Cisco Crosswork Optimization Engine 1.1 User Guide

Device Management Overview

The Device Management application lets you create, edit, and delete:

The credential profiles that control Crosswork Optimization Engine's access to devices and providers. See Manage Credential Profiles.
The devices you manage using Crosswork Optimization Engine. See Manage Network Devices.

You can also use Device Management to review the jobs executed on your devices. See View Device Job History.

About Adding Devices

There are two ways to add devices to Cisco Crosswork Optimization Engine:

Automatically onboard devices and populate the inventory. High-level steps are documented in Workflow: Auto-Onboard Devices.
Manually onboard devices using a CSV file or the UI. High-level steps are documented in Workflow: Manually Import Devices

Auto-Onboard Devices

Auto-onboarding simplifies and expedites the device onboarding process. It automatically discovers and imports preformatted device data from a Cisco SR-PCE provider and enables you to quickly view the IGP topology (including devices, links and IP addresses) in the Cisco Crosswork Optimization Engine topology map.

To configure auto-onboarding, you add an SR-PCE provider with one of the following auto-onboard options: managed or unmanaged.

The auto-onboard managed option requires a single default credential profile (having SNMP access, at minimum) that will work for all devices.

The devices are auto-onboarded with the following attributes:

ISIS-System ID, OSPF Router ID, and TE router ID will be filled in the device’s routing information.
The Connectivity IP is assigned the same value as the TE router ID.
The default credential profile is set as the Credential Profile for each device.

Note

If a common credential profile cannot be used for all devices, or a different Connectivity IP is required, use the auto-onboard unmanaged option or Cisco Crosswork Optimization Engine will keep trying to connect to the devices and fail.

The auto-onboard unmanaged option should be used if you prefer devices not to be assigned a Credential Profile or Connectivity IP. SNMP or any other device collection is not performed. However, IGP topology is still seen on the topology map (logical view), but the information available is restricted to the information SR-PCE provides. Therefore, interface names are not shown, and in the case of OSPF, device Hostnames are also not shown. IP addresses are shown and can be used to identify devices and interfaces.

Auto-Onboard Notes and Limitations:

Consider the following information when choosing between unmanaged and managed options:

The TE router ID is used as the Connectivity IP of the device. This is the IP address Cisco Crosswork Optimization Engine will use to perform SNMP or CLI collection from the device. If the devices need to be reached over a separate management network, the Connectivity IP of all devices will need to be updated using the CSV Update Existing option (see Import Devices). In this case, use the unmanaged option for auto-onboarding to prevent repeated unsuccessful collection attempts from the devices.
The managed option works only if a single Credential Profile will work for accessing all the devices.
With the unmanaged option, since SNMP collection from the devices cannot be performed, interface names and possibly hostnames will not be available until the devices in inventory are updated with the correct Connectivity IP and Credential Profile and their state is updated to Managed.
Several device attributes cannot be discovered and need to be manually supplied. After the inventory is populated, you can download the device inventory CSV file, edit the file to add additional information (such as geographical location), and import it back into Cisco Crosswork Optimization Engine using the CSV Update Existing option. See Import Devices and Export Devices.

Manually Add Devices

You can manually onboard devices from a CSV file or add them using the UI. After adding credential profiles, configure providers and tags to group new devices (optional) you do one of the following:

Download the CSV template file from Inventory Management > Devices > and populate it with all the devices you will need (see Import Devices). This method can be time consuming, as you must create and enter all of the data yourself beforehand (including not only devices, but also the providers, credential profiles and tags), and then ensure all of these items are properly associated with the devices.

To quickly get up and running with Cisco Crosswork Optimization Engine by importing devices, follow the high-level steps documented in Workflow: Manually Import Devices.
Add devices using the UI (see Add Devices Through the UI. It is the most time-consuming since all data is validated during entry.

Prerequisites for Onboarding Devices

Before adding devices, you must ensure that the devices themselves are configured to collect and transmit telemetry data properly and communicate successfully with Cisco Crosswork Optimization Engine. The following sections provide sample configurations for a variety of communications options. Use them as a guide to configuring the devices you plan to manage using Cisco Crosswork Optimization Engine.

Pre-Onboarding SNMP v2 Device Configuration

Note

Only users configured with privilege level 15 can use the NETCONF APIs. Privilege level 15 can be used to configure the "enable" password option in XE devices. In such cases, NETCONF should not be included as one of the protocols to verify reachability and operational state for the onboarded devices.

Note

Only SNMPv2 and SNMPv3 (NoAuth/NoPriv) traps are supported.

The following commands provide a sample pre-onboarding device configuration that sets the correct SNMPv2 and NETCONF configuration, and SSH and Telnet rate limits. The NETCONF setting is only needed if the device is MDT-capable (XR 6.5.3/6.6.3 or higher).

logging console debugging
logging monitor debugging
telnet vrf default ipv4 server max-servers 100
telnet vrf default ipv6 server max-servers 100
crypto key generate rsa
line default
 exec-timeout 0 0
 width 107
 length 37
 absolute-timeout 0
!
snmp-server community public RO
snmp-server community robot-demo2 RO
snmp-server ifindex persist
ntp
 server <NTPServerIPAddress>
!
service cli history size 5000
service cli interactive disable
ssh server v2
ssh server vrf default
ssh server netconf vrf default
ssh server logging
ssh server rate-limit 100
ssh server session-limit 100
grpc      
 port 57400
!         
netconf agent tty
!         
netconf-yang agent
 ssh      
!

Pre-Onboarding SNMPv3 Device Configuration

If you want to enable SNMPv3 data collection, repeat the SNMPv2 configuration commands in the previous section, and add the following commands:

snmp-server group grpauthpriv v3 priv notify v1default
snmp-server user <user-ID> grpauthpriv v3 auth md5 <password> priv aes 128 <password>

Sample Configuration for Devices in Cisco NSO

If you plan to use Cisco NSO as a provider to configure devices managed by Cisco Crosswork Optimization Engine, be sure that the Cisco NSO device configurations observe the following guidelines.

The following example shows a Cisco NSO setup that uses the hostname as the device ID. If you are using a CSV file to import devices, use ROBOT_PROVDEVKEY_HOST_NAME as the enum value for the provider_node_key field. The example hostname RouterFremont used here must match the hostname for the device in the CSV file.


configure
set devices device RouterFremont address 198.18.1.11 port 22
set devices device RouterSFO address 198.18.1.12 port 830

The authgroup username and password in the CSV file must match the username and password in the credential profile associated with the Cisco NSO provider. For example:


set devices authgroups group cisco default-map remote-name cisco remote-password cisco
set devices device Router* device-type netconf ned-id cisco-iosxr-nc-6.6
set devices device Router* authgroup cisco

The device itself must be synchronized with Cisco NSO before you import that device. For example:


set devices device Router* state admin-state unlocked
request devices device Router* ssh fetch-host-keys
request devices device Router* sync-from
commit

Reachability and Operational State

Cisco Crosswork Optimization Engine computes the Reachability State of the providers it uses and devices it manages, as well as the Operational State of reachable managed devices. It indicates these states using the icons in the following table.

Table 1. Reachability and Operational State Icons
This Icon...	Indicates...
Reachability State icons show whether a device or a provider is reachable or not
	Reachable: The device or provider can be reached by all configured protocols configured for it.
	Reachability Degraded: The device or provider can be reached by at least one protocol, but is not reachable by one or more of the other protocols configured for it.
	Unreachable: The device or provider cannot be reached by reachable by any protocol configured for it.
	Reachability Unknown: Cisco Crosswork Optimization Engine cannot determine if the device is reachable, degraded, or unreachable . This state can also occur if the device is not connected to Cisco Crosswork Data Gateway.
Operational State icons show whether a device is operational or not.
	The device is operational and under management, and all individual protocols are "OK" ( also known as "up").
	The device is not operational ("down"). The same icon is used when the device has been set "administratively down" by an operator.
	The device's operational or configuration state is unknown.
	The device's operational or configuration state is degraded.
	The device's operational or configuration state is in an error condition. It is either not up, or unreachable, or both, due to errors encountered while attempting to reach it and compute its operational state. The number in the circle shown next to the icon indicates the number of recent errors. Click on the number to see a list of these errors. (Note that the icon badging for errors is not available in the Network Topology application.)
	The device's operational state is currently being checked
	The device is being deleted.
	The device is unmanaged.

The Reachability State of a device is computed as follows:

Reachability is always computed for each device as long as the device's configured state (as configured by users) is UP. It is not computed if the device is administratively DOWN or UNMANAGED.
Reachability state is always either REACHABLE, UNREACHABLE, or UNKNOWN.
- The Reachability state is REACHABLE if there is at least one route to the device via at least one protocol AND the device is discoverable.
- The Reachability state is UNREACHABLE if there are no routes to the device via one protocol OR the device does not respond.
- The Reachability state is UNKNOWN if the device is UNMANAGED.

