Gap Analysis of Network Configuration Protocols in LLM-Driven Intent-Based Networking
draft-zeng-opsawg-llm-netconf-gap-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Guanming Zeng , Jianwei Mao , Bing Liu , Nan Geng , Xiaotong Shang , Qiangzhou Gao , Zhenbin Li | ||
| Last updated | 2025-11-02 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-zeng-opsawg-llm-netconf-gap-00
Network Working Group G. Zeng
Internet-Draft J. Mao
Intended status: Informational B. Liu
Expires: 6 May 2026 N. Geng
X. Shang
Q. Gao
Z. Li
Huawei
2 November 2025
Gap Analysis of Network Configuration Protocols in LLM-Driven Intent-
Based Networking
draft-zeng-opsawg-llm-netconf-gap-00
Abstract
Large Language Models (LLMs) are entering network operations through
natural-language intent interfaces. Existing south-bound protocols
(NETCONF, RESTCONF, gNMI, MCP, A2A) were not designed for
conversational, semantically-rich, multi-agent orchestration. This
document provides a systematic gap analysis and identifies extension
points for each protocol to meet intent-based networking
requirements.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 May 2026.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
Zeng, et al. Expires 6 May 2026 [Page 1]
Internet-Draft LLM Netconf Gap November 2025
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Gap Analysis per Protocol . . . . . . . . . . . . . . . . . . 3
3.1. MCP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1.1. Gap Analysis . . . . . . . . . . . . . . . . . . . . 3
3.1.2. Solution Considerations . . . . . . . . . . . . . . . 4
3.2. A2A . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. Gap Analysis . . . . . . . . . . . . . . . . . . . . 5
3.2.2. Solution Considerations . . . . . . . . . . . . . . . 7
3.3. NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3.1. Gap Analysis . . . . . . . . . . . . . . . . . . . . 7
3.3.2. Solution Considerations . . . . . . . . . . . . . . . 7
3.4. RESTCONF . . . . . . . . . . . . . . . . . . . . . . . . 7
3.4.1. Gap Analysis . . . . . . . . . . . . . . . . . . . . 7
3.4.2. Solution Considerations . . . . . . . . . . . . . . . 8
3.5. gNMI . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.5.1. Gap Analysis . . . . . . . . . . . . . . . . . . . . 8
3.5.2. Solution Considerations . . . . . . . . . . . . . . . 8
4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Normative References . . . . . . . . . . . . . . . . . . . . 8
6. Informative References . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
Intent-based networking (IBN) promises to translate high-level
operator intent into network configuration without low-level syntax
errors. With the advent of LLMs, the interface moves from YAML/CLI
to natural language. Unfortunately, none of the current
configuration or agent-to-agent protocols provide the semantic,
transactional, and multi-agent primitives required by LLM-driven IBN.
This draft analyses the gaps and proposes concrete extension
directions for five widely deployed protocols.
Zeng, et al. Expires 6 May 2026 [Page 2]
Internet-Draft LLM Netconf Gap November 2025
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", etc., are to be
interpreted as described in [RFC2119].
IBN, LLM, Agent, Intent, Tool, Artifact, and Task are used as defined
in [I-D.ietf-opsawg-ibn-terminology].
3. Gap Analysis per Protocol
3.1. MCP
3.1.1. Gap Analysis
The design goal of MCP is to give a single Large Language Model (LLM)
a "plug-and-play" tool-calling capability. When deployed directly
between a network controller and the devices, however, the following
structural gaps are exposed.
3.1.1.1. Lack of Network-Level Transaction Semantics
MCP's tools/call is a stateless, one-shot JSON-RPC invocation.
Network changes normally require the multi-stage semantics "candidate
→ validate → commit → rollback." MCP has neither a candidate
datastore nor two-phase-commit primitives. Consequently, cross-
device bulk deployments cannot guarantee "all-or-nothing" atomicity.
When partial failures occur, the controller must supply its own
compensation logic, lengthening the LLM's reasoning chain and
increasing uncertainty.
3.1.1.2. No YANG Semantics Discovery Mechanism
Today MCP tool descriptors are written by hand. Network-device
capabilities are authoritatively defined by YANG models; whenever a
model is updated, the tool list must be manually re-synchronized.
Without an automated pipeline "YANG → JSON-Schema → tool descriptor,"
maintaining the tool catalogue in a large multi-vendor environment
becomes a bottleneck.
3.1.1.3. Encoding and Bandwidth Bottlenecks
Network-ops scenarios often involve high-frequency telemetry (5–60 s
sampling, 10 k metrics per node). MCP specifies only JSON-RPC over
HTTP/1.1, resulting in highly redundant messages and no streaming
push primitive. When an LLM needs real-time anomaly detection,
frequent polling consumes excessive bandwidth and CPU, violating
data-center goals of low latency and high throughput.
