Cisco CSR 1000v Series Cloud Services Routers Overview
 Note |
Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.
Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience. Do provide feedback about your experience with the Content Hub. |
Virtual Router
The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.
When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.
Secure Connectivity
CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.
Technologies Supported by a Platform
A platform’s product landing page lists technology configuration guides for Cisco IOS XE technologies that the platform supports.
In each technology configuration guide, a Feature Information table indicates when a feature was introduced to the technology. For some features, the table also indicates when additional platforms have added support for the feature.
To determine whether a particular platform supports a technology, view the list of technology configuration guides posted on the platform’s product landing page. For example, see Cisco Cloud Services Router 1000v Series.
System Requirements
Hardware Requirements
For hardware requirements and installation instructions, see the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide .
Software Images and Licenses
The following sections describe the licensing and software images for CSR 1000V.
Cisco Smart Licensing
The Cisco CSR 1000V router supports Cisco Smart Licensing. To use Cisco Smart Licensing, you must first configure the Call Home feature and obtain the Cisco Smart Call Home Services. For more information, see Installing CSR 1000V Licenses and Smart Licensing Guide for Access and Edge Routers.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Cisco CSR 1000v Evaluation Licenses
Evaluation license availability depends on the software version:
-
Evaluation licenses valid for 60 days are available at the Cisco Software Licensing (CSL) portal: http:/www.cisco.com/go/license
The following evaluation licenses are available:
-
IPBASE technology package license with 10 Gbps maximum throughput
-
SEC technology package license with 5 Gbps maximum throughput
-
APPX technology package license with 5 Gbps maximum throughput
-
AX technology package license with 2.5 Gbps maximum throughput
If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.
For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .
Cisco CSR 1000v Software Licenses
Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.
Current License Types
The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):
-
IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)
-
Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)
-
AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)
-
APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)
Legacy License Types
The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.
Features Supported by License Packages
For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.
Throughput
The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:
-
10 Mbps
-
50 Mbps
-
100 Mbps
-
250 Mbps
-
500 Mbps
-
1 Gbps
-
2.5 Gbps
-
5 Gbps
-
10 Gbps
The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.
Memory Upgrade
A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.
Additional Information about Licenses and Activation
For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.
Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files
The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.
For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:
-
csr1000v-universalk9.16.04.01.ova
-
csr1000v-universalk9.16.04.01.iso
-
csr1000v-universalk9.16.04.01.qcow2
The filename attributes are listed below, along with the release properties.
|
Filename Attribute |
Properties |
|---|---|
|
Example:universalk9 |
Installed image package. |
|
03.09.00a.S.153-2.S0a |
Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release). |
|
std or ext |
Standard release or extended maintenance support release. |
Features and Notes: Cisco IOS XE Fuji 16.8.1a
Features
Features—Cisco IOS XE Fuji 16.8.1a
The following new software features are supported on the Cisco CSR 1000v for Cisco IOS XE Fuji 16.8.1a.
-
Utility Reporting—collects usage data from products that have Cisco Smart Licensing and Utility Reporting enabled and sends the data in Resource Utilization Measurement (RUM) format to the Cisco Service Billing Platform (SBP). The SBP produces daily reports and licensing costs are based on the usage data. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/b_CSR1000v_Configuration_Guide/b_CSR1000v_Configuration_Guide_chapter_01000.html.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
-
Pay-as-you-go licensing model support on Microsoft Azure—this allows you to choose between a Pay-as-you-go (PAYG) licensing model (which uses hourly billing) or a Bring-your-own-license (BYOL) licensing model (which uses CSL or Smart Licensing). For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs//routers/csr1000/software/azu/b_csr1000config-azure.html.
-
The show interfaces command has changed to display information that identifies a virtual router. For a Cisco CSR 1000v or ISRv the media type is "Virtual". See the Cisco IOS Interface and Hardware Component Command Reference.
-
IPv6 enablement—SGACL Enforcement. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-16-8/sec-usr-cts-xe-16-8-book/sec-cts-sgacl.html.
-
IPv6 enablement—Inline Tagging and Caching. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-16-8/sec-usr-cts-xe-16-8-book/sec-cts-sgacl.html.
-
Increase the number of aaa authorization configuration YYY group YYYY commands. The aaa authorization command configures user access to a network. For details, see: Cisco IOS Security Command Reference.
-
Support SPAN on Drop for Packets Dropped via the Forwarding Pipeline. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/configuration/xe-16-8/lanswitch-xe-16-8-book/lnsw-conf-erspan.html.
