LAB: NSO with Docker Container

While trying to figure out how best to built a lab environment for Cisco Network Services Orchestrator (NSO) one of the options I pursued was building a Docker Container.

First, I must give credit to NSO-Developer examples on GitHub: These Examples served as a starting point that I have expanded on.

At this time I have not posted my docker container to a public repository. While NSO is free for non-production use, it does require you to login with a Cisco CCO account to be able to download the software. For this reason I will not share the docker image with the software included. Instead, I have posted my Dockerfile to GitHub, and documented instructions below on how to build your own Docker Container.

Creating the Docker Image

The Steps below are tested for creating and running the container on a Ubuntu host, if using a different OS your syntax and results my vary

  1. Download the required files

    Download Dockerfile, and files from
    Optionally download from
    Download NSO install files for Linux:!getting-nso/downloads

  2. Extract the NSO installer file

    Run the ‘nso-’. This will extract several files, the ‘nso-’ file will be required for the docker build

  3. Ensure your dockerfile, nso installer.bin file, and file are all in the same directory

    Directory Listing

  4. Build your docker image

    This can be completed in one of two ways:
    Option 1:
    build docker image from with CLI command:
    docker build --build-arg NSOVER= -t dpnetca/nso-base:latest .
    make sure the value for NSOVER matches the NSO version you downloaded ( for me)
    make sure your Tag (after the -t) uses your desired name (i.e. replace dpnetca with your name)

    Option 2:
    If you downloaded the file. Edit the version number (VER) and container name (CONT) as appropriate and run sh

  5. Start you Container

    Once the Docker Build completed, you can run docker image:
    docker run -d -p 2022:2022 -p 2024:2024 -p 8080:8080 dpnetca/nso-base:latest
    Make sure to replace the container name with the name you used in the build, the output be the container id hash

    Alternatively, if you run docker run -d -P dpnetca/nso-base:latest docker will automatically map the expose ports to random high port values

Exposing Docker Container Ports

At the time of creating this post, there are three ports exposed in the dockerfile: 8080, 2022, and 2024. As I explore the usage of NSO I may change which ports are exposed. I believe these are the ports used by NSO that I will need. This ports used can be found and changed in the ncs.conf file within the project folder:

Exposed Ports:
2022 - Northbound SSH Netconf interface
2024 - built in SSH server
8080 - HTTP port for the WebUI, as well as REST and RESTCONF

Not Exposed Ports:
2023 - Northbound TCP Netconf interface (disabled by default)
4334 - Netconf Call Home
8088 - HTTPS port for the WebUI, as well as REST and RESTCONF (disabled by default)

Using The Docker Image

NSO WebUI Access

Once the Docker container loads you can access the webpage from your host machine at http://localhost:8080 default credentials are admin/admin

NSO Login Page

Docker Container Bash Shell Access

If you wish to access the console of the container, run docker exec -it <container-id> bash where the container-id is the first few characters of the hash, and you will be placed into the container bash shell.

If you do not know the container ID, you can see it by running docker ps.

NSO CLI Access

There are two ways to access the NSO CLI, via the bash shell, or via built in ssh.

Bash Shell Access to NSO CLI

From the the bash shell use the ncs_cli application. The default interface is a Juniper style CLI, to use a Cisco XR style CLI specify the -C flag. The -u <username> flag is also required.

SSH Access to NSO CLI

SSH to localhost ( on port 2024 to access the built-in NSO SSH. This will connect to the juniper style CLI interface. To switch to the Cisco XR style interface use the switch cli command

NSO Documentation

There are some HTML and PDF administration documents on docker container in the NSO install directory at /root/nso/doc/ to copy these to your local machine, with the docker container running, from the host machine use the command docker cp <container-id>:/root/nso/doc .


In this post showed how to create a Docker Image for Cisco Network Services Orchestrator (NSO). I also provided basic instructions for how to connect to the NSO container. For more information on how this container can be used look for other posts with the NSO-Docker tag.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.