Advanced YANG Data

Modeling for Cisco NSO

Bartosz Luraniec - Customer Delivery Software Architect

@lureek
DEVNET-3014

-
 • YANG – Introduction
• Path Navigation &
Constraints
• Leaf
Container
Agenda
•

• List
• Use Cases
• NSO Developer Studio
(YANG)
• Summary

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
 YANG Introduction

-
 YANG in NSO: Devices & Services

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
 YANG is everywhere

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
 Path Navigation &
Constraints

-
 Access the YANG
How to get path for a specific resource in the Configuration Database
(CDB) ?
admin@ncs# show running-config devices device IOS0 | display xpath

/devices/device[name='IOS0']/config/ios:interface/GigabitEthernet
[name='0/0']/ip/address/primary/address 1.1.1.1
/devices/device[name='IOS0']/config/ios:interface/GigabitEthernet
[name='0/0']/ip/address/primary/mask 255.255.255.0
...

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
 path()
XPath uses path expressions to select nodes and also this expression can
be used to return a collection of nodes, rather than a unique node.

list interface {
key "name";
leaf name {
type string;
}
}
leaf mgmt-interface {
type leafref {
path "../interface/name";
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
 current()
Starting point for an XPath location path.

leaf phase {
type enumeration {
enum Telnet;
enum SSH;
}
}
leaf mgmtVLAN {
when "current()/../phase = 'SSH'";
type string;
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 when()
Allows to expose node under given condition only.

leaf device {
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
}
container ios {
when "/ncs:devices/ncs:device[ncs:name=current()/../device]/
ncs:platform/ncs:name = 'ios'";
leaf device-description {
tailf:info "device description";
type string;
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
 must()
Constraint used to restrict and ensure that configuration meets the
condition. It is using an XPath expression that must evaluate to true.

leaf device {
tailf:info "PE Router";
type leafref {
path "/ncs:devices/ncs:device/ncs:name";
}
must "starts-with(current(),'PE')" {
error-message
"Only PE devices can be selected.";
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
 deref()
Follows the reference defined by leaf my-ip {
WITH
type leafref {
the first node in document order path "/server/ip";
in the argument node-set, and }
returns the nodes it refers to. }
leaf my-port {
leaf my-ip { type leafref {
type leafref { path "deref(../my-ip)/../port";
path "/server/ip"; }
} }
}
leaf my-port {
type leafref {
path "/server[ip = current()/../my-ip]/port"; SAME RESULT
}
} WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 contains()
Evaluates if referenced leaf value in the model contains given
string.
leaf port {
type string;
}
container encapsulation {
when "contains(current()/../port,'.')" {
tailf:dependency "../port";
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
 starts-with()
Evaluates if referenced leaf value in the model starts with
given string. leaf type {
type enumeration {
enum test;
enum isp;
enum mobile_4G;
enum mobile_5G;
}
}
container classifier {
when "starts-with(current()/../type,'mobile')";
presence true;
leaf name {
type string;
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
 But we have way more…
* last * string-length * string-compare
* position * normalize-space * compare
* count * translate * current
* id * boolean * deref
* local-name * nodeset-as-boolean * sort-by
* namespace-uri * false * enum-value
* name * true * bit-is-set
* string * not * min
* concat * number * max
* starts-with * sum * avg
* contains * floor * band
* substring-before * ceiling * bor
* substring-after * round * bxor
* substring * re-match * bnot

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
 Evaluate your XPath in NSO
Enable Devtools:
admin@ncs# devtools true
admin@ncs# config

Evaluate XPath:
admin@ncs(config)# xpath eval "/devices/device[contains(name, 'a') or
contains(name, 'i')]"
/devices/device[name='ios0']

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
 Evaluate your XPath in NSO
String Examples:
admin@ncs(config)# xpath eval normalize-space(' test')
test

admin@ncs(config)# xpath eval translate('test_xyz', '_', '-')

test-xyz

admin@ncs(config)# xpath eval compare('abc','abc')

0

admin@ncs(config)# xpath eval string-length('test')

4

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
 Evaluate your XPath in NSO
String Examples:
admin@ncs(config)# xpath eval substring('test_xyz', 2, 2)
es
admin@ncs(config)# xpath eval substring-before('aa-bb','-')
aa
admin@ncs(config)# xpath eval substring-after('aa-bb','-')
bb
admin@ncs(config)#
xpath eval re-match('1.22.333', '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}')
true
admin@ncs(config)# xpath eval concat('area','-SW')
area-SW

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 Evaluate your XPath in NSO
Node-Set Examples:
admin@ncs(config)# xpath eval count(devices/device)
3

admin@ncs(config)# xpath eval "devices/device[last()]"

/devices/device[name='JUN0']

admin@ncs(config)# xpath eval devices/device[position()=2]

/devices/device[name='IOSXR0']

admin@ncs(config)# xpath eval name(devices/device)

ncs:device

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
 Evaluate your XPath in NSO
Numeric Examples:
admin@ncs(config)# xpath eval floor(4.69)
4

admin@ncs(config)# xpath eval ceiling(4.69)

5

admin@ncs(config)# xpath eval "10 div 5"

2

admin@ncs(config)# xpath eval 2*2

4

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
 Evaluate your XPath in NSO
Boolean Examples:
admin@ncs(config)# xpath eval boolean(0)
false

admin@ncs(config)# xpath eval not(0)

true

admin@ncs(config)# xpath eval true()

true

admin@ncs(config)# xpath eval false()

false

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 Leaf

-
 leafref
Hint to values for the leaf existing somewhere in the model. It enforces data
validation.
leaf vrf-name {
type leafref {
path "/ncs:devices/ncs:device[ncs:name=current()/../device]/
ncs:config/iosxr:vrf/iosxr:vrf-list/iosxr:name";
}
}

admin@ncs(config)# SERVICE vrf-name ?

Possible completions:
VRF1 VRF2
admin@ncs(config)# SERVICE vrf-name VRF3 ?
Possible completions:
Error: "VRF3" is an invalid value.

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
 tailf:non-strict-leafref
Hint to values for the leaf existing in the model but without enforcing
any data validation nor evaluation logic.
leaf vrf-name {
tailf:non-strict-leafref {
path "/ncs:devices/ncs:device[ncs:name=current()/../device]/
ncs:config/iosxr:vrf/iosxr:vrf-list/iosxr:name";
}
type string;
}

admin@ncs(config)# SERVICE vrf-name VRF3 ?

YANG will accept value that is not existing under referenced leaf.

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
 tailf:default-ref
leaf BVI {
type uint16 {
range 1..4094;
}
}
container encapsulation {
choice encapsulation-choice {
Sets a leaf to the value of container dot1q {
another leaf unless it is presence true;
explicitly set. leaf tag {
type uint16 {
range 1..4094;
}
tailf:default-ref "../../../BVI";
}
}
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
 tailf:cli-show-with-default
Allows to display leaf in configuration even if it is set to the default
value.
leaf mtu-size {
tailf:cli-show-with-default;
type uint16;
default 1500;
}

admin@ncs# show run SERVICE admin@ncs# show run SERVICE

SERVICE SERVICE
interface GigabitEthernet 0/0 interface GigabitEthernet 0/0
mtu-size 1500 !
! !
! WITH WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
 tailf:cli-expose-key-name
By default when inputting a list element – key name does not appear in
the CLI. We can expose it.
list SERVICE { WITHOUT
key "device";
leaf device { admin@ncs(config)# SERVICE IOS1
tailf:cli-expose-key-name;
type string;
}
}
WITH

admin@ncs(config)# SERVICE device IOS1

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
 tailf:hidden
This statement can be used to hide a node from some, or all, northbound
interfaces (CLI and Web UI).

leaf calculated-lsps {
tailf:hidden true;
type string;
}

Use it as a storage!

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
 Container

-
 presence
If you want to make container optional (where you have mandatory leaf
elements). If anything is configured under container – the container will be
true, if nothing is configured under the container – then it is absent (false).

container routing-protocol {
container bgp {
presence true;
// MANDATORY LEAF elements
}
container ospf {
presence true;
// MANDATORY LEAF elements
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
 tailf:cli-flatten-container
container customer {
tailf:cli-flatten-container;
Allows the CLI to exit the container and
leaf name { continue to input from the parent
type string; container when all leaf elements in the
} current container has been set.
leaf address {
type string;
admin@ncs(config)# SERVICE customer name
}
} CLIENT address KRK interface int-type GE
container interface { int-id 0/1 WITH
leaf int-type {
type string; admin@ncs(config)# SERVICE customer name
} CLIENT address KRK
leaf int-id { admin@ncs(config)# exit
type string; admin@ncs(config)# interface int-type GE
}
int-id 0/1 WITHOUT
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
 tailf:cli-add-mode
Creates a mode of the container. It can be used in config nodes only.
container vrf-config { admin@ncs(config)# SERVICE IOS0 vrf-config
tailf:cli-add-mode; <ENTER>
leaf vrf-name { admin@ncs(config-vrf-config)# ?
type string; Possible completions:
} local-as-number
leaf local-as-number { vrf-name WITH
tailf:info "BGP AS";
type enumeration { admin@ncs(config)# SERVICE IOS0 vrf-config
enum 12345;
------------------------------------------^
enum 23456;
syntax error: incomplete path
}
} admin@ncs(config)# SERVICE IOS0 vrf-config ?
} Possible completions:
local-as-number
vrf-name WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
 List

-
 min-elements/max-elements
Specify minimum/maximum number of elements that have to occur in this
list or leaf-list.

list FastEthernet {
tailf:info "FastEthernet port";
key port;
max-elements 1;
min-elements 1;
leaf port {
type string;
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
 tailf:cli-flat-list-syntax
Allow operators to enter the leaf-list values without the brackets.

leaf-list vrf-name {
tailf:cli-flat-list-syntax;
type string;
}

admin@ncs(config)# SERVICE vrf-name [ VRF1 VRF2 ] WITHOUT

admin@ncs(config)# SERVICE vrf-name VRF1 VRF2 WITH

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
 tailf:cli-compact-syntax
Use the compact representation for this
container vrf-config { node in the 'show running-configuration'
tailf:cli-compact-syntax; command (all leaf elements are shown in a
leaf vrf { single line).
type string;
} admin@ncs# show running-config SERVICE
SERVICE service
leaf local-as-number { vrf-config vrf vrf1 local-as-number 12345
tailf:info "AS Number"; ! WITH
type enumeration {
enum 12345;
enum 23456; admin@ncs# show running-config SERVICE
} SERVICE service
} vrf-config vrf vrf1
} vrf-config local-as-number 12345
! WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
 tailf:cli-sequence-commands
list link {
tailf:cli-sequence-commands;
Enforces the exact order while inputting
key "id"; parameters. The order is the same as in
leaf id { the YANG model.
mandatory true;
type string; admin@ncs(config)# SERVICE link primary ?
} Possible completions:
leaf source { source <cr>
type inet:ipv4-address; WITH
}
leaf destination {
admin@ncs(config)# SERVICE link primary ?
type inet:ipv4-address;
} Possible completions:
} destination source <cr> WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
 tailf:cli-incomplete-commands
Specifies that an auto-rendered
container dhcp { command should be considered
leaf port {
tailf:cli-incomplete-command; incomplete. Can be used to prevent
type uint16; "<cr>" from appearing in the
} completion list for optional internal
leaf subnet {
type inet:ipv4-prefix;
nodes.
} admin@ncs(config)# SERVICE dhcp port 12 ?
} Possible completions:
subnet WITH

admin@ncs(config)# SERVICE dhcp port 12 ?

Possible completions:
subnet <cr> WITHOUT

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
 Use Cases

-
 Vendor agnostic
interfaces modelling

-
 Vendor agnostic interfaces modelling
container ios-xr {
tailf:cli-drop-node-name;
when "/ncs:devices/ncs:device[ncs:name=current()/../hostname]/
ncs:platform/ncs:name = 'ios-xr'";
list interfaces {
key "interface-type port";
leaf interface-type {
type enumeration {
enum GigabitEthernet;
enum TenGigabitEthernet;
enum BundleEthernet;
}
}
leaf port {
type string;
}
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
 Vendor agnostic interfaces modelling
container junos {
tailf:cli-drop-node-name;
when "/ncs:devices/ncs:device[ncs:name=current()/../hostname]/
ncs:platform/ncs:name = 'junos'";
list interfaces {
key "interface-type port";
leaf interface-type {
mandatory true;
type enumeration {
enum xe-;
enum ge-;
enum ae-;
}
}
leaf port {
type string;
}
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
 CLI
Autocomplete
Action

-
 list l3vpn-service {
key "device";
leaf device {
YANG
type string;
}
list interface {
key "interface-type port";
uses ncs:service-data;
ncs:servicepoint l3vpn-servicepoint;
leaf interface-type {
type enumeration {
enum GigabitEthernet;
enum TenGigE;
}
}
leaf port {
type string;
tailf:cli-completion-actionpoint "l3vpn-cli-completion-action";
}
}
}

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
 from _ncs.dp import action_reply_completion
Python
## ACTION

def cb_completion(self, uinfo, cli_style, token, completion_char, kp,

cmdpath, cmdparam_id, simpleType, extra):

## OPENED MAAPI TRANSACTION

result_list = []
strkp = str(kp)

device_name = strkp.split("l3vpn{")[1].split(" ")[0]

interface_type = strkp.split("interface")[1].split("{")[1].split("}")[0]
interface_list = getattr(root.devices.device[device_name].config.cisco_ios
_xr__interface, interface_type)
for interface in interface_list:
result_list.append((0, interface.id, None))

action_reply_completion(uinfo, result_list)

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
 NSO Developer
Studio (YANG)

-
 NSO Developer Studio

✓ Utilize YANG
IDE

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 NSO Developer Studio

✓ Access CDB

✓ Copy XPath (or KeyPath)

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
 NSO Developer Studio

✓ View YANG models in

diagram

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
 Summary

-
 Summary
In YANG there are many different ways to accomplish the same
goal.

But always follow the 3xM rule ...

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
 1. Be Modular
✓ Use groupings (e.g.
VRF.yang
interfaces)
L3VPN.yang QoS.yang
✓ Decouple modules (e.g.
separate VRF, QoS, Routing
Protocol from L3VPN) BGP.yang

...
✓ Re-use modules across
packages

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
 2. Be Meticulous

✓ Use range, length, pattern etc.

container acl { ...
to:
leaf acl-description {
• avoid inconsistency type string {
between Service model length "0..64";
and NEDs pattern "[0-9a-zA-Z]*";
}
• support future tooling description "Purpose of ACL";
around testing (payload }
generation)
✓ Get inspired from NEDs …
but do not copy-paste
✓ Declare your modules version

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
 3. Be Mindful!

✓ Keep it simple for the Operator

• test flow of the CLI
• use learnt tricks:
• containers with tailf:cli-drop-node-name, vendor specific config
• tailf:cli-sequence-commands, speed up operator input flow
• tailf:cli-completion-actionpoint, complex leafref at runtime
• And many more!

✓ Prevent Operator mistakes in Service inputs

• use range, length, pattern etc.

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
 YIN-YANG

“Automation is as good as the Data Models”

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
 Webex App
Questions?
Use the Webex app to chat with the speaker
after the session

How
1 Find this session in the Cisco Events mobile app

2 Click “Join the Discussion”

3 Install the Webex app or go directly to the Webex space

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

by the speaker until February 28, 2025.

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
 Fill Out Your Session Surveys

Participants who fill out a minimum of 4 session

surveys and the overall event survey will get a
unique Cisco Live t-shirt.
(from 11:30 on Thursday, while supplies last)

All surveys can be taken in the Cisco Events

mobile app or by logging in to the Session Catalog
and clicking the ‘Participant Dashboard’

Content Catalog

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
 • Visit the Cisco Showcase
for related demos

• Book your one-on-one

Meet the Engineer meeting

Continue • Attend the interactive education

with DevNet, Capture the Flag,
your education and Walk-in Labs

• Visit the On-Demand Library

for more sessions at
ciscolive.com/on-demand.
Sessions from this event will be
available from March 3.

Contact me at: www.linkedin.com/in/lureek

-
DEVNET-3014 © 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
 Thank you

-
-