Zeng, et al. Expires 6 May 2026 [Page 3]
Internet-Draft LLM Netconf Gap November 2025
3.1.1.4. Missing Multi-Device Context Correlation
MCP's invocation context is confined to a single connection; it
cannot natively carry network-level intent such as "change the same
VLAN across three leaf switches while keeping the STP root bridge
unchanged." The LLM must repeat the constraints in the prompt,
wasting tokens and raising the error rate.
3.1.1.5. Lack of Network Rollback and Audit Hooks
Network operations require audit logs that "trace down to the leaf
node." MCP's tool return body contains only a JSON result; there are
no standardized fields for rollback-point, commit-id, or syslog-
severity. Root-cause analysis and compliance audits therefore
require additional integration with device syslog or NETCONF logs,
increasing cost.
3.1.1.6. Incompatibility with Existing Device Security Models
Devices commonly enforce certificate-based mutual-TLS plus NACM path-
level permissions. MCP currently defines only a Bearer-token header
and offers no mapping between a tool call and the read/write/exec
permissions on a YANG node. If a tool-descriptor file leaks, an LLM
could combine calls to bypass existing ACLs, creating a privilege-
escalation risk.
3.1.1.7. Lifecycle and State-Management Gap
Network changes often last several minutes (waiting for BGP
convergence or MAC migration). Once an MCP call completes, its
context is discarded immediately, so there is no way to stream
intermediate updates such as “convergence 90 %.” The LLM has no
choice but to poll repeatedly, increasing load on both itself and the
device while still failing to achieve a true state-machine-driven
closed loop.
3.1.2. Solution Considerations
For MCP to serve as "the universal glue between LLMs and devices" in
production networks, an upper layer must supply a transactional state
machine, a YANG self-description channel, streaming encodings, and
fine-grained audit semantics. Without these additions, MCP will
remain confined to labs or single-device scripting and will be unable
to close the loop on production-grade intent.
Zeng, et al. Expires 6 May 2026 [Page 4]
Internet-Draft LLM Netconf Gap November 2025
3.2. A2A
3.2.1. Gap Analysis
Positioned as a "multi-agent collaboration layer," the Agent-to-Agent
(A2A) protocol was created so that any two LLM-Agents can discover
each other, negotiate, and jointly finish long-running tasks. When
it is dropped straight into "network-controller ↔ network-device" or
"controller ↔ controller" settings, however, the following deep gaps
surface:
3.2.1.1. Task Granularity Mismatch with Network Atomic Operations
A2A Tasks target macro-level business goals (e.g., "relocate a DC").
The smallest deliverable is an Artifact. Network changes, by
contrast, must touch a single YANG leaf (e.g., "set interface X MTU =
9216"). The spec offers no "micro-task" primitive, so one Task
either carries thousands of lines and becomes bloated, or is split
into hundreds of Tasks that explode the state machine and raise LLM-
orchestration complexity.
3.2.1.2. No Network-Wide Transaction or Roll-back Semantics
A2A's state machine is limited to pending → working → completed/
failed. On failure the controller only gets a free-text
Task.statusMessage. Network ops demand cross-device atomic commit
plus a rollback tag. The protocol today defines no:
* two-phase-commit token (transaction-id),
* distributed lock or conflict detection,
* unified rollback API (rollback-on-failure).
Controllers must therefore implement compensation themselves, forcing
the LLM to reason about "how to write a rollback script," which
violates intent-based principles.
3.2.1.3. Poor Encoding and Bandwidth Efficiency
A2A mandates JSON for Artifact payloads and runs over HTTP/1.1. For
high-frequency telemetry (5 s interval, 10 k metrics/node) or bulk
config pushes, JSON's textual redundancy causes:
* controller-device link congestion,
* wasted LLM-context tokens,
Zeng, et al. Expires 6 May 2026 [Page 5]
Internet-Draft LLM Netconf Gap November 2025
* repetitive header parsing and higher CPU load.
The protocol lacks a binary or streaming encoding option and offers
no back-pressure mechanism.
3.2.1.4. Missing Multi-Device Context Correlation
A2A Task context is scoped to a single "conversation"; there is no
standard field to express topology-level constraints such as "change
the same VLAN on three leaf switches while keeping the STP root
bridge unchanged." The LLM must repeat inter-device relations in the
prompt, burning tokens and risking truncation that produces
configurations which are syntactically valid but topologically wrong.
