by Andy Bierman < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >

NETCONF is an XML-based network configuration protocol standardized in the IETF. XML is a good encoding for CLI-based configuration data because it easily models the natural data structures, and allows NETCONF to utilize a large set of XML standard tools and technologies.

NETCONF has an extensible set of operations, such as 'edit-config', 'validate', and 'commit', which provide some transaction-like database manipulation capabilities, not found in SNMP. It is session-based, usually implemented as an SSH subsystem. An agent implementation will specify exactly which feature subsets (called 'capabilities') it supports at the start of each session. A manager does not have to guess or use off-line tools to find out what variations and data model versions are supported by each agent.

If the 'candidate' database is supported, then database edits can be gathered in this scratchpad database and committed all at once the the active configuration database (called 'running').

If the 'startup' capability is supported, then the non-volatile version of the configuration database is managed independently of the 'running' configuration. Otherwise, all changes to the 'running' configuration are written to NV-storage right away.

Databases can also be globally locked, so no matter how many sessions were active at the same time, unintended edits could be prevented. Work is currently underway to standardize a 'partial-lock' operation, to allow multiple concurrent (non-overlapping) explicit locks on the same database. Large ISPs have requested this feature, to avoid locking an entire (huge) backbone router database, in order to edit a single interface.

NETCONF also provides powerful built-in retrieval filtering, with the 'get' and 'get-config' operations. Subtree filtering uses an XML-encoded filter to retrieve a subset of a configuration or state data. If the 'xpath' capability is supported, then the XPath filtering language can be used to select data for retrieval.

If the 'notification' capability is supported, then a manager can use NETCONF to receive filtered notification streams. NETCONF Notifications is a Proposed Standard RFC, like NETCONF. Buffering and replay are also supported.

NETCONF does not directly address the standardization of arbitrary configuration database content, although current work is being done to provide monitoring of the NETCONF protocol itself.

The 'content layer' work is being done by the NETCONF Data Modeling WG, NETMOD. A data modeling language, called Yet Another Next Generation (YANG) is being developed to fully describe the NETCONF protocol content layer. (Next time...how YANG opens the door to fully automated NETCONF protocol implementation.)