[How-To] Evaluate an Enterprise Network Orchestration & Automation Platform

25/05/2026

Why vendor lock-in still dominates procurement.

Most enterprise network teams do not set out to achieve full vendor lock-in.

It accumulates through years of individually reasonable purchasing decisions. You buy the best switch for this data center, the best SD-WAN appliance for that branch, and a cloud networking product that ships with its own controller.

Before long, your operations team manages four separate orchestration tools, none of which talk to each other, without custom integration work.

Vendor-agnostic orchestration platforms exist to solve this directly: a single control plane that manages physical hardware, virtual functions, SDN overlays, and cloud-native workloads through standardized interfaces.

Enterprise SONiC helps this effort as well. A Linux-based, community-driven NoS, now deployed by organizations like Alibaba or Verizon, growing at 20% year-over-year, across 520+ contributing organizations.

But adopting open networking without the right orchestration layer trades one problem for another. You escape proprietary lock-in, only to drown in manual, error-prone CLI configuration.

This guide aimes to give infrastructure and network operations a framework for comparing platforms, before committing.

[First of all] Scope of Fabric Control

The first question is straightforward:

Does the platform actually manage the devices you already own, and does it do so across their full operational lifecycle rather than just initial provisioning?

Day 0 configuration is obvious. Evaluate what the platform does on Day 2 and beyond: VXLAN segment management, switchport VLAN mappings, MC-LAG device pair configuration, VRF and DHCP relay management, and global fabric settings like RADIUS, SNMP, and NTP pushed uniformly across the entire fabric. A platform that covers only initial setup forces your team back to CLI for routine operations.

SandWork addresses this as a core design principle. Its Day 2+ fabric configuration covers VXLAN network segments, switchport mappings, MC-LAG pairs, PortChannel and LoopBack settings, port breakout and MTU, all orchestrated from a single interface across multi-vendor white-box hardware from Edgecore, Dell, Celestica, Micas, and Broadcom.

The full checklist is:

  • Full Day 2+ configuration scope (segmentation, port settings, global fabric parameters)
  • Multi-vendor hardware validation (not just theoretical support)
  • MC-LAG and device-pair management
  • VXLAN/EVPN overlay orchestration

[Step 2] Intent vs. State

Configuration drift is one of the most persistent sources of outages in enterprise data centers.

Devices get manually adjusted during incident response, OS upgrades introduce state changes. Within weeks, the actual network state diverges from what your orchestration layer believes is deployed.

Evaluate whether the platform models intent separately from state and continuously reconciles the two. A platform that only pushes configurations without tracking whether they persist, provides false confidence.

You want automated detection of deviations, clear notification of discrepancies, and guided remediation, whether that is a configuration push, override, or documented exception, not a manual audit process.

SandWork's intent remediation compares intended configuration against real-time operational state via gNMI telemetry. When it detects drift, it surfaces the discrepancy and prompts corrective action.

Integrity verification runs across the entire fabric, not device-by-device. Snapshots, on-demand or scheduled, capture operational state for comparison and rollback reference.

Verify if the orchestrator does this:

  • Separate modeling of intended vs. actual state
  • Automated drift detection with notification
  • Guided remediation workflow (push/override/ignore)
  • On-demand and scheduled configuration snapshots
  • gNMI or equivalent real-time telemetry collection

[Step 3] Brownfield Integration & Legacy Infrastructure

A platform that only works cleanly on freshly staged devices is a greenfield tool sold into a brownfield world.

Most enterprise environments have existing data center deployments that cannot be reprovisioned from scratch.

Evaluate specifically how the platform imports and manages current infrastructure.

Can it discover an existing deployment's topology and pull it into the orchestration model without manual re-entry?

Can it validate that the imported design matches what is actually deployed?

For teams running mixed environments, the adapter layer for legacy devices matters as much as the core orchestrator.

SandWork's brownfield capability imports a data center's existing design topology and configuration directly into its management layer. The verification engine then validates that the deployed architecture matches the imported intent before the platform takes any remediation action.

Topology export allows teams to derive templated topologies from existing deployments, which can then serve as blueprints for new sites or expansions, removing the need to design from scratch each time.

