The Cisco Cloud Services Router (CSR) 1000V is a single-tenant router in virtual form-factor that delivers comprehensive WAN gateway functionality to multi-tenant provider-hosted clouds. Using familiar, industry-leading Cisco IOS® Software networking capabilities, the CSR 1000V enables enterprises to transparently extend their Wide Area Networks into external provider-hosted clouds and cloud providers to offer enterprise-class networking services to their tenants.
Businesses, small and large, are increasingly virtualizing their data center infrastructures and applications, to save costs and become more agile. Many enterprises have started deploying IT applications in virtualized data centers that are built and managed by third-party service providers. These external data centers, known as provider-hosted clouds, allow enterprises to gain infrastructure and resources on demand and become even more operationally efficient.
However, the shared-infrastructure shared-resource cloud environment poses networking and security problems to enterprises. First, an enterprise does not have ownership of its cloud connectivity, so cannot extend its network configuration into the cloud. Next, it does not enjoy the same levels of privacy and security for its cloud deployment as it does in its premises. Third, it cannot directly connect its distributed sites to its cloud applications - having to instead backhaul all network traffic through its data center - because it lacks a network-aware endpoint in the cloud. The cloud also presents networking challenges to cloud providers. The primary concern is the scale limitations of the current network switching architecture. The cloud provider also lacks all the components of an end-to-end managed connectivity service offering to its customers, including Quality of Service (QoS), application visibility and Service Level Agreements (SLA).
The Cisco CSR 1000V addresses these cloud-based networking and security constraints. Built on the same proven Cisco IOS® Software platform that is inside the Cisco Integrated Services Router (ISR) and Aggregation Services Router (ASR) product families, it offers a rich set of features, including routing, VPN, firewall, NAT, QoS, application visibility, failover and WAN optimization. These functions empower enterprises and cloud providers to build highly secure, optimized, scalable and consistent hybrid networks.
Product Overview and Benefits
The Cisco CSR 1000V is a software router that an enterprise or a cloud provider can deploy as a virtual machine (VM) in a provider-hosted cloud. It can run on Cisco UCS® servers or servers from leading vendors that support VMware ESXi virtualization. It contains Cisco IOS® Software networking and security features.
A typical cloud provides IT infrastructure and resources to multiple customers or tenants. The Cisco CSR 1000V serves primarily as a router per tenant (Figure 1). That is, each tenant gets its own routing instance, hence its own VPN connections, firewall policies, QoS rules, access control, and so on.
Figure 1. CSR 1000V - Positioned as a Single-Tenant WAN Gateway in a Multi-tenant Cloud
Following is how you could use the Cisco CSR 1000V in a cloud:
• Secure VPN Gateway: The CSR 1000V offers route-based IPSec VPNs (DMVPN, EasyVPN, FlexVPN), and in the future, SSL VPN, along with the Cisco IOS® Zone-based Firewall and access control, enabling an enterprise to connect distributed sites directly to its cloud deployment (Table 1).
Table 1. CSR 1000V as a Secure VPN Gateway
Customer Problem
Features
Benefits of CSR 1000v
• An enterprise needs to securely connect its premises with its off-premise cloud: A typical large enterprise has a central headquarters, a few regional hubs, two or more data centers, and hundreds to thousands of branch office sites. The network is either hub-and-spoke or fully meshed. By extending the data center to the cloud, the enterprise wants the cloud to act as another node in its network.
• IPSec
• DM VPN
• Easy VPN
• Flex VPN
• BGP
• OSPF
• EIGRP
• Zone-based Firewall
• ACL
• AAA
• NAT
• DHCP
• Ownership: An enterprise can deploy a CSR 1000V in the cloud, access its Command Line Interface (CLI), and manage it using the Cisco Prime Infrastructure.
• Seamless Connectivity and Enterprise-Class Scalability: With its range of VPN and routing features, the CSR 1000V can fit into any enterprise network topology. An enterprise can directly and dynamically connect its distributed sites to its cloud deployment - avoiding the latency caused by the typical backhaul through the data center while overcoming the management complexity of point-to-point IPSec VPNs.
• Consistent WAN Architecture: The IOS®-based CSR 1000V complements the widely deployed Cisco ISRs and ASRs. Enterprises can now deploy a Cisco endpoint at every node in their network, allowing for consistent network configuration and security policies across their distributed hybrid networks.
• MPLS WAN Endpoint: The CSR 1000V can serve as an MPLS router that will enable a service provider to offer end-to-end managed connectivity (customer site to customer cloud deployment) with performance guarantees. Also, by extending the MPLS WAN deeper into the cloud network, the service provider can increase network scale - more tenants and more networks per tenant (Table 2).
Table 2. CSR 1000V as an MPLS WAN Endpoint
Customer Problem
Features
Benefits of CSR 1000V
• A service provider needs to extend MPLS connectivity to its customers' cloud segments: Service providers who offer managed connectivity service to businesses want to help their customers connect with off-premise clouds. In order to provide end-to-end connectivity, the service providers want to extend their private MPLS WANs into the clouds right up to the edge of the customers' segments within the clouds.
• MPLS VPN
• VRF
• BGP
• GRE
• QoS
• IP SLA
• MPLS Extension within a Cloud: A service provider can manage the cloud connectivity of its customers and offer performance and reliability guarantees with the help of a dedicated CSR 1000V (serving as a Customer Edge (CE) router) per customer.
• Intra-Cloud Scale: A typical cloud network is highly switched - a router hands off incoming traffic to a group of switches, which assign the traffic to customer VLANs. In this network architecture, the cloud provider cannot scale beyond 4.096 VLANs per router, limiting the number of customers it can support. The CSR 1000V, serving as a CE or as a Provider Edge (PE) extension, can help overcome these scale limitations by creating routing overlays within the cloud, minimizing the providers' dependence on VLANs.
• Layer 3 Extension (IP Mobility) from Premise to Cloud: The CSR 1000V offers features such as NAT and LISP that will enable an enterprise to maintain addressing consistency across premise and cloud as it moves applications back and forth or bursts compute capacity into the cloud (Table 3).
Table 3. CSR 1000V as a Layer 3 Extension
Customer Problem
Features
Benefits of CSR 1000V
• An enterprise needs to maintain IP addressing consistency when moving an application from its data center into an off-premise cloud: An enterprise does not want to re-configure its application when it moves the application back and forth between its data center and external cloud. Change in the address of the application affects connectivity with the user accessing the application.
• NAT
• LISP
• IP Mobility: The cloud-based CSR 1000V can serve as a LISP router, building a tunnel with a LISP-enabled router in the enterprise's data center that enables an application to be transported across the tunnel with a fixed identifier.
• Control Point for Networking Services: The CSR 1000V can redirect traffic to Cisco vWAAS appliances deployed in the cloud. The Application Visibility & Control (AVC) feature of the CSR 1000V offers end-to-end application visibility, performance monitoring and control, allowing service providers to pinpoint application performance problems and offer performance SLAs that can be easily tracked (Table 4).
Table 4. CSR 1000V as a Traffic Control Point
Customer Problem
Features
Benefits of CSR 1000V
• A cloud provider needs to offer enterprise-class networking services: The cloud provider wants to offer networking services that ensure secure access and optimized, uninterrupted delivery of applications to its customers.
• AppNav (redirection)
• Zone-based Firewall
• NAT
• DHCP
• HSRP
• AVC
• Rich Set of Networking Services: The cloud provider can take full advantage of the IOS® Software security, application visibility and performance monitoring, and high availability features to provide each tenant with a comprehensive networking experience.
The Cisco IOS-XE® Software Advantage
The CSR 1000V contains the same operating system, Cisco IOS-XE®, which runs inside the Cisco ASR 1000 product line. Providing control plane and data plane separation, multi-core forwarding, and a modular architecture that allows for smooth insertion of networking features, IOS-XE® Software is well-suited for dynamic cloud environments. IOS-XE® is based on the stable, robust and feature-rich Cisco IOS® Software that has powered Cisco's ISRs and other hardware routers in demanding enterprise, service provider and government networks for over two decades.
The key benefits of Cisco IOS-XE® Software are:
• Proven Functionality: Industry-leading Cisco IOS® networking and security features
• Operational Efficiency: Rapid integration into any IOS® environment (branch office, WAN, data center, cloud)
• Consistent User Experience: Same IOS® CLI and management tools across all IOS® platforms - Cisco ISR, Cisco ASR, and Cisco CSR 1000V
Product Specifications
Table 5 lists the features offered by the CSR 1000V in IOS-XE® Release 3.9.
• Application Visibility, Performance Monitoring and Control: QoS, AVC
IOS-XE® Security
• VPN: IPSec VPN, DMVPN, EasyVPN, FlexVPN
• Firewall: Zone-based Firewall
• Access Control: ACL, AAA
Management
• VM Creation and Deployment: VMware vCenter, VMware vCloud Director
• Provisioning and Management: IOS-XE® CLI, SSH, Telnet, Cisco Prime Infrastructure
• Monitoring and Troubleshooting: SNMP, Syslog, NetFlow, IP SLA
Ordering and Support
The CSR 1000Vis licensed based on throughput and feature set and can be purchased for a term of 1, 3 or 5 years.
The IOS-XE® Software Release 3.9 of the CSR 1000V offers five throughput options - 10 Mbps, 25 Mbps, 50 Mbps, 100 Mbps and 250 Mbps. Upon activation of a particular option, the CSR 1000V limits its aggregate bi-directional throughput to that option.
For the 10 Mbps, 25 Mbps and 50 Mbps throughput options, you can select any of the feature sets - Standard, Advanced, and Premium - shown in Table 6. For the 100 Mbps and 250 Mbps throughput options, you can only select the Standard feature set. Future releases of the CSR 1000V will offer the Advanced and Premium feature sets for 100 Mbps and 250 Mbps and will offer higher throughput options.
CSR 1000V e-PAK 1-year subscription 100Mbps Standard Package
L-CSR-100M-STD-3Y=
CSR 1000V e-PAK 3-year subscription 100Mbps Standard Package
L-CSR-100M-STD-5Y=
CSR 1000V e-PAK 5-year subscription 100Mbps Standard Package
L-CSR-250M-STD-1Y=
CSR 1000V e-PAK 1-year subscription 250Mbps Standard Package
L-CSR-250M-STD-3Y=
CSR 1000V e-PAK 3-year subscription 250Mbps Standard Package
L-CSR-250M-STD-5Y=
CSR 1000V e-PAK 5-year subscription 250Mbps Standard Package
Software updates, 24x7 support from the Cisco Technical Assistance Center (TAC), and access to the cisco.com support website that includes technical documentation, can be purchased separately on an annual basis during the term of the purchase.
Please contact your local Cisco sales representative for more information.
