Solution Overview

This section explains the following topics:

Description

The exponential growth of network traffic and the pressures of efficiently running network operations pose huge challenges for network operators. Providing quick, intent-based service delivery and optimal network utilization, with the ability to react to bandwidth and latency demand fluctuations in real-time is vital to success. Migration to Software-Defined Networks (SDNs) and automation of operational tasks is the optimal way for operators to accomplish these goals.

Cisco® Crosswork Network Controller is an integrated network automation solution for deploying and operating IP transport networks that delivers increased service agility, cost efficiency, and optimization for faster time-to-customer value and lower operating costs. The solution combines intent-based network automation to deliver critical capabilities for service orchestration and fulfillment, network optimization, service path computation, device deployment and management, and anomaly detection with operator-selected manual or automated remediation. Crosswork Network Controller delivers network optimization capabilities that are nearly impossible to replicate even with a highly skilled and dedicated staff operating the network.

The fully integrated solution combines functionality from multiple Crosswork components installed upon a common Crosswork infrastructure, as well as industry-leading capabilities from Cisco Network Services Orchestrator (NSO) and Cisco Segment Routing Path Computation Element (SR-PCE). Its unified user interface provides a single pane of glass for real-time visualization of the network topology and services, provisioning, monitoring, and optimization.

Supported use cases

Crosswork Network Controller supports a wide range of use cases, allowing operators to manage many aspects of the network. The following use cases illustrate the most commonly used features and the components needed to implement them. In addition, Crosswork Network Controller solution is highly adaptable and if the use case you are focused on is not covered, consult your Cisco Customer Experience representative for more information.

  • Orchestrated service provisioning: Provisioning of layer 2 VPN (L2VPN) and layer 3 VPN (L3VPN) services with underlay transport policies to define, meet, and maintain service-level agreements (SLA) using the UI or APIs. Using Segment Routing Flexible Algorithm (Flex-Algo) provisioning and visualizing to customize and compute IGP shortest paths over a network according to specified constraints.

    For this use case, Crosswork Network Controller Advantage must be installed.

  • Real-time network and bandwidth optimization: Intent-based closed-loop optimization, congestion mitigation, and dynamic bandwidth management based on Segment Routing and RSVP-TE. Optimization of bandwidth resource utilization by setting utilization thresholds on links and calculating tactical alternate paths when thresholds are exceeded.

  • Circuit Style Segment Routing Traffic Engineering (CS SR-TE) policy provisioning with network topology visualization:

    • Straightforward verification of CS SR-TE policy configurations

    • Visualization of CS SR-TE details, bi-directional active and candidate paths

    • Operational status details

    • Failover behavior monitoring for individual CS SR-TE policies

    • A percentage of bandwidth reservation for each link in the network

    • Manually triggered recalculations of existing CS SR-TE policy paths that may no longer be optimized due to network topology changes

    For this use case, Crosswork Network Controller Advantage must be installed.

  • Local Congestion Management: Local Congestion Mitigation (LCM) provides localized mitigation recommendations within surrounding interfaces using standard protocols. Data is gathered in real-time, and solutions are suggested when congestion is detected. LCM supports deployment as either "human in the loop" or fully automated implementations, allowing operators to choose how to use the feature. See the Local Congestion Mitigation chapter in the Crosswork Network Controller 7.1 Network Bandwidth Management guide for more information. For this use case, Crosswork Network Controller Advantage must be installed.

  • Visualization of network and service topology and inventory: The topology UI, along with the various tables that can be accessed from it, allows you to easily assess the health of the network and drill down to see details about devices, links, and services.

  • Performance-based closed-loop automation: Automated discovery and remediation of problems in the network by allowing Key Performance Indicator (KPI) customization and execution of pre-defined remediation tasks when a KPI threshold is breached. Health Insights and Change Automation functions must be installed for this use case.

  • Planning, scheduling, and automating network maintenance tasks: Scheduling an appropriate maintenance window for a maintenance task after evaluating the potential impact of the task (using Crosswork Planning Design). Automating the execution of maintenance tasks (such as throughput checks, software upgrades, and SMU installs) using playbooks. For this use case, Health Insights and Change Automation functions must be installed.

  • Secured zero-touch onboarding and provisioning of devices: Onboarding new IOS-XR devices and automatically provisioning Day0 configuration resulting in faster deployment of new hardware at lower operating costs. For this use case, Crosswork Network Controller Essentials must be installed.

  • Visualization of native SR paths: Using the traceroute SR-MPLS multipath command to get the actual paths between the source and the destination can be achieved using Path Query. A traceroute command runs on the source device for the destination TE-Router ID and assists in retrieving the paths. For this use case, Crosswork Network Controller Advantage must be installed.

  • Provisioning, visualizing, and analyzing Tree Segment Identifier policies in multipath networks: Creating and visualizing static Tree Segment Identifier (Tree-SID) policies using the UI. Static mVPN Tree-SID policies associated with existing or newly created L3VPN service models (SR MPLS point-to-multi-point) can be visualized and analyzed to assist in efficient management and troubleshooting of your multicast network.

    • Configuring link affinities to specify the link attributes that determine which links are suitable to form a path for the Tree-SID policy and map each bit position or attribute with a color (making it easier to refer to specific link attributes).

    • Modifying existing static Tree-SID policies and mVPN Tree-SID policies associated with an L3VPN service model – both edit and delete – using the UI.

    For this use case, Cisco Crosswork Advantage must be installed.

  • Transport slice provisioning: Crosswork Network Controller offers direct support for network slicing at the OSI transport layer. Using this solution, network engineering experts can design slice profiles around customer intents and add them to a catalog. Network line operators can assign the profile identified for a given customer to their endpoints and adjust the constraints according to the customer's requirements. Using the UI, you can inspect the slice details for active symptoms, failures, and root causes. In addition, the slice can be visualized on a geographical map. For this use case, Crosswork Network Controller Advantage must be installed.

  • Dynamic Creation of Transport Resources for VPN Services: Crosswork Network Controller automates the setup and deployment of necessary transport layer resources during VPN service creation. Using predefined templates and criteria, Crosswork Network Controller can dynamically create and deploy Traffic Engineering (TE) policies to meet the SLA or SLS requirements for the service, eliminating the need for manual configuration and association. This solution enables network operators to focus on strategic, higher-level tasks, enhancing operational efficiency and reliability. For this use case, Crosswork Network Controller Advantage must be installed.

Solution components overview and integrated architecture

The following diagram provides a high-level illustration of how the solution’s components work together within a single pane of glass to execute the primary supported use cases.

Figure 1. Solution components and integrated architecture

The following components, and shared services, make up the Crosswork Network Controller 7.1 solution:

Crosswork Network Controller Platform Infrastructure and shared services

The Crosswork Network Controller Platform Infrastructure provides a resilient and scalable platform on which all Crosswork Network Controller components can be deployed. This infrastructure and shared services provide:

  • A single API endpoint for accessing all APIs of Crosswork Network Controller components

  • A shared Kafka bus to pass data between applications

  • Shared databases

    • Store all configuration data for each of the applications.

    • Store all the time series (telemetry) data gathered from the network.

  • A robust Kubernetes-based orchestration layer that gives process-level resiliency and elasticity to scale the environment when additional resources are needed.

  • Tools for monitoring the health of the infrastructure.

For installation, configuration, and administration procedures, refer to the following documents:

Data Gateway

Data Gateway is a secure, standard collection platform for collecting telemetry and other performance data from compatible non-Cisco and Cisco network devices. Several data-collecting protocols, including MDT, SNMP, CLI, standards-based gNMI (dial-in), and Syslog, are supported by Data Gateway. By doing this, it can enable a wide range of use cases and modifications. Operators can add their collection jobs to acquire network performance data, which can subsequently be sent to suitable Kafka and gRPC message buses for consumption by other applications using APIs and the configuration examples provided by Cisco. Rather than requiring each data consumer to collect information directly from the source, Data Gateway enables the operator to capture the data once and send it to numerous consumers.

