Knowledge Search


×
 

[MX] Configuration tag visible when both RFC and YANG compliants are configured for NETCONF

  [KB35131] Show Article Properties


Summary:

When the yang-compliant knob is configured simultaneously with the rfc-compliant knob on MX Series routers, hidden commands are created with a configuration tag even though they should not be visible.

This article explains that the solution for the issue is to configure only one compliance knob as per requirement.

Symptoms:

When NETCONF is configured with the rfc-compliant and yang-compliant knobs simultaneously, the system will respond with a configuration tag even though the tag should not be visible. However, when the yang-compliant knob is removed, the output is corrected and the hidden command is shown under the undocumented tag and the configuration tag is not seen.

Request

<rpc>
    <get-config>
        <source><running/></source>
        <filter type="subtree">
            <configuration>
                <firewall>
                </firewall>
            </configuration>
        </filter>
    </get-config>
</rpc>

Configuration

set system services netconf rfc-compliant yang-compliant ssh
set firewall disable-arp-policers <<< Hidden command

Response

<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<nc:data>
<configuration xmlns="http://yang.juniper.net/yang/1.1/jc/configuration/junos/17.3R1.8" junos:commit-seconds="1569504845" junos:commit-localtime="2019-09-26 06:34:05 PDT" junos:commit-user="regress">
    <firewall>
    </firewall>
</configuration> <<<<< That output will be visible even though it shouldn't be there.
</nc:data>
</nc:rpc-reply>

Configuration

set system services netconf rfc-compliant ssh

Response

<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<nc:data>
<configuration xmlns="http://yang.juniper.net/yang/1.1/jc/configuration/junos/17.3R1.8" junos:commit-seconds="1569504986" junos:commit-localtime="2019-09-26 06:36:26 PDT" junos:commit-user="regress">
    <firewall>
        <undocumented><disable-arp-policers/></undocumented>
    </firewall>
</configuration>
</nc:data>
</nc:rpc-reply>

Configuration

set system services netconf yang-compliant ssh

Response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/17.3R1/junos">
<data>
<configuration xmlns="http://xml.juniper.net/xnm/1.1/xnm" junos:commit-seconds="1569505422" junos:commit-localtime="2019-09-26 06:43:42 PDT" junos:commit-user="regress">
    <firewall>
    </firewall>
</configuration>
</data>

 
Cause:

The above demonstrated interpretation is as per Junos OS design.

Solution:

Depending on the desired outcome, one of the session compliance knobs should be chosen. The possible outputs for the different options are shown above.

Related Links: