First Published: November 27, 2024

The Cisco Crosswork Network Controller 7.0.1 release includes new functionality and important bug fixes. This document describes what’s new, the resolved bugs, and how to install the patch.

If you have additional questions not addressed in this document, contact Cisco Customer Experience.

What's new in this release

This table lists the primary new features and functionality introduced in Cisco Crosswork Network Controller 7.0.1:

Table 1. New features in Crosswork Network Controller 7.0.1

Category

What's New

Single VM deployment

In the 7.0.1 release, the Crosswork Network Controller Essentials package supports a single VM deployment with Large VM profiles.

Note

 

The single VM deployment is only supported for the Crosswork Network Controller Essentials package, which includes Element Management Functions, for scale numbers up to 10001 devices.

Profile

vCPU

Memory (RAM)

Storage

Latency

Use case

Large

12

96 GB

1 TB

< 10 ms

Use the Large VM profile if you only plan to use the Crosswork Network Controller Essentials package.

OS support

Crosswork Network Controller 7.0.1 supports these OS versions.

  • IOS-XR2: 24.2.2, 24.2.11

  • IOS-XE: 17.15.1

    Note

     

    The IOS-XE support provided by the Crosswork Network Controller applications is unchanged from version 7.0.0.

This is in addition to the software versions listed in the Crosswork Network Controller 7.0 Release Notes.

Device support

  • Support added for IOS-XE devices (C8300-2N2S-4T2X, C8KV, C8500-12X4QC).

  • Support added for IOS-XR devices (Cisco 8212-48FH-M, Cisco 8711-32FH-M, Cisco 8712-MOD-M).

Certificate management

In version 7.0.1, Crosswork Network Controller introduces an additional method for updating web certificates using a Certificate Signing Request (CSR). For more information, see Update web certificate using certificate signing request.

Topology UI

The use of links on non-physical interfaces is now available.
1 The actual customer scale is determined by scale characterizations across various dimensions and will be tailored to meet the customer's needs for supported functionality.
2 Support provided for the IOS-XR versions 24.3.1 and 24.3.2 is limited to the functionalities offered in the Crosswork Network Controller Essentials package, which includes Element Management Functions.

Update web certificate using certificate signing request

Crosswork Network Controller enables the updating of web certificates by importing an intermediate Certificate Authority (CA) certificate. Starting with version 7.0.1, it also supports updating web certificates through a Certificate Signing Request (CSR).

This approach allows you to obtain a certificate signed by an Enterprise or Commercial CA without exposing the private key outside of the Crosswork Network Controller.

Before you begin

  • Updating the certificate can disrupt the existing trust chain of certificates used for client authentication if enabled, so proceed with caution.

  • This process requires the Crosswork server to be restarted, which will take several minutes to complete.

  • Set the AAA mode to Local to enable client authentication.

Procedure

Step 1

From the main menu, choose Administration > Certificate Management

Step 2

Click on the web certificate (Crosswork-Web-Cert) and select Update Certificate.

The Certificate Update Method window is displayed.

Step 3

Create a CSR to submit to the Certificate Authority.

  1. Select Create a certificate signing request (CSR) radio button and click Update certificate.

    The Certificate Signing Request (CSR) window is displayed.

  2. Click Create CSR.

    The Create Certificate Signing Request (CSR) window is displayed.

  3. Provide relevant values for the fields provided. Click the Field Help icon icon next to the field for more information. The mandatory fields are:

    • Common name (CN): By default, this is the fully qualified domain name (FQDN) of the server, but it can be any unique name that identifies the server. The length should not exceed 64 characters.

    • IP address: This is the Crosswork VIP address utilized in this deployment. Additional IP addresses should only be added if necessary for certificate validation.

    • Key Type: The options are RSA and ECDSA. By default, RSA is selected.

    • Key Size (in bits): The options are 2048, 3072, and 4096. By default, 2048 is selected.

    • Key Digest: The options are SHA-256, SHA-384, and SHA-512. By default, SHA-256 is selected.

  4. Click Create CSR to complete the action.

Step 4

After generating the CSR, click Download to download it and use the CSR to get a signed certificate from your CA.

Figure 1. Certificate Signing Request (CSR) window

Step 5

Upload the CA-signed certificate and CA certificate trustchain to bind the certificate.

  1. In the Certificate Signing Request (CSR) window, click Bind certificate.

    The Bind signed certificate window is displayed.

    Figure 2. Bind signed certificate

  2. Upload the relevant data for the fields provided. Click the Field Help icon icon next to the field for more information.

    • CA certificate trustchain: This is the certificate trust chain for the web server certificate obtained from the CA.

    • CA signed certificate: This is the final signed certificate for the web server obtained from the CA.

  3. (Optional) Click the Enable checkbox to configure client certificate authentication.

  4. Click Bind certificate to complete the operation.

    After the bind action is completed, the web certificate is updated, and Tyk will restart with the new web certificate.

Resolved bugs

The Cisco Crosswork Network Controller 7.0.1 patch resolves these Cisco Crosswork Network Controller bugs:

See the Find additional bug details section on how to use the Cisco Bug Search Tool to get more information on these bugs.

Table 2. Crosswork Infrastructure

Bug ID

Bug description

CSCwk70850

Crosswork Network Controller BlastRADIUS vulnerability evaluation

CSCwm05397

After switchover, the topology links are missing and the xtc log shows 401 unauthorized

CSCwm08363

The Network Services Orchestrator (NSO) function pack deployer needs to refresh the data from Device Lifecycle Management (DLM) after a cluster switchover is performed

CSCwm11621

Using long type is not enough for representing large unsigned 64 counters in Java for interface stats

CSCwm13394

ICON GNMI collection is failing for IOS-XR devices due to missing origin

CSCwm45238

User directly allows shell access without prompting for challenge to decode
Table 3. Element Management Functions

Bug ID

Bug description

CSCwm13708

The add dashlet option for Zero Touch Provisioning is not allowing the title to be custom configured by the user

CSCwm37329

Alarm manager fails to create events

CSCwm54072

The download system MIB package does not contain the correct files

CSCwm59689

Cisco 8804 router is in CWW state due to feature-port-mode failure
Table 4. Crosswork Optimization Engine

Bug ID

Bug description

CSCwk40013

Service visualization is not working for the multi-key (more than 2 keys) custom model due to service key parsing

CSCwm05152

Crosswork Network Controller RESTCONF GET API to retrieve Crosswork Network Controller Optimization Engine plan file could intermittently produce an empty plan file

CSCwm42621

Crosswork Network Controller Optimization Engine is not responding to GET requests for API (ietf-network-state:networks)
Table 5. Crosswork Active Topology

Bug ID

Bug description

CSCwk82235

The vertical scroll option is missing on the service creation page

CSCwk40013

Service visualization is not working for the multi key (more than 2 keys) custom model due to a service key parsing issue.

CSCwm32607

Service visualization is failing due to "/" in interface ports
Table 6. Crosswork Change Automation

Bug ID

Bug description

CSCwk46487

Crosswork Network Controller Optimization Engine's optical performance monitoring (OPM) play to get Link State Packet (LSP) path verification

CSCwm40652

Vulnerabilities found in vim 9.0.2142 CVE-2024-41957, 2024-41965, 2024-437 in 700

CSCwm40657

Vulnerabilities found in zlib 1.2.13 CVE-2023-45853 in 7.0, 5.0.4
Table 7. Crosswork Health Insights

Bug ID

Bug description

CSCwm34195

Vulnerabilities found in golang 1.21.4
Table 8. Crosswork Service Health

Bug ID

Bug description

CSCwj78310

The Crosswork Network Controller bridge domain state sub-service continues to remain stuck in the init state

Table 9. Infrastructure (MOP)

Bug ID

Bug description

CSCwk56644

IPsec server certificate PSB non-compliance due to validity set for 10 years

CSCwm27054

Device routes are missing on the Crosswork Network Controller VM, leading to SWIM failure

CSCwm33935

The first sync after Geo switchover puts the postgress in standby and cluster database into error state

Find additional bug details

You can use the Cisco Bug Search Tool to see additional details for selected bug IDs listed in the Cisco Crosswork Network Controller 7.0.1 component tables.

  1. Go to the Cisco Bug Search Tool.

  2. Enter your registered Cisco.com username and password, and click Log In.

    The Bug Search page opens.


    Note

    If you do not have a Cisco.com username and password, you can register here.

  3. From the Product list, select Cloud and Systems Management > Routing and Switching Management > Cisco Crosswork Network Automation.

  4. Enter 7.0.1 in the Release field.

  5. (Optional) You can enter additional criteria (such as bug ID, problem description, a feature, or a product name) in the Search For field.

  6. Click Search. When the search results are displayed, use the filter tools to narrow the results. You can filter the bugs by status, severity, and so on.


Note

To export the results to a spreadsheet, click Export Results to Excel.

Patch installation workflow

This section provides the high-level workflow for installing the Crosswork Network Controller 7.0.1 patch.

Table 10. Patch Installation Workflow

Step

Action

1. Ensure that your environment meets all the installation prerequisites.

Refer to the guidelines in Patch installation prerequisites.

2. Compare the versions of your current Crosswork applications with the new patch versions to determine which applications need an upgrade. Download only the upgrades for the versions you need.

See Download Cisco Crosswork Network Controller 7.0.1 component patch files for more information.

3. Extract and validate the Crosswork Network Controller 7.0.1 patch files.

Refer to the guidelines in Extract and validate 7.0.1 patch files.

4. Copy and execute the Crosswork Infrastructure MOP script.

Refer to the guidelines in Copy and execute the Crosswork Infrastructure MOP.

5. Take a backup of both your data and the NSO data.

See Take a backup to your data for more information.

6. Add and install the 7.0.1 patch files in the Crosswork Network Controller UI.

Refer to the guidelines in Add and install 7.0.1 patch files.

(Optional) 7. Add and install the Geo Redundancy patch.

Note

 

The installation of this patch is only required if geo redundancy is in use. If you are not using geo redundancy, there is no need to install this patch.

Refer to the guidelines in Install Geo Redundancy 7.0.1 patch.


Caution

The upgrade process is disruptive and should be performed during a maintenance window. The time required for the applications to restart is typically less than 30 minutes per application. If you encounter any error while installing the patch, contact the Cisco Customer Experience team before attempting to move forward with the next step.

Patch installation prerequisites

This section describes the installation prerequisites needed to install the Crosswork Network Controller 7.0.1 patch.

  • Ensure that the target system has Crosswork Network Controller version 7.0.0 installed, as well as the 7.0.0 version of any relevant components, before applying the patch upgrade. For more information, see the instructions in Cisco Crosswork Network Controller 7.0 Installation Guide.

    • Ensure that you have installed Crosswork Data Gateway using the signed-cw-na-dg-7.0.0-26-release-20240918.uefi.ova file. If you are using a different version of Crosswork Data Gateway, upgrade to the latest version using the files available on Cisco Software Download. For detailed instructions on how to upgrade, see Upgrade Crosswork Data Gateway.

  • Ensure that you have your Cisco Crosswork Administrator user credentials.

  • Ensure that you have the Management IP address used for your Crosswork VM deployment.

  • Ensure that your local machine, where the patch files are downloaded, is accessible via scp by the Crosswork Network Controller.

  • In a geo redundant setup, ensure that all relevant files, such as the Crosswork cluster, application CAPPs, and data gateways, are installed on both the active and standby clusters. Perform an on-demand synchronization operation before starting the patch installation process. Wait to perform any further syncs until the MOP and infrastructure upgrades are completed, and the services are working well.

Download Cisco Crosswork Network Controller 7.0.1 component patch files

This section provides the overview and installation sequence of all the component patch files available in the Crosswork Network Controller 7.0.1 release.

Review the lists and download all the required patch files from the Cisco Software Download page to a local machine.

Multi-VM cluster deployment files

If you have deployed Crosswork Network Controller version 7.0.0 on a multi-VM cluster, and intend to install the 7.0.1 patch, you must install the files in this sequence:


Note

You can skip the patch files for the Crosswork applications that you do not need.

