The Cisco CSR 1000V Series Cloud Services Router provides a cloud-based router that is deployed on a virtual machine (VM) instance on x86 server hardware. The Cisco CSR 1000V provides selected Cisco IOS XE features on a virtualization platform.
When the Cisco CSR 1000V virtual IOS XE software is deployed on a VM, the Cisco IOS XE software functions just as if it were deployed on a traditional Cisco hardware platform. The Cisco CSR 1000V includes a virtual Route Processor and a virtual Forwarding Processor (FP) as part of its architecture. The Cisco CSR 1000V supports a subset of Cisco IOS XE software features and technologies. For more information, see the “Supported Cisco IOS XE Technologies” section.
The Cisco CSR 1000V provides secure connectivity from the enterprise premise (such as a branch office or data center) to the public or private cloud.
Figure 1-1 shows the basic virtual form factor for the Cisco CSR 1000V. The Cisco CSR 1000V is deployed as a virtual machine on a hypervisor. Optionally, you can use a virtual switch (vSwitch), depending on your deployment. You can use selected Cisco equipment for some components. The supported components will depend on your software release.
Figure 1-1 Cisco CSR 1000V Virtual Form Factor
Benefits of Virtualization Using the Cisco CSR 1000V Series Cloud Services Router
The Cisco CSR 1000V Series uses the benefits of virtualization in the cloud to provide the following:
Because the Cisco CSR 1000V runs on a virtual machine, it can be supported on any x86 hardware that the virtualization platform supports.
Sharing of resources
The resources used by the Cisco CSR 1000V are managed by the hypervisor, and resources can be shared among VMs. The amount of hardware resources that the VM server allocates to a specific VM can be reallocated to another VM on the server.
Flexibility in deployment
You can easily move a VM from one server to another. Thus, you can move the Cisco CSR 1000V from a server in one physical location to a server in another physical location without moving any hardware resources.
Software Configuration and Management Using the Cisco IOS XE CLI
You can perform software configuration and management of the Cisco CSR 1000V using the following methods:
Provision a serial port in the VM and connect to access the Cisco IOS XE CLI commands.
Use the virtual VGA console or the console on the virtual serial port to access the Cisco IOS XE CLI commands.
Note A serial port can be used to manage a Cisco CSR 1000V VM only if the underlying hypervisor supports associating a serial port with a VM. For example, the Citrix XenServer environment does not support serial port association. See your hypervisor documentation for details.
Use remote SSH/Telnet to access the Cisco IOS XE CLI commands.
The Cisco CSR 1000V also supports management and configuration using the following products:
The Cisco CSR 1000V router interfaces perform the same functionality as those on hardware-based Cisco routers. The Cisco CSR 1000V interfaces function as follows:
Interfaces are logically named as the Gigabit Ethernet (GE) interfaces.
The available interface numbering depends on the Cisco CSR 1000V version.
(Cisco IOS XE Release 3.11S and later) The interface numbering is as follows:
– Interface port numbering is from 1 and up to the number of interfaces supported.
– GigabitEthernet interface 0 is no longer supported beginning with this release.
– You can designate any interface as the management interface. You can change the management interface when deploying the OVA template on first-time installation.
(Cisco IOS XE Release 3.10S and earlier) The interface numbering is as follows:
– Interface port numbering is from 0 and up to the number of interfaces supported.
– Gigabit Ethernet interface 0 is reserved for the management interface used for obtaining the licenses and upgrading software.
At first boot, the Cisco CSR 1000V router interfaces are mapped to the vNIC interfaces on the VM based on the vNIC enumeration to the Cisco CSR 1000V; on subsequent boot, the Cisco CSR 1000V router interfaces are mapped to the vNIC MAC address
If upgrading to Cisco IOS XE Release 3.11S from an earlier release, we recommend you update your configuration to remove the GigabitEthernet 0 management interface before upgrading. Because the GigabitEthernet 0 interface is no longer supported beginning with Cisco IOS XE Release 3.11S, you will receive system errors if the upgraded configuration includes this interface.
A virtual machine (VM) is a software implementation of a computing environment in which an operating system (OS) or program can be installed and run. The VM typically emulates a physical computing environment, but requests for CPU, memory, hard disk, network and other hardware resources are managed by a virtualization layer which translates these requests to the underlying physical hardware.
