Cisco Crosswork Network Insights - or how to destroy a useful service

• Previous message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Next message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

?Is BGPmon going away?

________________________________
From: NANOG <nanog-bounces at nanog.org> on behalf of Hank Nussbacher <hank at efes.iucc.ac.il>
Sent: Wednesday, May 15, 2019 3:50 AM
To: nanog at nanog.org
Subject: Cisco Crosswork Network Insights - or how to destroy a useful service

I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how Cisco has managed to destroy a useful tool.  I have had a paid 50 prefix account since the day BGPmon became available and helped two clients implement a 500 prefix license over the past 4 years.  None will be buying Cisco Crosswork Network Insights, based on my recommendation.
I really don't know where to begin since there is so much to dislike in this new GUI.  I will try to give you just a small taste but I suggest you request a 90 day trial license and try it out for yourself.
This was not designed by someone who deals with BGP hijacks or who manages a network.  It was probably given to some GUI developer with a minimal understanding of what the users needed.   How do I know this?  Take for example the main configuration menu: https://crosswork.cisco.com/#/configuration<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Fconfiguration&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=bdDTxnmNMYK1CerIUqB%2BdmyjWZbIPZHyIKei3ocU%2Ffk%3D&reserved=0> with the first tab of "prefixes".  On that page there is no mention of which ASN the prefix is associated with.  That of course was fundamental in the BGPmon menu: https://portal.bgpmon.net/myprefixes.php<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyprefixes.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=BJ5gv1z3Olqa25%2FAN49vAf5g3Ay4BA2DVLNcLJB8nWo%3D&reserved=0>
Or take for example its "express configuration", where you insert an ASN and it automatically finds all prefixes and creates a policy.  But does it know the name of the ASN?  Nope.  Something again that was basic in BGPmon via: https://portal.bgpmon.net/myasn.php<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyasn.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=TzGEF2aobeKBpPsA89XAZAUYNrDVtPsmJvnVL2A71JM%3D&reserved=0> is non-existent in CNI.
Or how about the alarms one gets to an email?  Want to see how that looks?
From: Crosswork Admin [mailto:admin at crosswork.cisco.com]
Sent: 15 May 2019 11:39
To: Hank Nussbacher <Hank at mail.iucc.ac.il><mailto:Hank at mail.iucc.ac.il>
Subject: CCNI Notification

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm below:
https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Falarm%2Fba7c5084-f05d-4c12-a17f-be9e815d6647&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=snL40%2Bb6OdCIqDCmDtB8SQYLFEXWa2loDlgdncqz38E%3D&reserved=0>
Compare that with what we used to get:

====================================================================
Possible Prefix Hijack (Code: 10)
====================================================================

Your prefix:          99.201.0.0/16:
Prefix Description:   Kuku net
Update time:          2018-08-12 17:50 (UTC)
Detected by #peers:   140
Detected prefix:      99.201.131.0/24
Announced by:         AS222246 (BGP hijacking Ltd)
Upstream AS:          AS111111 (Clueless ISP allowing customer hijacking Ltd)
ASpath:               555555 444444 333333 111111 222246
Alert details:        https://portal.bgpmon.net/alerts.php?details&alert_id=830521190<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Falerts.php%3Fdetails%26alert_id%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=WATe3hamPpjgl1oOev0Yt4EwIUpYa20kvOMZKkqe28o%3D&reserved=0>
Mark as false alert:  https://portal.bgpmon.net/fp.php?aid=830521190<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Ffp.php%3Faid%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=GhpkGT65EFe6Pg6Mft%2FA9F3zY6lNc%2FfRcwNRdBqS9q0%3D&reserved=0>
That is just a small sampling.  Maybe two years down the road, Cisco will speak to customers first before destroying a useful service.
Anyone else trying this out and feels the same or feels differently?
Disappointed,
Hank


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190515/4977f936/attachment.html>

• Previous message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Next message (by thread): Cisco Crosswork Network Insights - or how to destroy a useful service
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]