No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NETCONF YANG API Reference

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

NETCONF YANG API Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DSVPN

DSVPN

Data Model

The data model files matching the DSVPN tunnel are huawei-tunnel.yang and huawei-dsvpn.yang.

Table 3-1096 DSVPN tunnel

Object

Description

/ietf-interfaces:interfaces/interface/huawei-tunnel:tunnel

Indicates that the operation request (creating, deleting, and modifying) object is the Tunnel interface. It is a root object, which is only used to contain sub-objects, but does not have any data meaning.

/ietf-interfaces:interfaces/interface/name

Indicates the Tunnel interface name.

/ietf-interfaces:interfaces/interface/iana-if-type:type

Indicates the Tunnel interface type.

/ietf-interfaces:interfaces/interface/huawei-tunnel:tunnel/tunnel-type

Indicates the tunnel protocol of the Tunnel interface.

By default, the tunnel encapsulation type is none, indicating that protocols are not encapsulated.

/ietf-interfaces:interfaces/interface/huawei-tunnel:tunnel/source-address

Indicates the Tunnel source address. The value is in dotted decimal notation.

/ietf-interfaces:interfaces/interface/huawei-tunnel:tunnel/source-interface

Indicates the Tunnel source interface.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp

Indicates that the operation request (creating, deleting, and modifying) object is the NHRP on the DSVPN Tunnel interface. It is a root object, which is only used to contain sub-objects, but does not have any data meaning.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:network-id

Indicates that the NHRP domain is configured for a local mGRE interface. By default, the local mGRE interface belongs to NHRP domain 0. The value is an integer ranging from 1 to 4294967295.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry-multicast-dynamic

Indicates that the dynamically registered branches are added to the NHRP multicast member table. Configure this parameter on the Hub.

  • true: This function is enabled.
  • false: This function is disabled.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:shortcut-enable

Indicates that the NHRP shortcut function is enabled.Configure it on the Spoke only when the DSVPN uses the shortcut mode.

  • true: This function is enabled.
  • false: This function is disabled.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:redirect-enable

Indicates that the NHRP redirect function is enabled.Configure it on the Hub only when the DSVPN uses the shortcut mode.

  • true: This function is enabled.
  • false: This function is disabled.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:unique-enable

Indicates that the device to override conflicting NHRP peer entries during NHRP registration. Configure the parameter on the Spoke.

  • true: This function is enabled.
  • false: This function is disabled.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-regiseter-interval

Indicates that the interval at which a spoke registers with the hub. The value is an integer that ranges from 5 to 31845, in seconds. The default value is 1800 seconds.

Configure the parameter on the Spoke.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry-holdtime

Indicates that the aging time of NHRP peer entries. The value is an integer that ranges from 5 to 31845, in seconds. The default value is 7200 seconds.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:dynamic-entry-track-hub-entry

Indicates that the dynamic NHRP mapping table of a Spoke is associated with the Hub status. This parameter needs to be configured on a Spoke.

  • true: The dynamic NHRP mapping table of a Spoke is associated with the Hub status.
  • false: The dynamic NHRP mapping table of a Spoke is not associated with the Hub status.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry

Indicates that the operation request (creating, deleting, and modifying) object is the NHRP address mapping entry. It is a root object, which is only used to contain sub-objects, but does not have any data meaning. Configure the parameter on the Spoke.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry/huawei-dsvpn:protocol-address

Indicates the Tunnel interface address of an NHRP peer. The value is in dotted decimal notation.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry/huawei-dsvpn:nbma-address

Indicates the public IP address or domain name of the NHRP peer.

  • Public IP address: The value is in dotted decimal notation.
  • domain name: The value is a string of 1 to 255 case-sensitive characters without spaces.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:nhrp-entry/huawei-dsvpn:register

Indicates a branch registered with the headquarters, so that the headquarters generates an NHRP peer mapping entry for the branch.

  • true: This function is enabled.
  • false: This function is disabled.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:authentication

Indicates that the operation request (creating, deleting, and modifying) object is the authentication of the DSVPN Tunnel interface. It is a root object, which is only used to contain sub-objects, but does not have any data meaning.

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp/huawei-dsvpn:authentication/huawei-dsvpn:authentication-text

Indicates the authentication string for NHRP negotiation. The value is a string of 1 to 8 case-sensitive characters. The value can contain special characters except the question mark (?) and space.

