SR OS NETCONF Server Basics

This chapter provides information about SR OS NETCONF server basics.

Topics in this chapter include:

Applicability

This chapter was initially written for SR OS Release 16.0.R4, but the MD-CLI in the current edition corresponds to SR OS Release 21.5.R2.

Overview

The SR OS Network Configuration Protocol (NETCONF) server can communicate with a NETCONF client, that is, exchange hello messages, receive requests, and reply with responses. Before communicating with the SR OS NETCONF server, some SR OS configurations are prerequisites, and others are optional. This chapter describes the basic configurations needed for a seamless interaction with the SR OS NETCONF server. NETCONF client-server communication shows the NETCONF client-server communication between the controller and the SR OS node.

Figure 1. NETCONF client-server communication

Configuration

The following steps describe the procedure to configure a NETCONF server on SR OS.

Because NETCONF uses SSH for transport, enable the SSH server in SR OS:

configure {
    system {
        security {
            ssh {
                server-admin-state enable

Enable the NETCONF server:

configure {
    system {
        management-interface {
            netconf {
                admin-state enable

Enable the YANG modules to use with NETCONF; for example, the Nokia combined modules:
```
configure {
    system {
        management-interface {
            yang-modules {
                nokia-submodules false
                nokia-combined-modules true
            }
```
Note:
The Nokia combined modules and the Nokia submodules are mutually exclusive and cannot both be set to true at the same time.

Configure an "nc_user" user with administrative privileges (access netconf):

configure {
    system {
        security {
            user-params {
                local-user {
                    user "nc-user" {
                        password <password>
                        access {
                            console true
                            netconf true
                        }
                        console {
                            member ["administrative"]
                        }
                    }

Optionally, enable NETCONF auto-config-save, which auto-saves the data (that is, makes it persistent) after each successful NETCONF commit:
```
configure {
    system {
        management-interface {
            netconf {
                auto-config-save true
```

Optionally, grant the NETCONF user permission to lock a datastore through NETCONF:

configure {
    system {
        security {
            aaa {
                local-profiles {
                    profile "administrative" {
                        netconf {
                            base-op-authorization {
                                lock true

Optionally, grant the NETCONF user permission to kill an open NETCONF session:

configure {
    system {
        security {
            aaa {
                local-profiles {
                    profile "administrative" {
                        netconf {
                            base-op-authorization {
                                kill-session true

Commit the configuration:
```
commit
```
If MD-CLI auto-config-save is disabled, save the configuration manually:
```
admin save
```

Conclusion

This chapter describes general SR OS NETCONF server configurations.