Cisco CSR 1000v Series Cloud Services Routers Overview


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


Virtual Router

The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.

When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.

Secure Connectivity

CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.

Software Images and Licenses

The following sections describe the licensing and software images for CSR 1000V.

Cisco CSR 1000V Evaluation Licenses

Prior to Release 3.13, Cisco provided a built-in evaluation with the CSR 1000V instance, where you could use the Premium Technology Package at a maximum throughput of 50 Mbps for 60 days. With Release 3.13 and later, Cisco has moved to a self-service model to provide the flexibility of trialing additional technology packages and higher throughputs.

Evaluation licenses are valid for 60 days and are available with a valid Smart Account. To request an evaluation license, contact Cisco or a qualified Cisco partner.

The following evaluation licenses are available:

  • IPBASE technology package license with 10 Gbps maximum throughput

  • SEC technology package license with 5 Gbps maximum throughput

  • APPX technology package license with 5 Gbps maximum throughput

  • AX technology package license with 5 Gbps maximum throughput

If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.

For instructions on obtaining and installing evaluation licenses, see the Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later section in the Cisco CSR 1000v Software Configuration Guide .

Cisco CSR 1000V Software Licenses

Cisco CSR 1000V software licenses are divided into feature set licenses. The supported feature licenses depend on the release.

Current License Types

The following are the license types that are supported in Cisco IOS XE Everest 16.4.1 and later:

  • IPBASE: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)

  • SEC (Security): IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)

  • AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)

  • APPX Package: IPBase package + Advanced Networking features - Security features (IP security features are not supported in this package)

Legacy License Types

The three legacy technology packages - Standard, Advanced, and Premium - were replaced in Cisco IOS XE Release 3.13 with the IPBAsE, SEC, and AX technology packages.

Features Supported by License Packages

For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.

Throughput

The Cisco CSR 1000V router provides term subscription licenses that support the feature set packages for the following maximum throughput levels:

  • 10 Mbps

  • 50 Mbps

  • 100 Mbps

  • 250 Mbps

  • 500 Mbps

  • 1 G bps

  • 2.5 Gaps

  • 5 Gbps

  • 10 Gbps (IPBASE only)

The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.

Memory Upgrade

A memory upgrade license is available to add memory to the Cisco CSR 1000V router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.

Additional Information about Licenses and Activation

For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.

Software Image Nomenclature for Installation Files

The Cisco CSR 1000V installation file nomenclature indicates properties supported by the router in a given release.

For example, these are filename examples for the Cisco IOS XE Amsterdam 17.2.1 release:

  • csr1000v-universalk9.17.02.01.ova

  • csr1000v-universalk9.17.02.01.iso

  • csr1000v-universalk9.17.02.01.qcow2

The following table lists the filename attributes along with its properties:

Table 1. OVA Installation Filename Attributes

Filename Attribute

Properties

universalk9

Specifies the package that you are installing.

17.02.01

Indicates that the software image is mapped to the Cisco IOS XE Amsterdam 17.2.1 release.

New and Enhanced Features for Cisco IOS XE Amsterdam 17.3.x

New and Enhanced Features for Cisco IOS XE Amsterdam 17.3.x

The following are the new CSR 1000V software features for Cisco IOS XE Amsterdam 17.3.1 release:


Note

Cisco IOS XE Amsterdam 17.3.1a is the first release for Cisco CSR 1000V Router in the Cisco IOS XE Amsterdam 17.3.1 release series.


  • Support for Azure-PMD (Poll Mode Driver): You can now enable the Azure-PMD functionality for Cisco CSR 1000V instances running on Microsoft Azure. This functionality offers a faster, user-space packet processing framework that bypasses the VM's kernel network stack to increase the speed of network traffic. In a typical packet processing that uses the kernel network stack, the process is interrupt-driven, which involves context switching from the kernel space to the user space. Azure-PMD eliminates this context switching and the interrupt-driven method in favor of a user-space implementation that uses poll mode drivers for faster packet processing.

  • Configure IP Multicast over Unidirectional links for PIM: Unicast and multicast routing protocols forward data on interfaces from which they have received routing control information- this requires a bidirectional link. However, some network links are unidirectional, where the physical send-only interface is on the upstream router and the physical receive-only interface is on the downstream router. To control routing information in these unidirectional environments, you need to enable the IP multicast over UDL functionality. To enable this functionality, you can now configure a UDL routing tunnel as a unidirectional generic routing encapsulation (GRE) tunnel and map this to a one-way satellite link, which in turn enables the associated unicast and multicast routing protocols to treat the UDL as a bidirectional link.

  • Support for KVM (RHEL) 7.5 and 7.7 and ESXi 6.5 and 6.7.

  • Support for openconfig-lldp 0.2.1: From the Cisco IOS XE Amsterdam 17.3.1 release, the openconfig-lldp 0.2.1 is supported. No additional configuration is required.

  • Show platform resources command: The existing show platform resourses command now includes the following extension keywords to help you gather more information on platform resource utilization: R0, R0 cpu, R0 memory, exmem, datapath, and datapath oversubscriptions.

  • Show packet tracer command: The output of the show platform packet-trace command now includes additional trace information for packets either originated from IOSd or destined to IOSd or other BinOS processes.

  • Enable debug information for Multicast: The following debug commands are introduced to enable the debugging information for Multicast via CONFD/NetConf:

    • debug platform condition feature multicast controlplane level

    • debug platform condition interface gigabitEthernet 0/0/1.2 ipv4 access-list mcast

    • debug platform condition feature multicast dataplane v4mcast submode

    • debug platform condition feature multicast dataplane v6mcast submode

  • New cipher suites for IP ssh Client and Server Algorithm: You can configure the HMAC algorithm of HMAC-SHA2-256-ETM@openssh.com or HMAC-SHA2-512-ETM@openssh.com as a cryptographic algorithm. These cipher suites can be used with the ip ssh client algorithm mac and ip ssh server algorithm mac commands.

  • CUBE: Up to 100 VRF Instances: The current support limit is 54 VRF instances on a CUBE box. This requires customers to purchase additional hardware to meet requirements. For deployments such as HCS that need to support greater number of tenants per box, the limit of VRF instances is enhanced to 100 with this feature. Also, support is introduced for this feature in CUBE Enterprise with this release.

  • CUBE: Dial Peer Binding with Live Traffic: The Live Bind feature allows you to either change or add binding on a dial-peer that does not have any active calls, while other dial-peers with the same binding has active calls.

  • CUBE: Media Proxy Multi-forking using SIPREC: With this feature, the SIPREC-based CUBE Media Proxy solution supports forking to multiple recorders.

  • CUBE: OPUS Codec Negotiation: With this feature, support is introduced for OPUS audio codec with CUBE.

  • CUBE: TLS Server Name Indication (SNI) - RFC6066: With this feature, support is introduced for Server Name Indication (SNI). SNI is a TLS extension that allows a TLS client to indicate the name of the server that it is trying to connect during the initial TLS handshake process.


Note

When you execute the show tech-support command multiple times in an oversubscribed environment, it might cause the device to lose ssh connectivity. If this occurs, reload the device and ensure that the environment is not oversubscribed.



Note

When you upgrade from one Cisco IOS XE release to another, you may see a %Invalid IPV6 address error in the console log file. To rectify this error, enter the global configuration mode, re-enter the missing IPv6 alias commands, and save the configuration. The commands are persistent on subsequent reloads.



Note

Some YANG models are not fully compliant with all the IETF guidelines. The errors and warnings shown while executing pyang with -–lint flag is currently deemed to be non-critical as they do not impact the semantic of the models or prevent the models from being used as part of the toolchains. To determine the issues with the models, run the check-models.sh script with --lint flag enabled.

It is recommended to ignore LEAFREF_IDENTIFIER_NOT_FOUND and STRICT_XPATH_FUNCTIONS errors types when running pyang for validation as they are non-critical errors and doesn’t impact the YANG model functionality.


Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.x

Using the Cisco Bug Search Tool

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all the bugs specific to a product and a release.

You can filter the search results by the last modified date, bug status (open or resolved), severity, rating, and support cases.

Open Bugs for Cisco IOS XE Amsterdam 17.3.1

Caveat ID Number

Description

CSCvu52185

CSR1000v may unexpectedly reload (or hang) due to keepalive failures

CSCvv38068

C8000v not booting up in Azure if assigned IPaddr 10.0.1.0 to Gig1 Interface

Resolved Bugs for Cisco IOS XE Amsterdam 17.3.1

Caveat ID Number

Description

CSCvs81791

Fix for kernel driver issue causing wake up for empty block, packet too large to process

CSCvt16915

CSR Gig3 Interface not created even after ENI is attached to VM instance in AWS

CSCvt31588

CSR on AWS - PAYG Broken in 17.1, 17.2, and Polaris

CSCvt50394

Custom Data: bash/python scripts in Scripts section does not execute

CSCvu34653

CSR stuck in Bootloop while upgrading to 17.2.1r on Azure.

CSCvt94976

vmxnet3 vnics need ability to set MTU

Resolved Bugs for Cisco IOS XE Amsterdam 17.3.2

Caveat ID Number

Description

CSCvv03800

ASR1002X lost all configuration after upgrade from 16.12 to 17.3.

CSCvv04959

GRUB2 Arbitrary Code Execution Vulnerability.

CSCvv85766

Memory leak upon ssh/scp connections to a router.