The Operational State of a device is computed as follows:

Operational state is always computed for each device as long as the device's configured state (as configured by users) is UP. It is not computed if the device is administratively DOWN or UNMANAGED.
Operational state is always OK or ERROR.
For a device to be Operational=OK, the device must be REACHABLE and discoverable. Any other Reachability state is ERROR.

For XR or XE devices only, Operational=OK also requires that Clock Drift difference between the Crosswork host and device clocks is <=the default Drift Value, currently 2 minutes.

Note

Confirm that devices have Telnet/SSH enabled. If it is not enabled, the Clock Drift throws an error and the operational state will always show a clock synchronization error.

Manage Credential Profiles

Credential profiles are collections of credentials for SNMP, Telnet/SSH, HTTP, and other network protocols. You can have multiple protocols and credentials in a single credential profile.

Using credential profiles lets you automate device configuration changes and monitoring, and communicate with providers. When you add or import devices, or create providers, you specify the credential profile(s) those devices and providers use.

Note

Credentials just validates authentication since the corresponding protocol configured on the devices does the work. Devices should be present in the Devices window and be reachable.

From the Credential Profiles window, you can create a new credential profile, update the settings configured for an existing profile, or delete a profile. To open this window, choose Inventory Management > Credential Profiles from the main menu.

Figure 1. Credentials Profile window


Item	Description
1	Click to add a credential profile. See Create Credential Profiles.
	Click to edit the settings for the selected credential profile. See Edit Credential Profiles.
	Click to delete the selected credential profile. See Delete Credential Profiles.
	Click to import new credential profiles from a CSV file. You can also download a CSV file template by clicking this icon. The template includes sample data that you can use as a guide for building your own CSV file. See Import Credential Profiles.
	Click to export credential profiles to a CSV file. See Export Credential Profiles.
2	Click to refresh the Credential Profiles window.
2	Click to choose the columns to make visible in the Credential Profiles window (see Set, Sort and Filter Table Data).
3	Click to set filter criteria on one or more columns in the Credential Profiles window.
3	Click the Clear Filter link to clear any filter criteria you may have set.

Create Credential Profiles

Follow the steps below to create a new credential profile. You can then use the profile to apply credentials consistently when you add new devices or providers. You can add as many protocols and corresponding credentials to the profile as you want.

If you have many credential profiles to add, you may find it more efficient to put the information in a CSV file and import the file. See Import Credential Profiles.

When creating device credential profiles that contain SNMP credentials, Cisco recommends that the profile contain credentials for the version of SNMP actually enabled on the device, and that version only. For example: If SNMPv3 is not enabled in the device configuration, do not include SNMPv3 credentials in the device credential profile.

If you plan to use the import and export features and CSV files to create credential profiles in bulk, please note that:

All the characters in each password or community string entry in every credential profile exported to a CSV file are replaced with asterisks (Export Credential Profiles).
You cannot import credential profiles if the passwords and community strings in the CSV file are blank (see Import Credential Profiles).

To maintain network security, Cisco recommends that you use asterisks in place of real passwords and community strings in any CSV file you plan to import. After the import, follow the steps in Edit Credential Profiles to replace the asterisks with actual passwords and community strings.

Procedure

Step 1

From the main menu, choose Inventory Management > Credential Profiles > Credentials.

Step 2

Click Add icon .

Step 3

In the Profile Name field, enter a descriptive profile name. The name can contain a maximum of 128 alphanumeric characters, plus underscores ("_") or hyphens ("-"). No other special characters are allowed.

If you will have many credential profiles, make the name as informative as possible because that information will be displayed on the Credential Profiles panel.

Step 4

Select a protocol from the Connectivity Type dropdown.

Step 5

Complete the credentials fields described in the following table. The required and optional fields displayed will vary with the connectivity type you chose. The values you enter must match the values configured on the device.


Connectivity Type	Fields
SSH	Enter the required User Name, Password, and Confirm Password. The Enable Password is optional.
SNMPv2	Enter the required SNMPv2 Read Community string. The Write Community string is optional.
NETCONF	Enter the required User Name, Password, and Confirm Password.
TELNET	Enter the required User Name, Password, and Confirm Password. The Enable Password is optional.
HTTP	Enter the required User Name, Password, and Confirm Password.
HTTPS	Enter the required User Name, Password, and Confirm Password.
GRPC	Enter the required User Name, Password, and Confirm Password.
SNMPv3	Choose the required Security Level and enter the User Name. If you chose the NO_AUTH_NO_PRIV Security Level of AUTH_NO_PRIV or AUTH_PRIV, the remaining fields are optional. If you chose the AUTH_NO_PRIV Security Level, you must choose an Auth Type and enter an Auth Password. If you chose the AUTH_PRIV Security Level, you must choose an Auth Type and Priv Type, and enter an Auth Password and Priv Password. Only the following SNMPv3 Privacy Types are supported CFB_AES_128 CBC_DES_56 The following Privacy Types are not supported: AES192 AES256 3DES

Step 6

(Optional) Click + Add Another and repeat the above steps, as needed, for all other protocols and corresponding credentials you want to add to this credential profile.

Step 7

Click Save.

Import Credential Profiles

Complete the steps below to create a CSV file that specifies multiple credential profiles and then import it into Cisco Crosswork Optimization Engine.

Importing credential profiles from a CSV file adds any profiles not already in the database. You cannot import a credential profile that already exists.

If you are re-importing a credential profile CSV file that you previously exported and modified, remember that all the passwords and community strings in the exported credential profile CSV file are replaced with asterisks. You cannot re-import an exported credential profile CSV file with blank passwords. To maintain security, Cisco recommends that you use asterisks in place of real passwords and community strings in the CSV file. After the import, follow the steps in Edit Credential Profiles to replace the asterisks with actual passwords and community strings.

Procedure

Step 1

From the main menu, choose Inventory Management > Credentials.

Step 2

Click Import icon to open the Import CSV File dialog box.

Step 3

If you have not already created a credential profile CSV file to import:

Click the Download sample 'Credential template (*.csv)' file link and save the CSV file template to your local disk.

Open the template using your preferred tool. Begin adding rows to the file, one row for each credential profile.

Use a semicolon to separate multiple entries in the same field. Use two semicolons with no space between them to indicate that you are leaving the field blank. When you separate multiple entries with semicolons, remember that the order in which you enter values in each field is important. For example, if you enter SSH;NETCONF;TELNET in the Connectivity Type field and you enter UserTom;UserDick;UserHarry; in the User Name field, the order of entry determines the mapping between the two fields:

SSH: UserTom
NETCONF: UserDick
TELNET: UserHarry

Also note:

Be sure to enter SNMP community string information exactly as currently entered on your devices. Failure to do so may result in loss of device connectivity.
Password and community string information associated with a user ID are stored in plain text in the CSV file you prepare. Be aware of the security implications of this, and apply appropriate safeguards.


Field	Entries	Required or Optional
Credential Profile	The name of the credential profile. For example: `srpce`.	Required
Connectivity Type	Valid values are: `SSH`, `SNMPv2`, `NETCONF`, `TELNET`, `HTTP`, `HTTPS`, `GRPC` or `SNMPv3`	Devices—SNMP and SSH (to avoid operational errors due to clock synchronization checks) are required. SR-PCE—Since SR-PCE is considered a provider and a device, SSH, and HTTP are required.
User Name	For example: `SRPCEUser`	Required if Connectivity Type is `SSH`, `NETCONF`, `TELNET`, `HTTP`, `HTTPS`, `SNMPv3` or `GRPC.`
Password	The password for the preceding User Name.	Required if Connectivity Type is `SSH`, `NETCONF`, `TELNET`, `HTTP`, `HTTPS` or `GRPC`
Enable Password	Use an Enable password. Valid values are: `ENABLE`, `DISABLE`, or leave blank (unselected)
Enable Password Value	Specify the Enable password to use.	Required only if Enable Password is set to `Enable`.
SnmpV2 Read Community	For example: `readprivate`	Required if Connectivity Type is `SNMPv2`
SnmpV2 Write Community	For example: `writeprivate`
SnmpV3 User Name	For example: `DemoUser`	Required if Connectivity Type is `SNMPv3`
SnmpV3 Security Level	Valid values are `noAuthNoPriv`, `AuthNoPriv` or `AuthPriv`	Required if Connectivity Type is `SNMPv3`
SnmpV3 Auth Type	Valid values are `HMAC_MD5` or `HMAC_SHA`	Required if Connectivity Type is `SNMPv3` and SnmpV3 Security Level is `AuthNoPriv` or `AuthPriv`
SnmpV3 Auth Password	The password for this authorization type.	Required if Connectivity Type is `SNMPv3` and SnmpV3 Security Level is `AuthNoPriv` or `AuthPriv`
SnmpV3 Priv Type	Valid values are `CFB_AES_128` or `CBC_DES_56` The following SNMPv3 privacy types are not supported: AES192, AES256, 3DES	Required if Connectivity Type is `SNMPv3` and SnmpV3 Security Level is `AuthPriv`
SnmpV3 Priv Password	The password for this privilege type.	Required if Connectivity Type is `SNMPv3` and SnmpV3 Security Level is `AuthPriv`

Be sure to delete the sample data rows before saving the file or they will be imported along with the data you want. The column header row can stay, as it is ignored during import.

