- Print
- PDF
Setting up NSO with Provider Connectivity Assurance
In this article, we a look at how to set up Cisco Crosswork Network Services Orchestrator (NSO) to interwork with Provider Connectivity Assurance.
Overview
The configuration described in this article uses a locally-installed Docker version of Cisco Network Services Orchestrator (NSO) connecting to Provider Connectivity Assurance residing in the cloud. This setup is suitable for interacting with cloud-managed Sensor Agents using NSO.
NSO uses Network Element Drivers (NEDs) to communicate with external devices and services.
An NED for Provider Connectivity Assurance is available to download from NSO >link>
Installing NSO Docker
To install the NSO Docker:
- Download the proper NSO version package from software.cisco.com
Note that the evaluation version of 6.3.3 is available here:
https://software.cisco.com/download/home/286331402/type/286283941/release/6.3.3
Below is an example of how to load the container on an x86 64-bit Linux system.
user@server:~/nso$ sudo docker load -i nso-6.3.2.container-image-prod.linux.x86_64.tar.gz
9da967724761: Loading layer [==================================================>] 257MB/257MB
b110bf973e51: Loading layer [==================================================>] 1.217GB/1.217GB
Loaded image: cisco-nso-prod:6.3.2
user@server:~/nso$
Start NSO and Load Provider Connectivity Assurance (Skylight) NED
Start NSO
To start the nso container:
- Use Docker run with startup parameters as shown in the example below.
The username and password settings are later used to log in to the NSO CLI.
sudo docker run -itd --name cisco-nso-2409 \
-v NSO-vol2409:/nso \
-v NSO-log-vol2409:/log \
-p 8888:8888 \
-p 4569:4569 \
-e ADMIN_USERNAME=admin\
-e ADMIN_PASSWORD=admin\
cisco-nso-prod:6.3.3
Import the NED
To import the NED:
- Download the Provider Connectivity Assurance NED from >link<
- Copy it into the NSO container file system.
user@server:~/nso$ sudo docker cp ncs-6.3-accedian-skylight-2.0.1_2611e64.tar.gz CONTAINERID:/nso/run/packages/
Launch NSO CLI and Load the NED
To launch NSO CLI and load the NED:
- Use Docker exec. to enter into the NSO container.
- Launch the ncs_cli
- Reload packages.
If the Provider Connectivity Assurance NED was placed in the proper directory, it will load and provide result as shown below.
user@server:~/nso$ sudo docker exec -it CONTAINERID bash
[root@542702bcc266 /]# ncs_cli -u admin -C
admin connected from 127.0.0.1 using console on 123702bcc266
admin@ncs# packages reload
>>> System upgrade is starting.
>>> Sessions in configure mode must exit to operational mode.
>>> No configuration changes can be performed until upgrade has completed.
>>> System upgrade has completed successfully.
reload-result {
package accedian-skylight-gen-2.0
result true
}
admin@ncs#
Configure NSO to Talk to Provider Connectivity Assurance
Using Certificate or Key Authentication
Prepare NSO Authentication Configuration File
To prepare NSO Authenication Configuration File:
- Create a file, for example my-nso-configuration.txt with the contents below, replacing address with the FQDN of the Provider Connectivity Assurance Analytics instance to connect to.
devices device skylight
address mytenant.test.analytics.accedian.io
port 443
device-type generic ned-id accedian-skylight-gen-2.0
connect-timeout 600
read-timeout 600
write-timeout 120
trace raw
ned-settings accedian-skylight connection authentication method none
ned-settings accedian-skylight connection authentication mode probe
ned-settings accedian-skylight connection authentication token-request url /api/v1/auth/login
ned-settings accedian-skylight connection ssl accept-any true
ned-settings accedian-skylight live-status time-to-live 15
ned-settings accedian-skylight restconf url-base /restconf
ned-settings accedian-skylight restconf model-discovery disabled
ned-settings accedian-skylight restconf capability-discovery disabled
ned-settings accedian-skylight restconf config append-content-config-query true
ned-settings accedian-skylight restconf notif automatic-stream-discovery enabled
ned-settings accedian-skylight restconf notif preferred-encoding json
ned-settings accedian-skylight restconf profile none
ned-settings accedian-skylight logger level debug
ned-settings accedian-skylight connection ssl mtls client certificate <certificate goes here>
ned-settings accedian-skylight connection ssl mtls client private-key <key goes here>
state admin-state unlocked
!
