Welcome, visitor!

netconf is a network configuration management system designed with modern network infrastructures and the needs of roaming users in mind. It is currently in development and not yet usable.

Motivation & overview

On Linux systems nowadays, network configuration is handled differently on each distro. The solutions are usually quite mature and flexible, but are starting to reach their limits given today’s requirements, which include roaming laptops and wireless networks, VPNs, LinkLocal networks, etc… The distro-specific methods usually employ hooks to configure everything beyond the simple IP interface, but the solutions are quite brittle in the event of errors or exceptional situations.

Projects, such as NetworkManager, address the needs of the roaming laptop user, but they cannot cater for other, more general use cases. In addition, its GUI-centric approach often leaves advanced users with a feeling of lack of control, and imposes unneccessary dependencies for minimal systems.

netconf is a stateless network configuration management system. It gives the administrator full control in defining a desired network configuration, including fallbacks to other methods, should the preferred means fail. While netconf is certainly overkill for simple situations, in which static configuration data are bound to physical network interfaces, its true capacities unfold when e.g. an OpenVPN tunnel needs to be set up on top of a DHCP-configured link via a wpa_supplicant-managed, wireless network interface, taking the interface to power-safe mode when it fails to obtain a lease, or preventing unencrypted traffic in case the VPN cannot be established.

Any such behaviour may suit some people, while it might annoy others. Rather than imposing decisions, netconf uses a policy layer, which exposes all higher-level control flow decisions to the administrator; you might want to fall back to LinkLocal (or a static configuration) in the absence of a DHCP server, while others could prefer their interfaces to remain unconfigured (and thus in power-safe mode).

To achieve this, netconf uses an event-based, subscriber-publisher approach: a configuration request yields an event that encapsulates the request, which gets dispatched according to what the administrator has specified to the policy. If the first configuration attempt is unsuccessful, the policy layer again gets to decide what to do next, based on what was previously tried, the result, and where the request originated.

Computer networks are non-deterministic entities with lives of their own: changes will happen without explicit requests from the system administrator. For instance, a new network interface might appear, an existing PPP link might die, or the DHCP server become uncooperative and fail to renew a lease. To stay on top of such events, netconf is a daemon which lives on your system and wakes up in case it is needed.

netconf endeavours to be a helper without requiring exclusivity: the administrator must be able to use the standard configuration tools to make changes to the network environment, without fear of tripping netconf or making it useless. netconf’s approach to this challenge is rigorous statelessness. Borrowing from the domain of new artificial intelligence, it works on the premise that “the kernel is its own best model” and does not rely on any state information, whether internal or on-disk. This also means that the netconf daemon can be restarted without requiring changes to the configuration as is.

netconf loves batteries and strives to be a non-magical in what it does. It avoids polling and executes within a single thread.

netconf is being developed for Debian systems but its design makes it trivial for other distributions (even those using non-Linux kernels) to deploy it without the need to adopt Debian’s network configuration paradigms — in fact, the compatibility with Debian’s well-established ifupdown is implemented as an extension to the netconf core.

The code is currently in alpha state. It is implemented in Python and will eventually be ported to C or C++.

Licence & copyright

netconf is the brainchild and copyright © martin f. krafft. The code is available under the terms of the GNU General Public License v2.

The logo has been designed by Aurore D., who holds the copyright. She placed it under the same license. It is available as SVG file from the Git repository.

Links & development resources

• the design document, is anything but final, but it gives a good overview of the structure of the code.

• an (initial, incomplete) roadmap for version 1.0 is available in the git repository

• a TODO list is available.

• there is a mailing list with archives.

• we hang out in the #netconf IRC channel on irc.debian.org.

• we have a planet (blog aggregator).

• you can get the source via git:

  git clone git://git.debian.org/git/netconf/netconf.git

  I like the workflow in use by the git project itself a lot, so have a look at their guidelines on submitting patches and have a go; feel free to ask on the list for advice.

  Do not hesitate to heckle me (IRC nickname ‘madduck’) with Git questions! It’s a great system and I truly enjoy helping others learn it.

  If you have an alioth.debian.org account, you can also use the ssh transport:

  git clone ssh://git.debian.org/git/netconf/netconf.git

  If you would like to be able to push your commits, prod me for an account.

• commit messages (will) go to this (unarchived) list. I have disabled them for now as they were more of a burden than gain. Feel free to sign up to the list, they’ll be turned on as soon as there’s working code.

• the repository is also accessible via a web browser.

• netconf also has an alioth project page.

Talks & presentations

• Video from my DebConf8 presentation in high/low quality, and the recording of the hacking session on the next day in high/low quality.

• slides from my FOSDEM 2008 presentation are available, as is a video recording.

• slides from my LCA 2008 talk are available, as is a video recording.

• I presented the code to a small audience at DebConf7. The session has been recorded and is available in low/high quality.

• slides from two early talks on netconf are here and here. Note that their content does not really correspond to current netconf any longer. The latter talk has been recorded and the video will be available in low/high quality soon.

How can you help?

I’d much rather be a part of a team behind netconf and am looking forward to working with you. There are plenty of opportunities to contribute to netconf:

• spread the word and get other people to join.

• heckle us, give us crazy ideas and share your most intimate network configuration desires.

• write doc strings. I have not really documented the code. Well, actually, I have not documented the code at all. It should be pretty straight-forward and well organised, thus easy to understand and so if you make sense of it, you might just want to write it down?

• write unit tests. Those are trivial and don’t even require Python knowledge. They are just a good way to get acquainted with the code and the language, and for extra benefit, they’re incredibly useful.

• write code. This ranges from shell script methods to complex entities, such as the policy backend. The low/high quality recording of a code introduction session I held in June may be of help (videos available soon).

• implement stuff off the TODO list.

• understand the code and conceptualise complex scenarios, such as WPA and network bridging, location auto-detection and VPN. You may also benefit from the code introductory session linked from the last bullet point.

If any of the above strike your fancy, git the code and subscribe to the mailing list and let us know. Or write to me (madduck) only if you’d prefer not to go public just yet.