NETCONF Monitoring
You can query Junos devices to retrieve NETCONF state information and supported schemas from the NETCONF server.
Junos devices support concurrent management sessions from multiple local and remote NETCONF clients. At times, you need visibility into the active NETCONF sessions on a device as well as information about NETCONF server statistics and support. Having easy access to NETCONF state information enables you to more effectively manage your network devices.
The NETCONF monitoring data model provides operational information about the NETCONF server. NETCONF clients can query a Junos device to retrieve NETCONF state information from the NETCONF server. Clients can request information for NETCONF capabilities, NETCONF sessions and statistics, configuration datastores, and supported schemas.
For more information about the NETCONF monitoring model, see RFC 6022, YANG Module for NETCONF Monitoring.
NETCONF State Information Overview
The NETCONF monitoring data model defines the NETCONF server's operational data. The
netconf-state
container comprises subtrees that define and
include the data for the different areas of operation.
Table 1
outlines the netconf-state
subtrees supported on Junos devices.
|
Description |
---|---|
|
NETCONF operations supported by the NETCONF server. |
|
Available configuration datastores, for example,
|
|
Schemas supported on the device. |
|
Active NETCONF management sessions on the device. |
|
NETCONF server performance data. |
Junos devices that support the NETCONF monitoring data model advertise this capability in the NETCONF session's capabilities exchange during session setup.
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability>urn:ietf:params:netconf:base:1.0</capability> <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability> ... <capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability> ... </capabilities> <session-id>12976</session-id> </hello> ]]>]]>
To request NETCONF state information, send a <get>
request, and
specify the netconf-state
subtree of interest, for example,
<datastores>
.
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <subtree> </netconf-state> </filter> </get> </rpc>
When you request NETCONF state information, the server's RPC reply includes the
<data>
and <netconf-state>
elements. These elements enclose the subtree for the requested information.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> ... </netconf-state> </data> </rpc-reply>
The netconf-state
<sessions>
and <statistics>
subtrees
include information about active NETCONF sessions and NETCONF server data,
respectively. Table 2 outlines the supported elements returned for these filters. The
<sessions>
data includes per-session counters. The
<statistics>
data reports global counters for the NETCONF
server.
Node | Description | Filters |
---|---|---|
|
Number of NETCONF sessions that were abnormally terminated. |
|
|
Number of incorrect RPC messages received by the server. |
|
|
Number of correct RPC messages received by the server. |
|
|
Number of NETCONF sessions started. |
|
|
Date and time when the NETCONF session was established. |
|
|
Date and time when the NETCONF server was started. |
|
|
Number of |
|
|
Number of NETCONF server RPC replies that contained an
|
|
|
NETCONF session identifier. |
|
|
IP address or hostname from which the NETCONF client connected. |
|
|
Transport protcol for the NETCONF session, for example,
|
|
|
Client identity authenticated by the NETCONF transport protocol. |
|
Retrieve NETCONF Capabilities
A NETCONF client can retrieve the NETCONF server's capabilities. The capabilities define the operations supported by the NETCONF server. The NETCONF server advertises the supported capabilities during session setup. By default, Junos devices do not advertise supported YANG modules in the capabilities list. However, you can configure the device to include them.
To request the capabilities of the NETCONF server:
The NETCONF server returns the <capabilities>
element with
the supported capabilities. The <capabilities>
information
is identical to that in the <hello>
message exchange sent
during session setup.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <capabilities> <capability>urn:ietf:params:netconf:base:1.0</capability> <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability> <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability> <capability>urn:ietf:params:netconf:capability:validate:1.0</capability> <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability> <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability> <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability> <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability> <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability> <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?scheme=http,ftp,file</capability> <capability>urn:ietf:params:xml:ns:yang:ietf-yang-metadata?module=ietf-yang-metadata&revision=2016-08-05</capability> <capability>urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring</capability> <capability>http://xml.juniper.net/netconf/junos/1.0</capability> <capability>http://xml.juniper.net/dmi/system/1.0</capability> <capability>http://yang.juniper.net/junos/jcmd?module=junos-configuration-metadata&revision=2021-09-01</capability> <capability>http://yang.juniper.net/junos/common/types?module=junos-common-types&revision=2023-01-01</capability> <capability>http://yang.juniper.net/junos/conf/access-profile?module=junos-conf-access-profile&revision=2023-01-01</capability> <capability>http://yang.juniper.net/junos/conf/access?module=junos-conf-access&revision=2023-01-01</capability> <capability>http://yang.juniper.net/junos/conf/accounting-options?module=junos-conf-accounting-options&revision=2023-01-01</capability> ... </capabilities> </netconf-state> </data> </rpc-reply>
Retrieve Configuration Datastores
The configuration datastores are the configuration databases supported on the device. When you request information about the configuration datastores, the server also returns their lock status.
To request the list of configuration datastores supported by the NETCONF server:
-
In a NETCONF session, execute a
<get>
operation for thenetconf-state/datastores
subtree.<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <datastores/> </netconf-state> </filter> </get> </rpc>
The NETCONF server returns the configuration datastores and their lock states. In
this case, the datastores include the candidate
configuration,
which has a lock on it, and the running
(active)
configuration.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <datastores> <datastore> <name>candidate</name> <locks> <locked-by-session>0</locked-by-session> <locked-time junos:seconds="1691539727">2023-08-08T17:08:47-07:00</locked-time> </locks> </datastore> <datastore> <name>running</name> </datastore> </datastores> </netconf-state> </data> </rpc-reply>
Retrieve Schemas
NETCONF clients can request the list of schemas supported on the device. By default, Junos devices return only the Junos native schemas in the supported schemas list. However, you can configure the device to include any additional supported schemas, including custom YANG modules that are installed on the device as well as standard modules, such as OpenConfig.
To request the list of supported schemas:
The device returns the list of supported schemas. The output includes the Junos native schemas. The output also include custom and standard schemas, if you configured the device to emit these schemas.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <schemas> <schema> <identifier>junos-common-types</identifier> <version>2023-01-01</version> <format>yang</format> <namespace>http://yang.juniper.net/junos/common/types</namespace> <location>NETCONF</location> </schema> <schema> <identifier>junos-conf-access-profile</identifier> <version>2023-01-01</version> <format>yang</format> <namespace>http://yang.juniper.net/junos/conf/access-profile</namespace> <location>NETCONF</location> </schema> ... </schemas> </netconf-state> </data> </rpc-reply>
The netconf-state/schemas
subtree only returns the identifiers
for the supported schemas. It does not include the actual schemas. Given the
identifer, you can retrieve a specific schema instance. To request a schema
instance in a NETCONF session:
-
Execute the
<get-schema>
operation and specify the schema identifier.<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-schema xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <identifier>schema-identifier</identifier> </get-schema> </rpc>
For example, the following RPC retrieves the
junos-conf-access-profile
schema.<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get-schema xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <identifier>junos-conf-access-profile</identifier> </get-schema> </rpc>
The NETCONF server returns the schema in YANG format, which is the default and only supported format.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> /* * Copyright (c) 2023 Juniper Networks, Inc. * All rights reserved. */ module junos-conf-access-profile { namespace "http://yang.juniper.net/junos/conf/access-profile"; prefix jc-access-profile; import junos-common-types { prefix jt; revision-date 2023-01-01; } import junos-conf-root { prefix jc; revision-date 2023-01-01; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos access-profile configuration module"; revision 2023-01-01 { description "Junos: 23.4R1.12-EVO"; } augment /jc:configuration { uses access-profile-group; } augment /jc:configuration/jc:groups { uses access-profile-group; } grouping access-profile-group { container access-profile { description "Access profile for this instance"; leaf access-profile-name { description "Profile name"; type string; } } } } </data> </rpc-reply>
Retrieve NETCONF Session Information
NETCONF clients can request a list of the active NETCONF sessions on the device. The NETCONF server returns the active sessions along with information about each session. The returned data includes per-session counters. See Table 2 for descriptions of the output fields.
For sessions where certain values are undefined, for example, internal sessions,
the default values for transport
, username
,
and source-host
are netconf-ssh
,
internal-user
, and local-host
,
respectively.
To retrieve the active NETCONF sessions on the device:
-
In a NETCONF session, execute a
<get>
operation for thenetconf-state/sessions
subtree.<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <sessions/> </netconf-state> </filter> </get> </rpc>
The NETCONF server returns the active NETCONF sessions along with the session-specific data.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <sessions> <session> <session-id>2614</session-id> <transport>netconf-ssh</transport> <username>admin</username> <source-host>10.1.1.101</source-host> <login-time junos:seconds="1691699108">2023-08-10T13:25:08-07:00</login-time> <in-rpcs>6</in-rpcs> <in-bad-rpcs>0</in-bad-rpcs> <out-rpc-errors>1</out-rpc-errors> <out-notifications>0</out-notifications> </session> <session> <session-id>2879</session-id> <transport>netconf-ssh</transport> <username>sec-admin</username> <source-host>198.51.100.11</source-host> <login-time junos:seconds="1691699237">2023-08-10T13:27:17-07:00</login-time> <in-rpcs>11</in-rpcs> <in-bad-rpcs>1</in-bad-rpcs> <out-rpc-errors>2</out-rpc-errors> <out-notifications>0</out-notifications> </session> <session> <session-id>13559</session-id> <transport>netconf-ssh</transport> <username>root</username> <source-host>local-host</source-host> <login-time junos:seconds="1689712208">2023-07-18T13:30:08-07:00</login-time> <in-rpcs>14</in-rpcs> <in-bad-rpcs>0</in-bad-rpcs> <out-rpc-errors>0</out-rpc-errors> <out-notifications>0</out-notifications> </session> </sessions> </netconf-state> </data> </rpc-reply>
Retrieve NETCONF Server Statistics
A NETCONF client can request the NETCONF server statistics for a given device.
Whereas the <netconf-state>
<sessions>
filter returns per-session counters, the
<netconf-state>
<statistics>
filter returns global counters for the NETCONF
server. See Table 2 for descriptions of the output fields.
To request NETCONF server statistics on a device:
-
In a NETCONF session, execute a
<get>
operation for thenetconf-state/statistics
subtree.<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <get> <filter type="subtree"> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <statistics/> </netconf-state> </filter> </get> </rpc>
The NETCONF server returns the global performance data for the server.
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/23.4R1.12-EVO/junos" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"> <statistics> <netconf-start-time junos:seconds="1689712174">2023-07-18T13:29:34-07:00</netconf-start-time> <in-sessions>43</in-sessions> <dropped-sessions>3</dropped-sessions> <in-rpcs>58</in-rpcs> <in-bad-rpcs>48</in-bad-rpcs> <out-rpc-errors>4</out-rpc-errors> <out-notifications>2</out-notifications> </statistics> </netconf-state> </data> </rpc-reply>