  1. (Mandatory) Crosswork Infrastructure MOP file: signed-cw-na-infra-7.0.1-MOP-241118.tar.gz

  2. (Mandatory) Crosswork Infrastructure patch: signed-cw-na-infra-patch-7.0.1-27-release-241118.tar.gz

  3. Element Management Functions: signed-cw-na-element-management-functions-patch-7.0.1-262-releaseems701-241119.tar.gz

  4. Crosswork Optimization Engine: signed-cw-na-coe-patch-7.0.1-9-release-241118.tar.gz

  5. Crosswork Active Topology: signed-cw-na-cat-patch-7.0.1-7-release-241017.tar.gz

  6. Crosswork Service Health: signed-cw-na-aa-patch-7.0.1-7-release-241108.tar.gz

  7. Crosswork Change Automation: signed-cw-na-ca-patch-7.0.1-5-release-241025.tar.gz

  8. Crosswork Health Insights: signed-cw-na-hi-patch-7.0.1-11-release-241023.tar.gz

  9. Geo Redundancy patch: signed-cw-na-geo-patch-7.0.1-5-release-241107.tar.gz

Single VM deployment files

If you have deployed Crosswork Network Controller version 7.0.0 on a single VM and intend to install the 7.0.1 patch, you must install these files in this sequence:

  1. Crosswork Infrastructure MOP file: signed-cw-na-infra-7.0.1-MOP-241118.tar.gz

  2. Crosswork Infrastructure patch: signed-cw-na-infra-patch-7.0.1-27-release-241118.tar.gz

  3. Embedded Collectors: signed-cw-na-dgcollectors-patch-7.0.1-19-release-241118.tar.gz

  4. Element Management Functions: signed-cw-na-element-management-functions-patch-7.0.1-262-releaseems701-241119.tar.gz

Extract and validate 7.0.1 patch files

This section explains how to extract and validate the downloaded 7.0.1 patch files. Repeat these steps for each patch file you plan to install.


Attention

It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.

Procedure

Step 1

After downloading the patch file, navigate to the folder where the tar file was downloaded. As an example, consider the Crosswork Infrastructure signed patch image (signed-cw-na-infra-patch-7.0.1-27-release-241118.tar.gz) for this procedure.

cd <folder where the tar file was downloaded>

Step 2

Extract the file using this command.

tar -xzvf <signed image file>

The file unpacks into the patch and the necessary tools to validate its contents.

Example: 
tar -xzvf signed-cw-na-infra-patch-7.0.1-27-release-241118.tar.gz
Output:
README
cw-na-infra-patch-7.0.1-27-release-241118.tar.gz
cw-na-infra-patch-7.0.1-27-release-241118.tar.gz.signature
CW-CCO_RELEASE.cer
cisco_x509_verify_release.py3

Step 3

Validate the extracted patch file using this command.

python3 cisco_x509_verify_release.py3 -e <.cer file> -i <.tar.gz file> -s <.tar.gz.signature file> -v dgst -sha512

Important

 

You must include this command as a single line, and the tool will wrap it according to the screen width.
Example:
python3 cisco_x509_verify_release.py3 -e CW-CCO_RELEASE.cer -i cw-na-infra-patch-7.0.1-27-release-241118.tar.gz -s cw-na-infra-patch-7.0.1-27-release-241118.tar.gz.signature  -v dgst -sha512
Output: 
Retrieving CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully retrieved and verified crcam2.cer.
Retrieving SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully retrieved and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from CW-CCO_RELEASE.cer.
Successfully verified the signature of cw-na-infra-patch-7.0.1-27-release-241118.tar.gz using CW-CCO_RELEASE.cer

Copy and execute the Crosswork Infrastructure MOP

This section explains how to copy and execute the Crosswork Infrastructure 7.0.1 MOP file.

Before you begin

Ensure you have extracted and validated the Crosswork Infrastructure MOP, cw-na-infra-7.0.1-MOP-241118.tar.gz, using the instructions in Extract and validate 7.0.1 patch files.

Procedure

Step 1

Copy the extracted MOP file using the VIP address to the /home/cw-admin/ folder on one of the Crosswork hybrid nodes.

scp {MOP file} cw-admin@{Crosswork VIP Address}:/home/cw-admin/

Example:
scp cw-na-infra-7.0.1-MOP-241118.tar.gz cw-admin@10.10.10.10:/cw-admin/home/

Step 2

SSH into the Crosswork hybrid node where you copied the files, and change to root using sudo su - command.

