Professional Documents
Culture Documents
LTRSPG 2515 LG
LTRSPG 2515 LG
CONTENTS ....................................................................................................................................................... 2
1 INTRODUCTION:............................................................................................................................................ 4
2 LAB TASK 1-1: BRINGING UP NSO .................................................................................................................. 8
2.1 INSTALLING NSO FROM BINARY DISTRIBUTION: ........................................................................................................ 8
2.2 VIEWING THE INSTALLATION: ................................................................................................................................ 9
2.3 SET UP THE NSO WORKING ENVIRONMENT: .......................................................................................................... 10
2.4 STARTING NSO DAEMON & VERIFYING STATUS: .................................................................................................... 11
2.5 CONNECTING TO NSO USING GUI AND CLI .......................................................................................................... 12
2.5.1 From Remote SSH Client: ..................................................................................................................... 12
2.5.2 Through GUI:........................................................................................................................................ 12
2.5.3 Through CLI: ......................................................................................................................................... 14
2.6 ADDING NSO NED PACKAGES: .......................................................................................................................... 15
2.6.1 Checking currently loaded packages: .................................................................................................. 15
2.6.2 Adding new package:........................................................................................................................... 15
3 LAB TASK 1-2: CONNECTING TO DEVICES .................................................................................................... 18
3.1 CREATING AUTHGROUP FOR DEVICES: ................................................................................................................. 18
3.2 ADDING A NEW ROUTER/DEVICE USING CLI: ........................................................................................................ 18
3.3 CONFIG LOCKS: ............................................................................................................................................... 19
3.3.1 Locked State:........................................................................................................................................ 19
3.3.2 South-bound Locked State: .................................................................................................................. 20
3.4 SYNCING CONFIGURATION FROM DEVICE ............................................................................................................. 21
3.4.1 Comparing NSO config with device: ..................................................................................................... 22
3.4.2 Check-Sync the devices: ....................................................................................................................... 23
3.5 ADDING A NEW DEVICE USING GUI:..................................................................................................................... 23
3.6 ADDING REMAINING DEVICES IN THE TOPOLOGY:................................................................................................... 28
3.7 SYNC DEVICE CONFIGURATIONS:.......................................................................................................................... 30
3.8 CONFIGURE BASIC PARAMETER THROUGH GUI: ..................................................................................................... 32
3.9 CONFIGURE BASIC PARAMETER THROUGH CLI: ....................................................................................................... 36
3.10 CONFIGURE REMAINING INTERFACES: ................................................................................................................ 38
3.11 ROLLBACK CONFIGURATION CHANGES: .............................................................................................................. 39
4 LAB TASK 2-2: CREATING AND IMPLEMENTING SERVICE TEMPLATE ........................................................... 43
4.1 CREATE A BLANK PACKAGE BASED ON TEMPLATE: .................................................................................................. 43
4.2 IDENTIFY THE YANG MODELLING PARAMETERS ...................................................................................................... 43
4.3 USE THE PRE BUILT YANG MODEL FILE ................................................................................................................ 45
4.4 VERIFYING THE YANG MODEL: ........................................................................................................................... 45
4.5 COMPILE THE NEW YANG MODEL:...................................................................................................................... 45
4.6 ADDING XML TEMPLATE: ................................................................................................................................. 47
4.7 USING XML TEMPLATE:.................................................................................................................................... 47
4.8 USING THE SAME SERVICE TEMPLATE FOR CONFIGURING IOS DEVICE: ....................................................................... 48
4.9 VIEWING THE SERVICE TEMPLATE IN GUI: ............................................................................................................ 49
4.10 ADDING 2ND INTERFACE TO EXISTING OSPF PROCESS: ........................................................................................... 53
4.11 COMPLETING OSPF CONFIG FOR REMAINING DEVICES: .......................................................................................... 54
5 BONUS CONTENT ........................................................................................................................................ 59
5.1 ADDITIONAL WAYS TO VIEW THE YANG MODEL USING PYANG: ................................................................................. 59
Page 2 of 80
5.1.1 Generating XML view of yang model: .................................................................................................. 59
5.1.2 Generating HTML view of YANG module: ............................................................................................ 60
5.2 USING NETCONF .............................................................................................................................................. 60
5.2.1 Poll Device Config using XML over Netconf: ........................................................................................ 60
5.2.2 Configure (Add and Delete) configuration using XML+Netconf: .......................................................... 63
5.2.3 Close Netconf Session: ......................................................................................................................... 64
5.2.4 Poll Device Config using : ..................................................................................................................... 65
6 APPENDIX ................................................................................................................................................... 66
6.1 CREATING THE OSPF.YANG MODEL STEP BY STEP: .................................................................................................. 66
6.1.1 Create New Variable types as-needed: ................................................................................................ 66
6.1.2 Define the Service point: ...................................................................................................................... 66
6.1.3 Defining various parameters for various OSPF service definitions: ..................................................... 67
6.1.4 Using Containers - Differentiating between IOS and IOS-XR: .............................................................. 69
6.1.5 Defining Router ID, Area ID & Interfaces: ............................................................................................ 70
6.1.6 Defining IOS Parameters: ..................................................................................................................... 71
6.2 BUILDING THE OSPF.XML : .............................................................................................................................. 75
6.2.1 Defining Device name: ......................................................................................................................... 75
6.2.2 Generating sample XML structure: ...................................................................................................... 76
6.2.3 Defining IOS config template: .............................................................................................................. 78
Page 3 of 80
1 Introduction:
Lab access is provided using dCloud for which cisco anyconnect should be pre-installed if you
find it missing please go to https://dcloud-rtp-anyconnect.cisco.com using credentials provided
to you and install anyconnect.
Once anyconnect is installed use credentials provided to you to access the POD as follows.
Once connected Launch Remote desktop and connect to 198.18.133.252 using the password
C1sco12345
From desktop when you launch Putty shortcut; there you will find “nso vm” and other devices
vty saved sessions.