You can deploy an Open Virtualization Archive (OVA) file. The OVA file package simplifies the process of deploying a VM by providing a complete definition of the parameters and resource allocation requirements for the new VM.
An OVA file consists of a descriptor (.ovf) file, a storage (.vmdk) file and a manifest (.mf) file.
ovf file—Descriptor file which is an xml file with extension.ovf which consists of all the metadata about the package. It encodes all the product details, virtual hardware requirements and licensing.
vmdk file—File format that encodes a single virtual disk from a VM.
mf file—Optional file that stores the SHA key generated during packaging.
You can also install the Cisco CSR 1000V using an.iso file and manually create the VM in the hypervisor.
A hypervisor enables multiple operating systems to share a single hardware host machine. While each operating system appears to have the dedicated use of the host's processor, memory, and other resources; the hypervisor controls and allocates only needed resources to each operating system and ensures that the operating systems (VMs) do not disrupt each other.
Supported Hypervisor Types
Installation of the Cisco CSR 1000V is supported on selected Type 1 (native, bare metal) hypervisors. Installation is not supported on Type 2 (hosted) hypervisors, such as VMware Fusion, VMware Player, or Virtual Box. The following table lists the supported hypervisor versions for your software release.
2.Requires QEMU-x86_64 version 1.0 (qemu-kvm-1.0), Copyright (c) 2003-2008 Fabrice Bellard.
3.VMware ESXi 5.5 update 3 is not supported at this time.
4.VMware ESXi 5.5 update 3 is not supported at this time.
5.VMware ESXi 5.5 update 3 is not supported at this time.
6.VMware ESXi 5.5 update 3 is not supported at this time.
Hypervisor features may differ depending on the hypervisor, and not all features in a given hypervisor version may be supported. The hypervisor versions listed are those officially tested and supported by the Cisco CSR 1000V. See the following sections for more information:
Depending on the Cisco CSR 1000V release version, each of the hypervisors supports different virtual network interface card (vNIC) types. The Cisco CSR 1000V also supports a different maximum number of vNICs depending on the hypervisor. Some versions and hypervisors also support the ability to add and remove vNICs without powering down the VM. This feature is known as vNIC Hot Add/Remove.
The following table lists the supported vNICs and the minimum and maximum number of vNICs supported for each VM instance.
The VMXNET3, VIF and Virtio NIC types listed in the table are para-virtualized NICs.
9.Prior to release 3.15S, vNIC Hot Remove requires reloading the Cisco CSR 1000V. This is applicable only when using the VMXNET3 driver.
10.Intel 10Gb PCI Express NIC Driver.
11.Intel 10Gb PCI Express NIC Driver.
12.Supported beginning with Cisco IOS XE Release 3.12.1S.
13.Intel 10Gb PCI Express NIC Driver.
14.Intel 10Gb PCI Express NIC Driver.
15.Prior to release 3.15S, vNIC Hot Remove requires reloading the Cisco CSR 1000V. This is applicable only when using the Virtio driver.
16.Supported beginning with Cisco IOS XE Release 3.12.1S.
17.Requires the host hardware to support the Intel VT-d or AMD IOMMU specification. SR-IOV is not supported with Virtual LANs (VLANs).
Supported I/O Modes and Drivers
The Cisco CSR 1000V operates within a virtualization environment. Data I/O involves communication between one or more vNICs of the guest OS in which the CSR is operating, and the physical NIC accessed by the host OS.
Beginning with Cisco IOS XE 3.16S, the CSR supports several modes of communication between the vNICs and the physical hardware:
Figure 1-2 Cisco CSR 1000V I/O Routing Between vNIC of Guest OS and Hardware NIC of Host
The following table indicates the drivers required to support various I/O modes.
Table 1-3 Driver Support for I/O Modes
Cisco CSR1000V Drivers
ixgbe (for Intel 10 gig NIC)
enic (for Cisco VIC)
Only applicable to Cisco VIC
There are 2 modes:
ESXi DirectPath IO : VMXNET3
PCI Passthrough : enic
The following table describes the limitations that apply to I/O modes.
Table 1-4 I/O Mode Limitations
PCI passthrough (enic)
Interoperability with another NIC: If enic is connected to other NIC (for example, Intel NIC) and then that NIC is used for other CSR VM (Para virtual or Passthrough), traffic will not pass through if enic is configured with VLAN.
If a VLAN is configured, the other NIC receives a VLAN packet with VLAN id of 0.
Jumbo packet support: In this release, jumbo packet (MTU > 1518) is not supported.
CDP is not supported.
HSRP standby cannot ping the HSRP group address
MTU change: After changing the MTU in the VM, it necessary to change the VF MTU on the host PF using the ip link set command. Otherwise, no traffic will pass. (Intel limitation)
MAC address change: After changing the MAC address, it is necessary to change the MAC address of the VF on the host PF using the ip link set command. Otherwise, no traffic will pass. (Intel limitation)
Maximum VLANs: The maximum number of VLANs supported on PF is 64. Together, all VFs can have a total of 64 VLANs. (Intel limitation)
Maximum Multicast filtering: Intel VF supports registering a maximum of 30 multicast addresses. (Intel limitation)
Layer2 Learning: Intel SRIOV VF does not support promiscuous mode, so Layer 2 functionality, such as EVC, does not work. (Intel limitation)
VM-FEX ESXi DirectPath IO (VMXNET3)
VLAN is not supported in high-performance mode.
Cisco CSR 1000V and Hypervisor Limitations
This section describes performance limitations due to how the Cisco CSR 1000V integrates with the supported hypervisors.
Cisco CSR 1000V and Hypervisor Limitations for Cisco IOS XE Release 3.12S
When the Cisco CSR 1000V is installed on Microsoft Hyper-V, the interface numbers can change after Microsoft Hyper-V fails over to a new server, or restarts after a live migration.
– If the server is set to perform ungraceful failover, there is no workaround.
– If the server is set to perform graceful failover or restart, enter the clear platform software vnic-if nvtable command before executing the failover or restart.
This issue is not seen if the maximum number of interfaces is configured.
When the Cisco CSR 1000V is installed on Microsoft Hyper-V, if you want to configure a VLAN, you must configure the VLAN interfaces on Microsoft Hyper-V using the Hyper-V Power Shell CLI.
When the Cisco CSR 1000V is installed on Microsoft Hyper-V and an NSF-based virtual hard disk is used, if there is a network connectivity issue between the Cisco CSR 1000V and the NSF server, the Cisco CSR 1000V is unable to use the virtual hard disk even if the network connection is restored. You must reboot the Cisco CSR 1000V to restore access to the virtual hard disk.
The Microsoft Hyper-V GUI only allows one VLAN to be specified for a Virtual Machine interface. This limits deployments where multiple VLANS for a Virtual Machine interface are used.
When the MAC address of a Cisco CSR1000V interface is changed from the address assigned by the hypervisor traffic with external devices is unsuccessful. This occurs even when MAC address spoofing is enabled on the Microsoft Hyper-V vSwitch. Operation of protocols like FHRP, CLNS, and Etherchannel that use their own MAC address may be unsuccessful.
In Microsoft Hyper-V environments, the following limitations apply when the Windows Power Shell CLI is used to configure VLANs:
– The power shell CLI commands must be reapplied each time the Cisco CSR1000V is reloaded.
– When a large AllowedVlanIdList is configured, only lower numbered VLANS may successfully pass traffic. For example, when the following Power Shell CLI command is used:
Only VLANS lower than 300 may successfully pass traffic.
Cisco CSR 1000V and Hypervisor Limitations for Cisco IOS XE Release 3.10S
Configuring Network Based Application Recognition (NBAR), or Application Visibility and Control (AVC) support on the Cisco CSR 1000V requires a minimum of 4GB of DRAM on the VM, even when using the one vCPU configuration on the VM.
On the Cisco CSR 1000V, all the NICs are logically named as the Gigabit Ethernet interface. The Cisco CSR 1000V does support the 10G IXGBE vNIC in passthrough mode; but that interface also is also logically named as a Gigabit Ethernet interface. Note that with emulated devices like VMXNET3/PV/VIRTIO from the hypervisor, the Cisco CSR 1000V is not aware of the underlying interfaces. The vSwitch may be connected to a 10-GB physical NIC or 1-GB physical NICs or multiple NICs (with NIC teaming on the hypervisor) as well.