Open Bugs for Cisco IOS XE Amsterdam 17.3.3

Caveat ID Number

Description

CSCvw89147

Crash at the moment of calculating tcp header

CSCvw92643

Netflow crash at fnf_ipv6_output_feature_final_internal with flow record on IPv6 IPsec tunnel

CSCvx14095

NETCONF ACL not working if ACL is referencing an object-group

CSCvx18526

Clients using DHCP Server Port-Based Address Allocation not getting IP address

CSCvx24332

ucode crash with firewall timer lock

CSCvx24707

BGP-neighbor down when push banner configuration failure

CSCvx25680

IOS-XE Memory Leak in SSS Manager

CSCvx26652

Router crash observed when AppNav Cluster delete with service-insertion enabled on LAN interface

CSCvx35902

FMAN_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash

CSCvx40030

IP PIM SPT-threshold infinity causes ICMP Echo Replies to not be generated for IP Multicast Requests

Resolved Bugs for Cisco IOS XE Amsterdam 17.3.3

Caveat ID Number

Description

CSCuv97577

Mishandling of dsmpSession pointer causes a crash

CSCvu23516

Static routes pointing to interface tunnel not valid after tunnel's source interface flaps.

CSCvu32771

IOSD crash due to segmentation fault at SISF Main Thread

CSCvv03229

Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel

CSCvv09342

Cloud Express probes fails when two default rules are present

CSCvv40006

Traceback: IP SLA triggers INJECT_HDR_LENGTH_ER and INJECT_FEATURE_ESCAPE log message

CSCvv61770

Crash seen in isis_sr_uloop_lspdb_dump with 'debug isis microloop' enabled

CSCvv64633

BGP: advertised community list is malformed due to GSHUT community

CSCvv78028

No responder-bytes from cEdge when UTD is enabled

CSCvv79273

Router may crash when using Stateful NAT64

CSCvv88621

GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage

CSCvv91865

Moving PC from network causes static DHCP binding to be removed from the device.

CSCvw06719

"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload

CSCvw06780

DMVPN with ipv6 link-local address do not register to HUB

CSCvw09486

Router might crash after apply a class-map in input direction with bandwidth percentage

CSCvw10972

NAT64 ALG: Router crashes on nat64_process_token

CSCvw11902

Passive FTP doesn't work with NAT

CSCvw14131

Crash in TCL Bytecode When Running RA Trace in Guestshell Python

CSCvw16643

Device Template failing to attach after changing few device variables

CSCvw19171

Smart license registration through explicit mode proxy server

CSCvw19362

[EVPN RT2-RT5] After few host moves RT2-RT5 re-origination happens even when there is no Remote RT2

CSCvw22760

MACSEC MKA stops forwarding data after every 3rd rekey

CSCvw30128

ip-acl errors of correcting the logic of sequence id when there is an error with msg creation

CSCvw32481

EVPN Type-2 IP/MAC route is created for not-connected SVI

CSCvw33113

Unexpected reload in NHRP when access to an invalid memory region

CSCvw34157

APPNAV CFT crashes

CSCvw37109

Pseudowire interface may be unexpectedly removed from VFI on unrelated configuration change

CSCvw38433

OMP-Agent Routes in EIGRP changes AD to 252 on non-SDWAN devices

CSCvw39383

CPP ucode crash with fw_base_flow_create

CSCvw41482

SSH with Certificate authentication doesn't work after upgrade to 17.3.1

CSCvw47800

HSL Export over VASI Interface causes Netflow v9 Template Flooding

CSCvw48800

unable to transfer 1500 byte IP packet when using BRI bundled Multilink

CSCvw48811

RP went down due to __be_iosd_rec_malloc_free_before

CSCvw54076

[SIT]: BFD sessions not established between Edges, with UTD enabled

CSCvw55030

Dynamic Nat pool "ip aliases" are not created on the device

CSCvw56517

LMR Unable to hear first seconds of audio

CSCvw58560

FlexVPN reactivate primary peer feature does not work with secondary peer tracking

CSCvw64559

Throughput license grace period starts counting down after upgrade router software

CSCvw76715

OpenSSL vulnerability (CVE-2020-1971) evaluation for IOS-XE

CSCvw77485

Router may not send PIM Register message if RP is reachabile over TE tunnel

CSCvw80173

BGP AS-path prepend: cEdge won't update correctly better prepended route.

CSCvw84759

Device is crashing after Device Access Policy is attached

CSCvw84883

DDNS feature triggers crash on 16.X/17.X releases due to memory corruption

CSCvw86295

Crash wile configuring l2vpn evpn instance for VXLAN

CSCvw97748

Decouple mac aging from ARP aging on vlans not using the centralized gw feature

CSCvx02515

BGP IPv6 link-local session doesn't come up

CSCvx08852

Not able to create VFI instances

CSCvx12686

Memory Lock and system crashed while clearing ip access-list stats.

