Cisco NSO introduction – vendor agnostic network management

Late last year, Cisco posted “Get NSO for Free!” and since NSO is available for Lab/PoC use for developers. This post is to introduce how to install NSO on Ubuntu16.04, and brief introduction of what it can do.

Pros:

  • Service Lifecycle management, not just a configuration management
  • Service provisioning of multiple vendor
  • Versatile vendor support –ref. “Network Services Orchestrator Network Element Drivers“. You can create your own NED as well.
  • High Resiliency, Scalable
  • Low learning cost to model services because it uses generic YANG model(with xml)
  • Expose API

Cons:

  • Subscription is required

1. Install pre-requisite

You can follow instruction in Getting NSO to run NSO. I used ubuntu 16.04 on GCP to install NSO.

First, you need to install Java:

# add repository to install Java
k_shogo@ubuntu16-nso:~$ sudo add-apt-repository ppa:webupd8team/java
k_shogo@ubuntu16-nso:~$ sudo apt-get update
k_shogo@ubuntu16-nso:~$ sudo apt-get install -y oracle-java8-installer
k_shogo@ubuntu16-nso:~$ java -version
java version "1.8.0_201"
Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)
k_shogo@ubuntu16-nso:~$ javac -version
javac 1.8.0_201

And install Apache ant:

k_shogo@ubuntu16-nso:~$ wget http://mirror.evowise.com/apache//ant/binaries/apache-ant-1.10.5-bin.tar.gz
k_shogo@ubuntu16-nso:~$ sudo tar -xf apache-ant-1.10.5-bin.tar.gz -C /usr/local
k_shogo@ubuntu16-nso:~$ sudo ln -s /usr/local/apache-ant-1.10.5/ /usr/local/ant
k_shogo@ubuntu16-nso:~$ {
> echo ANT_HOME=/usr/local/ant | sudo tee /etc/profile.d/ant.sh
> echo PATH=${ANT_HOME}/bin:${PATH} | sudo tee /etc/profile.d/ant.sh
> }
k_shogo@ubuntu16-nso:~$ source /etc/profile
k_shogo@ubuntu16-nso:~$ ant -version
Apache Ant(TM) version 1.10.5 compiled on July 10 2018

2. Install NSO

From “Get NSO for evaluation (Linux)“, get NSO packages. You need CCO account to download this.

k_shogo@ubuntu16-nso:~$ unzip nso-4.7.linux.x86_64.zip 
k_shogo@ubuntu16-nso:~$ cd nso-4.7.linux.x86_64/
k_shogo@ubuntu16-nso:~/nso-4.7.linux.x86_64$ ll
total 184184
drwxrwxr-x 2 k_shogo k_shogo      4096 Mar 22 22:14 ./
drwxr-xr-x 5 k_shogo k_shogo      4096 Mar 22 22:14 ../
-rw-rw-r-- 1 k_shogo k_shogo 188588188 Sep  5  2018 nso-4.7.linux.x86_64.signed.bin
-rw-rw-r-- 1 k_shogo k_shogo      3335 Sep  5  2018 README-NSO
k_shogo@ubuntu16-nso:~/nso-4.7.linux.x86_64$ sh nso-4.7.linux.x86_64.signed.bin
k_shogo@ubuntu16-nso:~/nso-4.7.linux.x86_64$ sh nso-4.7.linux.x86_64.installer.bin $HOME/nso-4.7
k_shogo@ubuntu16-nso:~/nso-4.7.linux.x86_64$ source $HOME/nso-4.7/ncsrc
k_shogo@ubuntu16-nso:~/nso-4.7.linux.x86_64$ echo $NCS_DIR
/home/k_shogo/nso-4.7

In NSO, you need to have a project folder to launch. I create a directory called “ncs-run” for this test.

k_shogo@ubuntu16-nso:~$ ncs-setup --dest $HOME/ncs-run
k_shogo@ubuntu16-nso:~$ ll ncs-run/
total 44
drwxrwxr-x 7 k_shogo k_shogo 4096 Mar 23 07:41 ./
drwxr-xr-x 7 k_shogo k_shogo 4096 Mar 23 07:41 ../
drwxrwxr-x 2 k_shogo k_shogo 4096 Mar 23 07:41 logs/
drwxrwxr-x 2 k_shogo k_shogo 4096 Mar 23 07:41 ncs-cdb/
-rw-rw-r-- 1 k_shogo k_shogo 9357 Mar 23 07:41 ncs.conf
drwxrwxr-x 2 k_shogo k_shogo 4096 Mar 23 07:41 packages/
-rw-rw-r-- 1 k_shogo k_shogo  627 Mar 23 07:41 README.ncs
drwxrwxr-x 4 k_shogo k_shogo 4096 Mar 23 07:41 scripts/
drwxrwxr-x 2 k_shogo k_shogo 4096 Mar 23 07:41 state/

