NETCONF and RESTCONF

Nick Hopgood
17-06-2024 3 min read

NETCONF

Network Configuration Protocol (NETCONF) is a standard protocol developed for managing network devices. It uses SSH as its transport mechanism over TCP port 830 by default. NETCONF is defined in RFC 6241.

NETCONF uses XML (Extensible Markup Language) based data encoding for both configuration data and protocol messages.

Network devices running a NETCONF agent can be managed using five main RPC operations:

• get: Retrieves the running configuration and device state information.
• get-config: Retrieves all or part of a specified configuration.
• edit-config: Loads all or part of a specified configuration to the device.
• copy-config: Creates or replaces an entire configuration with specified contents.
• delete-config: Deletes a configuration. The running configuration cannot be deleted.

There are also four additional operations that aren't used to directly manage the device:

• lock: Allows the client to lock the entire configuration datastore system of a device.
• unlock: Releases a configuration lock, previously obtained with the lock operation.
• close-session: Requests graceful termination of a NETCONF session.
• kill-session: Forces the termination of a NETCONF session.

RESTCONF

Representational State Transfer Configuration (RESTCONF) is a standards protocol based on HTTP and HTTPS that provides a programmatic interface to access data stored in YANG within a device's datastore. It is a subset of the NETCONF protocol but provides access in a 'RESTful' manner via HTTP/HTTPS. RESTCONF is defined in RFC 8040.

The RFC shows how RESTCONF can coexist with NETCONF:

RESTCONF can be implemented on a device that supports the NETCONF protocol. The following figure shows the system components if a RESTCONF server is co-located with a NETCONF server:

       +-----------+           +-----------------+
       |  Web app  | <-------> |                 |
       +-----------+  RESTCONF | network device  |
                               |                 |
       +-----------+           |   +-----------+ |
       | NETCONF   | <-------> |   | datastore | |
       | Client    |  NETCONF  |   |           | |
       +-----------+           |   +-----------+ |
                               +-----------------+

The following figure shows the system components if a RESTCONF server is implemented in a device that does not have a NETCONF server:

       +-----------+           +-----------------+
       |  Web app  | <-------> |                 |
       +-----------+  RESTCONF | network device  |
                               |                 |
                               +-----------------+

RESTCONF agents operate through five HTTP methods, which are used for CRUD functions:

• GET: Retrieves data and metadata for a resource. It is supported for all resource types, except operation resources.
• PATCH: Partially modifies a resource (equivalent to the NETCONF merge operation).
• PUT: Creates or replaces the target resource.
• POST: Creates a data resource or invokes an operations resource.
• DELETE: Deletes the target resource.

NETCONF vs RESTCONF

1. Protocol: NETCONF uses XML, while RESTCONF uses HTTP/HTTPS and supports JSON or XML.
2. Operations: NETCONF uses RPCs, while RESTCONF uses HTTP methods (GET, PUT, POST, PATCH, DELETE).
3. Security: NETCONF typically uses TLS, while RESTCONF uses HTTPS.
4. Data Modeling: Both NETCONF and RESTCONF use YANG, but RESTCONF also supports JSON and XML.