Cisco Crosswork Optimization Engine Installation Requirements
Cisco Crosswork Optimization Engine deployment requirements vary, depending on which of the platform's components are installed together and the number of hosts. This section provides general guidelines and minimum requirements for installing Cisco Crosswork Optimization Engine on a single host, unless otherwise specified.
Network Requirements
This figure shows the network components and connections needed to install and use Cisco Crosswork Optimization Engine.
Cisco Crosswork Optimization Engine Virtual Machine (VM)
The Cisco Crosswork Optimization Engine VM has the following vNICs:
-
Management NIC (eth0)—Used for traffic management to all Crosswork applications via the API or UI.
-
Data NIC (eth1)—Used for Crosswork applications to reach devices and Cisco Crosswork Data Gateway (northbound).
Cisco Crosswork Data Gateway VM
The Cisco Crosswork Data Gateway VM has the following vNICs:
-
Management NIC (eth0)—Provides control plane communication between Cisco Crosswork Data Gateway and Crosswork VM.
-
Southbound Data NIC (eth1)—Used for Cisco Crosswork Data Gateway collectors to reach devices.
-
Northbound Data NIC (eth2)—Sends data collected from devices to Crosswork applications or external data sinks (Kafka or gRPC receiver).
Cisco Network Services Orchestrator (NSO) VM
The NSO VM has the following vNICs:
-
Management NIC (eth0): Used for Crosswork applications to reach NSO.
-
Southbound data NIC (eth1): Used for NSO to reach devices (southbound) or RFS NSO.
Note |
Single interface deployment is not supported for Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway. |
Routed and Device Networks
Connectivity between the various components should be accomplished via an external routing entity (shown as 'Routed Network' in the figure). The figure shows various line styles suggesting possible routing domains within the Routed Network.
-
Solid—Management routing domain.
-
Dotted—Cisco Crosswork Data Gateway northbound data routing domain (towards Crosswork/External data sink).
-
Dashes—Device access routing domain (from Cisco Crosswork Data Gateway and NSO).
The IP/subnet addressing scheme on each of these domains depend on the type of deployment.
Routing between domains is needed for Crosswork and NSO to reach the devices. However, proper firewall rules need to be in place to allow only select sources (for example, Crosswork and NSO) to reach the devices.
If you plan to access devices via host name, be sure that host names are registered with your deployment’s DNS server.
On the Device network, devices may be reached in-band or via out-of-band management interfaces depending on the local security policies of each deployment.
An SR-PCE is both a device and an SDN controller. Some deployments may want to treat an SR-PCE as a device, in which case they would need access via the device network. Some deployments may want to treat an SR-PCE as an SDN controller and access it on the Management routing domain. Both of these models are supported.
To enable Crosswork access to an SR-PCE as an SDN controller on the management domain (shown in the figure), just add an SR-PCE as a provider.
To enable Crosswork access to an SR-PCE as a device on the device network (not shown
in figure), add an SR-PCE as a provider with an additional property:
outgoing-interface:eth1
.
Virtual Machine (VM) Requirements
You can deploy Cisco Crosswork Optimization Engine as a VM on a host that meets the following minimum requirements.
Note |
Although installation shows an option for IPv6, Cisco Crosswork Optimization Engine does not currently support IPv6 deployments at this time. |
Requirement |
Description |
||
---|---|---|---|
Hypervisor and vCenter |
|
||
Memory |
96 GB |
||
Storage |
Storage requirements vary based on factors such as the number of devices being supported, and the type of deployment selected. For demos and lab environments, Cisco recommends the thin provision format as it requires the least amount of storage on the host machine. This deployment configuration uses roughly 23 GB of storage. For live systems, Cisco recommends the Thick provision eager zeroed format which allocates 1 TB of storage by default. This should be sufficient for most customer use cases. Due to their performance, solid state drives (SSD) are preferred over traditional hard disk drives (HDD). If you are using HDD, the minimum speed should be 10,000 RPM. For more information, see the volume requirements displayed in the VMware GUI when configuring disk space, as shown in Install Cisco Crosswork Optimization Engine. |
||
vCPU |
16 vCPUs |
||
CPU Planning (avoid overcommittment) |
CPU/memory overcommitment occurs when the vCPUs are running on a host are more than the total number of physical processor cores in that host. VMware vCenter/ESXi allows this for the flexibility in deploying and running the VMs on physical hosts. It is natural to assume that the vCenter users will try to maximize the physical resources usage by deploying and running a reasonably high amount of VMs on a specific ESXi host. However, it can lead to a problem manifested in a "soft lockup" situation, where a VM will not be able to get a vCPU allocated in a reasonable amount of time. |
||
Network Connections |
For live deployments, Cisco recommends using dual interfaces, one for the management network and one for the data network between Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway. |
||
IP Addresses |
Two IP addresses (IPv4): One public IP for the Management Network virtual interface and one public or private IP for the Data Network virtual interface. |
||
NTP Servers |
The IPv4 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached. |
||
DNS Servers |
The IPv4 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network. Confirm that the DNS servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached. |
||
DNS Search Domain |
The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain. |
||
Disclaimer |
The text of the legal disclaimer displayed to clients accessing the VM via the command line. Consult your organization's IT or legal department for the content of this text. |
Important Notes
-
The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).
-
Kubernetes runs within the Cisco Crosswork Optimization Engine VM and uses Docker for containerization. The number of containers varies as applications are added or deleted.
Cisco IOS XR Software Version Support
SR-PCE Software Version |
PCC Software Version (Headend Routers) |
||||
---|---|---|---|---|---|
Cisco ASR 9000 |
Cisco NCS 5500 series |
Cisco NCS 540 series |
Cisco NCS 560 series |
Cisco XRv 9000 |
|
6.6.3 + SMU1 |
|
|
6.6.3 + SMU 3 See footnote 1 |
6.6.3 + SMU See footnote 1 |
|
Note |
Segment Routing Traffic Matrix (SRTM) is only available in Cisco ASR 9000 devices.
|
Cisco NSO and NED Requirements
This is only applicable if Cisco Network Services Orchestrator is going to be used.
Software/Driver | Version |
---|---|
Cisco Network Services Orchestrator (Cisco NSO) |
4.4.5.3 |
Cisco IOS XR Network Element Driver (NED) |
6.6.1 |
Cisco IOS Network Element Driver |
5.9.2 |
Device and TE Tunnel Scale Support
The following number of devices and TE tunnels (SR policies and RSVP-TE tunnels) are supported.
Feature |
Devices |
TE Tunnels |
---|---|---|
SR Policy Visualization and Provisioning |
|
2,000 SR Policies |
RSVP-TE Tunnel (PCE initiated) Visualization and Provisioning |
|
2,000 RSVP-TE Tunnels |
RSVP-TE Tunnel (PCC initiated) Visualization only |
|
2,000 RSVP-TE Tunnels |
Bandwidth Optimization Function Pack |
|
— |
Bandwidth On Demand Function Pack (with Priority Mode) |
|
— |
Bandwidth On Demand Function Pack (without Priority Mode) |
|
— |
Demand Deduction Function Pack |
500 nodes |
— |
IGP and Inter-AS
Feature |
OSPF |
IS-IS |
Inter-AS |
---|---|---|---|
Topology Visualization (including SR Policies) |
Supported |
Supported |
Egress Peer Engineering (EPE) is limited to EPE adjacency segment IDs (SIDs) |
SR Policy Creation, Modification, and Deletion |
Supported |
Supported |
EPE is limited to EPE adjacency SIDs |
Bandwidth on Demand Function Pack |
Supported |
Supported |
Not Supported |
Bandwidth Optimization Function Pack |
Only single area is supported |
Only single level is supported |
Not Supported |
RSVP TE |
Supported |
Supported |
Supported with IGP between ASes but not EPE. |
Feature |
Intra Area/Level |
Inter Area/Level, Multiple IGP, Inter-AS |
---|---|---|
PCC Initiatied |
Requires Autoroute Announce configuration in individual tunnel interface:
|
Requires Static Route configuration pointing to the tunnel interface:
|
PCE Initiatied |
Requires Autoroute Announce configuration under MPLS TE:
|
Supported Web Browsers
This version of Cisco Crosswork Optimization Engine supports the web browsers shown in the table below.
Recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).
Browser | Version |
---|---|
Google Chrome (recommended) |
75 or later |
Mozilla Firefox |
70 or later |
In addition to using a supported browser, all client desktops accessing geographical map information in the Cisco Crosswork Optimization Engine topology maps must be able to reach the mapbox.com map data URL directly, via the standard HTTPS port 443. Similar guidance may apply if you choose a different map data provider, as explained in "Configure Geographical Map Settings" in the Cisco Crosswork Optimization Engine User Guide .
Ports Used
As a general policy, any ports that are not needed should be disabled. To view a list of all open listening ports, log in as a Linux CLI admin user and run the netstat -aln command.
The following table lists the external ports that are open on the Cisco Crosswork Optimization Engine VM.
Port | Protocol | Usage |
---|---|---|
22 |
TCP |
Remote SSH traffic |
323 |
UDP |
Network Time Protocol (NTP) listener |
30603 |
TCP |
User interface (NGINX server listens for secure connections on port 443) |
30607 |
TCP |
To collect vitals from and download images to Cisco Crosswork Data Gateway |
30649 |
TCP |
To monitor Cisco Crosswork Data Gateway status. |
30993 |
TCP |
Cisco Crosswork Data Gateway sends the collected data to Crosswork Kafka destination. |
The following table lists the destination ports on external devices that may be protected by a firewall. Cisco Crosswork Optimization Engine uses these ports to connect to network devices. You must open the required ports to allow Cisco Crosswork Optimization Engine to connect to these devices.
Port | Protocol | Usage |
---|---|---|
7 |
TCP/UDP |
Discover endpoints using ICMP |
53 |
TCP/UDP |
Connect to DNS |
123 |
UDP |
Network Time Protocol (NTP) |
830 |
TCP |
Initiate NETCONF |
Collection Considerations
MDT Collection
When Cisco NSO is used in conjunction with Cisco Crosswork Optimization Engine, the telemetry configurations are pushed to the devices by Cisco NSO. To use Cisco NSO, it is important during installation to check the "Is NSO used as the provider for device management?" checkbox under Crosswork Collection Configuration (see Install Cisco Crosswork Optimization Engine).
If you do not plan to use to use Cisco NSO, you must apply the telemetry configuration on your devices. See the "Prerequisites for Device Telemetry" topic in the Cisco Crosswork Optimization Engine User Guide.
Note |
The default MDT collector port is 9010. |
Device Limits
Cisco Data Gateway collection supports 1000 devices. If your network requires collection of more than 1000 devices, multiple Cisco Data Gateways must be deployed.