L3 VPN Service
Table of Contents
Overview
This artifact will demo Itential platform capabilities for handling and managing L3VPN (Layer 3 Virtual Private Network) services.
The components used in this artifact are:
- L3VPN Service Model: An NSO package that contains multiple files that model an L3VPN service. This is a demo service model that represents the minimum L3VPN service configurations. The service package runs on the Cisco NSO platform and will be managed from the user interface by Itential Platform.
- Workflows: Workflows are important components in the Itential platform that enable engineers to design complex network services with a no to low code environment. The files included in this artifact represent the logic and flow required to provision L3 VPN services.
- Command Templates: Command templates enable engineers to run commands directly on devices. These commands can represent pre-checks that run before provisioning a service, and post-checks to run after service configuration. The commands included in this artifact are generic commands that show device configurations before a service is configured, and the difference between configurations after a service is configured.
- Forms: Form Builder is an application in the Itential Platform. You can create custom forms to take input from users and pass it along to a workflow. The forms can be created manually or automatically by parsing YANG files from the Service Model package. The ability to validate inputs, set certain formats, or behave in certain conditions is provided. The forms included in this artifact are forms that require minimum user input to configure a service.
- Operations Manager: An Itential Automation Platform application that integrates Forms and Workflows together. The Operations Manager items included in this artifact map the service creation forms to the workflows that provision and configure the service.
Supported Device Types
- Cisco IOS - for CE
- Cisco IOS-XR - for PE
Requirements
This artifact has been tested on:
- Itential Automation Platform
- NSO
- NSO NEDs
- cisco-ios:
^6.23
- cisco-xr:
^7.1.1
Installation
Install this artifact using App Admin Essentials. Additionally, the NSO L3 service model needs to be installed manually.
L3VPN Service Model
- Copy the service model folder [IAP Artifact-l3vpn](./assets/service-models/IAP Artifact-l3vpn) to the NSO packages folder normally located at
/var/opt/ncs/packages
. - Navigate to the src folder inside the service model directory:
cd IAP Artifact-l3vpn/src
. - Compile the service mode. Run:
make clean all
. - Login to the NSO cli:
ncs_cli -u admin
. - Load the packages:
request packages reload
. - The package reload summary may indicate a missing python dependency (e.g.
admin@ncs> *** ALARM package-load-failure: [ImportError: No module named netaddr]
). To resolve this issue, use pip install netaddr
and perform a package reload once again. - Confirm the operation status of the package is up:
show packages package oper-status
.
Example Output
admin@ncs> show packages package oper-status
PACKAGE
PROGRAM META FILE
CODE JAVA BAD NCS PACKAGE PACKAGE CIRCULAR DATA LOAD ERROR
NAME UP ERROR UNINITIALIZED VERSION NAME VERSION DEPENDENCY ERROR ERROR INFO
--------------------------------------------------------------------------------------------------------------
IAP-Artifact-l3vpn X - - - - - - - - -
Itential Tools X - - - - - - - - -
cisco-ios X - - - - - - - - -
cisco-iosxr X - - - - - - - - -
[ok][2019-06-04 14:12:05]
admin@ncs>
NSO Netsims
This artifact requires Cisco IOS and IOSXR devices to run. IOS and IOSXR will be used with the L3VPN service. This step will guide you through building the netsim devices used in running this artifact. We suggest running this artifact for the first time on blank netsim devices but using real lab devices is also possible.
- Navigate to your nso run directory, normally:
cd /var/opt/ncs/
. - Create a netsims network and add the number of devices required with the default name:
ncs-netsim create-network packages/cisco-ios 2 ios
. This will create a network with two virtual IOS devices named ios0
and ios1
. - Add additional devices to the network:
ncs-netsim add-to-network packages/cisco-iosxr 2 iosxr
. This will add two virtual IOSXR devices to the netsim network. - Start the netsim devices:
ncs-netsim start
. - Export the netsim devices settings to load in NSO:
ncs-netsim ncs-xml-init> load.xml
. - Login to the NSO cli:
ncs_cli -u admin
. - Switch to configurations mode:
config
. - Load the XML settings file to the devices:
load merge load.xml
. - Commit using the dry run option to validate devices information and authgroups:
commit dry-run outformat native
. - Commit if information and authgroups are correct:
commit
. - Fetch the ssh keys for the devices:
request devices fetch-ssh-host-keys
. - Connect to the devices:
request devices connect
. - Sync from the devices:
request devices sync-from
.
Provisioning L3VPN service via Operations Manager
- Login to the Itential Automation Platform.
- Go to Operations Manager to provision a service:
L3VPN Multisite Create
. - The L3VPN Service Model form is pre-populated with default values. It only requires the name of the CE device (ios) and PE device (iosxr). Change the other default values, as needed.
- Go to Active Jobs to monitor and complete the workflow.
Uninstall
To remove the artifact:
- Uninstall using App Admin Essentials.
- Remove the service models form:
/var/opt/ncs/packages
. - Login to the NSO cli:
ncs_cli -u amdin
. - Reload the packages:
request packages reload
. - Confirm the packages have been removed:
show packages package oper-status
.