The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Crosswork Hierarchical Controller version 8.0 includes new functions and enhancements, as well as bug fixes.
The highlights of these new functions are:
● Cisco Crosswork Network Controller v6.0 adapter integration
● Cross launch contextual UI of IP/Optical controllers
● Root Cause Analysis REST APIs
● NextFusion Platform
● RON Automation Starter
● Embedded NSO engine inside Cisco Crosswork Hierarchical Controller
● Unified Dashboard widgets and settings application
● Application Updates
Cisco Crosswork Network Controller Adapter Integration
The Cisco Crosswork Network Controller v6.0 adapter is delivered in Cisco Crosswork Hierarchical Controller version 8.0, with discovery, assurance, and service provisioning.
There are different sets of Cisco Crosswork Network Controller adapters for each use case:
Use Case |
Required Adapters |
RON Automation |
Cisco Crosswork Network Controller adapter - SR, IGP topology, RON link provisioning, L3 service discovery CDG adapter - PM collection IOS-XR adapter - inventory and physical topology |
RON Automation Starter |
IOS-XR adapter - inventory and topology Embedded NSO + FP (incl NED) - RON link provisioning NSO adapter – connects to Embedded NSO |
IP/Optical Multi-layer Visualization |
Cisco Crosswork Network Controller adapter - Inventory, physical & IGP topology, SR, service discovery CDG adapter - PM collection |
IP/Optical Multi-layer Visualization + LxVPN Provisioning |
Cisco Crosswork Network Controller adapter - Inventory, physical & IGP topology, SR, service discovery CDG adapter - PM collection |
Cisco Crosswork Network Controller Adapters Integration
UI Cross Launch (Hyper Linker)
The UI Cross Launch (aka Hyper Linker) enables you to make vendor/controller-specific objects accessible directly from the object in the Crosswork Hierarchical Controller applications such as the Network Inventory application. The user selects the objects in the Crosswork Hierarchical Controller UI (Device, Link, SR Policy) and opens a menu with direct links to view the object in the underlay controller.
To enable this feature, it must follow these rules:
● IP or Optical controllers must provide a direct, contextual URL to the managed objects. For example: https://<controller_dns>/<device name-ip>/faults/
● The Rule Editor allows you to create the hyper linker rules, specifying the URL to link to and the criteria used to apply the link (specified in the predicate field).
The hyperlinks are added as links in the “…” menu of the object and enable opening contextual UI pages in the CO web UI for a specific port, link, device, or SR policy. Users can then easily navigate to further details on the object, saving time and efforts.
The Hyper Linker supports by default rules for Cisco Crosswork Network Controller and ONC controllers.
Hyper Linker
Root Cause Analysis REST APIs
Crosswork Hierarchical Controller provides APIs to poll multi-layer Root Cause Analysis when a failure in optical layer impacts IP services. You can access the Root Cause Analysis API using Swagger:
● GET /rest/rca/link: Get full list of failures with number of impacted services and impacted links.
● GET /rest/rca/link/{link_guid:.*}: Get full list of services per specific failure.
Root Cause Analysis API
NextFusion Platform
Cisco Crosswork Hierarchical Controller Release 8.0 introduces a new deployment platform. The new platform is an integral part of Cisco Crosswork Hierarchical Controller, Cisco Crosswork Hierarchical Controller and it enables new capabilities and improved security options.
NextFusion comes with Cisco Crosswork Hierarchical Controller Release 8.0 image and does not require separate handling.
NextFusion Platform Layer
Cisco Crosswork Hierarchical Controller is deployed with the NextFusion platform layer:
● Single VM (when high availability is not required)
● Fully managed, Kubernetes-based runtime environment
● Kubernetes-based service packs with all Crosswork Hierarchical Controller containers
● CSDL compliance (Cisco Secure Development Lifecycle)
● Kubernetes-standard HA
● Delivery: OVA with OS included
● HTTPs-only, auto cert management, mutual TLS validation
● Single authentication agent for all products, with SSO support
● Postgres-as-a-Service (w/ TimescaleDB), fully replicated across all nodes
● Highly available object storage, S3-compatible API
● Configuration UI
● Centralized logging infrastructure
Cisco Crosswork Hierarchical Controller Architecture
NextFusion Platform Security
The NextFusion Controller manages the lifecycle of all services and exposes all services using a CRD (custom resource definition), which defines in a DSL (domain specific language) all the platform needs – RBAC, networking, volumes, and so on.
● CSDL-compliant: Secure boot, code signing, no hardcoded passwords.
● Explicit RBAC support in CRD: All endpoints are blocked by default unless declared.
● HTTPs only throughout the cluster: The NextFusion service-proxy handles TLS termination and authorization.
● Database schemas: Confined per service, and not shared by default.
● Authentication: Supports local, LDAP, and SAML authentication.
NextFusion Node Architecture
NextFusion High Availability
Three node Active/Standby HA with an arbitrator node to vote on the active and avoid split brain. The cluster is only used for HA purposes and not for scaling.
Connectivity is based on TLS only, and no IPSEC is required between nodes.
NextFusion High Availability
Routed Optical Networking Automation Starter
RON Automation Starter enables you to get started with managing the optical circuit end-to-end from the routers to the optical OLS, for cases when no Cisco Crosswork Network Controller is available.
Crosswork Hierarchical Controller is the GUI-based management system for the optical layer by interfacing with the Cisco router and the existing optical OLS controller.
RON Automation Starter
There is no compromise on optical features, and it provides full optical link provisioning, visualization, and assurance. DCO to DCO.
Crosswork Hierarchical Controller Application |
Description |
Service Manager |
Full wavelength provisioning. |
Link Assurance |
Assurance and troubleshooting. |
3D Explorer |
Multilayer visualization, up to the Physical IP layer. |
Network Inventory |
Deep inventory of network resources. |
Link Manager |
Management and verification of optical-to-IP connections. |
Root Cause Analysis |
Quick identification of failures. |
Network History |
Keep track of network changes. |
RON Automation Starter can be upgraded to the full Cisco RON automation stack to introduce additional capabilities such as IP network automation.
RON Automation Starter versus Full RON Solution
Feature |
RON Automation Starter Kit |
Full RON Solution |
Wavelength Provisioning |
Yes |
Yes |
Assurance and Troubleshooting |
Yes |
Yes |
Multilayer Visualization (up to L2 links) |
Yes |
Yes |
Quick Identification of Failures |
Yes |
Yes |
IP Services Provisioning |
No |
Yes |
IP Services Assurance and Troubleshooting |
No |
Yes |
Multilayer Visualization (up to IP Services) |
No |
Yes |
NSO Engine Embedded Inside Cisco Crosswork Hierarchical Controller
NSO runs as an Crosswork Hierarchical Controller micro-service, alongside the Crosswork Hierarchical Controller applications and adapters.
This exposes the NSO NBI from Crosswork Hierarchical Controller and the NSO UI as an Crosswork Hierarchical Controller application (which will mostly be used for configuration of Function Packs/NEDs).
Note: Crosswork Hierarchical Controller HA and embedded NSO integrate seamlessly. The NSO database exists on both the Crosswork Hierarchical Controller Active and Standby nodes, and the database is synchronized continuously. If the Crosswork Hierarchical Controller Active node fails, and the Standby node takes over and becomes the Active node, NSO is updated automatically and switches nodes too.
Network Services Orchestrator (NSO)
The Crosswork Hierarchical Controller Function Pack integrates Cisco NSO with a controller to deploy services on the controller. This integration is with either a Nokia Service Provider (NSP) controller or a Cisco Crosswork Network Controller (CNC).
For full details on installing and using the Network Services Orchestrator (NSO) Crosswork Hierarchical Controller Function Pack, see the Cisco NSO Crosswork Hierarchical Controller - Function Pack Installation Guide and Cisco NSO Crosswork Hierarchical Controller - Function Pack User Guide.
Unified Dashboard Widgets and Settings Application
The new Dashboard application unifies the Widgets display and the Widgets Settings into a single application.
Application Updates
The UI has been updated across all the applications.
The following applications have been deprecated:
● Path Optimization (this functionality is provided via the Failure Impact application).
● Network Vulnerability
● CSCwh24718. Credentials configured in Device Manager can be deleted by the user, even when they are in use by an adapter.
● SDN-3831. If wrong credentials were provided for connection to the Network Controller, the discovery will fail but the proper event is not displayed in the Events table on the Adapters tab in Device Manager.
● CSCwe64394. The SHQL UI app does not support the ‘xin’ command in queries. To use a query with this command, please use the sedo command line.
● CSCwe87116. In a system configured to work in high availability mode, events configured to be sent are generated twice by the main and the redundant node.
● CSCwh37765. The option to modify SSH key (certification) in credentials settings does not work properly.
● FRB-201. Certifications imported by a user for local connection purposes (e.g., LDAP) are not kept after a software upgrade. The user needs to manually copy them to the Crosswork Hierarchical Controller repository and run the CA certificate update command (update-ca-certificates).
● SDN-3855. Make sure not to restart Crosswork Hierarchical Controller when daily backup time is close (in minutes). This may cause Crosswork Hierarchical Controller to get stuck in Running mode.
● CSCwj31406. No geo redundancy support for Cisco Crosswork Hierarchical Controller 8.0. HA in this version is limited to a case where latency between nodes is maximum 10 milliseconds.
● In Cisco Crosswork Hierarchical Controller 8.0, adding an adapter uses the ‘sedo service install <adapter-service-pack-file>’ command. At times it may be required to run more instances per adapter. In such a case it is required to manually input the DYNAMIC_APP_GUID and make sure it is different than the default. In Cisco Crosswork Hierarchical Controller 8.0, there is no validation of the param used, hence there is a potential for the param used to be an illegal param which could lead to adapter not loading properly until removed and re-added correctly. For details on how to manually validate the param, see the Cisco Crosswork Hierarchical Controller Admin Guide.
Cisco Crosswork Network Controller Adapter
● CSCwj08637. Different APIs used for integration have different pagination size defined. Polling of network info from Cisco Crosswork Network Controller may face some slowness due to issues in pagination of response.
● CSCwj08306. Polling of network info from Cisco Crosswork Network Controller may face some slowness due to issues in pagination of response.
● CSCwj40068. On some occasions, L3VPN services discovered from Cisco Crosswork Network Controller based on notifications and frequent polling, may have some of the service endpoints missing. The full list of service endpoints for all services is synced once in 24 hours.
● CSCwj29177. NSO. Service provisioning - Cisco Crosswork Network Controller Adapter: L3VPN service endpoints must be set with VLAN tag. Untagged interfaces cannot be set to Cisco Crosswork Network Controller.
● CSCwi34319. NCS55xx device type is not properly discovered by Cisco Crosswork Network Controller adapter.
● CSCwj38618. Service Assurance: Service Health parameter is not discovered from Cisco Crosswork Network Controller for LxVPN services.
● SDN-3244. For a device with multiple shelves, the device attributes displayed are those of the first shelf. Attributes of other shelves are not displayed.
● FRB-57. Currently, only links on the main path of a selected prime object are displayed. The related objects used in the protection path of the prime objects are not displayed (for example, when showing all L3 links over OMS, the displayed L3 links are only those over the main path of the OMS).
● CSCwd22764. The tooltip map fails to show a manually added cross-link. The site with the cross-link is shown on the map without the pipe between the optical and router layers.
● CSCwd22764. The Sidebar for E-Line and OTN services shows the Ports tab as empty. Use the Service Assurance application to properly get all service details.
● FLD-617. An OCH link between two ZR pluggables is displayed in metro view but its wavelength number is not displayed as a label on the link. Such label appears for other OCH links between transponders.
● FLD-603. Filter map by tags does not work properly when the network model contains fiber paths.
● SDN-4684. The satellite view option in 3D map only works when the client machine has an internet connection. The satellite view button is still enabled even when no internet connection is detected.
● SDN-4396. The list of tags in the filter of 3D explorer are currently not displayed in alphabetical order.
● SDN-4221. Service ports that appear under Ports in the sidebar for a selected service may show inconsistent association with a link. A link can sometimes be the service or the PW.
● CSCwd65311. The ZR channel and media ports are not displayed in the Ports tab for selected router in the sidebar.
● CSCwf10902. The filter on the “Type” column in the Failure Impact test result does not work properly. It does not filter the table by the resource type.
System Monitoring
● SDN-4424. When opening the system monitoring page directly after the installation, the information on disk space is empty. The information appears after the configurable monitoring time (a sedo command, covered in the Administration Guide).
● SDN-4016. Usage events for the 3D Explorer application appear with subtype as Frontier.
● CSCwd18817. SHQL widgets are not displayed in dashboard when results are an empty list.
● SDN-3945. Selecting a site on the map of Sites tab does not work properly in Firefox.
High Availability
● CSCwd36562. On rare occasions, a manual switchover between the main and standby nodes fails with a message that the standby cannot be found.
Link Manager
● Application currently does not support adding router-to-router links.
● CSCwe64457. If the last cross-link in the table is deleted, then it is wrongly added to the table although it was removed by the user.
Network Inventory
● The Reachability column for devices is displayed in Device Manager or in 3D explorer when selecting the device. This is due to an improper and misleading report on reachability per device when managed by SDN controllers.
Service Manager
● Creation of SDH line service is part of the release content, however it was not tested properly with an Optical Controller. Hence its quality and proper functioning cannot be guaranteed.
● CSCwe52336. The way to select endpoints in service wizards is to open the model selector and select ports from the relevant table. The filter in Site column does not work properly and the port needs to be located by other parameters.
● CSCwj19933. NSO Manager. The Transport Mode sent in VPWS service request is not pushed to Cisco Crosswork Network Controller as Cisco Crosswork Network Controller does not handle this parameter.
Performance
● CSCwj25453. To get the performance of a service endpoint, the user must select the physical port where the service endpoint is defined.
● CSCwe82650. The Refresh button in Performance app does not refreshes the page.
● CSCwj24829. NSO Manager. LxVPN services provisioned to Cisco Crosswork Network Controller get the route target values automatically from Cisco Crosswork Network Controller, the values included in service intent are ignored.
● SDN-3440. When querying for an inventory item, the children references are missing. Need to use the “downward” command as transformation to object/s children.
● FLD-214. System or user-driven events can be viewed using the SHQL command ‘event’ in SHQL app. The application is currently limited and cannot display more than a few thousand events in a single view. Hence it is recommended to filter the view by event type, sub type, or object guid.
● FLD-382. The sidebar window in the 3D explorer shows a visual view of aggregated links (LAG) and IP logical links. This view is disabled by default. To enable it, please contact your Cisco support team.
● SDN-3867. The View option in SHQL does not allow setting a column name with spaces.
● CSCwf42365. Make sure that the size of the imported GeoJSON file with sites info does not exceed 20Mb. For a larger file, it is recommended to split the file into multiple files.
● CSCwc80510. The new filter in the Network Inventory application allows for filtering the inventory resources by a site or device. The Model Selector allows for selecting other resource type as filters. This should be avoided. Only sites and devices can be used as filters.
● CSCwd09835. REST APIs exposed by Link Manager application can be used only by the admin user.
● CSCwd96670. It is recommended to use sedo commands to enable or disable an adapter. Doing it from the Device Manager application would work but the wrong status may be shown, and the container will still be running although the adapter will be paused.
● Services Manager. Note that the Packet E-Line wizard works for this service in an optical network, under MPLS-TP tunnel. The menu to create Packet E-Line as T-LDP PW over an IP network is supported in the link referring to the NSO page.
● CSCwe71587. When restarting an application using the sedo command (‘sedo system restart’), it is recommended to disable and then enable all apps, so that the restarted app will be launched immediately. Use ‘sedo apps disable all’; wait 10 seconds, then run ‘sedo apps enable all’.
Crosswork Hierarchical Controller 8.0 comes with a list of network adapters that are updated to work with this version. Adapters are also released independently of the Crosswork Hierarchical Controller version.
Note: Not all adapters are generally available (GA). Some are available for specific customers but not as GA, and hence, need BU involvement before use.
Table 1. Adapters
Vendor |
Protocol/Product |
Availability |
Version |
Content and Use Cases |
Ciena |
MCP Optical |
GA |
6.2/7.2 |
Discovery: Inventory, OTS/OMS/OCH/OTN Provisioning: OTN/ETH/OCH trial Assurance: ETH, Optical, RON |
Cisco |
IOS-XR |
GA |
7.11.1 |
RON use case: Discovery: Inventory and L2 topology discovery, L3 topology, ZRs Assurance: ETH, RON |
Cisco |
Cisco Crosswork Network Controller |
GA |
6.0 |
RON use case: Inventory: IGP, SR, L3 VPN Topology: IGP Discovery: L3VPN service Provisioning: RON link provisioning, L3 VPN Assurance: RON (with CDG)
General use case (no RON): Inventory: Physical and logical, L2 topology, IGP, SR, LxVPN Topology: ETH and IGP Discovery: LxVPN services Provisioning: LxVPN services Assurance: ETH (with CDG) |
Cisco |
ONC |
GA |
3.1 |
Discovery: Full inventory and optical topology discovery over NCS1010. OTS/OMC/OCH. Provisioning: RON link provisioning, OCH-NC provisioning Assurance: RON |
Juniper |
Northstar |
GA |
6.1 |
Discovery: Inventory, L2 topology, IGP, RSVP-TE Provisioning: RSVP-TE Assurance: ETH, OAM |
Nokia |
NSP IP |
GA |
22.6 |
Discovery: Inventory, L2 & IGP, SR-TE, IP VPN Provisioning: L3VPN, PW, EVPN Assurance: ETH |
Huawei |
NCE-T Optical |
GA |
21/22 |
Discovery: Inventory and topology, OTS/OMS/OCH/OTN |
● VMware vSphere server and client version 7.0.3
● High Availability, version 8.0, requires a latency of P95 5-7ms between nodes.
● The three VMs for HA can run on any single or multiple ESXi hosts. In case of multiple ESXi hosts, 10 Gbps is required for connecting each host. The control plane network is also associated with the same 10 Gbps interface and a 10 Gbps communication channel between the hosts is required.
Upgrade
Crosswork Hierarchical Controller 7.1 can be upgraded to version 8.0.
Hardware Requirements
This spec is for all nodes (active, standby, and witness, or standalone instances of Crosswork Hierarchical Controller).
Hardware |
Requirement |
CPU |
10 Cores |
Memory |
96 GB |
Multiple ESXi hosts |
10 Gbps between hosts |
Storage |
500 GB SSD to 2 TB (Scale requirement) Note: This is without considering RAID configurations |
HW Reservation |
80% for CPU and memory |
NICs |
2 |
Chrome version 75 or later is recommended.
Client Machine
The PC or MAC used for the web client with Google Chrome must be equipped with GPU. This is mandatory to run the 3D visualization map in Crosswork Hierarchical Controller.
Build Numbers
<>
In this release, all Cisco Crosswork Hierarchical Controller documents are relevant and can be used.
This includes:
Documents |
Cisco Crosswork Hierarchical Controller 8.0 Network Visualization Guide |
Cisco Crosswork Hierarchical Controller 8.0 Administration Guide |
Cisco Crosswork Hierarchical Controller 8.0 Assurance and Performance Guide |
Cisco Crosswork Hierarchical Controller 8.0 Service Provisioning Guide |
Cisco Crosswork Hierarchical Controller 8.0 Analytics Guide |
Cisco Crosswork Hierarchical Controller 8.0 NBI and SHQL Reference Guide |
Cisco Crosswork Hierarchical Controller 8.0 Installation Guide |