Cisco Brings the World's Most Popular Networking Platform to Amazon AWS.
The Cisco Cloud Services Router 1000V (CSR 1000V) sets the standard for enterprise network services and security in the Amazon Web Services (AWS) cloud. The Cisco CSR 1000V is based on Cisco IOS
® XE Software, which powers cutting-edge routers including the Cisco ASR 1000 Series Aggregation Services Routers (ASR 1000) and Cisco 4400 Series Integrated Services Routers (ISRs), and represents decades of Cisco IOS Software development accelerated by innovation and customer demand. The CSR 1000V brings these features and use cases into the realm of cloud computing, and introduces new features specific to cloud networking.
Solutions for integrating Amazon AWS with your existing network are scarce and complex, and they pose a challenge for IT departments seeking a transparent expansion into Amazon AWS. The Cisco CSR 1000V provides the familiar user interface of Cisco IOS XE Software, and enables you to take advantage of your existing network management tools and processes. In addition to the Cisco IOS XE Software command line, the CSR 1000V includes a representational state transfer (REST) application programming interface (API), allowing orchestration tools to not only provision the CSR 1000V, but also configure and monitor it.
Unlike similar products that offer just gateway or security features, the Cisco CSR 1000V is a complete multiservice cloud networking platform offering scalable enterprise-class routing features, VPN, stateful firewall, and application inspection. At the core of the CSR 1000V is a modular architecture that allows you to add more services to meet changing business and user demand.
Cisco CSR 1000V Use Cases in Amazon AWS
Branch-Office, Campus, and Data Center VPN Aggregation
A typical approach to Amazon AWS VPN access is to provision a single VPN "backhaul" between an existing data center and an Amazon Virtual Private Cloud (VPC). By deploying the Cisco CSR 1000V in Amazon AWS, every branch-office, campus, and data center location can directly access the Amazon AWS VPC securely, without backhauling through an existing data center (see Figure 1). This process reduces latency, eliminates expensive private WAN links, avoids Amazon's per-VPN-tunnel costs, and enables route-based VPN topologies. You can choose from a wide variety of VPN technologies supported on the CSR 1000V, including point-to-point IP Security (IPsec), FlexVPN, Dynamic Multipoint VPN (DMVPN), and EasyVPN. Familiar Cisco IOS XE VPN configuration allows IT staff to quickly integrate an Amazon AWS VPC into existing enterprise VPN topologies.
Figure 1. Secure Connectivity to the Cloud
Secure Inter-VPC Connectivity
Amazon does not provide inter-VPC VPN connectivity, making multi-region deployments a challenge. By deploying a Cisco CSR 1000V instance in a VPC in each region and interconnecting through VPN, you can create and secure a global network topology.
Branch-Office to AWS and Inter-Application Security
The Cisco CSR 1000V includes advanced Cisco IOS XE Software security, including access control lists (ACLs) and stateful Zone-Based Firewall (ZBFW). It extends enterprise security policies into the Amazon cloud using a familiar platform and configuration syntax. These features may be used to apply security between virtual networks within Amazon AWS, or between Amazon AWS and external locations.
Application Performance Monitoring and Control
Application Visibility and Control (AVC) is a Cisco IOS XE feature that allows the CSR 1000V to identify and classify thousands of different applications, reporting key performance metrics for each. When classified, quality-of-service (QoS) policies can be used to prioritize or block specific applications. AVC data collected from Amazon AWS and external locations can be used to pinpoint application performance degradation.
Further enhancing this capability, the IP service-level agreement (IP SLA) feature enables the CSR 1000V to perform network performance measurements between Cisco devices. A CSR 1000V in Amazon AWS may act as an IP SLA responder or source, implementing probes with time stamps to accurately measure delays, jitter, and other metrics that reflect network performance. IP SLA helps to proactively identify cloud performance problems, ensuring application availability, lower operational costs, and reducing downtime.
How to Deploy Cisco CSR 1000V in Amazon AWS
The Cisco CSR 1000V is available in the Amazon AWS Marketplace by searching "CSR 1000V", or "Cisco".
From the AWS Marketplace page, you can deploy the Cisco CSR 1000V in Bring Your Own License (BYOL) mode, or you can add its hourly usage to your monthly Amazon AWS statement.
For configuration assistance, please reference the documentation on the Cisco CSR1000V webpage.