Data Center Solution

NETCONF XML Protocol Guide

Programmable network configuration with standard NETCONF workflows.

Back to Data Center Solutions

Overview

NETCONF is a standards-based protocol for managing network device configuration through structured operations and YANG data models. It is designed for automation workflows where configuration should be validated, applied, retrieved, and rolled back in a controlled way.

For xSONiC deployments, NETCONF can help network teams move from manual CLI changes to model-driven operations across data center and campus switching platforms.

NETCONF Operations

OperationPurposexSONiC Automation Use
getRetrieve running state and operational data.Audit device state before and after changes.
get-configRetrieve configuration from a datastore.Compare source of truth with device configuration.
edit-configApply configuration changes.Push interface, VLAN, routing, or policy updates.
validateCheck candidate configuration.Catch schema or logic errors before commit.
commitMake candidate configuration active.Apply controlled changes after validation.
discard-changesRemove pending candidate changes.Abort failed or unapproved updates.

Datastore Workflow

Automation source of truth
        |
        v
Build candidate configuration
        |
        v
Validate candidate
        |
        v
Commit to device
        |
        v
Retrieve and compare running state

Why Model-Driven Management Matters

Manual Workflow RiskNETCONF/YANG Benefit
CLI output changes break scripts.Structured data model is easier to parse.
Partial changes create drift.Candidate and commit workflow improves control.
Change rollback is manual.Automation can store intended state and rollback paths.
Fleet-wide consistency is hard.Same model can apply across many devices.

Security and Access Controls

NETCONF should be treated as a privileged management interface.

  • Use role-based credentials with least privilege.
  • Restrict management reachability to trusted automation systems.
  • Log configuration changes and automation job identity.
  • Validate device certificates or SSH trust policy as part of onboarding.
  • Separate read-only inventory workflows from write-capable deployment workflows.

Deployment Checklist

  1. Identify the configuration domains suitable for NETCONF automation.
  2. Confirm YANG model coverage for target features.
  3. Define source-of-truth data structures.
  4. Build validate-before-commit workflows.
  5. Add drift detection by comparing intended and running state.
  6. Test rollback behavior before broad rollout.

xSONiC Platform Fit

NETCONF is relevant across xSONiC data center and campus switching platforms. It is most valuable when teams manage repeated patterns: leaf/spine routing, VLAN and VRF policy, interface templates, telemetry configuration, and standard operational checks.

Related Products

Products commonly paired with this solution.

Use these related platforms as a starting point for sizing, comparison, and follow-up discussion.

XS-DC-64X800-AI-G1 front panel product image

XS-DC-64X800-AI-G1

Data Center AI

64-port 800G AI fabric switch for large-scale GPU clusters, HPC backbones, and ultra-high-throughput data center networks.

51.2Tbps
42,000Mpps
View Product
XS-AA-48X25-8X100-AGG front panel product image

XS-AA-48X25-8X100-AGG

Access & Aggregation

48x 25G SFP28 aggregation/core switch with 8x 100G QSFP28 for enterprise access and aggregation networks.

2Tbps class
Campus switching class
View Product
XS-AA-32X100-CORE front panel product image

XS-AA-32X100-CORE

Access & Aggregation

32x 100G QSFP28 aggregation/core switch with 2x 10G SFP+ auxiliary for enterprise access and aggregation networks.

3.2Tbps class
Campus switching class
View Product
Next Step

Move from NETCONF XML Protocol Guide into implementation.

Use the related products below to continue comparing platforms, or open a conversation if you need help mapping the solution to your environment.

Talk to xSONiC