NSO

Overview

NSO gathers, parses, and stores the configuration state of the network devices it manages in a configuration database (CDB). Users and applications can then "ask" NSO to create, read, update, or delete configuration in a programmatic way either ad hoc or through customizable network services.
NSO uses software packages called Network Element Drivers (NEDs) to facilitate telnet, SSH, or API interactions with the devices that it manages. The NED provides an abstraction layer that reads in the device's running configuration and parses it into a data-model-validated snapshot in the CDB.
The NEDs also allow for the reverse, creating network configuration from CDB data inputs and then sending the configurations to the network devices. There are hundreds of NEDs covering all the Cisco platforms (including IOS-XE, IOS-XR, NX-OS, and ASA) and all major non-Cisco platforms as well

Installation

Two modes:
- System Install: install as an always-on service
- Local Install: install as standalone on-demand instance, used for development and evaluation
Configuration files:
- ncs.conf: NSO application configuration file. Used to customize aspects of the NSO instance (change ports, enable or disable features, and so on.)
- packages/: Directory that has symlinks to the NEDs referenced in the --package arguments at setup.
- logs/: Directory that contains all the logs from NSO. Use this directory when troubleshooting.

Simulator Installation

ncs-netsim --dir ~/src/netsim create-network cisco-ios-cli-3.8 2 ios
ncs-setup --dest ~/src --netsim-dir ~/src/netsim
cd ~/src
ncs-netsim --dir ~/src/nso-instance/netsim start|stop internet-rtr0

Setup NCS Instance

ncs-setup \
--package nso/packages/neds/cisco-nx-cli-5.23 \
--package nso/packages/neds/cisco-asa-cli-6.6 \
--package nso/packages/neds/cisco-ios-cli-6.91 \
--package nso/packages/neds/cisco-iosxr-cli-7.45 \
--dest nso-instance

go to nso-instance folder and start ncs: ncs
ncs --status: check status

Setup device authentication

NSO uses authgroups to set up credentials for device access. Many authgroups can be configured as needed for the different variations of authentication used across your network. An authgroup can use SNMP or certificates in addition to traditional username/passwords. NSO supports powerful methods of RBAC for identifying and using different authentication and authorization levels depending on the user who is logged into NSO.

To setup authgroup

login to NSO CLI: ncs_cli -u admin -C
enter config mode: config

devices authgroups group labadmin
default-map remote-name cisco
default-map remote-password cisco
default-map remote-secondary-password cisco

- check configuration before committing: show config
- commit

Adding devices to NSO

After having authgroup setup, devices can be added to inventory which need the following information
- device's IP or FQDN
- Protocol such as SSH, Telnet, HTTP, Rest and so on and port number
- authgroup to be used for the device
- the NED (device driver) to use to connect to the device
Add edge-sw01 device:

devices device edge-sw01
address 10.10.20.172
authgroup labadmin
device-type cli ned-id cisco-ios-cli-6.91
device-type cli protocol telnet
ssh host-key-verification none
commit

View current context of device: pwd
Connect to device: connect
- By default devices are in locked mode (default)
- change admin-state of device: state admin-state unlocked, then commit
Connect to all devices: devices connect
view all devices: show devices list
Other ways to add devices:
1. Manually type commands for each device like above steps
2. Use an API
3. Query a production system that has the full device list and save output to a file, then use load merge command from NSO to read it into NSO and commit
Query and Load merge devices
- Log into a source nso: ncs_cli -C -u admin
- show running-config devices device | de-select config: view configuration, filter out its configuration
- Save output to a file such as devices-config.txt
- Log into a destination nso: ncs_cli -C -u admin
  - change to config mode: conf
  - load merge devices: load merge /home/developer/devices-config.txt
- commit to apply the change
- view devices: show devices list

Sync Configuration from Devices

show running-config devices device $device-name config: view device configuration saved in configuraiton database (CDB).
devices sync-from: Enable device configuration sync
devices device-group IOS-DEVICES check-sync: check device group sync status

Group devices together

Create device group and add devices to group

devices device-group IOS-DEVICES
device-name internet-rtr01
device-name dist-rtr01
device-name dist-rtr02

Create an ALL group to include all other groups

devices device-group ALL
device-group ASA-DEVICES
device-group IOS-DEVICES
device-group NXOS-DEVICES
device-group XR-DEVICES

commit to apply changes

Update device configuration

ncs_cli -u admin -C
config
devices device dist-sw01
config (this is to change to config mode of this specific device)
vlan 42
name TheAnswer
exit
interface Vlan 42
description "Answer to the Ultimate Question of Life, the Universe, and Everything"
ip address 10.42.42.42/24
exit
# can use "top" command to exit to the root level instead of using multiple exit commands

Check command commit in dry-run mode: commit dry-run outformat native
If everything works, commit again to apply the staged config

Roll back configuration

show configuration rollback changes: View the latest changes, if rollback
Load up these change and view staged configuration:

rollback configuration
show configuration

Some Commands

Note: Tab completion is case-sensitive
show running-config devices device internet-router config interface | display [json|xml]: view device's interface configuration
show running-config devices device internet-router config interface Vlan * ip address: view ip address of all vlan interfaces
show full-configuration devices device $devicename config | nomore: examine device configuration
devices device $devicename config: Change to device config configuration mode
ios:hostname $newhostname: change hostname of device
show configuration: in this context, it will only show current configuration in transaction (new command)
devices device * config ios:enable password $password: change password on all devices
show devices device dist-sw01 platform [serial-number|version]: View platform information of a device
show devices device * platform [serial-number|vesrion]: View platform information of all devices
show devices device dist-sw01 live-status port-channel: view live-status of devices, rather than pulling from CDB. Can replace port-channel with other options:
- ip route
devices device dist-sw01 live-status exec show license usage: run show command on device and get returned result
devices device dist-sw01 live-status exec any dir: run any dir command
devices device dist* live-status exec show license usage | save /home/developer/nexus-license-usage.txt: save output for later usage

Templates

Create a template

devices template SET-DNS-SERVER
ned-id cisco-nx-cli-5.23
config
ip name-server servers 208.67.222.222
ip name-server servers 208.67.220.220

check the template and commit:
- show configuration
- commit

# template for different device types
devices template SET-DNS-SERVER
! IOS TEMPLATE
ned-id cisco-ios-cli-6.91
config
ip name-server name-server-list 208.67.222.222
ip name-server name-server-list 208.67.220.220
exit
exit
exit

! ASA TEMPLATE
! 3 exits to return back to the 'config-template-SET-DNS-SERVER' context
ned-id cisco-asa-cli-6.6
config
dns domain-lookup mgmt
dns server-group DefaultDNS
name-server 208.67.220.220
name-server 208.67.222.222
exit
exit
exit

! IOS-XR TEMPLATE
ned-id cisco-iosxr-cli-7.45
config
domain name-server 208.67.222.222
exit
domain name-server 208.67.220.220

Check and apply template

View device list in config mode: do show devices list
devices device dist-sw01 apply-template template-name SET-DNS-SERVER
show configuration: check configuration to be applied
commit or revert to un-staged configuration

Configuration Compliance

There are 2 steps:

Building a device template that contains the desired configuration to test.
Building a compliance report to check the configuration of a group of devices against a template.

Build device template

or show running-configuration | save template.txt

devices template COMPLIANCE-CHECK
 ned-id cisco-ios-cli-6.91
 config
 ip name-server name-server-list 208.67.222.222
 ip name-server name-server-list 208.67.220.220
 exit
 service timestamps log datetime localtime show-timezone year
 logging host ipv4 10.225.1.11
 exit
 ntp server peer-list 10.225.1.11
 exit
 exit
 exit
 !
 ned-id cisco-nx-cli-5.23
 config
 ip name-server servers 208.67.222.222
 ip name-server servers 208.67.220.220
 logging timestamp milliseconds
 logging server 10.225.1.11 level 5
 exit
 ntp server 10.225.1.11
 exit
 exit
 exit
 !
 ned-id cisco-asa-cli-6.6
 config
 dns domain-lookup mgmt
 dns server-group DefaultDNS
 name-server 208.67.222.222
 name-server 208.67.220.220
 exit
 logging timestamp
 logging host mgmt 10.225.1.11
 exit
 ntp server 10.225.1.11
 exit
 exit
 exit

check configuration: show configuration
and commit

Build compliance report

compliance reports report COMPLIANCE-CHECK
compare-template COMPLIANCE-CHECK ALL
commit

