3. Classic and Model-Driven Management Interfaces

SR OS supports two basic classes of management interfaces:

  1. classic management interfaces
  2. model-driven management interfaces

Classic management interfaces include:

  1. SNMP
  2. the classic CLI

Model-driven management interfaces include:

  1. the MD-CLI
  2. NETCONF using the Nokia SR OS YANG modules
  3. the gRPC Network Management Interface (gNMI)

References to the term CLI in the SR OS user documentation are generally referring to the classic CLI. The classic CLI is the CLI that has been supported in SR OS from the initial introduction of SR OS.

The MD-CLI is a model-driven CLI introduced in SR OS Release 16.0.R1. Refer to The MD-CLI User Guide and The MD-CLI Command Reference Guide for details on using configuration commands in the MD-CLI.

3.1. Model-Driven Management Interfaces

Model-driven management interfaces are based on a common infrastructure that uses YANG models as the core definition for configuration, state, and operational actions. All model-driven interfaces take the same common underlying YANG modules and render them for the particular management interface.

The Nokia SR OS YANG modules of the model-driven infrastructure are similar to the classic CLI tree with the following notable differences:

  1. the classic and model-driven configuration formats are incompatible; the system automatically converts the classic configuration to model-driven format when the management interface configuration mode is changed to model-driven
  2. some classic CLI branches have been moved, renamed, or re-organized in the SR OS YANG modules
  3. many elements use string names as keys in model-driven interfaces instead of the numerical identifiers used in the classic CLI and SNMP. The name can only be assigned or modified for these elements in releases prior to Release 15.1.R1. Elements without names are automatically assigned a name (the identifier converted to a string) during an upgrade to Release 15.1.R1 or later, and cannot be changed without manually deleting and recreating the element. It is recommended that the following elements are assigned names prior to an upgrade to Release 15.1 or later:
    1. all services (configure service vprn, vpls, epipe, and so on)
    2. configure mirror mirror-dest
    3. configure service pw-templates
    4. configure service customer
    5. configure filter ip-filter, ipv6-filter, and mac-filter
    6. configure qos network, sap-ingress, and sap-egress
    7. configure eth-cfm domain and association
  4. the classic CLI shutdown command has been replaced with admin-state in model-driven interfaces
  5. the classic CLI commands with multiple parameters have been separated into individual leafs in model-driven interfaces
  6. the model-driven interfaces make extensive use of Boolean values (true and false) for configuration settings

In model-driven configuration-mode, SR OS operates with 'explicit' default handling. Users can set a leaf to the same value as the default, and SR OS remembers that it was explicitly set, and displays it as part of the configuration. This is similar to what RFC 6243 refers to as 'explicit' mode.

In the classic configuration-mode, the default handling is similar to RFC 6243 'trim' mode. Configuration values are not reported if they are equal to the default value, even if the user explicitly configured the value.

In mixed configuration-mode, the system uses 'explicit' default handling but it is not persistent. Explicitly configured default values are lost or forgotten at a High-availability CPM switchover or a reboot. Nokia does not recommend setting any leaf explicitly to its default value in mixed configuration-mode (the leaf should be deleted instead).

3.1.1. Prerequisites for Using Model-Driven Management Interfaces

Before configuration editing is permitted in model-driven interfaces, the management interface configuration mode must be set to model-driven or mixed. See Management Interface Configuration Mode for details.

All loose references using IDs to certain elements (elements which use IDs as keys in classic interfaces but string names in model-driven interfaces) must be replaced with references using string names. See Loose References to IDs for details.

Strict routing policy validation is used for model-driven interfaces. The routing policy must exist for the management interface configuration mode to be changed. References to non-existent routing policies must be removed before attempting to switch modes. Strict policy validation is applied to the following routing policy references:

  1. ARP and ND: in the Base router and VPRN instances
  2. BGP: in the Base router and VPRN instances
  3. Global and local variables: in main policies and sub-policies
  4. IGMP, MLD, and PIM: in the Base router and VPRN instances
  5. IS-IS: in the Base router and VPRN instances
  6. LDP
  7. OSPF and OSPFv3: the Base router and VPRN instances
  8. Policy-option: from, to, action, and default-action statements
  9. Policy-option: sub-policies, prefix-list, as-path, as-path-group, damping, and community policies
  10. RIP and RIPng: in the Base router and VPRN instances
  11. RSVP
  12. Single policy-statement or logical policy expressions
  13. Static routes: in the Base router and VPRN instances
  14. Subscriber management: except for in mld-policy configuration for a local user database (LUDB) host
  15. VPLS: for BGP VSI
  16. VPRN: for GRT, MVPN, and VRF

