NCS System Setup

NCS 3.x
June 2014

October 26, 2016

Confidential

Agenda
1 Overview and Background
How NCS fits in with the rest of the
world, what it does, and why
2 NETCONF and YANG
Why NETCONF was invented and how
it is different from previous
management protocols
Walk-through of the YANG modeling
language
3 System Setup
Installing NCS, packages, NETSIM
device simulator
4 Device Manager
Work with devices, synchronization,
templates, policies, etc
October 26, 2016

5 Service Manager
Work with high-level services
6 Alarm Manager
The alarm model and how to work
with alarms
7 System Administration
Deeper topics about installation
choices, logging, trouble shooting,
high availability, clustering, backups,
disaster recovery, etc
8 NED Development
NED types, Yang models and Java
code

Confidential

Agenda
Installation
Installation vs. project directory
Quick look at the top level contents

Examples
Overview of NCS example projects
Running a few basic examples

Making a YANG model

Make a small YANG model, and load it

October 26, 2016

Starting a new NCS project

ncs-setup, ncs-make-package
Creating NETSIM devices
Bundle complilation

Discovery
Loading device meta data

Connection, Authentication,
Config, Live-status
How NCS knows how to log in to
devices
Basic device management and
identification

Confidential

Installation

October 26, 2016

Confidential

LAB 3.1 - Install NCS

Distribution (Mac OS Example):
ncs-3.0.darwin.x86_64.installer.bin

Contains
NCS, examples, documentation
NETSIM Network Simulator (ConfD)

Run the installation

$ sh ncs-3.0.darwin.x86_64.installer.bin ~/ncs/3.0
INFO Using temporary directory /var/ to stage NCS installation bundle
INFO Unpacked ncs-3.0 in /Users/tailf/ncs/3.0
INFO Found and unpacked corresponding DOCUMENTATION_PACKAGE
INFO Found and unpacked corresponding EXAMPLE_PACKAGE
INFO Generating default SSH hostkey (this may take some time)
INFO SSH hostkey generated
INFO Environment set-up generated in /Users/tailf/ncs-3.0/ncsrc
INFO NCS installation script finished
INFO Found and unpacked corresponding NETSIM_PACKAGE
INFO NCS installation complete
October 26, 2016

Confidential

Directories, Files

October 26, 2016

CHANGES
KNOWN_ISSUES
LICENSE
README
VERSION
bin
doc
etc
examples.ncs
java
lib
man
ncsrc
ncsrc.tcsh
netsim
packages
src
support
var

Check contents of
dirs, files

Confidential

Start

October 26, 2016

Confidential

Start.

Check contents of rc
files

$ cd <ncs-install-dir>
$ . ncsrc

$ man ncs

$ cd <ncs-install-dir>examples.ncs/web-server-farm/web-site-service/
$ make clean all

October 26, 2016

Confidential

Start the CLI, log in to Web UI

NCS CLI with user admin and

password admin
$ ssh admin@localhost -p 2024
(alternatively: ncs_cli -u admin)
admin@wallair> show configuration devices device

NCS Web UI on localhost:8080

with admin / admin

October 26, 2016

Confidential

NCS Installation directory vs. Project runtime directory

/opt/

ncs-2.9/
ncs-3.0/

bin/
lib/
doc/
examples.ncs

web-server/

ncs-cdb/
ncs.conf

datacenter/

ncs-cdb/
ncs.conf

production/

ncs-cdb/

ncs.conf
October 26, 2016

Confidential

NCS
NCSRuntime
Project directories
directories
10

Examples

October 26, 2016

Confidential

11

NCS Examples

datacenter
getting-started/using-ncs/
datacenter-qinq
0-hello-world
discovery
1-simulated-cisco-ios
generic-ned
2-real-device-cisco-ios
snmp-ned
3-real-device-juniper
snmp-notification-receiver 4-netconf-device
web-server-farm
5-snmp-alarm-northbound
simple-mpls-vpn
6-access-lists
mpls-vpn
7-scripting

October 26, 2016

Confidential

getting-started/developing-with-ncs/
0-router-network
1-cdb
2-actions
3-aggregated-stats
4-rfs-service
6-extern-db
7-snmp-mib
8-maapi
9-alarms
10-webui-customization
11-scripting
12-templates
13-rest
14-upgrade-service
15-pre-modification
16-py-maapi
12

LAB 3.2 - Lets start from the beginning

Run the following examples in examples.ncs/getting-started/
Use the README files
using-ncs/0-hello-world
using-ncs/1-simulated-cisco-ios
developing-with-ncs/0-router-network

October 26, 2016

Confidential

13

October 26, 2016

Confidential

14

Starting a new NCS project

October 26, 2016

Confidential

15

Project setup steps

Setup an NCS Project runtime directory
ncs-setup
ncs.conf

Populate with packages

Copy existing packages into the packages/directory
Make your own packages

Make and start NETSIM devices

Only if you want to use simulated devices
ncs-netsim

Start NCS
ncs
ncs --status

Log in
ssh admin@localhost p2024
ncs_cli -u admin
http://localhost:8080
October 26, 2016

Confidential

16

Setup an NCS Project runtime directory

$ ncs-setup --dest .

Creates
Creates
Creates
Creates

a database directory ./ncs-cdb

a log directory ./log
an empty packages directory ./packages
a default ncs.conf check that is reflects your intentions!

man ncs.conf to find out more

October 26, 2016

Confidential

17

Populate with packages

Copy (or softlink) packages from the NCS installation
cp -r $NCS_DIR/packages/neds/cisco-ios-xr packages/
cp -r $NCS_DIR/packages/tools/discovery packages/

or make your own package

October 26, 2016

Confidential

18

LAB 3.3 - Making a tiny service package

Setup project directory fruitful

ncs-setup --dest .

Create package skeleton

ncs-make-package --service-skeleton template-based fruitsubscription

Edit skeleton to match your intentions

Build the package
Correcting any errors you may find in the process

Start NCS
Play with the created model
E.g. set services fruit-subscription name properties

October 26, 2016

Confidential

19

LAB 3.4 - Making a NETCONF NED package

Make a new YANG file, box.yang, this time describing a device

Place your YANG file in a directory, e.g. orig/
Then make a NETCONF NED package out of it
$ cd packages
$ ncs-make-package netconf-ned ../orig box
The above creates a NETCONF NED Package called box
Check the box/ file structure:

doc
package-meta-data.xml
load-dir
netsim
private-jar
shared-jar
src
Makefile
yang
ncsc-out

Run make
Check ncsc-out

October 26, 2016

Confidential

20

Packages and NCS

Where does NCS look for packages?

ncs.conf

<load-path>
<dir>./packages</dir>
Make sure your package is in the right place
Normally the ./packages directory
Dont store anything else than NCS packages in the packages/ directory!
Dont keep old packages in the packages directory!

Remember to build the packages

cd packages//src; make all

October 26, 2016

Confidential

21

Bundle Compilation
Bundles are needed to support multiple versions of a device
Hides the version differences to application and operators
Alternative would be to make two (or more) separate packages

ncsc --ncs-compile-bundle

Check
Augment
Revision check
Generate output structure

October 26, 2016

Confidential

22

Small Example

October 26, 2016

Confidential

23

Augmentation

devices/device/config
Skipping oper-data

devices/template/config
Skipping oper-data

devices/live-status
Keeping oper-data
Making all oper-data
October 26, 2016

Confidential

24

The Output Structure

ncs-out
modules
yang
box.yang
triangle.yang

saved-bundles

fxs
box.fxs
triangle.fxs

revisions
box

triangle
2011-06-01

norev

box.yang
triangle.yang
bundle.hash
bundle.info

triangle.fxs
triangle.yang
triangle.yang.orig

box.fxs
box.yang
box.yang.orig

October 26, 2016

23_9_2011_16_01_28

Confidential

25

Bundle Info

October 26, 2016

Confidential

26

Compiling Revisions

October 26, 2016

Confidential

27

The Output Structure, Revisions

Ncs-out
modules
yang

fxs

saved-bundles

box.fxs
box.yang
box.yang.orig

October 26, 2016

box.yang
triangle.yang
bundle.hash
bundle.info

triangle

box
norev

23_9_2011_16_01_28

revisions

2011-06-01
triangle.fxs
triangle.yang
triangle.yang.orig

2011-10-01
triangle.fxs
triangle.yang
triangle.yang.orig

Confidential

revision-merge
triangle.fxs

28

Make and start NETSIM devices

October 26, 2016

Confidential

29

LAB 3.4 contd - Run ncs-netsim with your pkg

$ ncs-netsim create-network ./box/ 2 box --dir ./netsim

Use the box package
Create two devices
box0
box1

Output in ./netsim
Run a Cisco CLI towards the box
$ ncs-netsim start
$ ncs-netsim cli-c box0
# config terminal
# properties hostname nisse
# commit

October 26, 2016

Confidential

30

Use NCS towards the boxes

Did you keep netsim running?
Did you keep your config (stopping starting netsim does)
$ ncs-netsim cli-c box0
# show running-config properties
properties hostname nisse

Remember
$ ncs-netsim start

$ ncs-netsim stop
$ ncs-netsim reset (wipe out config)

October 26, 2016

Confidential

31

Creating CDB init files

In your shell

$ netconf-console --get-config > init.xml

Pick the ncs part
You can use x to specify
xpath filter
netconf-console --get-config
-x "/devices/device

Store in .xml file in cdb directory

October 26, 2016

Confidential

32

Starting NCS
Start NCS in the runtime directory with a plain
$ ncs
To check the NCS status and health
Independent of current directory

$ ncs --status
Stop NCS with
Independent of current directory

$ ncs --stop
Stop NETSIM devices
Only in the runtime directory

$ ncs-netsim stop
Reset all configuration back to factory default
Use with caution

$ ncs-setup --reset
October 26, 2016

Confidential

33

Log in to NCS CLI & WebUI

$ ncs_cli --user=admin
> show configuration devices device
device box0 {
address 127.0.0.1;
port
12022;

Go Configure!

