Beruflich Dokumente
Kultur Dokumente
NCS 3.0
March 2014
Confidential
Agenda
1 Overview and Background
How NCS fits in with the rest of the
world, what it does, and why
2 NETCONF and YANG
Why NETCONF was invented and how
it is different from previous
management protocols
Walk-through of the YANG modeling
language
3 System Setup
Installing NCS, packages, NETSIM
device simulator
4 Device Manager
Work with devices, synchronization,
templates, policies, etc
October 26, 2016
5 Service Manager
Work with high-level services
6 Alarm Manager
The alarm model and how to work
with alarms
7 System Administration
Deeper topics about installation
choices, logging, trouble shooting,
high availability, clustering, backups,
disaster recovery, etc
8 NED Development
NED types, Yang models and Java
code
Confidential
Service Manager
Mapping Logic
Deploy
Network Changes
CDB
Transaction
Manager
End-to-end
Transactional
Integrity
Device Manager
Cisco CLI
SNMP
NETCONF
Cisco, Juniper
October 26, 2016
Confidential
WebUI
Business
Logic
Error
Handling
CLI + SNMP
Scripts
Typically WebUI only
Typically uses backend with CLI-scripting and SNMP PDUs
Half of the code (according to NSN) is error handling/recovery. Error handling
code is also very difficult + expensive to test
Confidential
Modify
Error
Handling
Delete
Business
Logic
Create
WebUI
CLI + SNMP
Scripts
Service creation is what people think of when asked to describe the service
Service deletion is also needed, but a bit simpler than creation
Service modification is the worst; usually requires more code than create +
delete combined. There are just so many ways things can be changed.
Confidential
Business
Logic
Model
REST
NC
Error
Handling
Modify
CLI
Delete
WebUI
Create
Model
CLI + SNMP
Scripts
Confidential
Service
Model
Service
Undo
Instance
Model-to-model
mapping
Create
NCS
Device
Models
Device
Changes
To
devices
Confidential
Delete is Easy
Service
Model
Service
Undo
Instance
Delete is easy.
Apply undo info.
Delete
NCS
NCS Database APIs
Device
Models
Device
Changes
To
devices
Confidential
Device
Models
Create
Service
Undo
Instance
Delete
Service
Model
Device
Changes
Diff before/after
NCS
Service Management
Service modeling
Minimum of
Development
Service activation
Device effects
Service dry-run
Service Manager
Service check-sync
Mapping Logic
Service restoration
CDB
Transaction
Manager
Device Manager
Service testing
Mapping customer - service - device
Aggregated operational data
Notifications
Confidential
10
Service Model?
For example:
Video streaming service
Which channels?
Which quality level?
Which endpoint?
Confidential
11
Confidential
12
Confidential
13
services
Properties (optional)
"Service catalogue"
If you want several service
instances to share settings
A-service
B-service
C-service
<service data>
properties
<property data>
devices
device
C-Service
Application
<device data>
October 26, 2016
Confidential
14
Test
Self-test method
Confidential
15
leaf ip {
mandatory true;
type inet:ipv4-address;
}
leaf port {
description "UDP port to bind to.";
mandatory true;
type inet:port-number;
}
leaf lb-profile {
description "The load balancer to use.";
mandatory true;
type leafref {
path "/ncs:services/ncs:properties/
wsp:web-site/wsp:profile/wsp:name";
}
}
leaf name {
tailf:info "Unique service id";
type string;
}
// service-data holds NCS undo-info, etc
uses ncs:service-data;
ncs:servicepoint websiteservice;
// Above name is registered by service app
leaf url {
mandatory true;
type inet:uri;
}
}
}
Confidential
16
list backend {
key name;
leaf name {
description "A backend to use. The backend
must support the webserver
module.";
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
}
leaf drop-ratio {
description "Number of dropped packets per
1000 recieved";
config false;
tailf:callpoint ws-stats;
type uint32;
}
}
leaf lb {
description "The load balancer to use";
mandatory true;
type leafref {
path
"/ncs:devices/ncs:device/ncs:name";
}
}
Confidential
17
Customer
Customer-facing
service, CFS
Each customer
facing service
points to one
or more
Resourcefacing services.
Confidential
18
Service catalogue
Confidential
Resource-facing
services, RFS
19
Confidential
20
device www0 {
config {
wsConfig {
+
listener 192.168.0.9 8008 {
+
}
}
interface eth0 {
+
alias 0 {
+
ipv4-address 192.168.0.9;
+
}
}
}
}
device www1 {
config {
wsConfig {
+
listener 192.168.0.10 8008 {
+
}
}
interface eth0 {
+
alias 0 {
+
ipv4-address 192.168.0.10;
Confidential
21
Confidential
22
Confidential
23
device {
name www4
data config {
wsConfig {
+
listener 192.168.0.12 8008 {
+
}
}
interface eth0 {
+
alias 0 {
+
ipv4-address 192.168.0.12;
+
}
}
}
}
Confidential
24
Confidential
25
Confidential
26
Modelled in
Service
Manager
module web-site
Text
module lb
Managed by
Device Manager
module interfaces
module webserver
module interfaces
October 26, 2016
Confidential
27
Confidential
28
3. Create /services/service/type/web-site
url, ip, port
lb-profile: sla-gold
Confidential
29
examples.ncs/web-server-farm/web-site-service
services
web-site.yang
web-props.yang
website-service/src/java/src/com/example/website
WebSiteServiceRfs.java : create() callback (depending on the FASTMAP algorithm)
namespaces
Generated stuff
Confidential
30
web-site.yang
web-site-props.yang
module web-site {
prefix wse;
augment /ncs:services {
list web-site {
key name;
leaf name { type string;
}
uses ncs:service-data;
ncs:servicepoint
websiteservice;
module web-site-props {
prefix wsp;
augment /ncs:services/
ncs:properties {
container web-site {
list profile {
key name;
leaf name {
type string;
}
leaf lb {
mandatory true;
type leafref {
path
"/ncs:devices/ncs:device/nc
s:name";
}
}
list backend {
key name;
leaf name {
type leafref {
leaf lb-profile {
mandatory true;
type leafref {
path "/ncs:services/
ncs:properties/wsp:website/wsp:profile/wsp:name";
}
}
leaf url {
mandatory true;
Confidential
31
web-site.yang
web-site-props.yang
module web-site {
prefix wse;
augment /ncs:services {
list web-site {
key name;
leaf name { type string;
}
uses ncs:service-data;
ncs:servicepoint
websiteservice;
module web-site-props {
prefix wsp;
augment /ncs:services/
ncs:properties {
container web-site {
list profile {
key name;
leaf name {
type string;
}
leaf lb {
mandatory true;
type leafref {
path
"/ncs:devices/ncs:device/nc
s:name";
}
}
list backend {
key name;
leaf name {
type leafref {
In Navu, use
strings: "services",
or hashes: Ncs._services_
leaf lb-profile {
mandatory true;
type leafref {
path "/ncs:services/
ncs:properties/wsp:website/wsp:profile/wsp:name";
}
}
leaf url {
mandatory true;
Navu chaining
Confidential
32
/*
* BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE
* This file has been auto-generated by the confdc compiler.
* Source: ../load-dir/web-site.fxs
* BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE BEWARE
*/
package com.example.websiteservice.websiteservice.namespaces;
Confidential
33
Service
Model
Mapping
Implemented in
Java
Template
Java + Template
Template only
Only simple mappings
Implemented in minutes (e.g. in CLI)
Device
Models
Confidential
34
Confidential
35
<config-template
xmlns="http://tail-f.com/ns/config/1.0">
<devices xmlns="http://tail-f.com/ns/ncs">
<device>
<name>{$PE}</name>
<config tags="merge">
<vrf xmlns="urn:ios" tags="merge">
<definition>
<name>{/name}</name>
<rd>{/as-number}:1</rd>
<address-family>
<ipv4>
l3vpnRFS.java
@ServiceCallback(
servicePoint="l3vpn-servicepoint",
callType=ServiceCBType.CREATE)
public Properties create() {
Template peTemplate =
new Template(context, "pe-template");
Template ceTemplate =
new Template(context,"ce-template");
TemplateVariables vpnVar = new
TemplateVariables();
vpnVar.putQuoted("VLAN_ID", )
vpnVar.putQuoted("LINK_PE_ADR", )
peTemplate.apply(service, vpnVar);
ceTemplate.apply(service, vpnVar);
}
Confidential
36
make all
3.
ncs-setup --dest .
5.
Start with:
ncs-netsim start
ncs
ncs_cli u admin
Confidential
37
cd packages
ncs-make-package --service-template myService
Create eclipse environment
cd <project-top>
ncs-setup --eclipse-setup
(this can be done to refresh eclipse project when new packages are added)
Confidential
38
Confidential
39
FASTMAP Considerations
FASTMAP is the patented algorithm that records the modifications in the create()
callback, and is responsible for automatically handling the modify and delete case.
