Lab - Use RESTCONF to Access an IOS XE Device

Objectives

• Part 1: Test the connectivity to Cisco Sandbox IOS-XE device
• Part 2: Configure an IOS XE Device for RESTCONF Access
• Part 3: Open and Configure Postman
• Part 4: Use Postman to Send GET Requests
• Part 5: Use Postman to Send a PUT Request
• Part 6: Use a Python Script to Send GET Requests
• Part 7: Use a Python Script to Send a PUT Request

Background / Scenario

The RESTCONF protocol provides a simplified subset of NETCONF features over a RESTful API. RESTCONF allows you to make RESTful API calls to an IOS XE device. The data that is returned by the API can be formatted in either XML or JSON. In the first half of this lab, you will use the Postman program to construct and send API requests to the RESTCONF service that is running on the Catalyst 8000v router. In the second half of the lab, you will create Python scripts to perform the same tasks as your Postman program.

Required Resources

• 1 PC with an operating system, VS Code, and Python installed
• Internet Connectivity to the Cisco DevNet Sandbox

Instructions

Part 1: Verify Connectivity

In this Part, you will launch the Cisco DevNet Sandbox and establish a secure shell (SSH) connection to the device.

Launch the Sandbox

Follow these steps carefully to set up your sandbox environment.

1. Visit Cisco DevNet Sandbox Portal: Open your web browser and navigate to https://developer.cisco.com/sandbox.html. Choose a login option that is convenient for you.
2. Sign In to Your Cisco Account: After successful authentication, you'll be redirected to the DevNet Sandbox catalog page.
3. Filter for "Always-On" Sandboxes: To find labs that are readily available, click the Labels filter button and check the box next to Always-On.
4. Search for "Catalyst 8000" Device: In the search bar, type Catalyst 8000. The "Catalyst 8000 Always-On Sandbox" should appear.
5. Launch the Sandbox: On the sandbox tile, click the Launch button.
6. Configure & Launch Environment: A "Launch Form" will appear. You can leave the defaults and click Review Summary, then Launch Environment.
7. Wait for Sandbox to Prepare: Once prepared, you'll be taken to the "Operation Hub". This page contains crucial information about your environment.

   The "Operation Hub" shows the status and credentials to access the device. The "Instructions" tab on the right provides access details, including the host/device address and ports.

8. Copy Device Access Information: In the "Operation Hub", find and copy the device's username, password, and Public URL / Hostname. Note the ports for RESTCONF (443), NETCONF (830), and SSH (22). We'll use SSH first.
9. Login Using PuTTY (Windows):
   • Open PuTTY.
   • Enter the Public URL in the "Host Name" field.
   • Set Port to 22.
   • Ensure Connection type is SSH and click Open.
   • Enter your credentials when prompted.

   On the first login, PuTTY may show a security alert about the server's host key. It is safe to click "Accept" or "Yes".

10. Login Using Terminal (Linux/WSL/macOS):
    • Open your terminal.
    • Run the SSH command, replacing placeholders with your details: ssh username@your_sandbox_public_url -p 22
    # Example ssh apoorv@devnetsandboxiosxec8k.cisco.com -p 22
    • If asked to verify the host, type yes. Enter your password when prompted.

Part 2: Configure an IOS XE Device for RESTCONF Access

In this Part, you will configure the router to accept RESTCONF messages. Note: These services may already be running on the sandbox router, but these are the commands to enable them.

1. Verify that the RESTCONF daemons are running.

   Use the show platform software yang-management process command. The nginx daemon may show as "Not Running".

   Cat8k# show platform software yang-management process confd : Running nesd : Running syncfd : Running ncsshd : Running dmiauthd : Running nginx : Not Running ndbmand : Running pubd : Running
2. Enable the RESTCONF service.

   If needed, enter global configuration mode and issue the restconf command. This will start the required daemons, including nginx.

   Cat8k# configure terminal Cat8k(config)# restconf Cat8k(config)# exit
3. Enable and verify the HTTPS service.

   Enter the following global configuration commands to enable the HTTPS server and specify that server authentication should use the local database.

   Cat8k# configure terminal Cat8k(config)# ip http secure-server Cat8k(config)# ip http authentication local Cat8k(config)# exit

   Verify that nginx is now running using the show command again.

   Cat8k# show platform software yang-management process ... nginx : Running ...

Part 3: Open and Configure Postman

In this Part, you will open Postman and disable SSL certificate verification.

1. Open Postman: Launch the Postman application. You can skip signing in if prompted.
2. Disable SSL certificate verification:
   • Go to File > Settings.
   • Under the General tab, set the SSL certificate verification to OFF.
   • Close the Settings dialog box.

Part 4: Use Postman to Send GET Requests

In this Part, you will use Postman to send a GET request to the router to verify connectivity to the RESTCONF service.

1. Create a new request: Click the plus sign (+) to open a new request tab.
2. Enter the URL for the router:
   • Ensure the request type is set to GET.
   • In the "Enter request URL" field, type the base URL for the RESTCONF service: https:///restconf/
3. Enter authentication credentials:
   • Click the Authorization tab.
   • For Type, choose Basic Auth.
   • Enter the sandbox Username and Password.
4. Set JSON as the data type:
   • Click the Headers tab.
   • Add a new key/value pair: Key is Accept and Value is application/yang-data+json.