Apply the template: compliance reports report COMPLIANCE-CHECK run
Apply the template and save output in specific format: compliance reports report COMPLIANCE-CHECK run outformat {text|html}
View the result: cat nso-instance/state/compliance-reports/report*.text

Resolve compliance problems

devices device-group ALL apply-template template-name COMPLIANCE-CHECK

NSO Services

A declarative method to abstract and automate a task that is done repeatedly
can be a customer facing and resource facing service

Service Packages

Service packages are a collection of structured files and folders that NSO loads in to the application to extend NSO with new functionality.
ncs-make-package is a tool to auto-generate a skeleton structure of files and folders for creating a service package

cd nso-instance/packages/
ls
ncs-make-package -h
ncs-make-package --service-skeleton template loopback-service

Important files are:
- loopback-service/src/yang/loopback-service.yang
- loopback-service/templates/loopback-service-template.xml
Generate XML to plug into the template commands

ncs_cli -C -u admin
config
devices device dist-rtr01 config
interface Loopback 100
ip address 10.10.30.0 255.255.255.0

Then show configuration and output as xml

show configuration
commit dry-run outformat xml

copy the part between config tags

data <devices xmlns="http://tail-f.com/ns/ncs">
        <device>
            <name>dist-rtr01</name>
            <config>                               
            <interface xmlns="urn:ios">            <------- |  COPY FROM HERE: <interface xmlns="urn:ios">
                <Loopback>                                  |
                <name>100</name>                            |
                <ip>                                        |
                    <address>                               |
                    <primary>                               |
                        <address>10.10.30.0</address>       |
                        <mask>255.255.255.0</mask>          |
                    </primary>                              |
                    </address>                              |
                </ip>                                       |
                </Loopback>                                 |
            </interface>                          <-------- | TO HERE </interface>
            </config>|
        </device>
        </devices>

Then put in between config tag of template file above loopback-service/templates/loopback-service-template.xml, then replace ip address 10.10.30.0 with {/dummy}

<config-template xmlns="http://tail-f.com/ns/config/1.0"
                 servicepoint="loopback-service">
  <devices xmlns="http://tail-f.com/ns/ncs">
    <device>
      <!--
          Select the devices from some data structure in the service
          model. In this skeleton the devices are specified in a leaf-list.
          Select all devices in that leaf-list:
      -->
      <name>{/device}</name>
      <config>
                   <interface xmlns="urn:ios">
                     <Loopback>
                       <name>100</name>
                       <ip>
                         <address>
                           <primary>
                             #<address>10.10.30.0</address> is replaced below
                             <address>{/dummy}</address>
                             <mask>255.255.255.0</mask>
                           </primary>
                         </address>
                       </ip>
                     </Loopback>
                   </interface>
      </config>
    </device>
  </devices>
</config-template>

Then save the file and compile Yang Data model

(py3venv) [developer@devbox packages]$ cd loopback-service/src/
 (py3venv) [developer@devbox src]$ make
 mkdir -p ../load-dir
 /home/developer/nso/bin/ncsc  `ls loopback-service-ann.yang  > /dev/null 2>&1 && echo "-a loopback-service-ann.yang"` \
               -c -o ../load-dir/loopback-service.fxs yang/loopback-service.yang
 (py3venv) [developer@devbox src]$

Load the new package:

ncs_cli -C -u admin
packages reload 
# when there are changes to the YANG model, Java code, or when a new package is loaded. The command performs a full reload of all packages and checks the consistency of data in the CDB with the YANG models.
or packages package $package-name redeploy
# when there are only changes to XML templates and Python or Java code in the package. This command is faster and expedites the development process

Create a service instance

config
loo? # NSO should recognize the new loop-back service
loopback-service test
device dist-rt01
dummy 192.168.1.1
top
commit dry-run outformat native
native {
     device {
         name dist-rtr01
         data interface Loopback100
               ip redirects
               ip address 192.168.1.1 255.255.255.0
               no shutdown
              exit
     }
 }

show configuration
 loopback-service test
  device [ dist-rtr01 ]
  dummy  192.168.1.1
 !
commit

If for some reason, the config is changed after sync-from device, it can be redeploy using

loopback-service test re-deploy dry-run
loopback-service test re-deploy 
``


### Another example of building service package using inline commmands

- use the --dest option to define the path instead of changing to packages folder

ncs-make-package --service-skeleton template --dest nso-instance/packages/simple-service simple-service printf 'module simple-service { namespace "http://com/example/simpleservice"; prefix simple-service; import tailf-ncs { prefix ncs; } list simple-service { key name; uses ncs:service-data; ncs:servicepoint simple-service; leaf name { type string; } leaf device { type leafref { path "/ncs:devices/ncs:device/ncs:name"; } } leaf secret { type string; } } } ' > nso-instance/packages/simple-service/src/yang/simple-service.yang printf ' {./device} {./secret} ' > nso-instance/packages/simple-service/templates/simple-service-template.xml make -C nso-instance/packages/simple-service/src echo "packages reload" | ncs_cli -C -u admin

## Some commands
- show packages package oper-status
- Config password in the package

config simple-service test1 device ios0 secret mypasswd

- show configuration
- simple-service test1 get-modifications
- simple-service test1 re-deploy
- no simple-service test1
- exit no-confirm

## Another Example Service

developer:simple-service > cd $NCS_DIR/examples.ncs/development-guide/cdb-yang developer:cdb-yang > make showcase ./showcase.sh

Setup the demo

Make sure no previous NSO or netsim processes are running

Create an NSO local install with a fresh runtime directory

make[1]: Entering directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang' rm -rf nso-lab-rundir mkdir nso-lab-rundir ncs-setup --dest ./nso-lab-rundir make[1]: Leaving directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang'

Have the environment variable NSO_RUNDIR point to the runtime directory

Showcase: Extending the CDB with Packages

Step 1: Create a package

gmake[1]: Entering directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang/nso-lab-rundir/packages/my-data-entries/src' mkdir -p ../load-dir /home/developer/nso-6.2.1/bin/ncsc ls my-data-entries-ann.yang > /dev/null 2>&1 && echo "-a my-data-entries-ann.yang" --fail-on-warnings -c -o ../load-dir/my-data-entries.fxs yang/my-data-entries.yang gmake[1]: Leaving directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang/nso-lab-rundir/packages/my-data-entries/src'

Step 2: Add package to NSO

admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# packages reload reload-result { package my-data-entries result true } admin@ncs# show my-data-entries % No entries found. admin@ncs#

Step 3: Set data

User admin last logged in 2024-04-16T02:13:05.100749+00:00, to devpod-4884268602524010749-85755c9897-2gq8k, from 127.0.0.1 using cli-console admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# config Entering configuration mode terminal admin@ncs(config)# my-data-entries "entry number 1" admin@ncs(config-my-data-entries-entry number 1)# dummy 0.0.0.0 admin@ncs(config-my-data-entries-entry number 1)# abort admin@ncs#

Step 4: Inspect the YANG module

User admin last logged in 2024-04-16T02:13:07.428493+00:00, to devpod-4884268602524010749-85755c9897-2gq8k, from 127.0.0.1 using cli-console admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# file show packages/my-data-entries/src/yang/my-data-entries.yang | nomore module my-data-entries {

namespace "http://example.com/my-data-entries"; prefix my-data-entries;

import ietf-inet-types { prefix inet; } import tailf-common { prefix tailf; } import tailf-ncs { prefix ncs; }

description "Bla bla...";

revision 2016-01-01 { description "Initial revision."; }

list my-data-entries { description "This is an RFS skeleton service";

key name;
leaf name {
  tailf:info "Unique service id";
  tailf:cli-allow-range;
  type string;
}

uses ncs:service-data;
ncs:servicepoint my-data-entries-servicepoint;

// may replace this with other ways of refering to the devices.
leaf-list device {
  type leafref {
    path "/ncs:devices/ncs:device/ncs:name";
  }
}

// replace with your own stuff here
leaf dummy {
  type inet:ipv4-address;
}

} } admin@ncs# show ncs-state loaded-data-models data-model my-data-entries | nomore ncs-state loaded-data-models data-model my-data-entries revision 2016-01-01 namespace http://example.com/my-data-entries prefix my-data-entries exported-to-all admin@ncs#

Showcase: Building and Testing a Model

Step 1: Create a model skeleton

Note: Created the service skeleton package in step 1 of the previous showcase

module my-test-model { namespace "http://example.tail-f.com/my-test-model"; prefix "t";

Step 2: Fill out the model

module my-test-model { namespace "http://example.tail-f.com/my-test-model"; prefix "t";

container host { leaf host-name { type string; description "Hostname for this system"; } leaf-list domains { type string; description "My favourite internet domains"; } container server-admin { description "Administrator contact for this system"; leaf name { type string; } } list user-info { description "Information about team members"; key "name"; leaf name { type string; } leaf expertise { type string; } } } }

Step 3: Compile and load the model

make[1]: Entering directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang/nso-lab-rundir/packages/my-data-entries/src' /home/developer/nso-6.2.1/bin/ncsc ls my-test-model-ann.yang > /dev/null 2>&1 && echo "-a my-test-model-ann.yang" --fail-on-warnings -c -o ../load-dir/my-test-model.fxs yang/my-test-model.yang make[1]: Leaving directory '/home/developer/nso-6.2.1/examples.ncs/development-guide/cdb-yang/nso-lab-rundir/packages/my-data-entries/src'

User admin last logged in 2024-04-16T02:13:07.813294+00:00, to devpod-4884268602524010749-85755c9897-2gq8k, from 127.0.0.1 using cli-console admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# packages reload

System upgrade is starting. Sessions in configure mode must exit to operational mode. No configuration changes can be performed until upgrade has completed. System upgrade has completed successfully. reload-result { package my-data-entries result true } admin@ncs#

Step 4: Test the model

User admin last logged in 2024-04-16T02:13:10.603362+00:00, to devpod-4884268602524010749-85755c9897-2gq8k, from 127.0.0.1 using cli-console admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# config Entering configuration mode terminal admin@ncs(config)# host host-name my-host admin@ncs(config)# host domains [ tail-f.com tail-f.se ] admin@ncs(config)# host server-admin name Ingrid admin@ncs(config)# host user-info Greta admin@ncs(config-user-info-Greta)# expertise sustainability admin@ncs(config-user-info-Greta)# host user-info Gunvald admin@ncs(config-user-info-Gunvald)# expertise security admin@ncs(config-user-info-Gunvald)# top admin@ncs(config)# show configuration host host-name my-host host domains [ tail-f.com tail-f.se ] host server-admin name Ingrid host user-info Greta expertise sustainability ! host user-info Gunvald expertise security ! admin@ncs(config)# commit Commit complete. admin@ncs(config)# show full-configuration host | display xml | save cdb-init.xml admin@ncs(config)#

cat cdb-init.xml my-host tail-f.com tail-f.se Ingrid Greta sustainability Gunvald security

ncs_load -Fp -p /host my-host tail-f.com tail-f.se Ingrid Greta sustainability Gunvald security

ncs_load -Fc -p /host host host-name my-host host domains [ tail-f.com tail-f.se ] host server-admin name Ingrid host user-info Greta expertise sustainability ! host user-info Gunvald expertise security !

User admin last logged in 2024-04-16T02:13:14.502173+00:00, to devpod-4884268602524010749-85755c9897-2gq8k, from 127.0.0.1 using cli-console admin connected from 127.0.0.1 using console on devpod-4884268602524010749-85755c9897-2gq8k admin@ncs# show running-config host host host-name my-host host domains [ tail-f.com tail-f.se ] host server-admin name Ingrid host user-info Greta expertise sustainability ! host user-info Gunvald expertise security ! admin@ncs# config Entering configuration mode terminal admin@ncs(config)# no host admin@ncs(config)# commit Commit complete. admin@ncs(config)# show full-configuration host % No entries found. admin@ncs(config)# load merge cdb-init.xml Loading. 493 bytes parsed in 0.07 sec (6.44 KiB/sec) admin@ncs(config)# commit dry-run cli { local-node { data host { + host-name my-host; + domains [ tail-f.com tail-f.se ]; server-admin { + name Ingrid; } + user-info Greta { + expertise sustainability; + } + user-info Gunvald { + expertise security; + } } } } admin@ncs(config)# commit Commit complete. admin@ncs(config)# show full-configuration host host host-name my-host host domains [ tail-f.com tail-f.se ] host server-admin name Ingrid host user-info Greta expertise sustainability ! host user-info Gunvald expertise security ! admin@ncs(config)#