Step 3

Extract the MOP file:

tar -xzvf <MOP file>

Example:

cd /home/cw-admin
tar -xzvf cw-na-infra-7.0.1-MOP-241118.tar.gz

Output:

signed-cw-na-k8s-orchestrator-7.0.1-17-release-241118.tar.gz
update_orch.sh

Step 4

Update the permissions.

chmod 755 update_orch.sh

Step 5

Run the script file.

./update_orch.sh

When you run the script you will be asked for the password for the cw-admin user account.

Note

 

Do not enter the password more than once even if you are prompted repeatedly to do so. The script will reuse the password that it read from the earlier input.

Wait 10 to 15 minutes for the update to complete and verify that system is healthy.

Back up your data

Take a backup of both your data and the NSO data (for more information, see Manage Crosswork Network Controller Backup and Restore).

Additionally, ensure that the server being patched has sufficient space to unarchive and copy the MOP scripts. Make sure to clean up at least 5GB of space in the /home/cw-admin/ directory and 1GB of space in the /tmp/ directory to prevent any space constraints during script execution.

Add and install 7.0.1 patch files

This section explains how to add and install the 7.0.1 patch files in the Crosswork Network Controller UI.


Important

A patch upgrade is only supported if the component's 7.0.0 version is already installed on the target system.

Before you begin

Ensure you have extracted and validated the required 7.0.1 patch files using the instructions in Extract and validate 7.0.1 patch files.

Procedure

Step 1

Click on Administration > Crosswork Management, and select the Application Management tab. The Crosswork Platform Infrastructure and any applications that are added are displayed here as tiles.

Step 2

Click on the Add File (.tar.gz) option to add the patch file that you extracted. As an example, consider the Crosswork Infrastructure patch file, cw-na-infra-patch-7.0.1-27-release-241118.tar.gz for this procedure.

Attention

 

It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.

The Add File (tar.gz) via Secure Copy popup window is displayed.

Step 3

Enter the relevant information and click Add.

Step 4

Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file.

In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation.

Step 5

After the installation is complete, go to Administration > Crosswork Manager and confirm all of the applications are reporting a Healthy status.

Note

 

It is expected that some processes will be reported as unhealthy or degraded as the upgrade is deployed (an updated status may take up to 30 minutes before reporting). If, after 30 minutes, the status does not change to Healthy, contact your Cisco Customer Experience representative. It is recommended to wait until the system is back to Healthy status before proceeding to install the next patch file.

Step 6

Repeat steps 1 to 5 to add and install the remaining Crosswork application patch files that you need.

Install Geo Redundancy 7.0.1 patch

This section explains how to add and install the Geo Redundancy 7.0.1 patch files in the Crosswork Network Controller UI. The Geo Redundancy patch must be installed on both the active and standby clusters.


Important

The installation of this patch is only required if geo redundancy is in use. If you are not using geo redundancy, there is no need to install this patch.

Before you begin

Ensure you have extracted and validated the Geo Redundancy 7.0.1 patch, signed-cw-na-geo-patch-7.0.1-5-release-241107.tar.gz, using the instructions in Extract and validate 7.0.1 patch files.

Procedure

Step 1

On the active cluster, click on Administration > Crosswork Management, and select the Application Management tab.

Step 2

Click on the Add File (.tar.gz) option to add the patch file. The Add File (tar.gz) via Secure Copy popup window is displayed.

Attention

 

It is crucial that you extract the .tar.gz file from the signed file. You must add and install this specific file through the Crosswork Network Controller UI.

Step 3

Enter the relevant information and click Add.

Step 4

Once the patch file is added, you can observe the existing application tile displaying an upgrade prompt. Click the upgrade prompt to install the patch file.

In the Upgrade pop-up screen, select the new version that you want to upgrade to, and click Upgrade. Click on Job History to see the progress of the upgrade operation.

Step 5

After the installation is complete, go to Administration > Crosswork Manager and confirm all of the applications are reporting a Healthy status.

Step 6

Log in to the standby cluster and repeat steps 1 to 5.