juniper_mx adapter

Inmanta module to manage juniper mx series router/switch configuration

Features

The main feature of this module is the handling of the whole configuration of juniper mx routers/switches. It uses netconf as networking management protocol and yang as high level configuration modeling language. This module can manage any configuration node defined in https://github.com/Juniper/yang and present in docs/yang_models. Instead of using the yang files directly, the module uses pre-compiled xml obtained from the yang models in docs/yang_models.

Tooling is available to convert yang configuration from the device into model code automatically (as shown below). For more information contact sales.

Requirements

This module requires device to communicate using yang and rfc-compliant format. For this purpose, please pre-configure a device with the following configuration lines:

set system services netconf rfc-compliant
set system services netconf yang-compliant

Environment variables

Netconf credentials can be stored in environment variables if storing them in the model is not desired. For this purpose, use username_env_var instead of username attribute of yang::Credentials entity, which is attached as yang_credentials relation to juniper_mx::NetconfDevice. The same rule applies for password - use password_env_var instead of password.

Usage example

This Juniper MX configuration sets up a bandwidth-limiting policer, configures an interface with VLAN-CCC encapsulation and traffic policing, and establishes an EVPN-VPWS routing instance with specific route and VRF settings.

<nc:config xmlns:...>
  <junos-conf-root:configuration>
    <firewall>
      <policer nc:operation="replace">
        <name>policer_test-ep-1</name>
        <if-exceeding>
          <bandwidth-limit>1000000</bandwidth-limit>
          <burst-size-limit>1500</burst-size-limit>
        </if-exceeding>
        <then>
          <discard/>
        </then>
      </policer>
    </firewall>
    <interfaces xmlns="http://yang.juniper.net/junos/conf/interfaces">
      <interface>
        <name>ge-0/0/1</name>
        <unit nc:operation="replace">
          <name>1</name>
          <encapsulation>vlan-ccc</encapsulation>
          <family>
            <ccc>
              <policer>
                <output>policer_test-ep-1</output>
              </policer>
            </ccc>
          </family>
          <input-vlan-map>
            <pop/>
          </input-vlan-map>
          <output-vlan-map>
            <push/>
          </output-vlan-map>
          <vlan-tags>
            <outer>1</outer>
          </vlan-tags>
        </unit>
      </interface>
    </interfaces>
    <routing-instances xmlns="http://yang.juniper.net/junos/conf/routing-instances">
      <instance nc:operation="replace">
        <name>10200</name>
        <instance-type>evpn-vpws</instance-type>
        <interface>
          <name>ge-0/0/1.1</name>
        </interface>
        <protocols>
          <evpn>
            <interface>
              <name>ge-0/0/1.1</name>
              <vpws-service-id>
                <local>1</local>
                <remote>2</remote>
              </vpws-service-id>
            </interface>
          </evpn>
        </protocols>
        <route-distinguisher>
          <rd-type>10200:10200</rd-type>
        </route-distinguisher>
        <vrf-target>
          <community>target:10200:10200</community>
        </vrf-target>
      </instance>
    </routing-instances>
  </junos-conf-root:configuration>
</nc:config>

And its exact representation in the inmanta language is the following:

import juniper_mx
import juniper_mx::firewall
import juniper_mx::firewall::policer
import juniper_mx::interfaces
import juniper_mx::interfaces::interface
import juniper_mx::interfaces::interface::unit
import juniper_mx::interfaces::interface::unit::family
import juniper_mx::interfaces::interface::unit::family::ccc
import juniper_mx::routing_instances
import juniper_mx::routing_instances::instance
import juniper_mx::routing_instances::instance::protocols
import juniper_mx::routing_instances::instance::protocols::evpn
import juniper_mx::routing_instances::instance::protocols::evpn::interface
import yang

device = juniper_mx::NetconfDevice(
    mgmt_ip="127.0.0.1",
    name="router",
    yang_credentials=yang::Credentials(
        username_env_var="NETCONF_DEVICE_USER",
        password_env_var="NETCONF_DEVICE_PASSWORD",
    ),
)


juniper_mx::Firewall(
    device=device,
    policer=juniper_mx::firewall::Policer(
        name="policer_test-ep-1",
        if_exceeding=juniper_mx::firewall::policer::IfExceeding(
            bandwidth_limit="1000000",
            burst_size_limit="1500",
        ),
        then=juniper_mx::firewall::policer::Then(
            discard=true,
        ),
    ),
)

juniper_mx::Interfaces(
    device=device,
    interface=juniper_mx::interfaces::Interface(
        name="ge-0/0/1",
        unit=juniper_mx::interfaces::interface::Unit(
            name="1",
            encapsulation="vlan-ccc",
            vlan_tags=juniper_mx::interfaces::interface::unit::VlanTags(
                outer="1",
            ),
            input_vlan_map=juniper_mx::interfaces::interface::unit::InputVlanMap(
                pop=true,
            ),
            output_vlan_map=juniper_mx::interfaces::interface::unit::OutputVlanMap(
                push=true,
            ),
            family=juniper_mx::interfaces::interface::unit::Family(
                ccc=juniper_mx::interfaces::interface::unit::family::Ccc(
                    policer=juniper_mx::interfaces::interface::unit::family::ccc::Policer(
                        output="policer_test-ep-1",
                    ),
                ),
            ),
        ),
    ),
)

juniper_mx::RoutingInstances(
    device=device,
    instance=juniper_mx::routing_instances::Instance(
        name="10200",
        instance_type="evpn-vpws",
        interface=juniper_mx::routing_instances::instance::Interface(
            name="ge-0/0/1.1",
        ),
        route_distinguisher=juniper_mx::routing_instances::instance::RouteDistinguisher(
            rd_type="10200:10200",
        ),
        vrf_target=juniper_mx::routing_instances::instance::VrfTarget(
            community="target:10200:10200",
        ),
        protocols=juniper_mx::routing_instances::instance::Protocols(
            evpn=juniper_mx::routing_instances::instance::protocols::Evpn(
                interface=juniper_mx::routing_instances::instance::protocols::evpn::Interface(
                    name="ge-0/0/1.1",
                    vpws_service_id=juniper_mx::routing_instances::instance::protocols::evpn::interface::VpwsServiceId(
                        local="1",
                        remote="2",
                    ),
                ),
            ),
        ),
    ),
)