Sorry, but I am not aware of any plans for Juniper to offer a PHP class for communicating to Junos in the near future. It may be on a longer term roadmap, but that is just conjecture.

I personally have written Python, Ruby, and Java implementations of NETCONF. It's actually quite easy. all JUNOS commands translate into XML. You need to create an SSH connection to the SRX using the subsystem of NETCONF. Once open you can then send XML commands and receive XML replies. Go ahead and test it right now using SSH. Simply enable NETCONF "set system services netconf ssh enable" (I may be wrong on the ssh enable but something close.

Then use the ssh command ssh user@device -s netconf. After authentication you will have access to the API. Writing the wrapper in a language isnt so hard. I typically create a class with the commands I want to use and then instantiate an object of that class and execute the methods to send commands.

The best place to start with the Raw API is here: http://www.juniper.net/techpubs/en_US/junos10.3/information-products/topic-collections/netconf-guide...

Hi JUNOSRob,

 

I think many of the networking folks may have a problem with all that XML staff and scripting, unless they do it every day for living. I used to write some non trivial perl scripts, like the python, but the CLI is my food. I'm sick if I have to read my old Perl code :-)

 

Great there are Day One Junos Automation Series booklets to start with !

 

So, it would be useful to have Python/Ruby/etc NETCONF libraries. Juniper blessed or open source. Yes I know there is old Perl code from Juniper but not everyone likes Perl.

I see many people I playing from NETCONF but I'm not aware of Python library/samples available on the net. Could you/anyone share some code ? That would reduce the slow start issue.

 

Btw. just for testing (or when I don't what to change the config) I used to start NETCONF/Junoscript directly from CLI:

 

 

admin@gw> junoscript netconf interactive
<!-- No zombies were killed during the creation of this user interface -->
<!-- user jtb, class j-super-user -->
<hello>
  <capabilities>
    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>
    <capability>http://xml.juniper.net/dmi/system/1.0</capability>
  </capabilities>
  <session-id>24596</session-id>
</hello>

[...]

 

at the end it will disconnect my SSH session to the router, so, as I said,  it's just for testing and manually crafted XML.

 

OK, it's not SRX specific, time to finish the post.

jtb 

Yeah that is one of the challenges with the JUNOS Automation infrastructure. It is a really powerful way to interact with the system, howerever it can be tough to pick up if you have never done it. I will be happy to look into the option of releasesing libraries for the various languages. I actually am considering writing a book on the subject. The book would talk about interacting with JUNOS in a programatic way. It would be really fun to write and then we could share the code so people could get started with it. What does everyone think about a book dedicated on the topic?

This is the basic code I have so far. I can get a successful login response.

 

So I really just need todo some more work on it and clean it up.

 

 

/*
	Firewall Settings
*/
$ip_address 	= '192.168.1.1';
$port		= '3221';
$username	= 'root';
$password	= 'password';


$command	= '
<?xml version="1.0" encoding="us-ascii"?>
	<junoscript version="1.0" hostname="" junos:key="" release="">
		<rpc>
			<request-login>
				<username>'.$username.'</username>
				<challenge-response>'.$password.'</challenge-response>
			</request-login>
		</rpc>
	</junoscript>
';

$fp = stream_socket_client("tcp://" . $ip_address . ':' . $port, $errno, $errstr, 30);
if (!is_resource($fp)) {
    echo "$errstr ($errno)<br />\n";
} else {
	stream_set_timeout($fp, 2);
    $out = $command;
    fwrite($fp, $out);
	$result = '';
    while (!feof($fp)) {
       $temp_result = fgets($fp, 128);
	   if ($temp_result == NULL) {
			break;
	   }
	   $result .= $temp_result;
    }
    fclose($fp);
}
print_r($result);

 

 

Hi JUNOSRob,

 

Yes, the JUNOS Automation infrastructure is powerful, sometimes overwhelming for starters (and for JWeb on small SRXs ..)

 

Libraries/code snippets  - would be great to see.

 

Book - great idea ! As a ex-software engineer who converted to networking years ago I'm the first one to read it and find the typos, I need it in January   

 

NETCONF is not Juniper only; Cisco has it in some products (with more or less success), so it could be useful for the-others too.

jtb

Hi mwdmeyer,

 

good to see some code ! Thanks. I guess you are using system services xnm-clear-text. It's Junoscript dialect. The real problem is to make it easy to send/decode the XML/NETCONF. Hand made XML does scale well, we need libraries.

jtb

 

 

Yep that is correct. NETCONF is an open standard and I wish there would be wider adoption.

 

I will talk with my current publisher (O'Reilly) about the book idea. It could be a great project to do early next year. I would love my next project to be in the style of the CouchDB book (http://guide.couchdb.org/). This way people can get up to the minute updates on the book without having to wait the 6 month (or more) production schedule. I was thinking of doing a multilingual book as in it would show examples across multiple languages. I mean its all pretty close in implementation. The Java stuff that I wrote wasn't too far off the Python code. If that was the case what languages do you think would be worth while to do?

 

Because the divide between networking engineers and programmers is so large I would like to make a very solid bridge for the two to cross. I was thinking about starting something like the Alice project (http://www.alice.org/) for the creation of an easy to use GUI to allow anyone to get into automation. Imagine a drag and drop method of programing. Maybe its a bit ambitious but it is something that I have been discussing with management. Tools are only as powerful as they are accessible. The more accessible the more empowered everyone can be.