Double click “nso vm” to launch it, using the password C1sco12345
Page 4 of 80
Launch VM Maestro from shortcut on desktop. (It may take sometime to launch, don’t click
again)
VIRL Session (VM Maestro) is running for each POD separately where you will find simulated
devices.
Page 5 of 80
Double Click on NSO_topology.virl on left side to see the topology you will be working on.
To start the simulation click on Green Play button on Top. (Don’t press this button twice)
You will notice devices are getting started and loading configs, give it a few minutes to complete
the simulation startup process. You may need to wait couple more minutes for the XR devices
to go to ACTIVE state , as XR devices may take bit longer.
Page 6 of 80
Device Name Mgmt IP Telnet
CE1_CL16 198.18.1.30 Telnet
PE1_CL16 198.18.1.31 Telnet
P1_CL16 198.18.1.32 Telnet
PE2_CL16 198.18.1.33 Telnet
CE2_CL16 198.18.1.34 Telnet
Example below shows how to connect from VIRL to console or Mgmt ports
Password:
Page 7 of 80
2 Lab Task 1-1: Bringing up NSO
Prerequisite check
If you see Python version lower than 2.7.5, then upgrade it as follows
cisco@ubuntu:~$ python -V
Python 2.7.6
Page 8 of 80
Once done please proceed with NSO installation
Page 9 of 80
├── man
│ ├── man1
│ ├── man3
│ ├── man5
│ └── man7
├── ncsrc
├── ncsrc.tcsh
├── netsim
│ └── confd
<snip>
├── support
│ ├── convert-ncs-config.xsl
│ ├── dm
│ ├── junos-xsd2yang
│ ├── junos-xsd2yang.xsl
│ └── pyang-support
├── var
│ └── ncs
└── VERSION
49 directories, 45 files
For the rest of the lab exercise, if at any time you use a different terminal window to execute an
NSO related command, ensure that you first source the “ncsrc” file in that terminal so that the
environment variables are properly setup.
Now, you can setup the NSO working directory by using the “ncs-setup” command. In this lab, we will
use the directory “ncsw” as the working directory:
Note that in the newly created working directory, a configuration file “ncs.conf” has been
placed. This file will be used by the ncs daemon when it starts and tells it what capabilities it
should load.
Page 10 of 80
2.4 Starting NSO Daemon & verifying status:
Lets try to start the NSO daemon. Note that the daemon start command should be invoked while in the
working ncsw directory. So in the example shown below, the first try to start the daemon failed and only
after the directory was changed to the working directory NSO daemon started successfully.
This is because NSO daemon looks for ncs.conf file to know its configuration, and it assumes
this file is in the present working directory. An alternative is to use a command line flag to point
to the ncs.conf file.
cisco@ubuntu:~/ncs412$ pwd
/home/cisco/ncs412
cisco@ubuntu:~/ncs412$ ncs
Bad configuration: /home/cisco/ncs412/etc/ncs/ncs.conf:0: "./state/packages-
in-use: Failed to create symlink: no such file or directory"
Daemon died status=21
cisco@ubuntu:~/ncs412$ cd ~/ncsw
cisco@ubuntu:~/ncsw$ ncs
To verify if the NSO daemon is running and listening to the port 2024 for shell access, run the following
verification steps:
1) Use the command “ncs –status” which will give you full details about the daemon’s running state.
<snip>
2) Check in the log directory for information on NSO status, it should report that NSO has successfully
started
cisco@ubuntu:~/ncsw$ pwd
/home/cisco/ncsw
cisco@ubuntu:~/ncsw$ ls
logs ncs-cdb ncs.conf packages README.ncs scripts state
cisco@ubuntu:~/ncsw$ cd logs/
cisco@ubuntu:~/ncsw/logs$ ls
audit.log ncserr.log.1 ncs-java-vm.log netconf.log webui-browser.log
devel.log ncserr.log.idx ncs.log rollback10001 xpath.trace
localhost:8080.access ncserr.log.siz ncs-python-vm.log snmp.log
cisco@ubuntu:~/ncsw/logs$ tail -2 ncs.log
<DEBUG> 17-Jun-2016::12:04:43.334 ubuntu ncs[2169]: - Loading MIB:
/home/cisco/ncs412/lib/ncs/lib/snmp/snmp/priv/mibs/SNMP-VIEW-BASED-ACM-MIB.bin
<INFO> 17-Jun-2016::12:04:48.260 ubuntu ncs[2169]: - NCS started vsn: 4.1.2
Page 11 of 80
3) Verify that port number 2024 is open and NSO is listening to it. Any external connection to this port
will be authenticated by NSO and log into NSO CLI shell:
If you run into an error saying that the “REMOTE HOST KEY HAS CHANGED”. Then use the
following command to clear it and then try above step again…
cisco@ubuntu:~/.ssh$ ssh-keygen -f "/home/cisco/.ssh/known_hosts" -R [localhost]:2024
# Host [localhost]:2024 found: line 2 type DSA
/home/cisco/.ssh/known_hosts updated.
Original contents retained as /home/cisco/.ssh/known_hosts.old
cisco@ubuntu:~/.ssh$
To connect to NSO GUI, you can point your browser to the server running NSO daemon (in this case,
it’s 198.18.134.28) port 8080. i.e. : http://198.18.134.28:8080/
Page 12 of 80
This URL will take you to the NSO login screen .You can login using the default credentials
Username: admin
Password: admin
Once you login, the GUI’s dashboard will appear. Click on the top left circle icon with three bars:
Page 13 of 80
The following menu will appear, which can be used to browse the different sections of the GUI:
“Models”, “Views”, “Services”
cisco@ubuntu:~/ncsw/logs$ ncs_cli
Once in the NSO command line mode, by default NSO starts with JUNOS CLI mode.
Before proceeding with rest of the tasks, switch to Cisco style use switch command shown here:
Page 14 of 80
!
<snip>
admin@ncs# exit
cisco@ubuntu:~/ncsw/logs$
cisco@ubuntu:~/ncsw$ ncs_cli -C
As the above outputs show, there isn’t any package/NED that is loaded at this point. To load the
package, refer to the subsequent section.
Note the use of “-C” flag in the above ncs_cli command. This option takes you directly to the
cisco command line mode.
cisco@ubuntu:~/ncsw$ ls ~/ncs412/packages/neds/
a10-acos cisco-ios cisco-iosxr cisco-nx dell-ftos juniper-junos
These packages are still in the installation directory, and need to be added to our working directory, i.e.
~/ncsw. We will use the following set of steps to load these packages:
You can add a package by using the “ncs-setup” command again and specifying the package using the
–ned-package option. Lets load the IOS package using this method:
Note that if you use a separate new terminal window to execute the commands, then that
session will need to have the environment variables set as shown in section 2.3
Page 15 of 80
Now lets use the ncs-setup command to load these packages to the working directory we had
previously created:
cisco@ubuntu:~/ncsw$ ls ~/ncsw/packages/
cisco@ubuntu:~/ncsw$ << package directory is empty
cisco@ubuntu:~/ncsw$ ncs-setup --dest ~/ncsw --ned-package cisco-ios
cisco@ubuntu:~/ncsw$ ls ~/ncsw/packages/
cisco-ios
cisco@ubuntu:~/ncsw$ ncs-setup --dest ~/ncsw --ned-package cisco-iosxr
cisco@ubuntu:~/ncsw$ ls packages/
cisco-ios cisco-iosxr
2.6.2.2 Load the packages into the NSO Daemon trough Command Line
Interface:
Though the package are in the working directory now, they will not be automatically loaded into the
daemon which was already running (we started it in the previous section) . Use the below commands to
validate this:
cisco@ubuntu:~/ncsw/logs$ ncs_cli -C
Use the following command to check the version of packages that was loaded. Note that the NED
package version can upgraded without changing the NSO version that you are running, using same set
of steps that were described in the above section.
Page 16 of 80
admin@ncs# show packages package package-version
PACKAGE
NAME VERSION
----------------------
cisco-ios 3.0
cisco-iosxr 3.0
Page 17 of 80
3 Lab Task 1-2: Connecting to Devices
cisco@ubuntu:~/ncsw/logs$ ncs_cli -C
admin@ncs#
admin@ncs # show running-config devices authgroups
devices authgroups group default
umap admin
remote-name admin
remote-password $4$wIo7Yd068FRwhYYI0d4IDw==
!
umap oper
remote-name oper
remote-password $4$zp4zerM68FRwhYYI0d4IDw==
!
!
devices authgroups snmp-group default
default-map community-name public
umap admin
usm remote-name admin
usm security-level auth-priv
usm auth md5 remote-password $4$wIo7Yd068FRwhYYI0d4IDw==
usm priv des remote-password $4$wIo7Yd068FRwhYYI0d4IDw==
admin@ncs # conf
admin@ncs(config)# devices authgroups group CL-default
admin@ncs(config-group-CL-default)# default-map remote-name cisco
admin@ncs(config-group-CL-default)# default-map remote-password cisco
admin@ncs(config-group-CL-default)# default-map remote-secondary-password
cisco
admin@ncs(config-group-CL-default)# top
admin@ncs(config)# show configuration
devices authgroups group CL-default
default-map remote-name cisco
default-map remote-password $4$wocla9w68FRwhYYI0d4IDw==
default-map remote-secondary-password $4$wocla9w68FRwhYYI0d4IDw==
!
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)#
Page 18 of 80
Possible completions:
cisco-ios cisco-ios-xr
Note that both NEDs that were added earlier, are available as possible choices. We will choose
cisco-ios since this router is an IOS device.
Go to NSO GUI, if you click on the admin state of desired device, it will show the three options from
drop down, choose desired state save and commit
Page 19 of 80
Alternatively to lock from CLI and then try to make changes
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device CE1_CL16 state admin-state locked
admin@ncs(config-device-CE1_CL16)# commit
Commit complete.
admin@ncs(config-device-CE1_CL16)# config ios:hostname CE1_CL16_TEST
admin@ncs(config-config)# commit
Aborted: Device CE1_CL16 is locked
admin@ncs(config-config)#
admin@ncs(config-device-CE1_CL16)# top
Page 20 of 80
!
!
At this point, the changes are committed in the NSO config. Lets now try to push the change to the
device:
admin@ncs(config-device-CE1_CL16)# commit
Commit complete.
admin@ncs(config-device-CE1_CL16)# top
admin@ncs(config)# do show running-config devices device CE1_CL16
devices device CE1_CL16
address 198.18.1.30
authgroup CL-default
device-type cli ned-id cisco-ios
device-type cli protocol telnet
state admin-state unlocked
config
no ios:service pad
no ios:ip domain-lookup
no ios:ip http secure-server
ios:ip source-route
!
!
admin@ncs(config)# end
admin@ncs # devices device CE1_CL16 sync-from
result true
Page 21 of 80
no ios:service pad
ios:service timestamps debug datetime msec
ios:service timestamps log datetime msec
ios:hostname CE1_CL16
ios:enable password cisco
ios:username cisco secret 5 $1$KAnx$lhtc4rTzd97/qSn9AVGv9.
ios:vrf definition Mgmt-intf
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
ios:ip cef
no ios:ip domain lookup
ios:ip domain name virl.info
no ios:ip domain-lookup
ios:ip forward-protocol nd
no ios:ip http server
no ios:ip http secure-server
ios:ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 198.18.1.1
ios:ip source-route
ios:ipv6 unicast-routing
ios:ipv6 cef
ios:interface GigabitEthernet0/0
media-type rj45
duplex full
speed auto
description OOB Management
vrf forwarding Mgmt-intf
ip address 198.18.1.30 255.255.255.0
exit
ios:interface GigabitEthernet0/1
media-type rj45
duplex full
speed auto
description to iosxrv-1
ip address 192.168.12.1 255.255.255.0
<snip>
We can see the details of this configuration difference by comparing the config:
Page 22 of 80
}
}
admin@ncs#
To add the 2nd device using GUI instead of CLI , follow the steps below:
Page 23 of 80
2) Use the GUI options to define the device parameters listed in the table below.
State Description
Name PE1_CL16
Address 198.18.1.31
Port <leave blank>
Device Type CLI
NED ID cisco-iosxr
Protocol telnet
Authgroup CL-default
3) Click “OK”
Your basic device configuration is complete at this point. However, this configuration is still not
committed. It will therefore not be visible in the CLI:
admin@ncs#
Page 24 of 80
4) To complete the process of this device addition we need to commit,
View the changes that your new configuration is going to make (equivalent of “show config” from the
CLI menu):
Validate the changes before trying to commit, pop-up shall appear on the top right corner of the browser
screen:
Page 25 of 80
You can now view the committed changes in the CLI
6) Make sure device is in Unlock state. To Unlock the device from GUI click on the admin state of
desired device, it will show the three options from drop down, choose unlock save and commit
Page 26 of 80
7) To Sync the config from the device, Click on device name and click on sync-from under
device tab.
Followed by clicking “Invoke sync-from” at next window and wait for it to display the result
Page 27 of 80
To return to the main device list from the sync-from menu option, use the following sequence of steps:
admin@ncs# config
Entering configuration mode terminal
Page 28 of 80
no ios:ip domain-lookup
no ios:ip http secure-server
ios:ip source-route
!
!
devices device PE2_CL16
address 198.18.1.33
description "PE2 for CiscoLive POD"
authgroup CL-default
device-type cli ned-id cisco-ios
device-type cli protocol telnet
config
no ios:service pad
no ios:ip domain-lookup
no ios:ip http secure-server
ios:ip source-route
!
!
devices device CE2_CL16
address 198.18.1.34
description "CE2 for CiscoLive POD"
authgroup CL-default
device-type cli ned-id cisco-ios
device-type cli protocol telnet
config
no ios:service pad
no ios:ip domain-lookup
no ios:ip http secure-server
ios:ip source-route
!
admin@ncs(config)#commit
The above steps added the remaining devices with the below configuration:
State Description
Name P1_CL16
Address 198.18.1.32
NED Type CLI
NED ID cisco-iosxr
Protocol SSH
Authgroup CL-default
State Description
Name PE2_CL16
Address 198.18.1.33
NED Type CLI
NED ID cisco-ios
Protocol Telnet
Authgroup CL-default
Page 29 of 80
State Description
Name CE2_CL16
Address 198.18.1.34
NED Type CLI
NED ID cisco-ios
Protocol Telnet
Authgroup CL-default
If you are using the GUI to add these new devices, the device table above can be used to look at the
parameters prior to committing.
You can do sync-from all the devices in one go using CLI or GUI as shown below:
Select all the devices from menu, and choose the “Action” menu option “sync-from”:
Wait for couple minute to complete the sync-from process to be finished, Once sync is done, you will
see it reflected result as “True” in the GUI.
Page 30 of 80
Note: The CLI method of performing a global device sync would be to use the following
command:
admin@ncs# devices sync-from
On the CLI, the following command can be used for checking IOS device sync:
Page 31 of 80
admin@ncs# devices check-sync
sync-result {
device CE1_CL16
result in-sync
}
sync-result {
device CE2_CL16
result in-sync
}
sync-result {
device P1_CL16
result unsupported
}
sync-result {
device PE1_CL16
result unsupported
}
sync-result {
device PE2_CL16
result in-sync
}
admin@ncs#
1) Click on the device P1_CL16 from the “devices” menu, then select interface under config tab.
2) Choose the interface Gigabit Ethernet, followed by the interface number 0/0/0/0, and then
select the “IPv4 Address” options:
Page 32 of 80
3) Enter the address and mask:
Page 33 of 80
Validate the changes by looking at the output of “View changes” (from the commit button drop down
menu)
4) Perform a “Commit Dry Run” To see exactly the changes that will be made as a result of the
above steps:
Page 34 of 80
5) Commit the config changes and confirm
6) Ensure the interface is not in shutdown state. Click Back button from Browser and un-shut it
from GigabitEthernet tab and uncheck the “shutdown” option:
Page 35 of 80
7) Validate this change by looking at the commit dry run:
Note that when a config is deleted, commit dry run output shows it in RED, instead of GREEN
for a config that is added.
8) You can now validate the above changes by logging into the device and checking the actual
router config (Note: perform the below command from the Linux shell prompt)
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device P1_CL16 config
admin@ncs(config-config)#
Page 36 of 80
2) Configure the new interface ip address :
3) Validate the changes by using “Show config”, as well as the commit dry run information:
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)# do show running-config devices device P1_CL16 config
cisco-ios-xr:interface GigabitEthernet
Page 37 of 80
devices device P1_CL16
config
cisco-ios-xr:interface GigabitEthernet 0/0/0/1
ipv4 address 192.168.34.3 255.255.255.0
exit
!
!
admin@ncs(config)#
5) You can also validate the changes on the Router itself, as well as a on the GUI:
RP/0/0/CPU0:P1_CL16#show run int gigabitEthernet 0/0/0/1
Fri May 22 23:57:07.914 UTC
interface GigabitEthernet0/0/0/1
ipv4 address 192.168.34.3 255.255.255.0
!
The full topology view of the interfaces and IP addresses is like this:
G0/0/0/1 G0/0/0/1
G0/0/0/0
PE1_CL16 - P1_CL16 - PE2_CL16
G0/2
XR XR 192.168.34.4
-IOS
192.168.23.3
G0/0/0/0 G0/1
192.168.12.1
G0/1 192.168.45.5
G0/1
CE1_CL16 -
IOS CE2_CL16
-IOS
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# load merge /home/cisco/content/add_interfaces.txt
Loading.
