Overview of NETCONF

Definition

Network Configuration Protocol (NETCONF) is a communication mechanism used between a network management system (NMS) and managed devices. A network administrator can use NETCONF to add, modify, and delete configurations of network devices, and obtain the configurations and status of network devices. Network devices provide standard application programming interfaces (APIs), through which the NMS can manage these devices using NETCONF. For details about APIs, see NETCONF YANG API Reference.

Purpose

The Simple Network Management Protocol (SNMP) is not a configuration-oriented protocol. On a large-sized network with a complex topology, SNMP cannot meet network management requirements, especially the configuration management requirements. To meet such requirements, Extensible Markup Language (XML)-based NETCONF has been introduced.

NETCONF can be implemented by using the existing functional modules of a device. This reduces NETCONF development costs and allows easy access to new features. Table 1 lists the advantages of NETCONF over SNMP.

**Table 1** Comparison between SNMP and NETCONF
Item	SNMP	NETCONF
Configuration protection	Not supported.	Supported. NETCONF provides a lock mechanism to prevent multi-user configuration conflicts.
Configuration backup	Not supported.	Supported. NETCONF provides multiple configuration databases (databases for short), which are backups of each other.
Configuration query	Supported. Querying one or more records in a table requires multiple times of interaction.	Supported. NETCONF can query all configuration data of one object based on filtering conditions. The batch data collection speed of NETCONF is 10 times faster than that of SNMP.
Scalability	Poor.	Good. NETCONF uses a multi-layer model. Each layer is independent of other layers. The extension of one layer has no impact on other layers. NETCONF is in XML encoding format. This format expands the management capability and system compatibility of NETCONF.
Security	Among the versions of SNMP, only SNMPv3 provides authentication and encryption. However, the authentication and encryption functions of SNMPv3 cannot be expanded.	NETCONF uses existing security protocols, such as Secure Shell (SSH) and Simple Object Access Protocol (SOAP), to ensure network security, and is not specific to any security protocols. NETCONF is more flexible than SNMP in security protection.