A newly created routing instance, group, or EBGP neighbor in a model-driven interface applies the secure default behavior to reject all routes. It is compliant with RFC 8212. The secure behavior can be disabled using the ebgp-default-reject-policy command. However, Nokia recommends configuring import and export policies that express the intended routing instead of using the insecure default behavior.

3.2. YANG Data Models

Model-driven management interfaces are based on a common infrastructure that uses YANG models as the core definition for configuration, state, and operational actions. All model-driven interfaces take the same common underlying YANG modules and render them for the particular management interface.

The SR OS supports:

  1. SR OS YANG data models
  2. OpenConfig YANG data models

3.2.1. SR OS YANG Data Models

The Nokia SR OS YANG modules are the heart of the model-driven architecture and have the following attributes.

  1. The names of the modules and submodules are nokia-conf-* (for example, nokia-conf-log). They have no –r13 suffix in the names.
  2. The Nokia SR OS YANG configuration model is divided into a single top-level configuration module (nokia-conf), a set of submodules (for example, nokia-conf-system), and a set of nokia-types-* modules. All configuration data in the Nokia SR OS YANG models sit in the urn:nokia.com:sros:ns:yang:sr:conf XML namespace. All state data in the Nokia SR OS YANG models sits in the urn:nokia.com:sros:ns:yang:sr:state XML namespace.
  3. The modules can be used with NETCONF with the <candidate> or <running> datastores, with telemetry, or with the Set/Get RPCs of the gRPC-based gNMI service. The modules map to the MD-CLI interface.
  4. The modules and submodules indicate the SR OS major release stream using a YANG extension (for example, sros-ext:sros-major-release "rel16";). Module and submodule revisions form a contiguous series of revisions inside a major release stream. There may be two files for the same module with the same revision date but with different contents because they are from two different major release streams. Each active major release stream has revisions ongoing in parallel.
  5. An alternative packaging of the entire Nokia configuration model is available in the single file called nokia-conf-combined.yang.

The YANG model for state data in SR OS has the following attributes.

  1. The names of the modules and submodules are nokia-state-* (for example, nokia-state-log).
  2. The Nokia SR OS YANG state model is divided into a single top-level statistics module (nokia-state), a set of submodules (for example, nokia-state-system), and a set of nokia-types-* modules. All state data in the Nokia SR OS YANG models sits in the urn:nokia.com:sros:ns:yang:sr:state XML namespace.
  3. The modules can be used with NETCONF or telemetry.
  4. An alternative packaging of the entire state model is available in the single file called nokia-state-combined.yang.

All configuration modules, state modules, and types modules are advertised in the SR OS NETCONF server <hello>. Submodules are not advertised in the <hello>.

The bof, admin, tools, debug, or clear branches of the CLI do not have equivalent YANG data models.

3.2.2. OpenConfig YANG Data Models

OpenConfig presents a vendor-independent set of YANG models. OpenConfig YANG model attributes are mapped to application-specific configuration and state. SR OS requires the following system management configuration to access the application configuration using the OpenConfig YANG models.

(ex)[configure system management-interface]
    configuration-mode model-driven
    cli {
        cli-engine [md-cli]
    }
    yang-modules {
        openconfig-modules true
    }

OpenConfig YANG models are available for all model-driven interfaces. In MD-CLI, OpenConfig configuration is located in the configure openconfig context.

When a configuration is committed, the system checks to ensure that openconfig-modules is set to true. If openconfig-modules is set to false, a configuration error is raised.

The openconfig-modules command behaves differently depending on the configuration access method, MD-CLI, gNMI, or NETCONF as follows:

  1. Using the MD-CLI interface, users can configure and execute OpenConfig configuration edits.
    1. During the interactive configuration of OpenConfig commands, only OpenConfig syntax is checked.
    2. When a configuration is committed, the system verifies that openconfig-modules is set to true. If openconfig-modules is not set to true and there are OpenConfig configuration transactions, the commit fails.
    3. The operator must set openconfig-modules to true and perform the commit again. Assuming the configuration information is complete and there are no other errors, the transaction succeeds.
  2. For the gNMI and NETCONF interfaces, openconfig-module is checked to determine if OpenConfig models are being advertised and if the system can accept or send OpenConfig model configurations, states, or requests.
    1. If the OpenConfig modules are not enabled, then the sending and accepting of OpenConfig edits, requests, and responses is blocked at the gNMI or NETCONF level.
    2. A 'get' from the root without any declared namespace or branch succeeds but does not include any OpenConfig data. However, a 'get' that explicitly requests data from the OpenConfig namespace produces an error.

It is possible to configure the network element using both Nokia YANG and OpenConfig YANG models. Configuration ownership is a key concept, determining which model-driven access method can update a container or list entry. Only the access method that has claimed configuration ownership of an container or list entry can modify the configuration for that container or list entry. Individual applications define the required container or list entry based on their unique requirements. The applications also determines if and how ownership can change. It is possible to have both Nokia YANG and OpenConfig YANG commands in the same set transaction. Validation and commit functions apply to all transactions in a single set. If an access method attempts to configure elements under a part of the hierarchy it does not own, an error message is generated. An example of the error message is:

MINOR: MGMT_CORE #261: configure openconfig interfaces interface "1/1/1" -
 Cannot access or modify element - managed by Nokia module

Configuration ownership also influences default imports. The owner imports their container or list entry defaults. In the case where OpenConfig is the container or list entry owner but the model has opted to omit configuration elements required for application functionality, the Nokia application defaults are imported. These defaults cannot be modified using OpenConfig if the configuration path is not included in the OpenConfig model. If an object in the OpenConfig model does not specify a default, the application can use any default available. Typically, this is the existing SR OS application default for the container or list entry.

In the case where the OpenConfig model includes a leaf but does not include a default, the Nokia default can be used as specified in Table 53.

Table 53:  Default Behavior  

Case

OpenConfig leaf value specified

OpenConfig leaf has YANG default

Action taken

1

yes

yes

Use OC leaf value specified

2

yes

no

Use OC leaf value specified

3

no

yes

Use OC leaf default value

4

no

no

Use Nokia default value

An operator action, such as the modification of a container or list entry using OpenConfig, may transition the container or list entry ownership to OpenConfig. Transitioning from OpenConfig to Nokia configuration ownership usually requires the deletion of the container or list entry through the OpenConfig model.

If the Nokia models are to be considered for configuration, the nokia-modules or nokia-combined-modules parameter must be set to true in the configure system management-interface yang-modules context.

When model-driven management interface configuration mode and OpenConfig YANG are enabled, the OpenConfig YANG configuration options become available. The openconfig-modules true command can be changed to openconfig-modules false during operation. However, all OpenConfig YANG configuration statements must be deleted prior to deleting the openconfig-modules leaf or setting it to openconfig-modules false, otherwise an error is generated. This protects the system from entering a state where an OpenConfig mismatch is possible.

The validate command validates the model-driven configuration against the model-specific definition, including any deviations. The commit command performs application-level mappings, another validation function, and activation of the candidate datastore. The application-specific mapping ensures the application requirements are met using the same criteria that is common for that application across all configuration actions.

In cases where there is an incomplete set of modeled data which results in an error, or there are other errors that arise from the commit operation, all transactions fail and produce an error message indicating the reason for the failure. A failure maintains the complete set of YANG parameters, as if the commit command had not been issued. This allows the administrator the option to correct the source of the error. Partial configurations are allowed as determined by the application and are not themselves invalid.

The transaction is tracked, including the OpenConfig Key and the Nokia Key. Both the OpenConfig path and the Nokia path are included in the returned error message. This error message uses the following format; Nokia:Normalized:OC-Key/path. This approach allows error message parsing and extraction of preference for the operator's model-driven-specific approach. A sample error message is shown below.

<severity>: <module> #<code>: <context in which the error occurred> - <message> - <extra-text> - <extra-context>

Where <extra-context> could be the OpenConfig context or related key information.

Deviation files are available for each model where there are differences from the published OpenConfig model. These deviations can include not-supported, add, replace, granularity mismatches, and different ranges. The OpenConfig YANG file contains text descriptions when different units or ranges are in place. Deviations are not raised for OpenConfig “must” statements as the “must” statement in OpenConfig models is not supported in SR OS. The deviation file follows this format nokia-sr-<ocmodule>-deviations.yang, for example, nokia-sr-openconfig-network-instance-deviations.yang.

There are several places where ranges and units may not be aligned between OpenConfig YANG and SR OS application implementation.

When a mapping exists for an attribute but the configuration is out of range, an error is generated. For example, the application configuration leafB has a range of (1 to 100), where OpenConfig leafB specifies a range of (1 to 300). When an OpenConfig set above 100 is requested, an unsupported value error is returned.

As an example of a granularity mismatch, application leafC supports centiseconds and OpenConfig leafC supports milliseconds. If the OpenConfig value in milliseconds can be converted to a valid application value, the OpenConfig value is accepted (for example, OpenConfig leafC 100 ms is converted to application leafC 1 centisecond). However, if the OpenConfig value cannot be converted to a valid application value, an error is produced (for example, OpenConfig leafC 125ms cannot be mapped into centiseconds).

3.3. Datastores and Regions

As per RFC 8342 a datastore is a conceptual place to store and access information. A datastore maps to an instantiated YANG data tree. See RFC 8342 for more information about datastores.

SR OS supports conventional configuration datastores (for example, running and candidate) as well as some proprietary datastores (for example, li-running).

SR OS also has a proprietary concept called a region (or configuration region). The set of branches and elements in the configure branch of the CLI are all in the primary configuration region simply called configure. Examples of other regions are:

  1. li (lawful intercept)
  2. bof
  3. debug

Each region has its own datastores (running, candidate, and so on). The saved configuration for each region is stored in a separate file on compact flash (for example, config.cfg, li.cfg). Regions are independently locked for configuration changes. See the output of show system management-interface datastore-locks for an example of per-region per-datastore information.

3.4. System-Provisioned Configuration (SPC) Objects

There is a set of configuration objects (configuration list elements and their descendants) that are provisioned (added to the <running> datastore) automatically by SR OS; for example, log-id 99. Some SPC objects are created at bootup time, and some are created or removed dynamically based on configuration. The dynamically created SPC objects are typically children objects created as a side effect of the creation of their parent object.

Some of these objects can be deleted/removed by a user (Deletable SPC Objects).

  1. In the classic CLI these are removed by specifying the keyword no, which is then visible in an info command or in a saved config (admin save); for example, no log-id 99.
  2. The Deletable SPC objects are not visible in a <get-config> response in the “urn:nokia.com:sros:ns:yang:sr:conf” namespace (the Nokia SR OS YANG modules) if the child leaves are all at default values.
  3. Some example deletable SPC objects (shown in Classic CLI format) are:
configure system security profile default
configure system security profile default entry 10-100
configure system security profile administrative
configure system security profile administrative entry 10-112
configure system security user "admin"
configure system security user console member "default"
configure system security ssh client-cipher-list protocol-version 1 cipher 200-210
configure system security ssh client-cipher-list protocol-version 2 cipher 190-235
configure system security ssh server-cipher-list protocol-version 1 cipher 200-205
configure system security ssh server-cipher-list protocol-version 2 cipher 190-235
configure log filter 1001
configure log filter 1001 entry 10
configure log log-id 99 & 100

Some SPC objects cannot be deleted (Non-Deletable SPC Objects).

  1. In the classic CLI, an attempt to delete these objects (for example, no sap-ingress 1) returns an error.
  2. In the MD-CLI, deleting one of these objects simply resets all descendant elements as unconfigured.
  3. Some Non-Deletable SPC Objects contain leafs (or other descendants) that can be modified. Some objects are fully non-modifiable.
  4. Non-Deletable SPC Objects do not appear in the configuration (not in the output of “info” in the classic CLI or MD-CLI) unless some of the child leafs or descendants have been configured.
  5. The Non-Deletable SPC objects are not visible in a <get-config> response in the “urn:nokia.com:sros:ns:yang:sr:conf” namespace (the Nokia SR OS YANG modules) if the child leaves are all unconfigured.
  6. Some example non-deletable SPC objects (shown in Classic CLI format) are:
configure system security user-template {tacplus_default|radius_default}
configure system security snmp view iso …
configure system security snmp view li-view …
configure system security snmp view mgmt-view …
configure system security snmp view vprn-view …
configure system security snmp view no-security-view …
configure system security snmp access group  xyz (a set of access groups)
configure log event-control …
configure filter log 101
configure qos … various default policies can’t be deleted
configure qos queue-group-templates … these can’t be deleted
configure card <x>  
configure router network-domains network-domain “default”
configure oam-pm bin-group 1
configure call-trace trace-profile “default”
configure eth-cfm default-domain bridge-identifier <x> 

3.5. Management Interface Configuration Mode

Management interface configuration mode controls how classic management interfaces, such as SNMP and the classic CLI, and model-driven (MD) interfaces, such as the MD-CLI and NETCONF, are used to modify the configuration of the router. The configure system management-interface configuration-mode command must be used to enable configuration editing by MD interfaces.

Table 54:   Management Interface Configuration Mode 

Configuration Mode

Classic

Mixed

Model-driven

Classic Interfaces

Classic CLI: configuration write/edit

OK

OK

Classic CLI: configuration read

OK

OK

OK

Classic CLI: non-configuration commands

OK

OK

OK

SNMP: configuration write/edit

OK

SNMP: non-configuration writes (such as admin reboot)

OK

SNMP: configuration read

OK

OK

OK

SNMP: state read

OK

OK

OK

SNMP: notifications (traps)

OK

OK

OK

NETCONF (Base-R13 model): configuration write/edit

OK

OK

NETCONF (Base-R13 model): configuration read

OK

OK

OK

Model-driven Interfaces

NETCONF (Nokia model): configuration write and read

OK

OK

NETCONF (Nokia model): state read

OK

OK

OK

Telemetry: configuration nodes

OK

OK

Telemetry: state nodes

OK

OK

OK

gNMI Set/Get: configuration write and read

OK

OK

gNMI Get: state read

OK

OK

OK

Features

OpenConfig YANG models

OK

Configuration groups

OK

MD-CLI rollback command

OK

Classic CLI admin rollback revert command

OK

OK

Explicit defaults 1

OK

Configuration changes accepted immediately after a CPM high-availability switchover 2

OK

OK

Named route policy entries

OK

    Note:

  1. In model-driven mode, users can set a parameter to the same value as the default, and SR OS remembers that it was explicitly set and displays it as part of the configuration. In mixed mode these values are not persistent and they are lost or forgotten at a CPM high-availability switchover or a reboot.
  2. In mixed mode, changes to the configuration are blocked for a few minutes after a CPM high-availability switchover event while the model-driven database is synchronized with the SR OS application layer. There is no impact to running services.

3.5.1. Mixed Configuration Mode

Mixed configuration mode is useful for operators to migrate from classic management interfaces to operating in a full model-driven mode. It allows the use of previous classic CLI scripts or other OSS integration (for configuration) although with some pre-requisites (see Prerequisites for Using Model-Driven Management Interfaces) and some limitations (see Table 54).

3.5.2. Loose References to IDs

A loose reference is a reference where the target of the reference does not have to exist. For example, configure service pw-template 23 egress filter ip 37 can be configured (when the management interface configuration mode is classic) even if ip-filter 37 does not yet exist in the configuration.

Before switching the management interface configuration mode to model-driven or mixed, all loose references using IDs must be replaced with references using string names (or removed from the configuration) for the following elements:

  1. all services (configure service vprn, vpls, epipe, and so on)
  2. configure mirror mirror-dest
  3. configure service pw-templates
  4. configure service customer
  5. configure filter ip-filter, ipv6-filter, and mac-filter
  6. configure qos network, sap-ingress, and sap-egress
  7. configure eth-cfm domain and association

In the following configuration example,

configure service pw-template 23 egress filter ip 37

can be changed to

configure service pw-template 23 egress filter-name ip ops-sec-filter-a33

Because ip-filter 37 is a loose reference, it does not require a name for the configuration to be valid. However, it may be desirable to assign a name as follows, to make the binding operational.

configure filter ip-filter 37 name ops-sec-filter-a33
Note:

A name can only be assigned to a filter or any element in the above list of elements which use IDs as keys in classic interfaces but string names in model-driven interfaces. It is recommended to assign names to the elements prior to an upgrade to Release 15.1.R1.