Done

developer:cdb-yang > make showcase-rc python3 showcase_rc.py

Setup the demo

Make sure no nso or netsim processes are running

Create an NSO local install with a fresh runtime directory

Have the environment variable NSO_RUNDIR point to the runtime directory

Done

Showcase: Extending the CDB with Packages

Step 1: Create a package

Step 2: Add package to NSO

POST http://localhost:8080/restconf/operations/tailf-ncs:packages/reload { "tailf-ncs:output": { "reload-result": [ { "package": "my-data-entries", "result": true } ] } }

GET http://localhost:8080/restconf/data/my-data-entries:my-data-entries Status code: 204

Step 3: Set data

PATCH http://localhost:8080/restconf/data { "data": { "my-data-entries:my-data-entries": [ { "name": "ex1", "dummy": "0.0.0.0" } ] } } Status code: 204

Step 4: Inspect the YANG module

GET http://localhost:8080/restconf/data/tailf-ncs-monitoring:ncs-state/loaded-data-models/data-model=my-data-entries { "tailf-ncs-monitoring:data-model": [ { "name": "my-data-entries", "revision": "2016-01-01", "namespace": "http://example.com/my-data-entries", "prefix": "my-data-entries", "exported-to-all": [null] } ] }

GET http://localhost:8080/restconf/data/ietf-yang-library:modules-state/module=my-data-entries,2016-01-01/schema { "ietf-yang-library:schema": "http://localhost:8080/restconf/tailf/modules/my-data-entries/2016-01-01" }

GET http://localhost:8080/restconf/tailf/modules/my-data-entries/2016-01-01 module my-data-entries {

namespace "http://example.com/my-data-entries"; prefix my-data-entries;

import ietf-inet-types { prefix inet; } import tailf-common { prefix tailf; } import tailf-ncs { prefix ncs; }

description "Bla bla...";

revision 2016-01-01 { description "Initial revision."; }

list my-data-entries { description "This is an RFS skeleton service";

key name;
leaf name {
  tailf:info "Unique service id";
  tailf:cli-allow-range;
  type string;
}

uses ncs:service-data;
ncs:servicepoint my-data-entries-servicepoint;

// may replace this with other ways of refering to the devices.
leaf-list device {
  type leafref {
    path "/ncs:devices/ncs:device/ncs:name";
  }
}

// replace with your own stuff here
leaf dummy {
  type inet:ipv4-address;
}

} }

Showcase: Building and Testing a Model

Step 1: Create a model skeleton

Note: Created the service skeleton package in step 1 of the previous showcase

module my-test-model { namespace "http://example.tail-f.com/my-test-model"; prefix "t";

Step 2: Fill out the model

Step 3: Compile and load the model

{ "tailf-ncs:output": { "reload-result": [ { "package": "my-data-entries", "result": true } ] } }

Step 4: Test the model

PATCH http://localhost:8080/restconf/data { "data": { "my-test-model:host": { "host-name": "my-host", "domains": [ "tail-f.com", "tail-f.se" ], "server-admin": { "name": "Ingrid" }, "user-info": [ { "name": "Greta", "expertise": "sustainability" }, { "name": "Gunvald", "expertise": "security" } ] } } } Status code: 204

GET http://localhost:8080/restconf/data/my-test-model:host { "my-test-model:host": { "host-name": "my-host", "domains": ["tail-f.com", "tail-f.se"], "server-admin": { "name": "Ingrid" }, "user-info": [ { "name": "Greta", "expertise": "sustainability" }, { "name": "Gunvald", "expertise": "security" } ] } }

