Cisco NSO L3VPN Automation
NSO service that provisions end-to-end L3VPNs with idempotent workflows and RESTCONF API.
Tech Stack
Key Highlights
Custom YANG service model for L3VPN provisioning
Vendor-agnostic templates for IOS-XE/XR platforms
Two-phase commit with auto-rollback safety
Pre/post validation checks for network state
RESTCONF API with audit trail logging
Automated pytest testing with netsim topology
Project Details
I built a Cisco NSO service that provisions end-to-end L3VPNs (VRFs, RT/RD, PE-CE links, BGP) across multi-device labs with idempotent, rollback-safe workflows and a RESTCONF API.
**Service model:** Custom YANG service (l3vpn) with customers → sites → endpoints; auto-generates VRFs, route-targets/route-distinguishers, and BGP neighbors from a single payload.
**Templates & callbacks:** Vendor-agnostic NSO templates + Python service callbacks (maagic/maapi) for create/update/delete; per-platform renderers for Cisco IOS-XE / IOS-XR.
**Safety & correctness:** Dry-run (commit-dry-run), two-phase commit, auto-rollback-on-error; pre-checks (device reachability, interface state) and post-checks (VRF routes, BGP session up).
**APIs & tooling:** Northbound RESTCONF endpoints with example requests; service audit trail and commit-queue logs for change tracking.
**Testing:** NSO netsim topology (P/PE/CE) + pytest harness that provisions a VPN, validates routes, and then tears it down—fully repeatable.
My contributions:
• Authored the YANG service schema and Python action/CB code; implemented per-platform templates for IOS-XE/XR.
• Wrote the pre/post-check library (commands→parsers→asserts) and the pytest scenario suite.
• Produced operator docs (payload schema, runbook, rollback procedures) and example RESTCONF curls.