Cisco CSR 1000v Series Cloud Services Routers Overview


Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.

Virtual Router

The Cisco CSR 1000v Cloud Services Router is a cloud-based virtual router deployed on a virtual machine (VM) instance on x86 server hardware. It supports a subset of Cisco IOS XE software features and technologies, providing Cisco IOS XE security and switching features on a virtualization platform.

When the Cisco CSR 1000v is deployed on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.

Secure Connectivity

The Cisco CSR 1000v provides secure connectivity from an enterprise network (such as in a branch office or data center) to the public or private cloud.

System Requirements

Software Images and Licenses

The following sections describe the licensing and software images for the Cisco CSR 1000v.

Cisco Smart Licensing

The Cisco CSR 1000v supports activation using Cisco Smart Licensing. To use Cisco Smart Licensing, you must first configure the Call Home feature and obtain Cisco Smart Call Home Services. For more information, see the Smart Licensing Guide for Access and Edge Routers.

Cisco CSR 1000v Evaluation Licenses

Evaluation license availability depends on the software version:

The following evaluation licenses are available:

  • IPBASE technology package license with 10 Gbps maximum throughput

  • SEC technology package license with 5 Gbps maximum throughput

  • APPX technology package license with 5 Gbps maximum throughput

  • AX technology package license with 2.5 Gbps maximum throughput

If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.

For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .

Cisco CSR 1000v Software Licenses

Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.

Current License Types

The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):

  • IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)

  • Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)

  • AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)

  • APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)

Legacy License Types

The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.

Features Supported by License Packages

For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.


The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:

  • 10 Mbps

  • 50 Mbps

  • 100 Mbps

  • 250 Mbps

  • 500 Mbps

  • 1 Gbps

  • 2.5 Gbps

  • 5 Gbps

  • 10 Gbps

The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.

Memory Upgrade

A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.

Additional Information about Licenses and Activation

For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.

Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files

The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.

For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:

  • csr1000v-universalk9.16.04.01.ova

  • csr1000v-universalk9.16.04.01.iso

  • csr1000v-universalk9.16.04.01.qcow2

The filename attributes are listed below, along with the release properties.

Table 1. OVA Installation Filename Attributes

Filename Attribute



Installed image package.


Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release).

std or ext

Standard release or extended maintenance support release.

New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.x

New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a

The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.12.1a release:
  • Support for L2 Extension for Public Cloud: From this release, you can enable enterprise and cloud providers to deploy a secure hybrid cloud extension with CSR 1000V instances using LISP. Use the command-line interface to extend a Layer 2 domain to the public cloud using one subnet from the enterprise data center. You can achieve benefits such as IP mobility and workload migration by configuring L2 extension for public cloud.

  • Using custom data for Day 0 configuration: When you deploy a Cisco CSR 1000v VM instance on Google Cloud Platform, you can choose to either use the console to access the startup script, or use the CLI to access the custom data to achieve a variety of automation goals. The custom data in GCP allows you to run Cisco IOS XE configuration commands, install Python packages in guestshell on Day0, run scripts in guestshell on Day0, and provide licensing information to boot the CSR 1000v instance with a desired technology package.

  • Support for IPv6 for CSR 1000v instance running on AWS: From the 16.12.1 release, IPv6 addressing is supported for CSR 1000v instances running on Amazon Web Services. Implementing basic IPv6 connectivity in the Cisco software consists of assigning IPv6 addresses to individual device interfaces. You can also enable IPv6 traffic forwarding globally, and Cisco Express Forwarding switching for IPv6. You can enhance basic connectivity functionality by configuring support for AAAA record types in the Domain Name System (DNS) name-to-address and address-to-name lookup processes, and by managing IPv6 neighbor discovery.

  • IPv6 support for Encrypted Traffic Analytics: Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.

  • VNF Secure Boot: The secure boot feature prevents malicious software applications and unauthorized operating systems from loading into the system during the system start up process. This feature ensures that the software applications that boot up on the device are certified by Cisco. A secure compute system ensures that the intended software on the system runs without malware or tampered software.

  • Unclassified-mac initiator with IANA: The Unclassified Mac Initiator with IANA feature supports ISG IPv6 sessions based on the unclassified mac address of the subscriber. If subscriber uses DHCPv6 for getting IPv6 addresses, ISG supports creation of subscriber sessions based on DHCPv6 packets with the IANA option.

  • Show commands updates for SRTP Rollover Counter (ROC): The output of the following commands is enhanced to display SRTP ROC information: show voip fpi calls, show voip fpi stats, show voip rtp connections.

  • PFS for GIKEv2: If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. Use Perfect Forward Secrecy (PFS) for GETVPN so that the attacker cannot use the keys and messages to obtain the keys of past or future sessions to decrypt recorded or future communication.

  • Support for SVTI multi-SA: You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.

  • Public Sector Certs: FIPS: Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal Government for use in computer systems by non-military government agencies and government contractors. Ensure to configure devices to use only FIPS approved algorithms (even though devices prevent the use of non-FIPS compatible algorithms in the FIPs mode) because some functionalities may fail in the FIPS mode if the device attempts to use non-FIPS compliant algorithms.

  • Web User Interface - Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on Web User Interface from Cisco IOS XE Gibraltar 16.12.1:
    • Configuring Cisco Unified Communications Manager Express

    • File Manager

    • Configuring Trustsec

    • Monitoring Trustsec Statistics

New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.2

The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.12.2 release:
  • Support for Media Flow-around using Multi-VRF: Support for Media flow-around using Multi-VRF is added following call flows in standalone and high availability scenarios:
    • Basic Audio Call

    • Call Hold and Resume

    • Re-INVITE based Call Transfer

    • 302 based Call Forward

    • Fax Pass Through Calls

    • T.38 Fax Calls

Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.x

Using the Cisco Bug Search Tool

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Open Bugs for Cisco IOS XE Gibraltar 16.12.1a

Caveat ID Number



Azure: CSR with Custom data throws % (CVAC) Command failed: PRC_INVALID, PRC_FAILURE_PERMANENT


1 NIC deployment in Azure: not able to SSH into the box

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a

Caveat Number ID



CSR1kv Factory Reset - Retaining eval timers


AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa


The management IP address is not properly configured with CSR1K VNF


Support MBRv2 partition scheme and Grub2 install in all clouds


CSR1000v IC2M Self Integrity Test Bypassed


CSR1kv router crash due to file descriptor leak


CSR1000v - i40evf interface shows Up but does not pass traffic


CSR1000v No User Settable MTU

Open Bugs for Cisco IOS XE Gibraltar 16.12.2

Caveat ID Number



CSR1000v Azure HAv3 route table update fails with non-IP address next hop entries

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2

Caveat ID Number



unable to modify interface speed for CSRv cEdge


ISRv GE intefaces show ingress traffic even in admin shut down state


CUBE must preserve ROC values after master key is re-keyed


Issue with installing CSR 1KV MEMORY 4G license with SLR


CSR+SDWAN on AWS will install default route in startup config which conflicts with some topologies


Throughput defaulted when UDI is corrupted

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2s

Caveat ID Number



MAP-E: Remove embedded customer specific data from the image