Cisco Crosswork Network Insights - or how to destroy a useful service

• Previous message (by thread): DHCPv6-PD relay route injection - standard?
• Next message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have started to use Cisco Crosswork Network Insights which is the 
replacement for BGPmon and I am shocked at how Cisco has managed to 
destroy a useful tool.I have had a paid 50 prefix account since the day 
BGPmon became available and helped two clients implement a 500 prefix 
license over the past 4 years.None will be buying Cisco Crosswork 
Network Insights, based on my recommendation.

I really don’t know where to begin since there is so much to dislike in 
this new GUI.I will try to give you just a small taste but I suggest you 
request a 90 day trial license and try it out for yourself.

This was not designed by someone who deals with BGP hijacks or who 
manages a network.It was probably given to some GUI developer with a 
minimal understanding of what the users needed.How do I know this?Take 
for example the main configuration menu: 
https://crosswork.cisco.com/#/configuration with the first tab of 
“prefixes”.On that page there is *no* mention of which ASN the prefix is 
associated with.That of course was fundamental in the BGPmon menu: 
https://portal.bgpmon.net/myprefixes.php

Or take for example its “express configuration”, where you insert an ASN 
and it automatically finds all prefixes and creates a policy.But does it 
know the name of the ASN?Nope.Something again that was basic in BGPmon 
via: https://portal.bgpmon.net/myasn.php is non-existent in CNI.

Or how about the alarms one gets to an email?Want to see how that looks?

From: Crosswork Admin [mailto:admin at crosswork.cisco.com]
Sent: 15 May 2019 11:39
To: Hank Nussbacher <Hank at mail.iucc.ac.il>
Subject: CCNI Notification

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 
UTC. Please click on the link for each alarm below:
https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647

Compare that with what we used to get:

====================================================================
Possible Prefix Hijack (Code: 10)
====================================================================

Your prefix:99.201.0.0/16:
Prefix Description:Kuku net
Update time:2018-08-12 17:50 (UTC)
Detected by #peers:140
Detected prefix:99.201.131.0/24
Announced by:AS222246 (BGP hijacking Ltd)
Upstream AS:AS111111 (Clueless ISP allowing customer hijacking Ltd)
ASpath:555555 444444 333333 111111 222246
Alert 
details:https://portal.bgpmon.net/alerts.php?details&alert_id=830521190
Mark as false alert:https://portal.bgpmon.net/fp.php?aid=830521190

That is just a small sampling.Maybe two years down the road, Cisco will 
speak to customers first before destroying a useful service.

Anyone else trying this out and feels the same or feels differently?

Disappointed,
Hank

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190515/e020ccf6/attachment.html>

• Previous message (by thread): DHCPv6-PD relay route injection - standard?
• Next message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]