It’s with some excitement I see that the ONF has publicly released the OF-CONFIG specification to precious little fanfare. The head-spinner (in a positive sense) for me is that it includes a nice little RFC 2119-style MUST statement making NETCONF mandatory:
[…] OF-CONFIG1.0 requires that devices supporting OF-CONFIG 1.0 MUST implement NETCONF protocol as the transport. This in turn implies as specified by NETCONF specification that OpenFlow Capable Switches supporting OF-CONFIG1.0 must implement SSH as a transport protocol
See, this is the exact type of use of NETCONF that I think will make all the difference. This means that pure OpenFlow switches actually don’t even really need a traditional CLI or Web UI. It will probably need some sort of very constrained CLI for seed configuration. After that it could be NETCONF only including a NETCONF CLI or a Web UI based with a NETCONF backend. It’s now programmatic, see.
Going back to the excellent (you should really, really read it) Problem Statement for the Automated Configuration of Large IP Networks draft makes me think that what is left is a reasonably well designed (secure!) “call home” protocol. This would mean that we could get rid of the ping-sweeps that is still, to this date, the most sophisticated tool that the network management world has in terms of discovering new network elements.
The Reverse Secure Shell (Reverse SSH) draft seems to be a good conversation starter. An open source implementation of that with some support from a vendor or two then I’m sure we’ll be able to reanimate the sleeping Secure Shell (secsh) working group and off we go.