Call Home Server
The yangcli-pro program supports the IETF NETCONF Call Home feature defined in RFC 8071.
Call Home for NETCONF over SSH Port Assignment:
Service Name: netconf-ch-ssh Port Number: 4334 Transport Protocol(s): TCP Description: NETCONF Call Home (SSH) Assignee: IESG <[email protected]> Contact: IETF Chair <[email protected]> Reference: RFC 8071
Call Home for NETCONF over TLS Port Assignment:
Service Name: netconf-ch-tls Port Number: 4335 Transport Protocol(s): TCP Description: NETCONF Call Home (TLS) Assignee: IESG <[email protected]> Contact: IETF Chair <[email protected]> Reference: RFC 8071
A server implementing Call Home will initiate the TCP connection for a NETCONF session to a pre-configured manager (e.g., yangcli-pro), which will start a normal SSH session for NETCONF, but using the incoming TCP connection instead of creating a new connection.
In Call Home Server mode, yangcli-pro will listen for incoming TCP connections on its Call Home port.
There must be pre-configured user or session entries for yangcli-pro to accept an incoming Call Home session.
Call Home Configuration
The following CLI parameters are available to Call Home configuration:
--callhome-address (default 0.0.0.0)
--callhome-enabled (default false)
--callhome-port (default 4334)
--callhome-tls-port (default 4335)
--callhome-user (no default)
This feature has to be enabled by setting --callhome-enabled=true in the configuration or command line.
If the default listen address (all IPv4 addresses) is not desired, then the --callhome-address parameter must be configured.
If the default TCP port number (4334) is not desired for NETCONF over SSH, then the --callhome-port parameter must be set.
If the default TCP port number (4335) is not desired for NETCONF over TLS, then the --callhome-tls-port parameter must be set.
One or more named sessions may be configured to use address-specific session configuration. The “session-cfg save” command can be used to save a current session. This mode requires the client to be able to connect to the desired server.
Zero or more named user entries can be be designated a “callhome-user” entry. The “user-cfg save” command can be used to create a suitable user entry. Then the --callhome-user parameter is set to the user-cfg name. In this mode the client does not need to connect to the desired server first, but the user and credentials need to be pre-configured on the NETCONF server in advance.
The success of a callhome-user entry is tracked for each server address attempting a connection.
If the first callhome-user entry has failed when a server attempts to reconnect, then that entry will be skipped and the next entry will be attempted.
The failed server list cannot be cleared at this time. The program must be restarted to clear the failed server mappings for each callhome-user.
Refer to the --callhome-user CLI parameter section for more details
It is not possible to attempt multiple users or connection attempts on the same TCP connection. This is a security feature built into the transport protocols.
Call Home Accept Session Procedure
If --callhome-enabled=true then yangcli-pro will listen for callhome sessions.
When an incoming call home connection is received, yangcli-pro will attempt to start a new NETCONF session in the following manner:
The source IP address is checked against the IP address of any named session configurations. If a match is found, that session will be used. If it is already in use then the incoming session will be rejected.
For yp-client applications, it is possible that a callhome user-select callback has been registered. If so, then the callback will be invoked with the server address. The callback will do 1 of 3 things
Reject the session so it will be dropped without a connection attempt
Return the callhome-user entry to use for a connection attempt
Return no callhome-user so proceed to step 3 as if no callback was invoked
If no matching IP address session entry found, then check if any callhome-user entries are configured. If so, find the first entry that has not failed for this address, then create a temporary session using the user-cfg data and the incoming address information for the server configuration.
If no callhome-user entry is configured then the incoming connection is dropped