Crosswork Data Gateway

Cisco Crosswork Data Gateway is initially deployed as a VM called Base VM that contains only enough software to enroll itself with Crosswork Cloud. Once the Crosswork Data Gateway is registered with Crosswork Cloud, Crosswork Cloud pushes the collection job configuration down to the Crosswork Data Gateway, enabling it to gather the data it needs from the network devices.

1

Confirm Crosswork Data Gateway requirements.

Installation Requirements

2

Gather information needed during Crosswork Data Gateway installation. Make sure you have the following:

• A network where Crosswork Data Gateway can connect to Crosswork Cloud (Management Interface)

• A network where Crosswork Data Gateway can connect to the devices (optional Southbound Interface)

• IP address information for each interface

• A proxy, if it is required to connect to the internet

Deployment Parameters and Scenarios

3

• For Crosswork Data Gateway 6.0.1 or later:

  Create and copy an enrollment token (.json registration file) to use during Crosswork Data Gateway installation. The .json registration file contains unique digital certificates that are used to enroll Crosswork Data Gateway into Crosswork Data Gateway.

• For Crosswork Data Gateway versions earlier than 6.0.1, follow the steps described in Manually Add Crosswork Data Gateway Information, then go to Step 6.

Add Crosswork Data Gateway Information

For Crosswork Data Gateway 6.0.1 or later:

1. Crosswork Data Gateway > Data Gateways > Use Enrollment Token

2. Create or select an enrollment token.

3. Copy the enrollment token somewhere so that it is readily available when you install Crosswork Data Gateway.

During Crosswork Data Gateway installation, you will need to paste the enrollment token in the following platforms:

• VMware

  • vCenter vSphere Client—Paste the token text into the Auto Enrollment Package Transfer > Enrollment Token UI field

  • OVF Tool—Locate the script and under the ## Enrollment Token for Crosswork Cloud section, paste the token text after CloudEnrollmentToken=

• OpenStack—Locate the config.txt file and under the ## Enrollment Token for Crosswork Cloud section, paste the token text after CloudEnrollmentToken=

• Amazon EC2—Paste the token in the CloudFormation template or as part of the user data after CloudEnrollmentToken=

Install Crosswork Data Gateway

Authorize Crosswork Data Gateway access to Crosswork Cloud Traffic Analysis.

1. > Data Gateways > Use Enrollment Token

2. Click Next. The newly installed Crosswork Data Gateway should appear with then Enrollment State as Pending.

3. Click Allow to authorize the Crosswork Data Gateway access.

6

Configure BGP, SNMP, and network flow monitoring protocols on devices for Crosswork Cloud Traffic Analysis.

Prerequisites for Adding Devices for Traffic Analysis

7

Add device credentials for BGP, SSH (optional), and SNMP to be used when adding devices.

Create Credentials

> Configure > Credentials > Add Credential

8

Add devices.

• Add Devices

  > Configure > Devices > Add Device

• Confirm all connections are up.

  > Configure > Devices > device_name > Status tab

Designate an external interface. Crosswork Cloud Traffic Analysis cannot display traffic data until you designate an external interface

Designate an External Interface

> Configure > Devices > device_name > Traffic Analysis tab > Interfaces

10

View and create policies to define what normal traffic should look like and notify you when they don’t.

Policies

> Configure > Policies

Setup is complete and you can begin using Crosswork Cloud Traffic Analysis.

11

Start monitoring traffic and easily identify points of congestion and opportunities to provide better load balancing and optimization of your BGP traffic.

• Do you see congestion? What changes could help with the congestion?

• Can you split advertisements to move traffic flows from one peer to another? What is the impact of moving traffic between edge devices?

• How do IP Routing tables relate to traffic flow in congested devices?

• Where and who should you be peering with?

View traffic information:

• View Device Traffic Details

• View Interface Traffic Details

• View ASN Traffic Details

• View Prefix Traffic Details

Tools you can use:

• Optimize Interface Utilization—The tool provides you with a suggested list of prefixes where traffic from overutilized edge interfaces can be diverted to underutilized edge interfaces to normalize overall utilization.

• Visually Compare Traffic—The tool compares traffic between like objects such as ASNs, prefixes, devices, and interfaces.

• Traffic Drilldown—This tool allows you to easily view interface capacity and what traffic sources are contributing to it.

• Peer Prospecting—This tool shows you on which peer ASNs large amounts of traffic are being transmitted and received. It helps you select a current peer and quickly see other peers to which you could move traffic.