Chapter 4

IoT System Management with

NETCONF-YANG

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

NETCONF

NETCONF (Network Configuration Protocol) is a network management protocol that

provides mechanisms for configuring, managing, and monitoring network devices. It is
based on the principles of Remote Procedure Call (RPC) and Extensible Markup Language
(XML). YANG (Yet Another Next Generation) is a data modeling language used to define the
structure and semantics of data exchanged between network devices and network
management systems. NETCONF and YANG are often used together to enable standardized
network management and configuration.
 Details about NETCONF

1.Protocol: NETCONF is a network management protocol defined by the Internet Engineering Task
Force (IETF) in RFC 6241. It operates over a secure transport protocol such as SSH (Secure Shell) or
Transport Layer Security (TLS).
2.Operations: NETCONF provides a set of operations to manage network devices, including
capabilities negotiation, retrieving device configuration, modifying configuration, executing RPCs, and
subscribing to event notifications.
3.Data Encoding: NETCONF uses XML as the data encoding format. XML provides a structured way of
representing data and configurations exchanged between network devices and management systems.
4.Transport: NETCONF typically uses SSH as the transport protocol for secure communication with
network devices. It can also use TLS for secure transport.
5.Security: NETCONF includes built-in security mechanisms for authentication, authorization, and
encryption. It supports various authentication methods such as username/password, public key, and
digital certificates.
 Details about YANG
1.Language: YANG is a data modeling language used to define the structure, hierarchy, and semantics
of data exchanged between network devices and management systems. It is defined by the IETF in
RFC 7950.
2.Hierarchical Structure: YANG models data in a hierarchical structure using modules, statements,
and data types. It allows for defining containers, lists, leaf nodes, and other elements to represent the
data structure and attributes of network devices.
3.Data Types: YANG provides various data types, including string, Boolean, integer, decimal, identity,
enumeration, and more. These data types help define the characteristics and constraints of the data
being modeled.
4.Relationships: YANG supports defining relationships between data elements using references,
grouping, and augmentations. It enables the reuse of common data structures and facilitates modular
and extensible data models.
5.Constraints and Validations: YANG allows specifying constraints and validations on data elements
using features such as range, length, pattern, and mandatory statements. This helps ensure the
integrity and validity of the data exchanged between devices and management systems.
NETCONF and YANG

NETCONF and YANG together provide a standardized way of managing network devices,
enabling automation, configuration consistency, and interoperability between different
vendors and management systems. YANG defines the structure and semantics of the data,
while NETCONF provides the protocol and operations for exchanging that data between
network devices and management systems.
 RPC (Remote Procedure Call)
RPC (Remote Procedure Call) is a communication protocol that enables a client
program to execute procedures or functions on a remote server as if they were
locally executed. It abstracts the communication details between the client and
server, allowing them to interact seamlessly over a network. Here are the key
details about RPC:
1.Procedure/Function Invocation
2.Client-Server Communication
3.Parameter Marshalling
4.Remote Procedure Execution
5.Result Transmission
6.Transparent Interface
7.Communication Protocols
8.Error Handling
 Outline

• Need for IoT Systems Management

• SNMP
• Network Operator Requirements
• NETCONF
• YANG
• IoT Systems Management with NETCONF-YANG

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

IoT systems management is a crucial aspect of the Internet of Things (IoT) ecosystem. It
involves the deployment, monitoring, and maintenance of IoT devices and networks to
ensure their optimal performance and security. Effective IoT systems management can help
organizations to reduce costs, improve efficiency, and enhance customer experience.

Cisco offers a range of IoT management and automation tools that can help simplify
management tasks, improve visibility, and scale seamlessly 1. These tools can help you
design, provision, update, and enable policy from a single dashboard. You can also gain full
visibility of your network and connected equipment at the edge 1. Additionally, Cisco’s
cloud-delivered OT services can help drive security, simplicity, and scale for your industrial
networks.

IBM also provides IoT solutions that enable businesses to monitor, manage, and automate
their operations more efficiently and with more control 2. IBM’s IoT solutions can help you
connect devices, collect data, analyze insights, and take action to optimize your operations
 Need for IoT Systems Management
1. Automating Configuration: IoT system management allows for automating system
configurations. Management interfaces provide predictable and easy-to-use capabilities,
enabling the automation of system configuration. This is particularly important when
dealing with multiple devices or nodes to ensure consistent configurations and avoid
errors.
2. Monitoring Operational & Statistical Data: Management systems help in monitoring
operational data (related to system parameters during runtime) and statistical data
(describing system performance). This data can be used for fault diagnosis, prognosis, and
performance optimization.
3. Improved Reliability: A management system that validates system configurations before
implementation improves system reliability. By ensuring that configurations are error-
free, the system is less prone to failures or issues.

