Notes on NETCONF
NETCONF is an IETF Standard
NETCONF is protocol for exchanging configuration information from a management platform. YANG is the data modelling language for the format of data used by NETCONF to exchange data.
Comparing to SNMP
Conceptually, this is the similar to SNMP as the protocol, SMI is the data model using ASN.1 notation.
SNMP is too limited to be useful for exchanging configuration data.
- SNMP is stateless. Therefore cannot handle multi-stage data transactions.
- Not able to backup/restore elements – one SNMP sets a variable there is no recovery action. Therefore, setting multiple SNMP variable is risky and difficult.
- Because of this, very few applications perform SNMP writes.
- All of the problem of SNMP as a configuration tool are documented in RFC3535
Introduction to NETCONG & YANG
Disclosure – Carl Moberg from Tail-F was a sponsor on Packet Pushers
NETCONF supports capability exchange so that the client can discover the version of the server. This allows for dynamic upgrades of the client, and graceful fallback in the case that either client or server are not at the same version.
SNMP data is not semantically encapsulated – the client must know the the format of the data being read e.g. 32bit INTEGER, 64-bit INTEGER etc. It’s hard to program SNMP reader since you must explicitly define all data. If it changes or isn’t correct, your application needs to detect this and fail gracefully. There are no libraries available for this.
NETCONF not only defines the protocol from Client to server, but also the states in the server and client to support features like the following:
– Distinction between configuration and state data – Multiple configuration data stores (candidate, running, startup) – Configuration change validations – Configuration change transactions – Selective data retrieval with filtering – Streaming and playback of event notifications – E xtensible remote procedure call mechanism
– Human readable, and easy to learn representation – Hierarchical configuration data models – Structured data types – Extensibility through augmentation mechanisms – Supports definition of operations (RPCs) – configuration validation capability – Data modularity through modules and sub-modules – Well defined versioning
Things that Network Management wants to do
- platforms should envisage the network as a whole not as individual devices.
- compare configuration data between devices – render vendor specific data down to common data sets.
- configure devices and rollback as necessary, or provide other risk mitigation features.
- be consistent across a wide range of devices. SNMP might be a problem but at least it’ consistent across many devices.
Device = NETCONF server Software = NETCONF client
NETCONF supports multiple transport protocols – SSH, BEEP, SOAP(HTTP) and TLS.
Basic NETCONF Operations * Get configuration – Retrieve all or part of a specified configuration from a named data store * Get all information – Retrieve running configuration and device state information * Edit configuration – Loads all or part of a specified configuration to the specified target configuration * Copy configuration – Create or replace an entire configuration datastore with the contents of another complete configuration datastore.(HTTP) * Delete configuration – Delete a configuration datastore (not applicable to running) * Lock and unlock , – Short-lived lock and unlock of the configuration system of a device * Close and kill session , – Graceful (close) or forced (kill) termination of a NETCONF session
Juniper, Brocade, Cisco, Huawei, and various smaller players.
Releated IETF RFC
This page a very complete list of all IETF RFCs, including the latest revisions (so you don’t have to read the obsolete ones and locate the latest RFCs. )
Other Posts in A Series On The Same Topic
- Tech Review: NETCONF and YANG (13th February 2012)