PyNet Labs- Network Automation Specialists

What is NETCONF?

Last Updated : January 19, 2023

The Network Configuration Protocol (NETCONF) is a filtering-capable XML-based protocol for network management. It offers fully programmable means of controlling and configuring the operation of networking equipment. You can set the device parameters, get the parameter values, and obtain statistical information using it. Furthermore, it shortens the time allotted for managing the setup of network devices. In this case, rather than manually configuring everything, NETCONF does automatically.

Why Network Configuration Protocol vs. Other Approaches

Back in 2002, when the IAB (Internet Architecture Board) and IETF (Internet Engineering Task Force) set up a workshop with network operators to address the concerns of network operators on issues related to network management, they realized that the industry was extensively dependent upon the SNMP (Simple Network Management Protocol) for the network management. SNMP is a great protocol when it comes to monitoring the devices, especially when the information is limited. But SNMP wasn’t good enough to be used for configuration purposes. Some of the requirements that operators listed that they wanted were:

  • Easy to use technology.
  • Clear differentiation between configuration and operational data.
  • Compatibility with extensive network services (like VPNs and IPTV)
  • In the event of failure, configuration transactions, and simple rollback should be supported.
  • Standardized representation of configurations between different vendors.

Network Configuration Protocol was the output that fulfilled the requirements mentioned above.

What is NETCONF?

NETCONF is a network management protocol that uses a simple remote procedure call (RPC) mechanism to interact with network devices. It is designed to work with the Simple Network Management Protocol (SNMP) and uses an Extensible Markup Language (XML) data encoding format. It allows network administrators to configure, monitor, and troubleshoot network devices remotely, making it a valuable tool for managing large and complex networks.

  • It is used to connect with the device securely to do the configurations and fetch the operational data.
  • It does not define the data format; this responsibility was taken up by YANG (Yet Another Next Generation) data modelling language, which was described by IETF.
  • It does the transportation using an SSH connection on port number 830.

In a setup like the one shown above, tools like Ansible and Python can be used on Management PC to configure routers through NETCONF. The two required things on the router will be the SSH configurations and enabling the NETCONF. The Data Structuring Language used by the Network Configuration Protocol is XML (Extensible Markup Language), meaning the payload you want to push on the device should be in XML format.

How does NETCONF works?

It includes at least one network management system (NMS) that manages network devices. The following diagram depicts Network Configuration Protocol's fundamental network architecture.


There are two main parts to the NETCONF framework: the client and the server.

The following are some of the services that a client may offer:

  • Uses Network Configuration Protocol to control network hardware.
  • To get information about or change the value of a parameter, RPC requests are sent to a NETCONF server.
  • Recognizes a controlled device's state from the alarms and events sent by the device's NETCONF server.

A NETCONF client will send a request to the server, which will then analyse the request before responding to the client.

  • The NETCONF server receives a request from a NETCONF client, analyses the request, and returns a response to the client.
  • Whenever a problem or other event occurs on a managed device, the NETCONF server will use the notification mechanism to deliver an alert or event to the client.

NETCONF Structure

As can be seen in the illustration, Network Configuration Protocol may be conceptually divided into four layers.

NETCONF Protocol Layers
  1. The Secure Transport layer ensures that NETCONF messages are reliably delivered and in the correct sequence. SSH is one example of a secure transport protocol that may be used to comply with it. Required functionality includes NETCONF via SSH support.
  2. The Network Configuration Protocol requests and replies are formatted using an RPC-like communication model supplied by the Messages layer, which rides on top of the Secure Transport layer to provide a secure and stable connection. Data is gathered from the network and organized into NETCONF messages in order to be transmitted up to the Operations layer. The Operations layer frames RPCs for transmission to the Secure Transport layer in the network’s transmit direction.
  3. The Operations layer supplies the collection of management primitives needed to access and alter NE information. NETCONF operations are defined in the operation layer.
  4. NE data is represented by YANG modules and stored in the Content layer. YANG modules create a clean separation between NE configuration data and NE operational data, making administration much simpler.

Before we discuss the abilities of Network Configuration Protocol, let’s quickly understand the difference between Configurational and Operational data. Everything which you can write on a device is configuration data, for example, interface state and the IP address assigned to the interface; on the other hand, Operational data, also known as read-only status data, is non-configurational, for example, the number of packets that were dropped, number of packets sent or received, or overall interface traffic statistics.

NETCONF Operations

It provides a set of operations that can be used to manage the device (depending on the NETCONF compatibility of the device.). Actions are performed upon the network device (and its data stores) via a set of operations.

Let’s understand these operations one by one.

<get>To fetch operational data from the device.
<get-config>To fetch the configurational data from the device.
<edit-config>To push/load configuration on the device.
<copy-config>To replace a set of configurations with new configurations.
<delete-config>To delete a set of configurations.
<commit>To copy the candidate configurations to running configurations.
<lock>/<unlock>To lock or unlock the configurations.
<close-session>To close the session.
<kill-session>To forcefully terminate the session.

The operation <edit-config> can be used with different attributes based on the requirement. The several supported attributes are:

  • Merge: This is the default attribute used by the operation and is used to merge the configurations with the pre-existing configurations.
  • Replace: This is used to replace the whole set of configurations with new ones.
  • Create: The attribute create is used to add the configuration data only if the configuration data doesn’t exist on the device. If it exists, then an error message is returned.
  • Delete: When this attribute has been used, the defined configuration set is deleted from the device.

Why do we call NETCONF a part of Model Driven Programmability?

NETCONF is a Model Driven Programmability method as it works according to the rules defined in data models written in YANG. Let’s get deeper into how these data models are used. For example, let’s consider a data model for describing the information related to a person.

Gender – Male/Female/Other

Height – Feet/Inches/Meters/Centimetres

Weight – Kilograms/Pounds

Name – Maximum 15 Alphabets allowed

Contact Number – Only numbers are allowed

By using this data model for collecting information from a group of people, I can ensure that I am collecting only valid data. Similarly, it uses Data Models to ensure that the appropriate data hierarchy is there. YANG data models provide a clear and concise structure through modules and submodules, which can be used to manage devices.

If the request made by the client is successfully validated, then the server processes the request and returns a response to the client in the form of another XML message. The response may contain the information requested by the client or a status message indicating the result of the operation.

To learn more about Model Driven Programmability and NETCONF, you can also checkout this video -

NETCONF is an integral part of these Training Programs -

DevNet 200-901

DevNet Professional Training


Cisco DevOps Training


Conclusion -

NETCONF is an integral part of software-defined networking (SDN) and is used to manage devices in modern networks. It provides a great ability to automate the tasks of a large number of devices to the network administrator resulting in less requirement of time and effort to maintain the network.


What is NETCONF, and how it works?

As the name implies, NETCONF (Network Configuration Protocol) is a protocol for configuring and managing networks; it does this via a simple remote procedure call (RPC) mechanism. It uses an Extensible Mark-up Language (XML) data encoding format. It uses a client-server model, where the client is the network management system, and the server is the network device being managed.

The client sends NETCONF XML encoded messages to the server, which are then processed and executed by the device's NETCONF agent. The server then sends a response in the form of an XML-encoded message, which the client can parse and use to update its configuration.

Why do we use NETCONF?

There are several reasons why NETCONF is used, including the following:

  • Network Automation and Programmability: It allows network administrators to automate repetitive tasks and improve overall network efficiency by programmatically configuring network devices. This can significantly reduce the time and effort required to manage large and complex networks.
  • Remote Management: It allows network administrators to configure, monitor, and troubleshoot network devices remotely. This makes it a practical tool for overseeing geographically dispersed networks.
  • Standardization: The Internet Engineering Task Force (IETF) came up with the NETCONF standard, which is supported by various network devices from different companies. This helps to ensure compatibility and interoperability between devices.
  • Security: It uses secure transport, such as SSH or TLS, to provide confidentiality and integrity. This helps to ensure that the communication between the client and the server is protected and that unauthorized access is prevented.
  • Extensibility: It uses Extensible Mark-up Language (XML) data encoding format, which makes it easy to extend and customize the protocol to meet specific needs. Additionally, the Network Configuration Protocol is designed to be extensible, allowing vendors and users to create new data models and operations.

Is NETCONF a TCP protocol?

NETCONF is not a TCP protocol; it is a remote management protocol that uses a simple remote procedure call (RPC) mechanism to interact with network devices.

For example, if SSH is used as the secure transport, NETCONF messages are sent over an SSH session, and the underlying transport is TCP. If the secure transport is TLS, the underlying transport is again TCP, but in this case, the encryption and authentication are done using the TLS protocol.

In summary, NETCONF is not a TCP protocol, but it can use TCP as an underlying transport mechanism when used in conjunction with a secure transport such as SSH or TLS.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram