Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syslog messages forwarding hld #72

Open
wants to merge 236 commits into
base: master
Choose a base branch
from
Open

syslog messages forwarding hld #72

wants to merge 236 commits into from

Conversation

suresh-rupanagudi
Copy link
Collaborator

No description provided.

seiferteric and others added 30 commits July 29, 2019 20:29
Includes changes from Sachin, Arun and Partha.
Added text and images for the Transformer section of the HLD.
The first reversion was pushed by accident.
This reverts commit 308a985.
Updated GNMI information
Updated the overall architecture diagram to reflect the addition of the Transformer component.
* Put document in DRAFT state
* Made changes throughout to account for Transformer module
* MIscellaneous fixes for typos
…an image that did not add much in the gnmi section
* Concurrent Access via Redis CAS transactions
* Added support for Subscribe API in translib
update the transformer section with the latest progress
bhavini-gada and others added 25 commits January 15, 2020 23:15
HLD: show/clear ip/ipv6 arp/neighbors
add initial version of data VRF HLD in mgmt framework
Mgmt framework HLD update for CVL enhancements
Add REST API versioning details to HLD
* Update Mgmt framework HLD for CLI/Transformer enhancements
respect to OpenAPI 3.0 upgrade
* Update gNMI sections
* Address comments
Updated mgmt-framework to include details with
Updated HLD for show ip arp vrf support
Change PortChannel Creation command

```
sonic(config)# logging server host 10.59.142.126
sonic(config)# logging server host 10.59.143.28 source-ip 10.10.10.1 vrf-name Vrf1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add remote-port configuration in KLISH?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it's already added but with wrong description, please correct it.

sonic(config)# logging server host 1::1
remote-port RADIUS server's authentication port
source-ip Source ip address
vrf-name VRF to use

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the CLI command syntax and examples.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use source-interface instead of source-ip to match behavior of various NOS vendors today? we're planning to migrate to source-interface instead source-ip for other IP services as well.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sonic(config)# logging server host 1::1 vrf-name
Name of VRF (Max size 32, (mgmt, or prefixed by Vrf_)

Vrf name cant be 32, please follow other vrf-name syntax and fix accordingly.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remote host should accept "Hostname" as well for configuration, please make the change.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for 2 and 3) we will take care.
for 4)I think source-ip is better. Even if we use source interface, we have to get its ip address and use it as source-ip while sending out packtes. What if interface has more than one ipadddress?. What logic should be followed to choose ip?. this makes more complex. For simplicity source-ip is better. I think ask from customer also source-ip.
5) We will take care.
6)Not sure radius/tacacs uses hostname. If other clients uses we will also follow.

Copy link
Collaborator

@venkatmahalingam venkatmahalingam May 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. source interface is better from user perspective that's what IS-CLI follows, yes, internally we have to take the IP address from the source interface and use it for IP services. why do you expect more than one IPv4/IPv6 address on an interface that we want to use for any IP services, we can discuss in the email.

  2. I've added the changes for radius/tacacs already, please add the same for logging server.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll ask Jose (PLM) to comment on 4) further.


RESTCONF-APIs are supported for following yang models

openconfig-system-logging.yang
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide REST URI CRUD and get examples.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Swagger UI can be used for REST uri and examples.

--------------------------------------------------------------------------------
10.59.136.33 514 10.10.10.1 -
10.59.142.126 514 - -
10.59.143.28 514 10.10.10.1 Vrf1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we test rsyslog on non-default VRF?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we already support mgmt-vrf which is non default-vrf



#### 3.6.2.4 IS-CLI Compliance
KLISH Based cli
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the CLIs are not IS-CLI complaint, please see below for IS-CLI examples,
ct-ms-arista(config)#logging ?
host Set syslog server IP address and parameters
source-interface Use IP Address of interface as source IP of log messages

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is IS-CLI?. cisco, brocade also follows this. Also as per yang source interface and vrf is per server

Copy link
Collaborator

@venkatmahalingam venkatmahalingam May 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as per IS-CLI, source interface suppose to be global resource not to be tied with server configuration, I'll start a email thread to clarify this.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As per logging yang "openconfig-system-logging.yang" source interface is per server.
I feel this is better than global one.

Copy link
Collaborator

@venkatmahalingam venkatmahalingam May 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see CISCO/Arista follow source interface at the global level for all IP services but in OC, I see few services follow source IP at the global level and few services follow at the server level, this is confusing when it comes to complaint with IS-CLI, Dell PLM reached out to BRCM PLM for this, hope we'll sort out this soon.

| | +--rw host? oc-inet:host
| | +--rw source-address? oc-inet:ip-address
| | +--rw remote-port? oc-inet:port-number
| | +--rw oc-sys-ext:vrf-name? string
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do leafref to network-instance name (/oc-netinst:network-instances/network-instance/config/name) not string..also...I suggest to use network-instance..instead of vrf....OC model follow network-instance convention.

Copy link
Collaborator Author

@suresh-rupanagudi suresh-rupanagudi May 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this is required? vrf instance can be created after configuring syslog server with vrf.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, if we dont have any dependency on VRF for configuration, then it's fine.



```
sonic(config)# no logging server host 10.59.143.28
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need both "server" & "host" keyword, shall we just use server?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

server to tell that its remote server configuration
host is for ipaddress as we are following param=val syntax

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest to either follow "logging server "ip" or logging host "ip" but not logging server host "ip" syntax to be align with IS-CLI.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure what is IS-CLI?. Cisco nexus uses "logging server host".

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following is the CISCO nexus CLI command. There is a "IS_CLI compilance" section in the HLD, please update that section.
switch(config)# logging server ?
A:B::C:D|WORD Hostname/IPv4/IPv6 address of the Remote Syslog Server

# 9 Unit Test

1)Verify add/delete syslog server configuration using KLISH cli and make sure that /etc/rsyslog.conf is updated accordingly

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add test cases for syslog configuration in default & mgmt & non-default VRFs.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will add for mgmt and user defined VRFs

# About this Manual
This document provides general information about the configuration of remote syslog server using management framework
# Scope
This document describes the REST-API, KLISH, VRF and source-ip support for remote syslog server based on OpenConfig yang model.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scope is not to test via gNMI interface? not planning to enhance Click commands for the new options?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gNMI also supported. no plan to extended click unless comes from PM.

### Table 1: Abbreviations
| **Term** | **Meaning** |
| -------- | ------------------------- |
| VRF | Virtual router forwarding |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use "Virtual routing and forwarding".

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will take care

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.