Cisco Crosswork Infrastructure Requirements
This section explains the requirements for installing the Cisco Crosswork.
The Crosswork cluster for 4.1 release consists of at least three VMs or nodes operating in a hybrid configuration. This is the minimum configuration necessary to support the applications in a typical network. Additional VMs or nodes in a worker configuration can be added later to scale your deployment, as needed, to match the requirements of your network or as other applications are introduced.
In addition to the Crosswork cluster VMs, at least one VM is needed to deploy Crosswork Data Gateway. This configuration can be scaled by adding additional resources if it is determined that either your use case requires more resources or to support Crosswork Data Gateway high availability (HA), or both.
The data center resources need to run NSO are addressed in the NSO installation Guide and are not addressed in this document.
Data Center Requirements
Cisco Crosswork can be deployed in either a vCenter managed data center or onto Cisco CSP. To aid in the deployment, Cisco has developed a cluster installation tool. This tool works in both environments. However, there are limitations to the tool which are detailed later in this section.
Note |
|
VMware Data Center Requirements
This section explains the data center requirements to install Cisco Crosswork on VMware vCenter.
Note |
The following requirements are mandatory if you are planning to install Cisco Crosswork using the cluster installer. If your vCenter data center does not meet these requirements, then the VMs have to be deployed individually, and connectivity has to be established manually between the VMs. |
-
Hypervisor and vCenter supported:
-
VMware vSphere 6.7 or above.
-
VMware vCenter Server 7.0 and ESXi 7.0.
-
VMware vCenter Server 6.7 (Update 3g or later) and ESXi 6.7 (Update 1).
-
-
All the physical host machines must be organized within the same VMware Data Center, and while it is possible to deploy all the cluster nodes on a single physical host (provided it meets the requirements), it is recommended that the nodes be distributed across multiple physical hosts.
-
The networks required for the Crosswork Management and Data networks need to be built and configured in the data centers, and must allow low latency L2 communication.
-
To allow use of VRRP, DVS Port group needs to be set as follows:
Property Value Promiscuous mode
Reject
MAC address changes
Reject
Forged transmits
Accept
To edit the settings in vCenter, navigate to the
, and select the virtual switch. In the virtual switch, select and confirm the settings as suggested. Repeat the process for each virtual switch used in the cluster. -
Ensure the user account you use for accessing vCenter has the following privileges:
-
VM (Provisioning): Clone VM on the VM you are cloning.
-
VM (Provisioning): Customize on the VM or VM folder if you are customizing the guest operating system.
-
VM (Provisioning): Read customization specifications on the root vCenter server if you are customizing the guest operating system.
-
VM (Inventory): Create from the existing VM on the data center or VM folder.
-
VM (Configuration): Add new disk on the data center or VM folder.
-
Resource: Assign VM to resource pool on the destination host, cluster, or resource pool.
-
Datastore: Allocate space on the destination datastore or datastore folder.
-
Network: Assign network to which the VM will be assigned.
-
Profile-driven storage (Query): This permission setting needs to be allowed at the root of the DC tree level.
-
-
We also recommend you to enable vCenter storage control.
CSP Data Center Requirements
This section explains the data center requirements to install Cisco Crosswork on Cisco Cloud Services Platform (CSP).
-
Cisco CSP, Release 2.8.0.276
-
Allowed hardware list:
UCSC-C220-M4S, UCSC-C240-M4SX
N1K-1110-X, N1K-1110-S
CSP-2100, CSP-2100-UCSD, CSP-2100-X1, CSP-2100-X2
CSP-5200, CSP-5216, CSP-5228
CSP-5400, CSP-5436, CSP-5444, CSP-5456
-
CSP host or cluster is setup and installed with a minimum of 2 physical ethernet interfaces - one ethernet connected to the Management network, and the other to the Data network.
VM Host Requirements
This section explains the VM host requirements.
Requirement |
Description |
||
---|---|---|---|
CPU/Memory/Storage Profiles (per VM) |
The data center host platform has to accommodate 3 VMs of the following minimum configuration: VMware vCenter:
Cisco CSP:
Things to note:
|
||
Additional Storage |
10 GB (approximately) of storage is required for the Crosswork OVA (in vCenter), OR the Crosswork QCOW2 image on each CSP node (in CSP). |
||
Network Connections |
For production deployments, we recommend that you use dual interfaces, one for the Management network and one for the Data network. For optimal performance, the Management and Data networks should use links configured at a minimum of 10 Gbps. |
||
IP Addresses |
2 IP subnets, one for the Management network and one for Data network, with each allowing a minimum of 4 assignable IP addresses (IPv4 or IPv6). A Virtual IP (VIP) address is used to access the cluster, and then 3 IP addresses for each VM in the cluster. If your deployment requires worker nodes, you will need a Management and Data IP address for each worker node.
