Cisco Cloud Services Router (CSR)

Author
Peter Welcher
Architect, Operations Technical Advisor

At CiscoLive 2012, Cisco announced the Cloud Services Router (CSR), aka the Cloud CSR 1000v. Personally, I think I should just go ahead and confuse everyone by calling it the vASR. Or not. Let’s stick with CSR for now. The name “vASR” is somewhat appropriate because the CSR is based on the ASR IOS-XE code, and because ASA 1000v, ACE 1000v, etc. aren’t anywhere nearly as easy to say or wrap your brain around as vASA, vACE, or vNAM (which is already in common use)..

How’d Cisco do it?

Cisco ported the IOS-XE code to a hypervisor platform. That wasn’t necessarily easy, since they have done it in such as way as to (try to) make it easy to support CSR on multiple hypervisors. In addition, they basically had to rip out all the code relating to hardware interface and crypto drivers, and replace that with code to interact with virtual machine (VM) types of drivers. Roughly, keep the control plane, swap out the data plane.

The nice thing about it is that the code should track new features in the IOS-XE (ASR) code base. The Cisco presenter noted that should occur with some lag, to allow time for regression testing on the different platform.

Things I like about the CSR (vASR)

The CSR offers the possibility for you to obtain a virtual router in the cloud that you control. It could even be as simple as a checkbox in an ordering tool, where the provider handles the Cisco licensing (which might be a pool) and you pay monthly rent on the CSR. That begs the question, why would I want to do this, what good is it?

The first thing that came to my mind was OTV to the cloud. That would simplify moving applications into the cloud. After all, it’s unlikely you want to ship a physical Nexus 7K or ASR 1000 to your cloud provider — nor that they’d know what to do with it when it arrived?

Cisco has also identified VPN termination in the cloud as a use case. If you can set up and run VPN tunnels (for users or site-to-site) to a CSR, then you can self-provision that, enhancing control and performance monitoring. And security.

Another use is making the cloud just like your other sites, in terms of a WAN (Internet VPN) edge router under your control.

Then there’s cloud deployment automation. It’s a lot easier and faster to clone a VM and burn a license on a license server than to buy and install a physical router from a spare pool. Configuring it, well that’s probably nearly a wash, seeing as its the IOS CLI or the REST equivalent.

Other uses:

  • Redirection to vWAAS.
  • LISP (e.g. for optimal flows in OTV scenarios)
  • MPLS VPN gateway under provider control
  • EoMPLSoGRE
  • NetFlow, NBAR2, management of application flows to/from the cloud

So-so CSR items

The CSR is doing it all without any hardware offload. Performance specs cited for routing and crypto throughput were in the 200 – 500 Mbps range, which says “roughly ISR G2” to me. That is what you might roughly expect if you think “software based router, perhaps running on faster CPU but without specialized NIC hardware”. In fact, it may say something that the performance is that good. If Cisco could boost this into say the 1-10 Gbps range, it would be even more impressive. Could that be done with parallelized router code making better use of multi-core CPU’s?

Not so likeable about the CSR

Nit: Conflicting use of “VPC” for “Virtual Private Cloud” — seeing as vPC is already in use on the Nexus for Virtual Port-Channel. The Cisco CSR (cloud?) team needs to find another acronym, one that isn’t already in use.

Not a Nit: Marketing people are well aware you can drop prices but rarely can you raise them. With CSR, I hear that the CSR price will be closer to ASR than ISR G2 pricing. If discounted to cloud providers, that might make some sense. The licensing may be run off the same license server as for Cisco UC (unified license management!). Would it make sense for an enterprise to be running that if it only has a few CSR’s? Oh, but of course you’ll be running it for Cisco UC.

Wish List

Wouldn’t it be great if the Cisco community could get a inexpensive license for CSR, perhaps with very limited throughput, for training? It would certainly beat using Dynamips — real production-grade code on current model equipment!

Other

This blog is getting rather long. I’m quite excited about Cisco 1000v vPath 2.0 and its implication for cloud application services delivery and automation. I plan future blogs with more on that and topics like VXLAN.

For More Information

 See also www.cisco.com/go/cloudrouter, and also http://www.cisco.com/en/US/products/ps12559/index.html. For the Networkers presentation, visit CiscoLive 365 (virtual), sessions at https://ciscolive365.com/connect/search.ww#loadSearch%searchPhrase=fabricpath&searchType=session&tc=0, and look for session BRKVIR-2016.

A Sidenote (Rant?) about Cloud and Latency…

I have a bunch of thoughts on this topic, which seems to be going undiscussed amongst all the flurry of marketing and cloud hype. I blogged about it a while ago in Pondering Clouds, https://netcraftsmen.com/blogs/entry/pondering-clouds.html. I’m going to hold off on the mix of old  and new thoughts and post it as a separate blog — this one is getting too long as it is! Stay tuned!

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.