DELETE http://localhost:8080/restconf/data/my-test-model:host Status code: 204 GET http://localhost:8080/restconf/data/my-test-model:host Status code: 204 PATCH http://localhost:8080/restconf/data Status code: 204 GET http://localhost:8080/restconf/data/my-test-model:host

my-host tail-f.com tail-f.se Ingrid Greta sustainability Gunvald security

Done

developer:cdb-yang >


## Types of Services
- Template-based service
  - Mapping is implemented by using XML templates.
  - Easiest and fastest to develop. Templates are the best option to start exploring NSO service development.
  - Limited options for service parameter manipulation and integrations.
- Python- or Java-based service:
  - More options for implementation—IP address calculations, additional parameter checking
  - Integrations with external systems possible (IP Address Management [IPAM])
  - More challenging to implement mappings to the device in code
- Python, Java, and template-based service
  - Best of both approaches
  - Templates for mapping to device configurations
  - Python code for calculations and integrations

## FASTMAP
- FASTMAP is an algorithm that assists with the transformation from service models to device models. A developer of a service writes a create method with templates or code, and NSO manages the delete and update methods
- FASTMAP also controls and optimizes configuration actions towards the device, always calculating the minimum changes that are required to reach a certain state of configuration. To achieve this, NSO stores undo configuration for each service instance, called reverse-diff-set
- FASTMAP uses Refcount and Backpointers to track which service owns a specific device configuration. Only when the Refcount is zero, will NSO remove the configuration from the device, preventing the removal of a shared configuration while still being used by other service instances. Also, there is the OriginalValue field which stores any configuration present before the service has changed it.
- These can be observed these values with the show running-config command together with | display service-meta-data

### Service Modeling
- There are two approach:
  - Top Down: suitable for greenfield which starts with a high-level design, then translated to YANG model, then create an XML template using NSO CLI to map to device configuration
    - use: ncs_cli to configure devices, then commit dry-run outformat xml
   
    ```
    config
    devices device core-rtr0 config vlan 101
    exit
    interface GigabitEthernet 0/0/0/4 switchport mode access
    switchport access vlan 101
    top
    commit dry-run outformat xml
    abort
    ```
  
  - Bottom Up: suitable for brownfiled which already has an existing network of devices with configuration is already in place. 
    - use: ncs_cli to sync-from devices, then show running-config | display xml to get skeleton for serivce XML template
- There are some exampe in $NCS_DIR/example.ncs

### Create a template-based service
- The steps are
  - Create a package skeleton.
  - Write a YANG model for input parameters (interface number, device, description).
  - Create a service template for the required platforms such as IOS and IOX-XR

#### Create a package skeleton
- cd ~/src/nso-instance/packages
- ncs-make-package --help
  - The most commonly used options for service development are --service-skeleton with template or python-and-template as a type.
- ncs-make-package --service-skeleton template loopback: generate service skeleton with multiple files and folder. Can check package-meta-data.xml for more information

#### Write a YANG model
- Open the YANG model file (~/src/nso-instance/packages/loopback/src/yang/loopback.yang) that the ncs-make-package command created and edit accordingly, For example: to create a loopback service, do the following:
  - keep the list loopback - the service must support many service instances;
  - remove the leaf-list device and the leaf dummy
  - add leaves device and ip-address both of type string for now (string accepts any text value;
  - and add leaf loopback-intf of type uint32.
  - Keep the statements uses ncs:service-data; which is a grouping that NSO uses to store internal data about service, and ncs:servicepoint "loopback"; that connects service with the corresponding template. Remove the import of ietf-inet-types, since it is currently not used.

cat >| src/yang/loopback.yang << EOF
module loopback {
  namespace "http://com/example/loopback";
  prefix loopback;

  import tailf-ncs {
    prefix ncs;
  }

  list loopback {
    key name;

    uses ncs:service-data;
    ncs:servicepoint "loopback";

    leaf name {
      type string;
    }

    leaf device {
      type string;
    }
    leaf ip-address {
      type string;
    }
    leaf loopback-intf {
      type uint32;
    }
  }
}
EOF

