NETCONF, ncclient and Network Automation

I my last blog post I had discussed various network management protocols and promised that I will try to experiment with ncclient. ncclient is a Python library you need as a NETCONF client to communicate with a NETCONF server in this instance it will be an instance of Cisco CSR1000v.

The whole process is very straight forward.. in brief

  1. A Ubuntu Server instance ( could also be a Windows server/Workstation)
  2. Python install and configured (all instances of Ubuntu server have Python installed by default)
  3. ncclient installed and configured
  4.  NETCONF enabled on network device (HP, Cisco, Juniper and other supported)

My not so beefy laptop (8GB RAM and intel i5) but powerful enough to run VMware WorkStation with Ubuntu Server and Cisco CSR1000v instance

CSR1000V  VMware Workstation Settings


The Network Adapter corresponds to the GigabitEthernet1 Interface on the router

interface GigabitEthernet1
ip address
negotiation auto

Enable SSH and NETCONF access on the router

TEST_CSR#conf t
TEST_CSR(config)# ip ssh rsa keypair-name sshkeys
TEST_CSR(config)# crypto key generate rsa usage-keys label sshkeys modulus 1024
TEST_CSR(config)# ip ssh timeout 120
TEST_CSR(config)# ip ssh version 2

TEST_CSR(config)# netconf ssh

Ubuntu server NIC interface configured with an address of

Ping from the server – Success !!!

The next item on the agenda was to set up the ncclient.  Please follow the well explained instructions documented here.  Thanks for your help guys.

Cisco CSR1000v, and ncclient setup completed…

Get Device Config

>>> cisco_manager = manager.connect(host='',
... port=22,
... username='cisco',
... password='cisco',
... hostkey_verify=False,
... device_params={'name': 'csr'},
... allow_agent=False,
... look_for_keys=False
... )

Connection established.

RPC call requesting running configuration

>>> c = cisco_manager.get_config(source='running')

Print output on terminal console

>>> c

<?xml version=”1.0″ encoding=”UTF-8″?><rpc-reply message-id=”urn:uuid:e147c6d6-cebf-11e5-afac-000c29e6c046″ xmlns=”urn:ietf:params:netconf:base:1.0″>

! Last configuration change at 23:55:29 UTC Mon Feb 8 2016
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
hostname TEST_CSR




Small step hopefully in right direction.. I will try few other NETCONF options .. stay tuned.



Leave a Comment