this has been helpful!

Laz

Hi,
I have tried to configure RIP, and I was able to configure it using RESTCONF (i just need to test the connectivity between routers).

I have found out issue with deleting the configuration? Is it even possible?
I have RIP configured on the ROUTER and I tried to delete it using this URL:

DELETE https: //192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router
Status: 204 No Content


But if i show running config on ROUTER, i see that RIP is still configured.

Even when i run GET URL to show RIP configuration:

https: //192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router/Cisco-IOS-XE-rip:rip

https ://192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router
Status: 204 No Content


Kristina

Hi ,

What is Netconf , yang and yml file , is there any tutorial references to understand these terms and uses ?

Hello Sameer

Here are some lessons that cover these topics:

As for .yml files, these are script files written in the YAML language. This language is commonly used for configuration files and in applications where data is being stored or transmitted. It can be used for many of the same communications applications as XML, but is more human-readable, and thus more user friendly. YAML is most often used with Ansible, a network orchestration tool. You can find out more about YAML and Ansible at the following lesson:

I hope this has been helpful!

Laz

1 Like

Thanks Laz , i will go through it and will get back if there any doubts .

1 Like

Hello Kristina

I took a look at this behaviour with Rene, and it seems that this is a bug or an error in the IOS. Specifically, we tried to configure OSPF and then to remove OSPF configuration using the DELETE HTTP command, and the configuration was removed successfully.

Configuring RIP was also successful, but when it came down to deleting the configuration, it would not be removed, so we go the same results as you.

Looking further into the problem, we found the following error messages generated on the CLI of the router:

*Mar 17 10:08:32.988: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'cisco' authenticated successfully from 10.82.100.188:0 and was authorized for rest over http. External groups: PRIV15
*Mar 17 10:08:33.265: %DMI-3-CLI_GEN_FAIL: R0/0: nesd: Failed to generate CLI change set internal error (18): internal error.
*Mar 17 10:08:33.267: %DMI-5-CONFIG_I: R0/0: nesd: Configured from NETCONF/RESTCONF by cisco, transaction-id 365


Notice the error marked DMI-3-CLI_GEN_FAIL. It states “Failed to generate CLI change set internal error (18): internal error.” I was unable to find information about such an error online, but it seems to indicate that there is an error as far as the IOS is concerned.

Specifically, we were using the following IOS version:

Note that the “Status: 204 No Content” is not actually a problem, as many commands don’t actually result in a response that contains content. 204 states that the command was sent successfully, but the device doesn’t necessarily send a response back, and in many cases this is normal behaviour. You need to go into the device to verify your changes.

I hope this has been helpful!

Laz

Hi,

just one question on which I can’t find any answers on line.

What is “arpgmp”, why you are using “arpgmp” and not “ARP”?

I can’t understand what this “gmp” is.

Thanks

Hi all

I want information please how i can learn and implement restconf language ?
i want know how i can make practise with restconf language
and wich are the step to implement its?

thanks

Hello Ugo

You can find out more about RESTCONF at the following lesson:

Included in this lesson, you will find some examples of the implementation of RESTCONF and how it works as well as some implementations that you can try as well. Some additional resources you may find useful include:

I hope this has been helpful!

Laz

very very thanks i will look

1 Like

Hello,

I ma using your postman restconf collection to do a restconf lab on EVE-NG VM with the IOS-XE
“Cisco IOS Software [Everest], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.7”
I followed the exact same steps to configure the router and Postman but still not working:
I am getting: “Could not get any response” in Postman right away when I click send
SSL certificate is turned off
Postman is running on my host and I can ping the router. could you please give some hints for troubleshooting…thanks

logs show this error but no clue how to resolve it:

Error: write EPROTO 6900:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\users\administrator\buildkite-agent\builds\pm-electron\postman\electron-release\vendor\node\deps\openssl\openssl\ssl\record\rec_layer_s3.c:1407:SSL alert number 40

Hany