preload
Jan 08

Herein lies a comparison of two similar, embedded network configuration management protocols: Cisco’s Web Services Management Agent (WSMA) and NETCONF. This comparative analysis is broken down into different functional categories, each containing a category winner (based on my own opinion). This analysis is taken from a Cisco device-centric perspective.

Category: Overall

WSMA (Category Winner)

  • NETCONF does configuration only. WSMA does all that NETCONF does and more like Exec commands and generic file system operations. NETCONF does, however, allow for server-initiated notification (of configuration changes) subscriptions, whereas this functionality is still on the WSMA roadmap. Server-intiated notification subscriptions are important in large networks of intermittently connected devices and in environments in which managed devices must reverse the management connection, punching holes through firewalls/network address translators.
  • NETCONF schema is a standard. WSMA schemas are proprietary.
  • NETCONF supports more transport protocols than WSMA.
  • From a Cisco perspective, NETCONF has no future roadmap, whereas WSMA has a future evolution. NETCONF is in IOS 12.4(9)T, WSMA is 12.4(24)T and 15.0.
  • NETCONF has been in the field a longer time, but it is less powerful. Assuming your managed network device supports WSMA, it’s the way to go.

Category: Protocol Support

NETCONF (Category Winner)

NETCONF supports the following transport protocols for transmission of it’s XML encoded data:

  • Console
  • Secure Shell – SSH v2-only (RFC 4742)
  • Simple Object Access Protocol (SOAP) over HTTP(S) RFC 4743
  • Blocks Extensible Exchange Protocol (BEEP) RFC 4744 – technically superior, but is not widely adopted.
  • Transport Layer Security (TLS) RFC 5539


WSMA
WSMA supports the following transport protocols for transmission of it’s SOAP encapsulated XML encoded data:

  • Console
  • Secure Shell (SSH v2-only)
  • Simple Object Access Protocol (SOAP) over HTTP(S)
  • Transport Layer Security (TLS)

Category: Operations

WSMA (Category Winner)

Transport Protocol Support Matrix

Protocol NETCONF WSMA
Console
SSH
HTTP error
HTTPS error
TLS
BEEP error
Telnet error error

WSMA operations are supported through the following four agents:

  • config—Validates and applies a set of configuration commands to Cisco IOS software.
  • exec—Handles the EXEC-mode command-line operations on Cisco IOS software.
  • filesys – Copies and validates files between local and remote file systems.
  • notification – Collects configuration-change events and forwards the details to the management application, which is configured to receive the notifications. Notification subscriptions are bound to a single stream for the lifetime of the subscription.

NETCONF

  • get – Retrieve running configuration and device state information.
  • get-config, edit-config, copy-config - Create or replace an entire configuration datastore with the contents of another complete configuration datastore.
  • delete-config – Delete a configuration datastore. The running configuration datastore cannot be deleted.
  • lock – operation allows the client to lock the configuration system of a device.
  • unlock – operation is used to release a configuration lock, previously obtained with the lock operation.
  • close-session – Request graceful termination of a NETCONF session.
  • kill-session – Force the termination of a NETCONF session.
  • create-subscription – Initiates an event notification subscription that will send asynchronous event notifications of any configuration change to the subscriber until the subscription terminates.

Interest by Search Volume

Interestingly, but not surprisingly, information regarding NETCONF is more highly sought after (at least according to the number of Google searches) than is information on WSMA.

2 Responses to “Protocol Comparison: NETCONF versus Cisco WSMA”

  1. friv Says:

    Server-intiated notification subscriptions are important in large networks of intermittently connected devices and in environments in which managed devices must reverse the management connection, punching holes through firewalls/network address translators.

  2. yepi Says:

    Notification subscriptions are bound to a single stream for the lifetime of the subscription.

Leave a Reply

You must be logged in to post a comment.