Deploying Cisco CSR 1000v on Google Cloud Platform

Overview of Cisco CSR 1000v on Google Cloud Platform

The Cisco Cloud Services Router (CSR) 1000V is a virtual router running Cisco IOS XE. Most Cisco IOS XE features are available on the Cisco CSR 1000V.

You can choose to deploy Cisco CSR 1000V software on new or existing infrastructure, such as a VPC network.

The following VPN features are supported on the Cisco CSR 1000V: IPsec, DMVPN, FlexVPN, Easy VPN, and SSLVPN. You can use dynamic routing protocols, such as EIGRP, OSPF, and BGP.

You can secure, inspect, and audit network traffic with the application-aware Zone-Based Firewall. You can also use IP SLA and Application Visibility and Control (AVC) to detect performance issues, fingerprint application flows, and export detailed flow data.

Prerequisites for Deploying Cisco CSR 1000v on Google Cloud Platform

The following are prerequisites when deploying a Cisco CSR 1000v on Google Cloud Platform (GCP):

  • You must have a user account or subscription with Google Cloud Platform.

  • Several resources must be deployed before, or during, the deployment of the Cisco CSR 1000v.

  • To obtain full traffic throughput, you must obtain a software license for the Cisco CSR 1000v. Otherwise, throughput is limited to 1 Mbps.

Google Cloud Platform Resources

To deploy a Cisco CSR 1000V on Google Cloud Platform (GCP), you must create a project with the following resources: virtual machines, interfaces, VPC networks, routes, public IP addresses, firewall rules, and storage. Resources that exist in different projects can only connect through an external network. For more information on projects, see The Project resource, and Creating and Managing Projects in the Google Cloud Platform (GCP) resource hierarchy.

The following list is a summary of some of the resources that are used by a project for the Cisco CSR 1000V on Google Cloud Platform:

  • Virtual Private Cloud (VPC) network—connects VM instances and has subnets with defined IP addresses.

  • VM instance—created from a boot disk image. For example, n1-standard-2 (2 vCPUs, 7.5 GB RAM, 2 virtual Network Interface Cards (vNICs)).

  • Subnet—includes a subnet route, which is the next hop IP address. The next hop IP address defines a communication path to and from the resources for the subnet.

  • Firewall rules—security rules for the VPC network.

  • Routes—a route maps an IP address range to a destination. This route allows the VPC network to send packets to the correct destination for an IP address. For more information, see Routes Overview.

  • Storage—persistence disk storage that is used to hold disk or container images for VM instances. For more information, see Storage Options.

  • Interfaces—You can assign a public IP address to each network interfaces of a Cisco CSR 1000v VM. (Usually, a public IP address is assigned to the first interface.) All Cisco CSR 1000v VM interfaces are in a private subnet. You can assign the IP address of each private interface using the ip dhcp address command in the interface configuration. Alternatively, you can assign a static IP address using the ip address command (for example, ip address 1.1.1.1 255.255.255.0). If you use a static IP address, ensure that the IP address is the same as the IP address assigned by GCP. Later, to view some details about the interface, use the show ip interface brief command.

Supported Instance Types

The following instance types are supported for this deployment:

  • N1-standard-8

  • N1-standard-4

  • N1-standard-2

Cisco CSR 1000v with Two Network Interfaces—Example

This example shows a topology diagram that results after deploying a Cisco CSR 1000v on GCP.

The Cisco CSR 1000v VM was created from image "n1-Standard-2" and has two interfaces and two vCPUs. This Cisco CSR 1000v has a public IP address of 40.121.148.7 for the interface of the first subnet (NIC0). The firewall rule "csr-firewallrule-1" is assigned to this interface.


Note
Create a firewall rule to allow traffic to pass in a custom VPC network. (Without a firewall rule, by default, all traffic is blocked.)

Licensing for a Cisco CSR 1000v on Google Cloud Platform

The Cisco CSR 1000v on GCP supports the following license model:

Bring Your Own License Model

The Bring Your Own License (BYOL) licensing model, for the Cisco CSR 1000v on GCP, supports the following two types of license:

  • Cisco Software License (CSL)—uses a traditional Product Authorization Key (PAK) licensing model. For further information on using a PAK, see Cisco Software Licensing (CSL).

  • Cisco Smart Licensing—assigns a license to Cisco CSR1000v instances dynamically. This allows you to manage licenses across different CSR1000v instances without having to lock each license to a specific CSR1000v UDI serial number. For more information on Cisco Smart Licensing, see Smart Licensing.

The cost of licensing using BYOL in GCP, includes the cost of a GCP instance and the cost of a Cisco CSR 1000v license.