Network Working Group Z. Guanming Internet-Draft Huawei Technology Intended status: Standards Track 16 October 2025 Expires: 19 April 2026 Model Context Protocol (MCP) Extensions for Network Equipment Management draft-zeng-mcp-network-mgmt-01 Abstract The Model Context Protocol (MCP) provides a JSON-RPC 2.0 framework for interaction between AI applications and external context sources. This document specifies minimal extensions that allow network equipment (routers, switches, etc.) to act as MCP servers while controllers act as MCP clients. New capability tokens, tools, resources, prompts, and error codes are defined without breaking existing MCP implementations. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 19 April 2026. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. Guanming Expires 19 April 2026 [Page 1] Internet-Draft MCP-NET October 2025 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Capability Advertisement . . . . . . . . . . . . . . . . . . 3 3.1. Rationale for Each Field . . . . . . . . . . . . . . . . 3 4. Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Resources . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 9.1. MCP Capability Tokens Registry . . . . . . . . . . . . . 6 9.2. JSON-RPC Error Codes Registry . . . . . . . . . . . . . . 6 10. Normative References . . . . . . . . . . . . . . . . . . . . 6 11. Informative References . . . . . . . . . . . . . . . . . . . 6 Appendix A. Appendix A. JSON Schema Examples . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Network controllers today need to speak CLI, YANG/NETCONF, SNMP, gNMI, and vendor-private APIs. Implementing a separate adapter for each protocol is expensive and error-prone. The Model Context Protocol (MCP) already defines a JSON-RPC 2.0 based framing, capability negotiation, and extensible tool/resource model. By adding a small set of network-specific capability flags and tool names, a device can expose its CLI, YANG datastores, and event streams through the same MCP channel that AI applications use for retrieving context. This document specifies those extensions. All new elements live in their own capability namespace and can be ignored by generic MCP clients, preserving backward compatibility. Guanming Expires 19 April 2026 [Page 2] Internet-Draft MCP-NET October 2025 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Terminology MCP Model Context Protocol Server MCP server running on the network device Client MCP client running on the controller Datastore Conventional YANG datastore (running, candidate, operational) 3. Capability Advertisement Servers that implement this specification MUST include the following object inside serverCapabilities in the initialize response: "network": { "yangModules": ["ietf-interfaces", "openconfig-interfaces"], "cliDialect": "cisco-iosxr", "configDatastore": ["running", "candidate", "operational"], "notificationStream": ["syslog", "netconf-stream", "snmp-trap"], "maxBulkEdit": 1000, "supportsRollback": true, "rollbackTimeout": 300 } Figure 1 3.1. Rationale for Each Field yangModules: Lists YANG modules the server can serve. Clients use this to decide whether to invoke network.yang.* tools or fall back to CLI. cliDialect: Identifies CLI syntax (cisco-iosxr, huawei-vrp, etc.). Controllers can adjust prompt regex and command sequences accordingly. configDatastore: Bit-mask hint—running = editable live config; candidate = two-phase commit; operational = read-only state DB. Avoids unnecessary NETCONF hello round-trips. Guanming Expires 19 April 2026 [Page 3] Internet-Draft MCP-NET October 2025 notificationStream: Tells the client which async event streams the server can translate into MCP notifications. Client can subscribe only to available types. maxBulkEdit: Device-level limit to avoid oversized edit-config requests. Controllers can chunk large changes. supportsRollback / rollbackTimeout: Boolean plus numeric seconds. Lets client know a confirmed-commit can be rolled back automatically if not confirmed within the window. 4. Tools Seven new tool names are defined. All reuse the standard MCP tools/ call request and MUST be listed by tools/list. +=======================+=======================================+ | Name | Description | +=======================+=======================================+ | network.cli.exec | Execute operational CLI show commands | +-----------------------+---------------------------------------+ | network.cli.configure | Enter config mode and send commands | +-----------------------+---------------------------------------+ | network.yang.get | Retrieve YANG data node | +-----------------------+---------------------------------------+ | network.yang.edit | Edit candidate datastore | +-----------------------+---------------------------------------+ | network.commit | Commit candidate to running | +-----------------------+---------------------------------------+ | network.rollback | Rollback to previous commit | +-----------------------+---------------------------------------+ | network.file.pull | Backup config file | +-----------------------+---------------------------------------+ | network.file.push | Restore config file | +-----------------------+---------------------------------------+ Table 1 Arguments are described by JSON Schema inside tool metadata, so SDKs can auto-generate bindings. If a device only supports CLI, it advertises network.yang.* tools with available=false; controllers automatically downgrade. 5. Resources Network state is exposed as read-only resources with URI scheme network:///. Examples: Guanming Expires 19 April 2026 [Page 4] Internet-Draft MCP-NET October 2025 network:///interface/TenGigE0/0/0/0 network:///routing/ipv4/route-table network:///file/startup-config MIME type MUST match the encoding (application/yang-data+json, text/ plain, etc.). Large data can be paginated using the native MCP resource/subscribe cursor mechanism. 6. Prompts Interactive assistants MAY expose prompt templates such as network.troubleshoot.ping-fail, network.config.add-vlan, network.security.audit. Arguments are implementation specific but SHOULD use the same JSON Schema style as tools for consistency. 7. Error Codes New JSON-RPC error codes (registered in IANA section): +========+================================+ | Code | Message | +========+================================+ | -32081 | Network.Timeout | +--------+--------------------------------+ | -32082 | Network.Unreachable | +--------+--------------------------------+ | -32083 | Network.AccessDenied | +--------+--------------------------------+ | -32084 | Network.ConfigIncompatible | +--------+--------------------------------+ | -32085 | Network.RollbackFailed | +--------+--------------------------------+ | -32086 | Network.ConfirmedCommitTimeout | +--------+--------------------------------+ Table 2 These codes allow controllers to distinguish transport failures from authorization or device-level errors without parsing free-text messages. Guanming Expires 19 April 2026 [Page 5] Internet-Draft MCP-NET October 2025 8. Security Considerations All operations run with the privileges of the authenticated MCP session. Servers MUST enforce role-based access control for configuration commands. Commit confirmed SHOULD be used for potentially disruptive changes. Transport security is provided by the underlying MCP transport (TLS for HTTP, SSH port-forward for stdio). Sensitive data (passwords, SNMP communities) MUST be redacted in logs and MCP traces. 9. IANA Considerations 9.1. MCP Capability Tokens Registry IANA is requested to register the following value: * Token: network * Description: Network equipment extensions for MCP * Reference: this document 9.2. JSON-RPC Error Codes Registry IANA is requested to register the error codes -32081 to -32086 in the "JSON-RPC Application-Specific Error Codes" registry, all pointing to this document. 10. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, May 2017, . [RFC7950] Bjorklund, M., "The YANG 1.1 Data Modeling Language", RFC 7950, August 2016, . [RFC8259] Bray, T., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, December 2017, . 11. Informative References Guanming Expires 19 April 2026 [Page 6] Internet-Draft MCP-NET October 2025 [MCP] Anthropic, "Model Context Protocol Specification 2025-06-18", URL https://modelcontextprotocol.io/ specification/2025-06-18/basic, 2025. Appendix A. Appendix A. JSON Schema Examples Example tool metadata snippet (pretty printed): { "name": "network.yang.get", "description": "Retrieve a YANG data node", "inputSchema": { "type": "object", "properties": { "path": { "type": "string" }, "datastore": { "enum": ["running", "operational"] } }, "required": ["path"] } } Author's Address Zeng Guanming Huawei Technology Email: zengguanming@huawei.com Guanming Expires 19 April 2026 [Page 7]