Cisco Crosswork Network Insights - or how to destroy a useful service

Mike Hammett nanog at
Wed May 15 12:33:13 UTC 2019

Cisco ruins everything they touch. 

Mike Hammett 
Intelligent Computing Solutions 


----- Original Message -----

From: "Hank Nussbacher" <hank at> 
To: nanog at 
Sent: Wednesday, May 15, 2019 4:50:10 AM 
Subject: Cisco Crosswork Network Insights - or how to destroy a useful service 

I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how Cisco has managed to destroy a useful tool. I have had a paid 50 prefix account since the day BGPmon became available and helped two clients implement a 500 prefix license over the past 4 years. None will be buying Cisco Crosswork Network Insights, based on my recommendation. 
I really don’t know where to begin since there is so much to dislike in this new GUI. I will try to give you just a small taste but I suggest you request a 90 day trial license and try it out for yourself. 
This was not designed by someone who deals with BGP hijacks or who manages a network. It was probably given to some GUI developer with a minimal understanding of what the users needed. How do I know this? Take for example the main configuration menu: with the first tab of “prefixes”. On that page there is no mention of which ASN the prefix is associated with. That of course was fundamental in the BGPmon menu: 
Or take for example its “express configuration”, where you insert an ASN and it automatically finds all prefixes and creates a policy. But does it know the name of the ASN? Nope. Something again that was basic in BGPmon via: is non-existent in CNI. 
Or how about the alarms one gets to an email? Want to see how that looks? From: Crosswork Admin [ mailto:admin at ] 
Sent: 15 May 2019 11:39 
To: Hank Nussbacher <Hank at> 
Subject: CCNI Notification 

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm below: 

Compare that with what we used to get: 
Possible Prefix Hijack (Code: 10) 

Your prefix: 
Prefix Description: Kuku net 
Update time: 2018-08-12 17:50 (UTC) 
Detected by #peers: 140 
Detected prefix: 
Announced by: AS222246 (BGP hijacking Ltd) 
Upstream AS: AS111111 (Clueless ISP allowing customer hijacking Ltd) 
ASpath: 555555 444444 333333 111111 222246 
Alert details: 
Mark as false alert: 

That is just a small sampling. Maybe two years down the road, Cisco will speak to customers first before destroying a useful service. 
Anyone else trying this out and feels the same or feels differently? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list