First Published: November 11, 2021

This document provides information about Cisco Crosswork Network Controller 3.0.x, including product overview, solution components, new features and functionality, compatibility information, and known issues and limitations.

Product Overview

Cisco Crosswork Network Controller empowers customers to simplify and automate intent-based network service provisioning, monitoring and optimization in a multi-vendor network environment with a common GUI and API.

The solution combines intent-based network automation to deliver critical capabilities for service orchestration and fulfilment, network optimization, service path computation, device deployment and management, and anomaly detection and automatic remediation. Using telemetry gathering and automated responses, Cisco Crosswork Network Controller delivers network optimization capabilities that would be nearly impossible to replicate even with a highly skilled and dedicated staff operating the network.

The fully integrated solution combines core capabilities from multiple innovative, industry-leading products including Cisco Network Services Orchestrator (NSO), Cisco Segment Routing Path Computation Element (SR-PCE), Cisco Crosswork Data Gateway, and Cisco Crosswork's infrastructure and suite of applications. Its unified user interface allows real-time visualization of the network topology and services, as well as service and transport provisioning, via a single pane of glass.

Primary Use Cases:

  • Orchestrated service provisioning: Provisioning of L2VPN and L3VPN services with underlay transport policies in order to define, meet, and maintain SLAs, using the UI or APIs.

  • Real-time network and bandwidth optimization:Intent-based closed-loop automation, congestion mitigation and dynamic bandwidth management based on Segment Routing and RSVP-TE. Optimization of bandwidth resource utilization by setting utilization thresholds on links and calculating tactical alternate paths when thresholds are exceeded. Real-time telemetry is used to detect changes in network traffic and then changes in the network are automatically implemented to deliver on the operator's intent.

  • Local Congestion Management: Local, interface-level congestion mitigation recommendations for rerouting traffic around the congested interface using tactical TE policies.

  • Visualization of network and service topology and inventory: Visibility into device and service inventory and visualization of devices, links, and transport/VPN services and their status on logical or geographical maps.

  • Performance-based closed-loop automation:Automated discovery and remediation of problems in the network by allowing Key Performance Indicator (KPI) customization and monitoring and triggering of pre-defined remediation tasks when a KPI threshold is breached. Cisco Crosswork Health Insights and Change Automation (optional add-ons) must be installed for this use case.

  • Planning, scheduling, and automating network maintenance tasks: Scheduling an appropriate maintenance window for a maintenance task after evaluating the potential impact of the down-time on the network (using WAE Design). Automating the execution of maintenance tasks (such as throughput checks, software upgrades, SMU installs) using playbooks. Cisco Crosswork Health Insights and Change Automation (optional add-ons) must be installed for this use case.

  • Secure zero-touch onboarding and provisioning of devices: Automatic onboarding of new IOS-XR devices and provisioning of Day0 configuration, resulting in faster deployment of new hardware at a lower operating cost. Cisco Crosswork Zero Touch Provisioning (optional add-on) must be installed for this use case.

  • Visualization of native SR paths: Visualizing the native path using the traceroute SR-MPLS multipath command to get the actual paths between the source and the destination can be achieved using Path Query. With Cisco Crosswork Network Controller, a traceroute command runs on the source device for the destination TE-Router ID and assists in retrieving the paths.

Version History

The following table lists the Cisco Crosswork Network Controller version history and related Release Notes:

Table 1. Version History

Version

Release Notes

Cisco Crosswork Network Controller 3.0.0

Cisco Crosswork Network Controller 3.0.x Release Notes

Cisco Crosswork Network Controller 3.0.1

Cisco Crosswork Patch for Apache Log4j Vulnerability

Cisco Crosswork Network Controller 3.0.2

Cisco Crosswork Patch for Spring4Shell Vulnerability

Cisco Crosswork Network Controller 3.0.3

Cisco Crosswork Network Controller 3.0.x Release Notes

Solution Components

The Cisco Crosswork Network Controller solution is made up of the following components:

Table 2. Solution Components for 3.0.x

Component

Version

Description

Cisco Crosswork Infrastructure

4.1

A resilient and scalable platform on which all of the Cisco Crosswork applications can be deployed. The infrastructure is based on a cluster architecture for extensibility, scalability, and high availability.

Cisco Crosswork Data Gateway (CDG)

3.0

A secure, common collection platform for gathering network data from multi-vendor devices that supports multiple data collection protocols including MDT, SNMP, CLI, standards-based gNMI (dial-in), and syslog.

Cisco Crosswork Optimization Engine

3.1.0

Provides closed-loop tracking of the network state and real-time network optimization in response to changes in network state, allowing operators to effectively maximize network capacity utilization, as well as increase service velocity.

Provides traffic engineering visualization of SR-MPLS, SRv6, and RSVP-TE policies.

Cisco Network Services Orchestrator

5.5.2.9

An orchestration platform that makes use of pluggable function packs to translate network-wide service intent into device-specific configuration. Cisco NSO provides flexible service orchestration and lifecycle management across physical network elements and cloud-based virtual network functions (VNFs), fulfilling the role of the Network Orchestrator (NFVO) within the ETSI architecture. It provides complete support for physical and virtual network elements, with a consistent operational model across both. It can orchestrate across multi-vendor environments and support multiple technology stacks, enabling extension of end-to-end automation to virtually any use case or device.

Cisco Segment Routing Path Computation Element (SR-PCE)

7.3.2

An IOS-XR multi-domain stateful PCE supporting both segment routing (SR) and Resource Reservation Protocol (RSVP). Cisco SR-PCE builds on the native Path Computation Engine (PCE) abilities within IOS-XR devices, and provides the ability to collect topology and segment routing IDs through BGP-LS, calculate paths that adhere to service SLAs, and program them into the source router as an ordered list of segments.

Cisco Crosswork Health Insights (optional add-on)

4.1

A network health application that performs real-time Key Performance Indicator (KPI) monitoring, alerting, and troubleshooting. It builds dynamic detection and analytics modules that allow operators to monitor and alert on network events based on user-defined logic.

Cisco Crosswork Change Automation (optional add-on)

4.1

Automates the process of deploying changes to the network.

Cisco Crosswork Zero-Touch Provisioning (optional add-on)

3.0

Automatic onboarding of new IOS-XR and IOS-XE devices and provisioning of Day0 configuration, resulting in faster deployment of new hardware at a lower operating cost.

Patch Release Versions for Cisco Crosswork Products

The patch files (.tar.gz) are available on the Cisco Software Download page.

Table 3. Patch Releases for 3.0.3

Cisco Crosswork Product

New Releases with Fix

Defect ID

Crosswork Infrastructure

4.1.4

 CSCwb70153

Crosswork Network Controller

3.0.3

 CSCwb77371
Note 

The Crosswork Network Controller 3.0.2 bug is fixed in 3.0.3, allowing a deleted VPN Profile to be recreated from Service Provision UI form in Crosswork Network Controller.

Crosswork Optimization Engine

3.1.1

 CSCwb43709

Cisco Crosswork Change Automation and Health Insights

Only Crosswork Infrastructure patches are required

n/a

Cisco Network Services Orchestrator

5.5.5

n/a

Crosswork Zero Touch Provisioning

3.0.2

3.0.3

CSCwb43706

CSCwb95809

CSCwb95837

Crosswork Data Gateway

There is no attack vector for Crosswork Data Gateway. Use the released versions.

n/a

Note

For patch installation instructions, see the Cisco Crosswork Patch for Spring4Shell Vulnerability Release Notes and the Patch Installation Workflow section.

What's New in Cisco Crosswork Network Controller 3.0.x

The table below lists the primary new features and functionality introduced in Cisco Crosswork Network Controller 3.0.x.

Table 4. New Features and Functionality in Cisco Crosswork Network Controller 3.0.x

Feature

What's New?
Service Health

Note: Service Health is not genearlly available yet. At this stage, it is available for pre-launch laboratory evaluation only. Engage your account team if you are interested in participating in the evaluation.

Cisco Crosswork Service Health substantially reduces the time required to detect and troubleshoot service quality issues. When using in conjunction with Cisco Crosswork Network Controller, provisioned L2/L3 VPN services health status is continuously monitored and provides insight to operators to pinpoint why and where a service is degraded or broken (Good, Degraded, Down). Once installed, you can start/stop and pause monitoring as needed. It can also provide service-specific monitoring, troubleshooting, assurance, and proactive casualty through a heuristic model that visualizes the:

  • Health status of sub-services (device, tunnel) to a map when a single service is selected.

  • Service logical dependency tree and help the operator in troubleshooting in case of degradation by locating where the problem resides, an indication of possible symptoms, and impacting metrics in case of degradation.

  • Historical view of services health status up to 60 days.

Segment Routing Over IPv6 (SRv6) Visualization and Provisioning

Starting with this release, SR-TE policies are now separated into either SRv6 or SR-MPLS policies. SRv6 and SR-MPLS policies (including link details) are shown separately in the UI.

SRv6 visualization supports the following:

  • SRv6 topology

  • ISIS IGP

  • Flexible Algorithm information and topology

  • PCC-initiated SRv6 policies (including IGP paths)

SRv6 provisioning supports the following:

  • SRv6 provisioning

  • L3VPN over SRv6 TE ODN provisioning

In addition to previously supported IPv4 policy data, the following SRv6 policy data is also supported:

  • SRv6 Binding SID

  • Computed and reported SR paths (SRv6 adjacency and node SIDs)

Flexible Algorithm Visualization

The ability to view up to two Flexible Algorithm IDs in your network can be enabled in the Traffic Engineering topology view (Services & Traffic Engineering > Traffic Engineering.

Visualization of native SR path

Visualizing the native path using the traceroute SR-MPLS multipath command to get the actual paths between the source and the destination can be achieved using Path Query. With Cisco Crosswork Network Controller, a traceroute command runs on the source device for the destination TE-Router ID and assists in retrieving the paths.

Scale

To support large scale deployment, the applications that make up Cisco Crosswork Network Controller (Cisco Crosswork Optimization, Cisco Crosswork Active Topology, and other applications) are built with workload and endpoint load balancing using the Cisco Crosswork infrastructure's cluster architecture.

Overall scale support has increased significantly to 10K devices, 100K IGP interfaces, 60K transport policies (SR, RSVP, SRv6), and 200K VPN services (L2VPN, L3VPN).

High availability

  • Kubernetes-based cluster architecture for extensibility, scalability, and high availability. The cluster can include up to three “hybrid” nodes and three additional “worker” nodes. Cisco Crosswork applications are installed on top of the integrated cluster infrastructure.

  • High availability is built into Cisco Crosswork’s cluster architecture. Users get alarms when nodes in the cluster have issues, and can restart or re-instantiate nodes at will. Load balancing is automatic across the cluster.

  • Crosswork applications support high availability with multi-instance microservices.

Cisco Crosswork Data Gateway and Data Collection

  • View Crosswork Data Gateway profile information in Cisco Crosswork UI.

  • New Operational State “Not Ready”.

  • Enhanced Monitoring and Troubleshooting of the Crosswork Data Gateway.

  • Add custom ports for SNMP Trap and Syslog collection.

  • SNMP and gNMI collection enhancements.

See the Cisco Crosswork Data Gateway and Data Collection 3.0 release notes for additional new features.

User Interface/Usability

  • Addition of a detailed topology map legend.

  • Enhanced usability for troubleshooting provisioning state failures with the addition of information icons and links that detail specific error information, recommendations on how to fix, and various actions that can be taken to fix failures.

  • NSO actions, such as check-sync, sync-from, re-deploy, reconcile, etc., are available through the Cisco Crosswork Network Controller provisioning UI.

  • Enhanced cross-launches to NSO based Provisioning, Alarms, and Events.

  • Enhanced, unified, integrated user interface and topology that combines all components within a single pane of glass.

  • The dashboard in the Home page provides an at-a-glance operational summary of the network being managed, including reachability and operational status of devices, as well as transport policies and VPN services. Additional dashlets might be shown in the dashboard depending on which Cisco Crosswork applications are installed.

Device Management

  • Addition of NSO device sync integration

  • Integration of Cisco Crosswork Zero Touch Provisioning (ZTP) enables onboarding and provisioning new IOS-XR devices automatically, resulting in faster deployment of new hardware at a lower operating cost. Operators can quickly and easily bring up devices using a Cisco-certified software image and a day-zero software configuration.

  • Addition of Cisco Plug and Play (PnP) ZTP enables secure onboarding and provisioning of new IOS-XE devices, similar to the process for IOS-XR devices.

Optimization/Congestion Mitigation

  • Segment Routing Over IPv6 (SRv6) Visualization: Supports SRv6 topology, ISIS IGP, FlexAlgo information and topology, PCC-initiated SRv6 policies (including IGP paths), etc.

  • Flexible Algorithm Visualization

  • Maximun SID Depth (MSD) Enforcement

  • Local Congestion Mitigation (LCM): Updated architecture to support higher scalability, new landing page, a timestamp of when the last recommendation was made now displayed on the landing page and dashboard, a new Urgency field displayed in the Operational Dashboard indicating the severity of the issue to be addressed, the ability t oenable automatic repair of degraded LCM policies, etc.

  • Visualize Link Aggregation Group (LAG) link details

  • SR-TE Policy Delay Metric Visualization

  • SR-TE Multiple Path Candidate (MCP) Visualization

  • Binding SID (B-SID) Policy Visualization

  • Native Segment Routing Path Over Inter-AS Option C Visualization

  • Cisco SR-PCE HA pairs

  • Cisco Crosswork Network Controller and Cisco Crosswork Optimization Engine API: New Data for link, node, SR-policy.

See the Cisco Crosswork Optimization Engine 3.1.0 release notes for additional new features.

Transport/VPN Provisioning

  • Provision, update, and delete SRv6 policies and ODN templates on head-end devices using NSO services model.

  • Support for L3VPN over SRv6 TE ODN provisioning.

  • L3VPN Route Policy enhancement to reference external route policy with sample Function Pack (FP) model.

Topology

  • Service topology view in Cisco Crosswork Network Controller capable of showing services with complex key.

  • Configurable L2 topology discovery sources can be enabled and disabled, allowing you to select which L2 collection sources are collected. This offers performance benefits, as devices are not constantly polled for data that is not needed.

  • Ability to save a useful map display and layout as a named custom view so that it can be retrieved easily without having to rearrange the map each time.

  • Device grouping functionality for easier device management. Ability to organize devices in groups, to create a hierarchy of groups and to visualize groups of devices on the topology map.

RESTCONF APIs

New RESTCONF API functions:

  • Cisco Crosswork Network Controller RSVP-TE RESTCONF tunnels API is newly added and reports the discovered TE tunnels and operation status. HCO/Netfusion and the customer can use these LSP tunnel information to manage the network.

  • Cisco Crosswork Network Controller RESTCONF topology:

    • SR-TE : Added SRLB, MSD and other important data in the topology API report. The newly added data support is important for HCO/Netfusion to manage the network.

    • SRv6 : Added SRv6 report for the topology API.

    • L2 topology : Added L2 topology report so that user can understand the layer 2 network connectivity. Now the topology API supports both L2 topology and L3 topology.

Datalytics

Integration of Cisco Crosswork Health Insights and Change Automation enables closed-loop control based on performance telemetry.

Documentation

  • The Cisco Crosswork Infrastructure 4.1 and Applications Installation Guide covers installation of the cluster and installation of Crosswork applications on top of the infrastructure. There is no individual installation guide for Cisco Crosswork Network Controller.

  • The Cisco Crosswork Infrastructure 4.1 and Applications Administration Guide covers setup and maintenance of the Crosswork system. There is no longer a Getting Started Guide for Cisco Crosswork Network Controller.

  • The Cisco Crosswork Network Controller 3.0.x Solution Workflow Guide provides an overview of the solution and its supported use cases. It walks users step-by-step through various common usage scenarios to illustrate how users can work with the solution components to achieve the desired benefits.

Compatibility Information

Table 5. Cisco IOS Software Version Support
Operating System Version SR-PCE PCE-Init PCC-Init NSO + CFP CLI NSO + CFP NETCONF Crosswork Infrastructure 4.1 Crosswork Optimization Engine Crosswork ZTP Service Health
IOS-XR 6.5.3 yes yes yes

6.6.3

 yes yes yes yes yes

7.1.2

yes

 yes yes yes

yes

7.2.1

 yes yes yes yes yes

7.3.1

 yes (Cisco ASR 9000 Series only) yes yes yes yes yes

yes

7.3.2

yes

yes

yes

yes

yes

yes

yes

yes

7.4.1

yes

yes

yes

yes

yes

yes

yes
IOS-XE 17.4.1 yes yes yes yes

yes

17.5.1

yes

 yes yes yes yes

17.6.1

 yes yes yes yes yes

Important Notes

Take into consideration the following important information before starting to use Cisco Crosswork Network Controller 3.0.x:

  • Cisco Crosswork Change Automation 4.1 & Cisco Crosswork Health Insights 4.1:

    Cisco Crosswork Change Automation 4.1 and Cisco Crosswork Health Insights 4.1 is now available as an add-on license in the purchase of Cisco Crosswork Network Controller 3.0.x and is no longer separately orderable.

  • Service Health:

    Service Health is not generally available yet. At this stage, it is available for pre-launch laboratory evaluation only. Engage your account team if you are interested in participating in the evaluation.

  • Obtaining Cisco Geomaps for topology map renditions:

    Cisco Crosswork Network Controller allows users to obtain downloadable geographical maps (geomaps) based on their specific topology mapping needs. If your environment allows contact with the map provider website we specify in Crosswork, you do not need to download the map files. If your environment does not allow outside access, you will need to download the map files for the areas where your network requires coverage.

  • VPN Service Provisioning:

    The Cisco NSO sample function packs are provided as a starting point for VPN service and RSVP-TE provisioning functionality in Cisco Crosswork Network Controller. While the samples can be used “as is” in some limited network configurations, they are intended to demonstrate the extensible design of Cisco Crosswork Network Controller. Answers to common questions can be found here and Cisco Customer Experience representatives can provide answers to general questions about the samples. Support for customization of the samples for your specific use cases can be arranged through your Cisco account team.


Note

Many features on Cisco Crosswork Network Controller depend on the underlying router XR/XE versions and the SR-PCE software versions to support it. Verify those are supported and working in the combination of software versions on router platforms and SR-PCE.

Known Issues and Limitations

The table below shows known issues and limitations that should be taken into account before starting to work with Cisco Crosswork Network Controller 3.0.x.

Table 6. Known Issues and Limitations

Issue/Limitation

Context within Cisco Crosswork Network Controller

Service Health is for pre-launch lab use only.

Service Health

Service Health provides CPU and memory consumption for a device per core. Each device may have multiple cores. When CPU or memory consumption exceeds the thresholds configured in the device profile, (reports as being high), it is marked as degraded. To check, go to Administration > Heuristic Packages > Configuration Profiles and select the information icon next to the configuration profile name, examine CPU or memory profile configuration information. For CPU usage, a value over 70% exceeds the threshold and is marked as degraded. For memory usage, a value under 10% is marked as degraded. The threshold value shown, for both CPU and memory, is an average of the multiple cores reported on a device. View the Failed Subexpressions and Metrics table information where you can examine the multiple core values shown in the Expression Value column used to average a device’s threshold. Only certain cores may be raising the threshold, while others are not. Use these details to determine which core CPU or memory is degraded so to troubleshoot as necessary.

Service Health
L2VPN cannot support the use of the SRv6TE or SRv6TE ODN (via route policy). Route Policy

Explicit path is not supported for SRv6 policy. However, when provisioning an SRv6 policy, if the candidate path is configured prior to enabling SRv6, the Explicit Path option is visible and can be committed with no warning and the explicit path config is ignored when SRv6 policy is pushed to the devices. If SRv6 is enabled first, before configuring the path, the Explicit Path option is not visible due to no SRv6 explicit path support.

Provisioning an SRv6 policy and configuring the Path

Custom templates cannot be created using the GUI, nor can their contents be visualized in the GUI. Custom templates created offline can be applied to service models via GUI and API. However, topology map overlays and service configuration views will not display custom template configuration.

Provisioning GUI.

The Optimization Engine GUI shows TE metric type instead of Latency metric type for SR policies created from the Optimization Engine GUI with Latency as the metric type.

SR policy provisioning from Optimization Engine GUI

Cisco Crosswork Data Gateway operational state may transition to error state when there is little or no traffic for an extended period of time. Operational state will be updated when the traffic returns to normal levels.

Admin > Data Gateway Management

The error, "Get Dense Table Operation" may be shown in the Collection Job UI for the SNMP collection type when a large number of devices (300+) are reloaded in an environment. SNMP collection can be resumed by rebooting the VM from the Troubleshooting menu in Cisco Crosswork Data Gateway.

Cisco Crosswork Data Gateway

Services can be provisioned to devices when devices are not mapped to Cisco Crosswork Network Controller or are operationally down, provided they are reachable and in sync with NSO.

Provisioning GUI

After a Cisco NSO backup and restore operation, Cisco Crosswork Network Controller discovers all services from Cisco NSO. Any delta in services after the NSO backup operation will be lost once the backup is restored.

Cisco NSO

Cisco Crosswork Network Controller can discover services through transit nodes (SR policy, etc.) for non-Cisco vendor devices. These devices will be in Unmanaged state and services cannot be provisioned on these unmanaged devices.

Provisioning GUI

Multiple users performing CRUD (create, read, update and delete) operations simultaneously through the Provisioning GUI may encounter failures when one of the sessions is performing bulk operations (e.g., edit route-policy on 100+ devices). NSO configures relevant changes on the network devices and may not respond to subsequent requests in an adequate timeframe, leading to a timeout.

Provisioning GUI

A device that is also an SR-PCE provider might become unreachable when the device alone is deleted from the Device Management page. To avoid this, add SR-PCE as a provider with a /32 mask.

Device Management, SR-PCE Provider

Segment hops are not visible on the map following multiple add device, delete device, and re-add device operations. Workaround is to restart Optimization Engine from Administration > Crosswork Manager.

Device Management, Optimization Engine GUI

Cisco Crosswork Network Controller 3.0.x Documentation

The following documents are provided for Cisco Crosswork Network Controller 3.0.x. For links to related documentation that you might find useful, see Additional Related Documentation.

Table 7. Cisco Crosswork Network Controller 3.0.x Documentation

Document

What is Included
Cisco Crosswork Network Controller 3.0.x Release Notes

This document
Cisco Crosswork Infrastructure 4.1 and Applications Installation Guide

Shared installation guide for all the Cisco Crosswork applications and their common infrastructure. Covers:

  • System requirements

  • Installation prerequisites

  • Installation instructions

  • Upgrade instructions
Cisco Crosswork Infrastructure 4.1 and Applications Administration Guide

Shared administration guide for all the Cisco Crosswork applications and their common infrastructure. Covers:

  • Managing clusters and data gateway

  • Data collection

  • High availability

  • Backup and restore

  • Onboard and manage devices

  • Zero touch provisioning

  • Set up maps

  • Managing users, access and security

  • Maintain system health
Cisco Crosswork Network Controller 3.0.x Solution Workflow Guide

  • Solution overview

  • Supported use cases and their benefits.

  • Procedures for achieving the desired outcome for real-life usage scenarios using the Cisco Crosswork Network Controller UI.

Open Source Used in Cisco Crosswork Network Controller 3.0

Lists of licenses and notices for open source software used in Cisco Crosswork Network Controller 3.0.x.

API Documentation

Advanced users can extend the Cisco Crosswork functionality using the APIs. API documentation is available on Cisco Devnet.

Additional Related Documentation

This section provides links to documentation for products related to Cisco Crosswork Network Controller:

You can access documentation for all Cisco Crosswork products at https://www.cisco.com/c/en/us/support/cloud-systems-management/crosswork-network-automation/tsd-products-support-series-home.html

Open Bugs in Cisco Crosswork

If you encounter problems while working with Cisco Crosswork, please check this list of open bugs. Each bug ID in the list links to a more detailed description and workaround.

You can use the Cisco Bug Search Tool to search for a specific bug.

  1. Go to the Cisco Bug Search Tool.

  2. Enter your registered Cisco.com username and password, and click Log In.

    The Bug Search page opens.


    Note

    If you do not have a Cisco.com username and password, you can register here.

  3. To search for a specific bug, enter the bug ID in the Search For field.