The Cisco CSR 1000V supports an MTU range from 1500 to 9216 bytes. However, the maximum MTU supported on your hypervisor version may be lower. The MTU value configured on the Cisco CSR 1000V should not exceed the maximum MTU value supported on the hypervisor.
Cisco CSR 1000V and Hypervisor Limitations for Cisco IOS XE Release 3.9S
The following are the Cisco CSR 1000V and VMware ESXi limitations for Cisco IOS XE Release 3.9S:
The Cisco CSR 1000V interface bandwidth defaults to 1 GB, irrespective of the hypervisor’s physical NIC bandwidth. The routing protocols (OSPF, EIGRP) use the Cisco CSR 1000V interface bandwidth values for calculating the costs, not the physical NIC bandwidth.
When a Cisco CSR 1000V interface is directly connected to a physical router, and that physical router’s connecting interface goes down, the change is not reflected on the Cisco CSR 1000V. This is because the Cisco CSR 1000V is actually connected to the hypervisor’s vSwitch and the vSwitch uplink port is connected to the physical interface of the router. This behavior is expected.
The Cisco CSR 1000V provides an MTU range from 1500 to 9216 bytes. However, ESXi 5.0 supports only a maximum value of 9000 bytes.
The server and processor requirements are different depending on the Cisco CSR 1000V release.
Table 1-5 Server Requirements
Cisco CSR 1000V Release
Cisco IOS XE Release 3.9S
Intel Nehalem and later-generation processors are supported.
Cisco IOS XE Release 3.10S and later
Intel processors prior to the Nehalem generation are supported.
Note In Cisco IOS XE Release 3.9S, the Cisco CSR 1000V uses instructions not supported on Intel pre-Nehalem generation processors. The existence of the required Nehalem or later processor instruction set is determined at boot time. If the required instructions are not present, the following message is displayed:
%IOSXEBOOT-4-BOOT_HALT: (rp/0): Halted boot due to missing CPU feature requirement(s)
For Cisco Software Licensing (CSL), the software activation process is similar to that on other Cisco router products, but there are some differences and additional requirements. For details, see Cisco Software Licensing (CSL).
The Cisco CSR 1000V supports the following license types depending on the software release:
Perpetual and subscription term licenses for 1, 3, and 5 years based on the following attributes:
– Cisco IOS XE technology packages (Standard, Advanced and Premium) in Cisco IOS XE releases 3.12S and earlier
– Cisco IOS XE 3.13S and higher, the following Cisco IOS XE technology packages: IPBase, Security, AX and APPX (supported by Cisco Smart Licensing (SL) beginning with Cisco IOS XE 3.14S)
– Maximum supported throughput level for the AX package: 10, 25, 50, 100, 250, or 500 Mbps; 1 or 2.5 Gbps
– Maximum supported throughput level for the Security and APPX packages: 10, 25, 50, 100, 250, or 500 Mbps; 1, 2.5, or 5 Gbps
– Maximum supported throughput level for the IPBase package: 10, 25, 50, 100, 250, or 500 Mbps; 1, 2.5, 5, or 10 Gbps
Memory upgrade licenses (selected technology packages and throughput levels only)
21.The Security package replaces the Advanced package.
22.The AX package replaces the Premium package.
The supported performance indicates the maximum throughput supported by the Cisco CSR 1000V for the license. If the throughput exceeds the supported performance, the router may experience dropped packets and you will receive notification that the supported performance has been exceeded. The Cisco CSR 1000V uses a performance limiter to regulate the throughput level. For more information, see the “Configuring an Interface for 10 Gbps Maximum Throughput” section.
If additional performance is required, an additional license for a separate Cisco CSR 1000V VM must be purchased. The Cisco CSR 1000V supports only one router instance per VM.
The Cisco CSR 1000V software licenses operate as follows:
Each software license can be used for only one VM.
You can install more than one license on a VM, but the multiple licenses can only apply to that VM.
Similar to Cisco hardware products, the software license is node-locked to the unique device identifier (UDI) of that product. The Cisco CSR 1000V generates a Virtual UDI (vUDI) when first installed on the VM, and licenses are node-locked to that vUDI. One license per VM instance is required. Instances that are cloned from a repository must generate a new vUDI.