/huawei-dsvpn/dsvpn-monitor

Indicates that the operation request object is the dsvpn-monitor. It is a root object, which is only used to contain sub-objects, but does not have any data meaning.

/huawei-dsvpn/dsvpn-monitor/dsvpn-entries

Indicates the DSVPN tunnel information in returning to data monitoring.

Configuring a DSVPN Tunnel

This section provides a sample of configuring a DSVPN tunnel using the merge method. You can also configure a DSVPN tunnel using the create method.

Table 3-1097 Configuring a DSVPN tunnel

Operation

XPATH

edit-config:merge

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp

Data Requirements
Table 3-1098 Configuring a DSVPN tunnel on the Hub

Item

Data

Description

Tunnel interface name

Tunnel0/0/22

Create Tunnel0/0/22, and set the IP address to 10.1.1.1, mask length to 24, tunnel encryption mode to mgre, and tunnel source address to 2.1.1.1.2. Add dynamically registered branches to the NHRP multicast member table, and set the NHRP authentication string to huawei@1.

IP address

10.1.1.1/24

Tunnel protocol of the tunnel interface

mgre

Tunnel source address

2.1.1.2

Adding dynamically registered branches to the NHRP multicast member table

true

NHRP authentication string

huawei@1

Table 3-1099 Configuring a DSVPN tunnel on the Spoke

Item

Data

Description

Tunnel interface name

Tunnel0/0/22

Create Tunnel0/0/22, and set the IP address to 10.1.1.2, mask length to 24, tunnel encryption mode to mgre, and tunnel source address to 1.1.1.2. Set the tunnel interface address and public IP address of an HNRP peer to 10.1.1.1 and 2.1.1.2, respectively, enable a branch office to register at the headquarters, and set the NHRP authentication string to huawei@1.

IP address

10.1.1.2/24

Tunnel protocol of the tunnel interface

mgre

Tunnel source address

1.1.1.2

Tunnel interface address of an NHRP peer

10.1.1.1

Public IP address of the NHRP peer

2.1.1.2

Enabling a branch office to register at the headquarters

true

NHRP authentication string

huawei@1

Request Example

On the hub:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>Tunnel0/0/22</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:tunnel</type>
     <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
      <address>
       <ip>10.1.1.1</ip>
       <netmask>255.255.255.0</netmask>
      </address>
     </ipv4>
     <tunnel xmlns="urn:huawei:params:xml:ns:yang:huawei-tunnel">
      <tunnel-type>mgre</tunnel-type>
      <source-address>2.1.1.2</source-address>
      <nhrp xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn" xc:operation="merge">
       <nhrp-entry-multicast-dynamic>true</nhrp-entry-multicast-dynamic>
       <authentication>
        <authentication-text>huawei@1</authentication-text>
       </authentication>
      </nhrp>
     </tunnel>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
]]>]]>

On the spoke:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>Tunnel0/0/22</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:tunnel</type>
     <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
      <address>
       <ip>10.1.1.2</ip>
       <netmask>255.255.255.0</netmask>
      </address>
     </ipv4>
     <tunnel xmlns="urn:huawei:params:xml:ns:yang:huawei-tunnel">
      <tunnel-type>mgre</tunnel-type>
      <source-address>1.1.1.2</source-address>
      <nhrp xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn" xc:operation="merge">
       <nhrp-entry>
        <protocol-address>10.1.1.1</protocol-address>
        <nbma-address>2.1.1.2</nbma-address>
        <register>true</register>
       </nhrp-entry>
       <authentication>
        <authentication-text>huawei@1</authentication-text>
       </authentication>
      </nhrp>
     </tunnel>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
]]>]]>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <ok/>
</rpc-reply> 

Modifying the Configuration of a DSVPN Tunnel

This section provides a sample of modifying the configuration of a DSVPN tunnel using the replace method based on the DSVPN tunnel configured in the preceding section.

Table 3-1100 Modifying the configuration of a DSVPN tunnel

Operation

XPATH

edit-config:replace

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp

Data Requirements
Table 3-1101 Modifying the configuration of a DSVPN tunnel on the Hub

Item

Data

Description

Tunnel interface name

Tunnel0/0/22

Modify the NHRP authentication string of Tunnel0/0/22 to huawei@2.

