5.3.2 Using NETCONF for device support
NNMi relies primarily on the Simple Network Management Protocol (SNMP) as the method for collecting management information from supported devices. However, NNMi might also use the Network Configuration Protocol (NETCONF) for some specific vendor devices whose required management information is not reported when SNMP is used.
Currently, NNMi uses NETCONF to support Juniper Networks QFabric systems only.
The following sections provide a brief introduction to NETCONF and explain the configuration required for both the managed devices and NNMi in order to support such devices in NNMi.
- Organization of this subsection
(1) What is NETCONF?
NETCONF, like SNMP, is an Internet Engineering Task Force (IETF) standard for network management. NETCONF is defined by IETF Request for Comments (RFC) 4741 and 4742 (Version 1), later updated by RFC 6241 and 6242 (Version 1.1).
NETCONF is intended primarily for use as a device configuration mechanism, whereas SNMP is used most commonly for monitoring, polling, and fault notification. Both protocols report management information that is useful to NNMi.
NNMi uses NETCONF to collect information about devices during discovery or rediscovery (in other words, it collects read-only information). NNMi does not use NETCONF to modify the device configuration or to monitor status or provide performance metrics.
NETCONF is an XML-formatted command-and-response protocol that runs primarily over Secure Shell (SSH) transport. The NETCONF protocol is similar in some ways to the traditional device console Command Line Interface (CLI), except that the XML-formatted commands and results are designed for management applications, rather than human interaction with the devices.
Because NETCONF is a relatively new management protocol, it is not as widely available among device vendors as is SNMP.
Note the following in the case of a vendor who has implemented NETCONF in a device that NNMi is managing:
NETCONF commands are generally more vendor specific and are not as well publicized as the many standard and vendor-specific MIBs in SNMP. Consequently, NNMi's capability to utilize NETCONF is still quite limited.
Where a specific vendor implements NETCONF in its devices and reports the management information that NNMi needs, you must add that device-specific NETCONF support in NNMi.
For details, see (3) Enabling and configuring NETCONF in a managed device and (4) Configuring NETCONF device credentials in NNMi.
(2) NETCONF protocol operation
Details of NETCONF communication between NNMi and the managed devices are transparent to the NNMi user. However, the following overview might be helpful for troubleshooting:
A NETCONF client (management application, such as NNMi) establishes an SSH connection with the NETCONF server (subsystem) on a managed device.
Valid SSH user name and password credentials must be specified by the client and authenticated by the device.
The client application and device exchange capabilities in the form of <hello> messages.
The client initiates requests to the device in the form of Remote Procedure Call (RPC) messages, including standard <get> or <get-config> operations, plus any vendor-specific operations that are defined for the device.
The device responds with the results of operations in the form of RPC reply messages.
When the client application is done sending requests and processing the responses, it sends a <close-session> RPC message to the device.
The device acknowledges with an <ok> RPC reply message.
Both sides then terminate the SSH connection.
(3) Enabling and configuring NETCONF in a managed device
Before NNMi can communicate with a managed device, it might be necessary to explicitly enable and configure NETCONF in that device. See your vendor's device configuration documentation for specific instructions.
In general, the following prerequisites must be satisfied on the managed device:
Enable NETCONF on either the default NETCONF TCP port 830 or on the standard SSH TCP port 22.
Configure SSH user name and password credentials on the device for NETCONF communication access.
NNMi requires only read-only access.
(4) Configuring NETCONF device credentials in NNMi
You must configure NETCONF SSH credentials in NNMi to match those configured in the managed device before NNMi can use NETCONF for communicating with that device.
If proper NETCONF credentials are not configured for a device, NNMi discovery proceeds (using SNMP only); however, the management information reported in NNMi for that device might be incomplete.
You use Communication Configuration in the NNMi console to configure NETCONF device credentials settings in the Device Credentials tab of the relevant Specific Node Settings, Regions, or Default Device Credentials for the device.
- Important
You can configure only a single SSH user and password for each managed device. This means that the same set of credentials is used for both regular SSH and NETCONF sessions with that device.
Once configured, NNMi uses the new credentials during the next discovery cycle for the specified device (node).
For details about how to edit the NNMi Communication Configuration forms, see NNMi Help for Administer.