?Is BGPmon going away? ________________________________ From: NANOG <nanog-boun...@nanog.org> on behalf of Hank Nussbacher <h...@efes.iucc.ac.il> Sent: Wednesday, May 15, 2019 3:50 AM To: nanog@nanog.org Subject: Cisco Crosswork Network Insights - or how to destroy a useful service
I have started to use Cisco Crosswork Network Insights which is the replacement for BGPmon and I am shocked at how Cisco has managed to destroy a useful tool. I have had a paid 50 prefix account since the day BGPmon became available and helped two clients implement a 500 prefix license over the past 4 years. None will be buying Cisco Crosswork Network Insights, based on my recommendation. I really don't know where to begin since there is so much to dislike in this new GUI. I will try to give you just a small taste but I suggest you request a 90 day trial license and try it out for yourself. This was not designed by someone who deals with BGP hijacks or who manages a network. It was probably given to some GUI developer with a minimal understanding of what the users needed. How do I know this? Take for example the main configuration menu: https://crosswork.cisco.com/#/configuration<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Fconfiguration&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=bdDTxnmNMYK1CerIUqB%2BdmyjWZbIPZHyIKei3ocU%2Ffk%3D&reserved=0> with the first tab of "prefixes". On that page there is no mention of which ASN the prefix is associated with. That of course was fundamental in the BGPmon menu: https://portal.bgpmon.net/myprefixes.php<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyprefixes.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944493959&sdata=BJ5gv1z3Olqa25%2FAN49vAf5g3Ay4BA2DVLNcLJB8nWo%3D&reserved=0> Or take for example its "express configuration", where you insert an ASN and it automatically finds all prefixes and creates a policy. But does it know the name of the ASN? Nope. Something again that was basic in BGPmon via: https://portal.bgpmon.net/myasn.php<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Fmyasn.php&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=TzGEF2aobeKBpPsA89XAZAUYNrDVtPsmJvnVL2A71JM%3D&reserved=0> is non-existent in CNI. Or how about the alarms one gets to an email? Want to see how that looks? From: Crosswork Admin [mailto:ad...@crosswork.cisco.com] Sent: 15 May 2019 11:39 To: Hank Nussbacher <h...@mail.iucc.ac.il><mailto:h...@mail.iucc.ac.il> Subject: CCNI Notification Active alarm count 1 starting at 2019-05-15 08:34:42.960762315 +0000 UTC. Please click on the link for each alarm below: https://crosswork.cisco.com/#/alarm/ba7c5084-f05d-4c12-a17f-be9e815d6647<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrosswork.cisco.com%2F%23%2Falarm%2Fba7c5084-f05d-4c12-a17f-be9e815d6647&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944503949&sdata=snL40%2Bb6OdCIqDCmDtB8SQYLFEXWa2loDlgdncqz38E%3D&reserved=0> Compare that with what we used to get: ==================================================================== Possible Prefix Hijack (Code: 10) ==================================================================== Your prefix: 99.201.0.0/16: Prefix Description: Kuku net Update time: 2018-08-12 17:50 (UTC) Detected by #peers: 140 Detected prefix: 99.201.131.0/24 Announced by: AS222246 (BGP hijacking Ltd) Upstream AS: AS111111 (Clueless ISP allowing customer hijacking Ltd) ASpath: 555555 444444 333333 111111 222246 Alert details: https://portal.bgpmon.net/alerts.php?details&alert_id=830521190<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Falerts.php%3Fdetails%26alert_id%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=WATe3hamPpjgl1oOev0Yt4EwIUpYa20kvOMZKkqe28o%3D&reserved=0> Mark as false alert: https://portal.bgpmon.net/fp.php?aid=830521190<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.bgpmon.net%2Ffp.php%3Faid%3D830521190&data=02%7C01%7Cjamann%40mt.gov%7Cad0e7d34170c4c4c5ba308d6d91b24f6%7C07a94c98f30f4abbbd7ed63f8720dc02%7C0%7C0%7C636935107944513943&sdata=GhpkGT65EFe6Pg6Mft%2FA9F3zY6lNc%2FfRcwNRdBqS9q0%3D&reserved=0> That is just a small sampling. Maybe two years down the road, Cisco will speak to customers first before destroying a useful service. Anyone else trying this out and feels the same or feels differently? Disappointed, Hank
