Leveraging MACsec YANG Models in IOS-XR with New YDK App
Developing and contributing to the YDK sample apps has been an awesome learning experience, and while my first post targeted a more basic NTP YANG model, I shifted this recent contribution to a use case customers running MACsec in IOS-XR can instantly benefit from (for more information on next-gen MACsec, see: https://tinyurl.com/kws27ca ).
This MACsec key chain app (https://git.io/vSDLA ) is focused on leveraging the new YANG models for MACsec in IOS-XR, specifically around simplifying the re-key process for customers using MACsec with pre-shared keys. Customers leveraging MACsec (or any encryption solution using pre-shared keys) know, changing keys can be a rigorous repeatable process, to the point keys remain in place much longer than they should. Leveraging this YDK app for MACsec key chain modification, will offer operators the ability to automate the MACsec key chain configuration through the new YANG models, opening up more options for developers and/or other applications to leverage the model-driven method YANG offers, and simplified app YDK provides, for encryption operations in this example.
The sample YDK apps in this repo include:
One key using AES-128-GCM ciphers (infinite lifetime)
One key using AES-256-GCM ciphers (infinite lifetime)
Two AES-256-GCM keys, with finite lifetimes (rolling keys example)
These are just examples of common configurations one could use, but there are a ton of variations for key change processes, depending on the organizations policies, key duration, encryption strength, etc.
One final note. If you are new to automation and programmability, and are not sure where to start, don't try to boil the ocean. A great first step is to look at any operational process you perform daily in your network, or a process that is repeatable across multiple network elements (like changing pre-shared keys in MACsec). Tackling one of those processes with NETCONF/YANG using YDK is an excellent starting point and will quickly show the power of automation.
Many thanks to Santiago Alvarez (saalvare ) for the continued guidance and assistance in my YDK and programming development.
Networking Automation and Analytics Knowledge Base
For one-on-one help with these products, you can open a ticket at https://developer.cisco.com/site/support/. For other products, please contact Cisco TAC at https://www.cisco.com/c/en/u...
Networking Tools Knowledge Base
For one-on-one help with these products, you can open a ticket at https://developer.cisco.com/site/support/. For other products, please contact Cisco TAC at https://www.cisco.com/c/en/us/support/index.html
YANG Tools Knowledge Base
For one-on-one help with developer products, you can open a ticket at https://developer.cisco.com/site/support/. For other products, please contact Cisco TAC (https://www.cisco.com/c/en/us/support/index.html).
Difference between USGMII and USXGMII:
USGMII is used for 8x10M/100M/1GE network ports, with each port maximum speed of 1GE. USXGMII-Single Port version can be used to support ONE network port with 10M/100M/1G/2.5G/5G/10G data rates
USGMII is used...
Hi, how to execute linux-commands (which are executeable directly in the guestshell) from IOS-XE sample :[guestshell@guestshell ~]$ cat test.txt | grep SmartSmart Licensing Status: Smart Licensing is DISABLED[guestshell@guestshell ~]$ exit ...