NETCONF stands for Network Configuration Protocol. It is a filtering-capable XML-based protocol for network management. It offers fully programmable means of controlling and configuring the operation of networking equipment. You can set the device parameters, get the parameter values, and obtain statistical information using it. Furthermore, it shortens the time allotted for managing the setup of network devices. In this case, rather than manually configuring everything, NETCONF does automatically.
In this blog, we will help you understand what NETCONF is, why it is needed, its working, use cases, and challenges.
What is NETCONF?
NETCONF is a network management protocol that uses a simple remote procedure call (RPC) mechanism to interact with network devices. It is designed to work with the Simple Network Management Protocol (SNMP) and uses an Extensible Markup Language (XML) data encoding format. It allows network administrators to configure, monitor, and troubleshoot network devices remotely, making it a valuable tool for managing large and complex networks.
- It is used to connect with the device securely to do the configurations and fetch the operational data.
- It does not define the data format; this responsibility was taken up by YANG (Yet Another Next Generation) data modelling language, which was described by IETF.
- It does the transportation using an SSH connection on port number 830.
In a setup like the one shown above, tools like Ansible and Python can be used on Management PC to configure routers through Network Configuration Protocol. The two required things on the router will be the SSH configurations and enabling the NETCONF. The Data Structuring Language used by the Network Configuration Protocol is XML (Extensible Markup Language), meaning the payload you want to push on the device should be in XML format. If it’s in any other format, you need to convert it first. For instance, if it’s in JSON, you should use a JSON to XML converter.
History and Evolution of NETCONF
NETCONF was introduced to address the limitations of SNMP and CLI. Netconf base protocol was first introduced in late 2006 as an RFC 4741 NETCONF Configuration Protocol by NETCONF working groups. In 2011, the revised version was published as RFC 6241, and today it’s the most current version. Several RFCs have been published by Internet Engineering Task Force (IETF).
Some of the supporting RFCs published by IETF are:
- RFC 4742
- RFC 4743
- RFC 5539
The RFCs, as mentioned above, were updated in 2011 and became:
- RFC 6241 (old version 4741)
- RFC 6242 (old version 4742)
Why Is NETCONF Important for Network Automation?
Older network management methods make automation harder. CLI scraping was fragile, inconsistent, and difficult to scale across platforms. NETCONF helped solve this with a standard way to expose and change configuration.
That is why NETCONF became important in network programmability. It reduced dependence on screen scraping and manual parsing. It also made device configuration more structured and easier to automate.
With NETCONF, automation tools can send clear requests to network devices. They can receive structured responses instead of raw command output. This helps engineers read configurations and apply changes with fewer errors. It also supports consistent changes across many devices. This makes network automation more reliable, repeatable, and easier to scale.
Want to learn how NETCONF, RESTCONF, Python, Ansible, and network programmability are used in real enterprise environments?
Explore the Network Automation Course by PyNet Labs and gain hands-on experience with real automation tools, APIs, and modern networking technologies used in today’s IT industry.
Let’s move on and understand why we needed this protocol in the first place.
How does NETCONF works?
It includes at least one network management system (NMS) that manages network devices. The following diagram depicts Network Configuration Protocol’s fundamental network architecture.
NETCONF usually works as a client-server model:
- the automation system or controller acts as the client
- the network device acts as the server
The client sends a request to the server. This request is referred to as an RPC request. This request can ask the device to provide information, update a setting, or modify the existing configuration.
The server reads the request. It performs the action and then sends the client the information.
NETCONF is commonly used over SSH. This keeps communication secure. A NETCONF client can be used to do several things, such as:
- Get the device’s current configuration.
- Change the device’s settings.
- Get the current operational state of a device.
- Change the locked/unlocked state of configuration.
- Change configuration with revision control.
- Get notifications and alerts on changes to the device.
For example, to update the configuration of a router, a network engineer can use NETCONF. The client sends the change request to the router. The router looks for any requests and applies the change, and reply is sent.
NETCONF Protocol Architecture
As can be seen in the illustration, Network Configuration Protocol may be conceptually divided into four layers.
- The Secure Transport layer ensures that NETCONF messages are reliably delivered and in the correct sequence. SSH is one example of a secure transport protocol that may be used to comply with it. Required functionality includes NETCONF via SSH support.
- The Network Configuration Protocol requests and replies are formatted using an RPC-like communication model supplied by the Messages layer, which rides on top of the Secure Transport layer to provide a secure and stable connection. Data is gathered from the network and organized into NETCONF messages in order to be transmitted up to the Operations layer. The Operations layer frames RPCs for transmission to the Secure Transport layer in the network’s transmit direction.
- The Operations layer supplies the collection of management primitives needed to access and alter NE information. Its operations are defined in the operation layer.
- NE data is represented by YANG modules and stored in the Content layer. YANG modules create a clean separation between NE configuration data and NE operational data, making administration much simpler.
Before we discuss the abilities of Network Configuration Protocol, let’s quickly understand the difference between Configurational and Operational data. Everything which you can write on a device is configuration data, for example, interface state and the IP address assigned to the interface; on the other hand, Operational data, also known as read-only status data, is non-configurational, for example, the number of packets that were dropped, number of packets sent or received, or overall interface traffic statistics.
NETCONF Operations
It provides a set of operations that can be used to manage the device (depending on the NETCONF compatibility of the device.). Actions are performed upon the network device (and its data stores) via a set of operations.
Let’s understand these operations one by one.
| <get> | To fetch operational data from the device. |
| <get-config> | To fetch the configurational data from the device. |
| <edit-config> | To push/load configuration on the device. |
| <copy-config> | To replace a set of configurations with new configurations. |
| <delete-config> | To delete a set of configurations. |
| <commit> | To copy the candidate configurations to running configurations. |
| <lock>/<unlock> | To lock or unlock the configurations. |
| <close-session> | To close the session. |
| <kill-session> | To forcefully terminate the session. |
The operation <edit-config> can be used with different attributes based on the requirement. The several supported attributes are:
- Merge: This is the default attribute used by the operation and is used to merge the configurations with the pre-existing configurations.
- Replace: This is used to replace the whole set of configurations with new ones.
- Create: The attribute create is used to add the configuration data only if the configuration data doesn’t exist on the device. If it exists, then an error message is returned.
- Delete: When this attribute has been used, the defined configuration set is deleted from the device.
NETCONF vs. SNMP
Back in 2002, when the IAB (Internet Architecture Board) and IETF (Internet Engineering Task Force) set up a workshop with network operators to address the concerns of network operators on issues related to network management, they realized that the industry was extensively dependent upon the SNMP (Simple Network Management Protocol) for the network management. SNMP is a great protocol when it comes to monitoring the devices, especially when the information is limited. But SNMP wasn’t good enough to be used for configuration purposes. Some of the requirements that operators listed that they wanted were:
- Easy to use technology.
- Clear differentiation between configuration and operational data.
- Compatibility with extensive network services (like VPNs and IPTV)
- In the event of failure, configuration transactions, and simple rollback should be supported.
- Standardized representation of configurations between different vendors.
Network Configuration Protocol was the output that fulfilled the requirements mentioned above.
Key NETCONF Capabilities
NETCONF is a network management protocol that provides several key capabilities for configuring and monitoring network devices. Some of these capabilities are:
- The ability to edit and validate device configuration data in a structured and consistent way, using XML or JSON encoding and YANG data models.
- The ability to retrieve operational state data from devices, such as interface statistics, routing tables, or device status.
- The ability to invoke remote procedure calls (RPCs) on devices, such as rebooting, testing, or applying changes.
- The ability to subscribe to notifications from devices, such as alarms, events, or telemetry data.
- The ability to use secure transport protocols, such as SSH or TLS, for authentication and encryption of Network Configuration Protocol messages.
Why do we call NETCONF a part of Model Driven Programmability?
NETCONF is a Model Driven Programmability method as it works according to the rules defined in data models written in YANG. Let’s get deeper into how these data models are used. For example, let’s consider a data model for describing the information related to a person.
Gender – Male/Female/Other
Height – Feet/Inches/Meters/Centimetres
Weight – Kilograms/Pounds
Name – Maximum 15 Alphabets allowed
Contact Number – Only numbers are allowed
By using this data model for collecting information from a group of people, I can ensure that I am collecting only valid data. Similarly, it uses Data Models to ensure that the appropriate data hierarchy is there. YANG data models provide a clear and concise structure through modules and submodules, which can be used to manage devices.
If the request made by the client is successfully validated, then the server processes the request and returns a response to the client in the form of another XML message. The response may contain the information requested by the client or a status message indicating the result of the operation.
NETCONF vs RESTCONF
Below, we have discussed the basic difference between NETCONF and RECTCONF based on different factors.
| Factor | NETCONF | RESTCONF |
| Protocol style | Uses RPC-based communication. | Uses REST-style APIs. |
| Data format | Uses XML by default. | Uses JSON or XML. |
| Transport | Usually runs over SSH. | Usually runs over HTTPS. |
| Ease of use | More complex for beginners. | Easier for web developers. |
| Main use | Best for configuration management. | Best for API-based automation. |
| Operations | Uses operations like get, edit-config, and commit. | Uses HTTP methods like GET, POST, PUT, and DELETE. |
| Data modeling | Uses YANG models. | Also uses YANG models. |
| Best suited for | Large and controlled network changes. | Lightweight and modern integrations. |
Network Configuration Protocol Use Cases
Here are some use cases of NETCONF:
- Data Centers: Data centers are one of the most complicated devices in the networking domain. NETCONF helps manage these data centers by automating the configuration of hundreds/thousands of devices simultaneously.
- Service Providers: Service Providers with large-scale networks use this protocol to ensure consistent and error-free configurations across multiple routers, switches, and other network devices.
- SDN: NETCONF plays a crucial role by enabling programmable and automated network configurations, aligning with SDN.
Challenges associated with NETCONF
Despite many advantages of NETCONF, there are some challenges associated with it:
- NETCONF has not yet adopted globally due to the legacy systems and old established protocols like SNMP and CLI.
- Many organizations still use older systems that are not compatible with NETCONF.
Future of NETCONF
NETCONF will remain important in network automation. The main reason is its support for structured, model-driven configuration. Modern network devices are moving away from raw CLI output. They now support standard data models, mainly through YANG. NETCONF works with these YANG models to read, validate, and change device configuration.
This makes NETCONF useful for large networks. It gives automation tools a safer way to push changes. It also supports features like locking, validation, and confirmed commits. These features are important when teams manage critical network devices.
NETCONF may not be the only protocol used in future networks. RESTCONF, gNMI, and vendor APIs are also used today. But NETCONF still has a strong role where controlled configuration changes are needed.
AI and machine learning tools also need clean network data. They need structured data instead of unstructured CLI output. NETCONF can help provide structured data from network devices.
Frequently Asked Questions
Q1. What is NETCONF used for?
NETCONF is a protocol that allows network devices to be configured and managed remotely. It uses XML-based data encoding and a client-server model to exchange configuration data between network nodes. It can be used for various purposes, such as monitoring network status, applying security policies, or updating software versions.
Q2. What protocols are used by NETCONF?
NETCONF uses XML-based data encoding and Remote Procedure Calls (RPCs) to communicate with network devices. It can use different transport protocols to establish a secure session between a client and a server.
Q3. Is NETCONF TCP or UDP?
NETCONF is a network management protocol that operates over TCP. Unlike UDP, TCP provides reliable and ordered delivery of data between applications.
Q4. What is the full form of NETCONF?
The full form of NETCONF is Network Configuration Protocol.
Q5. Does NETCONF use XML?
Yes. The IETF NETCONF RFC says it uses XML-based data encoding.
Q6. What is the difference between NETCONF and YANG?
NETCONF is the protocol, while YANG defines the data model.
Q7. What is the difference between NETCONF and RESTCONF?
NETCONF uses a structured configuration protocol model, while RESTCONF uses HTTP methods to access YANG-defined data.
Conclusion
NETCONF is a structured network configuration protocol built for automation and reliable configuration management. It uses XML, works closely with YANG, often runs over SSH, and supports useful concepts such as datastores, locking, commit, and confirmed commit. This is what makes it more powerful than simple CLI-based automation in many environments. It still matters because modern network automation needs predictability, control, and structure. That is exactly what NETCONF was designed to support.
