<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>

</head>

<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">

<p>Is BGPmon going away?<br>

</p>

<div style="color: rgb(33, 33, 33);">

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> NANOG <nanog-bounces@nanog.org> on behalf of Hank Nussbacher <hank@efes.iucc.ac.il><br>

<b>Sent:</b> Wednesday, May 15, 2019 3:50 AM<br>

<b>To:</b> nanog@nanog.org<br>

<b>Subject:</b> Cisco Crosswork Network Insights - or how to destroy a useful service</font>

<div> </div>

</div>

<div>

<p class="MsoNormal">I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how Cisco has managed to destroy a useful tool.<span style=""> 

</span>I have had a paid 50 prefix account since the day BGPmon became available and helped two clients implement a 500 prefix license over the past 4 years.<span style=""> 

</span>None will be buying Cisco Crosswork Network Insights, based on my recommendation.</p>

<p class="MsoNormal">I really don’t know where to begin since there is so much to dislike in this new GUI.<span style=""> 

</span>I will try to give you just a small taste but I suggest you request a 90 day trial license and try it out for yourself.</p>

<p class="MsoNormal">This was not designed by someone who deals with BGP hijacks or who manages a network.<span style=""> 

</span>It was probably given to some GUI developer with a minimal understanding of what the users needed.<span style="">  

</span>How do I know this?<span style="">  </span>Take for example the main configuration menu:

<a href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Fconfiguration&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=bdDTxnmNMYK1CerIUqB%2BdmyjWZbIPZHyIKei3ocU%2Ffk%3D&reserved=0">

https://crosswork.cisco.com/#/configuration</a> with the first tab of “prefixes”.<span style=""> 

</span>On that page there is <b>no</b> mention of which ASN the prefix is associated with.<span style=""> 

</span>That of course was fundamental in the BGPmon menu: <a href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyprefixes.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=BJ5gv1z3Olqa25%2FAN49vAf5g3Ay4BA2DVLNcLJB8nWo%3D&reserved=0">

https://portal.bgpmon.net/myprefixes.php</a></p>

<p class="MsoNormal">Or take for example its “express configuration”, where you insert an ASN and it automatically finds all prefixes and creates a policy.<span style=""> 

</span>But does it know the name of the ASN?<span style="">  </span>Nope.<span style=""> 

</span>Something again that was basic in BGPmon via: <a href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyasn.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=TzGEF2aobeKBpPsA89XAZAUYNrDVtPsmJvnVL2A71JM%3D&reserved=0">

https://portal.bgpmon.net/myasn.php</a> is non-existent in CNI.</p>

<p class="MsoNormal">Or how about the alarms one gets to an email?<span style=""> 

</span>Want to see how that looks?</p>

From: Crosswork Admin [<a class="moz-txt-link-freetext" href="mailto:admin@crosswork.cisco.com">mailto:admin@crosswork.cisco.com</a>]

<br>

Sent: 15 May 2019 11:39<br>

To: Hank Nussbacher <a class="moz-txt-link-rfc2396E" href="mailto:Hank@mail.iucc.ac.il">

<Hank@mail.iucc.ac.il></a><br>

Subject: CCNI Notification<br>

<br>

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm below:

<br>

<div style="border:none; border-bottom:solid

      windowtext 1.0pt; padding:0cm 0cm 1.0pt

      0cm">

<a href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Falarm%2Fba7c5084-f05d-4c12-a17f-be9e815d6647&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=snL40%2Bb6OdCIqDCmDtB8SQYLFEXWa2loDlgdncqz38E%3D&reserved=0">https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647</a><br>

</div>

<p class="MsoNormal" style="margin-bottom:0cm; margin-bottom:.0001pt">Compare that with what we used to get:</p>

<p class="MsoNormal" style="margin-bottom:0cm; margin-bottom:.0001pt"> </p>

====================================================================<br>

Possible Prefix Hijack (Code: 10)<br>

====================================================================<br>

<br>

Your prefix:<span style="">          </span>99.201.0.0/16:<br>

Prefix Description:<span style="">   </span>Kuku net<br>

Update time:<span style="">          </span>2018-08-12 17:50 (UTC)<br>

Detected by #peers:<span style="">   </span>140<br>

Detected prefix:<span style="">      </span>99.201.131.0/24<br>

Announced by:<span style="">         </span>AS222246 (BGP hijacking Ltd)<br>

Upstream AS:<span style="">          </span>AS111111 (Clueless ISP allowing customer hijacking Ltd)<br>

ASpath:<span style="">               </span>555555 444444 333333 111111 222246<br>

Alert details:<span style="">        </span><a class="moz-txt-link-freetext" href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Falerts.php%3Fdetails%26alert_id%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=WATe3hamPpjgl1oOev0Yt4EwIUpYa20kvOMZKkqe28o%3D&reserved=0">https://portal.bgpmon.net/alerts.php?details&alert_id=830521190</a><br>

Mark as false alert:<span style="">  </span><a class="moz-txt-link-freetext" href="https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Ffp.php%3Faid%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=GhpkGT65EFe6Pg6Mft%2FA9F3zY6lNc%2FfRcwNRdBqS9q0%3D&reserved=0">https://portal.bgpmon.net/fp.php?aid=830521190</a><br>

<p class="MsoNormal">That is just a small sampling.<span style="">  </span>Maybe two years down the road, Cisco will speak to customers first before destroying a useful service.</p>

<p class="MsoNormal">Anyone else trying this out and feels the same or feels differently?<br>

</p>

Disappointed,<br>

Hank<br>

<p class="MsoListParagraph"> </p>

</div>

</div>

</body>

</html>