Leveraging MACsec YANG Models in IOS-XR with New YDK App
Developing and contributing to the YDK sample apps has been an awesome learning experience, and while my first post targeted a more basic NTP YANG model, I shifted this recent contribution to a use case customers running MACsec in IOS-XR can instantly benefit from (for more information on next-gen MACsec, see: https://tinyurl.com/kws27ca ).
This MACsec key chain app (https://git.io/vSDLA ) is focused on leveraging the new YANG models for MACsec in IOS-XR, specifically around simplifying the re-key process for customers using MACsec with pre-shared keys. Customers leveraging MACsec (or any encryption solution using pre-shared keys) know, changing keys can be a rigorous repeatable process, to the point keys remain in place much longer than they should. Leveraging this YDK app for MACsec key chain modification, will offer operators the ability to automate the MACsec key chain configuration through the new YANG models, opening up more options for developers and/or other applications to leverage the model-driven method YANG offers, and simplified app YDK provides, for encryption operations in this example.
The sample YDK apps in this repo include:
One key using AES-128-GCM ciphers (infinite lifetime)
One key using AES-256-GCM ciphers (infinite lifetime)
Two AES-256-GCM keys, with finite lifetimes (rolling keys example)
These are just examples of common configurations one could use, but there are a ton of variations for key change processes, depending on the organizations policies, key duration, encryption strength, etc.
One final note. If you are new to automation and programmability, and are not sure where to start, don't try to boil the ocean. A great first step is to look at any operational process you perform daily in your network, or a process that is repeatable across multiple network elements (like changing pre-shared keys in MACsec). Tackling one of those processes with NETCONF/YANG using YDK is an excellent starting point and will quickly show the power of automation.
Many thanks to Santiago Alvarez (saalvare ) for the continued guidance and assistance in my YDK and programming development.
I'm able to pull the topology using the API GEThttps://n.n.n.n/api/node/mo/topology/pod-1.json?query-target=children&target-subtree-class=fabricNode(after authenticating and getting a cookie, of course) But the version field is empty. I don't see...
FOSDEM is a truly unique experience and arguably the best open source conference of the year. It is a weekend event (February 1-2 this year) organized by open source enthusiasts to promote the widespread use of free and open source software...
Introduction:https://github.com/jeremyschulman/genie-quickstartAs a network automation engineer responsible for creating tools for use with Cisco devices I am always on the lookout for software products and technologies. I’ve been following the Cisco DevN...
Would you like to know how TRex helps in supporting BGP/OSPF/RIP/ISIS on both ipv4/v6, and how network emulation or routing emulation is possible, is all here in the nerdlunch video.
Know more about how DevX has added more capabilities, much stable builds...
NBI Notifications API will be deprecated in Prime 3.7 and removed in future releases. We will update API documentation to reflect this.
NBI Server-Sent Events API is official replacement for the Notifications API. In 3.7 we will provid...