Note When you clone the Cisco CSR 1000V, you will automatically get a new vUDI, and all the licenses from the original VM should be removed.
You must purchase and install a new technology package license if you want to upgrade or downgrade the technology level. For example, if you have a Premium technology package license and you want to downgrade to the Standard technology package, you must purchase a new Standard technology package license.
In Cisco IOS XE Release 3.10S, the default license will not enable advanced IPsec features and MPLS.
The Cisco CSR 1000V does not provide or support Right-to-Use performance licenses.
You will receive warning notices that the subscription term license will expire beginning eight weeks before license expiration.
The licenses must be activated in order for the Cisco CSR 1000V network ports to provide the supported throughput.
When the Cisco CSR 1000V is first booted, the router operates in evaluation mode, and provides limited feature support and limited throughput. To obtain the full feature support and throughput provided by your license, you must install the license using the license install command. The configuration requirements depend on the release version:
In Cisco IOS XE 3.12S and earlier, to access the features supported in your license, you must enter the license boot level command and set it to the level supported by your license. The Cisco CSR 1000V must be rebooted for the new license level to take effect and to have the new license applied.
In Cisco IOS XE 3.13S and later, the Cisco CSR 1000V first boots up in the AX technology mode by default, so all features in this package are supported. Installing an AX technology license applies the AX license immediately, and the throughput is increased to the maximum throughput of the installed license. Rebooting the router is not required.
If you install a different technology license (IPBase, Security or APPX), the corresponding license boot level command setting is automatically added to the running configuration, but you must reboot the router for the new license technology level to take effect and to have the license applied.
The installed license technology package must match the router’s current technology level (as shown with the show version command). If the license package does not match the current license level the throughput is limited to 100kbps. To apply a license belonging to a different technology package level, you must update the license level using the license boot level command and reboot the Cisco CSR 1000V for the new license level to take effect.
If the throughput license expires or becomes invalid, the maximum throughput of the router reverts to 2.5 Mbps (Cisco IOS XE 3.12S and earlier), or 100 Kbps (Cisco IOS XE 3.13S and later), upon reload.
The subscription term begins on the day the license is issued.
Beginning with the Cisco IOS XE 3.13S release, the CSR 1000V boots by default with the following features:
AX technology package features
100 Kbps maximum throughput
Evaluation License Options
Evaluation licenses valid for 60 days are available at the Cisco licensing portal.
The evaluation license options enable test driving additional technology packages and higher throughputs. (The throughputs available through evaluation licenses are the highest supported throughput levels for the package type.)
IPBase Technology package, 10 Gbps
SEC Technology package, 5 Gbps
APP Technology package, 5 Gbps
AX Technology package, 2.5 Gbps
1000 broadband sessions
12 GB memory upgrade
Testing a Lower Maximum Throughput
To test a lower throughput license type not listed here, use the platform hardware throughput level MB <throughput> command to set the throughput to a supported level below that provided by the installed license. This has the same effect as installing a license for that throughput level. For example, on a CSR 1000V with a 5 Gbps license installed, the following command sets the throughput level to 250 Mbps:
Step 2 On the Product License Registration page, select “Continue to Product License Registration.”
Step 3 In the Get Other Licenses section, select “Demo and Evaluation.”
Step 4 In the Product Family section, select “Routers & Switches.” In the Product section, select “Cisco Cloud Services Router 1000V.” Click Next.
Step 5 Select the desired license type. Enter the UDI Serial number, then click Next to generate the license. You can display the UDI Serial number on your router by entering the show license udi command.
Cisco Smart Licensing (SL)
Beginning with Cisco IOS XE Release 3.14S, the Cisco CSR 1000V supports activation using Cisco Smart Licensing (SL). To use Cisco Smart Licensing, first configure the Call Home feature and obtain Cisco Smart Call Home Services. For details, see Cisco Smart Licensing.
The Cisco CSR 1000V supports the following license types:
For Cisco IOS XE 3.14S and higher, the following Cisco IOS XE technology packages:
Cisco CSR 1000V Series Architecture Differences from Hardware Platforms
Unlike traditional Cisco hardware router platforms, the Cisco CSR 1000V Series is a virtual router that runs independently on an x86 machine. As a result, the Cisco CSR 1000V Series architecture has unique attributes that differentiate it from hardware-based router platforms.
For example, Table 1-7 lists a comparison of some key areas where the Cisco CSR 1000V Series differs from the Cisco ASR 1000 series routers.
Table 1-7 Cisco CSR 1000V Series Architecture Differences with Cisco ASR 1000 Series Routers
Cisco ASR 1000 Series
Cisco CSR 1000V Series
The Cisco CSR 1000V does not include a hard disk. The software image is stored on bootflash only (8 GB).
Managed by architecture of the hardware platform.
Managed by the hypervisor. Physical resources are shared among VMs.
Console types supported
Physical serial port.
Virtual VGA console
Virtual serial port network option (virtual terminal server)
Named pipe option
Physical serial port on the ESXi or KVM host
The Cisco CSR 1000V does not include ROMMON, but uses GRUB to provide similar but more limited functionality.
The Cisco CSR 1000V Series Cloud Services Router supports selected Cisco IOS XE technologies. The Cisco CSR 1000V supports a more limited set of functionality compared to other router platforms.
Table 1-8 lists the major Cisco IOS XE technologies the Cisco CSR 1000V supports. Technologies not listed are not currently supported on the Cisco CSR 1000V. Not all features in a given technology may be supported. To verify support for specific features, use Cisco Feature Navigator. For more information, see the “Using Cisco Feature Navigator” section.
Managing the Router Using Cisco Configuration Professional
Beginning with Cisco IOS XE Release 3.12S, the Cisco CSR 1000V supports managing the router using Cisco Configuration Professional. The minimum version required is Cisco Configuration Professional 2.8. For more information, see the Cisco Configuration Professional documentation.
Managing the Router Using the Cisco IOS XE REST API
Beginning with Cisco IOS XE Release 3.10S, a REST API is available as an alternative method for managing the Cisco CSR 1000V router. The following requirements apply to the Cisco IOS XE REST API (formerly called the Cisco CSR 1000V REST API):
The Cisco IOS XE REST API supports only selected features and technologies compared to the Cisco IOS XE command-line interface.
Note The Cisco CSR 1000V currently does not fully support IPv6 for the REST API.
The REST API is supported over HTTPS only.
– In Cisco IOS XE Release 3.10S, you must enable HTTPS support.
– Beginning with Cisco IOS XE Release 3.11S, HTTPS support is enabled by default.
– Beginning with Cisco IOS XE releases 3.13.2, 3.14.1, and 3.15, REST API (and PNSC) support is limited to TLS.
The Cisco CSR 1000V Amazon Machine Image (AMI) does not support management of the router using the REST API.
Managing the Router Using Cisco Prime Network Services Controller
Beginning with Cisco IOS XE Release 3.11S, you can use the Cisco Prime Network Services Controller to provision, manage, and monitor the Cisco CSR 1000V. Cisco Prime Network Services Controller can be used to streamline configuration when you are provisioning and managing many Cisco CSR 1000V VMs.
If deploying the Cisco CSR 1000V on ESXi, support for remote management using PNSC can be configured while deploying the OVA template. If deploying the Cisco CSR 1000V on other hypervisors, or if launching the Cisco CSR 1000V on an AWS instance, the PNSC configuration settings are performed using the Cisco IOS CLI.
Finding Support Information for Platforms and Cisco Software Images
Cisco software is packaged in feature sets consisting of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco software images are included in a release. To identify the set of software images available in a specific release or to find out if a feature is available in a given Cisco IOS XE software image, you can use Cisco Feature Navigator, the Software Advisor, or the software release notes.
Using Cisco Feature Navigator
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Using the Software Advisor
To see if a feature is supported by a Cisco IOS XE release, to locate the software document for that feature, or to check the minimum Cisco IOS XE software requirements with your router, Cisco maintains the Software Advisor tool on Cisco.com at:
You must be a registered user on Cisco.com to access this tool.
Using the Software Release Notes
Cisco IOS XE software release notes provide the following information:
Open and resolved severity 1 and 2 caveats
Release notes are intended to be release-specific for the most current release, and the information provided in these documents may not be cumulative in providing information about features that first appeared in previous releases. See Cisco Feature Navigator for cumulative feature information.