my cheat sheet on NSO

1 Network Services Orchestrator (NSO) by tail-f

Network Services Orchestrator from tail-f is an orchestration platform for hybrid networks. NSO gives lifecycle and service automation to

physical networks
software defined networks
network function virtualizations (nfv)

NSO is a model driven (YANG) platform.

NSO gathers, parses and stores the configuration state of the network devices it manages in a configuration database (CDB). Users and other applications can then ask NSO to create, read, update or delete configuration in a programmatic way either ad hoc or through customizable network services. (CRUD)

NEDs are network element drivers allowing multi-vendor orchestration by NSO.

Figure 1: NSO, the Bridge between App owners and Infrastructure.

Primary building blocks:

YANG modelling language
Service Manager
Device Manager
Config Database (CDB)
Network Element Driver (NEDs)
APIs.

1.1 NSO bridges net automation tools, and net orchestration tools to physical net.

And, as the bridge, it acts as the single source of truth to both the infrastructure owners and the app owners.

Devnet has this great learning Devnet link

1.2 Scalable

Produced for service providers, so scale was built-in from the beginning. Not just scale based on numbers of devices, but also scaled up compute.

1.3 "Be the bridge"

NSO is designed to be the bridge between indepedent vendors of edge gear, known as the infrastructure owners, and the applications or services.

1.4 Three components of NSO

a model-based programmatic interface
a fast, scalable, and highly available config database, CDB
a device abstraction layer (NEDs)

1.5 Deploy NSO in 3 phases (just a suggestion)

Phase 1: Use NSO as a programmable network interface Use NSO to provide a single API into the network.
Phase 2: Use NSO for service abstraction NSO draws on device and service models to begin more fully automating service activations and chagnes. You can see an end-to-end view of the service as a whole.
Phase 3: Use NSO for DevOps infrastructure automation As you put more and more of the people and processes to support agile development in place, NSO can enable everyone involved to work together to design, and execute new services and changes, quickly and continuously.

2 NSO Platform

Can be installed as System Install , used when installing NSO for a centralized, "always-on", production grade purpose. Or, can be installed as a Local Install, used for development, lab, and evaluation purposes.

2.1 Northbound APIs

Have five NB APIs One of which is the REST API . A user can operate NSO using this REST API NSO can use JSON or XML in the payload. Simply specify the header "Content-type: JSON"

2.2 REST API vs RESTCONF

The REST API and RESTCONF are similar in name and behavior but they are different northbound APIs.

RESTCONF is defined in RFC 8040
REST API has no standardized specification. it is implemented by NSO (and software supporting REST API) by itself.

2.2.1 URI and Resources

In the REST API, operations are performed on a object (node) that can be identified by URI. Each object belongs to one of the resources.

*http://xxxx:8080/api/<resource> (There's also http://xxxx:8080/api/query) api/ is used to crud a specific object. api/query is used to search data.

Field	Description
version	REST API version
config	Config resource (alias of running)
running	Running (config data) resource
operational	Operational data resource
operations	Defined operations container such
	as YANG rpc and NSO action
rollbacks	Rollback file container

For example http://localhost:8080/api/running or http://localhost:8080/api/operations

NSO supports these methods:

Method	Description
GET	retrieve object info
POST	Create a new list instance (add or modify)
PUT	Create a new object or change (replace) it modify	* this deviates from RESTCONF
PATCH	Make changes to the object (i.e. modify the config)
DELETE	Delete the object (i.e. delete the config)
HEAD	Get only the header info of the GET method
OPTIONS	Get a list of avail. methods for specified resource

2.3 Query parameters (REST API for NSO)

By adding a query parameter to the URL followed by a "?" you can change the normal behaviour. This is NOT about the REST Query API which is another valid API.

For example you can do a "commit dry-run" with this feature.

2.4 Developer Centricity

Since we are the bridge, we must have quality programmatic tools.

2.5 Three aditional Developer Toolkits (SDK) for NSO

You already know about NSO's REST API. But 3 more are:

Python SDK (python 2.7.5 or later or python 3.4 or later)
Java SDK
Erlang SDK

3 NSO with CML2

NSO offers a small library called virlutils that helps use CML as a test bed for testing NSO calls and changes.

4 REST API Examples

4.1 OPTIONS against /api

Used to check what method is available.

$ curl -i -X OPTIONS http://localhost:8080/api -u admin:admin

HTTP/1.1 200 OK
Server:
Allow: GET, HEAD
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Content-Length: 0
Content-Type: text/html
Pragma: no-cache
$

4.2 GET against / api

This example returns what resources are available by using GET method on /api. curl command actually performs GET when -X option is missing, however it is used to show GET is used. -i option shows the HTTP response headers together. The default data format is in XML.

$ curl -i -X GET http://localhost:8080/api -u admin:admin


HTTP/1.1 200 OK
Server:
Date: Thu, 27 Apr 2017 07:23:06 GMT
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Content-Length: 181
Content-Type: application/vnd.yang.api+xml
Vary: Accept-Encoding
Pragma: no-cache

<api xmlns="http://tail-f.com/ns/rest" xmlns:y="http://tail-f.com/ns/rest">
<version>0.5</version>
<config/>
<running/>
<operational/>
<operations/>
<rollbacks/>
</api>

$

The same now using JSON output

$ curl -i -X GET http://localhost:8080/api -u admin:admin -H "Accept: application/vnd.yang.api+json"

HTTP/1.1 200 OK
Server:
Date: Thu, 27 Apr 2017 07:29:34 GMT
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Content-Length: 98
Content-Type: application/vnd.yang.api+json
Vary: Accept-Encoding
Pragma: no-cache

{"api":{"version":"0.5","config":{},"running":{},"operational":{},"operations":{},"rollbacks":{}}}

$

These and many more I got from community.cisco.com

4.3 NSO API Use Case:

Among the main benefits of deploying Cisco NSO are faster service deployment and the deployment of configuration management systems. Cisco NSO also makes networks more scalable, because new devices can be added and configured with minimal effort. The same is true for device replacement; devices can be replaced quickly with little to no additional configuration.