Bahga & Madisetti, © 2015

 Need for IoT Systems Management cont..

4. System Wide Configuration: When an IoT system consists of multiple devices or nodes, it is
crucial to ensure system-wide configuration for proper functioning. Configuring each device
separately can lead to inconsistencies, where some devices operate on an old configuration
while others have a new one. System-wide configuration ensures changes are applied
uniformly to all devices, avoiding undesirable outcomes.
5. Multiple System Configurations: In certain cases, IoT systems may require multiple valid
configurations that are applied at different times or under specific conditions. The
management system should support such flexibility.
6. Retrieving & Reusing Configurations: Management systems that can retrieve configurations
from devices facilitate the reuse of configurations for other devices of the same type. This is
useful when adding new devices to an IoT system, as the same configuration can be applied
by retrieving it from an existing device.
Break
 Simple Network Management Protocol (SNMP)

• SNMP is a well-known and widely used

network management protocol that allows
monitoring and configuring network devices
such as routers, switches, servers, printers, etc.
• SNMP component include
• Network Management Station (NMS)
• Managed Device
• Management Information Base (MIB)
• SNMP Agent that runs on the device

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

 Limitations of SNMP

• SNMP is stateless in nature and each SNMP request contains all the
information to process the request. The application needs to be intelligent
to manage the device.
• SNMP is a connectionless protocol which uses UDP as the transport protocol,
making it unreliable as there was no support for acknowledgement of
requests.
• MIBs often lack writable objects without which device configuration is not
possible using SNMP.
• It is difficult to differentiate between configuration and state data in MIBs.
• Retrieving the current configuration from a device can be difficult with
SNMP.
• Earlier versions of SNMP did not have strong security features.

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

A network operator

A network operator, also known as a telecommunications operator or

service provider, is a company or organization that provides network
infrastructure and services for communication and data transmission.
Network operators play a crucial role in establishing and maintaining
telecommunications networks that enable connectivity between
various devices, systems, and users.
 A network operator cont..
Some Key Aspects of Network Operators:

1. Network Infrastructure: Network operators build, deploy, and maintain the physical infrastructure
required for communication networks. This infrastructure includes fiber optic cables, transmission
towers, data centers, switching equipment, routers, and other networking devices.
2. Network Services: Network operators offer a range of services to their customers, which can
include voice services (telephone calls), data services (internet access), video services (television),
and other value-added services. These services are delivered over their network infrastructure.
3. Connectivity Provision: Network operators provide connectivity solutions that enable users to
connect to their network and access the services they offer. This can be through wired connections
(such as fiber optic or copper cables) or wireless connections (such as cellular networks or Wi-Fi).
4. Network Management: Network operators are responsible for managing and optimizing their
network infrastructure to ensure reliable and efficient service delivery. This includes tasks such as
monitoring network performance, troubleshooting issues, capacity planning, and network security.
 A network operator cont..

5. Service Quality and Reliability: Network operators strive to provide high-quality and reliable
services to their customers. They invest in network redundancy, backup systems, and disaster
recovery mechanisms to minimize service disruptions and ensure continuous availability.
6. Regulatory Compliance: Network operators must comply with regulatory requirements set by
government authorities or regulatory bodies. These regulations may include licensing, spectrum
allocation, data privacy, consumer protection, and other obligations to ensure fair and lawful
operations.
7. Customer Support: Network operators typically offer customer support services to address
customer inquiries, troubleshoot issues, and provide assistance with service-related matters. This
can include call centers, online support portals, and field technicians.
8. Interconnection and Peering: Network operators establish interconnections and peering
agreements with other operators to facilitate the exchange of traffic between their networks. This
enables seamless communication and connectivity across different networks and enhances the
reach of their services.
 Network Operator Requirements
• Ease of use
• Distinction between configuration and state data
• Fetch configuration and state data separately
• Configuration of the network as a whole
• Configuration transactions across devices
• Configuration deltas
• Dump and restore configurations
Book website: http://www.internet-of-things-book.com
• Configuration validation
• Configuration database schemas
• Comparing configurations
• Role-based access control
• Consistency of access control lists:
• Multiple configuration sets
• Support for both data-oriented and task-
oriented access control
Bahga & Madisetti, © 2015
 NETCONF

• Network Configuration Protocol (NETCONF) is a session-based network management protocol.

NETCONF allows retrieving state or configuration data and manipulating configuration data on
network devices

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

 NETCONF

• NETCONF works on SSH transport protocol.

