Managing Home Routers with NETCONF over TLS and NETCONF Call Home

TL;DR

This paper discusses implementing NETCONF over TLS and Call Home mechanisms to enable remote management of home routers and NAT devices, enhancing network management capabilities with secure protocols.

Contribution

It introduces the integration of NETCONF over TLS and Call Home features into open-source tools, demonstrating their application for managing home routers behind NATs.

Findings

Successful implementation of NETCONF over TLS and Call Home in open-source projects

Enabling management of NATed home routers using secure NETCONF protocols

Improved remote management capabilities for home network devices

Abstract

The Network Configuration (NETCONF) protocol and the associated YANG data modeling language are the foundations of contemporary network management frameworks evolving within the Internet Engineering Task Force (IETF). netopeer (a NETCONF server) and ncclient (a NETCONF client) are popular open-source projects that support the latest NETCONF v1.1 protocol using the mandatory Secure Shell (SSH) transport. We recently implemented and integrated NETCONF over Transport Layer Security (TLS) transport and NETCONF Call Home (CH) mechanisms using reverse TLS and SSH in both projects. The CH mechanism allows a managed device behind a Network Address Translation (NAT) running a NETCONF server (netopeer) to successfully establish a NETCONF session with a Network Management System (NMS) running a NETCONF client (ncclient). In this article, we describe how these standards allow home routers and NAT boxes (in particular) to be managed using these latest additions to the NETCONF protocol.