Beginning with the Cisco NSO DC-SDN Core Function Pack (CFP) Release 1.1, NSO DC-SDN CFP can import the preexisting (brownfield) configuration of the controlled devices, such as an APIC, by executing a sync-from operation. You can then modify the imported configurable entities (objects, policies, or services) of the device’s configuration, or you can create new entities.

Configurable entities created using NSO are "owned" by NSO and can be deleted by NSO. Preexisting configurable entities imported by NSO are not owned by NSO. When you use NSO to delete an entity not owned by NSO, the configuration of the entity merely reverts to its state before any modification by NSO. For example, if you use NSO to modify an EPG in an imported brownfield configuration, and then you delete that EPG, the configuration of the EPG reverts to its configuration before it was imported into NSO.

You can have NSO take ownership of an imported entity through a special “reconcile” operation.

Brownfield configuration actions that you can perform using NSO include the following:

• Create a new EPG, BD, L3Out, contract, service graph, or VRF within an existing Tenant and VRF.

• Add ports into an existing L3Out. Create a regular L3 Port, vPC, PC, SVI, or sub-interface.

• Add ports into an existing EPG. Ports could be regular L2 ports, vPC, or PC.

• Configure a new vPC, PC, regular L2/L3 port on an existing switch.

• Use an existing contract, service graph into existing EPG, L3Outs.

• Add new ports into existing configured SPAN (Access and ERSPAN) sessions (both source and destination).

• Create a new L3Out with existing route-map configuration.

• Add a new subnet/External EPG into existing L3Out.

• Add a new next-hop into existing static route.

• Add a new static route into existing L3Out.

• Add a route-map into existing L3Out.

• Add a new BGP neighbor into existing L3Out.

• Add a new BGP LU and BGP EVPN neighbor into existing SR/MPLS L3Out.

• Add a new interface into SR-MPLS Infra L3Out for BGP-LU.

• Add new subnets, export policy, import policy into existing SR-MPLS VRF L3Out.

• Perform autocompletion in the CLI for the following entities: BFD Policy, L3Out name, PBR policy, Filter.

• Add a route-map policy and add/delete/modify match/set rules into route-map.

• Modify and use an existing BFD policy.

• Add new node into existing L3Out node profile.

• Add new interfaces into existing L3Out interface profile.

• Add new interface profiles into existing node profile of L3Out. (This is required for IPv6 since both v4 and v6 cannot be enabled in a single interface profile).

• Simplify APIC-Port service to ensure user is only asked for ports required to be configured and not the whole path.

• Use existing Physical domain, external domain, AEP and VLAN pool for new ports to be configured from NSO.

• Use a VLAN pool that's configured in dynamic VLAN allocation mode.

• Configure a new contract into an existing external EPG.

• Configure a new VPC on a leaf that's already configured with vPC domain and have preconfigured vPCs.

• Add a new next-hop and tracking into existing PBR policy.

• Use an existing PBR tracking policy into a new PBR policy configuration.

• Add a new line into existing filter.

• Add a new filter into existing contract.

• Add a new service device and its interface into existing device group.

• Configure a static EP for ERSPAN.