juniper_srx adapter¶
Inmanta module to manage juniper srx series router/switch configuration
Features¶
The main feature of this module is the handling of the whole configuration of juniper srx router/switch. It uses netconf as networking management protocol and yang as high level configuration modeling language. This module can manage any configuration node defined in https://github.com/Juniper/yang and present in docs/yang_models. Instead of using the yang files directly, the module uses pre-compiled xml obtained from the yang models in docs/yang_models.
Tooling is available to convert yang configuration from the device into model code automatically (as shown below). For more information contact sales.
Requirements¶
This module requires device to communicate using yang and rfc-compliant format. For this purpose, please pre-configure a device with the following configuration lines:
set system services netconf rfc-compliant
set system services netconf yang-compliant
Environment variables¶
Netconf credentials can be stored in environment variables if storing them in the model is not desired.
For this purpose, use username_env_var instead of username attribute of yang::Credentials entity, which is attached as yang_credentials relation to juniper_srx::NetconfDevice.
The same rule applies for password - use password_env_var instead of password.
Usage example¶
The following xml configuration sets up a LAG with mtu and active LACP. It defines a policy to reject certain routes or traffic and establishes a virtual router (VRF). The configuration also sets the system to be NETCONF and YANG compliant, and defines a VLAN with an associated Layer 3 interface.
<nc:config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:junos="http://xml.juniper.net/junos/23.2R2.21/junos">
<configuration xmlns="http://yang.juniper.net/junos-es/conf/root"
junos:commit-seconds="1732043292" junos:commit-localtime="2024-11-19 19:08:12 UTC"
junos:commit-user="admin">
<system>
<services>
<netconf>
<rfc-compliant nc:operation="replace" />
<yang-compliant nc:operation="replace" />
</netconf>
</services>
</system>
<chassis xmlns="http://yang.juniper.net/junos-es/conf/chassis">
<aggregated-devices>
<ethernet>
<device-count>1</device-count>
</ethernet>
</aggregated-devices>
</chassis>
<interfaces xmlns="http://yang.juniper.net/junos-es/conf/interfaces">
<interface nc:operation="replace">
<name>ae3</name>
<mtu>9000</mtu>
<aggregated-ether-options>
<lacp>
<active />
</lacp>
</aggregated-ether-options>
<unit>
<name>0</name>
<family>
<ethernet-switching>
<interface-mode>trunk</interface-mode>
<vlan>
<members>5gc-clustering-1</members>
</vlan>
</ethernet-switching>
</family>
</unit>
</interface>
<interface>
<name>irb</name>
<unit>
<name>3010</name>
<family>
<inet>
<address>
<name>19.2.0.18/31</name>
</address>
</inet>
<inet6>
</inet6>
</family>
</unit>
</interface>
</interfaces>
<policy-options xmlns="http://yang.juniper.net/junos-es/conf/policy-options">
<policy-statement nc:operation="replace">
<name>INTO_INT_DN01</name>
<then>
<reject />
</then>
</policy-statement>
</policy-options>
<routing-instances xmlns="http://yang.juniper.net/junos-es/conf/routing-instances">
<instance nc:operation="replace">
<name>INT_DN01</name>
<instance-type>virtual-router</instance-type>
<interface>
<name>irb.3010</name>
</interface>
<protocols>
<bgp>
<group>
<name>sw</name>
<type>esternal</type>
<esport>SEND-DIRECT</esport>
<esport>SEND-STATIC</esport>
<neighbor>
<name>19.2.0.19</name>
<peer-as>4202200106</peer-as>
</neighbor>
</group>
</bgp>
</protocols>
<routing-options>
<instance-import>INTO_INT_DN01</instance-import>
<autonomous-system>
<as-number>4201200106</as-number>
</autonomous-system>
</routing-options>
</instance>
</routing-instances>
<vlans xmlns="http://yang.juniper.net/junos-es/conf/vlans">
<vlan nc:operation="replace">
<name>5gc-clustering-1</name>
<vlan-id>3010</vlan-id>
<l3-interface>irb.3010</l3-interface>
</vlan>
</vlans>
</configuration>
</nc:config>
And its exact representation in the inmanta language is the following:
import juniper_srx
import juniper_srx::chassis
import juniper_srx::chassis::aggregated_devices
import juniper_srx::interfaces
import juniper_srx::interfaces::interface
import juniper_srx::interfaces::interface::aggregated_ether_options
import juniper_srx::interfaces::interface::unit
import juniper_srx::interfaces::interface::unit::family
import juniper_srx::interfaces::interface::unit::family::ethernet_switching
import juniper_srx::interfaces::interface::unit::family::inet
import juniper_srx::policy_options
import juniper_srx::policy_options::policy_statement
import juniper_srx::routing_instances
import juniper_srx::routing_instances::instance
import juniper_srx::routing_instances::instance::protocols
import juniper_srx::routing_instances::instance::protocols::bgp
import juniper_srx::routing_instances::instance::protocols::bgp::group
import juniper_srx::routing_instances::instance::routing_options
import juniper_srx::vlans
import yang
device = juniper_srx::NetconfDevice(
mgmt_ip="127.0.0.1",
name="router",
yang_credentials=yang::Credentials(
username_env_var="NETCONF_DEVICE_USER",
password_env_var="NETCONF_DEVICE_PASSWORD",
),
)
juniper_srx::Chassis(
device=device,
aggregated_devices=juniper_srx::chassis::AggregatedDevices(
ethernet=juniper_srx::chassis::aggregated_devices::Ethernet(
device_count="1",
),
),
)
juniper_srx::Interfaces(
device=device,
interface=[
juniper_srx::interfaces::Interface(
name="ae3",
mtu="9000",
aggregated_ether_options=juniper_srx::interfaces::interface::AggregatedEtherOptions(
lacp=juniper_srx::interfaces::interface::aggregated_ether_options::Lacp(
active=true,
),
),
unit=juniper_srx::interfaces::interface::Unit(
name="0",
family=juniper_srx::interfaces::interface::unit::Family(
ethernet_switching=juniper_srx::interfaces::interface::unit::family::EthernetSwitching(
interface_mode="trunk",
vlan=juniper_srx::interfaces::interface::unit::family::ethernet_switching::Vlan(
members=["5gc-clustering-1"],
),
),
),
),
),
juniper_srx::interfaces::Interface(
name="irb",
unit=juniper_srx::interfaces::interface::Unit(
name="3010",
family=juniper_srx::interfaces::interface::unit::Family(
inet=juniper_srx::interfaces::interface::unit::family::Inet(
address=juniper_srx::interfaces::interface::unit::family::inet::Address(
name="19.2.0.18/31",
),
),
inet6=juniper_srx::interfaces::interface::unit::family::Inet6(),
),
),
),
],
)
juniper_srx::PolicyOptions(
device=device,
policy_statement=juniper_srx::policy_options::PolicyStatement(
name="INTO_INT_DN01",
then=juniper_srx::policy_options::policy_statement::Then(
reject=true,
),
),
)
juniper_srx::RoutingInstances(
device=device,
instance=juniper_srx::routing_instances::Instance(
name="INT_DN01",
instance_type="virtual-router",
protocols=juniper_srx::routing_instances::instance::Protocols(
bgp=juniper_srx::routing_instances::instance::protocols::Bgp(
group=juniper_srx::routing_instances::instance::protocols::bgp::Group(
name="sw",
type="esternal",
neighbor=juniper_srx::routing_instances::instance::protocols::bgp::group::Neighbor(
name="19.2.0.19",
peer_as="4202200106",
),
),
),
),
interface=juniper_srx::routing_instances::instance::Interface(
name="irb.3010",
),
routing_options=juniper_srx::routing_instances::instance::RoutingOptions(
instance_import=["INTO_INT_DN01"],
autonomous_system=juniper_srx::routing_instances::instance::routing_options::AutonomousSystem(
as_number="4201200106",
),
),
),
)
juniper_srx::Vlans(
device=device,
vlan=juniper_srx::vlans::Vlan(
name="5gc-clustering-1",
vlan_id="3010",
l3_interface="irb.3010",
),
)