Chapter 2. An introduction to ConfD

Network devices, such as routers, switches or gateways, need to be configured and monitored. A fair amount of software is embedded in these devices to facilitate configuration and monitoring. This software typically includes:

In addition, the IETF has developed a standard called NETCONF for automated configuration of network devices. NETCONF allows devices to expose an XML-based API that the network operator can use to set and get full and partial configuration data sets.

NETCONF solves several management problems that have been lacking standardized solutions. However, for an engineering organization with limited resources and a tight time schedule introducing/implementing NETCONF also poses a problem; a whole new management sub-system needs to be implemented and integrated with the other already existing management components, while time-to-market requirements remain unchanged.

Tail-f's ConfD is a device configuration toolkit meant to be integrated as a management sub-system in network devices, providing:

ConfD as sub-system on a network device

The following figure illustrates where ConfD would reside on, for example, a chassis-based router:

ConfD on a chassis-based router

ConfD executes as a regular Unix daemon on the target device, acting:

It also contains a built-in XML configuration database.

The following figure illustrates the overall architecture. The ConfD architecture is modular, with well-defined interfaces between sub-systems.

ConfD architecture

The NETCONF, SNMP, CLI and Web modules are Management Agents. These communicate with external managers, and provide the managers with a protocol-specific view of the system. The box labeled Other Agent is e.g. a GUI application or some other management protocol implementation. These other Agents use the Management Agent API (MAAPI) to talk to the Management Backplane.

The Management Backplane provides an hierarchical view of the configuration and status/statistics data through the Management Agent API. This API is a session-oriented read/write API to the hierarchical data, with transaction-like semantics.

Examples of operations in this interface are 'create-subtree', 'get-instance', 'set-instance'. This interface is used both when the configuration is stored in the built-in ConfD database, and when it is stored in an external database.

The Management Backplane authenticates incoming requests through an AAA (Authentication, Authorization, Accounting) plugin API. An AAA plugin authenticates users and authorizes their requests. ConfD comes with a built-in AAA plugin, which can be replaced by vendor specific code.

In order to actually read and write the device-native configuration data, the sessions in the Management Backplane use the Database Plugin API. A database plugin has to provide mapping from the hierarchical view of the data used in the management protocols, to the native view used by the management database.

The management database can either be the integrated management database - called CDB - or some other database. CDB is a light-weight fault-tolerant distributed XML database. CDB can be used in single or multi-node systems in master slave configuration. It handles updates to the database schema automatically.

The Managed Objects in the application use the Managed Object API to read their configuration from the ConfD management database. There is a also a subscription mechanism, which the Managed Objects can use to react on configuration changes.

ConfD provides language bindings for the callback oriented plugin interfaces in C and Java. In the figure above, the Database Plugin API and the AAA Plugin API are available in C and Java The normal function call oriented APIs are available as C or Java APIs.