11-20-2018 11:01 AM - edited 03-01-2019 04:14 AM
We have an NSO service written in Java that uses the NAVU API to read incoming service data for ASA firewall configuration for our SDN solution. This service has use cases that read as many as 50000 ACL entries to be written to an ASA device in a single transaction. If we perform this service using the NAVU API to iteratively read each ACL rule from CDB, then the total processing time for the code that does the read operations is about 475 seconds or approximately 8 minutes. However, if instead we don't use the NAVU API, and as an alternative we read the configuration from maapi (using save_config) as an XML text blob, and then use a StAX XML parser to parse the data, then the total time is closer to 3.5 minutes (a difference of at least 4 minutes from the NAVU method).
Has anybody else experienced similar issues in similar SDN based use cases where reading large amounts of data from northbound results in similarly slow performance by NSO while parsing the NAVU tree? Are there other alternative API options that have been tried successfully to get around this type of performance limitation?
We currently have an SR open with TAC on this, but I wanted to see if other community members have also faced this issue and explored similar types of remedies.
Thanks very much.
Regards,
Bill
11-21-2018 07:17 AM
Hi Bill,
Well using the NAVU API will require context switching while the XML approach doesn't. Have you tried using a template directly reading the service model?
Thanks,
-Dan
11-22-2018 05:12 AM
Hi Dan,
Our business logic is such that a template alone wouldn't be sufficient for what we need to do. For instance, we are converting network prefix strings to IP & mask combinations and changing port and protocol numbers to mnemonics before writing to the devices. We also have our own validation framework built into the service to validate certain constraints that we couldn't express in the yang model.
Could you help me understand the concept of "context switching" a little more as I saw it wasn't documented much as of the NSO 4.7 development manual. From what I’ve learned up to now, I understand that it occurs anytime a maapi or navu method is invoked from Java or Python while a service callback is in scope, which results in the NSO core code handling the call and that there is an identifiable performance cost involved whenever that process takes place. Is that correct?
Thanks,
Bill
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide