Cisco Crosswork Optimization Engine 1.1 Installation Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Crosswork Optimization Engine 1.1 Installation Guide

Chapter Title

Installation Requirements

Results

Updated:
March 30, 2020

Chapter: Installation Requirements

Installation Requirements

This section provides general guidelines and minimum requirements for individual components installed on a single server.

This section contains the following topics:

Cisco Crosswork Optimization Engine Installation Requirements

Cisco Crosswork Optimization Engine deployment requirements vary, depending on which of the platform's components are installed together and the number of hosts. This section provides general guidelines and minimum requirements for installing Cisco Crosswork Optimization Engine on a single host, unless otherwise specified.

Network Requirements

This figure shows the network components and connections needed to install and use Cisco Crosswork Optimization Engine.

Figure 1. Crosswork Optimization Engine Network
Crosswork Optimization Engine Network

Cisco Crosswork Optimization Engine Virtual Machine (VM)

The Cisco Crosswork Optimization Engine VM has the following vNICs:

  • Management NIC (eth0)—Used for traffic management to all Crosswork applications via the API or UI.

  • Data NIC (eth1)—Used for Crosswork applications to reach devices and Cisco Crosswork Data Gateway (northbound).

Cisco Crosswork Data Gateway VM

The Cisco Crosswork Data Gateway VM has the following vNICs:

  • Management NIC (eth0)—Provides control plane communication between Cisco Crosswork Data Gateway and Crosswork VM.

  • Southbound Data NIC (eth1)—Used for Cisco Crosswork Data Gateway collectors to reach devices.

  • Northbound Data NIC (eth2)—Sends data collected from devices to Crosswork applications or external data sinks (Kafka or gRPC receiver).

Cisco Network Services Orchestrator (NSO) VM

The NSO VM has the following vNICs:

  • Management NIC (eth0): Used for Crosswork applications to reach NSO.

  • Southbound data NIC (eth1): Used for NSO to reach devices (southbound) or RFS NSO.


Note

Single interface deployment is not supported for Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway.

Routed and Device Networks

Connectivity between the various components should be accomplished via an external routing entity (shown as 'Routed Network' in the figure). The figure shows various line styles suggesting possible routing domains within the Routed Network.

  • Solid—Management routing domain.

  • Dotted—Cisco Crosswork Data Gateway northbound data routing domain (towards Crosswork/External data sink).

  • Dashes—Device access routing domain (from Cisco Crosswork Data Gateway and NSO).

The IP/subnet addressing scheme on each of these domains depend on the type of deployment.

Routing between domains is needed for Crosswork and NSO to reach the devices. However, proper firewall rules need to be in place to allow only select sources (for example, Crosswork and NSO) to reach the devices.

If you plan to access devices via host name, be sure that host names are registered with your deployment’s DNS server.

On the Device network, devices may be reached in-band or via out-of-band management interfaces depending on the local security policies of each deployment.

An SR-PCE is both a device and an SDN controller. Some deployments may want to treat an SR-PCE as a device, in which case they would need access via the device network. Some deployments may want to treat an SR-PCE as an SDN controller and access it on the Management routing domain. Both of these models are supported.

To enable Crosswork access to an SR-PCE as an SDN controller on the management domain (shown in the figure), just add an SR-PCE as a provider.

To enable Crosswork access to an SR-PCE as a device on the device network (not shown in figure), add an SR-PCE as a provider with an additional property: outgoing-interface:eth1.

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Optimization Engine as a VM on a host that meets the following minimum requirements.


Note

Although installation shows an option for IPv6, Cisco Crosswork Optimization Engine does not currently support IPv6 deployments at this time.

Table 1.

Requirement

Description

Hypervisor and vCenter

  • VMware vCenter Server 6.7 Update 3b or later (ESXi 6.7 Update 1 installed on hosts).

  • VMware vCenter Server 6.5 Update 2d or later (ESXi 6.5 Update 2 installed on hosts)

Note 

Installation should be done only from vCenter. Installation is not supported on ESXi directly.

Memory

96 GB

Storage

Storage requirements vary based on factors such as the number of devices being supported, and the type of deployment selected.

For demos and lab environments, Cisco recommends the thin provision format as it requires the least amount of storage on the host machine. This deployment configuration uses roughly 23 GB of storage.

For live systems, Cisco recommends the Thick provision eager zeroed format which allocates 1 TB of storage by default. This should be sufficient for most customer use cases. Due to their performance, solid state drives (SSD) are preferred over traditional hard disk drives (HDD). If you are using HDD, the minimum speed should be 10,000 RPM.

For more information, see the volume requirements displayed in the VMware GUI when configuring disk space, as shown in Install Cisco Crosswork Optimization Engine.

vCPU

16 vCPUs

CPU Planning (avoid overcommittment)

CPU/memory overcommitment occurs when the vCPUs are running on a host are more than the total number of physical processor cores in that host. VMware vCenter/ESXi allows this for the flexibility in deploying and running the VMs on physical hosts. It is natural to assume that the vCenter users will try to maximize the physical resources usage by deploying and running a reasonably high amount of VMs on a specific ESXi host. However, it can lead to a problem manifested in a "soft lockup" situation, where a VM will not be able to get a vCPU allocated in a reasonable amount of time.

Network Connections

For live deployments, Cisco recommends using dual interfaces, one for the management network and one for the data network between Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway.

IP Addresses

Two IP addresses (IPv4): One public IP for the Management Network virtual interface and one public or private IP for the Data Network virtual interface.

NTP Servers

The IPv4 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached.

DNS Servers

The IPv4 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network. Confirm that the DNS servers are reachable on the network before attempting the install. The install will fail if the servers cannot be reached.

DNS Search Domain

The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain.

Disclaimer

The text of the legal disclaimer displayed to clients accessing the VM via the command line. Consult your organization's IT or legal department for the content of this text.

Important Notes

  • The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).

  • Kubernetes runs within the Cisco Crosswork Optimization Engine VM and uses Docker for containerization. The number of containers varies as applications are added or deleted.

Cisco IOS XR Software Version Support

Cisco Crosswork Optimization Engine supports the following Cisco IOS XR software versions.
Table 2. Cisco IOS XR Software Versions

SR-PCE Software Version

PCC Software Version

(Headend Routers)

Cisco ASR 9000

Cisco NCS 5500 series

Cisco NCS 540 series

Cisco NCS 560 series

Cisco XRv 9000

6.6.3 + SMU1

  • 6.5.3 + SMU (CSCvp83001)

  • 6.6.3 + SMU

    See footnote 1

  • 6.5.3 + SMU (CSCvp83001)2

  • 6.6.3 + SMU

    See footnote 1 and 2

6.6.3 + SMU 3

See footnote 1

6.6.3 + SMU

See footnote 1

  • 6.5.3 + SMU (CSCvp83001)

  • 6.6.3 + SMU

    See footnote 1
1 6.6.3 + SMU is needed to support RSVP-TE tunnel and updated SR policy features. SMU file is <platform-name>-6.6.3-Optima.tar.
2 This SMU is available via the Cisco NCS 5508 Software Download Center.
3 This SMU is available via the Cisco NCS 540-ACC-SYS Router or Cisco NCS 540x-ACC-SYS Router Software Download Center.

Note

Segment Routing Traffic Matrix (SRTM) is only available in Cisco ASR 9000 devices.

Software Maintenance Updates (SMUs) are required for both PCC/Headend and SR-PCE versions indicated in the table. To download the Cisco IOS XR versions and updates, see the IOS XR Software Maintenance Updates (SMUs) document. The correct SMUs to download will have "Optima" or the bug ID appended to the filename. For example:

  • asr9k-x64-6.6.3.Optima.tar

  • asr9k-x64-6.5.3.CSCvp83001.tar

Cisco NSO and NED Requirements

This is only applicable if Cisco Network Services Orchestrator is going to be used.

Software/Driver Version

Cisco Network Services Orchestrator (Cisco NSO)

4.4.5.3

Cisco IOS XR Network Element Driver (NED)

6.6.1

Cisco IOS Network Element Driver

5.9.2

Device and TE Tunnel Scale Support

The following number of devices and TE tunnels (SR policies and RSVP-TE tunnels) are supported.

Table 3. Device and TE Tunnel (SR Policies and RSVP-TE Tunnels) Scale Support

Feature

Devices

TE Tunnels

SR Policy Visualization and Provisioning

  • 5,000 nodes

  • 50,000 interfaces

2,000 SR Policies

RSVP-TE Tunnel (PCE initiated) Visualization and Provisioning

  • 5,000 nodes

  • 50,000 interfaces

2,000 RSVP-TE Tunnels

RSVP-TE Tunnel (PCC initiated) Visualization only

  • 5,000 nodes

  • 50,000 interfaces

2,000 RSVP-TE Tunnels

Bandwidth Optimization Function Pack

  • 2,000 nodes

  • 20,000 interfaces

Bandwidth On Demand Function Pack (with Priority Mode)

  • 5,000 nodes

  • 50,000 interfaces

Bandwidth On Demand Function Pack (without Priority Mode)

  • 2,000 nodes

  • 20,000 interfaces

Demand Deduction Function Pack

500 nodes

IGP and Inter-AS

The following table captures the IGP and inter-AS features that Cisco Crosswork Optimization Engine supports.
Table 4. IGP and Inter-AS Support

Feature

OSPF

IS-IS

Inter-AS

Topology Visualization (including SR Policies)

Supported

Supported

Egress Peer Engineering (EPE) is limited to EPE adjacency segment IDs (SIDs)

SR Policy Creation, Modification, and Deletion

Supported

Supported

EPE is limited to EPE adjacency SIDs

Bandwidth on Demand Function Pack

Supported

Supported

Not Supported

Bandwidth Optimization Function Pack

Only single area is supported

Only single level is supported

Not Supported

RSVP TE

Supported

Supported

Supported with IGP between ASes but not EPE.

Table 5. RSVP-TE Tunnel Traffic Steering Configuration

Feature

Intra Area/Level

Inter Area/Level, Multiple IGP, Inter-AS

PCC Initiatied

Requires Autoroute Announce configuration in individual tunnel interface: 

int tunnel-te <id>
autoroute-announce
exclude-traffic segment-routing

Requires Static Route configuration pointing to the tunnel interface: 

router static
address-family ipv4 unicast
<destination-ip> <tunnel-interface>

PCE Initiatied

Requires Autoroute Announce configuration under MPLS TE: 

mpls traffic-eng
pcc
stateful-client
autoroute-announce

Supported Web Browsers

This version of Cisco Crosswork Optimization Engine supports the web browsers shown in the table below.

Recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).

Browser Version

Google Chrome

(recommended)

75 or later

Mozilla Firefox

70 or later

In addition to using a supported browser, all client desktops accessing geographical map information in the Cisco Crosswork Optimization Engine topology maps must be able to reach the mapbox.com map data URL directly, via the standard HTTPS port 443. Similar guidance may apply if you choose a different map data provider, as explained in "Configure Geographical Map Settings" in the Cisco Crosswork Optimization Engine User Guide .

Ports Used

As a general policy, any ports that are not needed should be disabled. To view a list of all open listening ports, log in as a Linux CLI admin user and run the netstat -aln command.

The following table lists the external ports that are open on the Cisco Crosswork Optimization Engine VM.

Table 6. External Ports That Are Open on the VM
Port Protocol Usage

22

TCP

Remote SSH traffic

323

UDP

Network Time Protocol (NTP) listener

30603

TCP

User interface (NGINX server listens for secure connections on port 443)

30607

TCP

To collect vitals from and download images to Cisco Crosswork Data Gateway

30649

TCP

To monitor Cisco Crosswork Data Gateway status.

30993

TCP

Cisco Crosswork Data Gateway sends the collected data to Crosswork Kafka destination.

The following table lists the destination ports on external devices that may be protected by a firewall. Cisco Crosswork Optimization Engine uses these ports to connect to network devices. You must open the required ports to allow Cisco Crosswork Optimization Engine to connect to these devices.

Table 7. Destination Ports Used by Cisco Crosswork Optimization Engine
Port Protocol Usage

7

TCP/UDP

Discover endpoints using ICMP

53

TCP/UDP

Connect to DNS

123

UDP

Network Time Protocol (NTP)

830

TCP

Initiate NETCONF

Collection Considerations

MDT Collection

When Cisco NSO is used in conjunction with Cisco Crosswork Optimization Engine, the telemetry configurations are pushed to the devices by Cisco NSO. To use Cisco NSO, it is important during installation to check the "Is NSO used as the provider for device management?" checkbox under Crosswork Collection Configuration (see Install Cisco Crosswork Optimization Engine).

If you do not plan to use to use Cisco NSO, you must apply the telemetry configuration on your devices. See the "Prerequisites for Device Telemetry" topic in the Cisco Crosswork Optimization Engine User Guide.


Note

The default MDT collector port is 9010.

Device Limits

Cisco Data Gateway collection supports 1000 devices. If your network requires collection of more than 1000 devices, multiple Cisco Data Gateways must be deployed.

Cisco Crosswork Data Gateway Installation Requirements

This section provides general guidelines and minimum requirements for installing Cisco Crosswork Data Gateway.

This section contains the following topics:

Virtual Machine (VM) Requirements

You can deploy Cisco Crosswork Data Gateway as a VM on a host that meets the following minimum requirements:


Note

  • Although Cisco Crosswork Data Gateway supports both IPv6 and IPv4, it is recommended to use IPv4 as Cisco Crosswork Optimization Engine supports only IPv4.

  • IPv4 on a single interface (demo mode) is not supported.

Requirement

Hypervisor

  • VMware vCenter 6.5 Update2d

  • VMware ESX 6.5 Update2

  • VMware vCenter 6.7 Update1

  • VMware ESX 6.7 Update1

Memory

32 GB

Disk space

50 GB

Note 

This is the deployment size only. Once started, VM disk space will increase based on the VMware overhead.

vCPU

8 vCPUs

Interfaces

Three virtual interfaces in the VM:

  • One virtual interface for management network traffic, including SSH access to the VM. The DNS and NTP servers, and the default gateway, must be reachable via this interface.

  • One virtual interface for Northbound data traffic:

    • The Cisco Crosswork Optimization Engine data interface must be reachable from this interface (routable) to be able to connect to Kafka data destinations.

    • Cisco Crosswork Data Gateway uses this interface to receive collection jobs and send back their statuses to Crosswork.

    • This interface is also used by external applications other than Cisco Crosswork Optimization Engine.

  • One virtual interface for Southbound data traffic. The devices must be reachable via this interface (routable).

IP Addresses

Three IPv4 or IPv6 addresses: One public IP for the management network virtual interface and two public or private IPs for the Northbound and Southbound data network virtual interfaces.

The DNS and NTP servers, and the default gateway, must be reachable via the management network IP address. The data destinations must be reachable via Northbound data network IP address. The managed devices and providers must be reachable via Southbound data network IP address.

NTP Servers

The IPv4/IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize devices, clients, and servers across your network. Confirm that the NTP IP address or host name is reachable on the network or installation will fail.

Also, the ESXi hosts that will run the Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway VM must have NTP configured, or the initial handshake may fail with "certificate not valid" errors.

DNS Servers

The IPv4/IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.

DNS Search Domain

The search domain you want to use with the DNS servers (for example, cisco.com). You can only have one search domain.

Destination Networks

For live deployments, we recommend one virtual switch for the Data Network (connection between the Cisco Crosswork Optimization Engine VM and the Cisco Crosswork Data Gateway VM) and second virtual switch for all the management traffic (vms to dns, ntp and the network you will use to access and manage the applications).


Note

The VM runs Ubuntu Server 18.04.1 (ubuntu-18.04.1-server).

Supported Cisco OS


Note

The below table lists only the software versions on which Cisco Crosswork Data Gateway 1.1 was tested. For OS software versions that only Cisco Crosswork Optimization Engine supports, please refer to Cisco IOS XR Software Version Support. Cisco Crosswork Data Gateway allows you to expand device coverage by means of custom packages.

OS Software Version Config Mode Protocol Encoding Transport
IOS-XR 6.4.1, 6.5.1, 6.5.2, 6.5.3, 6.6.2

NSO

XR NED

CLI 7.13.9

 MDT KVGPB TCP
6.4.1, 6.5.3, 6.6.2
6.5.1, 6.5.2, 6.5.3, 6.6.2
6.4.1, 6.4.2
7.0.1
6.4.2
IOS-XE 16.10, SNMP, CLI
16.9.2, 16.10
NX-OS 7.0(3).7(2)
8.4(0).SK(1)

Note

All collection types support IPv4. For any IPv4 and Day0 configs and limitations for different device platforms, please refer your network administrator and platform configuration guide.

Ports Used

As a general policy, any ports that are not needed should be disabled.

The following table shows the minimum set of ports needed for Cisco Crosswork Data Gateway to operate correctly.

Table 8. Ports to be Opened on Cisco Crosswork Data Gateway Management Interface

Port

Protocol

Used for...

Direction

22

TCP

SSH server

Inbound

22

TCP

SCP client

Outbound

123

UDP

NTP Client

Outbound

53

UDP

DNS Client

Outbound

30607

TCP

Crosswork Controller

Outbound
Table 9. Ports to be Opened on Cisco Crosswork Data Gateway Northbound Interface

Port

Protocol

Used for...

Direction

30649

TCP

Crosswork Controller

Outbound

30993

TCP

Crosswork Kafka

Outbound

Site Specific

Site Specific

Kafka and gRPC Destination

Outbound

Table 10. Ports to be Opened on Cisco Crosswork Data Gateway Southbound Interface

Port

Protocol

Used for...

Direction

161

UDP

SNMP Collector

Inbound

1062

UDP

SNMP TrapCollector

Inbound

9010

TCP

MDT Collector

Inbound

22

TCP

CLI Collector

Outbound

The Interface role to physical name mapping is:

  • Management Interface: eth0

  • Southbound Data Interface: eth1

  • Northbound Data Interface: eth2

Was this Document Helpful?

FeedbackFeedback

Contact Cisco