Cisco NX-OS NED error - feature removed and config removal

rslaski · ‎12-10-2019

Guys,

Hope I won't be banned for spamming the forum with so much questions ;-)

While creating a service that includes enabling features on Cisco NX-OS, I've just found that when I destroy the service instance, the configuration applied by the NED, first removes the features, and then the config sections applicable to this feature, which just can't get through on the NX-OS platform.

The config diff:

                  device NX_LEAF112 {
                      config {
                          nx:feature {
             -                bgp;
                              nv {
             -                    overlay;
                              }
             -                vn-segment-vlan-based;
                          }
                          nx:nv {
                              overlay {
             -                    evpn;
                              }
                          }
                          nx:vlan {
                              vlan-list 72 {
             -                    vn-segment 20001;
                              }
                          }

Is then applied by the NED:

<< 10-Dec-2019::11:10:19.428 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 SET_TIMEOUT
<< 10-Dec-2019::11:10:19.429 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 INITIALIZED 289db03dc7fe45fd67da0a41b2211a44
>> 10-Dec-2019::11:10:19.453 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 PREPARE 0:
no router bgp 65001
no feature bgp
no nv overlay evpn
no feature nv overlay
no feature vn-segment-vlan-based
vlan 72
 no vn-segment 20001
!

but when features have been removed

NX_LEAF112(config)#

  *** output 10-Dec-2019::11:10:25.315 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
no feature nv overlay

  *** input 10-Dec-2019::11:10:25.322 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
 no feature nv overlay


NX_LEAF112(config)#

  *** output 10-Dec-2019::11:10:34.319 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
no feature vn-segment-vlan-based

  *** input 10-Dec-2019::11:10:34.329 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
 no feature vn-segment-vlan-based

the un-configuration commands can no longed be applied:

NX_LEAF112(config-vlan)#

  *** output 10-Dec-2019::11:10:35.145 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
no vn-segment 20001

  *** input 10-Dec-2019::11:10:35.147 user: rslaski/2689 thandle 1078245 hostname nso1.sdn.lab device NX_LEAF112 ***
 no vn-segment 20001

                             ^
% Invalid command at '^' marker.

so the NED fails, and rolls back the configuration

rslaski@ncs(config-dc-24246)# commit 
Aborted: External error in the NED implementation for device NX_LEAF112: command: no vn-segment 20001: 
                             ^
% Invalid command at '^' marker.

In the NED settings nor in README / CHANGELOG files I did not find any relevant that could change this behavior:

-- NED-SETTINGS:
  (G)lobal | (P)rofile | (D)evice | (*) Default
  ---------------------------------------------------------------------------------
  connection/number-of-retries                  : 0                             (*)
  connection/time-between-retry                 : 1                             (*)
  connection/prompt-timeout                     : 0                             (*)
  connection/method                             : cli                           (*)
  connection/device-output-delay                : 0                             (*)
  connection/device-retry-count                 : 60                            (*)
  connection/device-retry-delay                 : 1000                          (*)
  connection/split-exec-any                     : false                         (*)
  connection/send-login-newline                 : false                         (*)
  deprecated/connection/legacy-mode             : disabled                      (*)
  persistence/model                             : strict                        (*)
  persistence/schedule/time                     : 1                             (*)
  transaction/trans-id-method                   : config-data                   (*)
  transaction/trans-id-cmd                      : delete volatile:///ncstransconf.tmp no-prompt ; show running-config | exclude Time: > volatile:///ncstransconf.tmp ; show file volatile:///ncstransconf.tmp md5sum ; delete volatile:///ncstransconf.tmp no-prompt(*)
  behaviours/iface-vlan-ipv6-secondary          : <6.2                          (*)
  behaviours/show-interface-all                 : disable                       (*)
  behaviours/show-class-map-all                 : disable                       (*)
  behaviours/use-show-diff                      : disable                       (*)
  behaviours/port-channel-load-balance-ethernet : <5.3                          (*)
  behaviours/default-notification-mac-move      : >6.0                          (*)
  behaviours/default-lacp-suspend-individual    : >5.1                          (*)
  behaviours/vrf-member-l3-redeploy             : enable                        (*)
  behaviours/switchport-mtu-redeploy            : disable                       (*)
  behaviours/default-unsupported-transceiver    : >6.1                          (*)
  behaviours/default-qos-ns-buffer-profile-mesh : disable                       (*)
  behaviours/default-copp-profile-strict        : disable                       (*)
  behaviours/no-logging-event-link-status-default : <7.0                          (*)
  behaviours/force-join-channel-group           : disable                       (*)
  behaviours/network-address-validation         : enable                        (*)
  behaviours/cleartext-provisioning             : disable                       (*)
  behaviours/cleartext-stored-encrypted         : disable                       (*)
  behaviours/vtp-support                        : disable                       (*)
  behaviours/true-mtu-values                    : disable                       (*)
  proxy/send-login-newline                      : false                         (*)
  extended-parser                               : auto                          (*)
  log-verbose                                   : false                         (*)
  system-interface-defaults/handling            : auto                          (D)
  system-interface-defaults/default-l3-port-shutdown : true                          (*)
  live-status/time-to-live                      : 50                            (*)
  developer/debug-xml                           : false                         (*)
  developer/debug-prepare                       : false                         (*)
  developer/progress-verbosity                  : disabled                      (*)

Any help for a rookie from the experts would be appreciated.

vleijon · ‎12-10-2019

This looks like something that needs to be fixed in the NED, I would suggest raising a ticket.

The NED tries to order the commands it sends in the appropriate way, if you look at tailf-ned-cisco-nx.yang you will find annotations like tailf:cli-diff-dependency, that kind of thing is used to ensure the correct order.

hniska · ‎12-19-2019

And to fix this you should create a TAC case and get a new NED.

rslaski · ‎01-24-2020

FYI: I've upgraded both the NED and NSO to latest 5.2.1.2, and it seems to be fixed now, however this change hasn't been mentioned in any documents attached to the new releases. More detailed changelog would be appreciated.

robert,