   When using the GET method, you only need the Accept header. The Content-Type header is used for requests that send data in the body, like PUT or POST.

5. Send the API request: Click Send. You should see a JSON response verifying the connection is working.
   { "ietf-restconf:restconf": { "data": {}, "operations": {}, "yang-library-version": "2019-01-04" } }
6. Get information for all interfaces:
   • Duplicate your previous request tab.
   • Append data/ietf-interfaces:interfaces to your URL.
   • Click Send. You will see a JSON response listing all interfaces on the router.
7. Get information for a specific interface:

   GigabitEthernet1 is the management interface connected to the SANDBOX VM. Do not change or edit this interface, as it may lead to a loss of connectivity to the device.

   • Duplicate your last request.
   • First, configure an IP on an unused interface like GigabitEthernet3 via your SSH session so we can query it.
   Cat8k# conf t Cat8k(config)# interface g3 Cat8k(config-if)# ip address 192.168.100.100 255.255.255.0 Cat8k(config-if)# no shutdown Cat8k(config-if)# end
   • Now, modify the Postman URL to request data for only this interface by appending /interface=GigabitEthernet3 to the URL.
   • Click Send. You will get a JSON response with details for only that interface. You will use this format in the next step.

Part 5: Use Postman to Send a PUT Request

In this Part, you will configure Postman to send a PUT request to create a new loopback interface.

1. Duplicate and modify the last request:
   • Duplicate your last tab.
   • Change the request type from GET to PUT.
   • Change the interface in the URL to interface=Loopback1.
2. Configure the body of the request:
   • Click the Body tab and select the raw option.
   • In the Headers tab, add a Content-Type key with the value application/yang-data+json.
   • Return to the Body tab and paste the following JSON data. This defines the new interface.
   { "ietf-interfaces:interface": { "name": "Loopback1", "description": "My first RESTCONF loopback", "type": "iana-if-type:softwareLoopback", "enabled": true, "ietf-ip:ipv4": { "address": [ { "ip": "111.111.111.111", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": {} } }
3. Send the PUT request: Click Send. The HTTP response code should be Status: 201 Created.
4. Verify the interface was created: Return to your SSH session and enter show ip interface brief. You should see your new Loopback1.

Part 6: Use a Python Script to Send GET Requests

In this Part, you will create a Python script to send GET requests to the router.

1. Create the directory and script file:
   • In VS Code, create a new file named restconf-get.py.
   • Enter the following code to import required modules and disable SSL warnings:
   import json import requests requests.packages.urllib3.disable_warnings()
2. Create the variables for the request: Add these variables to your script.
# URL for the RESTCONF API endpoint api_url = "https:///restconf/data/ietf-interfaces:interfaces" # Headers for the request headers = { "Accept": "application/yang-data+json", "Content-type":"application/yang-data+json" } # Basic authentication credentials basicauth = ("cisco", "cisco123!")
3. Send the request and store the response: Use the requests.get() method.
resp = requests.get(api_url, auth=basicauth, headers=headers, verify=False) print(resp)
4. Format and display the JSON data: Convert the response to a Python dictionary and print it in a readable format.
response_json = resp.json() print(json.dumps(response_json, indent=4))
5. Save and run the script: From your terminal, run python3 restconf-get.py. You should see followed by the pretty-printed JSON output of all interfaces.

Part 7: Use a Python Script to Send a PUT Request

In this Part, you will create a Python script to send a PUT request to create another new loopback interface.

1. Create the script file: Create a new file named restconf-put.py. Add the initial imports as before.
2. Create the request variables: Define the URL, headers, authentication, and the YANG data for the new interface. Note the URL targets a new interface, Loopback2.
api_url = "https:///restconf/data/ietf-interfaces:interfaces/interface=Loopback2" headers = { "Accept": "application/yang-data+json", "Content-type":"application/yang-data+json" } basicauth = ("cisco", "cisco123!") # Note: Boolean 'True' must be capitalized in Python yangConfig = { "ietf-interfaces:interface": { "name": "Loopback2", "description": "My second RESTCONF loopback", "type": "iana-if-type:softwareLoopback", "enabled": True, "ietf-ip:ipv4": { "address": [ { "ip": "222.222.222.222", "netmask": "255.255.255.0" } ] }, "ietf-ip:ipv6": {} } }
3. Send the PUT request and handle the response: Use the requests.put() method and add logic to check the response code.
resp = requests.put(api_url, data=json.dumps(yangConfig), auth=basicauth, headers=headers, verify=False) if(resp.status_code >= 200 and resp.status_code <= 299): print("STATUS OK: {}".format(resp.status_code)) else: print('Error. Status Code: {} \nError message: {}'.format(resp.status_code,resp.json()))
4. Save, run, and verify: Run python3 restconf-put.py. You should see STATUS OK: 201. Verify the creation of Loopback2 on the router with show ip interface brief.

Programs Used in this Lab

restconf-get.py

restconf-put.py