701 bytes parsed in 0.09 sec (7.12 KiB/sec)
admin@ncs(config)#commit
Page 38 of 80
3.11 Rollback Configuration Changes:
To show Rollback of configuration changes we will change Hostname
1) Go to the devices and click on P1_CL16, and change the hostname under the “config“
tab as follows to something different:
4) Click on the rollback on left side under Views and then on right side click on topmost
row you will see the changes rollback script going to make in bottom pan.
Page 39 of 80
Note that both GUI changes and CLI changes can be rolled back through this option. A
similar list is also available for rollback in the CLI:
5) Perform the rollback, by choosing the “load rollback<id>” option from this page and choose
“selective”. A rollback confirmation will be shown in the information pop-up:
Page 40 of 80
6) Just like other confirmation changes, this config change due to rollback is still local to
the GUI and now needs to be pushed to the device. A commit dry run will show the
changes:
RP/0/0/CPU0:P1_CL#
RP/0/0/CPU0:P1_CL16#show configuration commit changes last 1
Tue Jun 21 02:25:49.396 UTC
Building configuration...
Page 41 of 80
!! IOS XR Configuration 6.0.1
hostname P1_CL16
end
Note that to perform rollback operation from the CLI, the command to rollback is under the
config mode:
admin@ncs# conf
Entering configuration mode terminal
admin@ncs(config)# rollback configuration
Page 42 of 80
4 Lab Task 2-2: Creating and Implementing Service
Template
The service template requires that a new service package be created. To create that, you need to make
a YANG model for your service and an XML template.
YANG model is created to define all the parameters, which will be defined as part of the config for this
template. XML template is needed for translating those data values into a CLI that can be passed to
the device
You will have to source the ~/ncs412/ncsrc file if using new terminal session
You can view the tree structure created by using the “tree” command:
10 directories, 4 files
Page 43 of 80
Neighbor
OSPF Router ID OSPF Area Informatio
Process n
Name or
Number IP Address Integer IP address IOS XR IOS
Address
IOS XR IOS Neighbor
Family
Address
Type
Go to the directory ~/ncsw/packages/ospf/src/yang and view the ospf.yang file in it. This file is a basic
structure that the previous step’s command created. We will now have to populate it with our required
yang parameters:
module ospf {
namespace "http://com/example/ospf";
prefix ospf;
import ietf-inet-types {
prefix inet;
}
import tailf-ncs {
prefix ncs;
}
augment /ncs:services {
list ospf {
key name;
<<< snip >>>
Page 44 of 80
- Import : These are modules which are being imported to build on top of. In this case, we
are importing basic NSO module, and IEFT-INET-TYPE module
- Augment: This is the config section that this YANG module will add to. In this case, we are
augmenting on the “services” keyword in the NSO CLI
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ cp ~/content/ospf.yang
~/ncsw/packages/ospf/src/yang/ospf.yang
The Appendix section walks through the complete set of steps involved in building this yang file.
You can refer to this section and follow the steps there to build your model step by step.
“Pyang” is written in Python, hence the “P”. There are other tools available like Jyang – written
in Java
Save the file, and from the prompt, run PYANG as shown below:
cisco@ubuntu:~/ncsw$ cd ~/ncsw/packages/ospf/src/yang
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ ls -al ospf.yang
-rw-rw-r-- 1 cisco cisco 2217 May 28 16:16 ospf.yang
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ pyang ospf.yang
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$
Since we didn’t get any error, this means that everything is fine. However, if there are any sytax errors,
then those will need to be addressed before processed.
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ cd ~/ncsw/packages/ospf/src
cisco@ubuntu:~/ncsw/packages/ospf/src$ make
Page 45 of 80
Congratulations! You have now completed the model development. You can refer to Appendix for some
optional changes you can make this model a bit more interesting.
Note that the CLI will be configurable, but there will be no way to translate it to a format that can
be understood by the device (i.e. IOS-XR CLI syntax). That part (translation from yang model
based CLI, to IOS-XR CLI) is done through the XML template. So lets define the XML template.
Page 46 of 80
4.6 Adding XML Template:
We have pre-built the XML file and ready to be used. It can be copied to the appropriate location using
the below steps.
The details and full set of steps to build this XML file are included in Appendix section, and you
are encouraged to try that out if time permits during the session or later.
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ cp ~/content/ospf.xml
~/ncsw/packages/ospf/templates/ospf.xml
Now we can define the service and convert to CLI. To view the translated version to CLI before you
commit, use “Commit dry-run”:
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# services ospf PE1_CL16 process-id 1 iosxr router-id
2.2.2.2 area-id 0 interface-name Giga0/0/0/1
admin@ncs(config-interface-name-Giga0/0/0/1)# top
admin@ncs(config)# show configuration
services ospf PE1_CL16
process-id 1
iosxr router-id 2.2.2.2
iosxr area-id 0
interface-name Giga0/0/0/1
!
!
!
admin@ncs(config)# commit dry-run outformat cli
device PE1_CL16
config {
cisco-ios-xr:router {
+ ospf 1 {
+ router-id 2.2.2.2;
Page 47 of 80
+ area 0 {
+ interface Giga0/0/0/1;
+ }
+ }
}
}
admin@ncs(config)# commit
On the PE1_CL16 router, you can see the changes of the last commit:
admin@ncs(config-network-192.168.12.0/0.0.0.255)# top
admin@ncs(config)# show config
services ospf CE1_CL16
process-id 1
ios router-id 1.1.1.1
ios network 192.168.12.0 0.0.0.255
area [ 0 ]
!
!
admin@ncs(config)# commit dry-run outformat cli
device CE1_CL16
config {
ios:router {
+ ospf 1 {
+ non-vrf {
+ router-id 1.1.1.1;
+ network 192.168.12.0 0.0.0.255 {
+ area 0;
+ }
+ }
+ }
}
Page 48 of 80
}
admin@ncs(config)#commit
Our template and yang models are now complete! Lets try applying these through the GUI in the next
section
You can Add a new service using the “+” option and provide device name “P1_CL16” (make sure you
type device name correct)
Page 49 of 80
Once you add the device name, Click on device-name to provide parameters for this device:
Enter the process ID “1” as shown above, and for the remainder of the XR specific config, go to the
“IOSXR” section. Provide the router ID “3.3.3.3”
add (+) the area-id 0 and then interfaces Gig0/0/0/0 and Gig0/0/0/1 in area 0 :
Page 50 of 80
Hit Back button from Browser once and then add other interface Gig0/0/0/1 as well.
Page 51 of 80
Before committing the changes, do a dry run, and if everything looks ok, then go ahead and commit that
will push the config to the device P1_CL16:
Page 52 of 80
4.10 Adding 2nd Interface to existing OSPF process:
So far we have added interface and area in one shot. Lets check if our model and template work fine
when there are the service stays intact when additional interfaces or area is added on top of the existing
service.
We will work on PE1_CL16 for this example. The currently configured service for this device is:
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)# end
Page 53 of 80
4.11 Completing OSPF config for remaining devices:
G0/0/0/1 G0/0/0/1
192.168.12.2 192.168.23. 192.168.34 192.168.45.4
G0/0/0/0
PE1_CL16 2
P1_CL16
.3
PE2_CL
G0/2
- XR - XR 192.168.316 -IOS
192.168.23
4.4
.3
G0/0/0/0 G0/1
192.168.1
2.1 G0/1 G0/1
192.168.
45.5
CE1_CL1
6 - IOS CE2_CL
16 -IOS
Complete the configuration for OSPF on the remaining devices: PE2_CL16, CE2_CL16 using the
following information:
Lets configure PE2 first, below are the steps you would need to take to configure PE2, and validate that
config changes before committing:
Page 54 of 80
ios:router {
+ ospf 1 {
+ non-vrf {
+ router-id 4.4.4.4;
+ network 192.168.34.0 0.0.0.255 {
+ area 0;
+ }
+ network 192.168.45.0 0.0.0.255 {
+ area 0;
+ }
+ }
+ }
}
}
admin@ncs(config)# commit
Commit complete.
admin@ncs(config)#
If you want to configure this device using CLI as well, you can use:
services ospf CE2_CL16 process-id 1 ios router-id 5.5.5.5 network 192.168.45.0 0.0.0.255 area
0
Choose the “add(+)” option, and enter the device name CE2_CL16.
Add the device, and after clicking on device name on the subsequent screen, enter process ID 1 and go
to the IOS section. In the IOS section, and enter the router-id as 5.5.5.5 and then network
(192.168.45.0) and mask (0.0.0.255) as follows
Page 55 of 80
July 10, 2016 LTRSPG-2515-Using NSO with tail-f
Page 56 of 80
After the above steps, the commit dry run option can be used to view the changes being committed:
This completes our OSPF configuration end to end. Lets checkout the OSPF routes at the CE1_CL16
device, and see if you can ping CE2_CL16 interface:
Page 57 of 80
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Page 58 of 80
5 Bonus Content
cisco@ubuntu:~$ cd ~/ncsw/packages/ospf/src/yang
cisco@ubuntu:~/ncsw/packages/ospf/src/yang$ pyang -f yin ospf.yang
<?xml version="1.0" encoding="UTF-8"?>
<module name="ospf"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:ospf="http://com/example/ospf"
xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
xmlns:ncs="http://tail-f.com/ns/ncs"
xmlns:tailf="http://tail-f.com/yang/common">
<namespace uri="http://com/example/ospf"/>
<prefix value="ospf"/>
<import module="ietf-inet-types">
<prefix value="inet"/>
</import>
<import module="tailf-ncs">
<prefix value="ncs"/>
</import>
<import module="tailf-common">
<prefix value="tailf"/>
</import>
<typedef name="ospf-area">
<type name="union">
<type name="uint32"/>
<type name="inet:ipv4-address"/>
</type>
</typedef>
<augment target-node="/ncs:services">
<list name="ospf">
<uses name="ncs:service-data"/>
<ncs:servicepoint id="ospf"/>
<key value="device-name"/>
<leaf name="device-name">
<mandatory value="true"/>
<type name="leafref">
<path value="/ncs:devices/ncs:device/ncs:name"/>
<<<< snipped >>>>
</container>
<tailf:callpoint id="ncs-rfs-service-hook">
<tailf:transaction-hook value="subtree">
<tailf:invocation-mode value="per-transaction"/>
</tailf:transaction-hook>
</tailf:callpoint>
</list>
</augment>
</module>
Page 59 of 80
5.1.2 Generating HTML view of YANG module:
One of the other fancy things PYANG can do is to generate an HTML view of any yang file. You can do
that and place the HTML file in the web browser directory and view using the browser. Steps are shown
below:
Page 60 of 80
How many bits in the modulus [2048]:
Generating RSA keys ...
Done w/ crypto generate keypair
[OK]
Once the agent is enabled, you can use ssh netconf mode to communicate to the device using netconf:
To get Config of all Gige Interfaces paste the below text after above ssh o/p
Page 61 of 80
You can find the full text in the file ~/content/get-gige-xml.txt . You can use this file to copy
the lines and paste in your session.
Page 62 of 80
]]>]]>
Page 63 of 80
]]>]]>
You can now verify from the device if this config took place:
Reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
<ok/>
</rpc-reply>
]]>]]>
<?xml version="1.0"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session/>
</rpc>
]]>]]>
Page 64 of 80
<?xml version="1.0"?>
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
]]>]]>
RP/0/0/CPU0:PE1_CL16(config)#show configuration
Tue May 26 21:41:34.459 UTC
Building configuration...
