RESTCONF

RESTCONF provides a means to programmatically interact with a device – in a model-based, machine-consumable, easy to understand and standards-based way. RESTCONF is defined by an RFC as of the time of the IOS-XE 16.3 release. RESTCONF is described by the IETF Draft located here

As of IOS-XE 16.3, RESTCONF is available in the code, but as of yet not supported by Cisco-TAC. The CLI is also hidden from the parser. The structure of data exchanged using the RESTCONF interface is defined (in advance) using YANG models. Management systems using YANG can directly access managed resources in a single operation. Familiar REST verbs are included with RESTCONF, like GET, POST, PUT, PATCH, etc.

For background on model based management, please see Model-Based Management Introduction.

Prerequsites

16.3

The introduction of IOS-XE 16 on your specific network device is outside the scope of this user-guide (to enable model-based interfaces). For platform requirements and how-to guides to successfully load IOS-XE 16 on your network device, please see the Cisco IOS XE Denali Migration Guide for Access and Edge Routers

Authentication

RESTCONF connections should be authenticated using AAA credentials. RADIUS, TACACS+ or local users defined with privilege level 15 access are allowed. AAA impacts other systems, such as administrator access to the CLI. Here is a lab configuration example from an ISR-4451 using local credentials (without any AAA enabled):

                                
                                username admin privilege 15 secret cisco123
                            

Please consult ISE documentation to insure users and network-device policies are correctly setup for backend AAA.

Credentials must be contained in the running configuration and the privilege level setting must be 15, else any connection for model-based interfaces to the device will fail.

HTTP/HTTPS

RESTCONF runs over HTTP or HTTPS. The following commands must be enabled to support RESTCONF over the respective ports:

                                

                                    ip http server
                                    ip http secure-server

                                

The choice between HTTP and HTTPS can be indirectly controlled from the commands above. Further, both commands are enabled by default in IOS-XE 16.3.

Addressing and Ports

In 16.3, RESTCONF listens on any IP address assigned to the system. RESTCONF operates on port 80 or 443 when enabled, and uses HTTP and/or HTTPS for transport.

Feature Commands

The CLI command to enable RESTCONF is displayed below:

                                

                                    restconf

                            

Once enabled via CLI, all supported operations may be governed through model interfaces, including optional settings for RESTCONF configuration and operational data settings.

Is it really that easy?

Yes, it is that easy. You are now up and operational on port 80 and/or 443. Happy coding!