Understanding the Session Protocol in Automation Scripts
SLAX and XSLT scripts can use the jcs:open() function to establish a connection
with a Junos device. The function includes an option to establish a session with either the
Junos XML protocol server on a Junos device or the NETCONF server on devices that have the
NETCONF service over SSH enabled.
The Junos XML management protocol is a Juniper Networks proprietary protocol that you use to request information from and configure Junos devices. The NETCONF XML management protocol is a standard that you use to request or change the configuration on network devices. The following RFCs define the NETCONF protocol:
-
RFC 6241, NETCONF Configuration Protocol
-
RFC 6242, Using the NETCONF Configuration Protocol over Secure SHell (SSH)
The jcs:open() function supports
the following session protocol types:
junoscript—(Default) Session with the Junos XML protocol server on a Junos device. This session type supports the operations defined in the Junos XML protocol and the Junos XML API. You can use the protocol operations and Junos XML API content to configure the device or request information about the device configuration or operation.netconf—Session with the NETCONF XML protocol server on a network device over an SSHv2 connection. The device must have NETCONF over SSH enabled.junos-netconf—Proprietary session with the NETCONF XML protocol server over an SSHv2 connection on a Junos device.
On Junos devices, the NETCONF server has the additional capabilities defined in
http://xml.juniper.net/netconf/junos/1.0. On these devices, the NETCONF
server supports NETCONF XML protocol operations, most Junos XML protocol operations, and the
tag elements defined in the Junos XML API. For netconf and
junos-netconf sessions, you should use only native NETCONF operations and
the extensions available in the Junos XML protocol for configuration operations as documented
in the NETCONF XML Management Protocol Developer Guide.
To call the jcs:open() function and specify the session protocol, use the
following syntax:
SLAX Syntax
var $connection = jcs:open(remote-hostname, session-options);
XSLT Syntax
<xsl:variable name="connection" select="jcs:open(remote-hostname, session-options)"/>
The session-options parameter is an XML node-set that specifies the session
type and connection parameters. The session type is one of the session values:
junoscript, netconf, or junos-netconf.
The format of the node-set is:
var $session-options := {
<method> ("junoscript" | "netconf" | "junos-netconf");
<username> "username";
<passphrase> "passphrase";
<password> "password";
<port> "port-number";
<instance> "routing-instance-name";
<routing-instance> "routing-instance-name";
} If you do not specify a username and it is required for the connection, the script uses the local
name of the user executing the script. The <passphrase> and
<password> elements serve the same purpose. If you do not specify a
passphrase or password element and it is required for authentication, the device to which you
are connecting should prompt you for one during script execution.
Devices running Junos OS Evolved support only password-less
login when establishing a local or remote connection using the jcs:open()
function. Junos OS Evolved does not support using an interactive password or supplying a
password as a function argument. To effect a local or remote connection, execute this
functionality by way of a password-less login or else the script could encounter
authentication issues.
Optionally, you can specify the server port number for netconf and
junos-netconf sessions. If you do not specify a port number,
jcs:open() connects to the NETCONF server using the default port 830.
Specifying a port number has no impact on junoscript sessions, which always
use SSH port 22.
To redirect the SSH connection to originate from within a specific routing instance, include
either the instance or routing-instance element and specify
the routing instance name. The routing instance must be configured at the [edit
routing-instances] hierarchy level. The remote device must be reachable either
using the routing table for that routing instance or from one of the interfaces configured
under that routing instance.
To verify the protocol for a specific connection, call the jcs:get-protocol(connection) extension
function and pass the connection handle as the argument. The function
returns “junoscript”, “netconf”, or “junos-netconf”,
depending on the session type.
During session establishment with a NETCONF server, the client application and NETCONF server
each emit a <hello> element. The <hello> contents
specify which operations, or capabilities, the device supports from among those defined in the
NETCONF specification or published as proprietary extensions. In netconf and
junos-netconf sessions, you can retrieve the session capabilities of the
NETCONF server by calling the jcs:get-hello(connection)
extension function.
For example, the NETCONF server on a typical device running Junos OS might return the following capabilities:
<hello>
<capabilities>
<capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
<capability>
urn:ietf:params:xml:ns:netconf:capability:candidate:1.0
</capability>
<capability>
urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0
</capability>
<capability>
urn:ietf:params:xml:ns:netconf:capability:validate:1.0
</capability>
<capability>
urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file
</capability>
<capability>http://xml.juniper.net/netconf/junos/1.0</capability>
<capability>http://xml.juniper.net/dmi/system/1.0</capability>
</capabilities>
<session-id>20826</session-id>
</hello>