FASTMAP has a few assumptions:
Service application code only creates and sets data
Set operations must only be used on parts of the device models "owned" by that
service instance, so that there are no potential conflicts with other service
instances other than what can be achieved with sharedCreate()
One service instance must not depend on other service instances
If the creation of a service instance interacts with other service instances in a more
complex way than the above, you can implement that behavior in the
preModifications() callback. You would then have to deal with creation, modification
and deletion of your service without relying on the FASTMAP algorithm
Confidential
40
A1
Operator Creates A1
In create():
Device Changes
a1
A1: a1 + dns
dns
if not exist(dns):
create(dns)
October 26, 2016
Confidential
41
A1
Device Changes
a1
A1: a1 + dns
dns
A2
Operator Creates A2
In create():
if not exist(dns):
create(dns)
October 26, 2016
a2
A2: a2
A1
a1
Operator Deletes A1
A2
In create():
A1: a1 + dns
dns
a2
Service A2 breaks
when shared resource
dns is deleted
if not exist(dns):
create(dns)
October 26, 2016
Device Changes
A2: a2
43
A1
Operator Creates A1
In create():
Device Changes
a1
A1: a1 + (dns)
dns
sharedCreate(dns)
Confidential
44
A1
Device Changes
a1
A1: a1 + (dns)
dns
A2
Operator Creates A2
In create():
sharedCreate(dns)
a2
A2: a2 + (dns)
Device Changes
A1
a1
Operator Deletes A1
A2
A1: a1 + (dns)
dns
a2
A2: a2 + (dns)
Service A2 survives
In create():
sharedCreate(dns)
46
A1
Operator Creates A1
A2
Device Changes
a1
A1: a1
dns
a2
A2: a2
Operator Creates A2
In preModification():
if not exist(dns):
create(dns)
October 26, 2016
Before any
service instance
is created, dns is
created if it
doesn't already
exist.
47
A1
Operator Deletes A1
A2
Operator Deletes A2
In preModification():
if not exist(dns):
create(dns)
October 26, 2016
Device Changes
a1
A1: a1
dns
a2
A2: a2
Since the
creation of the
shared dns
resource was
never recorded
as part of a
service, it will
linger even if all
service
instances are
deleted
48
Reactive FASTMAP
Reactive FASTMAP allows services
to adapt to changes in the
environment
to be activated in stages
Confidential
49
Confidential
50
User interface
Adaptor programming, how to make the device changes happen
Persistence mapping
October 26, 2016
Confidential
51
FastMap
Device Model
CDB
Transaction
Service Model
FastMap
Reduce the transformation to one single
create method
October 26, 2016
Confidential
52
Callback components
October 26, 2016
Confidential
53
NCS APIs
Confidential
54
Web
UI
NETCONF
SNMP
REST
MTOSI
Other
Radius
etc
AAA API
Service
Models
Service Manager
CDB
CDB API
Core Engine
Alarm
Manager
Alarm API
FastMap Application
Abstract
FastMap Application
Abstract
FastMap Application
Device Manager
Device
Models
NSMUX
API
NAVU API
Inventory
Cisco CLI
NED
Confidential
SNMP
NED
Generic
NED
55
NCS APIs
APSs are decoupled from NCS
Communication over Stream sockets
A NCS lib can have any number of subscribers
CLI
socket
action()
OK
NCS
ncs.jar
Application
Confidential
56
NCS API:s
Package C
Package B
Package A
Service Manager
NCS
Fast Map
Transaction Manager
Service Models
NCS Java VM
Service components
Application
components
CDB
Callback
components
NED components
Device Models
Device Manager
Confidential
57
Using MAAPI
The Agent API, full access to NCS data manipulation
Transaction control,
start new
attach to existing
Maapi
Confidential
58
Confidential
59
NavuContext
Defines the NCS connection (MAAPI / CDB / R/RW etc)
Already defined when using FastMap
NavuContainer
A representation of a Yang structure:
A container
A single list entry
Confidential
60
NAVU basics
Working from the root container
NavuContainer child1 = top.list(test._simple_list_)
.elem(new ConfKey(element1))
.list(test._child_list_)
.elem(new ConfKey(1));
LAZY
We havent retrieved
the child leaf.
Traversing containers
and leafs do not trigger
the element to get
collected.
list child-list {
key index;
leaf index { type int64; }
container child-container {
precense Optional subsystem;
leaf childAttr { type string;}
...
October 26, 2016
Confidential
61
NAVU basics
Evaluating
if (child1.container(test._child_container_).exists()){
//Do something
}
else {
child1.container(test._child_container_).create();
child1Attr.set(new ConfBuf(VAL));
}
module test {
...
container top{
list simple-list {
key name;
leaf name { type string; }
leaf data { type uint64; }
Calling NCS
.exists()
.create()
list keys
etc
Causes NAVU to
evaluate
list child-list {
key index;
leaf index { type int64; }
container child-container {
leaf childAttr { type string;}
...
Confidential
62
NAVU Looping
Traversing all the elements in a list
E.g. all live devices
for (NavuContainer device :
root.container(Ncs._devices_).list(Ncs._device_).elements())
{
//Read the live-data from the device
ConfUInt64 packets = (ConfUInt64)device
.container(Ncs._live_status_)
.container(switch._data_)
.leaf(switch._packets_per_second_).value();
//Print it and forget about it
System.out.println(packets.toString() + packets/s in device
+ device.getKey().toString());
}
Confidential
63
Confidential
64
Setting up NAVU
Confusing?
Navu Root the entire system
Schema Root / of the module
Top container root node of the current
module
Confidential
65
Confidential
66
Confidential
67
Data types
ConfObject ConfObject [ ]
ConfPath
ConfValue
ConfKey (ConfObject)
ConfInt32
ConfBoolean
ConfUInt32
ConfBuf
And plenty more
ConfTag (ConfObject)
Representing a Yang Element
Automatic namespaces
ConfObject [ ] example:
/servers/server{www1}/port
3
2
1
0
Confidential
ncsc --emit-java
confdc --emit-java
68
Confidential
69
Model
Subscribe to
sub-tree
Confidential
70
71
CDB Subscribers
NAVU is quick, but sometimes an application is what we need
Most generic functionality can be built around subscriptions
Define API write data model
Subscribe to changes Create subscriber
Callback based
NCS Mux (Resource manager) keeps thread pool
NCS Mux
Model
callback
Confidential
Java
application
Java
application
Java
application
72
Data providers
For operational data
Responsible for providing data to NCS on request
Data not stored in NCS
Fetched only when asked for
callback
get_elem
Confidential
NCS Mux
Model
Java
application
Java
application
Java
application
73
Confidential
74
Full system
Using data providers and subscribers to build entire systems
Each component responsible for subset
All functions exposed through data model
Each sub-component can share its properties through the model
(CDB)
Common Model
Java
subscriber
Confidential
Java data
provider
Java data
provider
Java
subscriber
Java
subscriber
75
Confidential
76
config false
cd packages
ncs-make-package --data-provider-template myInventory
Augment the service model with meta-data
Create a external data provider that holds this information
com.tailf.dp.annotations.DataCallback
GET_ELEM, GET_NEXT,
Confidential
77
Confidential
78
Callpoints
> request devices sync direction from-device
Trigger callbacks when parts of the Yang model is modified
Transactions, Validation, Actions, Notifications and more
Implemented via Annotations:
com.tailf.dp.proto: ActionCBType, DataCBType, TransCBType
Confidential
79
Callpoints Example
Action callpoint
Leaf name myaction
Many actions can share actionpoint
ConfTag name = myaction
Input and output are ConfXMLParam
Class MyActionCallbacks{
@ActionCallback(callPoint = myAp", callType = ActionCBType.INIT)
public void init(DpActionTrans actx) throws DpCallbackException {
//Init shared resources if needed
}
@ActionCallback(callPoint = myAp", callType = ActionCBType.ACTION)
public ConfXMLParam[] action(DpActionTrans actx, ConfTag name,
ConfObject[] kp, ConfXMLParam[] params)
throws DpCallbackException {
//Check which ConfTag was called (if registered with many)
//Read input parameters
//Perform action
October 26, 2016
Confidential
list simple-list {
...
tailf:action myaction {
tailf:actionpoint myAp;
input {
leaf mode {
type string;
mandatory true;
}
output {
leaf time {
type string;
mandatory true;
}
80
Confidential
81
Web
UI
NETCONF
SNMP
REST
MTOSI
Other
Radius
etc
AAA API
Service
Models
Service Manager
SYSTEM API
CDB
Core Engine
HA API
Alarm
Manager
Alarm API
CDB API
FastMap Application
Abstract
FastMap Application
Abstract
FastMap Application
Device Manager
Device
Models
NSMUX
API
NAVU API
Inventory
Cisco CLI
NED
Confidential
SNMP
NED
Generic
NED
82
External
Database
October 26, 2016
Confidential
83
Confidential
84
Confidential
85
Confidential
86
Inter-process communications
plugin: An application to replace the
default IPC mechanism (TCP sockets)
used between NCS and applications.
Useful if clients need to use for
example UNIX-domain sockets or TIPC.
SYSTEM API
Confidential
87