Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure RFC-Compliant NETCONF Sessions

When you use NETCONF to manage Junos devices, you can require that the NETCONF server enforce certain behaviors that are compliant with RFC 4741, NETCONF Configuration Protocol during the NETCONF session. To enforce RFC compliance, configure the rfc-compliant statement at the [edit system services netconf] hierarchy level. Configuring the rfc-compliant statement affects the following aspects of the NETCONF session:

  • Namespaces emitted in NETCONF server replies

  • Elements returned in RPC replies for <get> and <get-config> operations in cases where there is no configuration data to return

  • NETCONF server replies that would return both an <ok/> element and an <rpc-error> element with a severity level of warning

  • NETCONF server replies for <commit> and <validate> operations.

The differences are described in detail in the following sections.

Namespaces

By default, the NETCONF server, sets the default namespace to the NETCONF namespace in the opening tag of the server’s reply, and NETCONF tag names are not qualified. For example:

When you configure the rfc-compliant statement, the NETCONF server does not define a default namespace in its replies. Instead, the server includes a namespace declaration for the NETCONF namespace, which is bound to the nc prefix, and qualifies all NETCONF tags in its replies with the prefix. If you set the default namespace to the NETCONF namespace in an RPC request, the server discards the default namespace and emits its reply using only the declared namespace that is bound to the nc prefix.

The following sample output shows the NETCONF server’s <hello> message and capabilities exchange when the rfc-compliant statement is configured. The <hello> tag contains the xmlns:nc declaration, and all NETCONF tags include the nc prefix.

The following output shows a sample RPC reply when the rfc-compliant statement is configured:

Starting with Junos OS Release 17.2R1, when you configure the rfc-compliant statement and request configuration data in a NETCONF session, the server sets the default namespace for the <configuration> element to the same namespace as in the corresponding YANG model.

Changes to <get> and <get-config> Operations

The rfc-compliant statement affects the <get> and <get-config> server replies in cases where there is no configuration data to return. This can occur, for example, when you apply a filter to return a subset of the configuration, and that portion of the configuration is empty.

If you execute the <get> or <get-config> operation, and there is no configuration data in the requested hierarchy, then if the rfc-compliant statement is not configured, the RPC reply contains an empty <configuration> element inside the <data> element.

If you execute the <get> or <get-config> operation, and there is no configuration data in the requested hierarchy, then if the rfc-compliant statement is configured, the RPC reply returns an empty <data> element and omits the <configuration> element.

<rpc-error> Elements with a Severity Level of Warning in RPC Replies

Starting in Junos OS Release 17.4R3, 18.2R2, 18.3R2, and 18.4R1, when you configure the rfc-compliant statement, the NETCONF server cannot return an RPC reply that includes both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would include one or more <rpc-error> elements with a severity level of warning in addition to the <ok/> element, then the warnings are omitted. In addition, starting in Junos OS Release 21.2R1, any warnings that are omitted during a <commit> operation are redirected to the system log file for tracking.

In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element. For example, a commit operation might be successful but return a warning as in the following NETCONF server reply:

If you configure the rfc-compliant statement, then the warning is omitted.

NETCONF Server Response to <commit> and <validate> Operations

Starting in Junos OS Release 21.2R1, when you configure the rfc-compliant statement, the NETCONF server's response to <commit> operations includes the following changes:

  • If a successful <commit> operation returns a response with one or more warnings, the warnings are redirected to the system log file, in addition to being omitted from the response.

  • The NETCONF server response emits the <source-daemon> element as a child of the <error-info> element instead of the <rpc-error> element.

  • If you also configure the flatten-commit-results statement at the [edit system services netconf] hierarchy level, the NETCONF server only emits an <ok/> or <rpc-error> element in its response and suppresses any <commit-results> XML subtree.

Starting in Junos OS Release 23.2R1 and Junos OS Evolved Release 23.4R1, when you configure the rfc-compliant statement, the NETCONF server emits only an <ok/> or <rpc-error> element in response to <validate> operations. In earlier releases, the RPC reply also includes the <commit-results> element.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
23.2R1 and 23.4R1-EVO
Starting in Junos OS Release 23.2R1 and Junos OS Evolved Release 23.4R1, when you configure the rfc-compliant statement, the NETCONF server emits only an <ok/> or <rpc-error> element in response to <validate> operations. In earlier releases, the RPC reply also includes the <commit-results> element.
21.2R1
Starting in Junos OS Release 21.2R1, when you configure the rfc-compliant statement, the NETCONF server's response to <commit> operations is modified.
18.4R1
Starting in Junos OS Release 17.4R3, 18.2R2, 18.3R2, and 18.4R1, when you configure the rfc-compliant statement, the NETCONF server cannot return an RPC reply that includes both an <rpc-error> element and an <ok/> element.