Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
865
Views
3
Helpful
1
Comments

NSO 6.4 (long-lived release) is out!

Nicklas Wagerth
Community Manager
Community Manager
‎11-28-2024 04:22 AM

The Cisco Crosswork NSO development team are immensely proud of our latest release – NSO 6.4 (long-lived release). We would like to share the highlights by introducing what is new and exciting with this release.

TL;DR (Too Long; Didn’t Read): Key points summarized below.

  • New persistence layer to handle larger deployments on smaller resources
  • Easier to limit IPC access for OS host users
  • Stronger guarantees about correctness when facing device changes not made through NSO
  • Easier handling of large service packages with package template directory structure
  • Generation of concise Swagger documentation
  • Keyboard-interactive SSH login procedure to utilize for multi-factor authentication toward devices
  • Significantly improved replication time in rule-based HA
  • Enabling passive follower nodes for HA Raft to facilitate distribution across datacenters
  • Streamlined UI experience for compliance reporting and service management
  • Up to 99% improvement for changed lists instances when generating CLI diff-sets
  • New documentation framework with AI assisted search
  • Kubernetes best practices guidelines
  • Easy key-rotation of encrypted data

New Persistence Layer

NSO can now use a transformative new persistence layer that uses RAM in a more traditional, cache-like manner instead of being a pure in-memory database. Data is loaded on demand and can off-load data to disk when it is stale or when memory runs low. This mode enables larger deployments, where CDB size exceeds available system memory, or instances where performance gains with in-memory mode are small enough to not justify longer initial startup time. Transaction load instead of RAM will now dictate scaling.

The additional benefit of this new persistence mode is simplified operation, including an improved compaction process that runs entirely in the background without impacting ongoing requests.

IPC Authentication

NSO 6.4 introduces a more secure way for local Inter-Process Communication (IPC) between NSO system components based on Unix domain sockets. The main benefit of the new mechanism is the ability for the main server process to authenticate the clients. The authentication is based on the UID of the other end of the socket connection. In other words, it is now much easier to limit IPC access to specific host OS users.

Improved Out-of-band Handling

The no-overwrite device sync check functionality has been extended to include verifying device values that are required to compute the end result (the values from the transaction read-set) have not changed. This means no-overwrite now provides much stronger guarantees about correctness in the face of device changes that were not made through NSO. In many cases, it translates into making provisioning pre-checks unnecessary and simplifying operations (operator no longer needs to issue a check-sync or sync-from operation beforehand).

Package Template Structure

NSO now supports structuring the package templates directory with subdirectories. The XML templates contained in the subdirectories can be referenced by prepending the subdirectory path and, optionally, by the package name and a colon.

This allows for unique identification of templates, which can now have duplicated names across NSO packages. It simplifies structuring the code of large service packages and minimizes conflicts with packages added from external sources.

High-level, Low-depth Swagger Documentation

The new filtering and depth options allow the user to select which elements of the data structure are featured in the generated Swagger documentation. This customization ensures that the documentation highlights the most pertinent information, making it more user-friendly and relevant to user needs.

Keyboard-interactive Login Support for NEDs

Keyboard-interactive SSH login procedure can be utilized for multi-factor authentication towards network elements.

Improved Sync Time for Rule-based HA

The time to replicate the datastore from primary to secondary in a rule-based HA setup has been significantly improved.

Enable Passive Follower in HA Raft

Ability to configure passive follower nodes that are not eligible for becoming leader in an HA Raft cluster. This facilitates nodes being distributed to other datacenters with network management zones which do not communicate with network devices.

Modernized Web UI

The Web UI functionality has been extended to include new feature updates in device authgroups, service manager, and compliance reporting. The UI’s look-and-feel has also been enhanced further for a continued streamlined experience and common with other Crosswork products.

Fast Rendering of CLI Diff-sets

The CLI is now more performant, in some cases more than 99%, at handling lists of instances where changes have been made. In most scenarios, like when producing the diff-set towards CLI devices, the CLI can now be more efficient while still being correct.

New Documentation Framework

NSO product documentation has undergone major restructuring to improve the experience. For example, the documentation is based around three different roles: Administrators, Operators and Developers. This will be a significant improvement for our customers. It now includes an AI assisted documentation search which is trained on our documentation.

 

The NSO example set has likewise undergone a major update and restructuring. The structure is now more intuitive, which makes it easier to find examples for different use-cases. Each example has attached demo scripts, and all descriptions follow a unified markdown format. Readers can use examples.ncs/README.md as a starting point.

Kubernetes Best Practices Guidelines

A new document covering best practices for Kubernetes has been added to the documentation set.

Easy Key Rotation

Groundwork prepared to easily perform key-rotation of encrypted data managed by NSO. We aim to introduce this in an upcoming maintenance release.

Other Noticeable Enhancements

Apart from these highlights, we have also completed some other noticeable enhancements:

  • Improved handling of action timeouts to avoid unnecessary downtime.
  • The NSO Java API has seen significant changes, such as introduction of SocketAddress-based methods, deprecating a number of older functions, and removal of previously deprecated functionality.

 

For the full list of changes, please see the Cisco NSO Changelog Explorer.

Looking Ahead

Moving forward we will continue our journey of improving the operational performance of NSO, concerning non-traffic areas such as start-up time, upgrade, and memory efficiency. The purpose of improving operational performance is to increase service availability by reducing or eliminating downtime, for example caused by common operational tasks.

 

We will also bring a major transformation in the way customers can deal with out-of-band changes due to them making changes directly on the devices or NSO not being the network's sole orchestrator.

 

These and other notable features and improvements will be available in NSO 6.5 (spring 2025). Until then, enjoy all our new additions in the long-lived NSO 6.4 release.

Labels:
1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community:

Popular Articles
Customers Also Viewed These Support Documents