cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3065
Views
17
Helpful
7
Replies

NETCONF error on CSR 1000v

Mike LWF
Level 1
Level 1

I was learning NETCONF by following steps on https://developer.cisco.com/learning/tracks/iosxe-programmability/intro-device-level-interfaces/intro-netconf/step/4.

The code worked as expected with CSR 1000v(Version 16.09.03) in Cisco Sandbox, but didn't work with CSR 1000v (Version 17.03.02) in my lab.  The error I'm getting is as below:

$ py get_interface_list.py
Opening NETCONF Connection to 192.168.28.130
Sending a <get-config> operation to the device.

Traceback (most recent call last):
  File "D:\Users\User\git\dne-dna-code\intro-mdp\netconf\get_interface_list.py", line 66, in <module>
    netconf_reply = m.get_config(source = 'running', filter = netconf_filter)
  File "D:\Users\User\git\dne-dna-code\venv\lib\site-packages\ncclient\manager.py", line 212, in execute
    return cls(self._session,
  File "D:\Users\User\git\dne-dna-code\venv\lib\site-packages\ncclient\operations\retrieve.py", line 166, in request
    return self._request(node)
  File "D:\Users\User\git\dne-dna-code\venv\lib\site-packages\ncclient\operations\rpc.py", line 341, in _request
    raise self._reply.error
ncclient.operations.rpc.RPCError: {'type': 'protocol', 'tag': 'unknown-element', 'severity': 'error', 'info': '<?xml version="1.0" encoding="UTF-8"?><error-info xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><bad-element>filter</bad-element>\n</error-info>\n', 'path': '\n    /rpc/get-config\n  ', 'message': None}

Based on the error message, it looks like "filter" is not supported.  For testing purpose, I installed another version of CSR 1000v(version 16.9.6).  It worked like a charm.  Why "filter" is support on 16.9 train but not 17.3 train?

Here's the code snippets from Cisco lab:

 # Create an XML filter for targeted NETCONF queries
 netconf_filter = """
 <filter>
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
     <interface></interface>
   </interface>
 </filter>"""
 with manager.connect(
         host=env_lab.IOS_XE_1["host"],
         port=env_lab.IOS_XE_1["netconf_port"],
         username=env_lab.IOS_XE_1["username"],
         password=env_lab.IOS_XE_1["password"],
         hostkey_verify=False
         ) as m:
netconf_reply = m.get_config(source = 'running', filter = netconf_filter)

 

1 Accepted Solution

Accepted Solutions

Mike LWF
Level 1
Level 1

OK, seems to be IOS XE version related.  Same code works on 16.x train, but doesn't work on 17.x train.

View solution in original post

7 Replies 7

neteng1
Level 1
Level 1

I believe you either need to include an interface name inside the <interface> tag or just remove it all together to get an entire list of interfaces.

To be precise, based on the YANG model, you need to specify 'name' of the interface:

 # Create an XML filter for targeted NETCONF queries
 netconf_filter = """
 <filter>
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
     <interface>
<name>Loopback0</name>
</interface> </interface> </filter>"""
Yan Gorelik
YDK Solutions

Mike LWF
Level 1
Level 1

OK, seems to be IOS XE version related.  Same code works on 16.x train, but doesn't work on 17.x train.

EvanC
Level 1
Level 1

Any idea how to build the netconf_filter on IOS XE 17.x ? 

The ietf-interfaces model did not change in 17.x comparing to 16.x, therefore the filter should be the same. What might be not working for you is the interface name, possibly the interfaces names are different on your 17.x router. So try first to get all interfaces with the filter:

# Create an XML filter for targeted NETCONF queries
 netconf_filter = """
 <filter>
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces" />
 </filter>"""

 If that is not working, then you have model implementation issue in Netconf on 17.x.

Yan Gorelik
YDK Solutions

Wayne Knight
Level 1
Level 1

So I hit this same issue and tried to understand why its failing. I am on the path to learn netconf with ncclient and Cisco CSR.


When you use this in your code

netconf_reply = m.get_config(source = 'running', filter=netconf_filter)

 

The function that converts that into an RPC xml structure looks like this. Note that nc: is not in front of the filter. This works in 16.x but fails in 17.x

<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c8b7b93b-da4f-4139-8153-7275ea80f5f3">
<nc:get-config>
<nc:source><nc:running/></nc:source>
<filter type="subtree">
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface/>
</interfaces>
</filter>
</nc:get-config>
</nc:rpc>

 

But when you create a filter with this and use the ("subtree", netconf_filter2) as your filter

netconf_filter2 = """
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface></interface>
</interfaces>
"""
.......

netconf_reply = m.get_config(source = 'running',filter=("subtree", netconf_filter2))

 

The xml payload looks like this. This works on the 16.x and 17.x codes

<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:03c8d1e9-62b9-4ee7-a460-4cb501e6ef74">
<nc:get-config>
<nc:source><nc:running/></nc:source>
<nc:filter type="subtree">
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface/>
</interfaces>
</nc:filter></nc:get-config></nc:rpc>

After testing the above, I came across

https://community.cisco.com/t5/yang-tools/netconf-error-in-ios-xe-on-csr-latest-code-always-on-devnet/m-p/4451438 

 

Changing your original filter with the xmlns entry like this.

netconf_filter = """
 <filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
     <interface></interface>
   </interfaces>
 </filter>"""

 

The xml payload is correct with the correct <nc:filter> tags. This works on the 16.x and 17.x codes

<?xml version="1.0" encoding="UTF-8"?>
<nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:6622f1d8-1e20-4ed5-aa63-568aaeff32ed">
<nc:get-config><nc:source><nc:running/></nc:source>
<nc:filter>
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
     <interface/>
   </interfaces>
</nc:filter></nc:get-config></nc:rpc>

 

Hopefully that clarifies the ncclient/netconf issue and helps someone else.

 

Wayne

How do I get the operation state of all the interfaces for this. Strangely it is not showing all the sub interfaces. How do I get that also.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: