1 .. _netconf-user-guide:
17 NETCONF is an XML-based protocol used for configuration and monitoring
18 devices in the network. The base NETCONF protocol is described in
19 `RFC-6241 <https://www.rfc-editor.org/rfc/rfc6241>`__.
21 **NETCONF in OpenDaylight:.**
23 OpenDaylight supports the NETCONF protocol as a northbound server as
24 well as a southbound plugin. It also includes a set of test tools for
25 simulating NETCONF devices and clients.
27 Southbound (netconf-connector)
28 ------------------------------
30 The NETCONF southbound plugin is capable of connecting to remote NETCONF
31 devices and exposing their configuration/operational datastores, RPCs
32 and notifications as MD-SAL mount points. These mount points allow
33 applications and remote users (over RESTCONF) to interact with the
36 In terms of RFCs, the connector supports:
38 - `RFC-6241 <https://www.rfc-editor.org/rfc/rfc6241>`__
40 - `RFC-5277 <https://www.rfc-editor.org/rfc/rfc5277>`__
42 - `RFC-6022 <https://www.rfc-editor.org/rfc/rfc6022>`__
44 - `RFC-7895 <https://www.rfc-editor.org/rfc/rfc7895>`__
46 **Netconf-connector is fully model-driven (utilizing the YANG modeling
47 language) so in addition to the above RFCs, it supports any
48 data/RPC/notifications described by a YANG model that is implemented by
53 NETCONF southbound can be activated by installing
54 ``odl-netconf-connector-all`` Karaf feature.
56 .. _netconf-connector:
58 Netconf-connector configuration
59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
61 NETCONF connectors are configured directly through the usage of the
62 network-topology model. You can configure new NETCONF connectors both
63 through the NETCONF server for MD-SAL (port 2830) or RESTCONF. This guide
68 Since 2022.09 Chlorine there is only one RESTCONF endpoint:
70 - | ``http://localhost:8181/rests`` is related to `RFC-8040 <https://www.rfc-editor.org/rfc/rfc8040>`__,
71 | can be activated by installing ``odl-restconf-nb``
74 | Resources for configuration and operational datastores start
77 http://localhost:8181/rests/data/network-topology:network-topology
78 with response of both datastores. It's allowed to use query
79 parameters to distinguish between them.
81 http://localhost:8181/rests/data/network-topology:network-topology?content=config
82 for configuration datastore
84 http://localhost:8181/rests/data/network-topology:network-topology?content=nonconfig
85 for operational datastore.
87 | Also if a data node in the path expression is a YANG leaf-list or list
88 node, the path segment has to be constructed by having leaf-list or
89 list node name, followed by an "=" character, then followed by the
90 leaf-list or list value. Any reserved characters must be
93 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf?content=config
94 for retrieving data from configuration datastore for
95 topology-netconf value of topology list.
100 1. OpenDaylight is running
102 2. In Karaf, you must have the ``odl-netconf-topology`` or
103 ``odl-netconf-clustered-topology`` feature installed.
105 3. Feature ``odl-restconf-nb`` must be installed
107 Spawning new NETCONF connectors
108 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
110 To create a new NETCONF connector you need to send the following PUT request
117 - http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device
119 You could use the same body to create the new NETCONF connector with a POST
120 without specifying the node in the URL:
126 - http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf
128 Payload for password authentication:
134 **Content-type:** ``application/xml``
136 **Accept:** ``application/xml``
138 **Authentication:** ``admin:admin``
142 <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
143 <node-id>new-netconf-device</node-id>
144 <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host>
145 <port xmlns="urn:opendaylight:netconf-node-topology">17830</port>
146 <login-password-unencrypted xmlns="urn:opendaylight:netconf-node-topology">
147 <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
148 <password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
149 </login-password-unencrypted>
150 <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
151 <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->
152 <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
153 <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
154 <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
155 <min-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">2000</min-backoff-millis>
156 <max-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">1800000</max-backoff-millis>
157 <backoff-multiplier xmlns="urn:opendaylight:netconf-node-topology">1.5</backoff-multiplier>
158 <!-- keepalive-delay set to 0 turns off keepalives-->
159 <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>
164 **Content-type:** ``application/json``
166 **Accept:** ``application/json``
168 **Authentication:** ``admin:admin``
175 "node-id": "new-netconf-device",
176 "netconf-node-topology:port": 17830,
177 "netconf-node-topology:reconnect-on-changed-schema": false,
178 "netconf-node-topology:connection-timeout-millis": 20000,
179 "netconf-node-topology:tcp-only": false,
180 "netconf-node-topology:max-connection-attempts": 0,
181 "netconf-node-topology:login-password-unencrypted": {
182 "netconf-node-topology:username": "admin",
183 "netconf-node-topology:password": "admin"
185 "netconf-node-topology:host": "127.0.0.1",
186 "netconf-node-topology:min-backoff-millis": 2000,
187 "netconf-node-topology:max-backoff-millis": 1800000,
188 "netconf-node-topology:backoff-multiplier": 1.5,
189 "netconf-node-topology:keepalive-delay": 120
196 You have the option to use the 'login-password' configuration for authentication as shown below:
201 "netconf-node-topology:username": "netconf",
202 "netconf-node-topology:password": "c5R3aLBss7J8T2VC3pEeAQ=="
205 In OpenDaylight's configuration, the AAAEncryptionServiceImpl generates a new encryption key with
206 each application build. You can use this method if you have access to the current encryption key.
207 Additionally, it is important to ensure that the entire password is encoded in base64 format and
208 that its length is a multiple of 16 bytes for successful authentication.
210 There is also option of using key-based authentication instead
211 of password. First we need to create key in datastore.
213 *Adding a client private key credential to the netconf-keystore*
218 /rests/operations/netconf-keystore:add-keystore-entry
219 Content-Type: application/json
220 Accept: application/json
228 "key-id": "example-client-key-id",
229 "private-key": "PEM-format-private-key",
230 "passphrase": "passphrase"
236 After we can use this key to create connector using this key.
238 Payload for key-based authentication via SSH:
244 **Content-type:** ``application/xml``
246 **Accept:** ``application/xml``
248 **Authentication:** ``admin:admin``
252 <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
253 <node-id>new-netconf-device</node-id>
254 <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host>
255 <port xmlns="urn:opendaylight:netconf-node-topology">17830</port>
256 <key-based xmlns="urn:opendaylight:netconf-node-topology">
257 <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
258 <key-id xmlns="urn:opendaylight:netconf-node-topology">key-id</password>
260 <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
261 <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->
262 <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
263 <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
264 <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
265 <min-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">2000</min-backoff-millis>
266 <max-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">1800000</max-backoff-millis>
267 <backoff-multiplier xmlns="urn:opendaylight:netconf-node-topology">1.5</backoff-multiplier>
268 <!-- keepalive-delay set to 0 turns off keepalives-->
269 <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>
274 **Content-type:** ``application/json``
276 **Accept:** ``application/json``
278 **Authentication:** ``admin:admin``
285 "node-id": "new-netconf-device",
286 "netconf-node-topology:port": 17830,
287 "netconf-node-topology:reconnect-on-changed-schema": false,
288 "netconf-node-topology:connection-timeout-millis": 20000,
289 "netconf-node-topology:tcp-only": false,
290 "netconf-node-topology:max-connection-attempts": 0,
291 "netconf-node-topology:key-based": {
292 "netconf-node-topology:username": "admin",
293 "netconf-node-topology:key-id": "key-id"
295 "netconf-node-topology:host": "127.0.0.1",
296 "netconf-node-topology:min-backoff-millis": 2000,
297 "netconf-node-topology:max-backoff-millis": 1800000,
298 "netconf-node-topology:backoff-multiplier": 1.5,
299 "netconf-node-topology:keepalive-delay": 120
304 Connecting via TLS protocol is similar to SSH. First setup keystore
305 by using three RPCs from `Configure device to connect over TLS protocol`_
306 to add a client private key, associate a private key with a client and CA
307 certificates chain and add a list of trusted CA and server certificates.
308 Only after that we can process and create a new NETCONF connector you need
309 to send the following PUT request.
311 Payload for key-based authentication via TLS:
317 **Content-type:** ``application/xml``
319 **Accept:** ``application/xml``
321 **Authentication:** ``admin:admin``
325 <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
326 <node-id>new-netconf-device</node-id>
327 <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host>
328 <port xmlns="urn:opendaylight:netconf-node-topology">17830</port>
329 <key-based xmlns="urn:opendaylight:netconf-node-topology">
330 <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
331 <key-id xmlns="urn:opendaylight:netconf-node-topology">key-id</password>
333 <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
334 <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->
335 <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
336 <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
337 <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
338 <min-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">2000</min-backoff-millis>
339 <max-backoff-millis xmlns="urn:opendaylight:netconf-node-topology">1800000</max-backoff-millis>
340 <backoff-multiplier xmlns="urn:opendaylight:netconf-node-topology">1.5</backoff-multiplier>
341 <!-- keepalive-delay set to 0 turns off keepalives-->
342 <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>
343 <protocol xmlns="urn:opendaylight:netconf-node-topology">
344 <name xmlns="urn:opendaylight:netconf-node-topology">TLS</name>
350 **Content-type:** ``application/json``
352 **Accept:** ``application/json``
354 **Authentication:** ``admin:admin``
361 "node-id": "new-netconf-device",
362 "netconf-node-topology:port": 17830,
363 "netconf-node-topology:reconnect-on-changed-schema": false,
364 "netconf-node-topology:connection-timeout-millis": 20000,
365 "netconf-node-topology:tcp-only": false,
366 "netconf-node-topology:max-connection-attempts": 0,
367 "netconf-node-topology:key-based": {
368 "netconf-node-topology:username": "admin",
369 "netconf-node-topology:key-id": "key-id"
371 "netconf-node-topology:host": "127.0.0.1",
372 "netconf-node-topology:min-backoff-millis": 2000,
373 "netconf-node-topology:max-backoff-millis": 1800000,
374 "netconf-node-topology:backoff-multiplier": 1.5,
375 "netconf-node-topology:keepalive-delay": 120,
384 Note that the device name in <node-id> element must match the last
385 element of the restconf URL.
387 Reconfiguring an existing connector
388 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
390 The steps to reconfigure an existing connector are exactly the same as
391 when spawning a new connector. The old connection will be disconnected
392 and a new connector with the new configuration will be created. This needs
393 to be done with a PUT request because the node already exists. A POST
394 request will fail for that reason.
396 Additionally, a PATCH request can be used to modify an existing
397 configuration. Currently, only yang-patch (`RFC-8072 <https://www.rfc-editor.org/rfc/rfc8072>`__)
398 is supported. The URL would be the same as the above PUT examples.
399 Using JSON for the body, the headers needed for the request would
404 - Accept: application/yang-data+json
406 - Content-Type: application/yang-patch+json
408 Example JSON payload to modify the password entry:
413 "ietf-restconf:yang-patch" : {
418 "operation" : "merge",
423 "node-id": "new-netconf-device",
424 "netconf-node-topology:password" : "newpassword"
433 Deleting an existing connector
434 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
436 To remove an already configured NETCONF connector you need to send a
437 DELETE request to the same PUT request URL that was used to create the
444 - http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device
448 No body is needed to delete the node/device
450 Connecting to a device not supporting NETCONF monitoring
451 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
453 The netconf-connector in OpenDaylight relies on ietf-netconf-monitoring
454 support when connecting to remote NETCONF device. The
455 ietf-netconf-monitoring support allows netconf-connector to list and
456 download all YANG schemas that are used by the device. NETCONF connector
457 can only communicate with a device if it knows the set of used schemas
458 (or at least a subset). However, some devices use YANG models internally
459 but do not support NETCONF monitoring. Netconf-connector can also
460 communicate with these devices, but you have to side load the necessary
461 yang models into OpenDaylight’s YANG model cache for netconf-connector.
462 In general there are 2 situations you might encounter:
464 **1. NETCONF device does not support ietf-netconf-monitoring but it does
465 list all its YANG models as capabilities in HELLO message**
467 This could be a device that internally uses only ietf-inet-types YANG
468 model with revision 2010-09-24. In the HELLO message that is sent from
469 this device there is this capability reported:
473 urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2010-09-24
475 **For such devices you only need to put the schema into folder
476 cache/schema inside your Karaf distribution.**
480 The file with YANG schema for ietf-inet-types has to be called
481 ietf-inet-types@2010-09-24.yang. It is the required naming format of
484 **2. NETCONF device does not support ietf-netconf-monitoring and it does
485 NOT list its YANG models as capabilities in HELLO message**
487 Compared to device that lists its YANG models in HELLO message, in this
488 case there would be no capability with ietf-inet-types in the HELLO
489 message. This type of device basically provides no information about the
490 YANG schemas it uses so its up to the user of OpenDaylight to properly
491 configure netconf-connector for this device.
493 Netconf-connector has an optional configuration attribute called
494 yang-module-capabilities and this attribute can contain a list of "YANG
495 module based" capabilities. So by setting this configuration attribute,
496 it is possible to override the "yang-module-based" capabilities reported
497 in HELLO message of the device. To do this, we need to modify the
498 configuration of netconf-connector like in the example below:
504 **Content-type:** ``application/xml``
506 **Accept:** ``application/xml``
508 **Authentication:** ``admin:admin``
512 <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
513 <node-id>r5</node-id>
514 <host xmlns="urn:opendaylight:netconf-node-topology">127.0.0.1</host>
515 <port xmlns="urn:opendaylight:netconf-node-topology">8305</port>
516 <login-password-unencrypted xmlns="urn:opendaylight:netconf-node-topology">
517 <username xmlns="urn:opendaylight:netconf-node-topology">root</username>
518 <password xmlns="urn:opendaylight:netconf-node-topology">root</password>
519 </login-password-unencrypted>
520 <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
521 <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">30</keepalive-delay>
522 <yang-module-capabilities xmlns="urn:opendaylight:netconf-node-topology">
523 <override>true</override>
524 <capability xmlns="urn:opendaylight:netconf-node-topology">
525 urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15
527 </yang-module-capabilities>
532 **Content-type:** ``application/json``
534 **Accept:** ``application/json``
536 **Authentication:** ``admin:admin``
544 "netconf-node-topology:host": "127.0.0.1",
545 "netconf-node-topology:login-password-unencrypted": {
546 "netconf-node-topology:password": "root",
547 "netconf-node-topology:username": "root"
549 "netconf-node-topology:yang-module-capabilities": {
552 "urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15"
555 "netconf-node-topology:port": 8305,
556 "netconf-node-topology:tcp-only": false,
557 "netconf-node-topology:keepalive-delay": 30
562 **Remember to also put the YANG schemas into the cache folder.**
566 For putting multiple capabilities, you just need to replicate the
567 capability element inside yang-module-capability element.
568 Capability element is modeled as a leaf-list. With this
569 configuration, we would make the remote device report usage of
570 ietf-inet-types in the eyes of netconf-connector.
572 Connecting to a device supporting only NETCONF 1.0
573 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
575 OpenDaylight is schema-based distribution and heavily depends on YANG
576 models. However some legacy NETCONF devices are not schema-based and
577 implement just RFC 4741. This type of device does not utilize YANG
578 models internally and OpenDaylight does not know how to communicate
579 with such devices, how to validate data, or what the semantics of data
582 NETCONF connector can communicate also with these devices, but the
583 trade-offs are worsened possibilities in utilization of NETCONF
584 mountpoints. Using RESTCONF with such devices is not supported. Also
585 communicating with schemaless devices from application code is slightly
588 To connect to schemaless device, there is a optional configuration option
589 in netconf-node-topology model called schemaless. You have to set this
592 Clustered NETCONF connector
593 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
595 To spawn NETCONF connectors that are cluster-aware you need to install
596 the ``odl-netconf-clustered-topology`` karaf feature.
