Cisco Crosswork Optimization Engine Network Requirements
The following figures show the different topology models, and the corresponding network components and connections needed to install and use Cisco Crosswork Optimization Engine.
There are three types of traffic flowing between the network components, as explained in the following table.
Traffic |
Description |
---|---|
Management |
For accessing the UI and command line, and passing Data/Control information between servers (for example, Cisco Crosswork Optimization Engine to Crosswork Data Gateway or NSO) |
Data/Control |
Data and configuration transfer between CDG and Cisco Crosswork Optimization Engine, and other data destinations (external Kafka/gRPC). |
Device Access |
Device configuration and management and telemetry data being forwarded to the CDG. |
Cisco Crosswork Optimization Engine Virtual Machine (VM)
The Cisco Crosswork Optimization Engine VM has the following vNIC deployment options:
No. of vNICs |
vNIC |
Description |
---|---|---|
1 |
Management |
Management, Data/Control and Device access passing through a single NIC |
2 |
Management |
Management |
Data/Control |
Data/Control and Device access |
Cisco Crosswork Data Gateway (CDG) VM
The Cisco Crosswork Data Gateway VM has the following vNIC deployment options:
No. of vNICs |
vNIC |
Description |
---|---|---|
1 |
vNIC0 |
Management, Data/Control and Device access passing through a single NIC |
2 |
vNIC0 |
Management |
vNIC1 |
Data/Control and Device access |
|
3 |
vNIC0 |
Management |
vNIC1 |
Device Access |
|
vNIC2 |
Data/Control |
Cisco Network Services Orchestrator (NSO) VM
The NSO VM has the following vNICs:
-
Management: Used for Crosswork applications to reach NSO.
-
Device Access: Used for NSO to reach devices or NSO Resource Facing Services (RFS).
Note |
Preference for the number of vNICs can vary from one deployment to another. The number of vNICs can be dependent on the security and traffic isolation needs of the deployment. CDG and Crosswork accommodates this variability by introducing a variable number of vNICs. |
Routed and Device Networks
Connectivity between the various components should be accomplished via an external routing entity. The figures show various line styles suggesting possible routing domains within the routed network.
-
Solid—Management routing domain.
-
Dotted—Data/Control routing domain (information transferred between Cisco Crosswork Optimization Engine and Cisco Crosswork Data Gateway, and other data destinations (external Kafka/gRPC)).
-
Dashes—Device access routing domain (from Cisco Crosswork Data Gateway and NSO).
The IP/subnet addressing scheme on each of these domains depends on the type of deployment.
Routing between domains is needed for Crosswork and NSO to reach the devices. However, proper firewall rules need to be in place to allow only select sources (for example, Crosswork and NSO) to reach the devices.
On the device network, devices can be reached in-band or using out-of-band management interfaces, depending on the local security policies of each deployment.
A controller supporting Segment Routing Path Computation Element (SR-PCE) is both a device and a Software-Defined Networking (SDN) controller. Some deployments may want to treat an SR-PCE instance as a device, in which case they would need access via the device network. Some deployments may want to treat an SR-PCE instance as an SDN controller and access it on the Management routing domain. Crosswork supports both models. By default, Crosswork will use eth0 (Management) to access SR-PCE as an SDN controller on the Management domain (shown in the figures). To enable Crosswork access to an SR-PCE instance as a device on the device network (not shown in the figures): When adding an SR-PCE as a provider, add the Property Key and Property Value as outgoing-interface and eth1 (Data/Control) respectively.