|
||
NTP Servers |
The IPv4 or IPv6 addresses or host names of the NTP servers you plan to use. If you want to enter multiple NTP servers, separate them with spaces. These should be the same NTP servers you use to synchronize the Crosswork application VM clock, devices, clients, and servers across your network.
|
||
DNS Servers |
The IPv4 or IPv6 addresses of the DNS servers you plan to use. These should be the same DNS servers you use to resolve host names across your network.
|
||
DNS Search Domain |
The search domain you want to use with the DNS servers, for example, cisco.com. You can have only one search domain. |
Important Notes
-
Cisco Crosswork Infrastructure and applications are built to run as a distributed collection of containers managed by Kubernetes. The number of containers varies as applications are added or deleted.
-
Dual stack configuration is not supported in Crosswork Platform Infrastructure. Therefore, all addresses for the environment must be either IPv4 or IPv6.
Port Requirements
As a general policy, ports that are not needed should be disabled. To view a list of all the open listening ports once all the applications are installed and active, log in as a Linux CLI admin user on any Crosswork cluster VM, and run the netstat -aln command.
The following ports are needed by Cisco Crosswork to operate correctly.
Port | Protocol | Usage |
---|---|---|
22 |
TCP |
Remote SSH traffic |
111 |
TCP/UDP |
GlusterFS (port mapper) |
179 |
TCP |
Calico BGP (Kubernetes) |
500 |
UDP |
IPSec |
2379/2380 |
TCP |
Kubernetes etcd |
4500 |
UDP |
IPSec |
6443 |
TCP |
kube-apiserver (Kubernetes) |
9100 |
TCP |
Kubernetes metamonitoring |
10250 |
TCP |
kubelet (Kubernetes) |
24007 |
TCP |
GlusterFS |
30603 |
TCP |
User interface (NGINX server listens for secure connections on port 443) |
30604 |
TCP |
Used for Classic Zero Touch Provisioning (Classic ZTP) on the NGINX server. |
30606 |
TCP |
Docker Registry |
30607 |
TCP |
Crosswork Data Gateway vitals collection |
30608 |
TCP |
Data Gateway gRPC channel with Data Gateway VMs |
30609 |
TCP |
Used by the Expression Orchestrator (Crosswork Service Health) |
30610 |
TCP |
Used by the Metric Scheduler (Crosswork Service Health) |
30617 |
TCP |
Used for Secure Zero Touch Provisioning (Secure ZTP) on the ZTP server. |
30620 |
TCP |
Used to receive plug and play HTTP traffic on the ZTP server. |
30621 |
TCP |
For FTP (available on data interface only). The additional ports used for file transfer are 31121 (TCP), 31122 (TCP), and 31123 (TCP). This port is available only when the supported application is installed on Cisco Crosswork and the FTP settings are enabled. |
30622 |
TCP |
For SFTP (available on data interface only) This port is available only when the supported application is installed on Cisco Crosswork and the SFTP settings are enabled. |
30649 |
TCP |
To set up and monitor Crosswork Data Gateway collection status. |
30650 |
TCP |
astack gRPC channel with astack-client running on Data Gateway VMs |
30993, 30994, 30995 |
TCP |
Crosswork Data Gateway sending the collected data to Crosswork Kafka destination. |
49152:49170 |
TCP |
GlusterFS |
Port | Protocol | Usage |
---|---|---|
7 |
TCP/UDP |
Discover endpoints using ICMP |
22 |
TCP |
Initiate SSH connections with managed devices |
53 |
TCP/UDP |
Connect to DNS |
123 |
UDP |
Network Time Protocol (NTP) |
830 |
TCP |
Initiate NETCONF |
2022 |
TCP |
Used for communication between Crosswork and Cisco NSO (for NETCONF). |
8080 |
TCP |
REST API to SR-PCE |
8888 |
TCP |
Used for communication between Crosswork and Cisco NSO (for HTTPS). |
20243 |
TCP |
Used by the DLM Function Pack for communication between DLM and Cisco NSO |
20244 |
TCP |
Used to internally manage the DLM Function Pack listener during a Reload Packages scenario on Cisco NSO |
Supported Web Browsers
After installing the Cisco Crosswork cluster, you require one of the following web browsers to log into the Cisco Crosswork UI:
Browser | Version |
---|---|
Google Chrome (recommended) |
75 or later |
Mozilla Firefox |
70 or later |
The recommended display resolution: 1600 x 900 pixels or higher (minimum: 1366 x 768).
In addition to using a supported browser, all client desktops accessing geographical maps in the Crosswork applications must be able to reach the mapbox.com site. Customers not wishing to have Cisco Crosswork access an external site can choose to install the map files locally. For more information, see the Set Up Maps chapter in the Cisco Crosswork Infrastructure 4.1 and Applications Administration Guide.