Cisco SDWAN: vManage and Netconf

Lets talk about Netconf first and then we can talk about the role of Netconf in the Cisco Viptela SDWAN solution. 

Netconf (Network Configuration Protocol)
A network configuration protocol, known as Network Configuration Protocol (NETCONF), is developed and standardized by the IETF. By using NETCONF, network settings can be installed, modified, and deleted.

Remote Procedure Calls (RPCs) enable it to perform its operations. Configuration data as well as protocol messages are encoded using XML based Extensible Markup Language (XML).Over a secure transport protocol, protocol messages are exchanged.

Netconf (Network Configuration Protocol) in Cisco Viptela SDWAN
The NETCONF protocol defines a method for managing and configuring network devices. Communication with SD-WAN devices is mostly performed over DTLS/TLS, but in some cases NETCONF is used natively before the DTLS/TLS connection is established.

Fig 1.1- Netconf in Cisco Viptela SDWAN

A vManage instance uses NETCONF to retrieve information from any controller (vManage, vBond, or vSmart) and adds them to the GUI as devices. 

Adding controllers to vManage might be the first step, or incrementally scaling the deployment by adding vManage instances to a cluster, or adding additional vSmart or vBond controllers.

Before encrypted DTLS/TLS sessions are reformed after a controller reloads or crashes, the controller uses NETCONF to communicate back to vManage.

Before DTLS/TLS connections are formed, vManage uses NETCONF to generate Certificate Signing Requests from controllers.

It uses TCP destination port 830 and SSH encryption using AES-256-GCM.