A name can also be changed in releases prior to Release 15.1.R1. Elements without names are automatically assigned a name (the ID converted to a string) during an upgrade to Release 15.1.R1 or later, and cannot be changed without manually deleting and recreating the element.

Loose references to IDs for the objects listed above cannot be created while in mixed or model-driven configuration mode. Any classic CLI scripts must also be updated to avoid the use of any of the commands below.

The following lists the set of affected loose references. Some items take a service-name as an input. SR OS converts these service-names to IDs, and stores the IDs in the configuration. In these cases, the service-name becomes an alias at configuration edit time and is not stored as a reference.

IPsec related configuration:

configure service vprn interface sap ipsec-tunnel local-gateway-address 
configure service vprn interface sap ip-tunnel delivery-service
configure service vprn interface sap l2tpv3-session router
configure service epipe sap l2tpv3-session router
configure service vpls sap l2tpv3-session router
configure service vprn interface sap ipsec-gw default-secure-service
configure service ies interface sap ipsec-gw default-secure-service
configure service vprn interface sap ipsec-gw dhcp server
configure service ies interface sap ipsec-gw dhcp server
configure service vprn interface sap ipsec-gw dhcp6 server
configure service ies interface sap ipsec-gw dhcp6 server
configure service vprn interface sap ipsec-gw local-address-assignment ipv4 address-source
configure service vprn interface sap ipsec-gw local-address-assignment ipv6 address-source
configure service ies interface sap ipsec-gw local-address-assignment ipv4 address-source
configure service ies interface sap ipsec-gw local-address-assignment ipv6 address-source
configure service vprn interface sap ipsec-tunnel bfd-enable
configure ipsec client-db client private-service
configure system file-transmission-profile router 

Eth-cfm, oam-pm, and saa:

configure eth-cfm default-domain bridge-identifier
configure eth-cfm domain association bridge-identifier
configure oam-pm session ip router
configure oam-pm session ip router service-name
configure saa test type cpe-ping service
configure saa test type icmp-ping router
configure saa test type icmp-ping service-name
configure saa test type icmp-trace router
configure saa test type icmp-trace service-name
configure saa test type mac-ping service
configure saa test type mac-trace service
configure saa test type vprn-ping
configure saa test type vprn-ping service
configure saa test type vprn-trace
configure saa test type vprn-trace service

Filters:

configure service pw-template egress filter ipv6
configure service pw-template egress filter ip
configure service pw-template egress filter mac
configure service pw-template ingress filter ipv6
configure service pw-template ingress filter ip
configure service pw-template ingress filter mac
 
configure service template epipe-sap-template egress filter ip
configure service template epipe-sap-template egress filter ipv6
configure service template epipe-sap-template egress filter mac
configure service template epipe-sap-template ingress filter ip
configure service template epipe-sap-template ingress filter ipv6
configure service template epipe-sap-template ingress filter mac
 
configure service template vpls-sap-template egress filter ip
configure service template vpls-sap-template egress filter ipv6
configure service template vpls-sap-template egress filter mac
configure service template vpls-sap-template ingress filter ip
configure service template vpls-sap-template ingress filter ipv6
configure service template vpls-sap-template ingress filter mac
 
configure li li-filter-block-reservation li-reserved-block ip-filter
configure li li-filter-block-reservation li-reserved-block ipv6-filter
configure li li-filter-block-reservation li-reserved-block mac-filter

PKI:

configure system security pki ca-profile cmpv2 url
configure system security pki ca-profile ocsp service

QoS:

configure service template epipe-sap-template ingress qos
configure service template epipe-sap-template egress qos
 
configure service template vpls-sap-template ingress qos
configure service template vpls-sap-template egress qos
 
configure service pw-template ingress qos
configure service pw-template egress qos

Subscriber Management:

configure service ies subscriber-interface group-interface srrp bfd-enable
configure service vprn subscriber-interface group-interface srrp bfd-enable
 
 
configure subscriber-mgmt local-user-db ipoe host host-identification service-id
configure subscriber-mgmt local-user-db ipoe host interface service-id
configure subscriber-mgmt local-user-db ipoe host match-radius-proxy-cache server
configure subscriber-mgmt local-user-db ipoe host msap-defaults service
configure subscriber-mgmt local-user-db ipoe host retail-service-id
 
configure subscriber-mgmt local-user-db ppp host interface service-id
configure subscriber-mgmt local-user-db ppp host l2tp group service-id
configure subscriber-mgmt local-user-db ppp host msap-defaults service
configure subscriber-mgmt local-user-db ppp host retail-service-id
 
configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mvr from-vpls
 
configure service vpls sap msap-defaults service

Miscellaneous:

configure vrrp policy
configure service vprn interface vrrp bfd-enable
 
configure service vprn interface ipv6 vrrp bfd-enable
configure router l2tp group ppp default-group-interface service-id
configure router l2tp group tunnel ppp default-group-interface service-id
configure service vprn l2tp group ppp default-group-interface service-id
configure service vprn l2tp group tunnel ppp default-group-interface service-id
 
configure redundancy multi-chassis peer mc-ring l3-ring in-band-control-path service-id
configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-id
configure redundancy multi-chassis peer mc-ring ring in-band-control-path service-id
configure redundancy multi-chassis peer mc-ring ring ring-node connectivity-verify service-id
 
configure open-flow of-switch of-controller vprn

3.5.3. Transitioning Between Modes

Depending on the size of the system configuration, transitioning away from classic mode may take several seconds to several minutes while the model-driven database is populated and synchronized to the current configuration. During the transition period, configuration changes are not allowed and service is not affected.

Transitioning to classic mode is immediate with no impact to services on the router.

3.6. Configuring the CLI Engine

The CLI engine refers to the CLI environment that is being used in a user session (for example, console, Telnet, or SSH) to configure and operate the router. The CLI engine is either the classic CLI engine or the MD-CLI engine. The following terms are also used:

  1. preferred CLI engine — the CLI engine that is started at user login
  2. authorized CLI engine — a CLI engine that a user can switch to (using the CLI engine switch command (“//”)) or where a user can execute commands
  3. active CLI engine — the CLI engine that is currently in use for a user session

The default preferred CLI engine and authorized CLI engines for a session are determined by the management interface configuration mode, which eliminates the need to explicitly configure the CLI engine. With the use of these dynamic defaults, it is possible to transition between the different configuration modes. Table 55 summarizes the CLI engines for the management interface configuration modes.

Table 55:  Management Interface Configuration Modes and CLI Engines  

Management Interface Configuration Mode

Default Preferred CLI Engine

Default Authorized CLI Engines

classic

classic-cli

classic-cli

mixed

classic-cli

md-cli, classic-cli

model-driven

md-cli

md-cli, classic-cli (read-only)

The preferred CLI engine, and the authorized CLI engines for a session can be changed to use either the classic CLI or the MD-CLI engine.

In the classic CLI, the first engine configured is the preferred CLI engine. The default is no cli-engine.

A:node-2>config>system>management-interface>cli# cli-engine ?
  - cli-engine <engine-type> [<engine-type>...(upto 2 max)]
  - no cli-engine
 
 <engine-type>        : classic-cli|md-cli

In the MD-CLI, the cli-engine parameter is a user-ordered list, and the first engine from that list is configured as the preferred CLI engine. Leaving the cli-engine parameter unconfigured (or deleting the cli-engine values) maintains or reverts to the dynamic default. Table 56 summarizes the possible actions available with the MD-CLI cli-engine configuration.

Note:

In order for the changes to the cli-engine parameter to take effect, log out of the CLI session and start a new session.

Table 56:   MD-CLI cli-engine Configurations 

cli-engine Configuration

Preferred CLI engine

Authorized CLI engines

Description

[classic-cli]

classic-cli

classic-cli

User is restricted to the classic CLI engine

[classic-cli md-cli]

classic-cli

classic-cli, md-cli

User can switch between classic CLI and MD-CLI engines in a session

[md-cli classic-cli]

md-cli

md-cli, classic-cli

User can switch between MD-CLI and classic CLI engines in a session

[md-cli]

md-cli

md-cli

User is restricted to the MD-CLI engine

Refer to the MD-CLI User Guide for information about using the MD-CLI to manage to router.