-
PKI—OCSP enhancement for US Federal. The Online Certificate Status Protocol (OCSP) for the Public Key Infrastructure (PKI) component supports receiving multiple OCSP single-responses in Cisco IOS. You can use PKI debugs such as “CRYPTO_PKI: Number of singleResponses in OCSP response: 10” to see the number of single responses received in an OCSP response. For more details, see RFC 6960.
-
PKI Serviceability. Serviceability helps to understand certificate enrolment, reenrolment, and rollover failures, triggering of events related to the mentioned events, as well as CRL failures. As part of this feature, the following serviceability improvements are supported for Public Key Infrastructure (PKI), which helps track the sequence of events that happened before a certificate expiry or a certificate validation failure: Syslog improvements and show tech-support PKI . Refer to the Security Command Reference for details about this show command.
-
VXLAN Fragment UDP Source Port. For detailed information, see the following Cisco document: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cether/configuration/xe-16-8/ce-xe-16-8-book/vxlan-gpe-tunnel.html.
-
Clear PPP sessions per VRF. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/command/bba-cr-book/bba-a1.html.
-
Line command access class VRF awareness. For detailed information, see the following Cisco document: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/xe-16-8/bba-xe-16-8-book/bba-xe-16-8-book_chapter_0100101.html.
-
Web User Interface—Supports an embedded Graphical User Interface based device-management tool that provides the ability to provision the device, simplifies device deployment and manageability, and enhances user experience. The following features are supported on the Web User Interface from Cisco IOS XE Fuji 16.8.1a:
-
Day Zero Configuration
-
Debug Bundle
-
Python Developer Sandbox
-
Troubleshooting Audit Support
For information on how to access the Web User Interface, see the Configure the Router for Web User Interface section.
-
-
Programmability—Model-Based AAA. Implements the NETCONF Access Control Model (NACM). NACM is a form of role-based access control (RBAC) specified in RFC 6536.
For detailed information about programmability, see the following Cisco documents:
-
Programmability—NETCONF Global Session Lock and Kill Session. Provides a global lock and the ability to kill non-responsive sessions in NETCONF. During a session conflict or client misuse of the global lock, NETCONF sessions can be monitored via the show netconf-yang sessions command, and non-responsive sessions can be cleared using the clear configuration lock command.
-
Programmability—NETCONF and RESTCONF Debug commands. Commands for debugging have been added.
-
Programmability—YANG Data Models. For the list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1681. Revision statements embedded in the YANG files indicate if there has been a model revision. The README.md file in the same github location highlights changes that have been made in the release.
Notes
The following section includes important notes about the Cisco CSR 1000v for Cisco IOS XE Fuji 16.8.
Encrypted Traffic Analytics records may not be exported after a reload if an "inactive timeout" command has been configured
When the router is reloaded with a large configuration, which generates many messages for initializing features in the data plane, the Encrypted Traffic Analytics (ETA) records may not be exported. This occurs if the ETA inactive timeout command is included in the configuration.
Workaround
Remove inactive timeout command from the ETA configuration. After a reload, you can add the inactive timeout command to the configuration.
VMware ESXi Multicast Register Failure
Summary
The following multicast register failure message may be shown (Cisco IOS XE Fuji 16.7.1 or later) if you have configured a multicast feature such as CDP or HSRP.
Example: Dec 13 03:51:48.192 EST: %VXE_VNIC_IF-3-MSGINITERROR: VXE vNIC interface command: multicast_register failed: -1 for GigabitEthernet
This failure has been noticed for a Cisco CSR 1000v running in one of these environments: VMware ESXi or KVM (RHEL) 7.4.
Details
The environment upon which the Cisco CSR 1000v is running (e.g VMware ESXi) prevents the Cisco CSR 1000v from being able to set MAC addresses, after a limit on the number of MAC addresses is reached. This occurs as a result of configuring a multicast address on an interface (for example, when configuring CDP or HSRP). .
Workaround
Reboot the guest Cisco CSR 1000v. Note that in some environments (for example, RHEL KVM 7.4) this workaround is ineffective—after you reboot, the error messages continue to appear.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
https://tools.cisco.com/security/center/publicationListing.x
Field Notices
-
Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/c/en/us/support/web/tsd-products-field-notice-summary.html
Limitations and Restrictions in Cisco IOS XE Fuji 16.8.1a
There are no new limitations and restrictions in Cisco IOS XE Fuji 16.8.1a.
Caveats
Overview
Caveats, or “bugs,” describe unexpected behavior. Severity 1 caveats are the most serious. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This section includes severity 1, severity 2, and selected severity 3 caveats.