For best performance, the append-content-config-query parameter needs to be set to true.
ned-settings accedian-skylight restconf config append-content-config-query true
Add Client Certificate to Configuration
To add client certificate to configuration:
- Retrieve the cert.pem and cert.key files from a deployed Sensor Collector (Roadrunner) instance located in the .rr_ssh/ directory where the collector was installed. Base-64-encode the certificate string, without line wrapping (-w 0 ).
base64 -w 0 < cert.pem
Abde76dfasdfwwfetrtertert42wrSkRBQ1phNGlDQWlQdng3aVk0ZHhrd3dxQVByM04yNnJmSFNBaUJnUTNNMTJPbzJ6U0NDUEZQendyTQpHNFVKVUZv
.
.
.
clhlbVh0Q2p5WTVvVEFTdnIzRzVqV3ZxSkVMeXdqd3dxOHZPV3lza2tlOFZJRjhIbjhLeHpZcDRmCjM0RGRhN0tMMDlkMDNCd0V0RkZvRU9hVDhxZGpkYW94UlJtRDZEYzdGY2lnajVLQjBjL045bGl4SzM4bjJ2ZmYKZVB2THc5VHE4Q1pjTnZUUUZBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- Copy the resulting certificate including the trailing "=" sign and paste it on the "ned-settings accedian-skylight connection ssl mtls client certificate" line in the configuration file.
Add the Private Key to the Configuration
To add the private key to the configuration:
- Remove newlines, BEGIN and END lines from the cert.key.
cat cert.key | grep -v \- | tr -d '\n'
Abcdefghi28468ysffdnD68X0R3QC8PHUQRx5mjogM2kQpumjOSIUcIO0cb1jQeQQ/q90ZN71pjhS69CfeKYt0kr6SyHwWjbM4OJTE7JK6GIz6Ovs9MwNTgE
.
.
.
IZLZ2waC7wmo6mXuWOUt9bKysuN0/J7o7wA0VNXudrPosNyMy0tZCugQmVFiaF+GDDSP6kaGFShqfuD1X+f/cWDSDMnNW4somsivy7p05TVpZwFv7X9bv9sYl7+F0ymgmM52gXRMvUd8ipbp1XFqBz2WhH6c8b8Cw94yp4Ji8X7Lr3VA5Qp+v5YvDuxSykmm2YkvTY8/jT2HXNDCNEVAH0eHAML2KQj5wEmRCuRDvXyPd9RTZDnXa+1O3TEBzeQ==
- Copy the resulting key including the two trailing "==" signs and paste it at the "ned-settings accedian-skylight connection ssl mtls client private-key" line in the configuration file.
Load Configuration File into NSO
To load configuration file into NSO:
- Copy the configuration file with the certificate and key into the NSO container
- Load this configuration using "load merge" in the NSO CLI.
user@server:~/nso$ sudo docker cp my-nso-configuration.txt CONTAINERID:/
user@server:~/nso$ sudo docker exec -it CONTAINERID bash
[root@542702bcc266 /]# ncs_cli -u admin -C
admin connected from 127.0.0.1 using console on 123702bcc266
admin@ncs# config t
admin@ncs(config)# load merge my-nso-configuration.txt
Loading.
7.26 KiB parsed in 0.05 sec (131.58 KiB/sec)
admin@ncs(config)# commit
Commit complete.
Provider Connectivity Assurance Connection
To test Provider Connectivity Assurance connection, use the below example:
admin@ncs# config t
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# sync-from
Success!
Configuration Examples
Set Up Service with Two Sessions, Topology Metadata, and an Alert Policy:
devices device skylight
config
alert-policies alert-policy demo-nso-1
policy-name demo-nso-1-name
description description-demo-nso
policy-type metric
policy metric-policy conditions alert_rule1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 1000.0
triggers-on comparator gte
recovers-on threshold 1000.0
recovers-on comparator lt
!
!
metadata-config metadata-key lab
!
metadata-config metadata-key region
!
service-endpoints service-endpoint nso-demo-agent-1
endpoint-name nso-demo-agent-1
type ne-endpoint
config ne-config ne-id nso-demo-agent-1
config ne-config vlan-id 1
config ne-config ip 192.168.0.4
!
service-endpoints service-endpoint nso-demo-agent-2
endpoint-name nso-demo-agent-2
type ne-endpoint
config ne-config ne-id nso-demo-agent-2
config ne-config vlan-id 1
config ne-config ip 192.168.0.6
!
sessions session nso-demo-twamp-1
session-name nso-demo-twamp-1
session-type twamp-light
service-endpoints nso-demo-agent-2
session-protocol twamp-light session-reflector admin-state true reflector-ud
p-port 862 mode stateful
!
service-endpoints nso-demo-agent-1
session-protocol twamp-light session-sender admin-state true reflector-udp-p
ort 4002 test-packets rate 20
!
!
services service nso-demo-service
service-name nso-demo-service
description "hello"
sessions nso-demo-twamp-1
metadata key-value region value Stockholm
metadata key-value lab value assurance-demo
alerts demo-nso-1
!
!
!
Create ne-endpoint for TWAMP or Agent Tests
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint test_ne_ep-nso1 type ne-endpoint endpoint-name test-ep_name description test config ne-config ip 86.68.86.88 ne-id pe2488_A24 vlan-id 2488
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# show f
devices device skylight
config
service-endpoints service-endpoint test_ne_ep-nso1
endpoint-name test-ep_name
description test
type ne-endpoint
config ne-config ne-id pe2488_A24
config ne-config vlan-id 2488
config ne-config ip 86.68.86.88
!
!
!
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# commit
Commit complete.
admin@ncs(config-service-endpoint-test_ne_ep-nso1)# exit
admin@ncs(config-config)# show full service-endpoint
devices device skylight
config
service-endpoints service-endpoint SE_momo-001-id
endpoint-name SE_momo-001-name
type ne-endpoint
config ne-config ne-id pe2488_A24
config ne-config vlan-id 2488
config ne-config ip 86.68.86.88
!
!
!
Create nid-endpoint for SAT Tests
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1 type nid-endpoint endpoint-name en_P100-6989-nni_SSC186_1 group-id test123 description clone config nid-config nid-id 10.220.10.186.NN-TEST_24 sub-id P100-6989-123-Aa_24 port P100-6989-123-Aa_24-NNI
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)#
admin@ncs(config-service-endpoint-ei_P100-6989-nni_SSC186_1)# show full
devices device skylight
config
service-endpoints service-endpoint ei_P100-6989-nni_SSC186_1
endpoint-name en_P100-6989-nni_SSC186_1
group-id test123
description clone
type nid-endpoint
config nid-config nid-id 10.220.10.186.NN-TEST_24
config nid-config sub-id P100-6989-123-Aa_24
config nid-config port P100-6989-123-Aa_24-NNI
!
!
!
Create TWAMP Light Session
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# sessions session si-TWAMP_HCCM-1 session-name si-TWAMP_HCCM-1 description "TWAMP light session" session-type twamp-light service-endpoints SE_momo-001-id session-protocol twamp-light session-sender admin-state true
dmin@ncs(config-service-endpoints-SE_momo-001-id)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
!
!
!
admin@ncs(config-service-endpoints-SE_momo-001-id)# exit
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
!
!
!
admin@ncs(config-session-si-TWAMP_HCCM-1)# service-endpoints SE_momo-002-id session-protocol twamp-light session-reflector admin-state true
admin@ncs(config-service-endpoints-SE_momo-002-id)#
admin@ncs(config-service-endpoints-SE_momo-002-id)#
admin@ncs(config-service-endpoints-SE_momo-002-id)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
admin@ncs(config-service-endpoints-SE_momo-002-id)# exit
admin@ncs(config-session-si-TWAMP_HCCM-1)# show full
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
admin@ncs(config-session-si-TWAMP_HCCM-1)#
admin@ncs(config-session-si-TWAMP_HCCM-1)# commit
Commit complete.
admin@ncs(config-session-si-TWAMP_HCCM-1)# exit
admin@ncs(config-config)# show full sessions session si-TWAMP_HCCM-1
devices device skylight
config
sessions session si-TWAMP_HCCM-1
session-name si-TWAMP_HCCM-1
description "TWAMP light session"
session-type twamp-light
service-endpoints SE_momo-001-id
session-protocol twamp-light session-sender admin-state true
!
service-endpoints SE_momo-002-id
session-protocol twamp-light session-reflector admin-state true
!
