Table of Contents
NETCONF is one of the YANG-based network automation protocols that we will use throughout the course.
In this section we will discuss the fundamental concepts of the NETCONF protocol before moving on to the demonstration that starts in the next section.
What is NETCONF Protocol?
We have already discussed about the details of YANG data model in the third lesson of this course.
In this section we will start to discuss about NETCONF protocol which uses YANG data model to automate network devices.
TO use NETCONF as a network automation protocol, we need network devices to support YANG data model and also NETCONF protocol.
Then we can use Ansible or one of the Python NETCONF libraries like “ncclient” or “nornir-netconf” to automate the network by sending or receiving network configuration or device statistics.
NETCONF uses SSH infrastructure to send or receive the configuration using RPC commands over the standard TCP port 830.
NETCONF RPC Commands
There is a list of RPC commands that can be used in the NETCONF protocol depending on the action and type of data being sent or received to or from network devices.
| RPC Operation | Description |
| get | receive config and statistics |
| get-config | receive entire or part of configuration |
| edit-config | change entire or part of configuration |
| copy-config | replace entire configuration |
| delete-config | delete configuration |
| commit | copy candidate configuration to running configuration |
| lock/unlock | lock/unlock the ocnfiguration |
| close-session | graceful termination of netconf sesion |
| kill-session | forced termination of netconf sesion |
Among these RPC commands, three are the most commonly used.
The “get” command is used to get device configurations or device statistics such as interface statistics.
The “get-config” command is used to get all or part of the network device configuration.
And also the “edit-config” command used to change the configuration of network devices.
In addition to these commands, there are some other commands that can also be used in the NETCONF protocol in network automation.
The command “delete-config” to delete the configuration. And the “copy-config” to replace the entire configuration.
NETCONF supported data stores
There are three data stores that can be supported in the NETCONF protocol. One of them “running” is mandatory and is used to send or receive configuration to or from the running configuration of network devices.
But “startup” and “candidate” are the other data stores that may be supported in NETCONF depending on the vendor and device type.
The RPC command “commit” is used to copy the candidate configuration to the active configuration if it is supported.
Juniper junos or cisco IOS XR devices are sample of devices that may support candidate configuration in NETCONF protocol.
NETCONF supported Data Coding
The configuration or any other data sent or received through NETCONF protocol is encoded using the XML language, since this is the only data encoding language supported by the NETCONF protocol.
As an example, here I have shown a sample OSPF configuration with XML data structure.
In the second lesson of this course, we already talked about the XML data coding language and how it differs from JSON and YAML data structures.
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"> <router> <router-ospf xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ospf"> <ospf> <process-id> <id>1</id> <network> <ip>192.168.1.0</ip> <wildcard>0.0.0.255</wildcard> <area>0</area> </network> <network> <ip>192.168.2.0</ip> <wildcard>0.0.0.255</wildcard> <area>0</area> </network> <network> <ip>192.168.3.0</ip> <wildcard>0.0.0.255</wildcard> <area>1</area> </network> <router-id>1.1.1.1</router-id> </process-id> </ospf> </router-ospf> </router> </native>
nornir_netconf Python Library
The next sections are devoted to using NETCONF to get configuration, get device statistics, change the configuration, delete the configuration and save configuration.
We will use the python library “nornir_netconf” to do all netconf network automation tasks during the course. The “ncclient” is another Python library that can be used to use NETCONF for network automation.
The benefit of using “nornir_netconf” is that we can take advantage of Nornir’s “inventory management” and “multithreading” capabilities, making network automation easier and more efficient.
Going to the “nornir.tech” website and then “projects -> nornir -> Pluigns -> nornir_netconf” or searching for the keywords “nornir netconf github” in google will redirect you to the source of “nornir_netconf” python library in the Github source community.
Then in the path “nornir_netconf/nornir_netconf/plugins/tasks/” in Github you will find all network automation tasks supported by “nornir_netconf“.
In the folder “retrieval”, there are two tasks “netconf_get” and “netconf_get_config” that we will discuss in the next sections and it is used to retrieve the entire or part of the configuration or network statistics.
In the folder “editing”, there are the tasks “netconf_edit_config” and “netconf_commit” that we will use to change and commit the configuration.
To change or read only part of the configuration or device statistics, we use two filters, “subtree” and “xpath“, which will be discussed in the next sections.
We will also discuss how to use jinja2 template to change the configuration of devices which we have also discussed in CLI based network automation.
The Jinja2 template has the advantage of keeping the configuration and data separate from the automation script and inventory to optimize network automation.