NETCONF toolset Netopeer

Netopeer is a set of NETCONF tools built on the libnetconf library. It allows operators to connect to their NETCONF-enabled devices as well as developers to allow control their devices via NETCONF. More information about NETCONF protocol can be found at NETCONF WG.

With the experiences from Netopeer, we have moved our activities to work on next generation of this NETCONF toolset based on libyang library. Netopeer2 is mature enough to be used as a replacement of the original Netopeer tools. Therefore, the Netopeer is no more developed neither maintained.

Tools Overview

netopeer-cli

CLI interface allowing user to connect to a NETCONF-enabled device and to obtain and manipulate its configuration data.

• Man Pages
• netopeer-cli(1)

netopeer-server

The main Netopeer server following the integrated architecture. netopeer-server is supposed to run as a system service controlling a device. By default, we provide example modules to control several areas of a GNU/Linux desktop (network interfaces, packet filter and overall system information). The netopeer-server allows you to simply switch the modules to use your own control modules.

As part of the Netopeer server, there is a set of the following tools:

• netopeer-server as the main service daemon integrating the SSH/TLS server.

• netopeer-manager as a tool to manage the netopeer-server's modules.

• netopeer-configurator as a tool for the server first run configuration.

• Man Pages

• netopeer-server(8)

• netopeer-manager(1)

• netopeer-configurator(1)

Running the server in docker

This repository has a Dockerfile that can be used to create a container that builds netopeer-server and starts the service. You need a linux with working docker installation to use it.

To build the container:

git clone https://github.com/CESNET/netopeer.git
cd netopeer
docker build -t netopeer .

To start it:

docker run -it --rm -p 8300:830 --name netopeer netopeer

The line above maps netopeer's netconf port to 8300 on the host. You can connect to that port with ncclient without any user or password (as long as you have a valid private key on the host).

TransAPI modules

Netopeer projects provides several basic transAPI modules that, besides their functionality, serve as examples for writing the libnetconf transAPI modules. These modules are located inside the transAPI/ directory.

cfgsystem

TransAPI module implementing ietf-system data model following RFC 7317.

Netopeer GUI

The Apache module with a web-based GUI allowing user to connect to a NETCONF-enabled device and to obtain and manipulate its configuration data from a graphical interface.

This part is available as a standalone project at GitHub.

Interoperability

In November 2012, prior to the IETF 85 meeting, some of these tools were participating in NETCONF Interoperability Testing.

All tools are built on top of the libnetconf library and allows you to use the following NETCONF features:

• NETCONF v1.0 and v1.1 compliant (RFC 6241)
• NETCONF over SSH (RFC 6242) including Chunked Framing Mechanism
  • DNSSEC SSH Key Fingerprints (RFC 4255)
• NETCONF over TLS (RFC 5539bis)
• NETCONF Writable-running capability (RFC 6241)
• NETCONF Candidate configuration capability (RFC 6241)
• NETCONF Validate capability ( RFC 6241)
• NETCONF Distinct startup capability ( RFC 6241)
• NETCONF URL capability (RFC 6241
• NETCONF Event Notifications (RFC 5277 and RFC 6470)
• NETCONF With-defaults capability (RFC 6243)
• NETCONF Access Control (RFC 6536)
• NETCONF Call Home (Reverse SSH draft, RFC 5539bis)
• NETCONF Server Configuration (IETF Draft)

Other Resources

• libnetconf project
• Netopeer GUI
• CESNET TMC department

Solving Issues

Since the development activities were moved to the Netopeer2 project, we do not maintain this project. However, the issue tracker is kept open to allow community to discuss the issues and possibly share the solutions or advices. Anyway, note that authors propose to move to the Netopeer2 project.