Ansible x napalm x nso 解説・比較パネルディスカッション nso
Download as PPTX, PDF•4 likes•5,430 views
- The document discusses Network Services Orchestrator (NSO) and provides an overview of NSO architecture and concepts. - NSO uses a model-driven approach to automate network configuration and service orchestration across multiple network devices from different vendors. It provides northbound APIs to allow programmatic control and abstraction of network services. - NSO's architecture includes components like the Configuration Database (CDB) for storing configuration models, Device Manager for network device configuration management, and Service Manager for abstracting and mapping services to device models.
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
全てがモデルベース
Router# show running-config
…
…
interface Ethernet1/1
ip address 192.168.1.1/24
interface Ethernet2/1
ip address 192.168.2.1/24
C interface
L Ethernet K name C ip
L address
Yang (RFC 6020) で定義
container interface {
list Ethernet {
key name;
leaf name {
type string;
pattern '[0-9]+.*';
};
container ip
leaf address {
type ipv4-address;
}
};
}
}](https://image.slidesharecdn.com/ansiblexnapalmxnsonsopublish-171010093124/85/Ansible-x-napalm-x-nso-nso-12-320.jpg)
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
全てがモデルベース
Router# show running-config
…
…
interface Ethernet1/1
ip address 192.168.1.1/24
interface Ethernet2/1
ip address 192.168.2.1/24
<interface xmlns="urn:ios">
<Ethernet>
<name>1/1</name>
<ip>
<address>
<primary>
<address>192.168.1.1</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
</Ethernet>
<Ethernet>
<name>2/1</name>
<ip>
<address>
<primary>
<address>192.168.2.1</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
</Ethernet>
</interface>
"Ethernet": [ {
"name": "1/1",
"ip": {
"address": {
"primary": {
"address": "192.168.1.1",
"mask": "255.255.255.0"
}
}
}
},
{
"name": "1/2",
"ip": {
"address": {
"primary": {
"address": "192.168.2.1",
"mask": "255.255.255.0"
}
}
}
} ],](https://image.slidesharecdn.com/ansiblexnapalmxnsonsopublish-171010093124/85/Ansible-x-napalm-x-nso-nso-13-320.jpg)
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• XML データベースの操作
• 機器へ送られるConfig文字列は、XMLエレメントに設定されたデータ
から計算された結果
• /interfaces/Ethernet[name=‘1/1’]/ip/address に 192.168.0.1 を
セット
• => NED がそれを受けて、機器に合わせた文字列Configを作成
• Interfaces Ethernet 1/1
ip address 192.168.0.1
NSO の Network Programmability](https://image.slidesharecdn.com/ansiblexnapalmxnsonsopublish-171010093124/85/Ansible-x-napalm-x-nso-nso-22-320.jpg)
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CDB の操作 (REST) - JSON
• $ curl -i -X POST -H "Content-type: application/vnd.yang.data+json"
-u admin:admin -d @test.json
http://localhost:8080/api/running/devices/device/csr1kv/config/interface
$ cat test.json
{"Loopback": [
{
"name": "203",
"ip": {
"address": {
"primary": {
"address": "192.168.3.1",
"mask": "255.255.255.0"
}
}
}
}
]}](https://image.slidesharecdn.com/ansiblexnapalmxnsonsopublish-171010093124/85/Ansible-x-napalm-x-nso-nso-27-320.jpg)
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CDB の操作 (Python Maagic)
1 import ncs
2
3 with ncs.maapi.Maapi() as m:
4 with ncs.maapi.Session(m, 'admin', 'context'):
5 with m.start_write_trans() as t:
6 root = ncs.maagic.get_root(t)
7 csr1kv = root.devices.device['csr1kv']
8 csr1kv_interface = csr1kv['config']['interface']['Loopback']
9
10 new_Interface = csr1kv_interface.create('204')
11 new_Interface['ip']['address']['primary']['address'] = '192.168.4.1'
12 new_Interface['ip']['address']['primary']['mask'] = '255.255.255.0'
13 t.apply()
14
15 for intf in csr1kv_interface:
16 print("Loopback {} {}/{}".format(
17 intf['name'],
18 intf['ip']['address']['primary']['address'],
19 intf['ip']['address']['primary']['mask'],
20 ))
$ python addInterface.py
Loopback 200 192.168.0.1/255.255.255.0
Loopback 201 192.168.1.1/255.255.255.0
Loopback 202 192.168.2.1/255.255.255.0
Loopback 203 192.168.3.1/255.255.255.0
Loopback 204 192.168.4.1/255.255.255.0](https://image.slidesharecdn.com/ansiblexnapalmxnsonsopublish-171010093124/85/Ansible-x-napalm-x-nso-nso-28-320.jpg)
Ansible x napalm x nso 解説・比較パネルディスカッション nso
- 1. 岩本 彰 シスコシステムズ合同会社 2017/10/10 NSO (Network Services Orchestrator) Ansible x NAPALM x NSO 解説・比較パネルディスカッション
- 2. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • 岩本 彰 • シスコシステムズ TAC • CRS / ASR9000 / NCS6000 など、サービスプロバイダ様向け機器のサ ポート • NSOを使用したオーケストレーションソリューションのサポート 自己紹介
- 3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda • NSO アーキテクチャ • NSO のコンセプト
- 4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Cisco Live 2017 (Las Vegas) - BRKNMS-1100 • Service Orchestration with Cisco Network Services Orchestrator • https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=95645 • Ansible fest San Francisco 2017 • ALL THE NETWORKS WITH CISCO NSO AND ANSIBLE • https://www.ansible.com/networks-with-cisco-nso-ansible 資料について
- 5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Quick History • Sweden based company • Founded in 2005 • Acquired by Cisco in 2014 • Developed Conf-D and NCS • NCS evolved into NSO!
- 6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential NSO アーキテクチャ
- 7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Architecture Overview 7 Service Manager Multi-Vendor Network Network Engineer EMS/NMS NETCONF REST CLI Web UI (JSON-RPC) SNMP JAVA/Javascript OSS/BSS NSO AAA Core Engine NETCONF SNMP REST CLI WS Network Element Drivers (NED) Mapping Logic Templates Fast Map Device ManagerNotification ReceiverAlarm Manager Service Models Package Manager Script API Device Models Developer API CDB RESTCONF
- 8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8BRKNMS-1100 Configuration Database (CDB) • 追記型XMLデータベース • コンフィグのモデルを保存 • 機器上のConfig (show running-config の出力 等) は保存されない • NSOに特化した専用のDB • アクセスの為の柔軟な API
- 9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9BRKNMS-1100 Device Manager • Device Configuration database • トランザクション、ロールバック • 双方向のConfig同期 • コンフィグの検証 Service Manager NSO AAA Core Engine Mapping Logic Templates Fast Map Device ManagerNotification ReceiverAlarm Manager Service Models Package Manager Device Models
- 10. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10BRKNMS-1100 Service Manager • サービスモデル • デバイスモデルへのマッピング • サービスのアクティベーション • サービスの変更 • サービスの廃止 Service Manager NSO AAA Core Engine Mapping Logic Templates Fast Map Device ManagerNotification ReceiverAlarm Manager Service Models Package Manager Device Models
- 11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 全てがモデルベース • ネットワーク機器の設定 • ルータ、スイッチ、ロードバランサ等 • サービス設定 • VPN, ルーティング等 • システム設定 • ユーザ、グループ、パーミッション等
- 12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 全てがモデルベース Router# show running-config … … interface Ethernet1/1 ip address 192.168.1.1/24 interface Ethernet2/1 ip address 192.168.2.1/24 C interface L Ethernet K name C ip L address Yang (RFC 6020) で定義 container interface { list Ethernet { key name; leaf name { type string; pattern '[0-9]+.*'; }; container ip leaf address { type ipv4-address; } }; } }
- 13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 全てがモデルベース Router# show running-config … … interface Ethernet1/1 ip address 192.168.1.1/24 interface Ethernet2/1 ip address 192.168.2.1/24 <interface xmlns="urn:ios"> <Ethernet> <name>1/1</name> <ip> <address> <primary> <address>192.168.1.1</address> <mask>255.255.255.0</mask> </primary> </address> </ip> </Ethernet> <Ethernet> <name>2/1</name> <ip> <address> <primary> <address>192.168.2.1</address> <mask>255.255.255.0</mask> </primary> </address> </ip> </Ethernet> </interface> "Ethernet": [ { "name": "1/1", "ip": { "address": { "primary": { "address": "192.168.1.1", "mask": "255.255.255.0" } } } }, { "name": "1/2", "ip": { "address": { "primary": { "address": "192.168.2.1", "mask": "255.255.255.0" } } } } ],
- 14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential The Industry’s Broadest Multivendor Support Over 100 Supported NEDs—Customization Available
- 15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Tail-f ベースの Network Service Orchestrator • https://www.cisco.com/c/ja_jp/products/collateral/cloud- systems-management/network-services-orchestrator/datasheet- c78-734576.html • Tail-f ベースの Cisco NSO のネットワーク エレメント • https://www.cisco.com/c/ja_jp/products/collateral/cloud- systems-management/network-services-orchestrator/datasheet- c78-734669.html Network Services Orchestrator
- 16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • CLI • IOS, IOS-XE, IOS-XR, NX-OS, Ciena, FortiOS, A10-ACOS, etc... • Netconf • Yangでデバイスモデルが提供されている機器 • Generic • APIC for ACI (REST), F5-BIGIP (特殊 CLI) • SNMP • MIB が提供されている機器 (MIB ファイルをコンパイルしてモデルを作成) NEDの種類
- 17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential NSOのコンセプト
- 18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Network Programmability • ネットワーク(複数のデバイス) をソフトウェアからコントロール • Service Abstraction • サービスを抽象化してDeploy • Configuration Consistency • コンフィグの一貫性 • トランザクションとして各Configを実行 • 指示通りの完全なConfig、又はロールバック NSOのコンセプト
- 19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Network Programmability
- 20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20BRKNMS-1100 ネットワーク機器Configを CDB へ同期 (sync-from) show running-config interface Ethernet1/1 switchport no shutdown ! … … C interface L Ethernet K name C ip L address 1 2 NED Device Manager 3 4 5
- 21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21BRKNMS-1100 CDBの該当機器情報を ネットワーク機器へ同期 (sync-to) interface Ethernet1/1 switchport no shutdown ! … … C interface L Ethernet K name C ip L address 1 2 NED Device Manager 3 4 5
- 22. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • XML データベースの操作 • 機器へ送られるConfig文字列は、XMLエレメントに設定されたデータ から計算された結果 • /interfaces/Ethernet[name=‘1/1’]/ip/address に 192.168.0.1 を セット • => NED がそれを受けて、機器に合わせた文字列Configを作成 • Interfaces Ethernet 1/1 ip address 192.168.0.1 NSO の Network Programmability
- 23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Northbound インターフェース / NSO へのアクセス 23 Service Manager Multi-Vendor Network Network Engineer EMS/NMS NETCONF REST CLI Web UI (JSON-RPC) SNMP JAVA/Javascript OSS/BSS NSO AAA Core Engine NETCONF SNMP REST CLI WS Network Element Drivers (NED) Mapping Logic Templates Fast Map Device ManagerNotification ReceiverAlarm Manager Package Manager Script API Developer API CDB RESTCONF NETCONF – RFC 2141 RESTCONF – RFC 8040 REST - 独自実装 CLI - 独自実装 JSON-RPC – JSON-RPC 2.0 SNMP – v1, v2c, v3 APIs: Java, Python, Erlang, C
- 24. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CDB の操作 (CLI) • admin@ncs(config)# devices device csr1kv config ios:interface Loopback 200 • admin@ncs(config-if)# ip address 192.168.0.1 255.255.255.0 • admin@ncs(config-if)# commit • Commit complete. • admin@ncs(config-if)#
- 25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CDB の操作 (netconf) <edit-config xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> <target><running/></target> <config xmlns="http://tail-f.com/ns/config/1.0"> <devices xmlns="http://tail-f.com/ns/ncs"> <device> <name>csr1kv</name> <config> <interface xmlns="urn:ios"> <Loopback> <name>201</name> <ip> <address> <primary> <address>192.168.1.1</address> <mask>255.255.255.0</mask> </primary> </address> </ip> </Loopback> </interface> </config> </device> </devices> </config> </edit-config>
- 26. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CDB の操作 (REST) - XML • $ curl -i -X POST -H "Content-type: application/vnd.yang.data+xml" -u admin:admin -d @test.xml http://localhost:8080/api/running/devices/device/csr1kv/config/interface $ cat test.xml <Loopback> <name>202</name> <ip> <address> <primary> <address>192.168.2.1</address> <mask>255.255.255.0</mask> </primary> </address> </ip> </Loopback>
- 27. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CDB の操作 (REST) - JSON • $ curl -i -X POST -H "Content-type: application/vnd.yang.data+json" -u admin:admin -d @test.json http://localhost:8080/api/running/devices/device/csr1kv/config/interface $ cat test.json {"Loopback": [ { "name": "203", "ip": { "address": { "primary": { "address": "192.168.3.1", "mask": "255.255.255.0" } } } } ]}
- 28. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CDB の操作 (Python Maagic) 1 import ncs 2 3 with ncs.maapi.Maapi() as m: 4 with ncs.maapi.Session(m, 'admin', 'context'): 5 with m.start_write_trans() as t: 6 root = ncs.maagic.get_root(t) 7 csr1kv = root.devices.device['csr1kv'] 8 csr1kv_interface = csr1kv['config']['interface']['Loopback'] 9 10 new_Interface = csr1kv_interface.create('204') 11 new_Interface['ip']['address']['primary']['address'] = '192.168.4.1' 12 new_Interface['ip']['address']['primary']['mask'] = '255.255.255.0' 13 t.apply() 14 15 for intf in csr1kv_interface: 16 print("Loopback {} {}/{}".format( 17 intf['name'], 18 intf['ip']['address']['primary']['address'], 19 intf['ip']['address']['primary']['mask'], 20 )) $ python addInterface.py Loopback 200 192.168.0.1/255.255.255.0 Loopback 201 192.168.1.1/255.255.255.0 Loopback 202 192.168.2.1/255.255.255.0 Loopback 203 192.168.3.1/255.255.255.0 Loopback 204 192.168.4.1/255.255.255.0
- 29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Netsim • ConfD をベースに作られた、モックデバイス • デバイスモデルを使用して、シミューレータとして動作 • アプリケーション開発のために使用可能 • 実機準備無しで開発可能な場合も多い
- 30. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential サービスの抽象化 Service Abstraction
- 31. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Service Abstraction • デバイス毎の違い(ベンダやOS)を吸収 • サービス設定に必要なデバイス設定は、マッピングロジックに準備する • デバイス設定はユーザには見せない • ユーザは、デバイスの設定をしたいのではない。サービスの設定をしたい。 31BRKNMS-1100
- 32. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32BRKNMS-1100 サービスの抽象化例 - cisco firewall rule source-ip/prefix protocol port (optional) Service Model access-list permit protocol src-address src-wildcard-mask ip port Device Model
- 33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33BRKNMS-1100 サービスの抽象化例 - Juniper firewall rule source-ip/prefix protocol port (optional) Service Model term from source-address/mask protocol source port filter then Device Model
- 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential サービスの抽象化例 services service firewall rule1 device cisco-router1 protocol tcp source ip 10.0.0.0 prefix 24 destination ip any services service firewall rule2 device juniper-router1 protocol tcp source ip 10.0.0.0 prefix 24 destination ip any パラメータを受けて、実機のConfigをモデルに合わせ作成 変換ロジック(FASTMAP)は、ユーザパッケージとして実装 access-list 100 permit ip 10.0.0.0 0.0.0.255 any firewall { filter filter2 { term rule2 { from { source-address { 10.0.0.0/24; } protocol tcp; ...
- 35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential サービスの抽象化例 #no services service firewall rule1 #no services service firewall rule2 ロールバック用Command作成 変換ロジックで作成されたConfigを逆適用 no access-list 100 permit ip 10.0.0.0 0.0.0.255 any delete firewall filter filter2 term rule2;
- 36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential サービスの抽象化例 - VPN P P P P PE PE PE PE A A B B CC A B vpn tenant A pe tokyo pe osaka pe kobe osaka tokyo nagoya kobe サービスの config • オペレータ(OSS)は拠点情報のみ 設定 • 必要なPEを特定 • データベースとの連携 • IP アドレス、RT 等はプールから アサイン • PEへ設定追加 vpn tenant C pe nagoya pe kobe vpn tenant B pe tokyo pe osaka pe nagoya
- 37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential サービスの抽象化例 – VNF チェーン • NSOへサービス注文入力 • 必要なVNF を Openstack 上に作成 • ネットワークポート作成 • 各VNFを設定 Router Firewal l Load Balancer Router拠点 拠点 NSO
- 38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configの一貫性 Configuration Consistency
- 39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configuration Consistency • トランザクションの中で設定変更を行う • Atomicな動作 • 変更内容は全て実施 • 途中一つでも失敗した場合はキャンセル(Rollback) 39
- 40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Config data と Operational data
- 41. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Config データでは無いもの • Stats (インターフェースのパケットカウンタ等) • 機器上でのコマンド動作結果 (ping, traceroute, etc) Operational データ interfaces Ethernet 10 description test1 address 192.168.0.1 255.255.255.0 stats input rate bps stats input rate pps stats input count packets stats input count bytes stats input count errors stats input count crc ... Operational Data (Read-only) 再起動後には消える。 show running-config には表示されない。 Config Data (Read-Write) モデル例:
- 42. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Cisco DevNet • https://developer.cisco.com/site/nso/ • NSO Developer Hub • https://communities.cisco.com/community/developer/nso-developer-hub • RFC 6020 – YANG • RFC 6241 – Netconf Reference
Editor's Notes
- #40: メンテナンスウインドウで変更実施中、問題発生。 そのまま続行?ロールバック? 中途半端はありえない