NETCONF

NETCONF
Name	NETCONF
Developer	IETF
Introduced	2006
Status	Draft/Standard
Related	RESTCONF, SNMP, gNMI

NETCONF

NETCONF is a network management protocol standardized by the IETF for installing, manipulating, and deleting the configuration of network devices. It provides a transaction-oriented, RPC-based mechanism that complements legacy protocols defined by bodies such as the IETF, IEEE, ITU-T, MEF, and ETSI. NETCONF has been integrated into product lines from vendors including Cisco Systems, Juniper Networks, Arista Networks, Huawei, and Nokia and is referenced in standards work by organizations like OMA and OpenConfig.

Overview

NETCONF emerged from efforts at the IETF to create a programmatic interface to network device configuration distinct from management models used by SNMP and command-line interfaces from vendors such as Cisco Systems and Juniper Networks. The protocol is defined in RFCs produced by the IETF working groups, influenced by earlier work at IETF NETMOD and discussed in meetings involving stakeholders like AT&T, Verizon, BT Group, Telefonica, and Orange S.A.. NETCONF emphasizes transactional integrity, capability negotiation, and extensibility to support models developed by communities such as OpenConfig, ETSI, and vendor-specific initiatives from Arista Networks.

Protocol Architecture

NETCONF uses an RPC-oriented architecture layered over secure transports standardized by the IETF, enabling operations on configuration and state data exposed by devices from vendors such as Cisco Systems and Juniper Networks. The architecture separates protocol framing, data encoding, and data modeling—paralleling efforts by groups like IETF NETMOD, IETF YANG, and the OpenConfig community. NETCONF sessions negotiate capabilities and use XML encoding; its design influenced alternative protocols like RESTCONF and model-driven telemetry approaches used by Google and Facebook.

Data Modeling and YANG

YANG is the primary data modeling language associated with NETCONF; it was developed under the auspices of the IETF NETMOD working group and standardized in RFCs that define module, typedef, and augmentation mechanisms. YANG allows vendors such as Cisco Systems, Juniper Networks, Huawei, and initiatives like OpenConfig and IETF to publish modules for interfaces, routing, and services. Toolchains and repositories maintained by organizations like GitHub, OpenDaylight, and ONAP host YANG modules used in orchestration projects by companies such as Ericsson, Nokia, AT&T, and Deutsche Telekom.

Operations and Capabilities

NETCONF defines core operations—such as get-config, edit-config, copy-config, delete-config, and lock—that implement transactional configuration changes familiar to operators at AT&T, Telefónica, Verizon, and BT Group. Capability negotiation enables extensions like candidate configuration, confirmed-commit, and rollback, which are used in maintenance workflows by cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud. These features intersect with orchestration platforms and standards projects including OpenStack, Kubernetes, ONAP, and OpenDaylight.

Security and Transport

Transport for NETCONF is typically secured using SSH as specified in IETF documents; alternative transports such as TLS and connection-oriented protocols are discussed in standards and product implementations from vendors like Cisco Systems and Juniper Networks. Authentication and authorization integrate with enterprise identity providers such as Active Directory, LDAP, and federation systems used by operators like Verizon and AT&T. Security considerations in NETCONF deployments are addressed alongside guidelines from NIST and compliance regimes relevant to providers including BT Group and Telefonica.

Implementations and Tools

Multiple open-source and commercial implementations exist: OpenDaylight and ONOS include NETCONF modules; Juniper Networks and Cisco Systems ship NETCONF agents in their platforms; libnetconf and libyang provide libraries for client and server development. Tooling such as Ansible, SaltStack, Puppet, and Chef integrates NETCONF modules for automation tasks used by enterprises like Capital One and cloud operators including Amazon Web Services. Test suites and conformance tools maintained by communities on GitHub and projects like OpenConfig support interoperability testing across vendors including Arista Networks and Huawei.

Adoption and Use Cases

NETCONF is used in service provider network automation at companies like AT&T, Verizon, Deutsche Telekom, British Telecom, and NTT Communications for provisioning interfaces, routing policies, and VLAN configurations. Cloud and data center operators such as Google, Facebook, Amazon Web Services, and Microsoft have explored model-driven approaches and telemetry that leverage NETCONF or its successors. Use cases span WAN orchestration, VPN provisioning, device lifecycle management, and integration with orchestration projects like ONAP, OpenStack, and Kubernetes; academic and standardization work at institutions such as MIT, Stanford University, and ETH Zurich investigate NETCONF’s role in intent-based networking and programmability.

Category:Network management protocols