Cisco Crosswork Network Controller 6.0.3 Release Notes provide critical upgrade information that addresses:

  • bugs fixed in each component after the patch upgrade is complete

  • API changes

  • patch installation workflow and detailed steps.

The Cisco Crosswork Network Controller patches fix key customer found issues and security vulnerabilities.

For additional questions, contact Cisco Customer Experience.

Bug fixes

A detailed list of Cisco Crosswork Network Controller 6.0.3 bugs fixed in each patch are listed below by component version.

Use the Cisco Bug Search Tool to see additional details for selected component bug IDs. The Bugs section in this Release Notes provides information on how to use the tool.

To install fixes for the bugs listed in a component, use the corresponding component patch files (.tar.gz) available on the Cisco Crosswork Network Controller Software Download page and follow the Patch installation workflow step-by-step details.

Table 1. Crosswork Infrastructure 6.0.3

Bug ID

Bug description

CSCwk03574

While deploying the cluster with ThinProvisioned set to false, the first VM node is deployed with ThinProvisioned

CSCwm41049

Vulnerability org.postgresql:postgresql CVE-2024-1597 reported by Trivy scan

CSCwk90405

MOP process development for leaf certificate renewal in Crosswork Network Controller 6.0.3

CSCwj71635

Show tech should include all of the certificate validity details

CSCwj81045

Upon migration from CNC 5.0 to CNC 6.0, the error nats server certificate will expire in approximately 5 months

CSCwk02283

Secret collecting certificate information from orchestrator in-memory did not get updated

CSCwi43048

Vulnerable components consul semver

CSCwi87019

Vulnerabilities found in shiro 1.12.0 CVE-2023-46749

CSCwk13889

Crosswork Network Controller scale error occurs during RESTCONF API cisco-crosswork-segment-routing-policy:sr-policies

CSCwk38351

In Crosswork Network Controller UI, health degraded events are randomly generated for pods

CSCwj73015

In Crosswork Network Controller 6.0.2, after creating an L2VPN using XE devices, all interface ID displays show as invalid

CSCwk23213

In Crosswork Network Controller 6.0 and corresponding CFPs, user is unable to provision a policy with an explicit path where IOS XR version is 7.11.x

CSCwm38244

Crosswork Network Controller stored cross-site scripting (XSS) vulnerability

CSCwk22991

SSH enabled passwords are incorrectly overwritten with password mask

CSCwj64983

Device Lifecycle Management (DLM) allows duplicate device key, causing conflicts with devices

CSCwj77147

Network Device: Incorrect product type and product family for eyrie device

CSCwj31770

The collection job status query needs to be optimized to reduce DB calls

CSCwj56469

Create SYSLOG_COLLECTION jobs are failing

CSCwk61052

Switch device group user setting does not work as expected

CSCwj76021

Workaround to support Health Insights (HI) KPIs for Huawei devices

Table 2. Element Management Functions 6.0.3

Bug ID

Bug description

CSCwj83189

Element Management Functions (EMF) inventory for devices is empty

CSCwk65491

Vulnerabilities observed in 6.0.3

CSCwk66939

Vulnerabilities observed in CVE-2024-34750 tomcat-embed-core

CSCwj69215

Vulnerable components observed in cxf tomcat

Table 3. Crosswork Optimization Engine 6.0.3

Bug ID

Bug description

CSCwj56751

Local Congestion Mitigation (LCM) reports results with negative interface utilization

CSCwk62953

Circuit Style Managed (CSM) Policy re-opt operation may fail intermittently with no proper explanation

CSCwk71120

SRv6 policy Interior Gateway Protocol (IGP) paths not decorated in Crosswork Network Controller UI for a topology with consecutive ABR nodes

CSCwk82277

Interior Gateway Protocol (IGP) path may not show up for a chosen SR Policy in Crosswork Network Controller Optimization Engine UI

CSCwm05152

Crosswork Network Controller 6.0.2 RESTCONF GET API to retrieve Crosswork Network Controller Optimization Engine plan file, could intermittently produce an empty plan file

CSCwk40013

Service visualization is not working for the multi key (more than 2 keys) custom model due to service key parsing

CSCwk13889

Crosswork Network Controller scale error appears during RESTCONF API cisco-crosswork-segment-routing-policy:sr-policies

Table 4. Crosswork Active Topology 6.0.3

Bug ID

Bug description

CSCwk90304

YANG model 'When' condition fails to trigger page reload

CSCwk82235

The vertical scroll option is missing on the service creation page

CSCwk57394

Python overlay parser is failing for a service with multiple keys

CSCwm32607

Service visualization is failing due to "/" in interface ports

Table 5. Crosswork Change Automation 6.0.3

Bug ID

Bug description

CSCwk46487

Crosswork Network Controller Optimization Engine's optical performance monitoring (OPM) play to get Link State Packet (LSP) path verification

CSCwk76230

Vulnerabilities found in NCA 4.4.4, 5.0.3,6.0.x - requests 2.22.0, 2.26.0, urllib3 1.25.8, 1.26.10

CSCwk77630

Vulnerabilities found in jinja 3.0.2 CVE-2024-34064 in 5.0.3

CSCwk77844

Vulnerabilities found in libyaml 0.2.5 CVE-2024-35329 and others in 6.0

Table 6. Crosswork Health Insights 6.0.3

Bug ID

Bug description

CSCwk52283

In Crosswork Network Controller 6.0, after a customer created a KPI profile for optical devices, the FEC data is not displayed in the Grafana dashboard

Table 7. Crosswork Service Health 6.0.3

Bug ID

Bug description

CSCwj78310

In Crosswork Network Controller 6.0.2, the bridge domain state subservice is stuck in init state and shows error: Unable to get feed for Bridge Domain State

Table 8. Crosswork Zero Touch Provisioning 6.0.3

Bug ID

Bug description

CSCwj49744

Vulnerabilities found in spring-framework 6.0.17 CVE-2024-22259

CSCwj42800

Vulnerabilities found in tomcat 10.1.16 CVE-2024-24549 and others

CSCwj71377

Vulnerabilities found in zookeeper and guava

CSCwj91073

Vulnerabilities observed in coreutils 9.4 CVE-2024-0684

CSCwj80191

Vulnerabilities observed in netty 4.1.107.Final CVE-2024-29025

Table 9. Crosswork Infrastructure Maintenance Operation Protocol (MOP) 6.0.3 Script

Bug ID

Bug description

CSCwk74526

Crosswork Network Controller, in both CLI and UI, continues to show different output information for identical pods

Table 10. Cisco NSO Core Function Packs (CFP) 6.0.3

Bug ID

Bug description

CSCwk23213

In Crosswork Network Controller 6.0 and corresponding CFPs, user is unable to provision a policy with an explicit path where IOS XR version is 7.11.x

Breaking changes

Breaking changes are updates that are not backward compatible with the previous version. They can cause existing software integrations, or upgrades, to fail or behave unexpectedly. Software relying on the old version must be updated to function correctly with the new version.

In Crosswork Network Controller 6.0.3, the Get all DGs API will not include the CertChain attribute in the dg/query API response. This change is part of bug ID CSCwm96979.

  • Base URL:
    /crosswork/dg-manager
  • Path:
    /v1/dg/query (deprecated)
    /v2/dg/query

Patch installation workflow

This section provides the high-level workflow for installing the Crosswork Network Controller 6.0.3 patch.

You can upgrade to Crosswork Network Controller version 6.0.3 from either version 6.0.0 or version 6.0.2. Differences between these upgrades are mentioned in this table.

Table 11. Patch Installation Workflow

Step

Action

1. Compare the versions of your current Crosswork applications with the new patch versions to determine which applications need an upgrade. Download only the upgrades for the versions you need.

See Download Cisco Crosswork Network Controller 6.0.3 component patch files for more information.

2. Ensure that your environment meets all the installation prerequisites.

Refer to the guidelines in Patch installation prerequisites.

3. Install Cisco NSO version 6.1.9 on your machine.

Note

 

This step is applicable only if you are upgrading from Crosswork Network Controller version 6.0.0.

Refer to the NSO 6.1.x documentation for installation instructions.

4. Extract and validate the Crosswork Network Controller 6.0.3 patch files.

Refer to the guidelines in Extract and validate 6.0.3 patch files.

5. Copy and execute the Crosswork Infrastructure MOP script.

Refer to the guidelines in Copy and execute the Crosswork Infrastructure MOP.

6. Add and install the 6.0.3 patch files in the Crosswork Network Controller UI.

Refer to the guidelines in Add and install 6.0.3 patch files.

(Optional) 7. Add and install the Geo Redundancy patch.

Note

 

The installation of this patch is only required if geo redundancy is in use. If you are not using geo redundancy, there is no need to install this patch.

Refer to the guidelines in Install Geo Redundancy 6.0.3 patch.

8. Install the Cisco NSO Function Packs.

Refer to the guidelines in Install the Cisco NSO Function Packs.

9. Verify and update the Crosswork Data Gateway container image.

Note

 

This step is mandatory for Crosswork Data Gateway deployed with two NICs.

Refer to the guidelines in Verify and update the Crosswork Data Gateway container image.


Caution


The upgrade process is disruptive and should be performed during a maintenance window. The time required for the applications to restart is typically less than 30 minutes per application. If you encounter any error while installing the patch, contact the Cisco Customer Experience team before attempting to move forward with the next step.


Download Cisco Crosswork Network Controller 6.0.3 component patch files

This section provides the overview and installation sequence of all the component patch files released in the Crosswork Network Controller 6.0.3 release. Please note that some patch files may be optional for your specific needs.

Please review the list and download all the required patch files from the Cisco Software Download page to a local machine.

  1. (Mandatory) Crosswork Infrastructure MOP file: signed-cw-na-infra-6.0.3-MOP-241004.tar.gz

  2. (Mandatory) Crosswork Infrastructure patch: signed-cw-na-infra-patch-6.0.3-30-release-241104.tar.gz

  3. (Mandatory) Crosswork Optimization Engine: signed-cw-na-coe-patch-6.0.3-13-release-241009.tar.gz

  4. (Mandatory) Crosswork Active Topology: signed-cw-na-cat-patch-6.0.3-7-release-241026.tar.gz

  5. (Mandatory) Element Management Functions: signed-cw-na-element-management-functions-patch-6.0.3-205-releaseems603-241018.tar.gz

  6. Crosswork Service Health: signed-cw-na-aa-patch-6.0.3-9-release-241023.tar.gz

  7. Crosswork Change Automation: signed-cw-na-ca-patch-6.0.3-6-release-241025.tar.gz

  8. Crosswork Health Insights: signed-cw-na-hi-patch-6.0.3-8-release-241023.tar.gz

  9. Crosswork Zero Touch Provisioning: signed-cw-na-ztp-patch-6.0.3-4-releaseztp600-240930.tar.gz

  10. Geo Redundancy patch: signed-cw-na-geo-patch-6.0.3-3-release-240925.tar.gz

Patch installation prerequisites

This section describes the installation prerequisites needed to install the Crosswork Network Controller 6.0.3 patch.

  • If the target system does not already have Crosswork Network Controller version 6.0.0 or 6.0.2 installed, please proceed to install version 6.0.0 using the updated Docker installer bundle (signed-cw-na-installer-6.0.3-12-release-241004.tar.gz) from Cisco Software Download. For more information, see the instructions in Cisco Crosswork Network Controller 6.0 Installation Guide.

  • Ensure that you have your Cisco Crosswork Administrator user credentials.

  • Ensure that you have the Management IP address used for your Crosswork VM deployment.

  • Ensure that a component's 6.0.x version is installed on the target system before applying the patch upgrade.

  • Ensure that your local machine, where the patch files are downloaded, is accessible via scp by the Crosswork Network Controller.

  • In a geo redundant setup, ensure that all relevant files, such as the Crosswork cluster, application CAPPs, and data gateways, are installed on both the active and standby clusters. Perform an on-demand synchronization operation before starting the patch installation process.

  • Take a backup of both your data and the NSO data. Additionally, ensure that the server being patched has sufficient space to unarchive and copy the MOP scripts. Please make sure to clean up at least 5GB of space in the /home/cw-admin/ directory and 1GB of space in the /tmp/ directory to prevent any space constraints during script execution.


Caution


The upgrade process is disruptive and should be performed during a maintenance window. The time required for the applications to restart is typically less than 30 minutes per application. If you encounter any error while installing the patch, contact the Cisco Customer Experience team before attempting to move forward with the next step.


Extract and validate 6.0.3 patch files

This section explains how to extract and validate the downloaded 6.0.3 patch files. Repeat these steps for each 6.0.3 patch file you plan to install.


Attention


It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.


Procedure


Step 1

After downloading the patch file, navigate to the folder where the tar file was downloaded. As an example, consider the Crosswork Infrastructure signed patch image (signed-cw-na-infra-patch-6.0.3-30-release-241104.tar.gz) for this procedure.

cd <folder where the tar file was downloaded>

Step 2

Extract the file using this command.

tar -xzvf <signed image file>

The file unpacks into the patch and the necessary tools to validate its contents.

Example:
tar -xzvf signed-cw-na-infra-patch-6.0.3-30-release-241104.tar.gz
Output:
README
cw-na-infra-patch-6.0.3-30-release-241104.tar.gz
cw-na-infra-patch-6.0.3-30-release-241104.tar.gz.signature
CW-CCO_RELEASE.cer
cisco_x509_verify_release.py3

Step 3

Validate the extracted patch file using this command.

python3 cisco_x509_verify_release.py3 -e <.cer file> -i <.tar.gz file> -s <.tar.gz.signature file> -v dgst -sha512

Important

 

You must include this command as a single line, and the tool will wrap it according to the screen width.

Example:
python3 cisco_x509_verify_release.py3 -e CW-CCO_RELEASE.cer -i cw-na-infra-patch-6.0.3-30-release-241104.tar.gz -s cw-na-infra-patch-6.0.3-30-release-241104.tar.gz.signature  -v dgst -sha512
Output:
Retrieving CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully retrieved and verified crcam2.cer.
Retrieving SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully retrieved and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from CW-CCO_RELEASE.cer.
Successfully verified the signature of cw-na-infra-patch-6.0.3-30-release-241104.tar.gz using CW-CCO_RELEASE.cer

Copy and execute the Crosswork Infrastructure MOP

This section explains how to copy and execute the Crosswork Infrastructure 6.0.3 MOP file.

Before you begin

Ensure you have extracted and validated the Crosswork Infrastructure MOP, cw-na-infra-6.0.3-MOP-241004.tar.gz, using the instructions in Extract and validate 6.0.3 patch files.

Procedure


Step 1

Copy the extracted MOP file using the VIP address to the /home/cw-admin/ folder on one of the Crosswork hybrid nodes.

scp {MOP file} cw-admin@{Crosswork VIP Address}:/home/cw-admin/

Example:
scp cw-na-infra-6.0.3-MOP-241004.tar.gz cw-admin@10.10.10.10:/cw-admin/home/

Step 2

SSH into the Crosswork hybrid node where you copied the files, and change to root using sudo su - command.

Step 3

Extract the MOP file:

Example:

cd /home/cw-admin
tar -xzvf cw-na-infra-6.0.3-MOP-241004.tar.gz

Output:

signed-cw-na-k8s-orchestrator-6.0.3-11-release-241004.tar.gz
update_orch.sh

Step 4

Update the permissions.

chmod 755 update_orch.sh

Step 5

Run the script file.

./update_orch.sh

When you run the script you will be asked for the password for the cw-admin user account.

Note

 

Do not enter the password more than once even if you are prompted repeatedly to do so. The script will reuse the password that it read from the earlier input.

Wait 10 to 15 minutes for the update to complete and verify that system is healthy.


Add and install 6.0.3 patch files

This section explains how to add and install the 6.0.3 patch files in the Crosswork Network Controller UI.


Important


A patch upgrade is only supported if the component's 6.0.x version is already installed on the target system.


Before you begin

Ensure you have extracted and validated the required 6.0.3 patch files using the instructions in Extract and validate 6.0.3 patch files.

Procedure


Step 1

Click on Administration > Crosswork Management, and select the Application Management tab. The Crosswork Platform Infrastructure and any applications that are added are displayed here as tiles.

Step 2

Click on the Add File (.tar.gz) option to add the patch file that you extracted. As an example, consider the Crosswork Infrastructure patch file, cw-na-infra-patch-6.0.3-30-release-241104.tar.gz for this procedure.

Attention

 

It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.

The Add File (tar.gz) via Secure Copy popup window is displayed.

Step 3

Enter the relevant information and click Add.

Step 4

Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file.

In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation.

Step 5

After the installation is complete, go to Administration > Crosswork Manager and confirm all of the applications are reporting a Healthy status.

Note

 

It is expected that some processes will be reported as unhealthy or degraded as the upgrade is deployed (an updated status may take up to 30 minutes before reporting). If, after 30 minutes, the status does not change to Healthy, contact your Cisco Customer Experience representative. It is recommended to wait until the system is back to Healthy status before proceeding to install the next patch file.

Step 6

Repeat steps 1 to 5 to add and install the remaining Crosswork application patch files that you need.


Install Geo Redundancy 6.0.3 patch

This section explains how to add and install the Geo Redundancy 6.0.3 patch files in the Crosswork Network Controller UI. The Geo Redundancy patch must be installed on both the active and standby clusters.


Important


The installation of this patch is only required if geo redundancy is in use. If you are not using geo redundancy, there is no need to install this patch.


Before you begin

Ensure you have extracted and validated the Geo Redundancy 6.0.3 patch, signed-cw-na-geo-patch-6.0.3-3-release-240925.tar.gz, using the instructions in Extract and validate 6.0.3 patch files.

Procedure


Step 1

On the active cluster, click on Administration > Crosswork Management, and select the Application Management tab.

Step 2

Click on the Add File (.tar.gz) option to add the patch file. The Add File (tar.gz) via Secure Copy popup window is displayed.

Attention

 

It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.

Step 3

Enter the relevant information and click Add.

Step 4

Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file.

In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation.

Step 5

After the installation is complete, go to Administration > Crosswork Manager and confirm all of the applications are reporting a Healthy status.

Step 6

Log in to the standby cluster and repeat steps 1 to 5.


Install the Cisco NSO Function Packs

As the final step of the patch installation workflow, you must install or upgrade the Cisco NSO Function Packs to ensure compatibility with the Crosswork Network Controller 6.0.3 patches.


Caution


If Cisco NSO Function Packs were already installed on Crosswork Network Controller version 6.0, they must be upgraded manually.


Procedure


Step 1

Fresh Installation: If Cisco NSO Function Packs are not already installed on Crosswork Network Controller version 6.0, please download the 6.0.3 versions of the Function Packs from Cisco Software Download, and install them from the Crosswork Network Controller UI. For more information, refer to Install Cisco NSO Function Pack Bundles from Crosswork UI.

Step 2

Existing Installation: If Cisco NSO Function Packs were already installed on Crosswork Network Controller version 6.0, they must be upgraded manually.


Verify and update the Crosswork Data Gateway container image

When Crosswork Data Gateway is deployed with two NICs, it remains in an 'Error' or 'Degraded' operational state after applying the Crosswork Infrastructure patches. This occurs if the Data Gateway container image versions are not updated. To ensure the successful application of the patch, verify and update the container image versions.

Procedure


Step 1

Verify the Crosswork Data Gateway container image versions: Verify the image version of the Crosswork Data Gateway containers to ensure that the patch has been applied successfully. To do this, follow the instructions for checking image tags using the interactive menu. For more information, see View Crosswork Data Gateway Vitals.

If the image versions displayed are still the old version, it indicates that the patch was not applied correctly.

Step 2

Resolve the image version issue: If the image versions are old, the next step is to add the gateway IP to the Crosswork Data Gateway’s data interface. For more information, see Configure Interface Address.

Step 3

Recheck the image versions: After adding the gateway IP, return to Step 1 to verify the image versions again. The image tags should now reflect the updated version, and the Crosswork Data Gateway should transition to the operational 'UP' state.


Bugs

You can use the Cisco Bug Search Tool to see additional details for selected bug IDs listed in the Cisco Crosswork Network Controller 6.0.3 component tables.

  1. Go to the Cisco Bug Search Tool.

  2. Enter your registered Cisco.com username and password, and click Log In.

    The Bug Search page opens.


    Note


    If you do not have a Cisco.com username and password, you can register here.


  3. From the Product list, select Cloud and Systems Management > Routing and Switching Management > Cisco Crosswork Network Automation.

  4. Enter 6.0.3 in the Release field.

  5. (Optional) You can enter additional criteria (such as bug ID, problem description, a feature, or a product name) in the Search For field.

  6. Click Search. When the search results are displayed, use the filter tools to narrow the results. You can filter the bugs by status, severity, and so on.


Note


To export the results to a spreadsheet, click Export Results to Excel.