Terminology
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://docwiki.cisco.com/wiki/Category:Internetworking_Terms_and_Acronyms_(ITA)
Bug Search Tool
If you have an account on Cisco.com, you can also use the Bug Search Tool (BST) to find select caveats of any severity. To reach the Bug Search Tool, log into Cisco.com and go to https://tools.cisco.com/bugsearch/search .
If a defect that you have requested cannot be displayed, it may be because the defect number does not exist or the defect does not have a description available.
You can use to the Bug Search Tool to view new and updated caveats: https://tools.cisco.com/bugsearch/search .
For Best Bug Search Tool Results
For best results when using the Bug Search Tool:
-
In the Product field, enter Cloud Services Router.
-
In the Releases field, enter one or more Cisco IOS XE releases of interest. The search results include caveats related to any of the releases entered in this field.
The tool provides autofill while you type in these fields to assist in entering valid values.
A search using release number 16.6 should find the caveats for Cisco IOS XE Everest 16.6.1.
Field Notices
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/c/en/US/support/tsd_products_field_notice_summary.html
Caveats: Cisco IOS XE Fuji 16.8.2
Open Caveats—Cisco IOS XE Fuji 16.8.1a
|
Caveat ID Number |
Description |
|---|---|
|
DMVPN: Crypto session stuck into UP-IDLE status after reconfiguring tunnel |
Resolved Caveats—Cisco IOS XE Fuji 16.8.1a
|
Caveat ID Number |
Description |
|---|---|
|
Microsoft Azure: CSR 1000v occasionally experiencing high traffic latency |
|
|
R0/0: ASR1002-X kernel: bullseye_i2c_master_xfer Error Repeats Every Hour |
|
|
IPv4 PLU mtrie lookup return invalid oce_chain_p |
|
|
ARP request in not triggered in half-duplex VRF with the additional VRF |
|
|
ASR1009-X FAN SN in show inventory displays incorrectly after replacing the FAN and an RP switchover |
|
|
ISR1100 Pause frame generation is not working |
|
|
ASR 1000 Series SSL VPN CLI should be blocked |
|
|
ISR 4000 Series SW MTP configured as TRP does not relay sRTCP messages |
|
|
TDM-IP, QoS marking is varying to 0 and EF for the same RTP stream |
|
|
Invalid QFP load calculation (Recommit CSCvg92754) |
|
|
Preempt timer does not work, due to an old HSRP Hello packet get just after interface up |
|
|
Interoperability failure between some Fortitude Ports and SmartJack Westell NIU |
|
|
T38 Faxes Fail Going IP to PRI When Coming From A BDI with DOT1Q Tagging |
|
|
ESP crashes with high scale QoS configuration |
|
|
Suite-B Not Supported with ESP-200 on ASR1000-X Platform |
|
|
In B2B HA, active box is not generating syslog alert for watermark high/low value. |
|
|
FP crash with scaled IKE sessions. |
|
|
ESP crash when flapping interface with l2tp tunnels that have qos applied to the tunnels. |
|
|
cpp-mcplo-ucode crash when layer 2 switching packet |
|
|
ISR4451-X sometime drop the packet when volume -based rekey occurred |
|
|
Router crashes after interface flap where sessions get moved from one interface to another |
|
|
16.6: VFR-related drops are not observed in the CSR 1000v platform |
|
|
FP crash @cpp_qm_create_queue while adding fair-queue |
|
|
16.6 :ISR4k Core file seen @cvmx_pow_work_response_async |
|
|
ASR1K - ECMP load-balance w/ DPI L2TP Tunnel visibility and QoS may generate ucode crash |
|
|
CPP crash in MMA |
|
|
[UniScale]csr1k1vCPU crashed while verifying performance at IPv4 ACLs per system scale |
|
|
Performance monitor related field (like SSRC) is not collected. |
|
|
CFT: Improve processing of elephant flows for NBAR |
|
|
CSR1000v: invalid QFP load calculation (Recommit CSCvg92754) |
Caveats: Cisco IOS XE Fuji 16.8.2
Open Caveats—Cisco IOS XE Fuji 16.8.2
|
Caveat ID Number |
Description |
|---|---|
|
CUBE: FPI Hung Sessions and Provisioning Failures observed in Standby CUBE |
|
|
CSR1k-FlexVPN: Spoke to Spoke: Implicit NHRP entry due to expired resolution request handling. |
|
|
Hoot-n-holler multicast traffic marked with DSCP 0 |
|
|
Standby crashed when defaulting vlan config reconfig vlan config with fnf/et-analytics |
|
|
Router crash - AFW_application_process |