600 The ``odl-netconf-topology`` and ``odl-netconf-clustered-topology``
601 features are considered **INCOMPATIBLE**. They both manage the same
602 space in the datastore and would issue conflicting writes if
605 Configuration of clustered NETCONF connectors works the same as the
606 configuration through the topology model in the previous section.
608 When a new clustered connector is configured the configuration gets
609 distributed among the member nodes and a NETCONF connector is spawned on
610 each node. From these nodes a master is chosen which handles the schema
611 download from the device and all the communication with the device. You
612 will be able to read/write to/from the device from all slave nodes due
613 to the proxy data brokers implemented.
615 You can use the ``odl-netconf-clustered-topology`` feature in a single
616 node scenario as well but the code that uses akka will be used, so for a
617 scenario where only a single node is used, ``odl-netconf-topology``
620 Netconf-connector utilization
621 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
623 Once the connector is up and running, users can utilize the new mount
624 point instance. By using RESTCONF or from their application code. This
625 chapter deals with using RESTCONF and more information for app
626 developers can be found in the developers guide or in the official
627 tutorial application **ncmount** that can be found in the coretutorials
630 - https://github.com/opendaylight/coretutorials/tree/master/ncmount
632 Reading data from the device
633 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
635 Just invoke (no body needed):
638 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount?content=nonconfig
640 This will return the entire content of operation datastore from the
641 device. To view just the configuration datastore, change **nonconfig**
642 in this URL to **config**.
644 Writing configuration data to the device
645 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
647 In general, you cannot simply write any data you want to the device. The
648 data have to conform to the YANG models implemented by the device. In
649 this example we are adding a new interface-configuration to the mounted
650 device (assuming the device supports Cisco-IOS-XR-ifmgr-cfg YANG model).
651 In fact this request comes from the tutorial dedicated to the
652 **ncmount** tutorial app.
655 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount/Cisco-IOS-XR-ifmgr-cfg:interface-configurations
659 <interface-configuration xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">
661 <interface-name>mpls</interface-name>
662 <description>Interface description</description>
663 <bandwidth>32</bandwidth>
664 <link-status></link-status>
665 </interface-configuration>
667 Should return 200 response code with no body.
671 This call is transformed into a couple of NETCONF RPCs. Resulting
672 NETCONF RPCs that go directly to the device can be found in the
673 OpenDaylight logs after invoking ``log:set TRACE
674 org.opendaylight.controller.sal.connect.netconf`` in the Karaf
675 shell. Seeing the NETCONF RPCs might help with debugging.
677 This request is very similar to the one where we spawned a new netconf
678 device. That’s because we used the loopback netconf-connector to write
679 configuration data into config-subsystem datastore and config-subsystem
680 picked it up from there.
685 Devices can implement any additional RPC and as long as it provides YANG
686 models for it, it can be invoked from OpenDaylight. Following example
687 shows how to invoke the get-schema RPC (get-schema is quite common among
688 netconf devices). Invoke:
691 http://localhost:8181/rests/operations/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount/ietf-netconf-monitoring:get-schema
695 <input xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
696 <identifier>ietf-yang-types</identifier>
697 <version>2013-07-15</version>
700 This call should fetch the source for ietf-yang-types YANG model from
703 Receiving Netconf Device Notifications on a http client
704 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
706 Devices emit netconf alarms and notifications in certain situations, which can demand
707 attention from Device Administration. The notifications are received as Netconf messages on an
708 active Netconf session.
710 Opendaylight provides the way to stream the device notifications over a http session.
712 - Step 1: Mount the device (assume node name is test_device)
714 - Step 2: Wait for the device to be connected.
716 - Step 3: Create the Subscription for notification on the active session.
721 http://localhost:8181/rests/operations/network-topology:network-topology/topology=topology-netconf/node=test_device/yang-ext:mount/notifications:create-subscription
722 Content-Type: application/json
723 Accept: application/json
733 - Step 4: Create the http Stream for the events.
738 http://localhost:8181/rests/operations/odl-device-notification:subscribe-device-notification
739 Content-Type: application/json
740 Accept: application/json
746 "path":"/network-topology:network-topology/topology[topology-id='topology-netconf']/node[node-id='test_device']"
750 The response contains the stream name for reading the notifications.
755 "odl-device-notification:output": {
756 "stream-name": "urn:uuid:91e630ec-1324-4f57-bae3-0925b6d11ffd"
760 - Step 5: To receive notifications send GET request to url as follows:
764 http://localhost:8181/rests/streams/{encoding}/{stream-name}
766 {stream-name} - being **stream-name** received in previous step
768 {encoding} - being desired encoding to be received, either "xml" or "json"
770 The request for xml encoding and **stream-name** from previous example would look like this:
775 http://localhost:8181/rests/streams/xml/urn:uuid:91e630ec-1324-4f57-bae3-0925b6d11ffd
776 Content-Type: application/xml
777 Accept: application/xml
792 data: <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"><eventTime>2022-06-17T07:01:08.60228Z</eventTime><netconf-session-start xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications"><username>root</username><source-host>127.0.0.1</source-host><session-id>2</session-id></netconf-session-start></notification>
794 data: <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"><eventTime>2022-06-17T07:01:12.458258Z</eventTime><netconf-session-end xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications"><username>root</username><source-host>127.0.0.1</source-host><termination-reason>closed</termination-reason><session-id>2</session-id></netconf-session-end></notification>
796 Change event notification subscription tutorial
797 -----------------------------------------------
799 Subscribing to data change notifications makes it possible to obtain
800 notifications about data manipulation (insert, change, delete) which are
801 done on any specified **path** of any specified **datastore** with
802 specific **scope**. In following examples *{odlAddress}* is address of
803 server where ODL is running and *{odlPort}* is port on which
804 OpenDaylight is running. OpenDaylight offers two methods for receiving notifications:
805 Server-Sent Events (SSE) and WebSocket. SSE is the default notification mechanism used in OpenDaylight.
807 SSE notifications subscription process
808 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
810 In this section we will learn what steps need to be taken in order to
811 successfully subscribe to data change event notifications.
816 In order to use event notifications you first need to call RPC that
817 creates notification stream that you can later listen to. You need to
818 provide three parameters to this RPC:
820 - **path**: data store path that you plan to listen to. You can
821 register listener on containers, lists and leaves.
823 - **datastore**: data store type. *OPERATIONAL* or *CONFIGURATION*.
825 - **scope**: Represents scope of data change. Possible options are:
827 - BASE: only changes directly to the data tree node specified in the
828 path will be reported
830 - ONE: changes to the node and to direct child nodes will be
833 - SUBTREE: changes anywhere in the subtree starting at the node will
836 The RPC to create the stream can be invoked via RESTCONF like this:
841 URI: http://{odlAddress}:{odlPort}/rests/operations/sal-remote:create-data-change-event-subscription
842 HEADER: Content-Type=application/json
843 Accept=application/json
849 "path": "/toaster:toaster/toaster:toasterStatus",
850 "sal-remote-augment:datastore": "OPERATIONAL",
851 "sal-remote-augment:scope": "ONE"
855 The response should look something like this:
860 "sal-remote:output": {
861 "stream-name": "data-change-event-subscription/toaster:toaster/toaster:toasterStatus/datastore=CONFIGURATION/scope=SUBTREE"
865 **stream-name** is important because you will need to use it when you
866 subscribe to the stream in the next step.
870 Internally, this will create a new listener for *stream-name* if it
871 did not already exist.
876 In order to subscribe to stream and obtain SSE location you need
877 to call *GET* on your stream path. The URI should generally be
878 `http://{odlAddress}:{odlPort}/rests/data/ietf-restconf-monitoring:restconf-state/streams/stream/{streamName}`,
879 where *{streamName}* is the *stream-name* parameter contained in
880 response from *create-data-change-event-subscription* RPC from the
886 URI: http://{odlAddress}:{odlPort}/rests/data/ietf-restconf-monitoring:restconf-state/streams/stream/data-change-event-subscription/toaster:toaster/datastore=CONFIGURATION/scope=SUBTREE
888 The subscription call may be modified with the following query parameters defined in the RESTCONF RFC:
890 - `filter <https://www.rfc-editor.org/rfc/rfc8040#section-4.8.4>`__
892 - `start-time <https://www.rfc-editor.org/rfc/rfc8040#section-4.8.7>`__
894 - `end-time <https://www.rfc-editor.org/rfc/rfc8040#section-4.8.8>`__
896 In addition, the following ODL extension query parameter is supported:
898 :odl-leaf-nodes-only:
899 If this parameter is set to "true", create and update notifications will only
900 contain the leaf nodes modified instead of the entire subscription subtree.
901 This can help in reducing the size of the notifications.
903 :odl-skip-notification-data:
904 If this parameter is set to "true", create and update notifications will only
905 contain modified leaf nodes without data.
906 This can help in reducing the size of the notifications.
908 The response should look something like this:
913 "subscribe-to-notification:location": "http://localhost:8181/rests/notif/data-change-event-subscription/network-topology:network-topology/datastore=CONFIGURATION/scope=SUBTREE"
918 During this phase there is an internal check for to see if a
919 listener for the *stream-name* from the URI exists. If not, new a
920 new listener is registered with the DOM data broker.
922 Receive notifications
923 ^^^^^^^^^^^^^^^^^^^^^
925 Once you got SSE location you can now connect to it and
926 start receiving data change events. The request should look something like this:
930 curl -v -X GET http://localhost:8181/rests/notif/data-change-event-subscription/toaster:toaster/toasterStatus/datastore=OPERATIONAL/scope=ONE -H "Content-Type: text/event-stream" -H "Authorization: Basic YWRtaW46YWRtaW4="
933 WebSocket notifications subscription process
934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
936 Enabling WebSocket notifications in OpenDaylight requires a manual setup before starting the application.
937 The following steps can be followed to enable WebSocket notifications in OpenDaylight:
939 1. Open the file `org.opendaylight.restconf.nb.rfc8040.cfg`, at `etc/` folder inside your Karaf distribution. Or create in case it does not exist.
940 2. Locate the `use-sse` configuration parameter and change its value from `true` to `false`. Or add ``use-sse=false`` as new line in case this parameter is not present.
941 3. Save the changes made to the `org.opendaylight.restconf.nb.rfc8040.cfg` file.
942 4. Restart OpenDaylight if it is already running.
944 Once these steps are completed, WebSocket notifications will be enabled in OpenDaylight,
945 and they can be used for receiving notifications instead of SSE.
947 WebSocket Notifications subscription process is the same as SSE until you receive a location of WebSocket.
948 You can follow steps given above and after subscribing to a notification stream over WebSocket,
949 you will receive a response indicating that the subscription was successful:
954 "subscribe-to-notification:location": "ws://localhost:8181/rests/notif/data-change-event-subscription/network-topology:network-topology/datastore=CONFIGURATION/scope=SUBTREE"
957 You can use this WebSocket to listen to data
958 change notifications. To listen to notifications you can use a
959 JavaScript client or if you are using chrome browser you can use the
961 Client <https://chrome.google.com/webstore/detail/simple-websocket-client/pfdhoblngboilpfeibdedpjgfnlcodoo>`__.
963 Also, for testing purposes, there is simple Java application named
964 WebSocketClient. The application is placed in the
965 */restconf/websocket-client* project. It accepts a WebSocket URI
966 as an input parameter. After starting the utility (WebSocketClient
967 class directly in Eclipse/InteliJ Idea) received notifications should be
968 displayed in console.
970 Notifications are always in XML format and look like this:
974 <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
975 <eventTime>2014-09-11T09:58:23+02:00</eventTime>
976 <data-changed-notification xmlns="urn:opendaylight:params:xml:ns:yang:controller:md:sal:remote">
978 <path xmlns:meae="http://netconfcentral.org/ns/toaster">/meae:toaster</path>
979 <operation>updated</operation>
981 <!-- updated data -->
984 </data-changed-notification>
990 The typical use case is listening to data change events to update web
991 page data in real time. In this tutorial we will be using toaster as the
994 When you call *make-toast* RPC, it sets *toasterStatus* to "down" to
995 reflect that the toaster is busy making toast. When it finishes,
996 *toasterStatus* is set to "up" again. We will listen to these toaster
997 status changes in data store and will reflect it on our web page in
998 real-time thanks to WebSocket data change notification.
1000 Simple javascript client implementation
1001 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1003 We will create a simple JavaScript web application that will listen for
1004 updates on *toasterStatus* leaf and update some elements of our web page
1005 according to the new toaster status state.
1010 First you need to create stream that you are planning to subscribe to.
1011 This can be achieved by invoking "create-data-change-event-subscription"
1012 RPC on RESTCONF via AJAX request. You need to provide data store
1013 **path** that you plan to listen on, **data store type** and **scope**.
1014 If the request is successful you can extract the **stream-name** from
1015 the response and use that to subscribe to the newly created stream. The
1016 *{username}* and *{password}* fields represent the credentials that you
1017 use to connect to OpenDaylight via RESTCONF:
1021 The default user name and password are "admin".
1023 .. code-block:: javascript
1025 function createStream() {
1028 url: 'http://{odlAddress}:{odlPort}/rests/operations/sal-remote:create-data-change-event-subscription',
1031 'Authorization': 'Basic ' + btoa('{username}:{password}'),
1032 'Content-Type': 'application/json'
1034 data: JSON.stringify(
1037 'path': '/toaster:toaster/toaster:toasterStatus',
1038 'sal-remote-augment:datastore': 'OPERATIONAL',
1039 'sal-remote-augment:scope': 'ONE'
1043 }).done(function (data) {
1044 // this function will be called when ajax call is executed successfully
1045 subscribeToStream(data.output['stream-name']);
1046 }).fail(function (data) {
1047 // this function will be called when ajax call fails
1048 console.log("Create stream call unsuccessful");
1055 The Next step is to subscribe to the stream. To subscribe to the stream
1056 you need to call *GET* on
1057 *http://{odlAddress}:{odlPort}/rests/data/ietf-restconf-monitoring:restconf-state/streams/stream/{stream-name}*.
1058 If the call is successful, you get WebSocket address for this stream in
1059 **Location** parameter inside response header. You can get response
1060 header by calling *getResponseHeader(\ *Location*)* on HttpRequest
1061 object inside *done()* function call:
1063 .. code-block:: javascript
1065 function subscribeToStream(streamName) {
1068 url: 'http://{odlAddress}:{odlPort}/rests/data/ietf-restconf-monitoring:restconf-state/streams/stream/' + streamName;
1071 'Authorization': 'Basic ' + btoa('{username}:{password}'),
1074 ).done(function (data, textStatus, httpReq) {
1075 // we need function that has http request object parameter in order to access response headers.
1076 listenToNotifications(httpReq.getResponseHeader('Location'));
1077 }).fail(function (data) {
1078 console.log("Subscribe to stream call unsuccessful");
1082 Receive notifications
1083 ^^^^^^^^^^^^^^^^^^^^^
1085 Once you have WebSocket server location you can now connect to it and
1086 start receiving data change events. You need to define functions that
1087 will handle events on WebSocket. In order to process incoming events
1088 from OpenDaylight you need to provide a function that will handle
1089 *onmessage* events. The function must have one parameter that represents
1090 the received event object. The event data will be stored in
1091 *event.data*. The data will be in an XML format that you can then easily
1094 .. code-block:: javascript
1096 function listenToNotifications(socketLocation) {
1098 var notificatinSocket = new WebSocket(socketLocation);
1100 notificatinSocket.onmessage = function (event) {
1101 // we process our received event here
1102 console.log('Received toaster data change event.');
1103 $($.parseXML(event.data)).find('data-change-event').each(
1105 var operation = $(this).find('operation').text();
1106 if (operation == 'updated') {
1107 // toaster status was updated so we call function that gets the value of toasterStatus leaf
1108 updateToasterStatus();
1114 notificatinSocket.onerror = function (error) {
1115 console.log("Socket error: " + error);
1117 notificatinSocket.onopen = function (event) {
1118 console.log("Socket connection opened.");
1120 notificatinSocket.onclose = function (event) {
1121 console.log("Socket connection closed.");
1123 // if there is a problem on socket creation we get exception (i.e. when socket address is incorrect)
1125 alert("Error when creating WebSocket" + e );
1129 The *updateToasterStatus()* function represents function that calls
1130 *GET* on the path that was modified and sets toaster status in some web
1131 page element according to received data. After the WebSocket connection
1132 has been established you can test events by calling make-toast RPC via
1137 for more information about WebSockets in JavaScript visit `Writing
1139 applications <https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_client_applications>`__
1141 Netconf-connector + Netopeer
1142 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1144 `Netopeer <https://github.com/cesnet/netopeer>`__ (an open-source
1145 NETCONF server) can be used for testing/exploring NETCONF southbound in
1148 Netopeer installation
1149 ^^^^^^^^^^^^^^^^^^^^^
1151 A `Docker <https://www.docker.com/>`__ container with netopeer will be
1152 used in this guide. To install Docker and start the `netopeer
1153 image <https://hub.docker.com/r/sysrepo/sysrepo-netopeer2>`__ perform
1156 1. Install docker https://docs.docker.com/get-started/
1158 2. Start the netopeer image:
1162 docker run -it --name sysrepo -p 830:830 --rm sysrepo/sysrepo-netopeer2:latest
1164 3. Verify netopeer is running by invoking (netopeer should send its
1165 HELLO message right away:
1169 ssh root@localhost -p 830 -s netconf
1172 Mounting netopeer NETCONF server
1173 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1177 - OpenDaylight is started with features ``odl-restconf-all`` and
1178 ``odl-netconf-connector-all``.
1180 - Netopeer is up and running in docker
1182 Now just follow the section: `Spawning new NETCONF connectors`_ for
1183 password authentication.
1184 In the payload change the:
1186 - name, e.g., to netopeer
1188 - username/password to your system credentials
1194 After netopeer is mounted successfully, its configuration can be read
1195 using RESTCONF by invoking:
1198 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=netopeer/yang-ext:mount?content:config
1200 Mounting netopeer NETCONF server using key-based authentication SSH
1201 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1203 1. Install docker https://docs.docker.com/get-started/
1205 2. Create RSA key pair - it will be user for connection.
1207 3. Start the netopeer image(this command will also copy you pub key
1208 into docker container):
1212 docker run -dt -p 830:830 -v {path-to-pub-key}:/home/{netopeer-username}/.ssh/authorized_keys sysrepo/sysrepo-netopeer2:latest netopeer2-server -d -v 2
1214 4. Verify netopeer is running by invoking (netopeer should send its
1215 HELLO message right away:
1219 ssh root@localhost -p 830 -s netconf
1222 Now just follow the section: `Spawning new NETCONF connectors`_ for
1223 key-based authentication(SSH) to create device.
1224 In the payload change the:
1226 - name, e.g., to netopeer
1228 - username/password to your system credentials
1234 After netopeer is mounted successfully, its configuration can be read
1235 using RESTCONF by invoking:
1238 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=netopeer/yang-ext:mount?content:config
1240 Mounting netopeer NETCONF server using key-based authentication TLS
1241 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1243 1. Install docker https://docs.docker.com/get-started/
1249 docker pull sysrepo/sysrepo-netopeer2
1250 docker run -it --name sysrepo -p 830:830 --rm sysrepo/sysrepo-netopeer2:latest
1252 3. Enable TLS communication on server netopeer2
1256 ssh root@localhost -p 830 -s netconf
1257 (type password root)
1259 After successful connecting to netopeer2 setup your
1260 TLS configuration xml
1261 (See: https://github.com/CESNET/netopeer2/tree/master/example_configuration).
1265 - :~/netconf/karaf/target/assembly/bin$ ./karaf
1267 - feature:install odl-netconf-topology odl-restconf-nb-bierman02 odl-mdsal-apidocs
1269 5. Set up ODL netconf keystore
1271 To setup keystore is needed to send three RPCs from
1272 `Configure device to connect over TLS protocol`_
1273 to add a client private key, associate a private key with a client and CA
1274 certificates chain and add a list of trusted CA and server certificates.
1276 Now just follow the section: `Spawning new NETCONF connectors`_ for
1277 key-based authentication(TLS) to create device.
1278 In the payload change the:
1280 - name, e.g., to netopeer
1282 - username/password to your system credentials
1288 After netopeer is mounted successfully, its configuration can be read
1289 using RESTCONF by invoking:
1292 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=netopeer/yang-ext:mount?content:config
1294 Northbound (NETCONF servers)
1295 ----------------------------
1297 OpenDaylight provides 2 types of NETCONF servers:
1299 - **NETCONF server for config-subsystem (listening by default on port
1302 - Serves as a default interface for config-subsystem and allows
1303 users to spawn/reconfigure/destroy modules (or applications) in
1306 - **NETCONF server for MD-SAL (listening by default on port 2830)**
1308 - Serves as an alternative interface for MD-SAL (besides RESTCONF)
1309 and allows users to read/write data from MD-SAL’s datastore and to
1310 invoke its rpcs (NETCONF notifications are not available in the
1311 Boron release of OpenDaylight)
1315 The reason for having 2 NETCONF servers is that config-subsystem and
1316 MD-SAL are 2 different components of OpenDaylight and require
1317 different approaches for NETCONF message handling and data
1318 translation. These 2 components will probably merge in the future.
1322 Since Nitrogen release, there has been performance regression in NETCONF
1323 servers accepting SSH connections. While opening a connection takes
1324 less than 10 seconds on Carbon, on Nitrogen time can increase up to
1325 60 seconds. Please see https://jira.opendaylight.org/browse/ODLPARENT-112
1327 NETCONF server for config-subsystem
1328 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1330 This NETCONF server is the primary interface for config-subsystem. It
1331 allows the users to interact with config-subsystem in a standardized
1334 In terms of RFCs, these are supported:
1336 - `RFC-6241 <https://www.rfc-editor.org/rfc/rfc6241>`__
1338 - `RFC-5277 <https://www.rfc-editor.org/rfc/rfc5277>`__
1340 - `RFC-6470 <https://www.rfc-editor.org/rfc/rfc6470>`__
1342 - (partially, only the schema-change notification is available in
1345 - `RFC-6022 <https://www.rfc-editor.org/rfc/rfc6022>`__
1347 For regular users it is recommended to use RESTCONF + the
1348 controller-config loopback mountpoint instead of using pure NETCONF. How
1349 to do that is specific for each component/module/application in
1350 OpenDaylight and can be found in their dedicated user guides.
1352 NETCONF server for MD-SAL
1353 ~~~~~~~~~~~~~~~~~~~~~~~~~
1355 This NETCONF server is just a generic interface to MD-SAL in
1356 OpenDaylight. It uses the standard MD-SAL APIs and serves as an
1357 alternative to RESTCONF. It is fully model-driven and supports any data
1358 and rpcs that are supported by MD-SAL.
1360 In terms of RFCs, these are supported:
1362 - `RFC-6241 <https://www.rfc-editor.org/rfc/rfc6241>`__
1364 - `RFC-6022 <https://www.rfc-editor.org/rfc/rfc6022>`__
1366 - `RFC-7895 <https://www.rfc-editor.org/rfc/rfc7895>`__
1368 Notifications over NETCONF are not supported in the Boron release.
1372 Install NETCONF northbound for MD-SAL by installing feature:
1373 ``odl-netconf-mdsal`` in karaf. Default binding port is **2830**.