4.4 Southbound APIs

5 NSO RESTCONF API

If Cisco Network Services Orchestrator (NSO) has been added to CNC as a Provider, you can access the NSO-supported RESTCONF API from the CNC API Gateway endpoint, using the same authentication mechanism you use to access other CNC APIs. The following is the CNC API Gateway endpoint (base URL path) used to access the NSO-supported RESTCONF API.

https://{{cnc.host}}:{{cnc.port}}/crosswork/proxy/nso/restconf/…

I got this from an NSO sandbox??? not sure…


admin@ncs# show running-config devices device | de-select config 
 devices device core-rtr01
 address   10.10.20.173
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-iosxr-cli-7.32
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device core-rtr02
 address   10.10.20.174
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-iosxr-cli-7.32
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device dist-rtr01
 address   10.10.20.175
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-ios-cli-6.67
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device dist-rtr02
 address   10.10.20.176
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-ios-cli-6.67
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device dist-sw01
 address   10.10.20.177
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-nx-cli-5.20
 device-type cli protocol telnet
 ned-settings cisco-nx behaviours show-interface-all enable
 state admin-state unlocked
!
devices device dist-sw02
 address   10.10.20.178
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-nx-cli-5.20
 device-type cli protocol telnet
 ned-settings cisco-nx behaviours show-interface-all enable
 state admin-state unlocked
!
devices device edge-firewall01
 address   10.10.20.171
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-asa-cli-6.12
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device edge-sw01
 address   10.10.20.172
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-ios-cli-6.67
 device-type cli protocol telnet
 state admin-state unlocked
!
devices device internet-rtr01
 address   10.10.20.181
 ssh host-key-verification none
 authgroup labadmin
 device-type cli ned-id cisco-ios-cli-6.67
 device-type cli protocol telnet
 state admin-state unlocked
!

----------------------------------

From an ncs box? controller? router? ??

admin@ncs(config)# pwd
At top level
admin@ncs(config)# display xml
-------------------^
syntax error: unknown command
admin@ncs(config)# show configuration | display xml
<devices xmlns="http://tail-f.com/ns/ncs">
  <device>
    <name>dist-sw01</name>
    <description> The\ answer\ to\ the\ ultimate\ question\ of\ life,\ the\ universe\ and\ everything\ -\ D.Adams</description>
    <config>
      <vlan xmlns="http://tail-f.com/ned/cisco-nx">
	<vlan-list>
	  <id>42</id>
	  <name>TheAnswer</name>
	</vlan-list>
      </vlan>
      <interface xmlns="http://tail-f.com/ned/cisco-nx">
	<Vlan>
	  <name>42</name>
	  <description>The answer to the ultimate question of life, the universe and everything - D.Adams</description>
	  <ip>
	    <address>
	      <ipaddr>10.42.42.42/24</ipaddr>
	    </address>
	  </ip>
	</Vlan>
      </interface>
    </config>
  </device>
</devices>

-------------------------------

More examples of interacting with NCS:

admin@ncs(config-domain-lookup-mgmt)# pwd      
Current submode path:
  devices template SET-DNS-SERVER \ ned-id cisco-asa-cli-6.12 \ config \ dns domain-lookup mgmt

admin@ncs(config-domain-lookup-mgmt)# dns server-group DefaultDNS
admin@ncs(config-server-group-DefaultDNS)# name-server 208.67.222.222
admin@ncs(config-server-group-DefaultDNS)# name-server 208.67.220.220
admin@ncs(config-server-group-DefaultDNS)# exit
admin@ncs(config-config)# pwd
Current submode path:
  devices template SET-DNS-SERVER \ ned-id cisco-asa-cli-6.12 \ config
admin@ncs(config-config)# exit
admin@ncs(config-ned-id-cisco-asa-cli-6.12)# exit
admin@ncs(config-template-SET-DNS-SERVER)# ned-id cisco-iosxr-cli-7.32 
admin@ncs(config-ned-id-cisco-iosxr-cli-7.32)# config
admin@ncs(config-config)# domain name-server 208.67.222.222
admin@ncs(config-name-server-208.67.222.222)# exit
admin@ncs(config-config)# domain name-server 208.67.220.220
admin@ncs(config-name-server-208.67.220.220)# top
admin@ncs(config)# show config
devices template SET-DNS-SERVER
 ned-id cisco-asa-cli-6.12
  config
   dns domain-lookup mgmt
   !
   dns server-group DefaultDNS
    name-server [ 208.67.222.222 208.67.220.220 ]
   !
  !
 !
 ned-id cisco-iosxr-cli-7.32
  config
   domain name-server 208.67.222.222
   !
   domain name-server 208.67.220.220
   !
  !
 !
 ! IOSEMPLATE
 ned-id cisco-ios-cli-6.67
  config
   ip name-server name-server-list 208.67.222.222
   !
   ip name-server name-server-list 208.67.220.220
   !
  !
 !
!
admin@ncs(config)#