Build the Next-Generation Data Center
6 week online course starting in spring 2017

Survey: Vendor NETCONF and REST API Support

Time for another fill-in-the-blanks survey: how many vendors support NETCONF and/or REST API in their data center switches, routers, firewalls and load balancers?

Please help me complete the tables by writing a comment – and do keep in mind that it only counts if it’s documented in a public configuration guide on vendor’s web site.

Also, I’m not aware of any vendor using standard NETMOD YANG models. If someone does, please let me know.

The pure XML column indicates whether the box returns all information in real XML format as opposed to text printout in an XML envelope.

Updates to the blog post:

  • 2015-10-29: Data Center Switches and Routers tables updated based on feedback from Nitzan, Johannes, Unknown and Martin. Thank you!
  • 2015-10-31: Updates based on feedback from Anonymous, Oliver, and Erop. Thank you!

Data Center Switches

Vendor

NETCONF

Pure XML?

REST API

Arista

No

Yes

Brocade VDX

Yes

?

Yes

Cisco NX-OS

Yes

Most?

?

Dell Force10

?

Yes

HP

Yes

?

Juniper

Yes

Yes

Yes

Updates:

  • Junos 14.2 has REST API, it’s coming to QFX switches in 14.1X53-D35;
  • Dell Force10 has REST API;
  • HP Comware switches have NETCONF support;

Routers

Vendor

NETCONF

Pure XML?

REST API

Alcatel Lucent

Yes

?

Brocade MLX

Yes

?

Cisco IOS / IOS XE

Yes

Some

No

Cisco CSR 1000V

Yes

Some

Yes (JSON)

Cisco IOS XR

Yes

?

Juniper

Yes

Yes

Yes

Updates:

  • IOS XR has NETCONF;
  • REST API is only available on CSR 1000V, not on IOS or IOS XE in general;
  • Juniper MX routers have REST API in Junos release 15.1;
  • Brocade MLX routers and ALU routers have NETCONF support;

Firewalls and load balancers

Information on load balancers and firewalls highly appreciated – please write a comment.

20 comments:

  1. About NX-OS, you should distinguish 3K, 4K/5K/6K, 7K and 9K ... because they have very different support about Netconf and API ...

    Sincerely yours, Mathieu.

    ReplyDelete
  2. There's also another way to programmatically control devices - using ssh-controlled execution environment (e.g. ability to run arbitrary python code) locally on the switch. I think nexi, arista and juniper all support that.

    ReplyDelete
    Replies
    1. Arista used to support that sort of thing with a low level api, but now they have unified things against the rest api. This means that while you can run a python program locally on the switch, you're just talking to the same rest api.

      (This is a good thing, it means anything you can do on the switch, you can do remotely, and vice versa)

      Delete
  3. IOS-XR has netconf support (test it in a lab on vXR )
    http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-3/security/configuration/guide/b-syssec-cg53x-crs/Implementing_the_Network_Configuration_Protocol.html

    Juniper MX has rest API
    http://www.juniper.net/documentation/en_US/junos14.2/information-products/pathway-pages/rest-api/rest-api.html#overview

    Nitzan

    ReplyDelete
  4. F5 has a REST API for versions 11.x and up (I think it starts with 11.0, but definitely in place for 11.5). Not sure about netconf or xml.

    ReplyDelete
  5. Cisco supports a REST API on their ASA 55xx-X and ASAv firewall platforms: http://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html
    http://www.cisco.com/c/dam/en/us/td/docs/security/asa/api/asapedia_rest_api.pdf

    I've installed it on our 5585-Xs and it seems to be working, but I haven't had time to do anything useful with it.

    ReplyDelete
  6. Cisco REST API Support:
    Cisco ISE (XML)
    Cisco ACS (XML)
    Cisco ASA > 9.3(2) (JSON)
    Cisco CSR 1000V (JSON)
    Cisco ASR1001-X, ASR1002-X (JSON)
    Cisco Nexus 1000V (XML)
    Cisco Nexus 9000 (JSON, XML)
    APIC (JSON, XML)

    You cannot say that in general NX-OS or IOS-XE supports REST API - it heavily depends on the platform

    ReplyDelete
  7. f5 BIG-IP has two remote APIs under the iControl brand name:

    iControl SOAP: Released in version 4.1.1 (way back in 2003)
    api reference: https://devcentral.f5.com/wiki/icontrol.apireference.ashx


    iControl REST: Released in version 11.5 (EA in 11.4)
    api reference: https://devcentral.f5.com/wiki/iControlREST.HomePage.ashx

    user guide 11.4: https://devcentral.f5.com/d/icontrol-rest-user-guide?download=true
    user guide 11.5: https://devcentral.f5.com/d/icontrol-rest-user-guide-version-1150?download=true
    user guide 11.6: https://devcentral.f5.com/d/the-user-guide-for-the-icontrol-rest-interface-in-big-ip-version-1160?download=true
    user guide 12.0: https://devcentral.f5.com/d/the-user-guide-for-the-icontrol-rest-interface-in-big-ip-version-120?download=true

