Re: Cisco Crosswork Network Insights - or how to destroy a useful service

[Patrick McEvilly <patrick_mcevilly () harvard edu>]

https://honestnetworker.net/2019/01/31/recent-bgpmon-net-announcement/

 

 

From: NANOG <nanog-bounces+patrick_mcevilly=harvard.edu () nanog org> on behalf of Mike Hammett <nanog () ics-il net>
Date: Wednesday, May 15, 2019 at 8:35 AM
To: Hank Nussbacher <hank () efes iucc ac il>
Cc: "nanog () nanog org" <nanog () nanog org>
Subject: Re: Cisco Crosswork Network Insights - or how to destroy a useful service
Resent-From: Patrick McEvilly <patrick_mcevilly () harvard edu>

 

Cisco ruins everything they touch.



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

 

From: "Hank Nussbacher" <hank () efes iucc ac il>
To: nanog () nanog org
Sent: Wednesday, May 15, 2019 4:50:10 AM
Subject: Cisco Crosswork Network Insights - or how to destroy a useful service

I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how 
Cisco has managed to destroy a useful tool.  I have had a paid 50 prefix account since the day BGPmon became available 
and helped two clients implement a 500 prefix license over the past 4 years.  None will be buying Cisco Crosswork 
Network Insights, based on my recommendation.

I really don’t know where to begin since there is so much to dislike in this new GUI.  I will try to give you just a 
small taste but I suggest you request a 90 day trial license and try it out for yourself.

This was not designed by someone who deals with BGP hijacks or who manages a network.  It was probably given to some 
GUI developer with a minimal understanding of what the users needed.   How do I know this?  Take for example the main 
configuration menu: https://crosswork.cisco.com/#/configuration with the first tab of “prefixes”.  On that page there 
is no mention of which ASN the prefix is associated with.  That of course was fundamental in the BGPmon menu: 
https://portal.bgpmon.net/myprefixes.php

Or take for example its “express configuration”, where you insert an ASN and it automatically finds all prefixes and 
creates a policy.  But does it know the name of the ASN?  Nope.  Something again that was basic in BGPmon via: 
https://portal.bgpmon.net/myasn.php is non-existent in CNI.

Or how about the alarms one gets to an email?  Want to see how that looks?

From: Crosswork Admin [mailto:admin () crosswork cisco com] 
Sent: 15 May 2019 11:39
To: Hank Nussbacher <Hank () mail iucc ac il>
Subject: CCNI Notification

Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm 
below: 

https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647

Compare that with what we used to get:

 

====================================================================
Possible Prefix Hijack (Code: 10)
====================================================================

Your prefix:          99.201.0.0/16:
Prefix Description:   Kuku net
Update time:          2018-08-12 17:50 (UTC)
Detected by #peers:   140
Detected prefix:      99.201.131.0/24
Announced by:         AS222246 (BGP hijacking Ltd)
Upstream AS:          AS111111 (Clueless ISP allowing customer hijacking Ltd)
ASpath:               555555 444444 333333 111111 222246
Alert details:        https://portal.bgpmon.net/alerts.php?details&alert_id=830521190
Mark as false alert:  https://portal.bgpmon.net/fp.php?aid=830521190

That is just a small sampling.  Maybe two years down the road, Cisco will speak to customers first before destroying a 
useful service.

Anyone else trying this out and feels the same or feels differently?

Disappointed,
Hank