!! IOS XR Configuration 5.3.1.30I
no xml agent tty
no netconf agent tty
netconf-yang agent
ssh
!
end
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:yes
cisco@198.18.1.31's password:
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-
monitoring?deviation=cisco-xr-netconf-monitoring-deviations</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:rollback-on-
error:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:confirmed-
commit:1.1</capability>
<capability>http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-lib-
cfg?module=Cisco-IOS-XR-aaa-lib-cfg&revision=2015-11-09</capability>
<capability>http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-locald-admin-
cfg?module=Cisco-IOS-XR-aaa-locald-admin-cfg&revision=2015-11-
09</capability>
……………….
</capabilities>
<session-id>2476810085</session-id>
</hello>
]]>]]>
Page 65 of 80
6 Appendix
You can start using any of your favorite editor (vim/vi/nano) to edit following sections.
One of the parameters (OSPF Area) doesn’t have a pre-defined type, since it can take up various type
of values. We will use this as an example of defining a new variable type as shown below:
The new defined type “ospf-area” can take any integer value (32 bit) or an IPv4 value. Note that the
IPv4 type is pre-defined in the module we imported “ietf-inet-type”
In the next few steps, we will build the yang file step by step. However, a copy of the final yang
model is available at ~/content/ospf.yang, If you want to do a comparison with this file or use it
instead of typing out each step, you can reference it. (Take care about extra line breaks if you
paste the contents into a new file)
augment /ncs:services {
list ospf {
key name;
uses ncs:service-data;
ncs:servicepoint "ospf";
leaf name {
type string;
}
Page 66 of 80
type inet:ipv4-address;
}
}
Note that the brackets marked in blue are enclosing the OSPF definition, and both of these
should be kept in place.
Since we are augmenting the “service” keyword, we are defining a new keyword “ospf” under it, the
following two lines will be required to allow this to work,these should already be present in the yang file.
augment /ncs:services {
list ospf {
uses ncs:service-data;
ncs:servicepoint "ospf";
namespace "http://com/example/ospf";
prefix ospf;
import ietf-inet-types {
prefix inet;
}
import tailf-ncs {
prefix ncs;
}
import tailf-common { prefix tailf; }
augment /ncs:services {
list ospf {
uses ncs:service-data;
ncs:servicepoint "ospf";
}
}
}
Page 67 of 80
Augment
Services
OSPF
/// Let’s define our first Leaf and it’s value in this YANG mode
list ospf {
uses ncs:service-data;
ncs:servicepoint "ospf";
key "device-name";
leaf device-name {
mandatory true;
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
}
leaf process-id {
mandatory true;
type string;
}
Page 68 of 80
6.1.4 Using Containers - Differentiating between IOS and IOS-XR:
Containers are meant to group a set of values. A conditional statement can be added to the container
definition to define when this container will be applicable and when it should be omitted.
In our case, since the parameters being defined for IOS versus those defined for IOS-XR are slightly
different, we will use containers to group these values separately. Copy/paste below section in
continuation to last section.
Augment
Services
OSPF
container iosxr {
when "/ncs:devices/ncs:device[ncs:name=current()/../device-
name]/ncs:device-type/ncs:cli/ncs:ned-id = 'cisco-ios-xr-id:cisco-ios-xr'"
{
// tailf:dependency "../device-name";
// tailf:dependency "/ncs:devices/ncs:device/ncs:device-type";
}
Note that the brackets marked in red spread over sections 4.6 & 4.7 are enclosing the container
iosxr.
Note that in the above container selection, we are using the condition defined in “when”.
Here we are referencing the current device’s parameters (using:
/ncs:devices/ncs:device[ncs:name=current() ) and then referencing its OS type, and checking if its
defined as “cisco-ios-xr-id:cisco-ios-xr”.
You can get a good view of the defined hierarchy by using the following command as an example in the
NSO CLI:
Page 69 of 80
admin@ncs# show running-config devices device P1_CL16 | display xpath
/
/devices/device[name='P1_CL16']/device-type/cli/ned-id cisco-ios-xr
Augment
Services
OSPF
leaf router-id {
tailf:info "OSPF XR Router ID";
mandatory true;
type inet:ipv4-address;
}
Page 70 of 80
list area-id {
tailf:info "OSPF XR Area ID";
key "area";
leaf area {
mandatory true;
type ospf-area;
}
// Let’s define the Interface
list interface-name {
key "interface-number";
leaf interface-number {
tailf:info "IOS-XR OSPF interface" ;
type string;
}
}
}
}
Page 71 of 80
Augment
Services
OSPF
container ios {
when "/ncs:devices/ncs:device[ncs:name=current()/../device-
name]/ncs:device-type/ncs:cli/ncs:ned-id = 'ios-id:cisco-ios'" {
// tailf:dependency "../device-name";
// tailf:dependency "/ncs:devices/ncs:device/ncs:device-type";
}
leaf router-id {
tailf:info "OSPF Router ID";
mandatory true;
type inet:ipv4-address;
}
// Let’s define the Area ID, Network and mask
list network {
tailf:info "OSPF Area ID";
key "ip mask";
leaf-list area {
type ospf-area;
}
leaf ip {
mandatory true;
tailf:info "IOS OSPF network" ;
type inet:ipv4-address;
}
leaf mask {
mandatory true;
tailf:info "IOS OSPF network mask";
type inet:ipv4-address;
Page 72 of 80
}
}
}
}
}
}
Note that the brackets marked in red are enclosing the container ios.
