Data Center Solution

NETCONF XML Protocol Guide

Programmable network configuration with standard NETCONF workflows.

Back to Data Center Solutions

Overview

NETCONF is a standards-based protocol for managing network device configuration through structured operations and YANG data models. It is designed for automation workflows where configuration should be validated, applied, retrieved, and rolled back in a controlled way.

For xSONiC deployments, NETCONF can help network teams move from manual CLI changes to model-driven operations across data center and campus switching platforms.

NETCONF Operations

OperationPurposexSONiC Automation Use
getRetrieve running state and operational data.Audit device state before and after changes.
get-configRetrieve configuration from a datastore.Compare source of truth with device configuration.
edit-configApply configuration changes.Push interface, VLAN, routing, or policy updates.
validateCheck candidate configuration.Catch schema or logic errors before commit.
commitMake candidate configuration active.Apply controlled changes after validation.
discard-changesRemove pending candidate changes.Abort failed or unapproved updates.

Datastore Workflow

Automation source of truth
        |
        v
Build candidate configuration
        |
        v
Validate candidate
        |
        v
Commit to device
        |
        v
Retrieve and compare running state

Why Model-Driven Management Matters

Manual Workflow RiskNETCONF/YANG Benefit
CLI output changes break scripts.Structured data model is easier to parse.
Partial changes create drift.Candidate and commit workflow improves control.
Change rollback is manual.Automation can store intended state and rollback paths.
Fleet-wide consistency is hard.Same model can apply across many devices.

Security and Access Controls

NETCONF should be treated as a privileged management interface.

  • Use role-based credentials with least privilege.
  • Restrict management reachability to trusted automation systems.
  • Log configuration changes and automation job identity.
  • Validate device certificates or SSH trust policy as part of onboarding.
  • Separate read-only inventory workflows from write-capable deployment workflows.

Deployment Checklist

  1. Identify the configuration domains suitable for NETCONF automation.
  2. Confirm YANG model coverage for target features.
  3. Define source-of-truth data structures.
  4. Build validate-before-commit workflows.
  5. Add drift detection by comparing intended and running state.
  6. Test rollback behavior before broad rollout.

xSONiC Platform Fit

NETCONF is relevant across xSONiC data center and campus switching platforms. It is most valuable when teams manage repeated patterns: leaf/spine routing, VLAN and VRF policy, interface templates, telemetry configuration, and standard operational checks.

Engineering Position

NETCONF is useful only when it reduces configuration ambiguity. If the same change can be made by three scripts, two CLI snippets, and one undocumented manual procedure, adding NETCONF will not fix the operations model. The team should first define the source of truth, the YANG paths it expects to manage, the validation step, and the rollback contract.

The strongest workflows use read and write paths together. Before a change, automation retrieves current state and locks the target scope. During the change, it validates the candidate payload and records the job identity. After commit, it retrieves running state and telemetry to prove the intended behavior actually appeared on the device.

For a first production pilot, keep the scope deliberately small: 3 switch models, 5 interfaces per model, 2 VLAN or VRF changes, 1 invalid transaction, and 1 rollback event. That is enough to expose model coverage, transaction safety, and audit logging without turning the first test into a fleet-wide change.

If the environment has mixed roles, include 4 switches across leaf, spine, aggregation, and access profiles. Run 6 transactions: 2 read-only audits, 2 approved changes, 1 rejected invalid payload, and 1 rollback event. This gives the team enough evidence to compare behavior across roles without overloading the first change window.

Automation Acceptance Scope

ScopeWhat To ValidateEvidence
Model coverageRequired interface, VLAN, routing, QoS, and telemetry paths.YANG schema list and documented deviations.
Transaction safetyLock, edit-config, validate, commit, discard, and rollback behavior.Job log with timestamps and device response.
Drift detectionIntended state compared with running state.Config diff and exception report.
Access controlRead-only and write-capable roles separated.Credential policy and audit log.

Engineering Validation Checkpoint

NETCONF and YANG should be accepted by transaction safety. Validate at least 3 models, 2 transactions, 1 invalid payload, and 1 rollback. Compare the intended config, running config, telemetry state, and device logs after every transaction.

CheckEvidence to collectReject condition
Model supportYANG schema list, OpenConfig paths, and vendor deviations.Required paths are absent or behave differently across switch models.
Transaction behaviorLock, edit-config, validate, commit, discard, and rollback logs.An invalid change can partially apply or cannot be rolled back.
AuditabilityConfig diff, user identity, timestamp, and post-change telemetry.The team cannot reconstruct who changed what and why.

Engineering FAQ

Should NETCONF replace the CLI immediately?

No. Use NETCONF first for repeated, well-modeled domains such as interfaces, VLANs, routing templates, telemetry, and standard compliance checks. Keep break glass procedures documented, but make the normal path model-driven and auditable.

What is the minimum production gate?

The minimum gate is one successful change, one rejected invalid payload, one rollback, and one drift-detection run across representative switch models. If any required YANG path is missing or behaves differently between models, record the deviation before scaling the workflow.

Australian-Made Deployment Scope

Australian-made NETCONF XML Protocol Guide solutions for global deployment.

xSONiC delivers Australian-made open networking and data center infrastructure solutions using qualified global components, with Australian architecture review, integration planning, validation, documentation, and commercial accountability.

Australian-made deployment scope

Architecture review, solution configuration, validation planning, documentation, and commercial accountability are handled in Australia.

Qualified global components

Switching, optics, storage, server, and packet visibility components are selected against port speed, OS, telemetry, power, and deployment requirements.

Procurement validation

The bill of materials is checked against RFP requirements, rollback path, optics compatibility, support model, and export screening before order release.

Global deployment support

xSONiC supports international buyers through Australian project ownership, acceptance evidence, documentation, and post-delivery escalation.

References Reviewed

Related Products

Products commonly paired with this solution.

Use these related platforms as a starting point for sizing, comparison, and follow-up discussion.

XS-DC-64X800-AI-G1 front panel product image

XS-DC-64X800-AI-G1

Data Center AI

64-port 800G AI fabric switch for large-scale GPU clusters, HPC backbones, and ultra-high-throughput data center networks.

51.2Tbps
42,000Mpps
XS-AA-48X25-8X100-AGG front panel product image

XS-AA-48X25-8X100-AGG

Access & Aggregation

48x 25G SFP28 aggregation/core switch with 8x 100G QSFP28 for enterprise access and aggregation networks.

2Tbps class
Campus switching class
XS-AA-32X100-CORE front panel product image

XS-AA-32X100-CORE

Access & Aggregation

32x 100G QSFP28 aggregation/core switch with 2x 10G SFP+ auxiliary for enterprise access and aggregation networks.

3.2Tbps class
Campus switching class
Next Step

Move from NETCONF XML Protocol Guide into implementation.

Use the related products below to continue comparing platforms, or open a conversation if you need help mapping the solution to your environment.