|
|
Adaptive QOS : Target shape rate is set to floor rate when lower floor and ceiling rates are used |
|
|
CUBE crashes at sipSPI_ipip_vcc_CheckCodecSetType |
|
|
CSRs failing due to kernel panic within AWS |
|
|
DHCP Relay not working after power outage |
|
|
"clear crypto sa vrf MyVrf" triggers crash after updating pre-shared-keys |
|
|
BGP updates missing ISIS advertising-bits led to LDP label purge on peer. |
|
|
Crash under AFW_application_process with shared-line configuration |
|
|
Cisco IOS XE 16 Router - CPUHog - SNMP ENGINE crashed with Watchdog timeout |
Resolved Caveats—Cisco IOS XE Fuji 16.8.2
|
Caveat ID Number |
Description |
|---|---|
|
IOS-XE Fails to correctly populate RTCP SSRC Field |
|
|
Cisco IOS XE Software for Cisco ISRv Router Static Credential Vulnerability |
|
|
router reloaded when doing show BGP RT filter routes |
|
|
PFRV3: Site Prefix shows unreachable after removing and adding the specific route for the prefix |
|
|
Traceback is observed during mid-call media IP and port change |
|
|
Prefix SID delete after SSO. |
|
|
CPUHOG on QoS statistics collection for DMVPN. QoS crash with DMVPN/NHRP. |
|
|
NAT MIB not populated when using traditional NAT |
|
|
Polaris Routers - Memory leak under process RECMSPAPP in IOSd |
|
|
Interop vrrp doesnt work between cedge and vedge |
|
|
Local LAN-only prefix present in master route-import table but not present in site prefix DB |
|
|
QoS Overrides loadbalancing to per prefix even with only session level policing applied |
|
|
iBGP dynamic peer using TTL 1 |
|
|
ZBF not able to identify the WAAS optimized flow and drops ACK |
|
|
Throughput defaults to 1000kbps after license expires |
|
|
Subsystem stopped: ios-emul-oper-db due to bgp table issue |
|
|
OSPF: process crashed when the interface priority is configured for 0. |
|
|
Vz: Non-Polaris to Polaris ISSU compatibility issue |
|
|
Cisco IOS XE Software Authent., Author., and Accounting Login Authent. Remote Code Execution Vuln. |
|
|
RP crash @policymap_associated_to_multiple_instances |
|
|
CME/BE4K crashes when trying to check help command for new device type BEKEM |
|
|
Restored DB is session-lock locked out with insane timeout after boot |
|
|
active SUP crash when active run 16.7.1 and standby run 3.18.2aSP |
|
|
Memory leaks seen at PKI_name_list_add(0xa139cc0)+0x3e |
|
|
OSPF SSPF/SRTE: absolute value configured for the SRTE tunnel not configured by OSPF. |
|
|
Standby RP crashes due to Memory usage in ospf_insert_multicast_workQ |
|
|
NMR TTL is wrongly considering eid-record of 0.0.0.0/0 for its calculation |
|
|
link local multicast packets are received when the SVI is in down state |
|
|
Router crash when removing route-target and with hard clear |
|
|
IPv6 address not assigned or delayed when RA Guard is enabled |
|
|
Reverse-tunnel routes under PMIPv6 MAG config not using configured distance metric |
|
|
Router crashed when lsp-mtu is changed |
|
|
msmr+xtr carsh during scale wireless roaming |
|
|
Crash when doing SNMP walk and applying QOS over a GRE tunnel |
|
|
Telnet Sessions Hang/Become unavailable at execution of "show run" |
|
|
dynamic vlan assignment causes all sisf entires under the port to be deleted |
|
|
Backup path incorrect for ring topology where high ISIS cost is configured on 1 link. |
|
|
ospf routing loop for external route with multiple VLINKs/ABRs |
|
|
Path of Last Resort Sending Probes in Standby State |
|
|
Crash while doing a conference call |
|
|
OSPF SR uloop : After issuing "clear ip ospf process". ospf process crashed. |
|
|
BGP high CPU when config 256k vxlan static route |
|
|
High Availability system with two Voice Gateways - Crash |
|
|
CSR1000v running inside Citrix XenServer 7.0 crashed |
|
|
Device Tracking - Memory leak observed with IPv6 NS/NA Packets . |
|
|
IP SLA multicast appear as "Unknown" |
|
|
CUBE incorrectly fomats SIP SDP |
|
|
CUBE is not responding to SIP INFO |
|
|
Crash due to out-of-memory condition Memory leak@CENT-BR-0 |
Related Documentation
For information about the Cisco CSR 1000v Series and associated services, see: Documentation Roadmap for Cisco CSR 1000v Series, Cisco IOS XE 16.
Feedback