module ospf {
namespace "http://com/example/ospf";
prefix ospf;
import ietf-inet-types {
prefix inet;
}
import tailf-ncs {
prefix ncs;
}
// Section 4.5
augment /ncs:services {
list ospf {
uses ncs:service-data;
ncs:servicepoint "ospf";
key "device-name";
leaf device-name {
mandatory true;
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
}
leaf process-id {
mandatory true;
type string;
}
// Section 4.6
container iosxr {
Page 73 of 80
when "/ncs:devices/ncs:device[ncs:name=current()/../device-
name]/ncs:device-type/ncs:cli/ncs:ned-id = 'cisco-ios-xr-id:cisco-ios-xr'"
{
// tailf:dependency "../device-name";
// tailf:dependency "/ncs:devices/ncs:device/ncs:device-
type";
}
// Section 4.7
leaf router-id {
tailf:info "OSPF XR Router ID";
mandatory true;
type inet:ipv4-address;
}
list area-id {
tailf:info "OSPF XR Area ID";
key "area";
leaf area {
mandatory true;
type ospf-area;
}
list interface-name {
key "interface-number";
leaf interface-number {
tailf:info "IOS-XR OSPF interface" ;
type string;
}
}
}
}
// Section 4.8
container ios {
when "/ncs:devices/ncs:device[ncs:name=current()/../device-
name]/ncs:device-type/ncs:cli/ncs:ned-id = 'ios-id:cisco-ios'" {
// tailf:dependency "../device-name";
// tailf:dependency "/ncs:devices/ncs:device/ncs:device-type";
}
leaf router-id {
tailf:info "OSPF Router ID";
mandatory true;
type inet:ipv4-address;
}
list network {
tailf:info "OSPF Area ID";
key "ip mask";
leaf-list area {
type ospf-area;
}
leaf ip {
mandatory true;
tailf:info "IOS OSPF network" ;
type inet:ipv4-address;
}
leaf mask {
mandatory true;
Page 74 of 80
tailf:info "IOS OSPF network mask";
type inet:ipv4-address;
}
}
}
}
}
}
cisco@ubuntu:~/ncsw/packages/ospf$ cd ~/ncsw/packages/ospf/templates/
cisco@ubuntu:~/ncsw/packages/ospf/templates$ ls -al
total 12
drwxr-xr-x 2 cisco cisco 4096 May 27 15:04 .
drwxrwxr-x 5 cisco cisco 4096 May 27 15:04 ..
-rw-rw-r-- 1 cisco cisco 732 May 27 15:04 ospf.xml
From the existing file, remove the comment lines, which will leave you with the following starting
template:
<config-template xmlns="http://tail-f.com/ns/config/1.0"
servicepoint="ospf">
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>{/device}</name>
<config>
</config>
</device>
</devices>
</config-template>
Notice that in the XML template, the device name is assumed to be represented by the variable
“device”.
<device>
<name>{/device}</name>
Make this change the XML file that you are editing:
<config-template xmlns="http://tail-f.com/ns/config/1.0"
servicepoint="ospf">
Page 75 of 80
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>{/device-name}</name>
<config>
</config>
</device>
</devices>
</config-template>
To achieve this, we will need to define the tags based on how config is done on a device. We can
make the task easier by taking help from NSO since XML can present us the XML translation of a
configuration. That translation can be used to construct the template by replacing the values with the
variables we have defined.
To generate that translation, lets configure OSPF on one of our XR devices..and see the translation.
We do not need to commit this change, as our intent is only to get the XML view:
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device PE1_CL16 config
admin@ncs(config-config)# cisco-ios-xr:router ospf 1
admin@ncs(config-ospf)# router-id 3.3.3.3
admin@ncs(config-ospf)# area 0
admin@ncs(config-ospf-ar)# interface Giga0/0/0/0
admin@ncs(config-ospf-ar-if)# exit
admin@ncs(config-ospf-ar)# interface Giga0/0/0/1
admin@ncs(config-ospf-ar-if)# top
admin@ncs(config)# commit dry-run outformat xml
device PE1_CL16
<router xmlns="http://tail-f.com/ned/cisco-ios-xr">
<ospf>
<name>1</name>
<router-id>3.3.3.3</router-id>
<area>
<id>0</id>
<interface>
<name>Giga0/0/0/0</name>
</interface>
<interface>
<name>Giga0/0/0/1</name>
</interface>
</area>
</ospf>
</router>
admin@ncs(config)#
Lets look closely at the tags above… and match them with the values in the YANG model:
Page 76 of 80
Leaf Name XML Tag
process-id <ospf><name> … </name>
router-id <router-id> … </router-id>
area-id/area <area><id>…</id>………</area>
interface-name/interface-number <interface><name>…</name></interface>
Using these mappings, lets fill in the <config> section of the XML template. Since all the mappings are
for IOS-XR config, we will comment this section accordingly.
<config-template xmlns="http://tail-f.com/ns/config/1.0"
servicepoint="ospf">
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>{/device-name}</name>
<config>
<!-- IOSXR config -->
<router xmlns="http://tail-f.com/ned/cisco-ios-xr">
<ospf>
<name>{/process-id}</name>
<router-id>{/*/router-id}</router-id>
<area>
<id>{/*/area-id/area}</id>
<interface>
<name>{interface-name/interface-number}</name>
</interface>
Page 77 of 80
</area>
</ospf>
</router>
</config>
</device>
</devices>
</config-template>
First define the config in NSO CLI, and take an XML output as a sample:
Now create a section in the template file right after the </router> tag (belonging to IOS XR section) and
add the above config, as well as add a comment to indicate the separation ….A snippet of the modified
template is shown below, with the changes in bold
Page 78 of 80
<!-- IOS config -->
<router xmlns="urn:ios">
<ospf>
<id>1</id>
<non-vrf>
<router-id>1.1.1.1</router-id>
<network>
<ip>192.168.12.0</ip>
<mask>0.0.0.255</mask>
<area>0</area>
</network>
</non-vrf>
</ospf>
</router>
</config>
</device>
</devices>
Lets map these template tags to the IOS container variables we have in YANG model:
And finally, use this mapping to change the templates explicit values to the YANG variables instead:
Page 79 of 80
Now lets reload the package in the CLI
Page 80 of 80