To use network devices, you need Network Element Drivers. Usually you need to get a separate subscription, but some of them are bundled in this edition of NSO. Copy them to the project folder.

k_shogo@ubuntu16-nso:~$ cp -r $HOME/nso-4.7/packages/neds/* $HOME/ncs-run/packages
k_shogo@ubuntu16-nso:~$ ll ncs-run/packages/
total 32
drwxrwxr-x 8 k_shogo k_shogo 4096 Mar 23 08:29 ./
drwxrwxr-x 8 k_shogo k_shogo 4096 Mar 23 08:24 ../
drwxr-xr-x 8 k_shogo k_shogo 4096 Mar 23 08:29 a10-acos/
drwxr-xr-x 7 k_shogo k_shogo 4096 Mar 23 08:29 cisco-ios/
drwxr-xr-x 8 k_shogo k_shogo 4096 Mar 23 08:29 cisco-iosxr/
drwxr-xr-x 8 k_shogo k_shogo 4096 Mar 23 08:29 cisco-nx/
drwxr-xr-x 8 k_shogo k_shogo 4096 Mar 23 08:29 dell-ftos/
drwxr-xr-x 5 k_shogo k_shogo 4096 Mar 23 08:29 juniper-junos/

Now NSO is ready to run.

k_shogo@ubuntu16-nso:~$ cd $HOME/ncs-run/
k_shogo@ubuntu16-nso:~/ncs-run$ ncs_cli -u admin

admin connected from xx.xx.xx.xx using ssh on ubuntu16-nso
admin@ncs>
admin@ncs> configure
Entering configuration mode private
# if you copy the NEDs correctly, the packages should be loaded
[edit]
admin@ncs> request packages reload
>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully.
...
admin@ncs> show packages package oper-status
packages package a10-acos
 oper-status up
packages package cisco-ios
 oper-status up
packages package cisco-iosxr
 oper-status up
packages package cisco-nx
 oper-status up
packages package dell-ftos
 oper-status up
packages package juniper-junos
 oper-status up

3. Register devices on NSO

I configured Cisco CSR1000v for this test. Minimum configuration is as follows:

hostname useast-csr01
!
username remote-admin secret supersecretpassword
!
enable secret superexecpassword

On NSO, first we need to create auth group.

admin@ncs> configure 
Entering configuration mode private

[edit]
admin@ncs% edit devices authgroups group defaultauthgrp

[edit devices authgroups group defaultauthgrp]
admin@ncs% set default-map remote-name remote-admin

[edit devices authgroups group defaultauthgrp]
admin@ncs% set default-map remote-password supersecretpassword

[edit devices authgroups group defaultauthgrp]
admin@ncs% set default-map remote-secondary-password superexecpassword

Using this group, register a device to be managed.

[edit devices authgroups group defaultauthgrp]
admin@ncs% top

[edit]
admin@ncs% edit devices device useast-csr01

[edit devices device useast-csr01]
admin@ncs% set address x.x.x.x

admin@ncs% set authgroup defaultauthgrp

[edit devices device useast-csr01]
admin@ncs% set device-type cli ned-id cisco-ios

[edit devices device useast-csr01]
admin@ncs% set state admin-state unlocked 

[edit devices device useast-csr01]
admin@ncs% request ssh fetch-host-keys 
result updated
fingerprint {
    algorithm ssh-rsa
    value 74:95:a1:bb:67:b1:a4:5d:09:53:bf:97:25:88:67:b1
}

Once configured, commit the config

[edit devices device useast-csr01]
admin@ncs% commit
Commit complete.

4. Test the connection

Everything is prepared to start managing the device. Let’s test.

# check if we can connect to the device
[edit]
admin@ncs% request devices connect
connect-result {
    device useast-csr01
    result true
    info (admin) Connected to useast-csr01 - x.x.x.x:22
}

# sync device configuration "from" the device to NSO CDB
[edit]
admin@ncs% request devices sync-from
sync-result {
    device useast-csr01
    result true
}

Once device configuration is sync’ed from the device, you can check the configuration on NSO.

admin@ncs> show configuration devices device useast-csr01 config
ios:version 16.9;
ios:service {
    timestamps {
        debug {
...

That’s all for now. I will introduce more on service in the next post.