.svg?sv=2022-11-02&spr=https&st=2025-02-22T08%3A32%3A24Z&se=2025-02-22T08%3A42%3A24Z&sr=c&sp=r&sig=N%2BpJGzo3QLoCiQaD0fHCIHxQpoIsoFseqNZI6Z3ovNk%3D){kind=logo}
Setting up NSO with Provider Connectivity Assurance
- 07 Feb 2025
- 9 Minutes to read
- Contributors
- Print
- PDF
Setting up NSO with Provider Connectivity Assurance
- Updated on 07 Feb 2025
- 9 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
In this article, we a look at how to set up Cisco Crosswork Network Services Orchestrator (NSO) to interwork with Provider Connectivity Assurance.
Overview
The configuration described in this article uses a locally-installed Docker version of Cisco Network Services Orchestrator (NSO) connecting to Provider Connectivity Assurance residing in the cloud. This setup is suitable for interacting with cloud-managed Sensor Agents using NSO.
NSO uses Network Element Drivers (NEDs) to communicate with external devices and services.
An NED for Provider Connectivity Assurance is available to download from NSO >link>
Installing NSO Docker
To install the NSO Docker:
- Download the proper NSO version package from software.cisco.com
Note that the evaluation version of 6.3.6 is available here
Below is an example of how to load the container on an x86 64-bit Linux system.
user@server:~/nso$ sudo docker load -i nso-6.3.2.container-image-prod.linux.x86_64.tar.gz
9da967724761: Loading layer [==================================================>] 257MB/257MB
b110bf973e51: Loading layer [==================================================>] 1.217GB/1.217GB
Loaded image: cisco-nso-prod:6.3.2
user@server:~/nso$
Start NSO and Load Provider Connectivity Assurance (Skylight) NED
Start NSO
To start the nso container:
- Use Docker run with startup parameters as shown in the example below.
The username and password settings are later used to log in to the NSO CLI.
sudo docker run -itd --name cisco-nso-2409 \
-v NSO-vol2409:/nso \
-v NSO-log-vol2409:/log \
-p 8888:8888 \
-p 4569:4569 \
-e ADMIN_USERNAME=admin\
-e ADMIN_PASSWORD=admin\
cisco-nso-prod:6.3.3
Import the NED
To import the NED:
- Download the Provider Connectivity Assurance NED from >link<
- Copy it into the NSO container file system.
user@server:~/nso$ sudo docker cp ncs-6.3-accedian-skylight-2.0.1_2611e64.tar.gz CONTAINERID:/nso/run/packages/
Launch NSO CLI and Load the NED
To launch NSO CLI and load the NED:
- Use Docker exec. to enter into the NSO container.
- Launch the ncs_cli
- Reload packages.
If the Provider Connectivity Assurance NED was placed in the proper directory, it will load and provide result as shown below.
user@server:~/nso$ sudo docker exec -it CONTAINERID bash
[root@542702bcc266 /]# ncs_cli -u admin -C
admin connected from 127.0.0.1 using console on 123702bcc266
admin@ncs# packages reload
>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully.
reload-result {
package accedian-skylight-gen-2.0
result true
}
admin@ncs#
Configure NSO to Talk to Provider Connectivity Assurance
Using Certificate or Key Authentication
Prepare NSO Authentication Configuration File
To prepare NSO Authenication Configuration File:
- Create a file, for example my-nso-configuration.txt with the contents below, replacing address with the FQDN of the Provider Connectivity Assurance Analytics instance to connect to.
devices device skylight
address mytenant.test.analytics.accedian.io
port 443
device-type generic ned-id accedian-skylight-gen-2.0
connect-timeout 600
read-timeout 600
write-timeout 120
trace raw
ned-settings accedian-skylight connection authentication method none
ned-settings accedian-skylight connection authentication mode probe
ned-settings accedian-skylight connection authentication token-request url /api/v1/auth/login
ned-settings accedian-skylight connection ssl accept-any true
ned-settings accedian-skylight live-status time-to-live 15
ned-settings accedian-skylight restconf url-base /restconf
ned-settings accedian-skylight restconf model-discovery disabled
ned-settings accedian-skylight restconf capability-discovery disabled
ned-settings accedian-skylight restconf config append-content-config-query true
ned-settings accedian-skylight restconf notif automatic-stream-discovery enabled
ned-settings accedian-skylight restconf notif preferred-encoding json
ned-settings accedian-skylight restconf profile none
ned-settings accedian-skylight logger level debug
ned-settings accedian-skylight connection ssl mtls client certificate <certificate goes here>
ned-settings accedian-skylight connection ssl mtls client private-key <key goes here>
state admin-state unlocked
!
Note
For best performance, the append-content-config-query parameter needs to be set to true.
ned-settings accedian-skylight restconf config append-content-config-query true
Add Client Certificate to Configuration
To add client certificate to configuration:
- Retrieve the cert.pem and cert.key files from a deployed Sensor Collector (Roadrunner) instance located in the .rr_ssh/ directory where the collector was installed. Base-64-encode the certificate string, without line wrapping (-w 0 ).
base64 -w 0 < cert.pem
Abde76dfasdfwwfetrtertert42wrSkRBQ1phNGlDQWlQdng3aVk0ZHhrd3dxQVByM04yNnJmSFNBaUJnUTNNMTJPbzJ6U0NDUEZQendyTQpHNFVKVUZv
.
.
.
clhlbVh0Q2p5WTVvVEFTdnIzRzVqV3ZxSkVMeXdqd3dxOHZPV3lza2tlOFZJRjhIbjhLeHpZcDRmCjM0RGRhN0tMMDlkMDNCd0V0RkZvRU9hVDhxZGpkYW94UlJtRDZEYzdGY2lnajVLQjBjL045bGl4SzM4bjJ2ZmYKZVB2THc5VHE4Q1pjTnZUUUZBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- Copy the resulting certificate including the trailing "=" sign and paste it on the "ned-settings accedian-skylight connection ssl mtls client certificate" line in the configuration file.
Add the Private Key to the Configuration
To add the private key to the configuration:
- Remove newlines, BEGIN and END lines from the cert.key.
cat cert.key | grep -v \- | tr -d '\n'
Abcdefghi28468ysffdnD68X0R3QC8PHUQRx5mjogM2kQpumjOSIUcIO0cb1jQeQQ/q90ZN71pjhS69CfeKYt0kr6SyHwWjbM4OJTE7JK6GIz6Ovs9MwNTgE
.
.
.
IZLZ2waC7wmo6mXuWOUt9bKysuN0/J7o7wA0VNXudrPosNyMy0tZCugQmVFiaF+GDDSP6kaGFShqfuD1X+f/cWDSDMnNW4somsivy7p05TVpZwFv7X9bv9sYl7+F0ymgmM52gXRMvUd8ipbp1XFqBz2WhH6c8b8Cw94yp4Ji8X7Lr3VA5Qp+v5YvDuxSykmm2YkvTY8/jT2HXNDCNEVAH0eHAML2KQj5wEmRCuRDvXyPd9RTZDnXa+1O3TEBzeQ==
- Copy the resulting key including the two trailing "==" signs and paste it at the "ned-settings accedian-skylight connection ssl mtls client private-key" line in the configuration file.
Load Configuration File into NSO
To load configuration file into NSO:
- Copy the configuration file with the certificate and key into the NSO container
- Load this configuration using "load merge" in the NSO CLI.
user@server:~/nso$ sudo docker cp my-nso-configuration.txt CONTAINERID:/
user@server:~/nso$ sudo docker exec -it CONTAINERID bash
[root@542702bcc266 /]# ncs_cli -u admin -C
admin connected from 127.0.0.1 using console on 123702bcc266
admin@ncs# config t
admin@ncs(config)# load merge my-nso-configuration.txt
Loading.
7.26 KiB parsed in 0.05 sec (131.58 KiB/sec)
admin@ncs(config)# commit
Commit complete.
Provider Connectivity Assurance Connection
To test Provider Connectivity Assurance connection, use the below example:
admin@ncs# config t
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# sync-from
Success!
Configuration Examples
Set Up Service with Two Sessions, Topology Metadata, and an Alert Policy:
devices device skylight
config
alert-policies alert-policy demo-nso-1
policy-name demo-nso-1-name
description description-demo-nso
policy-type metric
policy metric-policy conditions alert_rule1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 1000.0
triggers-on comparator gte
recovers-on threshold 1000.0
recovers-on comparator lt
!
!
metadata-config metadata-key lab
!
metadata-config metadata-key region
!
service-endpoints service-endpoint nso-demo-agent-1
endpoint-name nso-demo-agent-1
type ne-endpoint
config ne-config ne-id nso-demo-agent-1
config ne-config vlan-id 1
config ne-config ip 192.168.0.4
!
service-endpoints service-endpoint nso-demo-agent-2
endpoint-name nso-demo-agent-2
type ne-endpoint
config ne-config ne-id nso-demo-agent-2
config ne-config vlan-id 1
config ne-config ip 192.168.0.6
!
sessions session nso-demo-twamp-1
session-name nso-demo-twamp-1
session-type twamp-light
service-endpoints nso-demo-agent-2
session-protocol twamp-light session-reflector admin-state true reflector-ud
p-port 862 mode stateful
!
service-endpoints nso-demo-agent-1
session-protocol twamp-light session-sender admin-state true reflector-udp-p
ort 4002 test-packets rate 20
!
!
services service nso-demo-service
service-name nso-demo-service
description "hello"
sessions nso-demo-twamp-1
metadata key-value region value Stockholm
metadata key-value lab value assurance-demo
alerts demo-nso-1
!
!
!
Create ne-endpoint for TWAMP or Agent Tests
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint test_ne_ep-nso1 type ne-endpoint endpoint-name test-ep_name description test config ne-config ip 86.68.86.88 ne-id pe2488_A24 vlan-id 2488
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# show f
devices device skylight
config
service-endpoints service-endpoint test_ne_ep-nso1
endpoint-name test-ep_name
description test
type ne-endpoint
config ne-config ne-id pe2488_A24
config ne-config vlan-id 2488
config ne-config ip 86.68.86.88
!
!
!
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# commit
Commit complete.
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# exit
admin@ncs(config-config)# show full service-endpoint
devices device skylight
config
service-endpoints service-endpoint SE_momo-001-id
endpoint-name SE_momo-001-name
type ne-endpoint
config ne-config ne-id pe2488_A24
config ne-config vlan-id 2488
config ne-config ip 86.68.86.88
!
!
!
Create nid-endpoint for SAT Tests
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1 type nid-endpoint endpoint-name en_P100-6989-nni_SSC186_1 group-id test123 description clone config nid-config nid-id 10.220.10.186.NN-TEST_24 sub-id P100-6989-123-Aa_24 port P100-6989-123-Aa_24-NNI
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)#
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)# show full
devices device skylight
config
service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1
endpoint-name en_P100-6989-nni_SSC186_1
group-id test123
description clone
type nid-endpoint
config nid-config nid-id 10.220.10.186.NN-TEST_24
config nid-config sub-id P100-6989-123-Aa_24
config nid-config port P100-6989-123-Aa_24-NNI
!
!
!
Create TWAMP Light Session
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# sessions session si-TWAMP_HCCM-1 session-name si-TWAMP_HCCM-1 description "TWAMP light session" session-type twamp-light service-endpoints SE_momo-001-id session-protocol twamp-light session-sender admin-state true
dmin@ncs(config-service-endpoints-SE_momo-001-id)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
!
!
!
admin@ncs(config-service-endpoints-SE_momo-001-id)# exit
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
!
!
!
admin@ncs(config-session-si-TWAMP_HCCM-1)# service-endpoints SE_momo-002-id session-protocol twamp-light session-reflector admin-state true
admin@ncs(config-service-endpoints-SE_momo-002-id)#
admin@ncs(config-service-endpoints-SE_momo-002-id)#
admin@ncs(config-service-endpoints-SE_momo-002-id)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
admin@ncs(config-service-endpoints-SE_momo-002-id)# exit
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
admin@ncs(config-session-si-TWAMP_HCCM-1)#
admin@ncs(config-session-si-TWAMP_HCCM-1)# commit
Commit complete.
admin@ncs(config-session-si-TWAMP_HCCM-1)# exit
admin@ncs(config-config)# show full sessions session si-TWAMP_HCCM-1
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
Create an Alert Policy
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# alert-policies alert-policy policyId1 policy-name policyName1 description "test policy" policy-type metric policy metric-policy conditions condId1 metric-type delay-max alert-direction ds alert-severity critical triggers-on threshold 100 comparator gt duration-sec 30 ratio 10
admin@ncs(config-conditions-condId1)# recovers-on threshold 30 comparator lt duration-sec 60 ratio 20
admin@ncs(config-conditions-condId1)# show full
devices device skylight
config
alert-policies alert-policy policyId1
policy metric-policy conditions condId1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 100.0
triggers-on comparator gt
triggers-on duration-sec 30
triggers-on ratio 10
recovers-on threshold 30.0
recovers-on comparator lt
recovers-on duration-sec 60
recovers-on ratio 20
!
!
!
!
admin@ncs(config-conditions-condId1)# commit
Commit complete.
admin@ncs(config-conditions-condId1)# exit
admin@ncs(config-alert-policy-policyId1)# exit
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)# show full alert-policies alert-policy policyId1
devices device skylight
config
alert-policies alert-policy policyId1
policy-name policyName1
description "test policy"
policy-type metric
policy metric-policy conditions condId1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 100.0
triggers-on comparator gt
triggers-on duration-sec 30
triggers-on ratio 10
recovers-on threshold 30.0
recovers-on comparator lt
recovers-on duration-sec 60
recovers-on ratio 20
!
!
!
!
Create a Service with Metadata Tag and Connect it to an Alert Policy
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# services service new-service_id1 service-name new-service_name1 group-id Gg123 sessions si-TWAMP_HCCM-1
admin@ncs(config-sessions-si-TWAMP_HCCM-1)# exit
admin@ncs(config-service-new-service_id1)# alerts policyId1
admin@ncs(config-alerts-policyId1)# exit
admin@ncs(config-service-new-service_id1)# metadata key-value test123456789 value TESTabc
admin@ncs(config-key-value-test123456789)# exit
admin@ncs(config-service-new-service_id1)# show full
devices device skylight
config
services service new-service_id1
service-name new-service_name1
group-id Gg123
sessions si-TWAMP_HCCM-1
!
metadata key-value test123456789
value TESTabc
!
alerts policyId1
!
!
!
!
admin@ncs(config-service-new-service_id1)# commit
Commit complete.
admin@ncs(config-service-new-service_id1)# exit
admin@ncs(config-config)# show full services service new-service_id1
devices device skylight
config
services service new-service_id1
service-name new-service_name1
group-id Gg123
sessions si-TWAMP_HCCM-1
!
metadata key-value test123456789
value TESTabc
!
alerts policyId1
!
!
!
!
Start and Stop a Session
To start a session:
admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 start
To stop a session:
admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 stop
Add a Session to a Service
To assign a session to a service:
admin@ncs(config-config)# services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-sessions-si-rfc2544L3_op2)# commit
Commit complete.
admin@ncs(config-sessions-si-rfc2544L3_op2)# exit
admin@ncs(config-service-service-HCCM1_id)# exit
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
config
services service service-HCCM1_id
service-name service-HCCM1_name
group-id HCM001
description "service 001"
sessions si-rfc2544L3_op2
!
!
!
!
Remove a Session from a Service
To unassign a session from a service:
admin@ncs(config-config)# no services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)# commit
Commit complete.
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
config
services service service-HCCM1_id
service-name service-HCCM1_name
group-id HCM001
description "service 001"
!
!
!
For more information on how to use Cisco NSO, see full documentation here: https://developer.cisco.com/docs/nso/guides/user-guide-about/#about
© 2025 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?