自动化Junos管理：Python与RPC机制

需积分: 10 20 浏览量更新于2024-07-17 收藏 7.47MB PDF 举报

"《Automating Junos Administration》是由Jonathan Looney和Stacy Smith合著的一本书，主要讨论了如何自动化管理Junos操作系统，以提高网络设备的效率和准确性。书中涵盖了自动化的优势、管理系统的内部机制、RPC（远程过程调用）机制以及配置管理等多个关键主题。" 这本书首先介绍了自动化管理的好处，包括节省时间、防止人为错误、节省内存、避免复制粘贴错误以及启用新服务。接着深入探讨了管理系统的内部结构，如访问管理系统的途径、操作命令流程和配置数据流。对于配置数据库和提交模型，作者详细阐述了配置数据库的运作以及配置提交的过程。在RPC机制部分，书里讲解了结构化数据模型和格式，以及如何在Python中利用这些结构化数据。读者将学习如何在Junos设备上运行RPC，了解RPC的授权机制。同时，书中也详细讨论了操作RPC，包括其输出格式、发现RPC语法的方法以及回复语法。配置管理章节中，通过RPC进行配置的表示被以XML形式呈现，书中教授如何发现XML配置语法，并利用操作RPC查看和更改配置。这些内容对于理解Junos系统中的自动化配置管理至关重要。这本书是针对希望提升Junos设备管理效率、减少人工干预错误的专业人士的理想读物。它不仅提供了理论知识，还包含实际操作的例子，帮助读者掌握自动化管理工具，实现更高效、可靠的网络运维。

We have attempted to thank all of those who assisted us, but if we have accidentally missed you, we apologize and

we appreciate your help!

From Jonathan Looney

I would like to thank my wife, Elisabeth, and my children, Isabel and David, for selflessly supporting me as I

worked on this book in addition to my already busy schedule. I appreciate their encouragement even as they

sacrificed date nights, meals together, and evenings of “chase” as I devoted time to this project. I look forward to

making up for those missed activities soon.

I would also like to thank Stacy for putting up with me over the past year as we worked on the book. Writing a book

is never easy and could easily strain a friendship. I appreciate his helpful suggestions on improving my chapters and

his patience with me even through our disagreements. I have enjoyed working with him, and look forward to

continuing our friendship.

Finally, I would like to thank the many people who have spent time teaching and mentoring me over the years. I

would like to thank the managers in my career who gave me freedom to explore new ideas and try new things. And I

would like to thank the people who have believed in me and encouraged me to try things I wasn’t sure I could

accomplish. In a sense, they are all responsible for this book.

From Stacy Smith

I would like to acknowledge my wife, Wanda, and my sons, Ezra and Eli, for extending patience and grace as I spent

many evenings and weekends working on this project. Your willingness to support me in this endeavor were key to

its success. Thank you for your sacrifice.

I would also like to thank Jonathan for inviting me to write with him. It’s always a pleasure to work with someone

so talented, yet so humble. I’m grateful to have had that opportunity many times in the last 13 years, and I hope it

continues for many years to come. Thanks for your friendship.

Chapter 1. Introduction

Welcome to the world of automating Junos management! Since its introduction in the late 1990s, the user interface

(UI) of the Junos software has set it apart from its competitors by making it easy for network operators to manage

their devices using the command-line interface (CLI). In addition, Juniper has been a leader in network automation,

shipping an API in the first Junos release and delivering the first external API in Junos 4.1.

However, times have changed. More and more, as operators look to automate their networks, other management

interfaces are growing in importance. Juniper has kept up with this trend and is striving to be an industry leader by

enabling automation to work with its devices.

This chapter sets the stage for the rest of the book by discussing the benefits of automation, reviewing some

background information about the way the Junos management system works, and giving some basic information

about the book.

Benefits of Automation

Network automation has grown to be a hot topic in recent years, and for good reason: the benefits of automation are

quite large, both for a company and for the individuals who run its network.

Because you are reading this book, you probably already know at least some of the benefits of automation.

However, we find that whenever you review the possibilities of automation, you may find a new way to use it

beyond the ones you were planning. Let’s review some common benefits.

What Is Automation?

This is probably a good point to address a basic question: just what is network automation? If you ask 10 different

people, you may get 11 different answers. Is it software-defined networking (SDN)? Is it a complete CLI

replacement, or CLI customization (like YANG, defined in RFC 6020)? Or is it merely customizing the behavior of

the existing UI tools?

The answer is, basically, “yes.” Automation can encompass all of these things, and many things in between. You can

use automation to configure and monitor every aspect of your devices such that no one needs to use the on-box CLI

unless there is an emergency. You can use automation to do very complex, high-speed activities, such as

programming all the routes your network needs. Or you can use automation to customize the commit process,

simplify repetitive tasks, and customize the UI.

It may be helpful to compare network automation to computer programming. You can write a computer program in

C or C++ to conduct complex, high-speed operations. Or you can write a simple shell script to simplify the process

of running a common sequence of commands. Or you can use Python to write a fairly lightweight menu program as

a frontend for some common operations. Likewise, with network automation, there are different tools that are

available that allow you to do different things. Just as we call it programming whether we use C, C++, Python, or

shell scripting, we also call it network automation regardless of the complexity of the operation we are trying to

undertake.

And, coincidentally, many of those same programming tools are available to you when you do network automation.

You can do simple things using simple tools you may already know, or you can do more powerful things using

appropriate tools.

Automation Saves Time

One of the most basic benefits of automation is that it saves time. Many of us have repetitive tasks that we need to

conduct. One method of simplifying these repetitive tasks is to use automation.

For example, assume that you have a standard methodology for troubleshooting failed Border Gateway Protocol

(BGP) sessions. First, you check the show interfaces output for the interface connected to the peer. After that, you

ping the peer. Then, you look at the show bgp neighbor output for the peer. Finally, you look for log errors related

to the peer or its interface.

It is completely acceptable to maintain a list of the appropriate commands and run them each time you need to

troubleshoot a failed BGP session. However, you may be able to save time by reducing these to an automation script

that runs the appropriate commands.

In fact, you may be able to save even more time by having the script actually interpret the command output for you.

For example, what do you really want to know from the show interfaces output? You probably want to see

whether the interface is up or down. You probably also want to look for unusual statistics (such as a very high data

rate or a high error rate). Depending on what you see here, you may already know the reason for the session failure.

(If the link is down, it isn’t necessary to look any further: no traffic will reach the peer.) By having the script look

for obvious clues like this, you may be able to write a script that simply tells you why the BGP session is down

when it is obvious. (That automated analysis can be a big help when you get a 4 a.m. call to troubleshoot a network

problem.)

But why stop there? Why should you even need to run the script? Why not have your device automatically run the

script for you whenever a peering session goes down and stays down for more than five minutes? Junos has the

automation hooks to enable this sort of event-driven script execution.

And, of course, one of the big ways automation can save time is by simplifying the repetitive provisioning process,

which often amounts to the use of standard fill-in-the-blanks templates. We’ll talk more about that in “Automation

Prevents Copy/Paste Errors”.

Automation Prevents Human Error

The alternate title for this section should be: “Automation Prevents 4 A.M. Phone Calls.” How many emergencies

have been caused by someone making a typo or making a simple omission during a change?

For example, let’s say that your network core uses Multiprotocol Label Switching (MPLS) to forward traffic.

Further, let’s assume MPLS is required because you have a large number of applications (such as virtual private

networks [VPNs]) that require MPLS in order to operate correctly. Now imagine that someone provisions new

network interconnects between core and edge routers, but forgets to enable MPLS processing for those interfaces on

the core router. That scenario is a network outage waiting to happen! Once the other paths between the core and

edge routers go down, MPLS traffic will be unable to flow over these new links.

Wouldn’t it be great if you could prevent someone from doing this by programming the network to know the

expected configurations and catch omissions like this? Again, Junos has the automation hooks to enable this

protection.

Automation Saves Memory

We all probably have complicated tasks that we only need to perform once in a while. It is not uncommon for me to

answer a colleague’s question by scratching my head and saying, “I remember looking up the command to do that.

Now, just give me a minute to find it.”

It is certainly the case that not every command should be reduced to automation. But things that are particularly

critical and are typically needed in time-sensitive situations are good candidates for automation. Likewise, things

that are particularly complicated are also candidates for automation.

Automation Prevents Copy/Paste Errors

A number of common network management tasks can be reduced to following a template with variables that need to

be completed. Perhaps the paradigmatic example of this is network provisioning (although the same concept can

apply in other contexts, such as troubleshooting).

Network provisioning often involves templates: a template for the base device configuration, a template for internal

connections, a template for transit or peer connections, and multiple templates for different types of customer

connections. These templates usually have very few variables that an operator needs to change in order to use them.

However, it is easy for someone to accidentally omit an important line, forget to change one of the variables, or

change one of the variables to an invalid value. And even if the user makes no mistakes while creating the

configuration from the template, sometimes an error is introduced during the process of copying and pasting a large

configuration block or a large set of commands.

Note

We’ll talk more about provisioning templates when we talk about commit scripts in Chapter 5. Commit scripts are

one way to easily apply a template. Commit scripts even provide an optional way to reduce the size of the Junos

configuration file by having Junos display the template parameters (rather than their full expansion) by default.

In this instance, automation can both save time and reduce the number of unintended errors. If the provisioning

process is reduced to a simple script that asks for values for the few variables that are in a template, the script can

make sure that the entire configuration is applied. The script can even ask the questions necessary to choose the

correct template. In addition, the script can perform checks to validate that the values provided by the user make

sense.

In fact, it is possible to even further reduce the information that a user needs to supply by having the script gather the

information in the first place. Let’s assume that the customer data is all maintained in a SQL database. When

prompted by the user, the script can query the database to gather the correct values for all the variables and present

them to the user for validation. This further reduces the possibility of inadvertent errors.

From there, it is only a small step to fully automating the process. When a new customer is added to the database, an

automated process can automatically activate the changes in the network.

It will probably not be possible to completely eliminate the possibility of someone entering incorrect information at

some point in the process. However, using automation can reduce the number of places where incorrect information

can be introduced. And it can promote consistency among the different systems that maintain information about the

network by ensuring that the same information is used everywhere (whether that information is correct or incorrect).

Automation Enables New Services

Automation can enable new services that could not be conducted by humans in an efficient manner. In this context, a

“service” can either be external or internal.

SDN can be a good example of an external service enabled by automation. Imagine that a network operator wants to

optimize their traffic flow every five minutes based on a complex set of algorithms, but they want to conduct the

recalculation faster than that if certain events occur. This is the kind of complex network service that requires

automation to effectively implement it.

An example of an internal service enabled by automation is an automated troubleshooting service. Imagine that a

network operator implements an automated troubleshooting service that monitors for network events that may

indicate a network error. The automation tool then responds to those events according to a set troubleshooting

template. If it finds a problem that it can automatically correct, it does so. Otherwise, it sends the output of its

findings to the network operator’s trouble ticket system. That output should have all the information necessary to

continue troubleshooting the problem. This has the potential to reduce the amount of time that network engineers

spend gathering basic information and trying “simple” fixes. It also has the potential to suppress false errors,

reducing the amount of time that network engineers spend responding to false alerts and allowing them to start

working on the real problems more quickly. Finally, it has the potential to reduce the time to resolution for network

problems.

Management System Internals

It is helpful to have a good understanding of the way “management data” usually flows through the Junos system.

Some examples of the types of management data that may flow through a system include configuration information,

operational commands, and statistics. Having a good understanding of this management data flow will help you

understand the distinctions between various methods of accessing this data.

As we look at the flow of management data, you will see that the management daemon (MGD) is a central hub of

activity. Most management data flows through MGD. The Junos software accepts management connections through

a variety of mechanisms; however, most eventually turn into Junoscript or NETCONF sessions that connect to

MGD. MGD has three primary mechanisms for interacting with daemons: a management socket (which it uses to

pass along operational command requests and responses), the shared configuration database, and Unix signals.

Accessing the Management System

Let’s start with ways of accessing the management system. Here, all roads lead to MGD.

All CLI sessions invoke a binary (coincidentally, named cli) that is a Junoscript client. The CLI binary opens a

Junoscript session with MGD and exchanges information with MGD in an XML format.

It is also possible for a user to interact with the Junos software using a NETCONF or Junoscript session. These

sessions also connect to MGD.

Additionally, a user can interact with the Junos software using the REST API. As described in “Internal Design”,

these sessions are piped through some extra plumbing, but eventually reach MGD.

Finally, it is possible for a user to interact with the Junos software using PyEZ, or to have op, commit, or event

scripts launch remote procedure calls (RPCs). In all of these cases, a Junoscript or NETCONF session is used to

connect to the software. Again, these Junoscript or NETCONF sessions all terminate with MGD.

Figure 1-1 illustrates how these various connection mechanisms all eventually wind up as sessions connected to

MGD.

剩余483页未读，继续阅读

luckymax

粉丝: 0
资源: 16

自动化Junos管理：Python与RPC机制

Automating.Junos.Administration.Doing.More.with.Less.1491928883.epub

automating-junos-administration.rar

信息安全_数据安全_eu-16-Hovor-Automating-Incident-.pdf

NSX-T hol-2026-01-net_pdf_en.pdf

Automating with SIMATIC S7-1200_S7-1200_

Automating with SIMATIC S7-1500_S7-1500_

automating_system_administration_with_per

Automating with SIMATIC S7-1500_ Configuring, Programming Testing with STEP 7

Wrox.Press.-.Professional..Programming.pdf

信息安全_数据安全_us-18-Wu-Towards-Automating-Expl.pdf

最新资源