1378 The default configuration can be found in file: *08-netconf-mdsal.xml*.
1379 The file contains the configuration for all necessary dependencies and a
1380 single SSH endpoint starting on port 2830. There is also a (by default
1381 disabled) TCP endpoint. It is possible to start multiple endpoints at
1382 the same time either in the initial configuration file or while
1383 OpenDaylight is running.
1385 The credentials for SSH endpoint can also be configured here, the
1386 defaults are admin/admin. Credentials in the SSH endpoint are not yet
1387 managed by the centralized AAA component and have to be configured
1390 Verifying MD-SAL’s NETCONF server
1391 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1393 After the NETCONF server is available it can be examined by a command
1398 ssh admin@localhost -p 2830 -s netconf
1400 The server will respond by sending its HELLO message and can be used as
1401 a regular NETCONF server from then on.
1403 Mounting the MD-SAL’s NETCONF server
1404 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1406 To perform this operation, just spawn a new netconf-connector as
1407 described in `Spawning new NETCONF connectors`_. Just change the ip to
1408 "127.0.0.1" port to "2830" and its name to "controller-mdsal".
1410 Now the MD-SAL’s datastore can be read over RESTCONF via NETCONF by
1414 http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=controller-mdsal/yang-ext:mount?content:nonconfig
1418 This might not seem very useful, since MD-SAL can be accessed
1419 directly from RESTCONF or from Application code, but the same method
1420 can be used to mount and control other OpenDaylight instances by the
1421 "master OpenDaylight".
1423 NETCONF stress/performance measuring tool
1424 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1426 This is basically a NETCONF client that puts NETCONF servers under heavy
1427 load of NETCONF RPCs and measures the time until a configurable amount
1428 of them is processed.
1430 RESTCONF stress-performance measuring tool
1431 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1433 Very similar to NETCONF stress tool with the difference of using
1434 RESTCONF protocol instead of NETCONF.
1436 YANGLIB remote repository
1437 -------------------------
1439 There are scenarios in NETCONF deployment, that require for a centralized
1440 YANG models repository. YANGLIB plugin provides such remote repository.
1442 To start this plugin, you have to install odl-yanglib feature. Then you
1443 have to configure YANGLIB either through RESTCONF or NETCONF. We will
1444 show how to configure YANGLIB through RESTCONF.
1446 YANGLIB configuration
1447 ~~~~~~~~~~~~~~~~~~~~~
1448 YANGLIB configuration works through OSGi Configuration Admin interface, in the
1449 ``org.opendaylight.netconf.yanglib`` configuration PID. There are three tuneables you can
1452 * ``cache-folder``, which defaults to ``cache/schema``
1453 * ``binding-address``, which defaults to ``localhost``
1454 * ``binding-port``, which defaults to ``8181``
1456 In order to change these settings, you can either modify the corresponding configuration
1457 file, ``etc/org.opendaylight.netconf.yanglib.cfg``, for example:
1460 cache-folder = cache/newSchema
1461 binding-address = localhost
1467 opendaylight-user@root>config:edit org.opendaylight.netconf.yanglib
1468 opendaylight-user@root>config:property-set cache-folder cache/newSchema
1469 opendaylight-user@root>config:property-set binding-address localhost
1470 opendaylight-user@root>config:property-set binding-port 8181
1471 opendaylight-user@root>config:update
1473 This YANGLIB takes all YANG sources from the configured sources folder and
1474 for each generates URL in form:
1478 http://localhost:8181/yanglib/schemas/{modelName}/{revision}
1480 On this URL will be hosted YANG source for particular module.
1482 YANGLIB instance also writes this URL along with source identifier to
1483 ietf-netconf-yang-library/modules-state/module list.
1485 Netconf-connector with YANG library as fallback
1486 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1488 There is an optional configuration in netconf-connector called
1489 yang-library. You can specify YANG library to be plugged as additional
1490 source provider into the mount's schema repository. Since YANGLIB
1491 plugin is advertising provided modules through yang-library model, we
1492 can use it in mount point's configuration as YANG library. To do this,
1493 we need to modify the configuration of netconf-connector by adding this
1498 <yang-library xmlns="urn:opendaylight:netconf-node-topology">
1499 <yang-library-url xmlns="urn:opendaylight:netconf-node-topology">http://localhost:8181/rests/data/ietf-yang-library:modules-state</yang-library-url>
1500 <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
1501 <password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
1504 This will register YANGLIB provided sources as a fallback schemas for
1505 particular mount point.
1507 Restconf northbound configuration
1508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1509 Restconf-nb configuration works through OSGi Configuration Admin interface, in the
1510 ``org.opendaylight.restconf.nb.rfc8040`` configuration PID. There are six tuneables you can
1513 * ``maximum-fragment-length``, which defaults to ``0``
1514 * ``heartbeat-interval``, which defaults to ``10000``
1515 * ``idle-timeout``, which defaults to ``30000``
1516 * ``ping-executor-name-prefix``, which defaults to ``ping-executor``
1517 * ``max-thread-count``, which defaults to ``1``
1518 * ``use-sse``, which defaults to ``true``
1519 * ``restconf``, which defaults to ``rests``
1521 *maximum-fragment-length* — Maximum web-socket fragment length in number of Unicode code units (characters)
1522 (exceeded message length leads to fragmentation of messages)
1524 *heartbeat-interval* — Interval in milliseconds between sending of ping control frames.
1526 *idle-timeout* — Maximum idle time of web-socket session before the session is closed (milliseconds).
1528 *ping-executor-name-prefix* — Name of thread group Ping Executor will be run with.
1530 *max-thread-count* — Number of threads Ping Executor will be run with.
1532 *use-sse* — In case of ``true`` access to notification streams will be via Server-Sent Events.
1533 Otherwise web-socket servlet will be initialized.
1535 *restconf* — The value of RFC8040 restconf URI template, pointing to the root resource. Must not end with '/'.
1537 In order to change these settings, you can either modify the corresponding configuration
1538 file, ``org.opendaylight.restconf.nb.rfc8040.cfg``, for example:
1542 maximum-fragment-length=0
1543 heartbeat-interval=10000
1545 ping-executor-name-prefix=ping-executor
1554 opendaylight-user@root>config:edit org.opendaylight.restconf.nb.rfc8040
1555 opendaylight-user@root>config:property-set maximum-fragment_length 0
1556 opendaylight-user@root>config:property-set heartbeat-interval 10000
1557 opendaylight-user@root>config:property-set idle-timeout 30000
1558 opendaylight-user@root>config:property-set ping-executor-name-prefix "ping-executor"
1559 opendaylight-user@root>config:property-set max-thread-count 1
1560 opendaylight-user@root>config:property-set use-sse true
1561 opendaylight-user@root>config:property-set restconf "rests"
1562 opendaylight-user@root>config:update
1567 Call Home Installation
1568 ~~~~~~~~~~~~~~~~~~~~~~
1570 ODL Call-Home server is installed in Karaf by installing karaf feature
1571 ``odl-netconf-callhome-ssh``. RESTCONF feature is recommended for
1572 configuring Call Home & testing its functionality.
1576 feature:install odl-netconf-callhome-ssh
1581 In order to test Call Home functionality we recommend Netopeer or
1582 Netopeer2. See `Netopeer Call Home <https://github.com/CESNET/netopeer/wiki/CallHome>`__
1583 or `Netopeer2 <https://github.com/CESNET/netopeer2>`__ to learn how to
1584 enable call-home on Netopeer.
1586 Northbound Call-Home API
1587 ~~~~~~~~~~~~~~~~~~~~~~~~
1589 The northbound Call Home API is used for administering the Call-Home Server. The
1590 following describes this configuration.
1592 Global Configuration
1593 ^^^^^^^^^^^^^^^^^^^^
1596 The global configuration is not a part of the `RFC 8071
1597 <https://www.rfc-editor.org/rfc/rfc8071>`__ and, therefore, subject to change.
1599 Configuring global credentials
1600 ''''''''''''''''''''''''''''''
1602 The ODL Call-Home server allows user to configure global credentials, which will be
1603 used for devices connecting over SSH transport protocol that do not have
1604 device-specific credentials configured.
1606 This is done by creating
1607 ``/odl-netconf-callhome-server:netconf-callhome-server/global/credentials``
1608 with username and passwords specified.
1610 *Configuring global username & passwords to try*
1615 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
1616 Content-Type: application/json
1617 Accept: application/json
1619 .. code-block:: json
1624 "username": "example",
1625 "passwords": [ "first-password-to-try", "second-password-to-try" ]
1629 Configuring to accept any ssh server key using global credentials
1630 '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
1632 By default Netconf Call-Home Server accepts only incoming connections
1633 from allowed devices
1634 ``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices``,
1635 if user desires to allow all incoming connections, it is possible to set
1636 ``accept-all-ssh-keys`` to ``true`` in
1637 ``/odl-netconf-callhome-server:netconf-callhome-server/global``.
1639 The name of these devices in ``netconf-topology`` will be in format
1640 ``ip-address:port``. For naming devices see Device-Specific
1643 *Allowing unknown devices to connect*
1645 This is a debug feature and should not be used in production. Besides being an obvious
1646 security issue, this also causes the Call-Home Server to drastically increase its output
1652 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/global/accept-all-ssh-keys
1653 Content-Type: application/json
1654 Accept: application/json
1656 .. code-block:: json
1659 "accept-all-ssh-keys": "true"
1662 Device-Specific Configuration
1663 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1665 Netconf Call Home server supports both of the secure transports used
1666 by the Network Configuration Protocol (NETCONF) - Secure Shell (SSH),
1667 and Transport Layer Security (TLS).
1669 Configure device to connect over SSH protocol
1670 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1672 Netconf Call Home Server uses device provided SSH server key (host key)
1673 to identify device. The pairing of name and server key is configured in
1674 ``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices``.
1675 This list is colloquially called a allowlist.
1677 If the Call-Home Server finds the SSH host key in the allowlist, it continues
1678 to negotiate a NETCONF connection over an SSH session. If the SSH host key is
1679 not found, the connection between the Call Home server and the device is dropped
1680 immediately. In either case, the device that connects to the Call home server
1681 leaves a record of its presence in the operational store.
1683 Configuring Device with Device-specific Credentials
1684 '''''''''''''''''''''''''''''''''''''''''''''''''''
1686 Adding specific device to the allowed list is done by creating
1687 ``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device={device}``
1688 with device-id and connection parameters inside the ssh-client-params container.
1690 *Configuring Device with Credentials*
1695 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
1696 Content-Type: application/json
1697 Accept: application/json
1699 .. code-block:: json
1703 "unique-id": "example",
1704 "ssh-client-params": {
1706 "username": "example",
1707 "passwords": [ "password" ]
1709 "host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
1714 Configuring Device with Global Credentials
1715 '''''''''''''''''''''''''''''''''''''''''''''''''''
1717 It is possible to omit ``username`` and ``password`` for ssh-client-params,
1718 in such case values from global credentials will be used.
1720 *Example of configuring device*
1725 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
1726 Content-Type: application/json
1727 Accept: application/json
1729 .. code-block:: json
1733 "unique-id": "example",
1734 "ssh-client-params": {
1735 "host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
1740 Deprecated configuration models for devices accessed with SSH protocol
1741 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
1743 With `RFC 8071 <https://www.rfc-editor.org/rfc/rfc8071>`__ alignment and adding
1744 support for TLS transport following configuration models have been marked
1747 Configuring Device with Global Credentials
1748 '''''''''''''''''''''''''''''''''''''''''''''''''''
1750 *Example of configuring device*
1755 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
1756 Content-Type: application/json
1757 Accept: application/json
1759 .. code-block:: json
1763 "unique-id": "example",
1764 "ssh-host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
1768 Configuring Device with Device-specific Credentials
1769 '''''''''''''''''''''''''''''''''''''''''''''''''''
1771 Call Home Server also allows the configuration of credentials per device basis.
1772 This is done by introducing ``credentials`` container into the
1773 device-specific configuration. Format is same as in global credentials.
1775 *Configuring Device with Credentials*
1780 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
1781 Content-Type: application/json
1782 Accept: application/json
1784 .. code-block:: json
1788 "unique-id": "example",
1790 "username": "example",
1791 "passwords": [ "password" ]
1793 "ssh-host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
1797 Configure device to connect over TLS protocol
1798 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1800 Netconf Call Home Server allows devices to use TLS transport protocol to
1801 establish a connection towards the NETCONF device. This communication
1802 requires proper setup to make two-way TLS authentication possible for client
1805 The initial step is to configure certificates and keys for two-way TLS by
1806 storing them within the netconf-keystore.
1808 *Adding a client private key credential to the netconf-keystore*
1813 /rests/operations/netconf-keystore:add-keystore-entry
1814 Content-Type: application/json
1815 Accept: application/json
1817 .. code-block:: json
1823 "key-id": "example-client-key-id",
1824 "private-key": "PEM-format-private-key",
1825 "passphrase": "passphrase"
1831 *Associate a private key with a client and CA certificates chain*
1836 /rests/operations/netconf-keystore:add-private-key
1837 Content-Type: application/json
1838 Accept: application/json
1840 .. code-block:: json
1846 "name": "example-client-key-id",
1848 "certificate-chain": [
1856 *Add a list of trusted CA and server certificates*
1861 /rests/operations/netconf-keystore:add-trusted-certificate
1862 Content-Type: application/json
1863 Accept: application/json
1865 .. code-block:: json
1869 "trusted-certificate": [
1871 "name": "example-ca-certificate",
1872 "certificate": "ca-certificate-data"
1875 "name": "example-server-certificate",
1876 "certificate": "server-certificate-data"
1882 In a second step, it is required to create an allowed device associated with
1883 a server certificate and client key. The server certificate will be used to
1884 identify and pin the NETCONF device during SSL handshake and should be unique
1885 among the allowed devices.
1887 *Add device configuration for TLS protocol to allowed devices list*
1892 /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example-device
1893 Content-Type: application/json
1894 Accept: application/json
1896 .. code-block:: json
1900 "unique-id": "example-device",
1901 "tls-client-params": {
1902 "key-id": "example-client-key-id",
1903 "certificate-id": "example-server-certificate"
1911 Once an entry is made on the config side of "allowed-devices", the Call-Home Server will
1912 populate a corresponding operational device that is the same as the config device but
1913 has an additional status. By default, this status is *DISCONNECTED*. Once a device calls
1914 home, this status will change to one of:
1916 *CONNECTED* — The device is currently connected and the NETCONF mount is available for network
1919 *FAILED_AUTH_FAILURE* — The last attempted connection was unsuccessful because the Call-Home
1920 Server was unable to provide the acceptable credentials of the device. The device is also
1921 disconnected and not available for network management.
1923 *FAILED_NOT_ALLOWED* — The last attempted connection was unsuccessful because the device was
1924 not recognized as an acceptable device. The device is also disconnected and not available for
1927 *FAILED* — The last attempted connection was unsuccessful for a reason other than not
1928 allowed to connect or incorrect client credentials. The device is also disconnected and not
1929 available for network management.
1931 *DISCONNECTED* — The device is currently disconnected.
1936 Devices that are not on the allowlist might try to connect to the Call-Home Server. In
1937 these cases, the server will keep a record by instantiating an operational device. There
1938 will be no corresponding config device for these rogues. They can be identified readily
1939 because their device id, rather than being user-supplied, will be of the form
1940 "address:port". Note that if a device calls back multiple times, there will only be
1941 a single operatinal entry (even if the port changes); these devices are recognized by
1942 their unique host key.
