This lab has many separate tasks. I have created expandable answers to better format the lab. Simply click the down-arrow to expand the answer block.
Task 1. Create a new NSO instance (informational)
The NSO server is reachable at 10.200.255.16. SSH to it (nso/nso). An instance called nso-instance is already created. This first task is informative only, and provides the steps needed to create the instance.
Task 1 Answer
# Find the existing package names
ls nso-6.1/packages/neds
# Source the ncsrc file. This configures environment variables, including adding
# path variables. This also adds a PYTHONPATH variable, allowing you to use
# the NSO modules for python, which we will look at later.
#
# Without doing this you will see the following error:
#
# user@ubuntu22-server:~$ ncs-setup
# ncs-setup: command not found
source nso-6.1/ncsrc
# Create the local installation instance using ncs-setup
# If needed, you can use --help
ncs-setup --package nso-6.1/packages/neds/cisco-iosxr-cli-7.49 \
--package nso-6.1/packages/neds/cisco-ios-cli-6.92 \
--dest nso-instance
# You should now see a dir created called nso-instance1
# This will contain the config file (nsc.conf), packages (with symlinks to the NEDS
# referenced in the nsc-setup) and the ncs-cdb
ls nso-instance
# To start NSO, you must use the "ncs" command from the instance dir.
# If you use it outside the directory it won't work. For example:
#
# user@ubuntu22-server:~$ ncs
# Bad configuration: /home/user/nso-6.1/etc/ncs/ncs.conf:0: "./state/packages-in-use: Failed to create symlink: no such file or directory"
# Daemon died status=21
cd nso-instance
ncs
# After a few minutes, ncs will be started. View the status using:
ncs --status | head
# You should see "status: started"
Task 2. Add Devices
Connect to NSO’s CLI. Add all 14 IOS-XE and IOS-XR devices into two separate groups (one for XE and one for XR). Use cisco/cisco for SSH authentication. Create a third group for all devices. Ensure you can connect to all devices. Sync the config from all devices to NSO.
All routers have IPs in 10.254.0.<100 + R#>
You will also need to add the following line to the NSO config:
Task 2 Answer
Task 3. Display router configuration
Display the running config of all XE devices, limiting the output to ip addresses. Format the output in json. Do this in one line.
Task 3 Answer
The running-config of a device in NSO contains the details of the connection to the device, and the full configuration of the device (after it has been synced).
For example, we can see the connection details of a device using the following command:
The NED handles parsing the synced-from config into modeled data within NSO. This allows us to use powerful filters to extract only certain config items. For example, this shows the config of every Gig interface on router r1.
To see this from multiple devices, we can use a wildcard:
To format this in json, we can pipe to “display json”. Other options include “display xml” and “display restconf”.
Task 4. Make changes from NSO
Set Lo1 on R2 using the following settings:
description MY_DESCRIPTION
IP address 10.0.0.2/24
Set Lo1 on R3 using the following settings:
description MY_DESCRIPTION
IP address 10.0.0.3/24
Task 4 Answer
View the staged changes:
Commit the config:
R2 and R3 now have the updated config:
Task 5. Rollback changes
Rollback the changes that were just made.
Task 5 Answer
Check to verify what changes will be pushed to rollback to the previous config. Notice that both R2 and R3 will be rolled back at the same time.
Commit and verify the config is gone.
Task 6. Re-apply changes in two commits
Re-add loopback1 to both R2 and R3, but do it in two separate commits.
Task 6 Answer
Task 7. Rollback the last two commits
Rollback the last two changes
Task 7 Answer
Task 8. Obtain XML formatting
Create a configuration change again for R2. Do not commit. Instead, obtain the XML formatting for this change.
Task 8 Answer
Using commit dry-run outformat xml is a handy way to quickly get XML formatting for basic IOS changes.
Task 9. Create a device config template
Create a device config template that sets DNS servers on both IOS-XE and IOS-XR to 8.8.8.8, 1.1.1.1. Apply the template to all devices.
Task 9 Answer
Template are very powerful in NSO, because they can handle multiple device types. The device type is automatically determined based on the configuration of the device in NSO, so you can simply apply the single template to all devices, and NSO will automatically apply the correct syntax per-device.
Task 10. Run an operational show command from NSO
Run the command “show ip int br” on all devices from NSO
Task 10 Answer
The live-status feature in NSO allows you to grab live statistics from a device. For example, you can see a device’s IOS interface live stats using the following command:
NSO also gives you the ability to run arbitrary commands by using the exec keyword. Using a wildcard device name allows you to easily run this command against multiple devices at once.
Task 11. Compliance report
Remove the DNS servers on XR1 and R1
Sync the config from all devices again on NSO.
Create a compliance report on NSO that finds discrepancies in the DNS server settings among all devices. Output the results in HTML.
Task 11 Answer
NSO will give you a URL you can navigate to:
You can view this by browsing this URL, changing localhost to 10.200.255.16. You will need to login first, using admin/admin.
To fix the issues, you can simply apply the template again to all devices:
You can check compliance agan, and you should see no violations. Note that you did not need to sync config again after making the changes.
R2#show run int lo1
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.2 255.255.255.0
end
R3#show run int lo1
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.3 255.255.255.0
end
rollback configuration
admin@ncs(config)# commit dry-run outformat native
native {
device {
name r2
data no interface Loopback1
}
device {
name r3
data no interface Loopback1
}
}
commit
R2#show run int lo1
^
% Invalid input detected at '^' marker.
R3#show run int lo1
^
% Invalid input detected at '^' marker.
# To rollback to a previous commit that was not the latest commit,
# use must display a list of all commits:
rollback configuration ?
# Select the 2nd-to-bottom commit ID
rollback configuration 10040
# Ensure that this will rollback the config as you intend
commit dry-run outformat native
# Commit
commit
devices device r2 config
interface Loopback1
description MY_DESCRIPTION
ip address 10.0.0.2 255.255.255.0
# Obtain XML formatting for this config
top
admin@ncs(config)# commit dry-run outformat xml
result-xml {
local-node {
data <devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>r2</name>
<config>
<interface xmlns="urn:ios">
<Loopback>
<name>1</name>
<description>MY_DESCRIPTION</description>
<ip>
<address>
<primary>
<address>10.0.0.2</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
</Loopback>
</interface>
</config>
</device>
</devices>
}
}
# Create template
devices template DNS
ned-id cisco-ios-cli-6.92
config
ip name-server name-server-list 8.8.8.8
ip name-server name-server-list 1.1.1.1
top
devices template DNS
ned-id cisco-iosxr-cli-7.49
config
domain name-server 8.8.8.8
domain name-server 1.1.1.1
# Apply template to the ALL device-group
devices device-group ALL apply-template template-name DNS
# Check changes
commit dry-run outformat native
# Apply
commit
devices device * live-status exec show ip int br
admin@ncs# show devices device r1 live-status ios-stats:interfaces
ADMIN
TYPE NAME STATUS IP ADDRESS MAC ADDRESS
-----------------------------------------------------------------
GigabitEthernet 1 up 10.0.0.15/24 c000.0100.cafe
GigabitEthernet 2 up - 0c00.8dd6.1d01
GigabitEthernet 2.254 up 10.254.0.101/24 0c00.8dd6.1d01
admin@ncs# devices device * live-status exec show ip int br
devices device r1 live-status exec show
result
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES manual up up
GigabitEthernet2 unassigned NO unset up up
GigabitEthernet2.254 10.254.0.101 YES manual up up
R1#
devices device r2 live-status exec show
result
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES manual up up
GigabitEthernet2 unassigned NO unset up up
GigabitEthernet2.254 10.254.0.102 YES TFTP up up
R2#
#XR1
no domain name-server 8.8.8.8
no domain name-server 1.1.1.1
#R1
no ip name-server 8.8.8.8 1.1.1.1
devices device-group ALL sync-from
config
compliance reports report DNS-CHECK
compare-template DNS ALL
commit
end
compliance reports report DNS-CHECK run outformat html
admin@ncs# compliance reports report DNS-CHECK run outformat html
time 2023-12-16T16:46:27.115924+00:00
compliance-status violations
info Checking no devices and no services
location http://localhost:8080/compliance-reports/report_2023-12-16T16:46:27.115924+00:00.html
devices device-group ALL apply-template template-name DNS
