In February, Cisco announced its latest innovation – Cisco Crosswork Network Automation – a new network automation portfolio for Service Providers.  Read Jonathan Davidson’s blog for an overview to understand our comprehensive approach to enabling a closed-loop, mass-scale automation solution. Follow this multi-part blog series over the coming weeks to learn more about each of the five new pillars in the Cisco Crosswork portfolio.

Recently, we featured the Change Automation pillar of the Cisco Crosswork network automation portfolio. Today, let’s take a closer look at Cisco Crosswork Network Insights.


Whether you are a Service Provider, an Enterprise or a Small Business, the IP address blocks (numbers that uniquely identify devices on the Internet) are one of the most valuable assets you own.Connectivity to the Internet depends upon the visibility and health of your IP addresses.

If you are a Service Provider trusted with the distribution of these extremely valuable assets, you also have the responsibility of tracking the health of your customers’ address blocks (prefixes) as you propagate them across the Internet.  This can be a daunting task because a typical service provider router today carries ~701,000 unique prefixes available via tens of millions of paths. Since the routing on the Internet is in constant motion (i.e. thousands of new updates per second), these numbers constantly change – making real-time tracking of any given number of prefixes difficult.

At the same time, network infrastructure security threats are very real and the cost of an attack can be very damaging. How can you know whether someone accidentally or maliciously hijacked your or your customers’ prefixes?  How quickly and accurately can you identify the party responsible and how quickly can you mitigate or fix the problem? The answers to these questions typically involve customer complaints, a lot of manual operator troubleshooting and a long mean time to repair (MTTR). Often, these issues become public, creating PR nightmares for you and your customers.

Cisco Crosswork Network Insights is a new cloud-based service designed to proactively track the health of your network and the status of your prefixes.  It shows how your prefixes are seen by the Internet. Network Insights takes care of the arduous task of collecting, storing, parsing and analyzing network routing data from many sources so you can focus on your business instead of installing and maintaining complex software. Like any other SaaS offering, we manage updates to Network Insights carefully and in a timely manner, and we add new features quickly using well-established CI/CD processes.  We are excited to launch Cisco SP’s first SaaS offering and are looking forward to offering many more exciting services to our customers using this platform.

With Network Insights, tracking your prefixes is as easy as 1-2-3:

  1. Subscribe to the service
  2. Create your watch list
  3. Create your alarm consumption model.

The service has four main components:

  • Data Streaming and Storage: Network Insights uses live BGP data from both public and private data sources. The data streaming, ingestion, storage, parsing, and analytics are all done by Network Insights in the cloud.
  • Analytics Engine: Network Insights analytics engine tracks the health of your network and the status of your prefixes. Routing data is enriched with other data sources in order to enhance operator experience. Additional data sources include RPKI, IRR, WHOIS, and IP Geolocation which collectively provide prefix ownership, identification and geographic location information.
  • Event Stream and Alarming Framework: Network Insights maintains a real-time event stream for tracking any and every change experienced on the Internet. Alarms are generated based on alarm logic specific to the alarm type and they are optimized to reduce the number of false positives.
  • Web Portal and APIs: Network Insights is designed to be end-to-end API-driven. Well- defined, Rest-based APIs make it very easy to integrate with your existing OSS/BSS systems. You can send Alarm notifications to modern collaboration tools (such as Cisco Spark or Slack) in addition to more traditional tools like email. The Web Portal allows you to configure your settings, browse both the summary and detailed information about your prefixes and alarm management.

                        Figure 1 – Sample Network Insights Prefix Summary Page


                        Figure 2 – Sample Network Insights Autonomous System Monitoring Page

The five new pillars of the Cisco Crosswork automation solution are designed to help solve our customers’ challenges in planning, designing, implementing, operating, and optimizing their networks. Getting started with Cisco Crosswork Network Insights is easy and requires no CapEx or OpEx investment other than the subscription fees. We have an exciting set of new features planned beyond tracking and alarming user-defined prefixes, which we will address in future blog posts.

In the meantime, if you plan to attend the MPLS+SDN+NFV World Congress in Paris or Automation Everywhere in Dallas this month, stop by and meet with an expert to discuss Cisco Crosswork in person and see how it helps Service Providers accelerate their journey to a fully self-healing infrastructure.


Serpil Bayraktar

Distinguished Engineer

Service Provider Networking Automation