    ReplyDelete
  8. Juniper supports all three: Netconf, XML, REST API: All apart of JUNOS
    Wanted to complete the chart. : )

    https://www.juniper.net/techpubs/en_US/junos15.1x49/information-products/topic-collections/netconf-guide/netconf-guide.pdf

    https://www.juniper.net/techpubs/en_US/junos15.1x49/information-products/topic-collections/junos-xml-management-protocol-guide/junos-xml-management-protocol-guide.pdf

    https://www.juniper.net/techpubs/en_US/junos15.1/information-products/pathway-pages/rest-api/rest-api.html

    -Rich

    ReplyDelete
  9. Dell S-Networking (former Force10) with FTOS supports REST API, you can find details online in "Dell Networking Open Automation Guide September 2015" at

    http://www.dell.com/support/Manuals/us/en/19/Topic/force10-open-automation/OA_9.9.0.0_CLI_Config_Pub-v1/en-us/GUID-42809B97-40C0-4624-946A-A8BE703EE8E7

    -Martin

    ReplyDelete
  10. Palo Alto Firewalls:
    https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/technical-documentation/pan-os-61/XML-API-6.1.pdf

    Kemp Load Balancers:
    https://support.kemptechnologies.com/hc/en-us/articles/203863435-RESTful-API

    ReplyDelete
  11. McAfee's Firewall NG (Was Stonegate) has a REST API to the management Centre
    https://kc.mcafee.com/corporate/index?page=content&id=PD25999

    Brocade's virtual ADC (Was Riverbed SteelApp) also has a REST API
    Brocade's ADX Load Balancers (ServerIron) have a SOAP XML API
    http://www1.brocade.com/downloads/documents/html_product_manuals/SIADX_12500_XAPG/wwhelp/wwhimpl/js/html/wwhelp.htm#href=API_Title.01.1.html

    --Paul

    ReplyDelete
  12. HP Comware (H3C) switches support NETCONF
    http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S12500_Series_Switches/Command/Command/H3C_S12500_CR-Release7328-6W730/12/201402/817898_1285_0.htm

    ReplyDelete
  13. Ivan

    From the documentation it looks that for Juniper the rest API is for MX (routers ) and not for QFX (switches )

    Nitzan

    ReplyDelete
    Replies
    1. Hi Nitzan,

      QFX does support REST API’s but due to a known issue (PR/1073572) in 14.1X53 REST requests to the QFX are accepted; however, you get nothing back.

      This bug has been fixed in 14.1X53-D35, which should be released soon. (14.1X53-D30 is the current release for all QFX, except the QFX10002 which runs 15.1X53)

      Hope this helps,

      Delete
  14. Olivier Cahagne29 October, 2015 20:40

    Hi Ivan, may I suggest VMware NSX for vSphere, using RESTful APIs:
    http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_api.pdf

    ReplyDelete
  15. Juniper has a rest API support as of 15.1. Alcatel-Lucent has partial NETCONF support and it is improving as of C-13 TimOS almost full support.

    ReplyDelete
  16. Hi,

    Brocade MLX routers support NETCONF, not sure about the rest.

    ReplyDelete
  17. Citrix Netscaler has a REST API. I believe it was introduced in firmware version 9.2 approximately 6 years ago.

    http://www.citrix.com/go/citrix-developer/netscaler-developer-community/nitro-sdk.html

    http://docs.citrix.com/en-us/netscaler/11/nitro-api.html

    ReplyDelete
  18. Refer to http://www.slideshare.net/cmoberg/a-30minute-introduction-to-netconf-and-yang
    NETCONF vendors:
    Alaxala – Ethernet switches
    Juniper Networks - JUNOS 7.5 and later
    BATM/Telco Systems –T-Metro 7224
    Nexor - Messaging Gateways
    BigBand - MSP2800
    RuggedCom - RX5000 and MX5000
    Brocade
    - NetIron XMR, CES, and CER
    - MLX Series
    - VDX (Announced, not released)
    Sonus - NBS5200 Session Border Controller
    Taseon - TN 320
    Cisco
    - IOS 12.4(9)T and later
    - IOS XE 2.1 and later

    Verivue - MDX 9020
    Edgeware - WTV-2X
    Ericsson - SEA 20
    H3C presentation - S9500E Series Routing Switches P
    Huawei - AR3200/2200 Enterprise Routers

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.