!
!
!
Create an Alert Policy
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# alert-policies alert-policy policyId1 policy-name policyName1 description "test policy" policy-type metric policy metric-policy conditions condId1 metric-type delay-max alert-direction ds alert-severity critical triggers-on threshold 100 comparator gt duration-sec 30 ratio 10
admin@ncs(config-conditions-condId1)# recovers-on threshold 30 comparator lt duration-sec 60 ratio 20
admin@ncs(config-conditions-condId1)# show full
devices device skylight
config
alert-policies alert-policy policyId1
policy metric-policy conditions condId1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 100.0
triggers-on comparator gt
triggers-on duration-sec 30
triggers-on ratio 10
recovers-on threshold 30.0
recovers-on comparator lt
recovers-on duration-sec 60
recovers-on ratio 20
!
!
!
!
admin@ncs(config-conditions-condId1)# commit
Commit complete.
admin@ncs(config-conditions-condId1)# exit
admin@ncs(config-alert-policy-policyId1)# exit
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)# show full alert-policies alert-policy policyId1
devices device skylight
config
alert-policies alert-policy policyId1
policy-name policyName1
description "test policy"
policy-type metric
policy metric-policy conditions condId1
metric-type delay-max
alert-direction ds
alert-severity critical
triggers-on threshold 100.0
triggers-on comparator gt
triggers-on duration-sec 30
triggers-on ratio 10
recovers-on threshold 30.0
recovers-on comparator lt
recovers-on duration-sec 60
recovers-on ratio 20
!
!
!
!
Create a Service with Metadata Tag and Connect it to an Alert Policy
admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# devices device skylight
admin@ncs(config-device-skylight)# config
admin@ncs(config-config)# services service new-service_id1 service-name new-service_name1 group-id Gg123 sessions si-TWAMP_HCCM-1
admin@ncs(config-sessions-si-TWAMP_HCCM-1)# exit
admin@ncs(config-service-new-service_id1)# alerts policyId1
admin@ncs(config-alerts-policyId1)# exit
admin@ncs(config-service-new-service_id1)# metadata key-value test123456789 value TESTabc
admin@ncs(config-key-value-test123456789)# exit
admin@ncs(config-service-new-service_id1)# show full
devices device skylight
config
services service new-service_id1
service-name new-service_name1
group-id Gg123
sessions si-TWAMP_HCCM-1
!
metadata key-value test123456789
value TESTabc
!
alerts policyId1
!
!
!
!
admin@ncs(config-service-new-service_id1)# commit
Commit complete.
admin@ncs(config-service-new-service_id1)# exit
admin@ncs(config-config)# show full services service new-service_id1
devices device skylight
config
services service new-service_id1
service-name new-service_name1
group-id Gg123
sessions si-TWAMP_HCCM-1
!
metadata key-value test123456789
value TESTabc
!
alerts policyId1
!
!
!
!
Start and Stop a Session
To start a session:
admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 start
To stop a session:
admin@ncs(config-config)# sessions session si-rfc2544L2_full_op2 stop
Add a Session to a Service
To assign a session to a service:
admin@ncs(config-config)# services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-sessions-si-rfc2544L3_op2)# commit
Commit complete.
admin@ncs(config-sessions-si-rfc2544L3_op2)# exit
admin@ncs(config-service-service-HCCM1_id)# exit
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
config
services service service-HCCM1_id
service-name service-HCCM1_name
group-id HCM001
description "service 001"
sessions si-rfc2544L3_op2
!
!
!
!
Remove a Session from a Service
To unassign a session from a service:
admin@ncs(config-config)# no services service service-HCCM1_id sessions si-rfc2544L3_op2
admin@ncs(config-config)#
admin@ncs(config-config)#
admin@ncs(config-config)# commit
Commit complete.
admin@ncs(config-config)# show full services service service-HCCM1_id
devices device skylight
config
services service service-HCCM1_id
service-name service-HCCM1_name
group-id HCM001
description "service 001"
!
!
!
For more information on how to use Cisco NSO, see full documentation here: https://developer.cisco.com/docs/nso/guides/user-guide-about/#about
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks