This lab has many separate tasks. I have created expandable answers to better format the lab. Simply click the down-arrow to expand the answer block.
Task 1. Create a new NSO instance (informational)
The NSO server is reachable at 10.200.255.16. SSH to it (nso/nso). An instance called nso-instance is already created. This first task is informative only, and provides the steps needed to create the instance.
Task 1 Answer
# Find the existing package names
ls nso-6.1/packages/neds
# Source the ncsrc file. This configures environment variables, including adding
# path variables. This also adds a PYTHONPATH variable, allowing you to use
# the NSO modules for python, which we will look at later.
#
# Without doing this you will see the following error:
#
# user@ubuntu22-server:~$ ncs-setup
# ncs-setup: command not found
source nso-6.1/ncsrc
# Create the local installation instance using ncs-setup
# If needed, you can use --help
ncs-setup --package nso-6.1/packages/neds/cisco-iosxr-cli-7.49 \
--package nso-6.1/packages/neds/cisco-ios-cli-6.92 \
--dest nso-instance
# You should now see a dir created called nso-instance1
# This will contain the config file (nsc.conf), packages (with symlinks to the NEDS
# referenced in the nsc-setup) and the ncs-cdb
ls nso-instance
# To start NSO, you must use the "ncs" command from the instance dir.
# If you use it outside the directory it won't work. For example:
#
# user@ubuntu22-server:~$ ncs
# Bad configuration: /home/user/nso-6.1/etc/ncs/ncs.conf:0: "./state/packages-in-use: Failed to create symlink: no such file or directory"
# Daemon died status=21
cd nso-instance
ncs
# After a few minutes, ncs will be started. View the status using:
ncs --status | head
# You should see "status: started"
Task 2. Add Devices
Connect to NSO’s CLI. Add all 14 IOS-XE and IOS-XR devices into two separate groups (one for XE and one for XR). Use cisco/cisco for SSH authentication. Create a third group for all devices. Ensure you can connect to all devices. Sync the config from all devices to NSO.
All routers have IPs in 10.254.0.<100 + R#>
You will also need to add the following line to the NSO config:
# First connect to NSO's CLI. Use the cisco style with "-C"
ncs_cli -C -u admin
# Create an auth group which uses cisco/cisco
conf
devices authgroups group default
default-map remote-name cisco
default-map remote-password cisco
default-map remote-secondary-password cisco
commit
# Add each device, below is IOS-XE
devices device r1
address 10.254.0.101
authgroup default
device-type cli ned-id cisco-ios-cli-6.92
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked
# Add IOS-XR devices
devices device xr1
address 10.254.0.111
authgroup default
device-type cli ned-id cisco-iosxr-cli-7.49
device-type cli protocol ssh
ssh host-key-verification none
state admin-state unlocked
# Add devices to the device groups
devices device-group XE
device-name r1
...
device-name r10
devices device-group XR
device-name xr1
...
device-name xr4
devices device-group ALL
device-group XE
device-group XR
# Connect to all devices
devices device-group ALL connect
# Sync the config from all devices to NSO
devices device-group ALL sync-from
# Check the sync state
devices device-group ALL check-sync
Task 3. Display router configuration
Display the running config of all XE devices, limiting the output to ip addresses. Format the output in json. Do this in one line.
Task 3 Answer
show running-config devices device r* config interface GigabitEthernet ip address | display json
The running-config of a device in NSO contains the details of the connection to the device, and the full configuration of the device (after it has been synced).
For example, we can see the connection details of a device using the following command:
The NED handles parsing the synced-from config into modeled data within NSO. This allows us to use powerful filters to extract only certain config items. For example, this shows the config of every Gig interface on router r1.
show running-config devices device r1 config interface GigabitEthernet
To see this from multiple devices, we can use a wildcard:
show running-config devices device * config interface GigabitEthernet
To format this in json, we can pipe to “display json”. Other options include “display xml” and “display restconf”.
R2#show run int lo1
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.2 255.255.255.0
end
R3#show run int lo1
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.3 255.255.255.0
end
Task 5. Rollback changes
Rollback the changes that were just made.
Task 5 Answer
rollback configuration
Check to verify what changes will be pushed to rollback to the previous config. Notice that both R2 and R3 will be rolled back at the same time.
admin@ncs(config)# commit dry-run outformat native
native {
device {
name r2
data no interface Loopback1
}
device {
name r3
data no interface Loopback1
}
}
Commit and verify the config is gone.
commit
R2#show run int lo1
^
% Invalid input detected at '^' marker.
R3#show run int lo1
^
% Invalid input detected at '^' marker.
Task 6. Re-apply changes in two commits
Re-add loopback1 to both R2 and R3, but do it in two separate commits.
# To rollback to a previous commit that was not the latest commit,
# use must display a list of all commits:
rollback configuration ?
# Select the 2nd-to-bottom commit ID
rollback configuration 10040
# Ensure that this will rollback the config as you intend
commit dry-run outformat native
# Commit
commit
Task 8. Obtain XML formatting
Create a configuration change again for R2. Do not commit. Instead, obtain the XML formatting for this change.
Task 8 Answer
Using commit dry-run outformat xml is a handy way to quickly get XML formatting for basic IOS changes.
devices device r2 config
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.2 255.255.255.0
# Obtain XML formatting for this config
top
admin@ncs(config)# commit dry-run outformat xml
result-xml {
local-node {
data <devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>r2</name>
<config>
<interface xmlns="urn:ios">
<Loopback>
<name>1</name>
<description>MY_DESCRIPTION</description>
<ip>
<address>
<primary>
<address>10.0.0.2</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
</Loopback>
</interface>
</config>
</device>
</devices>
}
}
Task 9. Create a device config template
Create a device config template that sets DNS servers on both IOS-XE and IOS-XR to 8.8.8.8, 1.1.1.1. Apply the template to all devices.
Task 9 Answer
Template are very powerful in NSO, because they can handle multiple device types. The device type is automatically determined based on the configuration of the device in NSO, so you can simply apply the single template to all devices, and NSO will automatically apply the correct syntax per-device.
# Create template
devices template DNS
ned-id cisco-ios-cli-6.92
config
ip name-server name-server-list 8.8.8.8
ip name-server name-server-list 1.1.1.1
top
devices template DNS
ned-id cisco-iosxr-cli-7.49
config
domain name-server 8.8.8.8
domain name-server 1.1.1.1
# Apply template to the ALL device-group
devices device-group ALL apply-template template-name DNS
# Check changes
commit dry-run outformat native
# Apply
commit
Task 10. Run an operational show command from NSO
Run the command “show ip int br” on all devices from NSO
Task 10 Answer
devices device * live-status exec show ip int br
The live-status feature in NSO allows you to grab live statistics from a device. For example, you can see a device’s IOS interface live stats using the following command:
admin@ncs# show devices device r1 live-status ios-stats:interfaces
ADMIN
TYPE NAME STATUS IP ADDRESS MAC ADDRESS
-----------------------------------------------------------------
GigabitEthernet 1 up 10.0.0.15/24 c000.0100.cafe
GigabitEthernet 2 up - 0c00.8dd6.1d01
GigabitEthernet 2.254 up 10.254.0.101/24 0c00.8dd6.1d01
NSO also gives you the ability to run arbitrary commands by using the exec keyword. Using a wildcard device name allows you to easily run this command against multiple devices at once.
admin@ncs# devices device * live-status exec show ip int br
devices device r1 live-status exec show
result
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES manual up up
GigabitEthernet2 unassigned NO unset up up
GigabitEthernet2.254 10.254.0.101 YES manual up up
R1#
devices device r2 live-status exec show
result
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES manual up up
GigabitEthernet2 unassigned NO unset up up
GigabitEthernet2.254 10.254.0.102 YES TFTP up up
R2#
Task 11. Compliance report
Remove the DNS servers on XR1 and R1
#XR1
no domain name-server 8.8.8.8
no domain name-server 1.1.1.1
#R1
no ip name-server 8.8.8.8 1.1.1.1
Sync the config from all devices again on NSO.
Create a compliance report on NSO that finds discrepancies in the DNS server settings among all devices. Output the results in HTML.
Task 11 Answer
devices device-group ALL sync-from
config
compliance reports report DNS-CHECK
compare-template DNS ALL
commit
end
compliance reports report DNS-CHECK run outformat html
NSO will give you a URL you can navigate to:
admin@ncs# compliance reports report DNS-CHECK run outformat html
time 2023-12-16T16:46:27.115924+00:00
compliance-status violations
info Checking no devices and no services
location http://localhost:8080/compliance-reports/report_2023-12-16T16:46:27.115924+00:00.html
To fix the issues, you can simply apply the template again to all devices:
devices device-group ALL apply-template template-name DNS
You can check compliance agan, and you should see no violations. Note that you did not need to sync config again after making the changes.
