145
Configuring NETCONF
Overview
Network Configuration Protocol (NETCONF) is an XML-based network management protocol with
filtering capabilities. It provides programmable mechanisms to manage and configure network
devices. Through NETCONF, you can configure device parameters, retrieve parameter values, and
get statistics information.
In NETCONF messages, each data item is contained in a fixed element. This enables different
devices of the same vendor to provide the same access method and the same result presentation
method. For the devices of different vendors, XML mapping in NETCONF messages can achieve the
same effect. For a network environment containing different devices regardless of vendors, you can
develop a NETCONF-based NMS system to configure and manage devices in a simple and effective
way.
NETCONF structure
NETCONF has four layers: content layer, operations layer, RPC layer, and transport protocol layer.
Table 9 NETCONF layers and XML layers
NETCONF
layer
XML layer
Description
Content
Configuration data,
status data, and
statistics
information
The content layer contains a set of managed objects, which can be
configuration data, status data, and statistics information. For
information about the operable data, see the NETCONF XML API
reference for the device.
Operations
<get>,<get-config>,
<edit-config>…
The operations layer defines a set of base operations invoked as RPC
methods with XML-encoded parameters. NETCONF base operations
include data retrieval operations, configuration operations, lock
operations, and session operations. For the device supported
operations, see "
Appendix A Supported NETCONF operations
RPC
<rpc>,<rpc-reply>
The RPC layer provides a simple, transport-independent framing
mechanism for encoding RPCs. The <rpc> and <rpc-reply> elements
are used to enclose NETCONF requests and responses (data at the
operations layer and the content layer).
Transport
Protocol
•
In non-FIPS
mode:
Console/Telne
t/SSH/HTTP/H
TTPS/TLS
•
In FIPS mode:
Console/SSH/
HTTPS/TLS
The transport protocol layer provides reliable, connection-oriented,
serial data links.
In non-FIPS mode, the following login methods are available:
•
You can log in through Telnet, SSH, or the console port to perform
NETCONF operations at the CLI.
•
You can log in through HTTP or HTTPS to perform NETCONF
operations in the Web interface or perform
NETCONF-over-SOAP operations.
In FIPS mode, all login methods are the same as in non-FIPS mode
except that you cannot use HTTP or Telnet.