Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Starting the NETCONF Session

Each NETCONF session begins with a handshake in which the NETCONF server and the client application specify the NETCONF capabilities they support. The following sections describe how to start a NETCONF session.

Exchanging <hello> Tag Elements

The NETCONF server and client application each begin by emitting a <hello> tag element to specify which operations, or capabilities, they support from among those defined in the NETCONF specification. The <hello> tag element encloses the <capabilities> element and the <session-id> element, which specifies the UNIX process ID (PID) of the NETCONF server for the session. Within the <capabilities> element, each <capability> defines a supported function.

The client application must emit the <hello> tag element before any other element during the NETCONF session and must not emit it more than once.

Each capability defined in the NETCONF specification is represented in a <capability> element by a uniform resource name (URN). Capabilities defined by individual vendors are represented by uniform resource identifiers (URIs), which can be URNs or URLs. The NETCONF XML management protocol emits a <hello> element similar to the following sample output (some <capability> elements appear on multiple lines for legibility only):

The URIs in the <hello> element indicate the following supported capabilities, which is not an exhaustive list:

  • urn:ietf:params:netconf:base:1.0—The NETCONF server supports the basic operations and elements defined in the base NETCONF specification.

  • urn:ietf:params:netconf:capability:candidate:1.0—The NETCONF server supports operations on a candidate configuration.

  • urn:ietf:params:netconf:capability:confirmed-commit:1.0—The NETCONF server supports confirmed commit operations. For more information, see Committing the Candidate Configuration Only After Confirmation Using NETCONF.

  • urn:ietf:params:netconf:capability:validate:1.0—The NETCONF server supports the validation operation, which verifies the syntactic correctness of a configuration without actually committing it. For more information, see Verifying the Candidate Configuration Syntax Using NETCONF.

  • urn:ietf:params:netconf:capability:url:1.0?protocol=http,ftp,file—The NETCONF server accepts configuration data stored in a file. It can retrieve files both from its local filesystem (indicated by the file option in the URN) and from remote machines by using Hypertext Transfer Protocol (HTTP) or FTP (indicated by the http and ftp options in the URN). For more information, see Uploading and Formatting Configuration Data in a NETCONF Session.

  •—The NETCONF server supports the operations defined in the Junos XML API for requesting and changing operational information (the tag elements in the Junos XML API Operational Developer Reference). The NETCONF server also supports operations in the Junos XML management protocol for requesting or changing configuration information.

    NETCONF client applications should use only native NETCONF XML management protocol operations and supported extensions available in the Junos XML management protocol for configuration functions. The semantics of corresponding Junos XML protocol operations and NETCONF XML protocol operations are not necessarily identical, so using Junos XML protocol configuration operations other than the documented supported extensions can lead to unexpected results.

  •—The NETCONF server supports the operations defined in the Device Management Interface (DMI) specification.

By default, the NETCONF server does not advertise supported YANG modules in the NETCONF capabilities exchange. To advertise supported YANG modules, configure one or more of the following statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level:

  • advertise-custom-yang-modules—Advertise third-party YANG modules installed on the device.
  • advertise-native-yang-modules—Advertise Junos OS native YANG modules.
  • advertise-standard-yang-modules—Advertise standard YANG modules supported by the device, for example, OpenConfig modules.

To comply with the NETCONF specification, the client application also emits a <hello> element to define the capabilities it supports. It does not include the <session-id> element:

The session continues when the client application sends a request to the NETCONF server. The NETCONF server does not emit any elements after session initialization except in response to the client application’s requests.

Verifying Compatibility

Exchanging <hello> tag elements enables a client application and the NETCONF server to determine if they support the same capabilities. In addition, we recommend that the client application determine the version of the Junos OS running on the NETCONF server. After emitting its <hello> tag, the client application emits the <get-software-information> tag element in an <rpc> tag element:

The NETCONF server returns the <software-information> tag element, which encloses the <host-name> and <product-name> tag elements plus a <package-information> tag element for each Junos OS module. The <comment> tag element within the <package-information> tag element specifies the Junos OS Release number (in the following example, 8.2 for Junos OS Release 8.2) and the build date in the format YYYYMMDD (year, month, day—12 January 2007 in the following example). Some tag elements appear on multiple lines, for legibility only:

Normally, the version is the same for all Junos OS modules running on the device (we recommend this configuration for predictable routing performance). Therefore, verifying the version number of just one module is usually sufficient.

The client application is responsible for determining how to handle any differences in version or capabilities. For fully automated performance, include code in the client application that determines whether it supports the same capabilities and Junos OS version as the NETCONF server. Decide which of the following options is appropriate when there are differences, and implement the corresponding response:

  • Ignore differences in capabilities and Junos OS version, and do not alter the client application’s behavior to accommodate the NETCONF server. A difference in Junos OS versions does not necessarily make the server and client incompatible, so this is often a valid approach. Similarly, it is a valid approach if the capabilities that the client application does not support are operations that are always initiated by a client, such as validation of a configuration and confirmed commit. In that case, the client maintains compatibility by not initiating the operation.

  • Alter standard behavior to be compatible with the NETCONF server. If the client application is running a later version of the Junos OS, for example, it can choose to emit only NETCONF and Junos XML tag elements that represent the software features available in the NETCONF server’s version of the Junos OS.

  • End the NETCONF session and terminate the connection. This is appropriate if you decide that it is not practical to accommodate the NETCONF server’s version or capabilities. For instructions, see Ending a NETCONF Session and Closing the Connection.