Cisco NSO VS ANSIBLE Orchestration and Automation
In this article, we are going to focus more on to two main tools(technologies) NSO and ANSIBLE and understand their important role in facilitating the process of network automation.
We will start with a brief introduction for both NSO and ANSIBLE, provide links and materials to facilitate the understanding of both and to compare between them by applying the same use-case:
- What are the configuration management tools and its role in Network automation cycle?
- What’s the NSO ?
- What’s the ANSIBLE?
- Applying the Use-Case on Cisco-XR device
- Pros and Cons of each tool in our use-case
- What’s next ?
- Useful links
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
1- What are the configuration management tools and its role in Network automation cycle?
As a simple description of network automation, we can describe it as a cycle of 3 stages as shown :
Configure, validate and monitor
Configure : one of the main stages for applying automation in your network, can be described as the initial process of defining a network’s operation, flow, and control.
Also includes essentially maintaining and arranging the information associated with all your network’s component.
we have some tools that help us to achieve this stage like NSO and ANSIBLE, which considered as configuration management tools
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
2- So what’s NSO ?
Cisco Network Services Orchestrator (NSO), it’s an orchestration platform for hybrid networks,which enables you to design and deliver configuration faster and more easily.
It can act as service orchestration but in this article we are introducing it as configuration management tool to compare it’s functionality with ANSIBLE
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
3- What’s Ansible ?
Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
4- the Use-Case
Scope : Configure prefix-set on multiple devices.
target devices : Cisco-XR router
For applying this changes on devices we focus on 2 scenarios
Scenario A : using ANSIBLE + PYTHON
Scenario B: using NSO + PYTHON
Scenario A : using ANSIBLE + PYTHON
We have to create the following files :
1- Set-prefix-set.yml : “the playbook we need to run “
2- iosxr_prefix_set.cfg : “file contains the configuration”
3-hosts : “ inventory file”
4- Main.py: “python script to add more flexibility and features”
Steps:
1- Let’s start with the playbook “set-prefix-set.yml
- we are using the module iosxr_config which can be found under this link :
https://docs.ansible.com/ansible/latest/modules/iosxr_config_module.html
2- Then the playbook is using iosxr_prefix_set.cfg , contains all the configuration you need to push. In this case it’s the prefix-set configurations
3- After modify the configuration file and the playbook, we have hosts file contains devices IPS
at this step you can run your playbook
NOTE : by default the lines which start with # in the configurations file will be ignored, as ansible is based on python Which consider # as a comment line so it ignore it
the present workaround is to change DEFULT_COMMENT_TOKENS in module_utils/network/common/config.py
But obviously not an ideal solution, a better way is to make this Configurable in cliconf plugin
4- At this step we can push the static prefix-set configuration, but what we really need is the flexibility and the pre-checks that we can do it before pushing the configurations , so we need to add python
We have Main.py
- The sequence will be to get all the prefix-sets on the device, and then choose one to them to append the new IP and comment, then push the new configurations to the device
1- By using the same strategy we add new playbook and new Configuration file to get all the prefix-sets
2- Then using subprocess module to run the playbook
3- Grep the needed data and make the required pre-checks
4- Finally we need to create the iosxr_prefix_set.cfg and push it again to the device
you can find the complete code under this link :
https://gitlab.com/marihan/prefix-set-with-ansible/-/tree/master
Scenario B using NSO + PYTHON :
In this scenario we are going to push the same configurations Using NSO instead of Ansible and using python to make the pre-checks
1- First we need to create the package
2- and then the bellow files will be created :
1-Yang
2-XML
3-python
-The yang file contains the structure or in other words the data format for your configurations
-And then we have XML file contains the xml which will be pushed to the devices through the NED
-At this point we can push the configurations without any pre-checks, so we use python API “ MAAPI API” to communicate with NSO CDB and gather all the information we need before pushing the configurations.
you can find the complete code under this link :
https://gitlab.com/marihan/prefix-set-with-nso/-/tree/master
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
5- Pros and Cons of each tool in our use-case
We will consider 3 main points in this comparison, the flexibility of the approach ,the syntax complexity, and finally the time needed to push this scenarios with the pre-checks
1-Flexibility:
NSO is a poweful tool with some limitations as it comes with a certain sets of rules that you can’t customize , but for Ansible + Python it gives you the The flexibility that you need to apply any scenario according to your customers need with no constraints.
So for flexibility I recommend Ansible + Python.
2-Syntax complexity :
- The complexity of NSO is that it depends on multiple files which include yang, xml and also the need to use MaaPI API which I found it complex to understand.
-But in other hand NSO has a lot of already implemented modules, that we will need to implement them from scratch like authentication And Configurations DB in case of ansible
-In case of ansible its syntax is more readable and straight forward.
3- The time needed to push scenario with the pre-checks:
-The most powerful point in NSO is that you don’t need to check the configuration from the device each time as you will have all of the configuration in your DB after apply synch from, so it save alot of the running time especially in case of multiple devices.
At the end each tool has its pros and cons so you need to determine your need, and depends on a lot of criteria like number of devices, the complexity of configurations and very important point is the pre-checks and post-checks needed to be applied you can choose the right tool for your Network
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
6- What’s next ?
The next step is to integrate ONAP and add NSO/ANSIBLE as NETCONF device, to create a complete process with a service chain and using camunda / DG, and anther modules in ONAP
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