When you are finished, save the new CSV file.

Step 4

Click Browse to navigate to the CSV file you just created and then click Open to select it.

Step 5

With the CSV file selected, click Import.

The credential profiles you imported should now be displayed in the Devices window.

Edit Credential Profiles

A credential profile can be shared by multiple devices, even hundreds of devices in a large network. Complete the following procedure to edit credential profile settings.

Warning

Changing the settings in a credential profile without first changing the settings on the device associated with the profile may result in a loss of connectivity.

Before editing any credential profile, it is always good practice to export a CSV backup of the profiles you want to change (see Export Credential Profiles).

Procedure

Step 1

From the main menu, choose Inventory Management > Credentials.

Step 2

From the left-hand side of the Credential Profiles window, select the profile you want to update, and click Edit icon .

The Edit Profile window of the selected credential is displayed.

Step 3

Make the necessary changes and then click Save.

Delete Credential Profiles

Follow the steps below to delete a credential profile.

Note

You cannot delete a credential profile that is associated with one or more devices or providers.

Procedure

Step 1	Export a backup CSV file containing the credential profile you plan to delete (see Export Credential Profiles).
Step 2	Check whether any devices or providers are using the credential profile you plan to delete. You can do this by filtering on the Credential Profile column, which is available on both the Devices window (choose Inventory Management > Credentials) and the Providers window (choose Inventory Management > Credentials).
Step 3	Reassign the devices or providers to a different credential profile (for help with this task, see Change a Device's Credential Profile or Change the Credential Profile for Multiple Devices, and Edit Providers).
Step 4	After all devices and providers have had their credential profiles reassigned: From the main menu, choose Inventory Management > Credentials.
Step 5	In the Credential Profiles window, choose the profile that you want to delete and then click .

Export Credential Profiles

Exporting credential profiles stores all the profiles you selected in a CSV file. This is a quick way to make backup copies of your credential profiles. You can also edit the CSV file as needed, and re-import it to add new credential profile data. You cannot overwrite existing credential profiles by importing a CSV file.

The exported credential profiles CSV file does not contain real passwords or community strings. All the characters in the passwords and community strings entries in the credential profiles are replaced with asterisks in the exported CSV file. If you plan on modifying your exported CSV file and then re-importing it, Cisco recommends that you use asterisks in place of real passwords and community strings. After the import, follow the steps in Edit Credential Profiles to replace the asterisks with actual passwords and community strings.

Procedure

Step 1	From the main menu, choose Inventory Management > Credentials.
Step 2	(Optional) In the Credential Profiles window, filter the credential profile list as needed.
Step 3	Check the check boxes for the profiles you want to export. Check the check box at the top of the column to select all the profiles for export.
Step 4	Click . Depending on your browser, you will be prompted to select a path and file name to use when saving the CSV file, or to open it immediately

Change a Device's Credential Profile

You can edit device information, including changing the credential profile in the device record. This operation changes an existing association between a device and a credential profile.

Before you begin

You need a credential profile to complete this task. To create a credential profile, see Create Credential Profiles.

Note

Make sure the profile’s credential settings are correct before following this procedure.

Procedure

Step 1	From the main menu, choose Device Management > Devices.
Step 2	(Optional) Filter the device list by entering text in the Search field or filtering specific columns.
Step 3	Check the check box of the device you want to change, and click .
Step 4	Choose a different credential profile from the Credential Profile drop-down list.
Step 5	Click Save.

After the device record is updated, the system attempts to communicate with the device using the new profile. Confirm that the device is reachable without any errors.

Change the Credential Profile for Multiple Devices

If you want to change the credential profile for a large number of network devices, you may find it more efficient to make the change by editing a devices CSV file. The basic method is:

Export a CSV file containing the devices whose credential profiles you want to change (see Export Devices).
Edit the CSV file, changing the credential profile for each device (this credential profile must already exist). Save the edited file.
Import the edited devices CSV file using the Update Existing option. You will overwrite the credential profile data for each device (see Import Devices).

You will need to make sure that the credential profile to which you are changing already exists. If you have not yet created that credential profile, the CSV import will fail. The credential profile you associate with these devices must also have the authorization credentials for every protocol that was configured for these devices during onboarding. If any credential for a specific protocol configured on the devices is missing from or incorrect in the credential profile, then the CSV import will succeed, but reachability checks will fail for these devices.

Procedure

Step 1	From the main menu, choose Inventory Management > Devices.
Step 2	Choose the devices whose credential profiles you want to change. Your options are: Click to include all devices. Filter the device list by entering text in the Search field or by filtering specific columns. Then click to include only the filtered list of devices. Check the boxes next to the device records you want to change. Then click to include only the devices that have been checked.
Step 3	Edit and save the new CSV file using the tool of your choice. Be sure to enter the correct credential profile name in the Credential Profile field for each device.
Step 4	Click .
Step 5	In the Import dialog box, click Browse, choose the new CSV file, and click Update Existing.

Manage Providers

Cisco Crosswork Optimization Engine communicates with SR-PCE and NSO providers. Cisco Crosswork Optimization Engine stores the provider connectivity details and makes that information available to applications.

Note

Other providers are available on the UI. However, they are not used by Cisco Crosswork Optimization Engine. They are used by other Cisco Network Automation applications.

From the Providers window, you can add a new provider, update the settings configured for an existing provider, and delete a particular provider. To open this window, choose Inventory Management > Providers .


Item	Description
1	The icon shown next to the provider in this column indicates the provider's Reachability. For more on the icons and how reachability is determined, see Reachability and Operational State.
2	Click to add a provider. See Add Cisco SR-PCE Providers.
	Click to edit the settings for the selected provider. See Edit Providers.
	Click to delete the selected provider. See Delete Providers.
	Click to import new providers or update existing providers from a CSV file. You can also download a CSV file template by clicking this icon. The template includes sample data that you can use as a guide for building your own CSV file. See Import Providers.
	Click to export a provider to a CSV file. See Export Providers.
3	Click next to the provider in the Provider Name column to open the Properties for pop-up window, showing the details of any startup session key/value pairs for the provider.
4	Click next to the provider in the Connectivity Type column to open the Connectivity Details pop-up window, showing the protocol, IP and other connection information for the provider.
5	Click to refresh the Providers window.
5	Click to choose the columns to make visible in the Providers window (see Set, Sort and Filter Table Data).
6	Click to set filter criteria on one or more columns in the Providers window.
6	Click the Clear Filter link to clear any filter criteria you may have set.

Add Cisco SR-PCE Providers

Cisco Segment Routing Path Computation Elements (Cisco SR-PCE) providers supply device discovery, management, configuration-maintenance and route-calculation services to Cisco Crosswork Optimization Engine. At least one SR-PCE provider is required in order to learn and discover SR policies, Layer 3 links, and devices.

Follow the steps below to add (through the UI) up to two instances of Cisco SR-PCE as providers for Cisco Crosswork Optimization Engine.

Before you begin

You will need to:

Create a credential profile for the Cisco SR-PCE provider (see Create Credential Profiles). This should be a basic HTTP text-authentication credential (currently, MD5 authentication is not supported). If the Cisco SR-PCE server you are adding does not require authentication, you must still supply a credential profile for the provider, but it can be any profile that does not use the HTTP protocol.
Know the name you want to assign to the Cisco SR-PCE provider. This is usually the DNS hostname of the Cisco SR-PCE server.
Know the Cisco SR-PCE server IP address.
Determine whether you want to auto-onboard the devices that Cisco SR-PCE discovers and, if so, whether you want the new devices to have their management status set to managed or unmanaged when added. For more information, see Auto-Onboard Property Descriptions.
If you plan to auto-onboard devices that the Cisco SR-PCE provider discovers, and set them to a managed state when they are added to the database:
- Assign an existing credential profile for communication with the new managed devices.
- The credential profile must be configured with an SNMP protocol.
For high availability, ensure that you set up two separate Cisco SR-PCE providers with unique names and IP addresses, but with matching configurations (see Configure Redundant Cisco SR-PCEs).

Procedure

Step 1

From the main menu, choose Inventory Management > Providers .

Step 2

Click Add icon .

Step 3

Enter the following values for the Cisco SR-PCE provider fields:

Required fields:

Provider Name: Name of the SR-PCE provider that will be used in Cisco Crosswork Optimization Engine.
Credential Profile: Select the previously created Cisco SR-PCE credential profile.
Family: Select SR_PCE. All other options should be ignored.
Protocol: Select HTTP. All other options should be ignored.
IP Address/ Subnet Mask: Enter the IP address (IPv4 or IPv6) and subnet mask of the server.

Provider Properties: Enter one of the following key/value pairs in the first set of fields (see About Adding Devices and Auto-Onboard Property Descriptions):


Property Key	Value
`auto-onboard`	`off`
`auto-onboard`	`unmanaged`
`auto-onboard`	`managed`

If you enter the auto-onboard/managed pair:

Click the next to the first set of fields to add a new set.
In the new Property Key field, enter device-profile.
In the new Property Value field, enter the name of a credential profile that contains SNMP credentials for all the new devices.

