cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

Cisco NSO MPLS VPN service reconciliation example

445
Views
7
Helpful
1
Comments

This is an example of service reconciliation code for the NSO mpls-vpn demo from a bottom-up perspective. The idea is that a service is configured in the network and NSO would need to discover and reconciliate it.

NSO min version: 4.4

The reconciliation logic is located here: https://github.com/NSO-developer/Cisco-NSO-MPLS-VPN-service-reconciliation-example/blob/master/packages/l3vpn/python/action.py

To run it:

  1. Build the demo: rogaglia$ make all start
  2. Create a VPN demo service: rogaglia$ python create-vpn.py

Now we will simulate a service that was configured in the network and is not know by NSO. We will do that by deleting the service in NSO with the "no-networking" option.

  1. Delete service:

rogaglia$ ncs_cli -C -u admin
admin@ncs# config
admin@ncs(config)# no vpn l3vpn volvo
admin@ncs(config)# commit no-networking
Commit complete.
admin@ncs(config)#
You will see now that a number of devices are "out-of-sync":
admin@ncs(config)# devices check-sync
You can see that the service config is in the devices via checking the compare config output in the different devices:
admin@ncs(config)# devices device * compare-config

  1. Reconciliate devices: We will do full device reconciliation:
    admin@ncs(config)# devices sync-from

Now we can run the reconciliation code to discover service. We will first run it as "dry-run", which means that we want to check what changes would be sent to the devices if the discovered services would be commited:

  1. dry-run service discovery code:

admin@ncs(config)# vpn l3vpn-service-discovery dry-run
status false
message Commit Dry Run Device Changes:
Device: pe0
route-policy volvo
pass
end-policy
!
Commit Dry Run Service Changes:
Operation: MOP_CREATED - KeyPath: /l3vpn:vpn/l3vpn{volvo} - Old Value: None - New Value: None
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/name - Old Value: None - New Value: volvo
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/private/re-deploy-counter - Old Value: None - New Value: 0
Operation: MOP_CREATED - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0} - Old Value: None - New Value: None
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/id - Old Value: None - New Value: discovered_ce0
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/bandwidth - Old Value: None - New Value: 6000000
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/ce-interface - Old Value: None - New Value: GigabitEthernet0/11
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/as-number - Old Value: None - New Value: 65003
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/ip-network - Old Value: None - New Value: 10.10.1.0/24
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce0}/ce-device - Old Value: None - New Value: ce0
Operation: MOP_CREATED - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1} - Old Value: None - New Value: None
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/id - Old Value: None - New Value: discovered_ce1
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/bandwidth - Old Value: None - New Value: 6000000
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/ce-interface - Old Value: None - New Value: GigabitEthernet0/11
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/as-number - Old Value: None - New Value: 65001
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/ip-network - Old Value: None - New Value: 10.7.7.0/24
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce1}/ce-device - Old Value: None - New Value: ce1
Operation: MOP_CREATED - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4} - Old Value: None - New Value: None
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/id - Old Value: None - New Value: discovered_ce4
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/bandwidth - Old Value: None - New Value: 6000000
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/ce-interface - Old Value: None - New Value: GigabitEthernet0/18
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/as-number - Old Value: None - New Value: 65002
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/ip-network - Old Value: None - New Value: 10.8.8.0/24
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/endpoint{discovered_ce4}/ce-device - Old Value: None - New Value: ce4
Operation: MOP_VALUE_SET - KeyPath: /l3vpn:vpn/l3vpn{volvo}/route-distinguisher - Old Value: None - New Value: 12345

admin@ncs(config)#
Let's take attention to this part of the dry-run output:status false
message Commit Dry Run Device Changes:
Device: pe0
route-policy volvo
pass
end-policy
!
The commit of the discovered service should not move forward as it would mean a change in the device config. Note: this behaviour was expressly done by introducing a NED missfunction.The rest of the text output shows the values of the services that were discovered.

  1. Add the pe0 missing config:
    admin@ncs(config)# devices device pe0 config cisco-ios-xr:route-policy volvo
    admin@ncs(config-rpl)# pass
    admin@ncs(config-rpl)# commit
    Commit complete.
    admin@ncs(config-rpl)# top
    admin@ncs(config)#
  2. Now we can re-run the reconciliation dry-run:

admin@ncs(config)# vpn l3vpn-service-discovery dry-run
status true
message Commit Dry Run Device Changes:
No Changes
(text omitted)We can see that now the status is set to "true" and we can move forward with the reconciliation:

  1. perform reconciliation admin@ncs(config)# vpn l3vpn-service-discovery reconciliate
    status true
    message

System message at 2017-06-08 00:43:13...
Commit performed by admin via tcp using .
admin@ncs(config)#

  1. Check service and device status: We can list the service and the refcounts in the device configurations:
    admin@ncs# show running-config vpn
    admin@ncs# show running-config devices device pe0 | display service-meta-data

Link to repository: GitHub - NSO-developer/Cisco-NSO-MPLS-VPN-service-reconciliation-example

Comments
Beginner

To prevent pushing discovered service to the device, you could probably change apply() in your code to something like apply(True, _ncs.maapi.COMMIT_NCS_NO_NETWORKING) ?