Cisco Crosswork Hierarchical Controller 8.0 Release Notes

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:April 3, 2024

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:April 3, 2024


Cisco Crosswork Hierarchical Controller version 8.0 includes new functions and enhancements, as well as bug fixes.

Version Highlights

The highlights of these new functions are:

       Cisco Crosswork Network Controller v6.0 adapter integration

       Cross launch contextual UI of IP/Optical controllers

       Root Cause Analysis REST APIs

       NextFusion Platform

       RON Automation Starter

       Embedded NSO engine inside Cisco Crosswork Hierarchical Controller

       Unified Dashboard widgets and settings application

       Application Updates

Cisco Crosswork Network Controller Adapter Integration

The Cisco Crosswork Network Controller v6.0 adapter is delivered in Cisco Crosswork Hierarchical Controller version 8.0, with discovery, assurance, and service provisioning.

There are different sets of Cisco Crosswork Network Controller adapters for each use case:

Use Case

Required Adapters

RON Automation

Cisco Crosswork Network Controller adapter - SR, IGP topology, RON link provisioning, L3 service discovery

CDG adapter - PM collection

IOS-XR adapter - inventory and physical topology

RON Automation Starter

IOS-XR adapter - inventory and topology

Embedded NSO + FP (incl NED) - RON link provisioning

NSO adapter – connects to Embedded NSO

IP/Optical Multi-layer Visualization

Cisco Crosswork Network Controller adapter - Inventory, physical & IGP topology, SR, service discovery

CDG adapter - PM collection

IP/Optical Multi-layer Visualization + LxVPN Provisioning

Cisco Crosswork Network Controller adapter - Inventory, physical & IGP topology, SR, service discovery

CDG adapter - PM collection


Related image, diagram or screenshot


Figure 1.   

Cisco Crosswork Network Controller Adapters Integration

UI Cross Launch (Hyper Linker)

The UI Cross Launch (aka Hyper Linker) enables you to make vendor/controller-specific objects accessible directly from the object in the Crosswork Hierarchical Controller applications such as the Network Inventory application. The user selects the objects in the Crosswork Hierarchical Controller UI (Device, Link, SR Policy) and opens a menu with direct links to view the object in the underlay controller.

To enable this feature, it must follow these rules:

       IP or Optical controllers must provide a direct, contextual URL to the managed objects. For example: https://<controller_dns>/<device name-ip>/faults/

       The Rule Editor allows you to create the hyper linker rules, specifying the URL to link to and the criteria used to apply the link (specified in the predicate field).

The hyperlinks are added as links in the “…” menu of the object and enable opening contextual UI pages in the CO web UI for a specific port, link, device, or SR policy. Users can then easily navigate to further details on the object, saving time and efforts.

The Hyper Linker supports by default rules for Cisco Crosswork Network Controller and ONC controllers.

A screenshot of a computerDescription automatically generated

Figure 2.   

Hyper Linker

Root Cause Analysis REST APIs 

Crosswork Hierarchical Controller provides APIs to poll multi-layer Root Cause Analysis when a failure in optical layer impacts IP services. You can access the Root Cause Analysis API using Swagger:

       GET /rest/rca/link: Get full list of failures with number of impacted services and impacted links.

       GET /rest/rca/link/{link_guid:.*}: Get full list of services per specific failure.

A screenshot of a computer codeDescription automatically generated

Figure 3.   

Root Cause Analysis API

NextFusion Platform

Cisco Crosswork Hierarchical Controller Release 8.0 introduces a new deployment platform. The new platform is an integral part of Cisco Crosswork Hierarchical Controller, Cisco Crosswork Hierarchical Controller and it enables new capabilities and improved security options.

NextFusion comes with Cisco Crosswork Hierarchical Controller Release 8.0 image and does not require separate handling.

NextFusion Platform Layer

Cisco Crosswork Hierarchical Controller is deployed with the NextFusion platform layer:

       Single VM (when high availability is not required)

       Fully managed, Kubernetes-based runtime environment

       Kubernetes-based service packs with all Crosswork Hierarchical Controller containers

       CSDL compliance (Cisco Secure Development Lifecycle)

       Kubernetes-standard HA

       Delivery: OVA with OS included

       HTTPs-only, auto cert management, mutual TLS validation

       Single authentication agent for all products, with SSO support

       Postgres-as-a-Service (w/ TimescaleDB), fully replicated across all nodes

       Highly available object storage, S3-compatible API

       Configuration UI

       Centralized logging infrastructure

Related image, diagram or screenshot

Figure 4.   

Cisco Crosswork Hierarchical Controller Architecture

NextFusion Platform Security

The NextFusion Controller manages the lifecycle of all services and exposes all services using a CRD (custom resource definition), which defines in a DSL (domain specific language) all the platform needs – RBAC, networking, volumes, and so on.

       CSDL-compliant: Secure boot, code signing, no hardcoded passwords.

       Explicit RBAC support in CRD: All endpoints are blocked by default unless declared.

       HTTPs only throughout the cluster: The NextFusion service-proxy handles TLS termination and authorization.

       Database schemas: Confined per service, and not shared by default.

       Authentication: Supports local, LDAP, and SAML authentication.

Related image, diagram or screenshot

Figure 5.   

NextFusion Node Architecture

NextFusion High Availability

Three node Active/Standby HA with an arbitrator node to vote on the active and avoid split brain. The cluster is only used for HA purposes and not for scaling.

Connectivity is based on TLS only, and no IPSEC is required between nodes.

Related image, diagram or screenshot

Figure 6.   

NextFusion High Availability

Routed Optical Networking Automation Starter

RON Automation Starter enables you to get started with managing the optical circuit end-to-end from the routers to the optical OLS, for cases when no Cisco Crosswork Network Controller is available.

Crosswork Hierarchical Controller is the GUI-based management system for the optical layer by interfacing with the Cisco router and the existing optical OLS controller.

Related image, diagram or screenshot

Figure 7.   

RON Automation Starter

There is no compromise on optical features, and it provides full optical link provisioning, visualization, and assurance. DCO to DCO.

Crosswork Hierarchical Controller Application


Service Manager

Full wavelength provisioning.

Link Assurance

Assurance and troubleshooting.

3D Explorer

Multilayer visualization, up to the Physical IP layer.

Network Inventory

Deep inventory of network resources.

Link Manager 

Management and verification of optical-to-IP connections.

Root Cause Analysis 

Quick identification of failures.

Network History

Keep track of network changes.


RON Automation Starter can be upgraded to the full Cisco RON automation stack to introduce additional capabilities such as IP network automation.

Related image, diagram or screenshot

Figure 8.   

RON Automation Starter versus Full RON Solution


RON Automation Starter Kit

Full RON Solution

Wavelength Provisioning



Assurance and Troubleshooting



Multilayer Visualization (up to L2 links)



Quick Identification of Failures



IP Services Provisioning



IP Services Assurance and Troubleshooting



Multilayer Visualization (up to IP Services)



NSO Engine Embedded Inside Cisco Crosswork Hierarchical Controller

NSO runs as an Crosswork Hierarchical Controller micro-service, alongside the Crosswork Hierarchical Controller applications and adapters.

This exposes the NSO NBI from Crosswork Hierarchical Controller and the NSO UI as an Crosswork Hierarchical Controller application (which will mostly be used for configuration of Function Packs/NEDs).

Note: Crosswork Hierarchical Controller HA and embedded NSO integrate seamlessly. The NSO database exists on both the Crosswork Hierarchical Controller Active and Standby nodes, and the database is synchronized continuously. If the Crosswork Hierarchical Controller Active node fails, and the Standby node takes over and becomes the Active node, NSO is updated automatically and switches nodes too.

Related image, diagram or screenshot

Figure 9.   

Network Services Orchestrator (NSO)

The Crosswork Hierarchical Controller Function Pack integrates Cisco NSO with a controller to deploy services on the controller. This integration is with either a Nokia Service Provider (NSP) controller or a Cisco Crosswork Network Controller (CNC).

For full details on installing and using the Network Services Orchestrator (NSO) Crosswork Hierarchical Controller Function Pack, see the Cisco NSO Crosswork Hierarchical Controller - Function Pack Installation Guide and Cisco NSO Crosswork Hierarchical Controller - Function Pack User Guide.

Unified Dashboard Widgets and Settings Application

The new Dashboard application unifies the Widgets display and the Widgets Settings into a single application.

Application Updates

The UI has been updated across all the applications.

The following applications have been deprecated:

       Path Optimization (this functionality is provided via the Failure Impact application).

       Network Vulnerability

Issues Resolved

       CSCwh24718.  Credentials configured in Device Manager can be deleted by the user, even when they are in use by an adapter.

       SDN-3831. If wrong credentials were provided for connection to the Network Controller, the discovery will fail but the proper event is not displayed in the Events table on the Adapters tab in Device Manager.

       CSCwe64394. The SHQL UI app does not support the ‘xin’ command in queries. To use a query with this command, please use the sedo command line.

       CSCwe87116. In a system configured to work in high availability mode, events configured to be sent are generated twice by the main and the redundant node.

       CSCwh37765. The option to modify SSH key (certification) in credentials settings does not work properly.

       FRB-201. Certifications imported by a user for local connection purposes (e.g., LDAP) are not kept after a software upgrade. The user needs to manually copy them to the Crosswork Hierarchical Controller repository and run the CA certificate update command (update-ca-certificates).

       SDN-3855. Make sure not to restart Crosswork Hierarchical Controller when daily backup time is close (in minutes). This may cause Crosswork Hierarchical Controller to get stuck in Running mode.

Known Limitations

       CSCwj31406. No geo redundancy support for Cisco Crosswork Hierarchical Controller 8.0. HA in this version is limited to a case where latency between nodes is maximum 10 milliseconds.

       In Cisco Crosswork Hierarchical Controller 8.0, adding an adapter uses the ‘sedo service install <adapter-service-pack-file>’ command. At times it may be required to run more instances per adapter.  In such a case it is required to manually input the DYNAMIC_APP_GUID and make sure it is different than the default. In Cisco Crosswork Hierarchical Controller 8.0, there is no validation of the param used, hence there is a potential for the param used to be an illegal param which could lead to adapter not loading properly until removed and re-added correctly. For details on how to manually validate the param, see the Cisco Crosswork Hierarchical Controller Admin Guide. 

Cisco Crosswork Network Controller Adapter

       CSCwj08637. Different APIs used for integration have different pagination size defined. Polling of network info from Cisco Crosswork Network Controller may face some slowness due to issues in pagination of response.

       CSCwj08306. Polling of network info from Cisco Crosswork Network Controller may face some slowness due to issues in pagination of response.

       CSCwj40068. On some occasions, L3VPN services discovered from Cisco Crosswork Network Controller based on notifications and frequent polling, may have some of the service endpoints missing. The full list of service endpoints for all services is synced once in 24 hours.

       CSCwj29177. NSO. Service provisioning - Cisco Crosswork Network Controller Adapter: L3VPN service endpoints must be set with VLAN tag. Untagged interfaces cannot be set to Cisco Crosswork Network Controller.

       CSCwi34319. NCS55xx device type is not properly discovered by Cisco Crosswork Network Controller adapter.

       CSCwj38618. Service Assurance: Service Health parameter is not discovered from Cisco Crosswork Network Controller for LxVPN services.


       SDN-3244. For a device with multiple shelves, the device attributes displayed are those of the first shelf. Attributes of other shelves are not displayed.

Layer Relations

       FRB-57. Currently, only links on the main path of a selected prime object are displayed. The related objects used in the protection path of the prime objects are not displayed (for example, when showing all L3 links over OMS, the displayed L3 links are only those over the main path of the OMS).

3D Explorer

       CSCwd22764. The tooltip map fails to show a manually added cross-link. The site with the cross-link is shown on the map without the pipe between the optical and router layers.

       CSCwd22764. The Sidebar for E-Line and OTN services shows the Ports tab as empty. Use the Service Assurance application to properly get all service details.

       FLD-617. An OCH link between two ZR pluggables is displayed in metro view but its wavelength number is not displayed as a label on the link. Such label appears for other OCH links between transponders.

       FLD-603. Filter map by tags does not work properly when the network model contains fiber paths.

       SDN-4684. The satellite view option in 3D map only works when the client machine has an internet connection. The satellite view button is still enabled even when no internet connection is detected.

       SDN-4396. The list of tags in the filter of 3D explorer are currently not displayed in alphabetical order.

       SDN-4221. Service ports that appear under Ports in the sidebar for a selected service may show inconsistent association with a link. A link can sometimes be the service or the PW.

       CSCwd65311. The ZR channel and media ports are not displayed in the Ports tab for selected router in the sidebar.

Failure Impact

       CSCwf10902. The filter on the “Type” column in the Failure Impact test result does not work properly. It does not filter the table by the resource type.

System Monitoring

       SDN-4424. When opening the system monitoring page directly after the installation, the information on disk space is empty. The information appears after the configurable monitoring time (a sedo command, covered in the Administration Guide).


       SDN-4016. Usage events for the 3D Explorer application appear with subtype as Frontier.

       CSCwd18817. SHQL widgets are not displayed in dashboard when results are an empty list.

Model Settings

       SDN-3945. Selecting a site on the map of Sites tab does not work properly in Firefox.

High Availability

       CSCwd36562. On rare occasions, a manual switchover between the main and standby nodes fails with a message that the standby cannot be found.

Link Manager

       Application currently does not support adding router-to-router links.

       CSCwe64457. If the last cross-link in the table is deleted, then it is wrongly added to the table although it was removed by the user.

Network Inventory

       The Reachability column for devices is displayed in Device Manager or in 3D explorer when selecting the device. This is due to an improper and misleading report on reachability per device when managed by SDN controllers.

Service Manager

       Creation of SDH line service is part of the release content, however it was not tested properly with an Optical Controller. Hence its quality and proper functioning cannot be guaranteed.

       CSCwe52336. The way to select endpoints in service wizards is to open the model selector and select ports from the relevant table. The filter in Site column does not work properly and the port needs to be located by other parameters.

       CSCwj19933. NSO Manager. The Transport Mode sent in VPWS service request is not pushed to Cisco Crosswork Network Controller as Cisco Crosswork Network Controller does not handle this parameter.


       CSCwj25453. To get the performance of a service endpoint, the user must select the physical port where the service endpoint is defined.

       CSCwe82650. The Refresh button in Performance app does not refreshes the page.

Operational Considerations

       CSCwj24829. NSO Manager. LxVPN services provisioned to Cisco Crosswork Network Controller get the route target values automatically from Cisco Crosswork Network Controller, the values included in service intent are ignored.

       SDN-3440. When querying for an inventory item, the children references are missing. Need to use the “downward” command as transformation to object/s children.

       FLD-214. System or user-driven events can be viewed using the SHQL command ‘event’ in SHQL app. The application is currently limited and cannot display more than a few thousand events in a single view. Hence it is recommended to filter the view by event type, sub type, or object guid.

       FLD-382. The sidebar window in the 3D explorer shows a visual view of aggregated links (LAG) and IP logical links. This view is disabled by default. To enable it, please contact your Cisco support team.

       SDN-3867. The View option in SHQL does not allow setting a column name with spaces.

       CSCwf42365. Make sure that the size of the imported GeoJSON file with sites info does not exceed 20Mb. For a larger file, it is recommended to split the file into multiple files.

       CSCwc80510. The new filter in the Network Inventory application allows for filtering the inventory resources by a site or device. The Model Selector allows for selecting other resource type as filters. This should be avoided. Only sites and devices can be used as filters.

       CSCwd09835. REST APIs exposed by Link Manager application can be used only by the admin user.

       CSCwd96670. It is recommended to use sedo commands to enable or disable an adapter. Doing it from the Device Manager application would work but the wrong status may be shown, and the container will still be running although the adapter will be paused.

       Services Manager. Note that the Packet E-Line wizard works for this service in an optical network, under MPLS-TP tunnel. The menu to create Packet E-Line as T-LDP PW over an IP network is supported in the link referring to the NSO page.

       CSCwe71587. When restarting an application using the sedo command (‘sedo system restart’), it is recommended to disable and then enable all apps, so that the restarted app will be launched immediately. Use ‘sedo apps disable all’; wait 10 seconds, then run ‘sedo apps enable all’.


Crosswork Hierarchical Controller 8.0 comes with a list of network adapters that are updated to work with this version. Adapters are also released independently of the Crosswork Hierarchical Controller version.

Note: Not all adapters are generally available (GA). Some are available for specific customers but not as GA, and hence, need BU involvement before use.

Table 1.           Adapters





Content and Use Cases


MCP Optical



Discovery: Inventory, OTS/OMS/OCH/OTN

Provisioning: OTN/ETH/OCH trial

Assurance: ETH, Optical, RON





RON use case:

Discovery: Inventory and L2 topology discovery, L3 topology, ZRs

Assurance: ETH, RON


Cisco Crosswork Network Controller



RON use case:

Inventory: IGP, SR, L3 VPN

Topology: IGP

Discovery: L3VPN service

Provisioning: RON link provisioning, L3 VPN

Assurance: RON (with CDG)


General use case (no RON):

Inventory: Physical and logical, L2 topology, IGP, SR, LxVPN

Topology: ETH and IGP

Discovery: LxVPN services

Provisioning: LxVPN services

Assurance: ETH (with CDG)





Discovery: Full inventory and optical topology discovery over NCS1010. OTS/OMC/OCH.

Provisioning: RON link provisioning, OCH-NC provisioning

Assurance: RON





Discovery: Inventory, L2 topology, IGP, RSVP-TE

Provisioning: RSVP-TE

Assurance: ETH, OAM





Discovery: Inventory, L2 & IGP, SR-TE, IP VPN

Provisioning: L3VPN, PW, EVPN

Assurance: ETH


NCE-T Optical



Discovery: Inventory and topology, OTS/OMS/OCH/OTN

Deployment Requirements

Software Requirements

       VMware vSphere server and client version 7.0.3

       High Availability, version 8.0, requires a latency of P95 5-7ms between nodes.

       The three VMs for HA can run on any single or multiple ESXi hosts. In case of multiple ESXi hosts, 10 Gbps is required for connecting each host. The control plane network is also associated with the same 10 Gbps interface and a 10 Gbps communication channel between the hosts is required.


Crosswork Hierarchical Controller 7.1 can be upgraded to version 8.0.

Hardware Requirements

This spec is for all nodes (active, standby, and witness, or standalone instances of Crosswork Hierarchical Controller).




10 Cores


96 GB

Multiple ESXi hosts

10 Gbps between hosts


500 GB SSD to 2 TB (Scale requirement)

Note: This is without considering RAID configurations

HW Reservation

80% for CPU and memory



Web Browser

Chrome version 75 or later is recommended.

Client Machine

The PC or MAC used for the web client with Google Chrome must be equipped with GPU. This is mandatory to run the 3D visualization map in Crosswork Hierarchical Controller.

Build Numbers


Release Collaterals

In this release, all Cisco Crosswork Hierarchical Controller documents are relevant and can be used.

This includes:


Cisco Crosswork Hierarchical Controller 8.0 Network Visualization Guide

Cisco Crosswork Hierarchical Controller 8.0 Administration Guide

Cisco Crosswork Hierarchical Controller 8.0 Assurance and Performance Guide

Cisco Crosswork Hierarchical Controller 8.0 Service Provisioning Guide

Cisco Crosswork Hierarchical Controller 8.0 Analytics Guide

Cisco Crosswork Hierarchical Controller 8.0 NBI and SHQL Reference Guide

Cisco Crosswork Hierarchical Controller 8.0 Installation Guide

Learn more