- Save and build the package so NSO can use it: make -C ~/src/nso-instance/packages/loopback/src

#### Create a service template
- Copy output from Service Modeling step to templates/loopback.xml 
- Identify what values need to be parametrized. For example, it is device name, loopback id, and loopback address - the mask is always of length 32. We already have YANG leaves for those three values, in the template they should be referred to as {/device}, {/loopback-intf}, and {/address} respectively. Note that the template has two parts, the first one specifies mapping for IOS-XR, the second one for IOS. NSO uses XML namespaces (xmlns) to recognize which parts of the template must be applied based on the target device.

cat >| templates/loopback.xml << EOF {/device} {/loopback-intf}

{/ip-address} 255.255.255.255

       <interface xmlns="urn:ios">
         <Loopback>
           <name>{/loopback-intf}</name>
           <ip>
             <address>
               <primary>
                 <address>{/ip-address}</address>
                 <mask>255.255.255.255</mask>
               </primary>
             </address>
           </ip>
         </Loopback>
       </interface>
     </config>
   </device>

EOF ``` - Reload packages: packages reload - Try to configure a device using created service template: ``` config loopback test device core-rtr0 loopback-intf 201 ip-address 192.168.10.1 top commit dry-run outformat native ```

Note

With above service template, there might be some issues such as non-existing device, forgetting to set ip address
A well-designed service should produce consistent and reliable device configurations as an incorrect user input can result in the device rejecting the configuration. With different YANG statements, you can prevent that result before you send the configuration to the device.

Preventing incorrect user input

Open ~/src/nso-instance/packages/loopback/src/yang/loopback.yang, the YANG model of the loopback service again. To prevent incorrect user input, it should change from the following three leaves:

  leaf device {
    type string;
  }

  leaf loopback-intf {
    type uint32;
  }

  leaf ip-address {
    type string;
  }

to: (Instead of the string type, use leafref and add a path that points to all devices in NSO)

  leaf device {
      type leafref {
        path "/ncs:devices/ncs:device/ncs:name";
      }
    }

The IP address is modeled as string which allows the user to provide invalid addresses. Use the inet:ipv4-address type instead, and make it mandatory. Doing so ensures that the user cannot forget to configure it. Import the ietf-inet-types module to be able to use the inet:ipv4-address type:

 import ietf-inet-types {
    prefix inet;
  }

  ...

    leaf ip-address {
      type inet:ipv4-address;
      mandatory true;
    }

add tailf:info statements to all leaves that provides description of what value is expected. First import the tailf-common module. Then add the tailf:info with description to each leaf. The final data model should correspond to what this command generates:

cat >| ~/src/nso-instance/packages/loopback/src/yang/loopback.yang << EOF
module loopback {
  namespace "http://com/example/loopback";
  prefix loopback;

  import tailf-ncs {
    prefix ncs;
  }

  import ietf-inet-types {
    prefix inet;
  }

  import tailf-common {
    prefix tailf;
  }

  list loopback {
    key name;

    uses ncs:service-data;
    ncs:servicepoint "loopback";

    leaf name {
      tailf:info "Service instance name";
      type string;
    }

    leaf device {
      tailf:info "Device name";
      type leafref {
        path "/ncs:devices/ncs:device/ncs:name";
      }
    }

    leaf ip-address {
      tailf:info "IP address to configure on loopback interface";
      type inet:ipv4-address;
      mandatory true;
    }

    leaf loopback-intf {
      tailf:info "Loopback interface number";
      type uint32;
    }
  }
}
EOF

Then rebuild the package and reload:

make -C ~/src/nso-instance/packages/loopback/src
ncs_cli -C -u admin
packages reload

Some commands to debug:

commit | debug service
commit | details

Reference

PreviousReference NextCommands

Last updated 1 year ago

Overview

Installation

Simulator Installation

Setup NCS Instance

Setup device authentication

Adding devices to NSO

Query and Load merge devices

Sync Configuration from Devices

Group devices together

Update device configuration

Roll back configuration

Some Commands

Templates

Create a template

Check and apply template

Configuration Compliance

Build device template

Build compliance report

Resolve compliance problems

NSO Services

Service Packages

Some commands to debug:

Reference