CSCvx19209

ISIS crash in isis_sr_tilfa_compute_protection

CSCvx36844

Control plane hitting EID prefix entry limit for MAC after upgrade

Open Bugs for Cisco IOS XE Amsterdam 17.3.4

Caveat ID Number

Description

CSCvt62123

DMVPN - after removing IPSec, traffic is dropped on a tunnel interface

CSCvu06483

Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured

CSCvv17346

unexpected reload due to Crypto IKEv2 process

CSCvv38438

Watchdog timeout due to Crypto IKMP

CSCvv48885

can not update local-address in a crypto keyring

CSCvw48943

crypto ikev2 proposals are not processed separately

CSCvw60359

cEdge-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working.

CSCvw91361

Crash when issuing "show crypto isakmp peers config"

CSCvw94166

IKE should have a mechanism to alert or mitigate resource exhaustion due to QM flooding

CSCvx27965

cEdge ipv6 netflow with high scale flows FNF does not working

CSCvx35902

fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash.

CSCvx64449

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format

CSCvx74212

IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ

CSCvx90032

CSR in Azure can fail to authenticate using AAD

CSCvx94285

CSR crashes after oce_lookup_one_adj_id_handle while reading emu_mem.

CSCvy10041

Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map

CSCvy33639

SDWAN: Cisco 1000v Series CSR deployed in Microsoft Azure throwing continuous errors on consol.

CSCvy52270

Cisco 1000v Series CSR/Cisco 8000v Series CSR: Console Port Access change CLI does not work in CONTROLLER mode

CSCvy54048

CPP Crash While Freeing CVLA Chunk

CSCvy54314

Data-policy local-tloc with app-route is dropping packets when SLA is not met

CSCvy55408

Cisco 1121 ISR router multiple crash. - session hash corrupted

CSCvy58115

Cedge : Cloudexpress Office 365 probes are hitting 100% loss

CSCvy64180

ccedge Cisco 1121-4P CSR crahed with Localsoft error

CSCvy67301

URL Filtering regex pattern match not working on large pattern

CSCvy73818

cEdge QFP starts dropping traffic - UTD Service Node not healthy ident

CSCvy78087

Qos download failed with FW policy when rebooting device

CSCvy78123

cEdge: High CPU usage due to Multicast and Data Policy configuration.

CSCvy69555

Unable to fetch eigrp prefix, nexthop, omptag, and route origin

Resolved Bugs for Cisco IOS XE Amsterdam 17.3.4

Caveat ID Number

Description

CSCvv53387

cedge is sending incorrect if index values for the sub-interfaces.

CSCvv92064

App-aware policy need to be honored when queuing is not set by localized policy

CSCvw05211

Pre-mature session deletion leading to churn and lower TPS at scale

CSCvw23197

BFD sessions go down on Service VPN after UTD is enabled on cEdge

CSCvw42048

Cisco 1111 CSR vtcp may cause packet drop for sip packets causing phones to reset

CSCvw81572

Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4

CSCvw83359

AWS:Cisco 8000kv CSR crashed and reboots if shut/no shut an interface a number of times

CSCvw93490

Cisco 1000v CSR crashing frequently with Critical software exception error.

CSCvx02009

cEdge running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE

CSCvx21270

SDWAN custom policy that does not looked to be programmed correctly on the cedge platform

CSCvx23159

FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed

CSCvx32670

Wrong reload reason reflected after a power outage.

CSCvx36205

Removing and Adding Bulk ACL leads to dataplane programming failure

CSCvx36763

Zone Based Firewall on cEdge router dropping web traffic with the reason Zone-pair without policy

CSCvx43331

Cisco 1000v CSR: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass

CSCvx43798

SIT 17.5.1 02/01: Stby switch reloaded due to config mismatch during telemetry push from DNAC.

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

CSCvx51664

For-us Icmp packets are collected by cflowd which against the data-policy

CSCvx53049

Crash when TPOOL is updating and 'wr mem' is issues at same time

CSCvx57615

ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent

CSCvx64640

Data plane VPLS traffic generating Control Word on all Label Switched Headers

CSCvx64846

"show sdwan policy service-path/tunnel-path" command cause device crash

CSCvx72682

[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC

CSCvx73741

custom app not getting detected after attached removed and re-attached- app-visibility is disabled

CSCvx77203

[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled

CSCvx78215

An IOS XE device might crash at DoubleExceptionVector

CSCvx79113

SDWAN cedge : traffic simulation tool shows traffic blackhole

CSCvx87726

Cisco 1000v CSR Multicast Over OTV Not Forwarding

CSCvx88246

Packets dropped due to firewall + data policy interop issue

CSCvx89710

SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible"

CSCvx97718

vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset

CSCvy06736

Config out of sync after upgrading to 17.4.1

CSCvy25957

Security container is dropping legitimate FIN,ACK Packets

CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

CSCvy35044

Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED