Setting up NSO with Provider Connectivity Assurance
  • 01 Nov 2024
  • 9 Minutes to read
  • Contributors
  • PDF

Setting up NSO with Provider Connectivity Assurance

  • PDF

Article summary

In this article, we a look at how to set up Cisco Crosswork Network Services Orchestrator (NSO) to interwork with Provider Connectivity Assurance.

Overview

The configuration described in this article uses a locally-installed Docker version of Cisco Network Services Orchestrator (NSO) connecting to Provider Connectivity Assurance residing in the cloud. This setup is suitable for interacting with cloud-managed Sensor Agents using NSO.

NSO-and-PCA

NSO uses Network Element Drivers (NEDs) to communicate with external devices and services.
An NED for Provider Connectivity Assurance is available to download from NSO >link>

Installing NSO Docker

To install the NSO Docker:

  1. Download the proper NSO version package from software.cisco.com
    Note that the evaluation version of 6.3.3 is available here:
    https://software.cisco.com/download/home/286331402/type/286283941/release/6.3.3

Below is an example of how to load the container on an x86 64-bit Linux system.

user@server:~/nso$ sudo docker load -i nso-6.3.2.container-image-prod.linux.x86_64.tar.gz      
9da967724761: Loading layer [==================================================>]    257MB/257MB                     
b110bf973e51: Loading layer [==================================================>]  1.217GB/1.217GB                   
Loaded image: cisco-nso-prod:6.3.2                                                                                   
user@server:~/nso$  

Start NSO and Load Provider Connectivity Assurance (Skylight) NED

Start NSO

To start the nso container:

  1. Use Docker run with startup parameters as shown in the example below.
    The username and password settings are later used to log in to the NSO CLI.
sudo docker run -itd --name cisco-nso-2409 \
        -v NSO-vol2409:/nso \
        -v NSO-log-vol2409:/log \
        -p 8888:8888 \
        -p 4569:4569 \
        -e ADMIN_USERNAME=admin\
        -e ADMIN_PASSWORD=admin\
        cisco-nso-prod:6.3.3
        

Import the NED

To import the NED:

  1. Download the Provider Connectivity Assurance NED from >link<
  2. Copy it into the NSO container file system.
user@server:~/nso$ sudo docker cp ncs-6.3-accedian-skylight-2.0.1_2611e64.tar.gz CONTAINERID:/nso/run/packages/

Launch NSO CLI and Load the NED

To launch NSO CLI and load the NED:

  1. Use Docker exec. to enter into the NSO container.
  2. Launch the ncs_cli
  3. Reload packages.
    If the Provider Connectivity Assurance NED was placed in the proper directory, it will load and provide result as shown below.
user@server:~/nso$ sudo docker exec -it CONTAINERID bash              
[root@542702bcc266 /]# ncs_cli -u admin -C                                           
admin connected from 127.0.0.1 using console on 123702bcc266                         
admin@ncs# packages reload                                                           
>>> System upgrade is starting.                                                      
>>> Sessions in configure mode must exit to operational mode.                        
>>> No configuration changes can be performed until upgrade has completed.           
>>> System upgrade has completed successfully.                                       
reload-result {                                                                      
    package accedian-skylight-gen-2.0                                                
    result true                                                                      
}                                                                                    
admin@ncs# 

Configure NSO to Talk to Provider Connectivity Assurance

Using Certificate or Key Authentication

Prepare NSO Authentication Configuration File

To prepare NSO Authenication Configuration File:

  1. Create a file, for example my-nso-configuration.txt with the contents below, replacing address with the FQDN of the Provider Connectivity Assurance Analytics instance to connect to.
devices device skylight
 address         mytenant.test.analytics.accedian.io
 port            443
 device-type generic ned-id accedian-skylight-gen-2.0
 connect-timeout 600
 read-timeout    600
 write-timeout   120
 trace           raw
 ned-settings accedian-skylight connection authentication method none
 ned-settings accedian-skylight connection authentication mode probe
 ned-settings accedian-skylight connection authentication token-request url /api/v1/auth/login
 ned-settings accedian-skylight connection ssl accept-any true
 ned-settings accedian-skylight live-status time-to-live 15
 ned-settings accedian-skylight restconf url-base /restconf
 ned-settings accedian-skylight restconf model-discovery disabled
 ned-settings accedian-skylight restconf capability-discovery disabled
 ned-settings accedian-skylight restconf config append-content-config-query true
 ned-settings accedian-skylight restconf notif automatic-stream-discovery enabled
 ned-settings accedian-skylight restconf notif preferred-encoding json
 ned-settings accedian-skylight restconf profile none
 ned-settings accedian-skylight logger level debug
 ned-settings accedian-skylight connection ssl mtls client certificate <certificate goes here>
 ned-settings accedian-skylight connection ssl mtls client private-key <key goes here>
 state admin-state unlocked
!
Note

For best performance, the append-content-config-query parameter needs to be set to true.

 ned-settings accedian-skylight restconf config append-content-config-query true

Add Client Certificate to Configuration

To add client certificate to configuration:

  1. Retrieve the cert.pem and cert.key files from a deployed Sensor Collector (Roadrunner) instance located in the .rr_ssh/ directory where the collector was installed. Base-64-encode the certificate string, without line wrapping (-w 0 ).
base64 -w 0 < cert.pem
Abde76dfasdfwwfetrtertert42wrSkRBQ1phNGlDQWlQdng3aVk0ZHhrd3dxQVByM04yNnJmSFNBaUJnUTNNMTJPbzJ6U0NDUEZQendyTQpHNFVKVUZv
.
.
.
clhlbVh0Q2p5WTVvVEFTdnIzRzVqV3ZxSkVMeXdqd3dxOHZPV3lza2tlOFZJRjhIbjhLeHpZcDRmCjM0RGRhN0tMMDlkMDNCd0V0RkZvRU9hVDhxZGpkYW94UlJtRDZEYzdGY2lnajVLQjBjL045bGl4SzM4bjJ2ZmYKZVB2THc5VHE4Q1pjTnZUUUZBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  1. Copy the resulting certificate including the trailing "=" sign and paste it on the "ned-settings accedian-skylight connection ssl mtls client certificate" line in the configuration file.

Add the Private Key to the Configuration

To add the private key to the configuration:

  1. Remove newlines, BEGIN and END lines from the cert.key.
cat cert.key | grep -v \- | tr -d '\n'
Abcdefghi28468ysffdnD68X0R3QC8PHUQRx5mjogM2kQpumjOSIUcIO0cb1jQeQQ/q90ZN71pjhS69CfeKYt0kr6SyHwWjbM4OJTE7JK6GIz6Ovs9MwNTgE
.
.
.
IZLZ2waC7wmo6mXuWOUt9bKysuN0/J7o7wA0VNXudrPosNyMy0tZCugQmVFiaF+GDDSP6kaGFShqfuD1X+f/cWDSDMnNW4somsivy7p05TVpZwFv7X9bv9sYl7+F0ymgmM52gXRMvUd8ipbp1XFqBz2WhH6c8b8Cw94yp4Ji8X7Lr3VA5Qp+v5YvDuxSykmm2YkvTY8/jT2HXNDCNEVAH0eHAML2KQj5wEmRCuRDvXyPd9RTZDnXa+1O3TEBzeQ==
  1. Copy the resulting key including the two trailing "==" signs and paste it at the "ned-settings accedian-skylight connection ssl mtls client private-key" line in the configuration file.

Load Configuration File into NSO

To load configuration file into NSO:

  1. Copy the configuration file with the certificate and key into the NSO container
  2. Load this configuration using "load merge" in the NSO CLI.
user@server:~/nso$ sudo docker cp my-nso-configuration.txt CONTAINERID:/ 
user@server:~/nso$ sudo docker exec -it CONTAINERID bash              
[root@542702bcc266 /]# ncs_cli -u admin -C                                           
admin connected from 127.0.0.1 using console on 123702bcc266                         
admin@ncs# config t
admin@ncs(config)# load merge my-nso-configuration.txt
Loading.
7.26 KiB parsed in 0.05 sec (131.58 KiB/sec)
admin@ncs(config)# commit
Commit complete.

Provider Connectivity Assurance Connection

To test Provider Connectivity Assurance connection, use the below example:

admin@ncs# config t
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# sync-from
Success!

Configuration Examples

Set Up Service with Two Sessions, Topology Metadata, and an Alert Policy:

devices device skylight
 config
  alert-policies alert-policy demo-nso-1 
   policy-name demo-nso-1-name
   description description-demo-nso
   policy-type metric
   policy metric-policy conditions alert_rule1
    metric-type     delay-max
    alert-direction ds
    alert-severity  critical
    triggers-on threshold 1000.0
    triggers-on comparator gte
    recovers-on threshold 1000.0
    recovers-on comparator lt
   !
  !
  metadata-config metadata-key lab
  !
  metadata-config metadata-key region
  !
  service-endpoints service-endpoint nso-demo-agent-1
   endpoint-name nso-demo-agent-1
   type          ne-endpoint
   config ne-config ne-id nso-demo-agent-1
   config ne-config vlan-id 1
   config ne-config ip 192.168.0.4
  !
  service-endpoints service-endpoint nso-demo-agent-2
   endpoint-name nso-demo-agent-2
   type          ne-endpoint
   config ne-config ne-id nso-demo-agent-2
   config ne-config vlan-id 1
   config ne-config ip 192.168.0.6
  !
  sessions session nso-demo-twamp-1
   session-name nso-demo-twamp-1
   session-type twamp-light
   service-endpoints nso-demo-agent-2
    session-protocol twamp-light session-reflector admin-state true reflector-ud
p-port 862 mode stateful
   !
   service-endpoints nso-demo-agent-1
    session-protocol twamp-light session-sender admin-state true reflector-udp-p
ort 4002 test-packets rate 20
   !
  !
  services service nso-demo-service
   service-name nso-demo-service
   description  "hello"
   sessions nso-demo-twamp-1 
   metadata key-value region value Stockholm
   metadata key-value lab value assurance-demo
   alerts demo-nso-1
  !
 !
!

Create ne-endpoint for TWAMP or Agent Tests

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint test_ne_ep-nso1 type ne-endpoint endpoint-name test-ep_name description test config ne-config ip 86.68.86.88 ne-id pe2488_A24 vlan-id 2488
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# show f
devices device skylight
 config
  service-endpoints service-endpoint test_ne_ep-nso1
   endpoint-name test-ep_name
   description   test
   type          ne-endpoint
   config ne-config ne-id pe2488_A24
   config ne-config vlan-id 2488
   config ne-config ip 86.68.86.88
  !
 !
!
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# commit
Commit complete.
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# exit
admin@ncs(config-config)# show full service-endpoint
devices device skylight
 config
  service-endpoints service-endpoint SE_momo-001-id
   endpoint-name SE_momo-001-name
   type          ne-endpoint
   config ne-config ne-id pe2488_A24
   config ne-config vlan-id 2488
   config ne-config ip 86.68.86.88
  !
 !
!

Create nid-endpoint for SAT Tests

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1 type nid-endpoint endpoint-name en_P100-6989-nni_SSC186_1 group-id test123 description clone config nid-config nid-id 10.220.10.186.NN-TEST_24 sub-id P100-6989-123-Aa_24 port P100-6989-123-Aa_24-NNI
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)# 
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)# show full
devices device skylight
 config
  service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1
   endpoint-name en_P100-6989-nni_SSC186_1
   group-id      test123
   description   clone
   type          nid-endpoint
   config nid-config nid-id 10.220.10.186.NN-TEST_24
   config nid-config sub-id P100-6989-123-Aa_24
   config nid-config port P100-6989-123-Aa_24-NNI
  !
 !
!

Create TWAMP Light Session

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# sessions session si-TWAMP_HCCM-1 session-name si-TWAMP_HCCM-1 description "TWAMP light session" session-type twamp-light service-endpoints SE_momo-001-id session-protocol twamp-light session-sender admin-state true
dmin@ncs(config-service-endpoints-SE_momo-001-id)# show full
devices device skylight
 config
  sessions session si-TWAMP_HCCM-1
   service-endpoints SE_momo-001-id
    session-protocol twamp-light session-sender admin-state true
   !
  !
 !
!
admin@ncs(config-service-endpoints-SE_momo-001-id)# exit
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
 config
  sessions session si-TWAMP_HCCM-1
   session-name si-TWAMP_HCCM-1
   description  "TWAMP light session"
   session-type twamp-light
   service-endpoints SE_momo-001-id
    session-protocol twamp-light session-sender admin-state true
   !
  !
 !
!
admin@ncs(config-session-si-TWAMP_HCCM-1)# service-endpoints SE_momo-002-id session-protocol twamp-light session-reflector admin-state true
admin@ncs(config-service-endpoints-SE_momo-002-id)# 
admin@ncs(config-service-endpoints-SE_momo-002-id)# 
admin@ncs(config-service-endpoints-SE_momo-002-id)# show full
devices device skylight
 config
  sessions session si-TWAMP_HCCM-1
   service-endpoints SE_momo-002-id
    session-protocol twamp-light session-reflector admin-state true
   !
  !
 !
!
admin@ncs(config-service-endpoints-SE_momo-002-id)# exit   
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
 config
  sessions session si-TWAMP_HCCM-1
   session-name si-TWAMP_HCCM-1
   description  "TWAMP light session"
   session-type twamp-light
   service-endpoints SE_momo-001-id
    session-protocol twamp-light session-sender admin-state true
   !
   service-endpoints SE_momo-002-id
    session-protocol twamp-light session-reflector admin-state true
   !
  !
 !
!
admin@ncs(config-session-si-TWAMP_HCCM-1)# 
admin@ncs(config-session-si-TWAMP_HCCM-1)# commit 
Commit complete.
admin@ncs(config-session-si-TWAMP_HCCM-1)# exit
admin@ncs(config-config)# show full sessions session si-TWAMP_HCCM-1
devices device skylight
 config
  sessions session si-TWAMP_HCCM-1
   session-name si-TWAMP_HCCM-1
   description  "TWAMP light session"
   session-type twamp-light
   service-endpoints SE_momo-001-id
    session-protocol twamp-light session-sender admin-state true
   !
   service-endpoints SE_momo-002-id
    session-protocol twamp-light session-reflector admin-state true
   !
  !
 !
!

Create an Alert Policy

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# alert-policies alert-policy policyId1 policy-name policyName1 description "test policy" policy-type metric policy metric-policy conditions condId1 metric-type delay-max alert-direction ds alert-severity critical triggers-on threshold 100 comparator gt duration-sec 30 ratio 10 
admin@ncs(config-conditions-condId1)# recovers-on threshold 30 comparator lt duration-sec 60 ratio 20 
admin@ncs(config-conditions-condId1)# show full
devices device skylight
 config
  alert-policies alert-policy policyId1
   policy metric-policy conditions condId1
    metric-type     delay-max
    alert-direction ds
    alert-severity  critical
    triggers-on threshold 100.0
    triggers-on comparator gt
    triggers-on duration-sec 30
    triggers-on ratio 10
    recovers-on threshold 30.0
    recovers-on comparator lt
    recovers-on duration-sec 60
    recovers-on ratio 20
   !
  !
 !
!
admin@ncs(config-conditions-condId1)# commit
Commit complete.
admin@ncs(config-conditions-condId1)# exit
admin@ncs(config-alert-policy-policyId1)# exit
admin@ncs(config-config)# 
admin@ncs(config-config)# 
admin@ncs(config-config)# 
admin@ncs(config-config)# show full alert-policies alert-policy policyId1
devices device skylight
 config
  alert-policies alert-policy policyId1
   policy-name policyName1
   description "test policy"
   policy-type metric
   policy metric-policy conditions condId1
    metric-type     delay-max
    alert-direction ds
    alert-severity  critical
    triggers-on threshold 100.0
    triggers-on comparator gt
    triggers-on duration-sec 30
    triggers-on ratio 10
    recovers-on threshold 30.0
    recovers-on comparator lt
    recovers-on duration-sec 60
    recovers-on ratio 20
   !
  !
 !
!

Create a Service with Metadata Tag and Connect it to an Alert Policy

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# services service new-service_id1 service-name new-service_name1 group-id Gg123 sessions si-TWAMP_HCCM-1 
admin@ncs(config-sessions-si-TWAMP_HCCM-1)# exit
admin@ncs(config-service-new-service_id1)# alerts policyId1 
admin@ncs(config-alerts-policyId1)# exit
admin@ncs(config-service-new-service_id1)# metadata key-value test123456789 value TESTabc
admin@ncs(config-key-value-test123456789)# exit
admin@ncs(config-service-new-service_id1)# show full
devices device skylight
 config
  services service new-service_id1
   service-name new-service_name1
   group-id     Gg123
   sessions si-TWAMP_HCCM-1
   !
   metadata key-value test123456789
    value TESTabc
   !
   alerts policyId1
   !
  !
 !
!
admin@ncs(config-service-new-service_id1)# commit
Commit complete.
admin@ncs(config-service-new-service_id1)# exit
admin@ncs(config-config)# show full services service new-service_id1
devices device skylight
 config
  services service new-service_id1
   service-name new-service_name1
   group-id     Gg123
   sessions si-TWAMP_HCCM-1
   !
   metadata key-value test123456789
    value TESTabc
   !
   alerts policyId1
   !
  !
 !
!

Start and Stop a Session

To start a session:

admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 start

To stop a session:

admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 stop

Add a Session to a Service

To assign a session to a service:

admin@ncs(config-config)# services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-sessions-si-rfc2544L3_op2)# commit 
Commit complete.
admin@ncs(config-sessions-si-rfc2544L3_op2)# exit
admin@ncs(config-service-service-HCCM1_id)# exit
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
 config
  services service service-HCCM1_id
   service-name service-HCCM1_name
   group-id     HCM001
   description  "service 001"
   sessions si-rfc2544L3_op2
   !
  !
 !
!

Remove a Session from a Service

To unassign a session from a service:

admin@ncs(config-config)# no services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)# commit
Commit complete.
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
 config
  services service service-HCCM1_id
   service-name service-HCCM1_name
   group-id     HCM001
   description  "service 001"
  !
 !
!

For more information on how to use Cisco NSO, see full documentation here: https://developer.cisco.com/docs/nso/guides/user-guide-about/#about

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.