With Crosswork Network Controller operating as the controller and consumer of data and Data Gateway working as both a centralized shared collector and distributor of data, Cisco has established a mechanism for obtaining data from the network that is reliable, flexible, and efficient.

Several Data Gateway VMs can be installed and scaled horizontally as a pool of devices capable of handling your network's data-gathering demands to provide high availability within the pool. The number of pools and Data Gateways in the pool is determined by the number of devices in your network, the geographic distribution of those devices, the amount of data you collect, and the level of redundancy desired (1 to 1 or n to m). For more details on scaling your Data Gateways to match your specific use case, please collaborate with Cisco Customer Experience (CX), the Cisco account team, or the partner from whom you purchase Cisco products.

For more information, see Cisco Crosswork Network Controller 7.1 Administration guide.

Element Management Functions

A library of functions that provides deep inventory collection, device management, alarm management, and software image management.

Zero Touch Provisioning, with automatic onboarding of new IOS-XR and IOS-XE devices and provisioning of Day0 configuration, results in faster deployment of new hardware at a lower operating cost.

For more information, see Cisco Crosswork Network Controller 7.1 Device Lifecycle Management guide.

Optimization Engine

Optimization Engine provides real-time network optimization, allowing operators to effectively maximize network capacity utilization, preserve network intent with proactive network monitoring and visualization, and increase service velocity. Leveraging real-time protocols, such as BGP-LS and Path Computation Element Communication Protocol (PCEP) and SR-PCE, Optimization Engine enables near real-time tracking of the network, with the ability to react quickly (manually or through automation) to changes in network conditions to minimize disruptions or degradation in performance.

For more information, see Cisco Crosswork Network Controller 7.1 Traffic Engineering and Optimization guide.

Service Health

Service Health substantially reduces the time required to detect and troubleshoot service quality issues. It monitors the health of provisioned L2 and L3 VPN services and lets operators pinpoint why and where a service is degraded. This is accomplished through a heuristic model that provides the following:

  • Monitoring the health of:

    • Point-to-point L2VPN services

    • Multipoint L2VPN (EVPN E-LAN and E-Tree L2VPN EVPN) services

    • L3VPN services

  • Analysis and troubleshooting of services with degraded health

  • Visualization of a service's health and its logical health dependency tree. This helps troubleshoot service degradation by locating the source of the problem, and indicating possible symptoms and impacting metrics.

  • Performance metrics and health status of Traffic Engineering (TE) policies

  • Historical view and trends of service health status

  • Extensibility for adding service monitoring capabilities to address specific needs

For more information, see Cisco Crosswork Network Controller 7.0 Service Health Monitoring guide.

Health Insights and Change Automation

Health Insights and Change Automation are components that can optionally be installed with Crosswork Network Controller.

Health Insights performs real-time Key Performance Indicator (KPI) monitoring, alerting, and troubleshooting. When used with Change Automation, or as part of a broader integration with your existing automation solutions, Health Insights plays a key role in both manual and automated response to network events.

Change Automation automates the process of deploying changes to the network. Orchestration is defined via an embedded Ansible Playbook, and then configuration changes are pushed to Cisco Network Services Orchestrator (NSO) to be deployed to the network.

These components within Crosswork Network Controller enable closed-loop discovery and remediation of network problems. Operators can match alarms to pre-defined remediation tasks, which are automatically performed when a defined Key Performance Indicator (KPI) threshold is breached. This reduces the time it takes to discover and repair a problem.

For more information, see Cisco Crosswork Network Controller 7.1 Closed-Loop Network Automation guide.

