Cisco Crosswork Network Insights - or how to destroy a useful service

Patrick McEvilly patrick_mcevilly at
Wed May 15 13:24:15 UTC 2019



From: NANOG < at> on behalf of Mike Hammett <nanog at>
Date: Wednesday, May 15, 2019 at 8:35 AM
To: Hank Nussbacher <hank at>
Cc: "nanog at" <nanog at>
Subject: Re: Cisco Crosswork Network Insights - or how to destroy a useful service
Resent-From: Patrick McEvilly <patrick_mcevilly at>


Cisco ruins everything they touch.

Mike Hammett
Intelligent Computing Solutions



From: "Hank Nussbacher" <hank at>
To: nanog at
Sent: Wednesday, May 15, 2019 4:50:10 AM
Subject: Cisco Crosswork Network Insights - or how to destroy a useful service

I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how Cisco has managed to destroy a useful tool.  I have had a paid 50 prefix account since the day BGPmon became available and helped two clients implement a 500 prefix license over the past 4 years.  None will be buying Cisco Crosswork Network Insights, based on my recommendation.

I really don’t know where to begin since there is so much to dislike in this new GUI.  I will try to give you just a small taste but I suggest you request a 90 day trial license and try it out for yourself.

This was not designed by someone who deals with BGP hijacks or who manages a network.  It was probably given to some GUI developer with a minimal understanding of what the users needed.   How do I know this?  Take for example the main configuration menu: with the first tab of “prefixes”.  On that page there is no mention of which ASN the prefix is associated with.  That of course was fundamental in the BGPmon menu:

Or take for example its “express configuration”, where you insert an ASN and it automatically finds all prefixes and creates a policy.  But does it know the name of the ASN?  Nope.  Something again that was basic in BGPmon via: is non-existent in CNI.

Or how about the alarms one gets to an email?  Want to see how that looks?

From: Crosswork Admin [mailto:admin at] 
Sent: 15 May 2019 11:39
To: Hank Nussbacher <Hank at>
Subject: CCNI Notification

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm below:

Compare that with what we used to get:


Possible Prefix Hijack (Code: 10)

Your prefix:
Prefix Description:   Kuku net
Update time:          2018-08-12 17:50 (UTC)
Detected by #peers:   140
Detected prefix:
Announced by:         AS222246 (BGP hijacking Ltd)
Upstream AS:          AS111111 (Clueless ISP allowing customer hijacking Ltd)
ASpath:               555555 444444 333333 111111 222246
Alert details:
Mark as false alert:

That is just a small sampling.  Maybe two years down the road, Cisco will speak to customers first before destroying a useful service.

Anyone else trying this out and feels the same or feels differently?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list