Installation Requirements
Cisco Crosswork Optimization Engine Installation Requirements
Cisco Crosswork Data Gateway Installation Requirements

Installation Requirements

This section provides general guidelines and minimum requirements for individual components installed on a single server.

This section contains the following topics:

Cisco Crosswork Optimization Engine Installation Requirements

Cisco Crosswork Optimization Engine deployment requirements vary, depending on which of the platform's components are installed together and the number of hosts. This section provides general guidelines and minimum requirements for installing Cisco Crosswork Optimization Engine on a single host, unless otherwise specified.

Network Requirements

This figure shows the network components and connections needed to install and use Cisco Crosswork Optimization Engine.

Figure 1. Crosswork Optimization Engine Network

Cisco Crosswork Optimization Engine Virtual Machine (VM)

The Cisco Crosswork Optimization Engine VM has the following vNICs:

Management NIC (eth0)—Used for traffic management to all Crosswork applications via the API or UI.
Data NIC (eth1)—Used for Crosswork applications to reach devices and Cisco Crosswork Data Gateway (northbound).

Cisco Crosswork Data Gateway VM

The Cisco Crosswork Data Gateway VM has the following vNICs:

Management NIC (eth0)—Provides control plane communication between Cisco Crosswork Data Gateway and Crosswork VM.
Southbound Data NIC (eth1)—Used for Cisco Crosswork Data Gateway collectors to reach devices.
Northbound Data NIC (eth2)—Sends data collected from devices to Crosswork applications or external data sinks (Kafka or gRPC receiver).

Cisco Network Services Orchestrator (NSO) VM

The NSO VM has the following vNICs:

Management NIC (eth0): Used for Crosswork applications to reach NSO.
Southbound data NIC (eth1): Used for NSO to reach devices (southbound) or RFS NSO.

Note

Single interface deployment is not supported for Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway.

Routed and Device Networks

Connectivity between the various components should be accomplished via an external routing entity (shown as 'Routed Network' in the figure). The figure shows various line styles suggesting possible routing domains within the Routed Network.

Solid—Management routing domain.
Dotted—Cisco Crosswork Data Gateway northbound data routing domain (towards Crosswork/External data sink).
Dashes—Device access routing domain (from Cisco Crosswork Data Gateway and NSO).

The IP/subnet addressing scheme on each of these domains depend on the type of deployment.

Routing between domains is needed for Crosswork and NSO to reach the devices. However, proper firewall rules need to be in place to allow only select sources (for example, Crosswork and NSO) to reach the devices.

If you plan to access devices via host name, be sure that host names are registered with your deployment’s DNS server.

On the Device network, devices may be reached in-band or via out-of-band management interfaces depending on the local security policies of each deployment.

An SR-PCE is both a device and an SDN controller. Some deployments may want to treat an SR-PCE as a device, in which case they would need access via the device network. Some deployments may want to treat an SR-PCE as an SDN controller and access it on the Management routing domain. Both of these models are supported.

To enable Crosswork access to an SR-PCE as an SDN controller on the management domain (shown in the figure), just add an SR-PCE as a provider.

To enable Crosswork access to an SR-PCE as a device on the device network (not shown in figure), add an SR-PCE as a provider with an additional property: outgoing-interface:eth1.

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Optimization Engine as a VM on a host that meets the following minimum requirements.

Note

Although installation shows an option for IPv6, Cisco Crosswork Optimization Engine does not currently support IPv6 deployments at this time.

Table 1.

Requirement

Description

Hypervisor and vCenter

VMware vCenter Server 6.7 Update 3b or later (ESXi 6.7 Update 1 installed on hosts).
VMware vCenter Server 6.5 Update 2d or later (ESXi 6.5 Update 2 installed on hosts)

Note

Installation should be done only from vCenter. Installation is not supported on ESXi directly.

Memory

96 GB

Storage

Storage requirements vary based on factors such as the number of devices being supported, and the type of deployment selected.

For demos and lab environments, Cisco recommends the thin provision format as it requires the least amount of storage on the host machine. This deployment configuration uses roughly 23 GB of storage.

For live systems, Cisco recommends the Thick provision eager zeroed format which allocates 1 TB of storage by default. This should be sufficient for most customer use cases. Due to their performance, solid state drives (SSD) are preferred over traditional hard disk drives (HDD). If you are using HDD, the minimum speed should be 10,000 RPM.

For more information, see the volume requirements displayed in the VMware GUI when configuring disk space, as shown in Install Cisco Crosswork Optimization Engine.

vCPU

16 vCPUs

CPU Planning (avoid overcommittment)

CPU/memory overcommitment occurs when the vCPUs are running on a host are more than the total number of physical processor cores in that host. VMware vCenter/ESXi allows this for the flexibility in deploying and running the VMs on physical hosts. It is natural to assume that the vCenter users will try to maximize the physical resources usage by deploying and running a reasonably high amount of VMs on a specific ESXi host. However, it can lead to a problem manifested in a "soft lockup" situation, where a VM will not be able to get a vCPU allocated in a reasonable amount of time.

Network Connections

For live deployments, Cisco recommends using dual interfaces, one for the management network and one for the data network between Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway.

IP Addresses

Two IP addresses (IPv4): One public IP for the Management Network virtual interface and one public or private IP for the Data Network virtual interface.

NTP Servers

The IPv4 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached.

DNS Servers

The IPv4 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network. Confirm that the DNS servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached.

DNS Search Domain

The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain.

Disclaimer

The text of the legal disclaimer displayed to clients accessing the VM via the command line. Consult your organization's IT or legal department for the content of this text.

Important Notes

The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).
Kubernetes runs within the Cisco Crosswork Optimization Engine VM and uses Docker for containerization. The number of containers varies as applications are added or deleted.

Cisco IOS XR Software Version Support

Cisco Crosswork Optimization Engine supports the following Cisco IOS XR software versions.

Table 2. Cisco IOS XR Software Versions
SR-PCE Software Version	PCC Software Version (Headend Routers)
SR-PCE Software Version	Cisco ASR 9000	Cisco NCS 5500 series	Cisco NCS 540 series	Cisco NCS 560 series	Cisco XRv 9000
6.6.3 + SMU¹	6.5.3 + SMU (CSCvp83001) 6.6.3 + SMU See footnote 1	6.5.3 + SMU (CSCvp83001)² 6.6.3 + SMU See footnote 1 and 2	6.6.3 + SMU ³ See footnote 1	6.6.3 + SMU See footnote 1	6.5.3 + SMU (CSCvp83001) 6.6.3 + SMU See footnote 1

¹ 6.6.3 + SMU is needed to support RSVP-TE tunnel and updated SR policy features. SMU file is <platform-name>-6.6.3-Optima.tar.

² This SMU is available via the Cisco NCS 5508 Software Download Center.

³ This SMU is available via the Cisco NCS 540-ACC-SYS Router or Cisco NCS 540x-ACC-SYS Router Software Download Center.

Note

Segment Routing Traffic Matrix (SRTM) is only available in Cisco ASR 9000 devices.

Software Maintenance Updates (SMUs) are required for both PCC/Headend and SR-PCE versions indicated in the table. To download the Cisco IOS XR versions and updates, see the IOS XR Software Maintenance Updates (SMUs) document. The correct SMUs to download will have "Optima" or the bug ID appended to the filename. For example:

asr9k-x64-6.6.3.Optima.tar
asr9k-x64-6.5.3.CSCvp83001.tar

Cisco NSO and NED Requirements

This is only applicable if Cisco Network Services Orchestrator is going to be used.


Software/Driver	Version
Cisco Network Services Orchestrator (Cisco NSO)	4.4.5.3
Cisco IOS XR Network Element Driver (NED)	6.6.1
Cisco IOS Network Element Driver	5.9.2

Device and TE Tunnel Scale Support

The following number of devices and TE tunnels (SR policies and RSVP-TE tunnels) are supported.

Table 3. Device and TE Tunnel (SR Policies and RSVP-TE Tunnels) Scale Support
Feature	Devices	TE Tunnels
SR Policy Visualization and Provisioning	5,000 nodes 50,000 interfaces	2,000 SR Policies
RSVP-TE Tunnel (PCE initiated) Visualization and Provisioning	5,000 nodes 50,000 interfaces	2,000 RSVP-TE Tunnels
RSVP-TE Tunnel (PCC initiated) Visualization only	5,000 nodes 50,000 interfaces	2,000 RSVP-TE Tunnels
Bandwidth Optimization Function Pack	2,000 nodes 20,000 interfaces	—
Bandwidth On Demand Function Pack (with Priority Mode)	5,000 nodes 50,000 interfaces	—
Bandwidth On Demand Function Pack (without Priority Mode)	2,000 nodes 20,000 interfaces	—
Demand Deduction Function Pack	500 nodes	—

IGP and Inter-AS

The following table captures the IGP and inter-AS features that Cisco Crosswork Optimization Engine supports.

Table 4. IGP and Inter-AS Support
Feature	OSPF	IS-IS	Inter-AS
Topology Visualization (including SR Policies)	Supported	Supported	Egress Peer Engineering (EPE) is limited to EPE adjacency segment IDs (SIDs)
SR Policy Creation, Modification, and Deletion	Supported	Supported	EPE is limited to EPE adjacency SIDs
Bandwidth on Demand Function Pack	Supported	Supported	Not Supported
Bandwidth Optimization Function Pack	Only single area is supported	Only single level is supported	Not Supported
RSVP TE	Supported	Supported	Supported with IGP between ASes but not EPE.

Table 5. RSVP-TE Tunnel Traffic Steering Configuration
Feature	Intra Area/Level	Inter Area/Level, Multiple IGP, Inter-AS
PCC Initiatied	Requires Autoroute Announce configuration in individual tunnel interface: `int tunnel-te <id> autoroute-announce exclude-traffic segment-routing`	Requires Static Route configuration pointing to the tunnel interface: `router static address-family ipv4 unicast <destination-ip> <tunnel-interface>`
PCE Initiatied	Requires Autoroute Announce configuration under MPLS TE: `mpls traffic-eng pcc stateful-client autoroute-announce`

Supported Web Browsers

This version of Cisco Crosswork Optimization Engine supports the web browsers shown in the table below.

Recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).


Browser	Version
Google Chrome (recommended)	75 or later
Mozilla Firefox	70 or later

In addition to using a supported browser, all client desktops accessing geographical map information in the Cisco Crosswork Optimization Engine topology maps must be able to reach the mapbox.com map data URL directly, via the standard HTTPS port 443. Similar guidance may apply if you choose a different map data provider, as explained in "Configure Geographical Map Settings" in the Cisco Crosswork Optimization Engine User Guide .

Ports Used

As a general policy, any ports that are not needed should be disabled. To view a list of all open listening ports, log in as a Linux CLI admin user and run the netstat -aln command.

The following table lists the external ports that are open on the Cisco Crosswork Optimization Engine VM.

Table 6. External Ports That Are Open on the VM
Port	Protocol	Usage
22	TCP	Remote SSH traffic
323	UDP	Network Time Protocol (NTP) listener
30603	TCP	User interface (NGINX server listens for secure connections on port 443)
30607	TCP	To collect vitals from and download images to Cisco Crosswork Data Gateway
30649	TCP	To monitor Cisco Crosswork Data Gateway status.
30993	TCP	Cisco Crosswork Data Gateway sends the collected data to Crosswork Kafka destination.

The following table lists the destination ports on external devices that may be protected by a firewall. Cisco Crosswork Optimization Engine uses these ports to connect to network devices. You must open the required ports to allow Cisco Crosswork Optimization Engine to connect to these devices.

Table 7. Destination Ports Used by Cisco Crosswork Optimization Engine
Port	Protocol	Usage
7	TCP/UDP	Discover endpoints using ICMP
53	TCP/UDP	Connect to DNS
123	UDP	Network Time Protocol (NTP)
830	TCP	Initiate NETCONF

Collection Considerations

MDT Collection

When Cisco NSO is used in conjunction with Cisco Crosswork Optimization Engine, the telemetry configurations are pushed to the devices by Cisco NSO. To use Cisco NSO, it is important during installation to check the "Is NSO used as the provider for device management?" checkbox under Crosswork Collection Configuration (see Install Cisco Crosswork Optimization Engine).

If you do not plan to use to use Cisco NSO, you must apply the telemetry configuration on your devices. See the "Prerequisites for Device Telemetry" topic in the Cisco Crosswork Optimization Engine User Guide.

Note

The default MDT collector port is 9010.

Device Limits

Cisco Data Gateway collection supports 1000 devices. If your network requires collection of more than 1000 devices, multiple Cisco Data Gateways must be deployed.

Cisco Crosswork Data Gateway Installation Requirements

This section provides general guidelines and minimum requirements for installing Cisco Crosswork Data Gateway.

This section contains the following topics:

Virtual Machine (VM) Requirements
Supported Cisco OS
Ports Used

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Data Gateway as a VM on a host that meets the following minimum requirements:

Note

Although Cisco Crosswork Data Gateway supports both IPv6 and IPv4, it is recommended to use IPv4 as Cisco Crosswork Optimization Engine supports only IPv4.
IPv4 on a single interface (demo mode) is not supported.

Requirement

Hypervisor

VMware vCenter 6.5 Update2d
VMware ESX 6.5 Update2
VMware vCenter 6.7 Update1
VMware ESX 6.7 Update1

Memory

32 GB

Disk space

50 GB

Note

This is the deployment size only. Once started, VM disk space will increase based on the VMware overhead.

vCPU

8 vCPUs

Interfaces

Three virtual interfaces in the VM:

One virtual interface for management network traffic, including SSH access to the VM. The DNS and NTP servers, and the default gateway, must be reachable via this interface.
One virtual interface for Northbound data traffic:
- The Cisco Crosswork Optimization Engine data interface must be reachable from this interface (routable) to be able to connect to Kafka data destinations.
- Cisco Crosswork Data Gateway uses this interface to receive collection jobs and send back their statuses to Crosswork.
- This interface is also used by external applications other than Cisco Crosswork Optimization Engine.
One virtual interface for Southbound data traffic. The devices must be reachable via this interface (routable).

IP Addresses

Three IPv4 or IPv6 addresses: One public IP for the management network virtual interface and two public or private IPs for the Northbound and Southbound data network virtual interfaces.

The DNS and NTP servers, and the default gateway, must be reachable via the management network IP address. The data destinations must be reachable via Northbound data network IP address. The managed devices and providers must be reachable via Southbound data network IP address.

NTP Servers

The IPv4/IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP IP address or host name is reachable on the network or installation will fail.

Also, the ESXi hosts that will run the Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway VM must have NTP configured, or the initial handshake may fail with "certificate not valid" errors.

DNS Servers

The IPv4/IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.

DNS Search Domain

The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain.

Destination Networks

For live deployments, we recommend one virtual switch for the Data Network (connection between the Cisco Crosswork Optimization Engine VM and the Cisco Crosswork Data Gateway VM) and second virtual switch for all the management traffic (vms to dns, ntp and the network you will use to access and manage the applications).

Note

The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).

Supported Cisco OS

Note

The below table lists only the software versions on which Cisco Crosswork Data Gateway 1.1 was tested. For OS software versions that only Cisco Crosswork Optimization Engine supports, please refer to Cisco IOS XR Software Version Support. Cisco Crosswork Data Gateway allows you to expand device coverage by means of custom packages.


OS	Software Version	Config Mode	Protocol	Encoding	Transport
IOS-XR	6.4.1, 6.5.1, 6.5.2, 6.5.3, 6.6.2	NSO XR NED CLI 7.13.9	MDT	KVGPB	TCP
	6.4.1, 6.5.3, 6.6.2
	6.5.1, 6.5.2, 6.5.3, 6.6.2
	6.4.1, 6.4.2
	7.0.1
	6.4.2
IOS-XE	16.10,		SNMP, CLI
	16.9.2, 16.10
NX-OS	7.0(3).7(2)
	8.4(0).SK(1)

Note

All collection types support IPv4. For any IPv4 and Day0 configs and limitations for different device platforms, please refer your network administrator and platform configuration guide.

Ports Used

As a general policy, any ports that are not needed should be disabled.

The following table shows the minimum set of ports needed for Cisco Crosswork Data Gateway to operate correctly.

Table 8. Ports to be Opened on Cisco Crosswork Data Gateway Management Interface
Port	Protocol	Used for...	Direction
22	TCP	SSH server	Inbound
22	TCP	SCP client	Outbound
123	UDP	NTP Client	Outbound
53	UDP	DNS Client	Outbound
30607	TCP	Crosswork Controller	Outbound

Table 9. Ports to be Opened on Cisco Crosswork Data Gateway Northbound Interface
Port	Protocol	Used for...	Direction
30649	TCP	Crosswork Controller	Outbound
30993	TCP	Crosswork Kafka	Outbound
Site Specific	Site Specific	Kafka and gRPC Destination	Outbound

Table 10. Ports to be Opened on Cisco Crosswork Data Gateway Southbound Interface
Port	Protocol	Used for...	Direction
161	UDP	SNMP Collector	Inbound
1062	UDP	SNMP TrapCollector	Inbound
9010	TCP	MDT Collector	Inbound
22	TCP	CLI Collector	Outbound

The Interface role to physical name mapping is:

Management Interface: eth0
Southbound Data Interface: eth1
Northbound Data Interface: eth2

Cisco Crosswork Optimization Engine 1.1 Installation Guide

Bias-Free Language

Book Title

Cisco Crosswork Optimization Engine 1.1 Installation Guide

Chapter Title