netconf

Welcome, visitor!

netconf is a network configuration management system designed with modern network infrastructures and the needs of roaming users in mind. It is currently in development and not yet usable.

Motivation & overview

On Linux systems nowadays, network configuration is handled differently on each distro. The solutions are usually quite mature and flexible, but are starting to reach their limits given today’s requirements, which include roaming laptops and wireless networks, VPNs, LinkLocal networks, etc… The distro-specific methods usually employ hooks to configure everything beyond the simple IP interface, but the solutions are quite brittle in the event of errors or exceptional situations.

Projects, such as NetworkManager, address the needs of the roaming laptop user, but they cannot cater for other, more general use cases. In addition, its GUI-centric approach often leaves advanced users with a feeling of lack of control, and imposes unneccessary dependencies for minimal systems.

netconf is a stateless network configuration management system. It gives the administrator full control in defining a desired network configuration, including fallbacks to other methods, should the preferred means fail. While netconf is certainly overkill for simple situations, in which static configuration data are bound to physical network interfaces, its true capacities unfold when e.g. an OpenVPN tunnel needs to be set up on top of a DHCP-configured link via a wpa_supplicant-managed, wireless network interface, taking the interface to power-safe mode when it fails to obtain a lease, or preventing unencrypted traffic in case the VPN cannot be established.

Any such behaviour may suit some people, while it might annoy others. Rather than imposing decisions, netconf uses a policy layer, which exposes all higher-level control flow decisions to the administrator; you might want to fall back to LinkLocal (or a static configuration) in the absence of a DHCP server, while others could prefer their interfaces to remain unconfigured (and thus in power-safe mode).

To achieve this, netconf uses an event-based, subscriber-publisher approach: a configuration request yields an event that encapsulates the request, which gets dispatched according to what the administrator has specified to the policy. If the first configuration attempt is unsuccessful, the policy layer again gets to decide what to do next, based on what was previously tried, the result, and where the request originated.

Computer networks are non-deterministic entities with lives of their own: changes will happen without explicit requests from the system administrator. For instance, a new network interface might appear, an existing PPP link might die, or the DHCP server become uncooperative and fail to renew a lease. To stay on top of such events, netconf is a daemon which lives on your system and wakes up in case it is needed.

netconf endeavours to be a helper without requiring exclusivity: the administrator must be able to use the standard configuration tools to make changes to the network environment, without fear of tripping netconf or making it useless. netconf’s approach to this challenge is rigorous statelessness. Borrowing from the domain of new artificial intelligence, it works on the premise that “the kernel is its own best model” and does not rely on any state information, whether internal or on-disk. This also means that the netconf daemon can be restarted without requiring changes to the configuration as is.

netconf loves batteries and strives to be a non-magical in what it does. It avoids polling and executes within a single thread.

netconf is being developed for Debian systems but its design makes it trivial for other distributions (even those using non-Linux kernels) to deploy it without the need to adopt Debian’s network configuration paradigms — in fact, the compatibility with Debian’s well-established ifupdown is implemented as an extension to the netconf core.

The code is currently in alpha state. It is implemented in Python and will eventually be ported to C or C++.

Licence & copyright

netconf is the brainchild and copyright © martin f. krafft. The code is available under the terms of the GNU General Public License v2.

The logo has been designed by Aurore D., who holds the copyright. She placed it under the same license. It is available as SVG file from the Git repository.

Links & development resources

Talks & presentations

How can you help?

I’d much rather be a part of a team behind netconf and am looking forward to working with you. There are plenty of opportunities to contribute to netconf:

If any of the above strike your fancy, git the code and subscribe to the mailing list and let us know. Or write to me (madduck) only if you’d prefer not to go public just yet.