3.2.1.5. Incompatibility with Existing Device Security Models
Devices generally enforce certificate-based mutual TLS plus NACM
path-level access control. A2A currently specifies only an OAuth2
delegation token and provides no mapping from "Task-level role" to
YANG node read/write/exec permissions, nor per-Artifact fine-grained
ACLs. Once an Artifact is cached or forwarded it may bypass the
certificate chain, leading to privilege escalation or configuration
pollution.
3.2.1.6. No Network-Semantics Discovery Mechanism
Skills are advertised in the Agent Card, but the Card is free text.
There are no standard fields saying "I support OpenConfig BGP 4.0
YANG" or "I manage AS 65001-65500." LLMs must rely on fuzzy
matching, often selecting the wrong partner and raising Task failure
rates.
3.2.1.7. Life-Cycle and Intermediate-State Reporting Gap
Network changes can last minutes (waiting for BGP convergence, MAC
moves). After a Task enters "working," A2A only mandates a final
Artifact; there is no standard way to push interim states such as
"convergence 70 %" or "MTU changed, waiting for LLDP neighbor re-
discovery." The LLM must poll or wait until timeout, increasing load
and preventing a true state-machine-driven closed loop.
Zeng, et al. Expires 6 May 2026 [Page 6]
Internet-Draft LLM Netconf Gap November 2025
3.2.2. Solution Considerations
To act as a "multi-agent collaboration bus" in network environments,
A2A must be systematically extended in task granularity, transaction
semantics, binary encoding, topology context, security mapping, life-
cycle management, and intermediate-state push. Otherwise it will
remain suited only for macro business flows and will be unable to
close the fine-grained, reliable, and roll-backable network-intent
loop required in production.
3.3. NETCONF
3.3.1. Gap Analysis
NETCONF [RFC6241] provides transactional, XML-encoded RPCs over SSH.
It lacks:
* Semantic discovery: YANG models are not self-describing for LLMs;
no runtime tool list.
* Session context: no standard place to store intent-id, LLM prompt,
or multi-device correlation.
* Streaming telemetry: <notification> is push-style but insufficient
for high-frequency KPI.
* Function-level audit: <commit> is atomic, but per-leaf
authorization is out-of-scope.
3.3.2. Solution Considerations
TBD
3.4. RESTCONF
3.4.1. Gap Analysis
RESTCONF [RFC8040] maps YANG to HTTP URIs. Gaps include:
* No candidate datastore—every PUT/PATCH is immediate.
* No server-side discovery document for LLMs.
* Stateless: no place to store multi-request intent.
* Encoding flexibility may confuse LLM prompt consistency.
Zeng, et al. Expires 6 May 2026 [Page 7]
Internet-Draft LLM Netconf Gap November 2025
3.4.2. Solution Considerations
TBD
3.5. gNMI
3.5.1. Gap Analysis
gNMI delivers high-speed telemetry but:
* No semantic metadata for LLMs.
* Set() is non-transactional across multiple paths.
* No multi-agent signalling—gNMI is 1:1.
* No standardized error ontology.
3.5.2. Solution Considerations
TBD
4. Summary
No single protocol satisfies all IBN-LLM requirements.
NETCONF/RESTCONF/gNMI need semantic and transactional extensions;
MCP/A2A need networking-specific profiling. A companion document
will define unified data models and security frameworks to close the
identified gaps.
5. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", 1997.
[RFC6241] Enns, R., "Network Configuration Protocol (NETCONF)",
2011.
[RFC8040] Bierman, A., "RESTCONF Protocol", 2017.
[RFC9457] Nottingham, M., "Problem Details for HTTP APIs", 2023.
[OpenConfig-gNMI]
Team, OpenConfig., "gNMI Specification", 2022.
[MCP-spec] Inc, Anthropic., "Model Context Protocol", 2024.
[A2A-spec] LLC, Google., "Agent-to-Agent Protocol", 2025.
Zeng, et al. Expires 6 May 2026 [Page 8]
Internet-Draft LLM Netconf Gap November 2025
6. Informative References
[I-D.ietf-opsawg-ibn-terminology]
IETF, "Intent-Based Networking Terminology", 2025.
Authors' Addresses
Guanming Zeng
Huawei
Email: zengguanming@huawei.com
Jianwei Mao
Huawei
Email: maojianwei@huawei.com
Bing Liu
Huawei
Email: leo.liubing@huawei.com
Nan Geng
Huawei
Email: gengnan@huawei.com
Xiaotong Shang
Huawei
Email: shangxiaotong@huawei.com
Qiangzhou Gao
Huawei
Email: gaoqiangzhou@huawei.com
Zhenbin Li
Huawei
Email: robinli314@163.com
Zeng, et al. Expires 6 May 2026 [Page 9]