3.7. Legacy Alcatel-Lucent Base-R13 NETCONF/YANG

SR OS supports an older variant of NETCONF and YANG called Base-R13 that is not part of the model-driven architecture.

Base-R13 NETCONF/YANG is not recommended for new deployments.

The NETCONF behavior when using Base-R13 YANG modules aligns closely to the structure and behavior of the classic CLI. The Base-R13 implementation is tightly linked to the classic CLI infrastructure. That linkage results in NETCONF behavior that follows many of the classic CLI behaviors and constraints.

In order to use the Base-R13 NETCONF/YANG, the base-r13-modules must be enabled under configure system management-interface yang-modules. The writable-running command must also be enabled under configure system netconf capabilities.

A NETCONF client selects the Base-R13 NETCONF/YANG by using the urn:alcatel-lucent.com:sros:ns:yang:conf-r13 XML namespace in the NETCONF <edit-config> requests.

3.7.1. Alcatel-Lucent Base-R13 SR OS YANG Modules

In addition to the model-driven Nokia SR OS YANG modules, SR OS also supports a second set of YANG configuration data models called the Alcatel-Lucent Base-R13 SR OS YANG modules (sometimes simply referred to as Base-R13).

The two sets of configuration models have a similar overall tree structure (just as the classic CLI and MD-CLI have a similar overall tree structure). But the behavior of Base-R13 NETCONF/YANG is quite different from the model-driven NETCONF/YANG.

The YANG modules for the Alcatel-Lucent Base-R13 SR OS YANG modules) have the following attributes.

  1. The names of the modules are alu-conf-*-r13 (for example, alu-conf-log-r13). Note the -r13 suffix at the end of the names.
  2. The Alcatel-Lucent Base-R13 model consists of a set of modules with groupings that are all used by a single top-level configuration module called alu-conf-r13. All configuration data in the Alcatel-Lucent Base-R13 models sits in the urn:alcatel-lucent.com:sros:ns:yang:conf-r13 XML namespace.
  3. The Base-R13 modules can only be used in the NETCONF interface and only with the <running> datastore. They can not be used with the NETCONF <candidate> datastore or with any other management interface.
  4. Although the Base-R13 modules were first introduced in SR OS Release 13.0, they do not only contain objects from Release 13.0. For example, features from any later release are also configurable using versions of the Base-R13 modules that are distributed with that release.
  5. The Base-R13 modules align closely to the structure and behavior of the classic CLI.

The Base-R13 configuration data models are not interchangeable with the model-driven Nokia models. An XML request based on the Alcatel-Lucent Base-R13 YANG modules does not work if applied to a router using the urn:nokia.com:sros:ns:yang:sr:conf namespace and vice versa.

There are no state models for Base-R13 NETCONF/YANG.

3.7.2. SPC Objects in Base-R13 NETCONF/YANG

See the System-Provisioned Configuration (SPC) Objects section for general background information about SPC Objects in SR OS. This section only describes SPC object specifics for Base-R13 NETCONF/YANG.

The following behaviors apply to Deletable SPC Objects with Base-R13 NETCONF/YANG:

  1. The Deletable SPC Objects can be removed or recreated using NETCONF <edit-config> requests, but they are not visible in a <get-config> response in the urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13 namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) when they are:
    1. set to their default values (including all child leafs and objects)
    2. removed or deleted
  2. The Deletable SPC Objects are visible in a <get-config> response in the urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13 namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules), if a child leaf or object is changed away from the default value; for example, changing log-99 to time-format local.

The following behaviors apply to Non-Deletable SPC Objects with Base-R13 NETCONF/YANG:

  1. The Non-Deletable SPC Objects are not visible in a <get-config> response in the urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13 namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules) when they are set to their default values (including all child leafs and objects).
  2. The Non-Deletable SPC Objects are visible in a <get-config> response in the urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13 namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules), if a child leaf or object is changed away from the default value; for example, setting the card-type.

Some Non-Deletable SPC Objects are visible in a <get-config> request in the urn:alcatel-lucent.com:sros:ns:yang:conf-*-r13 namespace (the Alcatel-Lucent Base-R13 SR OS YANG modules), even if they are set to default values:

configure system security cpu-protection policy 254 and 255
configure router interface "system"
configure service customer 1