Cisco Crosswork Infrastructure Requirements
This section explains the requirements for installing the Cisco Crosswork.
The Crosswork cluster for 4.0 release consists of at least 3 VMs operating in a hybrid configuration. This is the minimum configuration necessary to support the applications in a typical network. Additional worker nodes can be added later to scale your deployment, as needed, to match the requirements of your network or as other applications are introduced.
In addition, at least 1 VM is needed to deploy Crosswork Data Gateway. This configuration can be scaled by adding additional resources if it is determined that your use case requires more resources and to support Crosswork Data Gateway high availability (HA).
The data center resources need to run NSO are addressed in the NSO installation Guide and are not addressed in this document.
Data Center Requirements
Cisco Crosswork can be deployed in either a vCenter managed data center or onto Cisco CSP. To aid in the deployment, Cisco has developed a cluster installation tool. This tool works in both environments. However, there are limitations to the tool which are detailed later in this section.
Note |
The machine where you run the installer must have network connectivity to the Cisco Crosswork cluster in order to complete the installation. If this mandatory requirement cannot be met, you must manually install the cluster. For more information on manual installation, see Install Cisco Crosswork Manually. |
VMware Data Center Requirements
This section explains the data center requirements to install Cisco Crosswork on VMware vCenter.
Note |
The following requirements are mandatory if you are planning to install Cisco Crosswork using the cluster installer. If your vCenter data center does not meet these requirements, then the VMs have to be deployed individually, and connectivity has to be established manually between the VMs. |
-
VMware vSphere 6.5 or above.
-
vCenter Server 6.5 (Update 2d or later) and ESXi 6.5 Update 2 installed on hosts, OR vCenter Server 6.7 (Update 3g or later) and ESXi 6.7 Update 1 installed on hosts.
-
All the physical host machines must be organized within the same VMware Data Center, and while it is possible to deploy all the cluster nodes on a single physical host (provided it meets the requirements), it is recommended that the nodes be distributed across multiple physical hosts.
-
The networks required for the Crosswork Management and Data networks need to be built and configured within the data center, and must allow L2 communication. A single pair of network names is required for these networks to be used across all the physical host machines hosting the Crosswork VMs.
-
To allow use of VRRP, DVS Port group needs to be set to allow Forged Transmits setting as follows:
Property Value Promiscuous mode
Reject
MAC address changes
Reject
Forged transmits
Accept
-
Ensure the user account you use for accessing vCenter have the following privileges:
-
VM (Provisioning): Clone VM on the VM you are cloning.
-
VM (Provisioning): Customize on the VM or VM folder if you are customizing the guest operating system.
-
VM (Provisioning): Read customization specifications on the root vCenter server if you are customizing the guest operating system.
-
VM (Inventory): Create from the existing VM on the data center or VM folder.
-
VM (Configuration): Add new disk on the data center or VM folder.
-
Resource: Assign VM to resource pool on the destination host, cluster, or resource pool.
-
Datastore: Allocate space on the destination datastore or datastore folder.
-
Network: Assign network to which the VM will be assigned.
-
Profile-driven storage (Query): This permission setting needs to be allowed at the root of the DC tree level.
-
-
We also recommend you to enable vCenter storage control.
CSP Data Center Requirements
This section explains the data center requirements to install Cisco Crosswork on Cisco Cloud Services Platform (CSP).
-
Cisco CSP, Release 2.8.0.276
-
Allowed hardware list:
UCSC-C220-M4S, UCSC-C240-M4SX
N1K-1110-X, N1K-1110-S
CSP-2100, CSP-2100-UCSD, CSP-2100-X1, CSP-2100-X2
CSP-5200, CSP-5216, CSP-5228
CSP-5400, CSP-5436, CSP-5444, CSP-5456
-
CSP host or cluster is setup and installed with a minimum of 2 physical ethernet interfaces - one ethernet connected to the Management network, and the other to the Data network.
VM Host Requirements
This section explains the VM host requirements.
Requirement |
Description |
||
---|---|---|---|
CPU/Memory/Storage Profiles (per VM) |
The data center host platform has to accommodate 3 VMs of the following minimum configuration (applicable to VMware vCenter and Cisco CSP): VMware vCenter:
Cisco CSP:
Few things to note:
|
||
Additional Storage |
10 GB (approximately) of storage is required for the Crosswork OVA (in vCenter), OR the Crosswork QCOW2 image on each CSP node (in CSP). |
||
Network Connections |
For production deployments, we recommend that you use dual interfaces, one for the Management network and one for the Data network. For optimal performance, the Management and Data networks should use links configured at a minimum of 10 Gbps. |
||
IP Addresses |
2 IP subnets, one for the Management network and one for Data network, with each allowing a minimum of 4 assignable IP addresses (IPv4 or IPv6). A Virtual IP (VIP) address is used to access the cluster, and then 3 IP addresses for each VM in the cluster. If your deployment requires worker nodes, you will need a Management and Data IP address for each worker node.
|
||
NTP Servers |
The IPv4 or IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize the Crosswork application VM clock, devices, clients, and servers across your network.
|
||
DNS Servers |
The IPv4 or IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.
|
||
DNS Search Domain |
The search domain you want to use with the DNS servers, for example, cisco.com. You can have only one search domain. |
Important Notes
-
Kubernetes runs within the Crosswork application VM and uses Docker for containerization. The number of containers varies as applications are added or deleted.
-
Dual stack configuration is not supported in Crosswork Platform Infrastructure. Therefore, all addresses for the environment must be either IPv4 or IPv6.
Port Requirements
As a general policy, ports that are not needed should be disabled. To view a list of all the open listening ports, log in as a Linux CLI admin user on any Crosswork cluster VM, and run the netstat -aln command.
The following ports are needed by Cisco Crosswork to operate correctly.
Port | Protocol | Usage |
---|---|---|
22 |
TCP |
Remote SSH traffic |
111 |
TCP/UDP |
GlusterFS (port mapper) |
179 |
TCP |
Calico BGP (Kubernetes) |
500 |
UDP |
IPSec |
2379/2380 |
TCP |
Kubernetes etcd |
4500 |
UDP |
IPSec |
6443 |
TCP |
kube-apiserver (Kubernetes) |
9100 |
TCP |
Kubernetes metamonitoring |
10250 |
TCP |
kubelet (Kubernetes) |
24007 |
TCP |
GlusterFS |
30603 |
TCP |
User interface (NGINX server listens for secure connections on port 443) |
30604 |
TCP |
Used for Classic Zero Touch Provisioning (Classic ZTP) on the NGINX server. |
30606 |
TCP |
Docker Registry |
30607 |
TCP |
Crosswork Data Gateway vitals collection |
30608 |
TCP |
Data Gateway gRPC channel with Data Gateway VMs |
30617 |
TCP |
Used for Secure Zero Touch Provisioning (Secure ZTP) on the ZTP server. |
30649 |
TCP |
To set up and monitor Crosswork Data Gateway collection status. |
30650 |
TCP |
astack gRPC channel with astack-client running on Data Gateway VMs |
30993, 30994, 30995 |
TCP |
Crosswork Data Gateway sending the collected data to Crosswork Kafka destination. |
49152:49170 |
TCP |
GlusterFS |
Port | Protocol | Usage |
---|---|---|
7 |
TCP/UDP |
Discover endpoints using ICMP |
22 |
TCP |
Initiate SSH connections with managed devices |
53 |
TCP/UDP |
Connect to DNS |
123 |
UDP |
Network Time Protocol (NTP) |
830 |
TCP |
Initiate NETCONF |
2022 |
TCP |
Used for communication between Crosswork and Cisco NSO (for NETCONF). |
8080 |
TCP |
REST API to SR-PCE |
8888 |
TCP |
Used for communication between Crosswork and Cisco NSO (for HTTPS). |
20243 |
TCP |
Used by the DLM Function Pack for communication between DLM and Cisco NSO |
20244 |
TCP |
Used to internally manage the DLM Function Pack listener during a Reload Packages scenario on Cisco NSO |
Supported Web Browsers
Cisco Crosswork supports the following web browsers:
The recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).
Browser | Version |
---|---|
Google Chrome (recommended) |
75 or later |
Mozilla Firefox |
70 or later |
In addition to using a supported browser, all client desktops accessing geographical map information in the Crosswork applications must be able to reach the mapbox.com map data URL directly, using the standard HTTPS port 443. Similar guidance may apply if you choose a different map data provider, as explained in "Configure Geographical Map Settings" in the Crosswork application user guides.