NETCONF Session Overview
Communication between the NETCONF server and a client application is session based. The server and client explicitly establish a connection and session before exchanging data and close the session and connection when they are finished.
The streams of NETCONF and Junos XML tag elements emitted by the NETCONF server and the client application must each constitute well-formed XML by obeying the structural rules defined in the document type definition (DTD) for the kind of information they are exchanging. The client application must emit tag elements in the required order and only in the allowed contexts.
Client applications can access the NETCONF server by using the SSH protocol and standard SSH authentication mechanisms; by using the TLS protocol, which uses mutual X.509 certificate-based authentication; or by using outbound HTTPS, which uses one-way X.509 certificate based authentication. After authentication, the NETCONF server uses the configured or derived Junos OS username and class to determine whether a client application is authorized to make each request.
The following list outlines the basic structure of a NETCONF session:
The client application establishes a connection to the NETCONF server and opens the NETCONF session.
The NETCONF server and client application exchange initialization information, which is used to determine if they are using compatible versions of the Junos OS and the NETCONF XML management protocol.
The client application sends one or more requests to the NETCONF server and parses its responses.
The client application closes the NETCONF session and the connection to the NETCONF server.
For an example of a complete NETCONF session, see Sample NETCONF Session.