Optional value:
- Timeout: The amount of time (in seconds) to wait before timing out the connection to the SR-PCE server. The default is 30 seconds.

Step 4

When you have completed entries in all of the required fields, click Save to add the SR-PCE provider.

Step 5

Confirm that the SR-PCE provider shows a green Reachability status without any errors. You can also view the Events window to see if the provider has been configured correctly.

Note

It is not recommended to modify auto-onboard options (managed/unmanaged/off) once set. If you need to modify them, do the following:

Delete the provider and wait until deletion confirmation is displayed in the Events page.
Re-add the provider with the updated auto-onboard option.
Confirm the provider has been added with the correct auto-onboard option in the Events page.

What to do next

If you entered the auto-onboard/off pair, navigate to Inventory Management > Devices to add a device list (see Import Devices).
If you opted to automatically onboard devices, navigate to Inventory Management > Devices to view the device list. To add more node information such as geographical location details, export the device list (.csv), update it, and import it back. If geographical location data is missing, you will only be able to see device topology using the logical map.

Auto-Onboard Property Descriptions

The following table describes auto-onboard property provider fields.


Field	Description
off	If this option is enabled, you add or import devices manually (typically using a .csv file). When devices are discovered, the device data is recorded in the Cisco SR-PCE database, but is not registered in Crosswork Optimization Engine Inventory Management database.
unmanaged	If this option is enabled, all devices that Cisco SR-PCE discovers will be registered in the Cisco Crosswork Optimization Engine Inventory Management database, with their configured state set to `unmanaged`. SNMP polling will be disabled for these devices, and no management IP information will be included. To get these devices into the `managed` state later, you will need to download them as a CSV file (see Export Devices), and modify the CSV file to add the SNMP and management IP address information. You can then update the auto-onboarded devices with this information by importing the modified CSV file (see Import Devices). You can also assign credential profile by adding them to the device CSV file before import (the credential profiles must already exist).
managed	If this option is enabled, all devices that Cisco SR-PCE discovers will be registered in the Cisco Crosswork Optimization Engine Inventory Management database, with their configured state set to `managed`. SNMP polling will be enabled for these devices, and Cisco SR-PCE will also report the management IP address (Router ID). You will also need to add a second Provider Properties key/value pair, with the key `device-profile` and the value being the name of a credential profile for the new devices.

Note

If managed or unmanaged options are set and you want to delete a device later, you must do one of the following:.

Reconfigure and remove the devices from the network before deleting the device from Cisco Crosswork Optimization Engine. This avoids Cisco Crosswork Optimization Engine from rediscovering and adding the device back to Cisco Crosswork Optimization Engine.
Set auto-onboard to off, and then delete the device from Cisco Crosswork Optimization Engine. However, doing so will not allow Cisco Crosswork Optimization Engine to detect or auto-onboard any new devices in the network.

Cisco SR-PCE Reachability Issues

You can find reachability issues raised in the Events table and reachability status in the Providers window (see Get Provider Details). If the SR-PCE goes down, all links in the topology will display with the last known state since the SR-PCE cannot send any notification updates. When the SR-PCE becomes reachable again, a message will show in the Events window that SR-PCE is reconnected and the topology will be updated accordingly. If you find that the SR-PCE goes down for an extended amount of time, it is not syncing, updates are not happening, then delete the SR-PCE and add it back (when connectivity returns) using the UI:

Execute the following command:
```
# process restart pce_server
```
From the UI, navigate to Inventory Management > Providers and delete the SR-PCE provider and then add it back again.

You can also troubleshoot reachability as follows:

Procedure

Step 1	Check device credentials.
Step 2	Ping the provider host.
Step 3	Attempt a connection using the protocols specified in the connectivity settings for the provider. For an SR-PCE provider, it is typically HTTP and port 8080. `curl --raw -vN "http://<hostname or ip-address>:8080/topology/subscribe/txt" curl --raw -vN "http://<username>:<password>@`
Step 4	Check your firewall setting and network configuration.
Step 5	Check the Cisco SR-PCE host or intervening devices for Access Control List settings that might limit who can connect.

Configure Redundant Cisco SR-PCEs

You can set up two Cisco SR-PCEs to ensure high availability (HA). The two Cisco SR-PCE providers must have matching configurations, supporting the same network topology. In HA, if the primary SR-PCE becomes unreachable, Cisco Crosswork Optimization Engine uses the secondary SR-PCE to discover the network topology. The network topology will continue to be updated correctly and you can view SR-PCE connectivity events in the Events table.

Configure HA

The following configurations must be done to enable HA when two Cisco SR-PCE providers are added in Cisco Crosswork Optimization Engine.

Note

There must be resilient IPv4 connectivity between both SR-PCEs to enable HA. PCE IP address of the other SR-PCE should be reachable by the peer at all times.

Issue the following commands on each of the Cisco SR-PCE devices:

Enable the interface:

# interface <interface><slot>/<port>
ipv4 address <sync-link-interface-ip-address> <subnet-mask>
no shut

Enable HA:


# pce rest sibling ipv4 <other-node-pce-address>

Establish a sync link between the two SR-PCEs:

# router static
address-family ipv4 unicast
<other-node-pce-ip-address>/<subnet-mask-length> <remote-sync-link-ip-address>

(Optional) # pce segment-routing traffic-eng peer ipv4 <other-node-pce-ip-address>

It should be entered for each PCC and not for other PCE nodes.

Issue the following command on the PCC:

For SR Policies: # segment-routing traffic-eng pcc redundancy pcc-centric

For RSVP-TE Tunnels: # mpls traffic-eng pce stateful-client redundancy pcc-centric

Confirm Sibling SR-PCE Configuration

From the SR-PCE, enter the show tcp brief command to verify synchronization between SR-PCEs in HA are intact:

#show tcp brief | include <remote-SR-PCE-router-id>

Confirm that following information is correct:


Local Address	Foreign Address	State
`<local-SR-PCE-router-id>:8080`	`<local-SR-PCE-router-id>:<any-port-id>`	ESTAB
`<local-SR-PCE-router-id>:<any-port-id>`	`<local-SR-PCE-router-id>:8080`	ESTAB

SR-PCE Delegation

Depending on where an SR policy is created, the following SR-PCE delegation occurs:

SR-PCE initiated—Policies configured on a PCE. SR policies are delegated back to the source SR-PCE.

Note

The policy can be PCE initiated even if it is created using the UI, but in that case it is not configured explicitly on SR-PCE.
RSVP-TE tunnels cannot be configured directly on a PCE.

PCC initiated—An SR policy or RSVP-TE tunnel that is configured directly on a device. The SR-PCE configured with the lowest precedence is the delegated SR-PCE. If precedence is not set, then SR-PCE with the lowest PCE IP address is the delegated SR-PCE. The following configuration example, shows that 10.0.0.1 is assigned a precedence value of 10 and will be the delegated SR-PCE.

segment-routing
  traffic-eng
    pcc
      source-address ipv4 10.0.0.2
      pce address ipv4 10.0.0.1
        precedence 10
       !
      pce address ipv4 10.0.0.8
        precedence 20
       !
       report-all
       redundancy pcc-centric

For RSVP-TE Tunnel:

mpls traffic-eng
interface GigabitEthernet0/0/0/0
  admin-weight 1
!
interface GigabitEthernet0/0/0/1
  admin-weight 1
!
interface GigabitEthernet0/0/0/2
  admin-weight 1
!
pce
  peer source ipv4 192.168.0.02
  peer ipv4 192.168.0.9
    precedence 10
  !
  peer ipv4 192.168.0.10
    precedence 20
  !
  stateful-client
   instantiation
   report
   redundancy pcc-centric
   autoroute-announce
  !
!
auto-tunnel pcc
  tunnel-id min 990 max 999

Cisco Crosswork Optimization Engine SR-PCE initiated—An SR policy that is configured using Cisco Crosswork Optimization Engine. SR-PCE delegation is random per policy.

Note

Only TE tunnels (SR policies or RSVP-TE tunnels) created by Cisco Crosswork Optimization Engine can be modified or deleted by Cisco Crosswork Optimization Engine.

HA Notes and Limitations

It is assumed that all PCCs are PCEP connected to both SR-PCEs.
When an SR-PCE is disconnected only from Cisco Crosswork Optimization Engine, the following occur:
- SR-PCE delegation assignments remain, but the SR-PCE that has been disconnected will not appear in Cisco Crosswork Optimization Engine.
- You are not able to modify Cisco Crosswork Optimization Engine SR-PCE initiated SR policies if the disconnected SR-PCE is the delegated PCE.
After an SR-PCE reloads, do the following:
1. Execute the following command:
```
# process restart pce_server
```
2. From the UI, navigate to Inventory Management > Providers and delete the PCE sibling configuration in both SR-PCEs and then add the sibling configuration back again.
In some cases, when an SR policy that was created via the UI is automatically deleted (intentional and expected) from Cisco Crosswork Optimization Engine, a warning message does not appear. For example, if the source PCC is reloaded, the UI created SR policy disappears and the user is not informed.
In an extreme case where one SR-PCE fails on all links (to PCCs/topology devices) except the up-link to Cisco Crosswork Optimization Engine, then topology information will not be accurate in Cisco Crosswork Optimization Engine. When this happens, fix the connectivity issue or delete both SR-PCEs from the Provider page and re-add the one that is reachable.

