In this article, we learn about what Network Configuration Protocol NETCONF is, Core Architecture and Layers, NETCONF Operations, Configuration Datastores, and Transactionality.
Network Configuration Protocol NETCONF
Network device configuration can be safely and programmatically managed with the Network Configuration Protocol (NETCONF), an IETF-standardized network administration protocol. It outlines a straightforward, vendor-neutral method for retrieving, uploading, and modifying configuration data on network devices.
In order to meet the requirement for a standardized, structured, and transactional manner of device configuration, NETCONF was created as an alternative to the Simple Network Management Protocol (SNMP) and conventional Command Line Interface (CLI) techniques.
You can also read Types of Broadband Networks, Definition, Uses, & Importance
Core Architecture and Layers
A NETCONF client (such as an automation tool or network management system) connects to a NETCONF server that is operating on the network device for NETCONF to function. Four separate levels are conceptually separated within the protocol:
Secure Transport Layer
This layer enables a connection-oriented, safe, and dependable session between the client and server.
- Mechanism: Secure Shell (SSH) is commonly utilized as the transport protocol. For encryption and authentication, NETCONF requires the use of a secure transport.
- Port: On network devices, port 830 is the listening port by default for the NETCONF service. Because NETCONF uses TCP, data delivery is dependable and well-organized.
Messages Layer
This layer specifies the communication framing method, which mostly makes use of Remote Procedure Calls (RPCs).
- Encoding: Extensible Markup Language (XML) is commonly used to encode RPCs made by the client and the responses that are returned from the server (network device).
- Message Types: The messages layer handles RPC invocations (
<rpc>), RPC results (<rpc-reply>), and asynchronous event notifications (<notification>).
Operations Layer
This layer specifies which base protocol operations can be used to control the device using RPCs. To read and change the configuration, these actions are necessary.
Content Layer (Data Models)
The operational data and configuration that are being managed are stored in this layer.
- Data Model: The Content layer is connected to YANG (Yet Another Next Generation), the modelling language that establishes the restrictions, hierarchy, and structure of the data. Since NETCONF does not define the content or data models itself, it is specified to be the transport protocol for YANG.
You can also read Advantages, Types, and Characteristics of Circuit Switching
NETCONF Operations
The Operations layer provides the tools for network management systems to interact with the device.
| Operation | Description |
|---|---|
<get> | Retrieves configuration and operational data (device state information). |
<get-config> | Retrieves all or part of a specified configuration datastore (config data only). |
<edit-config> | Used to load or modify configuration data by creating, deleting, merging, or replacing content in a configuration datastore. |
<copy-config> | Copies an entire configuration datastore to another datastore. |
<commit> | Applies changes from the <candidate> datastore to the <running> datastore. |
<lock> / <unlock> | Locks/releases an entire configuration datastore to prevent conflicting changes during configuration edits. |
<close-session> / <kill-session> | Requests graceful or forced termination of a NETCONF session. |
Capabilities Exchange: The first interaction after establishing an SSH connection involves the client and server exchanging hello messages that detail their respective NETCONF capabilities. These capabilities signal the optional protocol features the device supports, such as the ability to use the candidate configuration datastore (the :candidate capability).
Configuration Datastores and Transactionality
NETCONF’s ability to handle robust configuration updates through transactions is one of its main advantages. This is made possible by specified configuration datastores:
<running>: This is the complete configuration currently active and running on the network device, and it is always present.<candidate>: If the device supports the:candidatecapability, this datastore acts as a staging area. Configuration data can be manipulated here without impacting the device’s currently active configuration.- Transactional Workflow: Changes are made to the
<candidate>configuration, validated against the YANG data models, and then, upon a successful<commit>operation, the<running>configuration is set to the value of the candidate configuration. This ensures that if the operation fails, the device’s live configuration is protected from partial, device-breaking changes.
You can also read Advantages and Disadvantages of Mesh Topology Network
Role in Network Automation
A fundamental protocol for contemporary network automation and model-driven programmability is NETCONF.
- Model-Driven: NETCONF makes it possible to ensure that configuration is consistent, validated, and structured by using YANG models, which is essential for automation tools and orchestration systems.
- Programmatic Access: It enables tools and scripts (like Ansible, often using
ncclient) to interact with devices using a well-defined API, moving away from manual CLI operations.
- SDN Integration: Software-Defined Networking (SDN) controllers frequently use NETCONF as a southbound API (SBI) to interact with and set up network devices, as those in Cisco DNA Centre or Cisco Software-Defined Access (SDA).
- Security: Enforcing the use of secure transports, such as SSH, guarantees that all communications are encrypted and verified.
Comparison with RESTCONF
While closely related, NETCONF differs from its successor, RESTCONF:
| Feature | NETCONF | RESTCONF |
|---|---|---|
| Transport | SSH | HTTPS |
| Primary Data Format | XML | JSON/XML |
| Transaction Support | Strong (via candidate datastore and atomic commit) | Basic |
| Best For | Complex automation, full configuration management | Web/API-based automation |
NETCONF is comparable to a network device’s structured database API. Automation tools communicate with the device via standardized, structured queries (XML/RPCs) rather than ambiguous text instructions (CLI). These queries are verified against preset schemas (YANG models) before being securely saved to the operating configuration.
You can also read What is Dual Homed Topology Definition and Applications