Re: IOS XR Prefix-Set Automation

wj343 · ‎07-11-2019

I'm currently using a program called bgpq3 to generate prefix-sets off of IRR records for BGP session filtering. Once these prefix-sets are generated in IOS-XR prefix-set format by the program, I run a script that SSH's into the router and "pastes" the output of bgpq3 line-by-line to update the prefix list.

The issue is that these lists change frequently and often consist of several hundred or even thousands of lines. This results in a very long run time to update each prefix list, which I see is mainly due to the line-by-line delay of SSH.

Does IOS-XR offer any other type of API that's useful for updating prefix lists (or other types of command line-based automation)? For example, the Nexus platform offers NXAPI, which allows me to deploy dozens of commands with a single HTTP request.

Aleksandar Vidakovic · ‎07-11-2019

Have you tried using Netconf?

wj343 · ‎07-16-2019

I did take a look at netconf but it appears to be through over SSH or telnet, which brings up the same limitation of speed by the rate at which new lines can be entered over SSH.

Unless IOS XR has some other type of interface that I can't think of at the moment?

mamikhai · ‎07-16-2019

A NETCONF RPC is a single transaction not a line by line or character by character... so it might be different. From experience, although the number of XML lines is way more than CLI, it is much faster and better, since it is treated as an atomic with a confirmation.

wj343 · ‎07-16-2019

I tried using YANG/Netconf to create/update a prefix-set, but I'm getting an error. I'm not too familiar with this, so could you take a look and point out if I'm doing anything incorrectly?

RP/0/RSP0/CPU0:router#netconf echo format 
Tue Jul 16 21:14:36.170 EDT
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
    <capabilities>
        <capability>
            urn:ietf:params:netconf:base:1.0
        </capability>
        <capability>
            urn:ietf:params:netconf:capability:candidate:1.0
        </capability>
        <capability>
            urn:ietf:params:netconf:capability:notification:1.0
        </capability>
    </capabilities>
    <session-id>
        285212672
    </session-id>
</hello>
]]>]]>
<?xml version="1.0" encoding="UTF-8" ?>
<rpc message-id="106" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target><candidate/></target>
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <routing-policy xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-policy-repository-cfg"  xc:operation="merge">
                <sets>
                        <prefix-sets>
                                <prefix-set>
                                        <set-name>test-prefix-set</set-name>
                                        <rpl-prefix-set>210.0.0.0/24 le 32</rpl-prefix-set>
                                </prefix-set>
                        </prefix-sets>
                </sets>
        </routing-policy>
</config>
</edit-config>
</rpc>
]]>]]>
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="106" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
    <rpc-error>
        <error-type>
            protocol
        </error-type>
        <error-tag>
            operation-failed
        </error-tag>
        <error-severity>
            error
        </error-severity>
        <error-message xml:lang="en">
            &apos;XML Service Library&apos; detected the &apos;fatal&apos; condition &apos;An attribute contained in the request is not recognised&apos;
        </error-message>
    </rpc-error>
</rpc-reply>
]]>]]>

RP/0/RSP0/CPU0:router#show running-config | include "netconf|ssh"
Tue Jul 16 21:17:28.779 EDT
Building configuration...
ssh server v2
ssh server logging
netconf agent tty
RP/0/RSP0/CPU0:router#

davehouser1 · ‎12-02-2022

Your </rpl-prefix-set> element needs to include the whole prefix-set declaration.
Here is how to add + commit:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
  <edit-config>
    <target>
      <candidate/>
    </target>
    <config>
      <routing-policy xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-policy-repository-cfg">
        <sets>
          <prefix-sets>
            <prefix-set>
              <set-name>test-prefix-set</set-name>
      <rpl-prefix-set>prefix-set test-prefix-set
  210.0.0.0/24
end-set
</rpl-prefix-set>
            </prefix-set>
          </prefix-sets>
        </sets>
      </routing-policy>
    </config>
  </edit-config>
</rpc>

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="102">
  <commit/>
</rpc>

And to remove + commit:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
  <edit-config>
    <target>
      <candidate/>
    </target>
    <config>
      <routing-policy xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-policy-repository-cfg">
        <sets>
          <prefix-sets>
            <prefix-set xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="delete">
              <set-name>test-prefix-set</set-name>
            </prefix-set>
          </prefix-sets>
        </sets>
      </routing-policy>
    </config>
  </edit-config>
</rpc>

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="102">
  <commit/>
</rpc>

Also @anas.abdullkarim that github link's code not appear to be using netconf. It seems to be using a plain SSH login then converting user based prefix-set entries into acceptable cli, which is entered via the SSH session. Useful, but not netconf. If you want to use netconf I have had success using the ncclient python module.

anas.abdullkarim · ‎08-03-2020

https://github.com/AnasProgrammer2/Get-PrefixSet-IOS-XR

anas.abdullkarim · ‎08-03-2020

https://github.com/AnasProgrammer2/Get-PrefixSet-IOS-XR

dudster83 · ‎01-13-2024

Hi

did you manage to accomplish this? Query bgpq3 or bgpq4, translating to ios-xr schema and push it to the device via netconf?