IP address

10.1.1.1/24

Tunnel protocol of the tunnel interface

mgre

Tunnel source addresss

2.1.1.2

Adding dynamically registered branches to the NHRP multicast member table

true

NHRP authentication string

huawei@2

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>Tunnel0/0/22</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:tunnel</type>
     <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
      <address>
       <ip>10.1.1.1</ip>
       <netmask>255.255.255.0</netmask>
      </address>
     </ipv4>
     <tunnel xmlns="urn:huawei:params:xml:ns:yang:huawei-tunnel">
      <tunnel-type>mgre</tunnel-type>
      <source-address>2.1.1.2</source-address>
      <nhrp xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn" xc:operation="replace">
       <nhrp-entry-multicast-dynamic>true</nhrp-entry-multicast-dynamic>
       <authentication>
        <authentication-text>huawei@2</authentication-text>
       </authentication>
      </nhrp>
     </tunnel>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
]]>]]>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <ok/>
</rpc-reply> 

Deleting a DSVPN Tunnel

This section provides a sample of deleting a DSVPN tunnel using the remove method.

Table 3-1102 Deleting a DSVPN tunnel

Operation

XPATH

edit-config:remove

/ietf-interfaces:interfaces/ietf-interfaces:interface/huawei-tunnel:tunnel/huawei-dsvpn:nhrp

Data Requirements
Table 3-1103 Deleting a DSVPN tunnel on the Hub

Item

Data

Description

Tunnel interface name

Tunnel0/0/22

Deleting the IP address to 10.1.1.1, mask length to 24, tunnel encryption mode to mgre, and tunnel source address to 2.1.1.2. Add dynamically registered branches to the NHRP multicast member table, and set the NHRP authentication string to huawei@2.

IP address

10.1.1.1/24

Tunnel protocol of the tunnel interface

mgre

Tunnel source address

GigabitEthernet1/0/0

Adding dynamically registered branches to the NHRP multicast member table

true

NHRP authentication string

huawei@2

Request Example
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <edit-config>
  <target>
   <running/>
  </target>
  <error-option>rollback-on-error</error-option>
  <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
   <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface>
     <name>Tunnel0/0/22</name>
     <type xmlns:iana="urn:ietf:params:xml:ns:yang:iana-if-type">iana:tunnel</type>
     <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip" xc:operation="remove">
      <address>
       <ip>10.1.1.1</ip>
       <netmask>255.255.255.0</netmask>
      </address>
     </ipv4>
     <tunnel xmlns="urn:huawei:params:xml:ns:yang:huawei-tunnel" xc:operation="remove">
      <tunnel-type>mgre</tunnel-type>
      <source-address>2.1.1.2</source-address>
      <nhrp xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn" xc:operation="remove">
       <nhrp-entry-multicast-dynamic>true</nhrp-entry-multicast-dynamic>
       <authentication>
        <authentication-text>huawei@2</authentication-text>
       </authentication>
      </nhrp>
     </tunnel>
    </interface>
   </interfaces>
  </config>
 </edit-config>
</rpc>
]]>]]>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="DEVICECONFIG_358a8397cf4449d487cec927992185e1">
 <ok/>
</rpc-reply> 

Checking DSVPN Tunnel Information

This section provides a sample of checking the DSVPN tunnel monitoring information using the get method. You need to deliver a DSVPN tunnel for tunnel negotiation in advance.

Table 3-1104 Checking the DSVPN tunnel monitoring information

Operation

XPATH

get

/huawei-dsvpn/dsvpn-monitor

Request Example
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1001" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter type="subtree">
<dsvpn-monitor xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn"></dsvpn-monitor>
</filter>
</get>
</rpc>
]]>]]>
Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1001">
<data>
 <dsvpn-monitor xmlns="urn:huawei:params:xml:ns:yang:huawei-dsvpn">
  <dsvpn-entries>
   <interface-name>Tunnel0/0/22</interface-name>
    <nhrp-entries>
     <protocol-address>10.1.1.1</protocol-address>
     <protocol-address-mask-length>32</protocol-address-mask-length>
     <protocol-address-nexthop>10.1.1.1</protocol-address-nexthop>
     <nbma-address>2.1.1.2</nbma-address>
     <entry-type>static</entry-type>
     <create-time>2017-03-29T00:02:03+00:00</create-time>
   </nhrp-entries>
  </dsvpn-entries>
 </dsvpn-monitor>
</data>
</rpc-reply>                                                     
]]>]]>   
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100022096

Views: 9559

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next