SR-PCE Configuration Examples

The following configurations are examples to guide you in a multiple SR-PCE setup for HA. Please modify accordingly.

Sample redundant SR-PCE configuration (on PCE)


pce
 address ipv4 192.168.0.7
 rest
  sibling ipv4 192.168.0.6

Sample redundant SR-PCE Configuration (PCC)

segment-routing
 traffic-eng
  pcc
   source-address ipv4 192.0.2.1
   pce address ipv4 192.0.2.6
    precedence 200
   !
   pce address ipv4 192.0.2.7
    precedence 100
   !
   report-all
   redundancy pcc-centric

Sample redundant SR-PCE Configuration (on PCC) for RSVP-TE

Note

Loopback0 represents the TE router ID.


ipv4 unnumbered mpls traffic-eng Loopback0
!
mpls traffic-eng
 pce
  peer source ipv4 209.165.255.1
  peer ipv4 209.165.0.6
   precedence 200
  !
  peer ipv4 209.165.0.7
   precedence 100
  !
  stateful-client
   instantiation
   report
   redundancy pcc-centric
   autoroute-announce
  !
 !
 auto-tunnel pcc
  tunnel-id min 1000 max 1999
 !
!

Sample SR-TM Configuation


telemetry model-driven
 destination-group crosswork
  address-family ipv4 198.18.1.219 port 9010
   encoding self-describing-gpb
   protocol tcp
  !
 !
 sensor-group SRTM
  sensor-path Cisco-IOS-XR-infra-tc-oper:traffic-collector/afs/af/counters/tunnels
  sensor-path Cisco-IOS-XR-infra-tc-oper:traffic-collector/vrf-table/default-vrf/afs/af/counters/prefixes
 !
 subscription OE
  sensor-group-id SRTM sample-interval 60000
  destination-id crosswork
  source-interface Loopback0
!
traffic-collector
 interface GigabitEthernet0/0/0/3
 !
 statistics
  history-size 10

Note

The destination address uses the southbound data interface (eth1) address of the Cisco Crosswork Data Gateway VM.

Path Computation Client (PCC) Support

PCCs can support delegation and reporting of both RSVP-TE tunnels and SR policies to SR-PCE. In order for both to be supported on the same PCC, two separate PCEP connections must be established with the SR-PCEs. Each PCEP connection must have a distinct source IP address (Loopback) on the PCC.

The following is a Cisco IOS-XR configuration example of PCEP connections for RSVP-TE, where 192.168.0.2 is the PCEP session source IP for RSVP-TE tunnels delegated and reported to SR-PCE. It is a loopback address on the router. Two SR-PCEs are configured for PCEP sessions, where the first will be preferred for delegation of RSVP-TE tunnels due to precedence. Auto-tunnel PCC is configured with a range of tunnel IDs that will be used for assignment to PCE-initiated RSVP-TE tunnels like those created in Crosswork Optimization Engine.


mpls traffic-eng
interface GigabitEthernet0/0/0/2
admin-weight 1
!
interface GigabitEthernet0/0/0/3
admin-weight 1
  pce
    peer source ipv4 192.168.0.2
    peer ipv4 192.168.0.1
      precedence 10
     !    
    peer ipv4 192.168.0.8
      precedence 11
     !
    stateful-client
      instantiation
      report
     ! 
   !
   auto-tunnel pcc
    tunnel-id min 10 max 1000
   !
!
ipv4 unnumbered mpls traffic-eng Loopback0

rsvp
interface GigabitEthernet0/0/0/2
bandwidth 1000000
!
interface GigabitEthernet0/0/0/3
bandwidth 1000000
!
!

Add Cisco NSO Providers

Cisco Network Services Orchestrator (Cisco NSO) providers supply device management and configuration maintenance services to Cisco Crosswork Optimization Engine.

Follow the steps below to add (through the UI) a Cisco NSO provider for Cisco Crosswork Optimization Engine. You can also add providers using CSV files (see Import Providers).

Before you begin

You will need to:

Create a credential profile for the Cisco NSO provider (see Create Credential Profiles).

Know the name you want to assign to the Cisco NSO provider.
Know the Cisco NSO NED device models and driver versions used in your topology.
Know the Cisco NSO server IP address and hostname.
Confirm Cisco NSO device configurations (see Sample Configuration for Devices in Cisco NSO).

Procedure

Step 1	From the main menu, choose Inventory Management > Providers .
Step 2	Click .
Step 3	Enter the following values for the Cisco NSO provider fields: Required fields: Provider Name: Enter a name for the provider that will be used in Cisco Crosswork Optimization Engine. Credential Profile: Select the previously created Cisco NSO credential profile. Family: Select `NSO`. Device Key: Select the method that Cisco NSO uses to identify devices uniquely. This will serve as the way Cisco Crosswork Optimization Engine maps the device to Cisco NSO. Choose `NODE_IP` and other options you wish. Under Connection Type(s), Protocol: IP Address/Subnet Mask: Enter the IP address (IPv4 or IPv6) and subnet mask of the Cisco NSO server. Port: Enter the port to use to connect to the Cisco NSO server. The default is `2022`. Model: Select the model (Cisco-IOS-XR, Cisco-NX-OS, or Cisco-IOS-XE) from the drop-down list and enter its associated NED driver version. Add a model for each type of device that will be used in the topology. If you have more than one, select to add another supported model. Version: Enter the default software version of the device. For more information on fields, see Import Providers. Optional values: Timeout: The amount of time (in seconds) to wait before timing out the connection to the Cisco NSO server. The default is 30 seconds.
Step 4	Under Provider Properties, enter a Provider Key of `forward` and a Property Value of `true`.
Step 5	When you have completed entries in all of the required fields, click Save to add Cisco NSO as a provider.

Import Providers

Complete the steps below to create a CSV file that specifies providers and then import it into Cisco Crosswork Optimization Engine.

Importing providers from a CSV file adds any providers not already in the database, and updates any providers with the same name as an imported provider. For this reason, it is a good idea to export a backup copy of all your current providers before an import (see Export Providers).

Procedure

Step 1

From the main menu, choose Inventory Management > Providers .

Step 2

Click Import icon to open the Import CSV File dialog box.

Step 3

If you have not already created a provider CSV file to import:

Click the Download sample 'Provider template (*.csv)' file link and save the CSV file template to a local storage resource.

Open the template using your preferred tool. Begin adding rows to the file, one row for each provider.

Use a semicolon to separate multiple entries in the same field. Use two semicolons with no space between them to indicate that you are leaving the field blank. When you separate entries with semicolons, the order in which you enter values is important. For example, if you enter SSH;SNMP;NETCONF;TELNET in the connectivity_type field and you enter 22;161;830;23 in the connectivity_port field, the order of entry determines the mapping between the two fields:

SSH: port 22
SNMP: port 161
NETCONF: port 830
Telnet: port 23

Field

Description

Required or Optional

Provider Name

Enter the name for the provider that will be used in Crosswork Optimization Engine. For example: MySRPCE.

Required

Connectivity Type

Enter the name of the protocol that Crosswork Optimization Engine will use to connect to the provider. For example: ROBOT_MSVC_TRANS_HTTP = HTTP

Required

Connectivity IP

Enter the IP address (IPv4 or IPv6) of the provider.

Note

When using an IPv6 address, please note the following:

In the Properties column, do not set the auto-onboard property to auto-onboard:managed.
The IPv6 host is detected so the deployment mode will automatically be set to IPv6.

Required

Connectivity Port

Enter the port number to use to connect to the provider's server.

Required

Connectivity Timeout

Enter the amount of time (in seconds) to wait before the connection to the provider times out. The default is 30 seconds.

Optional

Credential Profile Name

Enter the name of the credential profile that Crosswork Optimization Engine will use to connect to the provider. This profile must already exist in the system.

Required

Provider Device Key

Enter the enum value corresponding to the key that the Cisco NSO provider uses to identify devices uniquely. This will serve as the way Crosswork Optimization Engine maps the device to the Cisco NSO provider. Valid values are:

ROBOT_PROVDEVKEY_HOST_NAME—If you are using the device hostname as the device ID within NSO, this value must match the hostname that is specified for the device in the inventory.
ROBOT_PROVDEVKEY_NODE_IP—Use this enum value if the NSO device identifier is the IP address for the Node IP value in the CSV file.
ROBOT_PROVDEVKEY_INVENTORY_ID—Use this enum value if the inventory ID is the device identifier for NSO.

This entry is only required if you are creating or updating a Cisco NSO provider. Otherwise, leave blank.

Family

Enter ROBOT_PROVIDER_SR_PCE or ROBOT_PROVIDER_SR_NSO. Do not choose other options as they are reserved for use by other Cisco Network Automation applications.

Required

Model Prefix

If you are adding a Cisco NSO provider: Select the model prefix that matches the NED CLI used by the NSO server. Valid entries are: Cisco-IOS-XR, Cisco-NX-OS, Cisco-IOS-XE.

For telemetry, only Cisco-IOS-XR is supported.

Required for Cisco NSO providers only

Model Version

If you adding a Cisco NSO provider: Enter the Cisco NSO NED driver version used on the server.

Required for Cisco NSO providers only

Properties

Enter the Cisco SR-PCE appropriate auto-onboard entries: auto-onboard:<auto-onboard-property>;device-profile:<SRPCEPCredentialProfileName>. For example: auto-onboard:managed;device-profile:cisco

When using IPv6 connectivity, do not set auto-onboard:managed.

See Add Cisco SR-PCE Providers.

This entry is only required if you are creating or updating a Cisco SR-PCE provider. Otherwise, leave blank.

Be sure to delete the sample data rows before saving the file, or they will be imported along with the data you want. The column header row can stay, as it is ignored during import.

When you are finished, save the new CSV file.

Step 4

Click Browse to navigate to the CSV file you just created and then click Open to select it.

Step 5

With the CSV file selected, click Import.

The provider information you imported should now be displayed in the Providers window.

Step 6

Resolve any errors reported during the import and check provider details to confirm connection.

Get Provider Details

Use the Providers window to get details about your providers and to check on their reachability.

Procedure

Step 1

From the main menu, choose Inventory Management > Providers .

For each provider configured in Cisco Crosswork Optimization Engine, the Providers window lists information such as the provider's name, universally unique identifier (UUID), associated credential profile, device key, and more, as shown in the figure below.

Step 2

The icons in the Reachability column indicate whether a provider is reachable via the listed connectivity protocols. For a description of each icon and its meaning, see Reachability and Operational State.

Cisco Crosswork Optimization Engine checks provider reachability immediately after a provider is added or modified. Other than these events, Cisco Crosswork Optimization Engine checks SR-PCE reachability about every 10 seconds.

Step 3

Get additional details for any provider, as follows:

In the Provider Name column, click the to view provider-specific key/value properties.
In the Connectivity Type column, click the to view detailed connectivity information for the provider, such as provider-specific protocol, IP format, IP address, port, and timeout information.
When you are finished, click to close the details window.

If you are running into Cisco SR-PCE reachability problems, see Cisco SR-PCE Reachability Issues.

Edit Providers

When editing provider settings, be aware that a provider can be mapped to many devices, even thousands of devices in a large network.

Note

Before making any changes to a provider configuration you should be certain that you understand the full impact of the change. If you are unsure about the potential risk of making a change, contact Cisco services for guidance.
See Add Cisco SR-PCE Providers before modifying an SR-PCE provider. There are additional steps that must be done when editing an SR-PCE provider.

.

Before editing any provider, it is always good practice to export a CSV backup of the providers you want to change (see Export Providers).

Procedure

Step 1	From the main menu, choose Inventory Management > Providers .
Step 2	In the Providers window, choose the provider you want to update and click .
Step 3	Make the necessary changes and then click Save.
Step 4	Resolve any errors and confirm provider reachability.

Delete Providers

Follow the steps below to delete a provider.

Note

If an SR-PCE provider's auto-onboard managed or unmanaged options are set, you must do one of the following:.

Reconfigure and remove the devices from the network before deleting the device from Cisco Crosswork Optimization Engine. This avoids Cisco Crosswork Optimization Engine from rediscovering and adding the device back.
Set auto-onboard to off, and then delete the device from Cisco Crosswork Optimization Engine. However, doing so will not allow Cisco Crosswork Optimization Engine to detect or auto-onboard any new devices in the network.

You are alerted when you try to delete a provider that is associated with one or more devices or credential profiles.

Procedure

Step 1

Export a backup CSV file containing the provider you plan to delete (see Export Providers).

Step 2

Delete the provider as follows:

From the main menu, choose Inventory Management > Providers .
In the Providers window, choose the provider(s) that you want to delete and click .
In the confirmation dialog box, click Delete.

Export Providers

You can quickly export provider data to a CSV file. This is a handy way to keep backup copies of your provider information.

Note

You cannot edit a CSV file and then re-import it to update existing providers.

Procedure

Step 1	From the main menu, choose Inventory Management > Providers .
Step 2	(Optional) In the Providers window, filter the provider list as needed.
Step 3	Check the check boxes for the providers you want to export. Check the check box at the top of the column to select all the providers for export.
Step 4	Click . Depending on your browser, you will be prompted to select a path and file name to use when saving the CSV file, or to open it immediately.

View Devices Assigned to a Provider

To see a list of devices that are assigned to a particular Cisco NSO provider:

Procedure

Step 1

From the main menu, choose Inventory Management > Devices.

Step 2

In the Devices window, scroll across the table until you find the Providers column.

Step 3

Under the Local Config field, enter filter criteria.

The table displays only the devices with the Provider criteria you entered.

Manage Network Devices

The Device Management application's Network Devices window (shown below) gives you a consolidated list of all your devices and their status. To view the Network Devices window, select Inventory Management > Devices. The Network Devices tab is displayed by default.


Item	Description
1	The Filter by tags field lets you filter the devices by the tags applied to them. Type the name of the tag that has been applied to the device that you are trying to find. See Filter Devices by Tags.
2	Click to add a new device to the device inventory. See About Adding Devices.
	Click to edit the information for the currently selected devices. See Edit Devices.
	Click to delete the currently selected devices. See Delete Devices.
	Click to import new devices and update existing devices, using a CSV file. You can also download a CSV file template by clicking this icon. The template includes sample data that you can use as a guide for building your own CSV file. See Import Devices.
	Click to export information for selected devices to a CSV file. See Export Devices.
	Click to modify tags applied to the selected devices. See Apply or Remove Device Tags.
3	Click to open the Device Details pop-up window, where you can view important information for the selected device. See Get Device Details.
4	Icons in the Operational State column show whether a device is operational or not. See Reachability and Operational State
5	Click to refresh the Devices list.
6	Click to select which columns to display in the Devices list (see Set, Sort and Filter Table Data).
7	Click to set filter criteria on one or more columns in the Devices list.
7	Click the Clear Filter link to clear any filter criteria you may have set.
8	Icons in the Reachability State column show whether a device is reachable or not. See Reachability and Operational State.

Import Devices

Complete the steps below to create a CSV file that specifies multiple devices and then import it into Cisco Crosswork Optimization Engine.

Importing devices from a CSV file adds any devices not already in the database. The Update Existing option overwrites the data in any device record with a device key field value that matches those of an imported device (this excludes the UUID, which is set by the system and not affected by import). For this reason, it is a good idea to export a backup copy of all your current devices before an import (see Export Devices).

Note

If you plan on using a CSV file to import devices managed by Cisco Network Services Orchestrator (Cisco NSO), you must prepare the CSV following the guidelines given in Sample Configuration for Devices in Cisco NSO.

Procedure

Step 1

From the main menu, choose Inventory Management > Devices.

Step 2

Click Import icon to open the Import CSV File dialog box.

Step 3

If you have not already created a device CSV file to import:

Click the Download sample 'Device Management template (*.csv)' file link and save the CSV file template to a local storage resource.

Open the template using your preferred tool. Begin adding rows to the file, one row for each device.

Note

Confirm that the TE router ID value for each device is populated. This value is used to uniquely identify the device in the topology which is learned from SR-PCE. Without a valid TE router ID for each device, the topology will not be displayed.

Use a semicolon to separate multiple entries in the same field. Use two semicolons with no space between them to indicate that you are leaving the field blank. When you separate multiple entries with semicolons, remember that the order in which you enter values in each field is important. For example, if you enter SSH;SNMP;NETCONF;TELNET in the Connectivity Type field and you enter 22;161;830;23 in the Connectivity Port field, the order of entry determines the mapping between the two fields:

SSH: port 22
SNMP: port 161
NETCONF: port 830
Telnet: port 23

For a list of the fields and the mandatory values you must enter, see the "Add New Device" field table in Add Devices Through the UI.

Be sure to delete the sample data rows before saving the file, or they will be imported along with the data you want. The column header row can stay, as it is ignored during import.

When you are finished, save the new CSV file.

Step 4

Click Browse to navigate to the CSV file you just created and then click Open to select it.

Step 5

With the CSV file selected, click Import to add new devices or Update Existing to add or change data to devices already in the system.

Step 6

Resolve any errors and confirm device reachability.

The device information you imported should be displayed in the Devices window within a few minutes (see Manage Network Devices).

It is normal for devices to show as unreachable or not operational when they are first imported. However, if after 30 minutes they are still displayed as unreachable or not operational, there is an issue that needs to be investigated. To investigate, select Inventory Management > Job History and click on any Error icon you see in the Status column. Common issues include failure to ensure the associated credential profile contains the correct credentials. You can test this by opening a terminal window on the Cisco Crosswork Optimization Engine server and then trying to access the device using the protocol and credentials specified in the associated credential profile.

Add Devices Through the UI

Follow the steps below to add devices one by one, using the UI. Under normal circumstances, you will want to use this method when adding one or a few devices only.

Before you begin

Be sure you have completed the planning steps and setup requirements discussed in Get Started, and that the devices themselves have been pre-configured as explained in Prerequisites for Onboarding Devices.

Procedure

Step 1	From the main menu, choose Devices Management > Devices.
Step 2	Click .
Step 3	Enter values for the new device, as listed in the table below.
Step 4	Click Save. (The Save button is disabled until all mandatory fields are complete.)
Step 5	(Optional) Repeat to add more devices.

Table 2. Add New Device Window (*=Required)
Field	Description
* Configured State	The management state of the device. Options are `UNMANAGED`—Cisco Crosswork Optimization Engine is not monitoring the device. `DOWN`—The device is being managed and is down. `UP`—The device is being managed and is up.
* Reachability Check	Determines whether Cisco Crosswork Optimization Engine performs reachability checks on the device. Options are: `ENABLE` (In CSV: `REACH_CHECK_ENABLE`)—Checks for reachability and then updates the Reachability State in the UI automatically. `DISABLE` (In CSV: `REACH_CHECK_DISABLE`)—The device reachability check is disabled. Cisco recommends that you always set this to `ENABLE`. This field is optional if Configured State is marked as `UNMANAGED`.
* Credential Profile	The name of the credential profile to be used to access the device for data collection and configuration changes. For example: `nso23` or `srpce123`. This field is optional if Configured State is marked as `UNMANAGED`.
Host Name	The hostname of the device. Cisco Crosswork Optimization Engine discovers it and updates it.
Inventory ID	Inventory ID value for the device.
UUID	Universally unique identifier (UUID) for the device.
Serial Number	Serial number for the device.
Node IP	IP address of the device.
MAC Address	MAC address of the device.
* Capability	The capabilities that allow collection of device data and that are configured on the device. You must select at least `SNMP` as this is a required capability. The device will not be onboarded if `SNMP` is not configured. Other options are `YANG_MDT`, `TL1`, `YANG_CLI`, and `YANG-EPNM`. The capabilities you select will depend on the device software type and version.
Tags	The available tags to assign to the device for identification and grouping purposes. Use device tags to group devices for monitoring, and to provide additional information that might be of interest to other users, such as the device’s physical location or its administrator’s email ID. For more information, see Manage Device Tags.
Connectivity Details
Protocol	The connectivity protocols used by the device. Choices are: `SSH`, `SNMP`, `NETCONF`, `TELNET`, `HTTP`, and `HTTPS`. To add more connectivity protocols for this device, click at the end of the first row in the Connectivity Details panel. To delete a protocol you have entered, click shown next to that row in the panel. You can enter as many sets of connectivity details as you want, including multiple sets for the same protocol. You must enter details for at least `SSH` and `SNMP`. If you do not configure `SNMP`, the device will not be added. If you want to manage the device (or you are managing XR devices), you must enter details for `NETCONF`. `TELNET` connectivity is optional.
* IP Address / Subnet Mask	Enter the device's IP address (IPv4 or IPv6) and subnet mask.
* Port	The port used for this connectivity protocol. Each protocol is mapped to a port, so be sure to enter the port number that corresponds to the Protocol you chose. The standard port assignments for each protocol are: SSH: 22 SNMP: 161 NETCONF: 830 TELNET: 23 HTTP: 80 HTTPS: 443
Timeout	The elapsed time (in seconds) before communication attempts using this protocol will time out. The default value is 30 seconds. For XE devices using NETCONF, the recommended minimum timeout value is 90 seconds. For all other devices and protocols, the recommended minimum timeout value is 60 seconds.
Routing Info
ISIS System ID	The device's IS-IS system ID. This ID identifies the router in an IS-IS topology, and is required for SR-PCE integration.
OSPF Router ID	The device's OSPF router ID. This ID identifies the router in an OSPF topology, and is required for SR-PCE integration.
*TE Router ID	The device’s OSPF Router ID or ISIS Router ID depending on the IGP used in the network topology.
Streaming Telemetry Config
Telemetry Interface Source VRF	Name of the VRF within which Model Driven Telemetry (MDT) traffic is routed.
Location All location fields are optional, with the exception of Longitude and Latitude, which are required for the geographical view of your network topology.
Longitude, Latitude	Longitude and latitude values are required so that the geographical map can present the correct geographical location of the device and its links to other devices. Enter the longitude and latitude in Decimal Degrees (DD) format.
Altitude	The altitude, in feet or meters, at which the device is located. For example, `123`.
Providers and Access
Local Config: Device Key and Provider	Mandatory only when mapping an NSO provider. The Device Key will automatically populate and the Credential Profile appears. For CSV entry, use ROBOT_PROVIDER_LOCAL_CONFIG and enter the Provider name.
Compute Config: Provider	(Optional) Provider name used for topology computation. Choose a provider from the list. For CSV entry, use ROBOT_PROVIDER_COMPUTE and enter the Provider name.

Example

Get Device Details

Whenever you select Inventory Management > Devices and display the list of devices under the Network Devices tab, you can click Details icon next to any listed device to get more information about that device. Clicking this icon opens the Details for DeviceName pop-up window, as shown in the following example:

Expand the Connectivity Details area at the top of the pop-up window (if it is not already expanded). This area shows the reachability status for all transport types (for help with the icons shown in this area, see Device and Link Icons).

Expand and collapse the other areas of the pop-up window, as needed. Click to close the window.

Filter Devices by Tags

By creating a tag and assigning it to a particular device, you can easily provide additional information that might be of interest to other users, such as the device’s physical location and its administrator’s email ID. You can also use tags to find and group devices with the same or similar tags in any window that lists devices.

For help with tagging your devices, see Apply or Remove Device Tags. For help with creating and deleting tags, see Manage Tags.

To filter devices by tags:

Procedure

Step 1	Display the Devices window by choosing Inventory Management > Devices.
Step 2	In the Type to filter by tags bar at the top of the user interface, type all or part of the name of a tag. The Type to filter by Tags bar has a type-ahead feature: As you start typing, the field shows a drop-down list of tags that match all the characters you have typed so far. To force the drop-down list to display all available tags, type `*`.
Step 3	Choose the name of the tag you want to add to the filter. The filter appears in the Type to filter by tags filter bar. The table or map shows only the devices with that tag.
Step 4	If you want to filter on more than one tag: Repeat Steps 2 and 3 for each additional tag you want to set as part of the filter. When you have selected all the tags you want, click Apply Filters. The table or map shows only the devices with tags that match all the tags in your filter.
Step 5	To clear all tag filters, click the Clear Filters link. To remove a tag from a filter containing multiple tags, click the X icon next to that tag's name in the filter.

Edit Devices

Complete the following procedure to update a device's information.

Before editing any device, it is always good practice to export a CSV backup of the devices you want to change (see Export Devices).

Procedure

Step 1

From the main menu, choose Inventory Management > Devices.

Step 2

(Optional) Filter the list of devices by filtering specific columns.

Step 3

Check the check box of the device you want to change, then click Edit icon .

Step 4

Edit the values configured for the device, as needed. For a description of the fields you can update, see Add Devices Through the UI.

Note

In addition to the exising fields, you can also view the Data Gateway configured for the selected device. This field is read-only.

Step 5

Click Save. (The Save button remains dimmed until all required fields are filled in.)

Step 6

Resolve any errors and confirm device reachability.

Delete Devices

Complete the following procedure to delete devices.

Before you begin

If the auto-onboard managed or unmanaged options are set for the SR-PCE provider, you should set auto-onboard for the SR-PCE(s) to off.
Confirm that the device is not connected to the network or that it is powered off before deleting the device.

Note

If devices are mapped to Cisco NSO with MDT capability, and telemetry configuration is pushed, then those configurations will be removed from the device.
If auto-onboard is not set to off, and it is still functional and connected to the network, the device will be rediscovered as unmanaged as soon as it is deleted.

Procedure

Step 1	Export a backup CSV file containing the devices you plan to delete (see Export Devices).
Step 2	From the main menu, choose Inventory Management > Devices.
Step 3	(Optional) In the Devices window, filter the list of devices by entering text in the Search field or filtering specific columns.
Step 4	Check the check boxes for the devices you want to delete.
Step 5	Click to change each device's state to ADMIN DOWN or UNMANAGED. If you want to delete devices in bulk, Cisco recommends that you change the device state in this manner in batches of 50 devices, then complete deletion of these devices before deleting another batch.
Step 6	Click .
Step 7	In the confirmation dialog box, click Delete.

Export Devices

When you export the device list, all device information is exported to a CSV file. Exporting the device list is a handy way to keep a record of all devices in the system at one time. You can also edit the CSV file as needed, and re-import it to overwrite existing device data.

Procedure

Step 1	From the main menu, choose Inventory Management > Devices.
Step 2	(Optional) Filter the device list as needed.
Step 3	Check the check boxes for the devices you want to export. Check the check box at the top of the column to select all the devices for export.
Step 4	Click . Your browser will prompt you to select a path and the file name to use when saving the CSV file, or to open it immediately

View Device Job History

Device Management collects and stores information about device-related jobs. Follow the steps below to track all create, update and delete activities.

Procedure

Step 1

From the main menu, choose Inventory Management > Job History. The Inventory Jobs window displays a log of all device-related jobs, like the one shown below.

The jobs display in descending order of creation time. The most recent job is shown first. To sort the data in the table, click a column heading. You can toggle between ascending and descending sort order (for more help, see Set, Sort and Filter Table Data).

Step 2

The Status column shows three types of states: completed, failed, and partial. For any failed or partial job, click Job Error Details icon shown next to the error for information.

Error information may include clean-up failure events as audit messages. These messages indicate that Cisco Crosswork Network Automation configuration objects on the device could not be removed, and will explain why they could not be removed. Users will need to take manual action to remove them. This typically involves deleting any XR telemetry configuration objects with names starting with CW_.

Manage Tags

Use the Tag Management window to manage the tags available for assignment to the devices in your network. Tags can provide information such as the device’s physical location and its administrator’s email ID, and are used to group devices.

To open this window, choose Admin > Tags from the main window.

Note

Cisco Crosswork Optimization Engine automatically creates a default set of tags and assigns them to every device it manages:

cli
mdt
reach-check
snmp
clock-drift-check

You cannot select, edit, delete, or manually associate these default tags with any device.


Item	Description
1	Click to create new device tags. See Create Device Tags.
2	Click to delete currently selected device tags. See Delete Device Tags.
3	Click to import the device tags defined in a CSV file into Cisco Crosswork Network Automation . See Import Tags. You can also download a CSV file template by clicking this icon. The template includes sample data that you can use as a guide for building your own CSV file.
4	Click to export a CSV file that lists the tags that are currently configured and their attributes. You can update this file and import it back into Cisco Crosswork Optimization Engine to quickly add or edit multiple tags. See Export Tags.
5	Displays the tags currently available in Cisco Crosswork Optimization Engine and their attributes.
6	Indicates the number of tags that are currently selected in the table.
7	Click to refresh the Tag Management window.
8	Click to choose the columns to make visible in the Tag Management window (see Set, Sort and Filter Table Data).
	Click to set filter criteria on one or more columns in the Tag Management window.
	Click the Clear Filter link to clear any filter criteria you may have set.

Create Tags

You can create as many tags and tag categories as you want. If you will have many tags, it might be quicker to list them in a CSV file and import the file, instead of creating each tag individually. See Import Tags.

Note

Tag and tag category names are case-insensitive and can contain up to 128 alphanumeric characters, and can use full stops ("."), underscores ("_"), and hyphens ("-"). They cannot contain other special characters, symbols, or spaces.

Procedure

Step 1	From the main menu, choose Inventory Management > Tags. The Tag Management window opens.
Step 2	Click . The Create New Tags pane opens.
Step 3	In the Category area: To associate your new tags with an existing category: Choose the category from the drop-down list. To associate your new tags with a new category: Click the New Category link, enter the new category's name in the text field, and click Save. All the new tags you create after this step will be assigned to the category you selected or created.
Step 4	In the Tags area: Start entering the names of the new tags that you want to create. Press Return after you type each tag. To keep from entering duplicate tags, click the Show Tags link. The Create New Tags window will list only the tags that already exist in your currently selected category.
Step 5	When you are finished entering new tags, click Save.

What to do next

Add tags to devices. See Apply or Remove Device Tags.

Import Tags

Complete the steps below to create a CSV file that lists the tags you want to apply to your devices, and then import it into Cisco Crosswork Optimization Engine. This is the easiest way to create a lot of new tags and tag categories quickly.

When you import the CSV file, any tags not already in the database will be added. Tags with the same name as an imported tag will be overwritten. For this reason, it is a good idea to export a backup copy of all your current tags before import (see Export Tags).

Procedure

Step 1

From the main menu, choose Inventory Management > Tags.

Step 2

Click Import icon to open the Import CSV File dialog box.

Step 3

If you have not already created a CSV file to import:

Click the Download sample 'Tags template (*.csv)' file link and save the CSV file template to a local storage resource.

Open the template using your preferred tool. Begin adding rows to the file, one row for each tag. Use a comma to delimit each field within a row. Use a semicolon to separate multiple entries in the same field.


Field	Description	Required or Optional
Tag Name	Enter the name of the tag. For example: `SanFrancisco` or `Spine/Leaf`.	Required
Tag Category	Enter the tag category. For example: `City` or `Network Role`.	Required

Be sure to delete the sample data rows before saving the file, or they will be imported along with the data you want. The column header row can stay, as it is ignored during import.

When you are finished, save the new CSV file.

Step 4

Click Browse to navigate to the CSV file you just created and then click Open to select it.

Step 5

With the CSV file selected, click Import.

The tags and tag categories that you imported should now be displayed in the Tag Management window.

What to do next

Add tags to devices. See Apply or Remove Device Tags.

Apply or Remove Device Tags

Tags and their categories are your main tool for grouping devices. Once you have tagged a set of devices with the same tag, they are considered part of a group, and you can manage them more easily.

In order to apply a tag to a device or group of devices, the tag must already exist (see Create Tags).

You can apply a maximum of 15 tags to any one device.

To apply tags to a device or set of devices, do the following:

Procedure

Step 1	From the main menu, choose Inventory Management > Devices. The Network Devices tab is displayed, showing the list of devices.
Step 2	(Optional) If the list is long, click to set one or more filters and narrow the list to only those devices you want to tag.
Step 3	Check the check box next to the device(s) you want to tag. If you select multiple devices, any changes you make will be applied to all the devices you selected.
Step 4	From the toolbar, click . The Modify Tags window opens, showing the tags currently applied to the device(s) you selected.
Step 5	Click in the Type to autocomplete item field to display the list of existing tags, or begin typing the name of the tag you want.
Step 6	Click on individual tags in the list to add them to the list of tags applied to the device(s). To delete an applied tag, click the X icon shown next to that tag.

Delete Tags

To delete device tags, do the following:

Note

If the tag is mapped to any devices, then the tag cannot be deleted.

Procedure

Step 1	Export a backup CSV file containing the tags you plan to delete (see Export Tags).
Step 2	From the main menu, choose Inventory Management > Tags. The Tag Management window is displayed.
Step 3	Check the check box next to the tags you want to delete.
Step 4	From the toolbar, click .
Step 5	The confirmation dialog box will list the number of devices currently using the tag(s) you are about to delete. Click Delete to confirm deletion.

Export Tags

You can quickly export tags and tag categories to a CSV file. This will allow you to keep backup copies of your tags. You can also edit the CSV file as needed, and re-import it to overwrite existing tags. Note that you will need to re-associate devices and tags in some cases.

Procedure

Step 1	From the main menu, choose Admin > Tags.
Step 2	(Optional) In the Tag Management window, filter the tag list as needed.
Step 3	Check the check boxes for the tags you want to export. Check the check box at the top of the column to select all the tags for export.
Step 4	Click . Depending on your browser, you will be prompted to select a path and file name to use when saving the CSV file, or to open it immediately.

Bias-Free Language

Results

Chapter: Manage Inventory

Manage Inventory

Device Management Overview

About Adding Devices

Auto-Onboard Devices

Manually Add Devices

Prerequisites for Onboarding Devices

Pre-Onboarding SNMP v2 Device Configuration

Pre-Onboarding SNMPv3 Device Configuration

Sample Configuration for Devices in Cisco NSO

Reachability and Operational State

Manage Credential Profiles

Create Credential Profiles

Procedure

Import Credential Profiles

Procedure

Edit Credential Profiles

Procedure

Delete Credential Profiles

Procedure

Export Credential Profiles

Procedure

Change a Device's Credential Profile

Before you begin

Procedure

Change the Credential Profile for Multiple Devices

Procedure

Manage Providers

Add Cisco SR-PCE Providers

Before you begin

Procedure

What to do next

Auto-Onboard Property Descriptions

Cisco SR-PCE Reachability Issues

Procedure

Configure Redundant Cisco SR-PCEs

Configure HA

Confirm Sibling SR-PCE Configuration

SR-PCE Delegation

HA Notes and Limitations

SR-PCE Configuration Examples

Path Computation Client (PCC) Support

Add Cisco NSO Providers

Before you begin

Procedure

Import Providers

Procedure

Get Provider Details

Procedure

Edit Providers

Procedure

Delete Providers

Procedure

Export Providers

Procedure

View Devices Assigned to a Provider

Procedure

Manage Network Devices

Import Devices

Procedure

Add Devices Through the UI

Before you begin

Procedure

Example

Get Device Details

Filter Devices by Tags

Procedure

Edit Devices

Procedure

Delete Devices

Before you begin

Procedure

Export Devices

Procedure

View Device Job History

Procedure

Manage Tags