my cheat sheet on NSO
1 Network Services Orchestrator (NSO) by tail-f
Network Services Orchestrator from tail-f
is an orchestration platform
for
hybrid
networks. NSO gives lifecycle and service automation
to
physical
networkssoftware defined
networksnetwork function virtualizations
(nfv)
NSO is a model driven (YANG) platform.
NSO gathers
, parses
and stores
the configuration state of the network devices
it manages in a configuration database (CDB)
. Users and other applications can
then ask NSO to create
, read
, update
or delete
configuration in a programmatic
way either ad hoc or through customizable network services. (CRUD
)
NEDs
are network element drivers
allowing multi-vendor orchestration by NSO.
Primary building blocks:
- YANG modelling language
- Service Manager
- Device Manager
- Config Database (CDB)
- Network Element Driver (NEDs)
- APIs.
1.1 NSO bridges net automation tools, and net orchestration tools to physical net.
And, as the bridge, it acts as the single source of truth to both the
infrastructure owners
and the app owners
.
Devnet has this great learning Devnet link
1.2 Scalable
Produced for service providers, so scale was built-in from the beginning. Not just scale based on numbers of devices, but also scaled up compute.
1.3 "Be the bridge"
NSO is designed to be the bridge between indepedent vendors of edge gear, known as the infrastructure owners, and the applications or services.
1.4 Three components of NSO
- a model-based programmatic interface
- a fast, scalable, and highly available config database, CDB
- a device abstraction layer (NEDs)
1.5 Deploy NSO in 3 phases (just a suggestion)
- Phase 1: Use NSO as a
programmable network interface
Use NSO to provide a single API into the network. - Phase 2: Use NSO for
service abstraction
NSO draws on device and service models to begin more fully automating service activations and chagnes. You can see an end-to-end view of the service as a whole. - Phase 3: Use NSO for
DevOps infrastructure automation
As you put more and more of the people and processes to support agile development in place, NSO can enable everyone involved to work together to design, and execute new services and changes, quickly and continuously.
2 NSO Platform
Can be installed as System Install
, used when installing NSO for a
centralized, "always-on"
, production grade purpose. Or, can be installed as a
Local Install
, used for development
, lab
, and evaluation purposes
.
2.1 Northbound APIs
Have five NB APIs
One of which is the REST API . A user can operate NSO using this REST API
NSO can use JSON or XML
in the payload. Simply specify the header
"Content-type: JSON"
2.2 REST API vs RESTCONF
The REST API and RESTCONF are similar in name and behavior but they are
different northbound APIs
.
- RESTCONF is defined in RFC 8040
REST API
hasno standardized specification.
it is implemented by NSO (and software supporting REST API) by itself.
2.2.1 URI and Resources
In the REST API, operations are performed on a object (node)
that can be
identified by URI
. Each object belongs to one of the resources.
*http://xxxx:8080/api/<resource> (There's also http://xxxx:8080/api/query) api/ is used to crud a specific object. api/query is used to search data.
Field | Description |
---|---|
version | REST API version |
config | Config resource (alias of running) |
running | Running (config data) resource |
operational | Operational data resource |
operations | Defined operations container such |
as YANG rpc and NSO action | |
rollbacks | Rollback file container |
For example http://localhost:8080/api/running or http://localhost:8080/api/operations
NSO supports these methods:
Method | Description | |
---|---|---|
GET | retrieve object info | |
POST | Create a new list instance (add or modify) | |
PUT | Create a new object or change (replace) it modify | * this deviates from RESTCONF |
PATCH | Make changes to the object (i.e. modify the config) | |
DELETE | Delete the object (i.e. delete the config) | |
HEAD | Get only the header info of the GET method | |
OPTIONS | Get a list of avail. methods for specified resource |
2.3 Query parameters (REST API for NSO)
By adding a query parameter to the URL followed by a "?"
you can change the normal
behaviour. This is NOT about the REST Query API which is another valid API.
For example you can do a "commit dry-run" with this feature.
2.4 Developer Centricity
Since we are the bridge, we must have quality programmatic tools.
2.5 Three aditional Developer Toolkits (SDK) for NSO
You already know about NSO's REST API
. But 3 more are:
Python SDK
(python 2.7.5 or later or python 3.4 or later)Java SDK
Erlang SDK
3 NSO with CML2
NSO offers a small library called virlutils
that helps use CML as a test bed
for testing NSO calls and changes.
4 REST API Examples
4.1 OPTIONS against /api
Used to check what method is available.
$ curl -i -X OPTIONS http://localhost:8080/api -u admin:admin HTTP/1.1 200 OK Server: Allow: GET, HEAD Cache-Control: private, no-cache, must-revalidate, proxy-revalidate Content-Length: 0 Content-Type: text/html Pragma: no-cache $
4.2 GET against / api
This example returns what resources are available by using GET method on /api. curl command actually performs GET when -X option is missing, however it is used to show GET is used. -i option shows the HTTP response headers together. The default data format is in XML.
$ curl -i -X GET http://localhost:8080/api -u admin:admin
HTTP/1.1 200 OK Server: Date: Thu, 27 Apr 2017 07:23:06 GMT Cache-Control: private, no-cache, must-revalidate, proxy-revalidate Content-Length: 181 Content-Type: application/vnd.yang.api+xml Vary: Accept-Encoding Pragma: no-cache <api xmlns="http://tail-f.com/ns/rest" xmlns:y="http://tail-f.com/ns/rest"> <version>0.5</version> <config/> <running/> <operational/> <operations/> <rollbacks/> </api> $
The same now using JSON output
$ curl -i -X GET http://localhost:8080/api -u admin:admin -H "Accept: application/vnd.yang.api+json"
HTTP/1.1 200 OK Server: Date: Thu, 27 Apr 2017 07:29:34 GMT Cache-Control: private, no-cache, must-revalidate, proxy-revalidate Content-Length: 98 Content-Type: application/vnd.yang.api+json Vary: Accept-Encoding Pragma: no-cache {"api":{"version":"0.5","config":{},"running":{},"operational":{},"operations":{},"rollbacks":{}}} $
These and many more I got from community.cisco.com
4.3 NSO API Use Case:
Among the main benefits of deploying Cisco NSO are faster service deployment
and the deployment
of configuration management systems
. Cisco NSO also makes
networks more scalable
, because new devices can be added and configured with
minimal effort. The same is true for device replacement; devices can be
replaced quickly with little to no additional configuration.
4.4 Southbound APIs
5 NSO RESTCONF API
If Cisco Network Services Orchestrator (NSO
) has been added to CNC as a
Provider
, you can access the NSO-supported RESTCONF API from the CNC API
Gateway endpoint
, using the same authentication mechanism you use to access
other CNC APIs. The following is the CNC API Gateway endpoint (base URL path)
used to access the NSO-supported RESTCONF API.
https://{{cnc.host}}:{{cnc.port}}/crosswork/proxy/nso/restconf/…
I got this from an NSO sandbox??? not sure…
admin@ncs# show running-config devices device | de-select config devices device core-rtr01 address 10.10.20.173 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-iosxr-cli-7.32 device-type cli protocol telnet state admin-state unlocked ! devices device core-rtr02 address 10.10.20.174 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-iosxr-cli-7.32 device-type cli protocol telnet state admin-state unlocked ! devices device dist-rtr01 address 10.10.20.175 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-ios-cli-6.67 device-type cli protocol telnet state admin-state unlocked ! devices device dist-rtr02 address 10.10.20.176 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-ios-cli-6.67 device-type cli protocol telnet state admin-state unlocked ! devices device dist-sw01 address 10.10.20.177 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-nx-cli-5.20 device-type cli protocol telnet ned-settings cisco-nx behaviours show-interface-all enable state admin-state unlocked ! devices device dist-sw02 address 10.10.20.178 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-nx-cli-5.20 device-type cli protocol telnet ned-settings cisco-nx behaviours show-interface-all enable state admin-state unlocked ! devices device edge-firewall01 address 10.10.20.171 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-asa-cli-6.12 device-type cli protocol telnet state admin-state unlocked ! devices device edge-sw01 address 10.10.20.172 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-ios-cli-6.67 device-type cli protocol telnet state admin-state unlocked ! devices device internet-rtr01 address 10.10.20.181 ssh host-key-verification none authgroup labadmin device-type cli ned-id cisco-ios-cli-6.67 device-type cli protocol telnet state admin-state unlocked ! ----------------------------------
From an ncs box? controller? router? ??
admin@ncs(config)# pwd At top level admin@ncs(config)# display xml -------------------^ syntax error: unknown command admin@ncs(config)# show configuration | display xml <devices xmlns="http://tail-f.com/ns/ncs"> <device> <name>dist-sw01</name> <description> The\ answer\ to\ the\ ultimate\ question\ of\ life,\ the\ universe\ and\ everything\ -\ D.Adams</description> <config> <vlan xmlns="http://tail-f.com/ned/cisco-nx"> <vlan-list> <id>42</id> <name>TheAnswer</name> </vlan-list> </vlan> <interface xmlns="http://tail-f.com/ned/cisco-nx"> <Vlan> <name>42</name> <description>The answer to the ultimate question of life, the universe and everything - D.Adams</description> <ip> <address> <ipaddr>10.42.42.42/24</ipaddr> </address> </ip> </Vlan> </interface> </config> </device> </devices> -------------------------------
More examples of interacting with NCS:
admin@ncs(config-domain-lookup-mgmt)# pwd Current submode path: devices template SET-DNS-SERVER \ ned-id cisco-asa-cli-6.12 \ config \ dns domain-lookup mgmt admin@ncs(config-domain-lookup-mgmt)# dns server-group DefaultDNS admin@ncs(config-server-group-DefaultDNS)# name-server 208.67.222.222 admin@ncs(config-server-group-DefaultDNS)# name-server 208.67.220.220 admin@ncs(config-server-group-DefaultDNS)# exit admin@ncs(config-config)# pwd Current submode path: devices template SET-DNS-SERVER \ ned-id cisco-asa-cli-6.12 \ config admin@ncs(config-config)# exit admin@ncs(config-ned-id-cisco-asa-cli-6.12)# exit admin@ncs(config-template-SET-DNS-SERVER)# ned-id cisco-iosxr-cli-7.32 admin@ncs(config-ned-id-cisco-iosxr-cli-7.32)# config admin@ncs(config-config)# domain name-server 208.67.222.222 admin@ncs(config-name-server-208.67.222.222)# exit admin@ncs(config-config)# domain name-server 208.67.220.220 admin@ncs(config-name-server-208.67.220.220)# top admin@ncs(config)# show config devices template SET-DNS-SERVER ned-id cisco-asa-cli-6.12 config dns domain-lookup mgmt ! dns server-group DefaultDNS name-server [ 208.67.222.222 208.67.220.220 ] ! ! ! ned-id cisco-iosxr-cli-7.32 config domain name-server 208.67.222.222 ! domain name-server 208.67.220.220 ! ! ! ! IOSEMPLATE ned-id cisco-ios-cli-6.67 config ip name-server name-server-list 208.67.222.222 ! ip name-server name-server-list 208.67.220.220 ! ! ! ! admin@ncs(config)#