1944 Southbound Call-Home API
1945 ~~~~~~~~~~~~~~~~~~~~~~~~
1947 The Call-Home Server listens for incoming TCP connections and assumes that the other side of
1948 the connection is a device calling home via a NETCONF connection with SSH for
1949 management. The server uses port 4334 by default and this can be configured via a
1950 blueprint configuration file.
1952 The device **must** initiate the connection and the server will not try to re-establish the
1953 connection in case of a drop. By requirement, the server cannot assume it has connectivity
1954 to the device due to NAT or firewalls among others.
1956 Reading data with selected fields
1957 ---------------------------------
1962 If user would like to read only selected fields from a NETCONF device, it is possible to use
1963 the fields query parameter that is described by RFC-8040. RESTCONF parses content of query
1964 parameter into format that is accepted by NETCONF subtree filtering - filtering of data is done
1965 on NETCONF server, not on NETCONF client side. This approach optimizes network traffic load,
1966 because data in which user doesn't have interest, is not transferred over network.
1970 * using single RESTCONF request and single NETCONF RPC for reading multiple subtrees
1971 * possibility to read only selected fields under list node across multiple hierarchies
1972 (it cannot be done without proper selection API)
1976 More information about fields query parameter: `RFC 8071 <https://www.rfc-editor.org/rfc/rfc8040#section-4.8.3>`__
1981 For demonstration, we will define next YANG model:
1985 module test-module {
1987 namespace "urn:opendaylight:test-module";
1989 revision "2023-02-16";
1992 container simple-root {
2012 container list-root {
2025 container next-data {
2047 Follow the :doc:`testtool` instructions to save this schema and run it with testtool.
2049 Mounting NETCONF device that runs on NETCONF testtool:
2051 .. code-block:: bash
2053 curl --location --request PUT 'http://127.0.0.1:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=testtool' \
2054 --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
2055 --header 'Content-Type: application/json' \
2059 "node-id": "testtool",
2060 "netconf-node-topology:host": "127.0.0.1",
2061 "netconf-node-topology:port": 17830,
2062 "netconf-node-topology:keepalive-delay": 100,
2063 "netconf-node-topology:tcp-only": false,
2064 "netconf-node-topology:login-password-unencrypted": {
2065 "netconf-node-topology:username": "admin",
2066 "netconf-node-topology:password": "admin"
2072 Setting initial configuration on NETCONF device:
2074 .. code-block:: bash
2076 curl --location --request PUT 'http://127.0.0.1:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=testtool/yang-ext:mount/test-module:root' \
2077 --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
2078 --header 'Content-Type: application/json' \
2177 1. Reading whole leaf-list 'll' and leaf 'nested/sample-x' under 'simple-root' container.
2181 .. code-block:: bash
2183 curl --location --request GET 'http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=testtool/yang-ext:mount/test-module:root/simple-root?content=config&fields=ll;nested/sample-x' \
2184 --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
2185 --header 'Cookie: JSESSIONID=node01h4w82eorc1k61866b71qjgj503.node0'
2187 Generated NETCONF RPC request:
2191 <rpc message-id="m-18" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
2196 <filter xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:type="subtree">
2197 <root xmlns="urn:ietf:params:xml:ns:yang:test-model">
2211 Using fields query parameter it is also possible to read whole leaf-list or list without
2212 necessity to specify value / key predicate (without reading parent entity). Such scenario
2213 is not permitted in RFC-8040 paths alone - fields query parameter can be used as
2214 workaround for this case.
2218 .. code-block:: json
2221 "test-module:simple-root": {
2233 2. Reading all identifiers of 'nested-list' under all elements of 'top-list'.
2237 .. code-block:: bash
2239 curl --location --request GET 'http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=testtool/yang-ext:mount/test-module:root/list-root?content=config&fields=top-list(nested-list/identifier)' \
2240 --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
2241 --header 'Cookie: JSESSIONID=node01h4w82eorc1k61866b71qjgj503.node0'
2243 Generated NETCONF RPC request:
2247 <rpc message-id="m-27" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
2252 <filter xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:type="subtree">
2253 <root xmlns="urn:ietf:params:xml:ns:yang:test-model">
2270 NETCONF client automatically fetches values of list keys since they are required for correct
2271 deserialization of NETCONF response and at the end serialization of response to RESTCONF
2272 response (JSON/XML).
2276 .. code-block:: json
2279 "test-module:list-root": {
2330 3. Reading value of leaf 'branch-ab' and all values of leaves 'switch-1' that are placed
2331 under 'top-list' list elements.
2335 .. code-block:: bash
2337 curl --location --request GET 'http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=testtool/yang-ext:mount/test-module:root/list-root?content=config&fields=branch-ab;top-list/next-data/switch-1' \
2338 --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
2339 --header 'Cookie: JSESSIONID=node01jx6o5thwae9t1ft7c2zau5zbz4.node0'
2341 Generated NETCONF RPC request:
2345 <rpc message-id="m-42" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
2350 <filter xmlns:ns0="urn:ietf:params:xml:ns:netconf:base:1.0" ns0:type="subtree">
2351 <root xmlns="urn:ietf:params:xml:ns:yang:test-model">
2369 .. code-block:: json
2372 "test-module:list-root": {
2401 Reading module source
2402 ---------------------
2407 If user would like to read module source from a Controller or NETCONF device, it is possible to use
2408 the subpath "modules". Revision of the module is optional, so it is passed as a query parameter. There is
2409 also a possibility to read modules in yang format or in yin format.
2411 *Read module source from controller*
2416 /rests/modules/{module-name}?revision={revision}
2417 Accept: application/yang or application/yin+xml
2419 *Read mounted module source from device*
2424 /rests/modules/network-topology:network-topology/topology=topology-netconf/node={node-id}/yang-ext:mount/{module-name}?revision={revision}
2425 Accept: application/yang or application/yin+xml
2433 The OpenAPI provides full API for configurational data which can be edited (by POST, PUT, PATCH and DELETE).
2434 For operational data we only provide GET API. For the majority of requests you can see only config data in examples.
2435 That’s because we can show only one example per request. The exception when you can see operational data in an
2436 example is when data are representing an operational (config false) container with no config data in it.
2439 Using the OpenAPI Explorer through HTTP
2440 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2442 1. Install OpenApi into Karaf by installing karaf feature:
2446 $ feature:install odl-restconf-openapi
2448 2. Navigate to OpenAPI in your web browser which is available at URLs:
2450 - http://localhost:8181/openapi/explorer/index.html for general overview
2452 - http://localhost:8181/openapi/api/v3/single for JSON data
2456 In the URL links for OpenAPI, change *localhost* to the IP/Host name of your actual server.
2458 3. Enter the username and password.
2459 By default the credentials are *admin/admin*.
2461 4. Select any model to try out.
2463 5. Select any available request to try out.
2465 6. Click on the **Try it out** button.
2467 7. Provide any required parameters or edit request body.
2469 8. Click the **Execute** button.
2471 9. You can see responses to the given request.
2474 OpenAPI Explorer can also be used for connected device. How to connect a device can be found :ref:`here <netconf-connector>`.
2476 OpenAPI URLs in that case would look like this:
2478 - `http://localhost:8181/openapi/explorer/index.html?urls.primaryName=17830-sim-device resources - RestConf RFC 8040 <http://localhost:8181/openapi/explorer/index.html?urls.primaryName=17830-sim-device%20resources%20-%20RestConf%20RFC%208040>`_ for device overview
2480 - http://localhost:8181/openapi/api/v3/mounts/1 for JSON data
2482 - `http://localhost:8181/openapi/api/v3/mounts/1/toaster(2009-11-20) <http://localhost:8181/openapi/api/v3/mounts/1/toaster(2009-11-20)>`__ JSON data for given model
2486 The URL links for OpenAPI are made for device with name *17830-sim-device* and model toaster
2487 with *2009-11-20* revision and need to be changed accordingly to connected device.