Cisco Network Services Orchestrator

Cisco Network Services Orchestrator (NSO) is an orchestration platform that leverages pluggable function packs to translate network-wide service intent into device-specific configuration. NSO provides flexible service orchestration and lifecycle management across physical network elements and cloud-based virtual network functions (VNFs), fulfilling the role of the Network Orchestrator (NFVO) within the European Telecommunications Standards Institute (ETSI) architecture. It provides complete support for physical and virtual network elements, with a consistent operational model across both. With the ability to orchestrate across multi-vendor environments and support multiple technology stacks, NSO empowers the extension of end-to-end automation to virtually any use case or device.

Cisco Network Services Orchestrator has a rich set of APIs designed to allow developers to implement service applications. It provides the infrastructure for defining and executing the YANG data models that are needed to realize customer services. It is also responsible for providing the overall lifecycle management at the network service level.

Service and device models, written using YANG modeling language, enable NSO to efficiently ‘map’ service intent to device capabilities and automatically generate the minimum required configuration to be deployed in the network. This feature, facilitated by NSO's FASTMAP algorithm, can compare current configuration states with a service’s intent and then generate the minimum set of changes required to instantiate the service in the network.

All components that are included in Crosswork Network Controller or are optional add-ons, require integration with NSO.

Crosswork Network Controller requires the following NSO function packs:

  • SR-TE core function pack (CFP) enables the provisioning of explicit and dynamic segment routing policies, including SRv6, and on-demand SR-TE policy instantiation for prefixes with a specific color.

  • The IETF-compliant L2VPN and L3VPN Core Function Packs provide baseline L2VPN and L3VPN provisioning capabilities, based on IETF NM models. Prior to customization, these sample function packs enable provisioning of the following VPN services:

  • The Service Health function pack should be independently installed apart from Crosswork Network Controller function packs.

  • L2VPN:

    • Point-to-point VPWS using Targeted LDP

    • Point-to-point VPWS using EVPN

    • Multipoint VPLS using EVPN (with service topologies ELAN, ETREE, and Custom)

  • L3VPN – both IPv4 and IPv6 address families are supported.

  • Sample IETF-compliant RSVP-TE function pack intended as a reference implementation for RSVP-TE tunnel provisioning, to be customized as required.


    Note
    By default, the IETF-compliant NM models are used. If your organization wishes to continue using the Flat models provided with the previous version, a manual setup process is required. Consult your Cisco Customer Experience representative for more information.

The NSO sample function packs are provided as a starting point for service provisioning functionality in Crosswork Network Controller. While the samples can be used “as is” in some limited network configurations, they are intended to demonstrate the extensible design of Crosswork Network Controller. Answers to common questions can be found on Cisco Devnet, and Cisco Customer Experience representatives can answer general questions about the samples. Support for customization of the samples for your specific use cases can be arranged through your Cisco account team.


Note
NSO currently does not support bundle ethernet (BE), route distinguisher (RD), or BGP route-target (RT) functions with L2VPN EVPN. Although it does support multihoming and L2VPN route policy, there is no option to specify an RD value in L2VPN for an EVPN ELAN/ETREE, nor is there an option to specify load balancing type. To perform these functions, contact your Cisco account team for a set of custom configuration templates and advice on configuring bundles manually.

Custom templates

These are user-defined templates that allow for the customization and automation of network services not supported by the standard function pack. They define specific configurations and settings that can be applied to network devices and services, making deploying and managing network resources more efficient and consistent.

To use custom templates in Crosswork Network Controller, you must pre-configure them in NSO. Once configured in NSO, Crosswork Network Controller will display your custom template for selection when you provision a device or a service.

For details on configuring custom templates, refer to the article, Configure and Apply Custom Templates.

Function pack documentation

For more information, refer to the following documentation:

Cisco Segment Routing Path Computation Element

Cisco Segment Routing Path Computation Element (SR-PCE) is an IOS-XR multi-domain stateful Path Computation Engine (PCE) supporting segment routing (SR), Resource Reservation Protocol (RSVP), and SRv6-aware PCE. SR-PCE builds on the native PCE abilities within IOS-XR devices and provides the ability to collect topology and segment routing IDs through IGP (OSPF or IS-IS) or BGP Link-State (BGP-LS), calculate paths that adhere to service SLAs, and program them into the source router as an ordered list of segments. A Path Computation Client (PCC) reports and delegates control of head-end tunnels sourced from the PCC to a PCE peer. The PCC and PCE establish a Path Computation Element Communication Protocol (PCEP) connection that SR-PCE uses to push updates to the network and re-optimize paths where necessary. PCEPv6 is also supported.

SR-PCE can either reside on server resources using virtualized XRv9000 , or run as a converged application within IOS-XR Routers.

Crosswork Network Controller common UI and API

All Crosswork Network Controller’s functionality is provided within a common graphical user interface. This common UI brings together the features of all Crosswork Network Controller’s components, including common inventory, network topology and service visualization, service and transport provisioning, and system administration and management functions. When optional add-on Crosswork Network Controller components are installed, their functionalities are also fully integrated into the common UI. Having all functionality within a common UI instead of navigating individual application UIs separately enhances the operational experience and increases productivity.

A common API enables Crosswork Network Controller’s programmability. The common APIs provide a single access point for all APIs exposed by various built-in components. The API provides a REST-based Northbound Interface to external systems (e.g., OSS systems) to integrate with Crosswork Network Controller. RESTCONF and YANG data models are made available for optimization and service provisioning use cases. For details about the APIs and examples of their usage, see the Cisco Crosswork Network Automation API Documentation on Cisco DevNet.

Multivendor capabilities

Crosswork Network Controller is multivendor capable, leveraging open industry standard mechanisms and protocols such as BGP-LS, SNMP, gNMI, PCEP, segment routing, and NETCONF/YANG to communicate with network devices in a multivendor environment. In order to deploy the product in a multivendor environment, Cisco Customer Experience (CX) should be engaged to validate interoperability with third-party devices in your network environment. See the Cisco Crosswork Network Controller Data Sheet for supported use cases and capabilities.

Today’s networks have typically been built over time and incorporate multiple vendors and generations of hardware and software. Furthermore, there is a lack of industry standardization, making support for these networks using a single tool challenging.

Service providers require an integrated solution to manage third-party devices that will reduce operational expenses and maintenance overhead, as well as eliminate the need to build custom applications to deploy and maintain different vendor products for a single network.

Using standards-based protocols, Crosswork Network Controller has multivendor capabilities for:

  • Network service orchestration via Cisco Network Services Orchestrator using CLI and Netconf/YANG. Cisco Network Services Orchestrator is a YANG model-driven platform for automating provisioning, monitoring, and managing applications and services across multivendor networks.

  • Provisioning functionality that can be extended using the application programming interfaces (APIs). Each product in the platform supports external integration, development, and customization by providing easy-to-use APIs that cover all or most of each product's functions, including functions created exclusively for access via APIs. For more information, see the Cisco Crosswork Network Automation API Documentation on Cisco DevNet.

  • Telemetry data collection via the Data Gateway using SNMP with standards-based MIBs, Syslog, gNMI, and CLI commands. Data Gateway also supports Native YANG data models for external destinations and SNMP MIBs. Custom packages are available to use with Crosswork Network Controller components, such as Health Insights, for device telemetry and network management automation.

  • Topology and transport discovery via SR-PCE, using IGP and BGP-LS, with link utilization and throughput collected via SNMP using standard MIBs.

  • Transport path computation using PCEP.

Building a custom package (or modifying the samples we provide) can get complicated. Refer to the Cisco DevNet guide to get details about the process. This documentation includes the steps to load custom packages and the basic steps needed to leverage them. Even with these extensive resources, operators may find it more productive to use the expertise from CX to perform this work. For more details, contact Cisco or the Cisco partner you work with to purchase products and services.