Posted on July 18, 2019 11:39 am
 |  Asked by Mateusz Jenek
 |  157 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hi!

I configured netconf and it’s working, but now i want to configure restconf. To do this I was following this release note: https://eos.arista.com/openconfig-4-20-2-1f-release-notes/ but after that it works only from switch. (I can’t do requests from outside like in netconf). I have tried to add ACL but it didn’t help. I have no idea why in netstat restconf appears in tcp6. I’m working on vEOS on VirtualBox

1
Posted by Tamas Plugor
Answered on July 18, 2019 11:44 am

Hi Mateusz,

You have to permit the port on the control plane and not on the management restconf.If you haven’t done it already, you have to create a new ACL, because the default control plane ACL cannot be modified and add your extra permit rule there (recommended to copy the existing permit/deny rules from the default cp-acl)
Also, don’t be confused if you see tcp6 in the output, that’s expected, as AF_INET6 works for both IPv4 and IPv6 as per RFC 3493.

Thanks,
Tamas

I made something different. I set restconf port 443 (https), which is permited in standard ACL.
But It still isn’t working. Requests from release note always return: [400] “Not Found”.
Only /.well-known/host-meta works

(Mateusz Jenek at July 18, 2019 2:01 pm)

I’m not convinced that should work, because 443 is used by eAPI, better to choose another port, or use the default 6020 and permit that in the cp-acl

(Tamas Plugor at July 18, 2019 2:38 pm)

I did what you suggested, now it’s set on port 6020, but still It didn’t change anything. Maybe it’s working, but i make requests wrong. For testing i use:
https://ip:6020/restconf/system/state/hostname
and it returns: Not found

if I try to make a wrong request for example by deleting /restconf:
https://ip:6020/system/state/hostname
It returns: 404 page not found

(Mateusz Jenek at July 19, 2019 7:37 am)

Can you try /restconf/data/system/state/hostname ? Afaik you need to put ‘data’ after ‘restconf’ and then put the openconfig path as described in rfc 8040 E.g this gets interface ethernet1

https://ip:6020/restconf/data/interfaces/interface=Ethernet1

I’ve tested the above a while ago, and worked fine, should work for system state hostname too

(Tamas Plugor at July 19, 2019 11:30 am)

Yes, it works. Thanks you so much. Is it mean that I should put always /data after /restconf in requests?

(Mateusz Jenek at July 19, 2019 11:35 am)

I believe so, yes! Based on RFC 8040 there are 3 possibilities, excerpt from chapter 3.3

YANG tree diagram for an API resource:

+—- {+restconf}
+—- data
| …
+—- operations?
| …
+–ro yang-library-version string

so you can have:
/restconf/data/
/restconf/operations
/restconf/yang-library-version

I haven’t checked the other two, but I’d say most of the time you’d use /data

(Tamas Plugor at July 23, 2019 9:51 pm)

Post your Answer

You must be logged in to post an answer.