Do not forget to check if these are present:

  • Automated import of existing topology and configuration
  • Post-import verification against actual deployment
  • Topology export and templating for replication
  • Greenfield and brownfield support from the same platform

[Step 4] Device Lifecycle Management

Network operations teams spend an ungodly amount of time on device onboarding, OS upgrades, and hardware replacement - tasks, that are largely manual in environments without proper orchestration.

At scale, this becomes the primary operational bottleneck.

Evaluate, whether the platform covers the full device lifecycle: onboarding via Zero Touch Provisioning, staged OS upgrades with rollback capability, device swap without manual reconfiguration, and formal decommissioning workflows.

Staged upgrades are particularly important. A platform that can only upgrade all devices simultaneously, is an operational liability in production environments.

SandWork's lifecycle management covers the complete arc. The staging process handles onboarding and decommissioning with validation at each step.

OS upgrades are staged across defined device groups, support multiple SONiC versions, and include warm boot capability to maintain configuration persistence across the upgrade boundary.

Device swap facilitates seamless hardware replacement without manual reconfiguration of the replacement unit. This is the operational layer that determines whether SONiC adoption remains cost-effective at scale.

The hardware savings of white-box networking disappear quickly when specialized CLI engineers are needed, to manage every device individually.

Checklist:

  • Zero Touch Provisioning (ZTP) for new devices
  • Staged, tailorable OS upgrade process with rollback
  • Warm boot support for configuration persistence
  • Formal device staging and decommissioning workflows
  • Device swap/replacement without manual reconfiguration

[Step 5] Observability & Assurance

Automation amplifies both correct decisions and incorrect ones.

A platform that can push a misconfiguration across 500 devices in a single transaction is a risk multiplier - without proper guardrails.

Evaluate the full assurance layer:

  • pre-commit validation
  • network-wide transaction management with rollback
  • post-change state verification
  • continuous health monitoring
  • cable and LLDP verification
  • validating physical topology against intent,

All of these can catch cabling errors that old-school configuration management misses. Audit logs matter for compliance and for post-incident analysis.

SandWork's network-wide transactions orchestrate configuration distribution across all required devices with validation and the option to commit or roll back as a single operation.

The cable and LLDP check discovers and validates physical topology against intent. Health checks verify connectivity for both new deployments and existing ones, with error notifications for diagnosis.

Topology change alerting surfaces connectivity loss, device failures, and failover conditions in real time. All operations generate an activity audit log.

Checklist:

  • Network-wide transaction management with commit/rollback
  • Pre-commit validation
  • Cable and LLDP topology verification
  • Real-time topology change alerting
  • Health checks for new and existing deployments
  • Activity and transaction audit log

[Step 6] Security

Orchestration platforms sit at the control plane of your entire fabric.

The security model is not a secondary consideration.

Evaluate, whether the platform implements Zero Trust throughout, not just at the perimeter. Role-based access control (RBAC) should be granular enough to model organizational roles, not just admin vs. read-only.

Device authentication should require client certificates before a device is promoted to operational status. API verification should be bidirectional. Integration with enterprise AAA infrastructure (RADIUS) should be native, not bolted on.

SandWork implements Zero Trust as a foundational principle. Every individual and virtual role interacting with the system requires authentication, and API verification is like-for-like.

RBAC enables granular permission assignment with RADIUS/AAA integration. Client authentication certificates gate device promotion to operational status.

Integrity verification continuously confirms that all devices operate under verified, policy-compliant configurations.

Checklist:

  • Zero Trust framework across all access boundaries
  • Granular RBAC with organizational role modeling
  • RADIUS/AAA integration
  • Client certificate-based device authentication
  • Continuous integrity verification across the fabric

[Step 7] Integration Surface and Scalability

A platform that creates lock-in through proprietary APIs or closed data models simply moves the problem. Evaluate northbound API coverage, OpenAPI compliance, and existing integrations with IPAM, OSS/BSS, and CI/CD toolchains. Verify that the platform is architecturally capable of managing your target scale before a contract is signed.

SandWork exposes programmatic access through an OpenAPI framework for integration with third-party tools and systems, including VMware NSX for hybrid environments.

The platform is production-proven at scale: it currently manages over 6,000 mission-critical devices across multiple data centers.

Capacity planning continuously updates physical and virtual inventories across the fabric, providing current visibility into resource availability, as the environment grows.

Checklist:

  • OpenAPI / REST northbound interface
  • gNMI subscription-based telemetry
  • OSS/BSS integration capability
  • VMware NSX support (for hybrid environments)
  • Documented production scale reference (device count, topology complexity)
  • Capacity planning and inventory management

[Putting It Together] A Scoring Framework

Run each candidate platform through these six criteria. Score each checklist item as fully met (2), partially met (1), or not met (0). Weight criteria by your specific environment: if brownfield integration is the primary constraint, it carries more weight than greenfield lifecycle management. The numerical score matters less than making the tradeoffs visible before a contract is signed.

Bring both your network architects and your operations engineers into the evaluation. Architects focus on topology models and protocol coverage. Operations engineers care about Day 2 workflows, rollback behavior, and how the platform behaves during a P1 incident at 2 a.m. Both perspectives surface deficiencies the other misses.

Furthermore

PANTHEON.tech built SandWork specifically to address the operational gap in SONiC enterprise data center deployments, providing the orchestration and management layer that makes open networking viable at production scale. If you are evaluating enterprise network automation tools and want to discuss architecture specifics or run a proof of concept, contact our team.

Network management tooling has a habit of lagging behind the hardware it is supposed to control.

You upgrade your switches to 400G, your AI training cluster generates telemetry at a rate SNMP was never designed to handle, and you are still polling every 60 seconds, waiting for a response. gNMI (gRPC Network Management Interface) fixes this. PANTHEON.tech contributed a native gNMI plugin to OpenDaylight, and you can now wire it into Java applications.

This guide covers the architecture, the code, and a full walkthrough for running the controller against a local gNMI device simulator.

Why gNMI belongs in your stack

gNMI runs on gRPC, which means HTTP/2 and Protocol Buffers. Three properties make it worth the migration:

Binary framing over Protobuf eliminates NETCONF's XML verbosity, cutting payload size and CPU cost at both ends.

Streaming telemetry via the Subscribe RPC shifts the model from polling to push: the device sends state the moment something changes. Three modes exist: STREAM for continuous high-frequency data, ON_CHANGE for event-driven notifications (a link going down, a buffer overflowing), and SAMPLE for periodic snapshots.

Atomic Set operations make configuration changes transactional: either the entire config applies, or none of it does, eliminating the partial-state failures that break SNMP-based automation.

In AI training clusters, a buffer overflow during a training run costs hours of compute. A polling interval of 60 seconds means the problem sits undetected.

The OpenDaylight gNMI Plugin

PANTHEON.tech, as the largest contributor to OpenDaylight's codebase, built and upstreamed the gNMI plugin to the opendaylight/gnmi repository. The plugin provides:

  • gNMI Southbound: a gRPC client that manages connections to gNMI-capable devices and handles Capabilities, Get, and Set RPCs.
  • RESTCONF Northbound: all gNMI operations are exposed via standard RESTCONF over HTTP/JSON, so your automation tooling does not need to speak gRPC.
  • MD-SAL integration: the plugin translates the binary gRPC world into OpenDaylight's Model-Driven Service Abstraction Layer, making device data available as YANG-modelled datastore entries.

The canonical deployment vehicle for the plugin is the lighty-rcgnmi-app, which this guide uses throughout.

Solving the Karaf problem with lighty.io

Standard OpenDaylight ships as an Apache Karaf OSGi container. Karaf is powerful, but carries a real operational cost: startup can take several minutes, memory use is high, and dependency resolution degrades as the module count grows.

lighty.io is an SDK that runs ODLs core components (MD-SAL, YANG Tools, the global schema context) in a plain Java SE environment, without an OSGi container. Startup drops from minutes to seconds. The memory footprint shrinks enough to fit Kubernetes deployments and microservice architectures comfortably.

To use the gNMI plugin inside Karaf, the opendaylight/gnmi repository ships a runnable Karaf distribution. For microservices, containers, or fast local iteration, use lighty.io.

Architecture overview

                ┌────────────────────────────────────────────┐
                │           lighty-rcgnmi-app (JVM)          │
                │                                            │
                │  ┌───────────────┐   ┌──────────────────┐  │
HTTP/JSON  ───► │  │   RESTCONF    │──►│  lighty.io       │  │
                │  │   Northbound  │   │  Controller      │  │
                │  └───────────────┘   │  (MD-SAL, YANG)  │  │
                │                      └────────┬─────────┘  │
                │                               │            │
                │                      ┌────────▼─────────┐  │
                │                      │  gNMI Southbound │  │
                │                      │  (gRPC client)   │  │
                └──────────────────────┴────────┬─────────┴──┘  
                                                │ gRPC/TLS
                                       ┌────────▼─────────┐
                                       │  gNMI Device     │
                                       │  (router/switch/ │
                                       │   simulator)     │
                                       └──────────────────┘

RESTCONF requests arrive at the northbound, traverse MD-SAL, and the southbound plugin translates them to gNMI GetRequest or SetRequest. Device data flows back the same path in reverse.

Prerequisites

  • Java 21 or later
  • Maven 3.9.5 or later
  • curl (or Postman/Bruno)
  • Linux-based system (for the bash commands in the simulator setup)

Building the RCgNMI application

Clone the lighty repository and build the full project. The initial build downloads the ODL artifact set, so expect a few minutes on first run.

git clone https://github.com/PANTHEONtech/lighty.git
cd lighty
mvn clean install

To build only the RCgNMI application and its dependencies, use the partial build flag:

mvn clean install -pl lighty-applications/lighty-rcgnmi-app-aggregator/lighty-rcgnmi-app -am

The build produces a self-contained .zip distribution at:

lighty-applications/lighty-rcgnmi-app-aggregator/lighty-rcgnmi-app/target/lighty-rcgnmi-app-<version>-bin.zip

Running the test application with the nuilt-in simulator

The fastest way to validate the setup is to run the RCgNMI controller alongside the bundled gNMI device simulator. The simulator starts with pre-configured OpenConfig state and config data, and communicates over TLS.

Step 1 - Start the RCgNMI Controller

cd lighty-examples/lighty-gnmi-community-restconf-app

# Unzip the controller
unzip ../../lighty-applications/lighty-rcgnmi-app-aggregator/lighty-rcgnmi-app/target/lighty-rcgnmi-app-24.0.0-SNAPSHOT-bin.zip

# Start with the pre-prepared example config
java -jar lighty-rcgnmi-app-24.0.0-SNAPSHOT/lighty-rcgnmi-app-24.0.0-SNAPSHOT.jar -c example_config.json

A successful start prints a log line like:

INFO [main] (RCgNMIApp.java:98) - RCgNMI lighty.io application started in 10.10 s

The RESTCONF API listens on port 8888. Default credentials are admin / admin.

Step 2 - Start the gNMI device simulator

Open a second terminal:

cd lighty-examples/lighty-gnmi-community-restconf-app

unzip ../../lighty-modules/lighty-gnmi/lighty-gnmi-device-simulator/target/lighty-gnmi-device-simulator-24.0.0-SNAPSHOT-bin.zip

java -jar lighty-gnmi-device-simulator-24.0.0-SNAPSHOT/lighty-gnmi-device-simulator-24.0.0-SNAPSHOT.jar \
  -c simulator/simulator_config.json

The simulator listens on port 10161.

Step 3 - Add TLS certificates to the keystore

The controller stores TLS credentials in MD-SAL, keyed by a keystore-id. Load the example certificates bundled with the use-case:

curl --request POST 'http://127.0.0.1:8888/restconf/operations/gnmi-certificate-storage:add-keystore-certificate' \
  --header 'Content-Type: application/json' \
  --data-raw "{
      \"input\": {
          \"keystore-id\": \"keystore-id-1\",
          \"ca-certificate\": \"$(cat certificates/ca.crt)\",
          \"client-key\": \"$(cat certificates/client.key)\",
          \"client-cert\": \"$(cat certificates/client.crt)\"
      }
  }"

If your private key has a passphrase, add "passphrase": "your-passphrase" to the input. The controller encrypts the key material using ODL's AAA encryption service before storing it.

Step 4 - Connect the simulator to the controller

Add the simulator as a node in gnmi-topology:

curl --request PUT 'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "node": [
          {
              "node-id": "gnmi-simulator",
              "connection-parameters": {
                  "host": "127.0.0.1",
                  "port": 10161,
                  "keystore-id": "keystore-id-1",
                  "credentials": {
                      "username": "admin",
                      "password": "admin"
                  }
              },
              "extensions-parameters": {
                  "gnmi-parameters": {
                      "use-model-name-prefix": true
                  }
              }
          }
      ]
  }'

When the mount point is established, the controller logs:

INFO [gnmi_executor-1] (GnmiMountPointRegistrator.java:52) - Mount point for node gnmi-simulator created
INFO [gnmi_executor-0] (GnmiNodeListener.java:105) - Connection with node Uri{_value=gnmi-simulator} established successfully

Step 5 - Check vonnection dtatus

curl --request GET \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator'

Look for "node-status": "READY" in the response. If the connection failed, a failure-details field explains why.

CRUD Operations over RESTCONF → gNMI

Once a device's mount point is READY, RESTCONF requests targeting its path translate to gNMI operations. The mapping is:

HTTP Method gNMI Operation Notes
GET GnmiGet Returns CONFIG + STATE merged by default
PUT/POST GnmiSet (update/replace) Replaces the target resource
PATCH GnmiSet (update) Merges into the existing resource
DELETE GnmiSet (delete) Removes the target path

A GET without a content query parameter triggers two underlying gNMI requests, one CONFIG and one STATE, and the controller merges the responses. To target one explicitly, append ?content=config or ?content=nonconfig.

Reading device state

Get all interface data from the connected simulator:

curl --request GET \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator/yang-ext:mount/openconfig-interfaces:interfaces'

Get authentication configuration from the config datastore:

curl --request GET \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator/yang-ext:mount/openconfig-system:system/aaa/authentication?content=config'

Writing configuration

Replace the authentication config on the device:

curl --request PUT \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator/yang-ext:mount/openconfig-system:system/aaa/authentication' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "openconfig-system:authentication": {
          "config": {
              "authentication-method": [
                  "openconfig-aaa-types:TACACS_ALL"
              ]
          }
      }
  }'

Patching (merging) configuration

Append a new authentication method without overwriting existing ones:

curl --request PATCH \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator/yang-ext:mount/openconfig-system:system/aaa/authentication/config' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "openconfig-system:config": {
          "authentication-method": [
              "openconfig-aaa-types:RADIUS_ALL"
          ]
      }
  }'

Deleting configuration

curl --location --request DELETE \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator/yang-ext:mount/openconfig-system:system/aaa/authentication/config'

Disconnecting a device

curl --request DELETE \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator'

Loading YANG models for schema context

Before the gNMI southbound creates a mount point for a device, it builds a schema context: a complete picture of which YANG models the device implements. The gNMI Capabilities response provides model names and versions, but not their content. You need to supply the actual YANG files separately.

You have two options:

Option A — at startup via configuration file. Add a gnmi block to your configuration.json:

{
  "gnmi": {
    "initialYangsPaths": [
      "/path/to/yang/models/folder"
    ],
    "initialYangModels": [
      {
        "nameSpace": "http://openconfig.net/yang/interfaces",
        "name": "openconfig-interfaces",
        "revision": "2021-04-06"
      }
    ]
  }
}

Option B — at runtime via RPC. Upload a model to a running instance (escape the quotes inside the body):

curl --request POST 'http://127.0.0.1:8888/restconf/operations/gnmi-yang-storage:upload-yang-model' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "input": {
          "name": "openconfig-interfaces",
          "semver": "2.4.3",
          "body": "YANG_MODEL_CONTENT_WITH_ESCAPED_QUOTES"
      }
  }'

If a device does not report all its capabilities in the Capabilities response (a common issue with devices that use augmenting models), use force-capability in the connection request to override what the controller uses:

curl --request PUT \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=my-device' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "node": [
          {
              "node-id": "my-device",
              "connection-parameters": {
                  "host": "192.168.1.100",
                  "port": 9090,
                  "connection-type": "INSECURE"
              },
              "extensions-parameters": {
                  "force-capability": [
                      {"name": "openconfig-if-ethernet", "version": "2.6.2"},
                      {"name": "openconfig-if-ip",       "version": "2.3.1"}
                  ]
              }
          }
      ]
  }'

Connection types

Three connection modes exist:

TLS (recommended) — add certificates to the keystore first, then reference the keystore-id in the connection request (shown in Steps 3 and 4 above).

INSECURE — skips TLS certificate validation. Equivalent to the --skip-verify flag in gnmic. For dev and lab environments only.

PLAINTEXT — non-TLS connection with no encryption. Set "connection-type": "PLAINTEXT" in connection-parameters.

# Insecure connection (dev/test only)
curl --request PUT \
  'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=node-id-1' \
  --header 'Content-Type: application/json' \
  --data-raw '{
      "node": [
          {
              "node-id": "node-id-1",
              "connection-parameters": {
                  "host": "127.0.0.1",
                  "port": 9090,
                  "connection-type": "INSECURE"
              }
          }
      ]
  }'

Running with docker

To skip the local build, run the controller in Docker:

# Build the Docker image
mvn clean install -P docker

# Run the container
docker run -it --name lighty-rcgnmi --network host --rm lighty-rcgnmi

To mount a custom configuration:

docker run -it --name lighty-rcgnmi --network host \
  -v /absolute/path/to/configuration.json:/lighty-rcgnmi/configuration.json \
  -v /absolute/path/to/log4j2.xml:/lighty-rcgnmi/log4j2.xml \
  --rm lighty-rcgnmi -c configuration.json -l log4j2.xml

Deploying to Kubernetes

A Helm chart is included in the repository under lighty-rcgnmi-app-helm/helm. With a running cluster (tested with minikube / microk8s):

# For microk8s — import the Docker image first
bash lighty-rcgnmi-app-helm/helm/microk8s-uploadDocker.sh

# Install the chart
cd lighty-rcgnmi-app-helm/helm
microk8s helm3 install lighty-rcgnmi-app ./lighty-rcgnmi-app-helm/

# Uninstall
microk8s helm3 uninstall lighty-rcgnmi-app

Startup configuration (initial YANG-modelled data, device connection nodes) goes into configmaps.yaml, so you do not need to rebuild the image per environment.

Using the Karaf distribution (ODL Native)

Teams already on the OpenDaylight Karaf distribution can install the gNMI plugin as a feature from the opendaylight/gnmi repository:

# Build from the gnmi repo root
mvn clean install

# Navigate to the built Karaf distribution and start it
cd karaf/target/assembly/bin
./karaf

# Inside the Karaf console
feature:install odl-gnmi-all

The RESTCONF API is on port 8181 for Karaf deployments. The request paths use /rests/ rather than /restconf/, but the gNMI topology paths and payloads are identical:

# Karaf — note the different port and /rests/ prefix
curl --request GET \
  'http://127.0.0.1:8181/rests/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator' \
  -u admin:admin

Runtime log configuration

Default logging uses Log4j2. To override at startup:

java -Dlog4j.configurationFile=/path/to/log4j2.xml -jar lighty-rcgnmi-app-<version>.jar

Log levels can also be changed at runtime without restarting, using JMX:

jconsole <ip>:1099

Navigate to MBeans → org.apache.logging.log4j2 → loggers → StatusLogger → level and double-click the value to change it.

What you have now

Running all the steps above gives you:

  • A gNMI controller with a RESTCONF API, backed by OpenDaylight's MD-SAL and YANG Tools, starting in under 15 seconds.
  • A device mount point that translates standard HTTP verbs into transactional gNMI Get and Set operations.
  • A local simulator for iterating against OpenConfig YANG models without touching real hardware.
  • Clear paths to Docker and Kubernetes deployment when you are ready to move off a laptop.

The lighty-gnmi-community-restconf-app is the reference implementation. Once you understand the request flow (RESTCONF path → MD-SAL → gNMI mount point → device), extending it to your own YANG models or adding northbound logic comes down to configuration and plugin wiring.

Resources:

Related Articles

VPP 105: Memory Management & DPDK APIs

VPP 105: Memory Management & DPDK APIs

May 7, 2026

Welcome to the 5th part of our VPP Guide series! Today, we will be asking ourselves practical questions regarding the various technologies & libraries managed in VPP – their usage, advantages, and management. Let's jump right into it and ask ourselves: Why does...

read more...