October 26, 2016

Confidential

34

Examples

October 26, 2016

Confidential

35

Check Package Status

admin> show packages package oper-status
PACKAGE
META
NAME

UP

FILE

JAVA

BAD NCS

PACKAGE

PACKAGE

CIRCULAR

DATA

JAVA

LOAD

ERROR

UNINITIALIZED

VERSION

NAME

VERSION

DEPENDENCY

ERROR

ERROR

ERROR

INFO

------------------------------------------------------------------------------------------------------

1-ncsuiutil

cisco-ios

cisco-ios-xr

cisco-nx

connectivity

datacenterui

dell-ftos

request packages reload

request packages package redeploy

October 26, 2016

Confidential

36

Discovery

October 26, 2016

Confidential

37

How to get devices into the device list?

Discovery module
Integration with external inventory
Import as XML,
Manual addition

October 26, 2016

Confidential

38

Configuring the discovery module

admin% set devices discovery credentials source
Possible completions:
authgroups both discovery-config
admin% set devices discovery detection-options
Possible completions:
devtype-condition - List of device type detection rules for each type of device
port-priority
- List of port priorities for each type of device
vendor
- Ordered list of rules for device vendor detection
version
- List of rules for miscellaneous info detection
admin% set devices discovery scan-options
Possible completions:
ports
- List of ports corresponding to each protocol
snmp-description-oid - SNMP OID containing system info; used for discovery
ssh-command
- List of SSH commands to detect device type
timeouts
- Timeout configuration

October 26, 2016

Confidential

39

Scanning, viewing
admin> request devices discovery scan target [ 127.0.0.1 ]
result ok
Configuration successfully loaded
Input parameters parsed: 1 devices to be scanned
Devices scanned. Alive: 1
Devices successfully stored in operational datastore
[ok][2013-11-29 11:09:20]
admin> show devices discovery latest-run
latest-run info target [ 127.0.0.1 ]
latest-run info time Fri Nov 29 11:09:15 CET 2013
latest-run info hosts-up 1
latest-run info hosts-down 0
latest-run info duration 4.15
latest-run device localhost
address
127.0.0.1
management-port
2022
device-type
netconf
device-vendor
Tail-f
device-description NCS:3.0
open ports
ssh:22/tcp banner:2022/tcp ssh:2024/tcp http:8080/tcp
authgroup
default
snmp-authgroup
[ok][2013-11-29 11:09:25]
admin>
October 26, 2016

Confidential

40

Picking, forgetting
admin> configure
Entering configuration mode private
[ok][2013-11-29 15:35:15]
[edit]
admin% request devices discovery latest-run device 10.60.1.21 pick name asr7
result ok
Configuration successfully loaded
Device loaded from operational database
Device {asr7} stored in the running database
[ok][2013-11-29 15:37:53]
[edit]
admin% request devices discovery latest-run device 10.60.1.26 forget
Are you sure you want to remove the device from the discovery
list? [yes,no] yes
result ok
Device was removed from the discovery list
[ok][2013-11-29 15:38:55]
[edit]
admin%
pick-all
October 26, 2016

Confidential

41

Device connection, Authentication,

Config, Live-status

October 26, 2016

Confidential

42

Connection between NCS and devices

Connections handled automatically
Manual commands available
request devices connect
request device device asr3 connect
request devices disconnect
request device device asr3 disconnect

Connection pool, normally 100 connections

NETCONF notification subscriptions
Authgroups control as which user on the device the login will happen

October 26, 2016

Confidential

43

Authgroups
admin% set devices authgroups
Possible completions:
public-key
remote-name
remote-password
remote-secondary-password same-pass
same-user
-

group default default-map

The DSA key directory
Specify device user name
Specify the remote password
Second password for configuration
Use the local NCS user name as the remote user name
Use the local NCS user name as the remote user name

Usergroup
admin

enable-password!

Authgroup
asrs
Umap default-map

Device
asr3
Device
asr4

Umap admin
October 26, 2016

Confidential

44

Live-Device
NETCONF GET-CONFIG versus GET
devices/device/config
Configuration data from NCS CDB

devices/device/live-status
Configuration and operational data direct from device

> show devices device live-status

> show devices device www1 live-status interface stats

October 26, 2016

Confidential

45

October 26, 2016

Confidential

46