• Transport layer provides end-to-end connectivity and ensure reliable delivery of messages.
• NETCONF uses XML-encoded Remote Procedure Calls (RPCs) for framing request and
response messages.
• The RPC layer provides mechanism for encoding of RPC calls and notifications.
• NETCONF provides various operations to retrieve and edit configuration data from
network devices.
• The Content Layer consists of configuration and state data which is XML-encoded.
• The schema of the configuration and state data is defined in a data modeling language
called YANG.
• NETCONF provides a clear separation of the configuration and state data.
• The configuration data resides within a NETCONF configuration datastore on the server.

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

 YANG

• YANG is a data modeling language used to model configuration and state data
manipulated by the NETCONF protocol
• YANG modules contain the definitions of the configuration data, state data, RPC calls that
can be issued and the format of the notifications.
• YANG modules defines the data exchanged between the NETCONF client and server.
• A module comprises of a number of 'leaf' nodes which are organized into a hierarchical
tree structure.
• The 'leaf' nodes are specified using the 'leaf' or 'leaf-list' constructs.
• Leaf nodes are organized using 'container' or 'list' constructs.
• A YANG module can import definitions from other modules.
• Constraints can be defined on the data nodes, e.g. allowed values.
• YANG can model both configuration data and state data using the 'config' statement.

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

 YANG Module Example

• This YANG module is a YANG version of the toaster

MIB
• The toaster YANG module begins with the header
information followed by identity declarations
which define various bread types.
• The leaf nodes (‘toasterManufacturer’,
‘toasterModelNumber’ and oasterStatus’) are
defined in the ‘toaster’ container.
• Each leaf node definition has a type and optionally
a description and default value.
• The module has two RPC definitions (‘make-toast’
and ‘cancel-toast’).

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

 IoT Systems Management with NETCONF-YANG

• Management System
• Management API
• Transaction Manager
• Rollback Manager
• Data Model Manager
• Configuration Validator
• Configuration Database
• Configuration API
• Data Provider API

Book website: http://www.internet-of-things-book.com Bahga & Madisetti, © 2015

Management System

Management System: A management system refers to a

software or framework that provides functionalities for
managing and controlling various aspects of a system or
network. It typically includes modules for configuration
management, monitoring, troubleshooting, performance
optimization, and other administrative tasks.
Management API

Management API: A Management API (Application

Programming Interface) is a set of programming
interfaces and protocols that allow external applications
or systems to interact with and control the
management system. It provides a standardized way for
developers to integrate their applications or tools with
the management system, enabling them to perform
management operations programmatically.
Transaction Manager

Transaction Manager: A Transaction Manager is a

component of a management system responsible for
managing transactions in a system. It ensures the
Atomicity, Consistency, Isolation, And Durability
(ACID) properties of transactions. It coordinates and
oversees the execution of multiple operations as part of
a transaction, ensuring that they are either all
successfully completed or rolled back in case of failures.
Rollback Manager

Rollback Manager: A Rollback Manager is a component

that handles the rollback or reversal of changes made
during a transaction. In case of transaction failures or
errors, the rollback manager ensures that the system is
brought back to its previous consistent state by undoing
the changes made by the transaction.
Data Model Manager

Data Model Manager: A Data Model Manager is

responsible for managing the data model or schema of
the system. It defines the structure, relationships, and
constraints of the data stored in the system. The data
model manager ensures data integrity, enforces data
validation rules, and provides mechanisms for data
manipulation and retrieval.
Configuration Validator

Configuration Validator: A Configuration Validator is a

component that validates the configuration settings or
parameters of the system against predefined rules or
constraints. It checks the configuration for correctness,
completeness, and compliance with the system's
requirements. The validator helps ensure that the
system is configured properly and can operate reliably.
Configuration Database

Configuration Database: A Configuration Database is a

storage system or repository that stores the
configuration settings and parameters of the system. It
provides a centralized location for storing and
retrieving configuration data. The configuration
database is typically accessed by the management
system and other components to retrieve configuration
information during system operation.
Configuration API

Configuration API: A Configuration API is an interface or

set of programming interfaces that allow external
applications or systems to interact with the
configuration database and retrieve or modify
configuration settings. It provides a standardized way
for developers to manage and control the system's
configuration programmatically.
Data Provider API

Data Provider API: A Data Provider API is an interface or

set of programming interfaces that allow external
applications or systems to access and retrieve data from
the system. It provides methods and protocols for
querying, retrieving, and manipulating data stored in
the system. The data provider API enables integration
with external systems or applications that need to
access the system's data.