<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: arial,helvetica,sans-serif; font-size: 10pt; color: #000000'>Cisco ruins everything they touch.<br><br><div><span name="x"></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br>http://www.ics-il.com<br><br>Midwest-IX<br>http://www.midwest-ix.com<span name="x"></span><br></div><br><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Hank Nussbacher" <hank@efes.iucc.ac.il><br><b>To: </b>nanog@nanog.org<br><b>Sent: </b>Wednesday, May 15, 2019 4:50:10 AM<br><b>Subject: </b>Cisco Crosswork Network Insights - or how to destroy a useful service<br><br>
<p class="MsoNormal">I have started to use Cisco Crosswork Network
Insights which
is the replacement for BGPmon and I am shocked at how Cisco has
managed to
destroy a useful tool.<span style="mso-spacerun:yes"> </span>I
have had a paid
50 prefix account since the day BGPmon became available and helped
two clients implement
a 500 prefix license over the past 4 years.<span style="mso-spacerun:yes">
</span>None will be buying Cisco Crosswork Network Insights, based
on my
recommendation.</p>
<p class="MsoNormal">I really don’t know where to begin since there
is so much to
dislike in this new GUI.<span style="mso-spacerun:yes"> </span>I
will try to
give you just a small taste but I suggest you request a 90 day
trial license and try
it out for yourself.</p>
<p class="MsoNormal">This was not designed by someone who deals with
BGP hijacks
or who manages a network.<span style="mso-spacerun:yes"> </span>It
was
probably given to some GUI developer with a minimal understanding
of what the
users needed.<span style="mso-spacerun:yes"> </span>How do I
know this?<span style="mso-spacerun:yes"> </span>Take for
example the main configuration menu:
<a href="https://crosswork.cisco.com/#/configuration" target="_blank">https://crosswork.cisco.com/#/configuration</a>
with the first tab of “prefixes”.<span style="mso-spacerun:yes">
</span>On
that page there is <b>no</b> mention of which ASN the prefix is
associated
with.<span style="mso-spacerun:yes"> </span>That of course was
fundamental in
the BGPmon menu: <a href="https://portal.bgpmon.net/myprefixes.php" target="_blank">https://portal.bgpmon.net/myprefixes.php</a></p>
<p class="MsoNormal">Or take for example its “express
configuration”, where you
insert an ASN and it automatically finds all prefixes and creates
a
policy.<span style="mso-spacerun:yes"> </span>But does it know
the name of the
ASN?<span style="mso-spacerun:yes"> </span>Nope.<span style="mso-spacerun:yes"> </span>Something again that was
basic in BGPmon via:
<a href="https://portal.bgpmon.net/myasn.php" target="_blank">https://portal.bgpmon.net/myasn.php</a>
is non-existent in CNI.</p>
<p class="MsoNormal">Or how about the alarms one gets to an email?<span style="mso-spacerun:yes"> </span>Want to see how that looks?</p>
From:
Crosswork Admin [<a class="moz-txt-link-freetext" href="mailto:admin@crosswork.cisco.com" target="_blank">mailto:admin@crosswork.cisco.com</a>] <br>
Sent: 15 May
2019 11:39<br>
To: Hank
Nussbacher <a class="moz-txt-link-rfc2396E" href="mailto:Hank@mail.iucc.ac.il" target="_blank"><Hank@mail.iucc.ac.il></a><br>
Subject:
CCNI Notification<br>
<br>
Active alarm
count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please
click on
the link for each alarm below: <br>
<div style="mso-element:para-border-div;border:none;border-bottom:solid
windowtext 1.0pt;
mso-border-bottom-alt:solid windowtext .75pt;padding:0cm 0cm 1.0pt
0cm"><a href="https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647" target="_blank">https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647</a><br>
</div>
<p class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt">Compare
that
with what we used to get:</p>
<p class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt"> </p>
====================================================================<br>
Possible
Prefix Hijack (Code: 10)<br>
====================================================================<br>
<br>
Your
prefix:<span style="mso-spacerun:yes"> </span>99.201.0.0/16:<br>
Prefix
Description:<span style="mso-spacerun:yes"> </span>Kuku net<br>
Update
time:<span style="mso-spacerun:yes"> </span>2018-08-12
17:50 (UTC)<br>
Detected by
#peers:<span style="mso-spacerun:yes"> </span>140<br>
Detected
prefix:<span style="mso-spacerun:yes"> </span>99.201.131.0/24<br>
Announced
by:<span style="mso-spacerun:yes"> </span>AS222246 (BGP
hijacking Ltd)<br>
Upstream
AS:<span style="mso-spacerun:yes"> </span>AS111111
(Clueless ISP
allowing customer hijacking Ltd)<br>
ASpath:<span style="mso-spacerun:yes"> </span>555555
444444 333333 111111 222246<br>
Alert
details:<span style="mso-spacerun:yes">
</span><a class="moz-txt-link-freetext" href="https://portal.bgpmon.net/alerts.php?details&alert_id=830521190" target="_blank">https://portal.bgpmon.net/alerts.php?details&alert_id=830521190</a><br>
Mark as
false alert:<span style="mso-spacerun:yes"> </span><a class="moz-txt-link-freetext" href="https://portal.bgpmon.net/fp.php?aid=830521190" target="_blank">https://portal.bgpmon.net/fp.php?aid=830521190</a><br>
<p class="MsoNormal">That is just a small sampling.<span style="mso-spacerun:yes"> </span>Maybe two years down the
road, Cisco will
speak to customers first before destroying a useful service.</p>
<p class="MsoNormal">Anyone else trying this out and feels the same
or feels differently?<br>
</p>
Disappointed,<br>
Hank<br>
<p class="MsoListParagraph"> </p>
</div><br></div></body></html>