Cisco Cloud Services Router (CSR)

Peter Welcher
Architect, Operations Technical Advisor

At CiscoLive 2012, Cisco announced the Cloud Services Router (CSR), aka the Cloud CSR 1000v. Personally, I think I should just go ahead and confuse everyone by calling it the vASR. Or not. Let’s stick with CSR for now. The name “vASR” is somewhat appropriate because the CSR is based on the ASR IOS-XE code, and because ASA 1000v, ACE 1000v, etc. aren’t anywhere nearly as easy to say or wrap your brain around as vASA, vACE, or vNAM (which is already in common use)..

How’d Cisco do it?

Cisco ported the IOS-XE code to a hypervisor platform. That wasn’t necessarily easy, since they have done it in such as way as to (try to) make it easy to support CSR on multiple hypervisors. In addition, they basically had to rip out all the code relating to hardware interface and crypto drivers, and replace that with code to interact with virtual machine (VM) types of drivers. Roughly, keep the control plane, swap out the data plane.

The nice thing about it is that the code should track new features in the IOS-XE (ASR) code base. The Cisco presenter noted that should occur with some lag, to allow time for regression testing on the different platform.

Things I like about the CSR (vASR)

The CSR offers the possibility for you to obtain a virtual router in the cloud that you control. It could even be as simple as a checkbox in an ordering tool, where the provider handles the Cisco licensing (which might be a pool) and you pay monthly rent on the CSR. That begs the question, why would I want to do this, what good is it?

The first thing that came to my mind was OTV to the cloud. That would simplify moving applications into the cloud. After all, it’s unlikely you want to ship a physical Nexus 7K or ASR 1000 to your cloud provider — nor that they’d know what to do with it when it arrived?

Cisco has also identified VPN termination in the cloud as a use case. If you can set up and run VPN tunnels (for users or site-to-site) to a CSR, then you can self-provision that, enhancing control and performance monitoring. And security.

Another use is making the cloud just like your other sites, in terms of a WAN (Internet VPN) edge router under your control.

Then there’s cloud deployment automation. It’s a lot easier and faster to clone a VM and burn a license on a license server than to buy and install a physical router from a spare pool. Configuring it, well that’s probably nearly a wash, seeing as its the IOS CLI or the REST equivalent.

Other uses:

  • Redirection to vWAAS.
  • LISP (e.g. for optimal flows in OTV scenarios)
  • MPLS VPN gateway under provider control
  • NetFlow, NBAR2, management of application flows to/from the cloud

So-so CSR items

The CSR is doing it all without any hardware offload. Performance specs cited for routing and crypto throughput were in the 200 – 500 Mbps range, which says “roughly ISR G2” to me. That is what you might roughly expect if you think “software based router, perhaps running on faster CPU but without specialized NIC hardware”. In fact, it may say something that the performance is that good. If Cisco could boost this into say the 1-10 Gbps range, it would be even more impressive. Could that be done with parallelized router code making better use of multi-core CPU’s?

Not so likeable about the CSR

Nit: Conflicting use of “VPC” for “Virtual Private Cloud” — seeing as vPC is already in use on the Nexus for Virtual Port-Channel. The Cisco CSR (cloud?) team needs to find another acronym, one that isn’t already in use.

Not a Nit: Marketing people are well aware you can drop prices but rarely can you raise them. With CSR, I hear that the CSR price will be closer to ASR than ISR G2 pricing. If discounted to cloud providers, that might make some sense. The licensing may be run off the same license server as for Cisco UC (unified license management!). Would it make sense for an enterprise to be running that if it only has a few CSR’s? Oh, but of course you’ll be running it for Cisco UC.

Wish List

Wouldn’t it be great if the Cisco community could get a inexpensive license for CSR, perhaps with very limited throughput, for training? It would certainly beat using Dynamips — real production-grade code on current model equipment!


This blog is getting rather long. I’m quite excited about Cisco 1000v vPath 2.0 and its implication for cloud application services delivery and automation. I plan future blogs with more on that and topics like VXLAN.

For More Information

 See also, and also For the Networkers presentation, visit CiscoLive 365 (virtual), sessions at, and look for session BRKVIR-2016.

A Sidenote (Rant?) about Cloud and Latency…

I have a bunch of thoughts on this topic, which seems to be going undiscussed amongst all the flurry of marketing and cloud hype. I blogged about it a while ago in Pondering Clouds, I’m going to hold off on the mix of old  and new thoughts and post it as a separate blog — this one is getting too long as it is! Stay tuned!

Leave a Reply