This is a guest post by Matthew Packer.

Matthew Packer is a Product Manager at Cisco for the CSR 1000v.

As you may or may not be aware the Cisco Cloud Services Router (CSR) 1000v is now available on Microsoft Azure.  This is the virtualized version of the world’s most popular enterprise networking platform (ASR 1000, ISR 4000) available on Microsoft’s public cloud.  Now that the CSR 1000v is available on Azure we are continually working to improve the available solution’s performance and functionality.

How do you launch the CSR 1000v on Azure?

To launch the CSR 1000v on Azure there is a pre-built solution available to you.  The solution is based on templates we created to ease the deployment of the CSR 1000v on Azure.  The templates allow the solution to deploy different resources at the same time to fully support a CSR 1000v deployment.  The solution details are as follows:

  • 2 Network-Interface-Cards (NICs)
  • VNet configured with two subnets, one private and one public
  • Routing tables on each subnet, with user-defined routes, the private subnet will use private-facing interface as the gateway so the VMs behind the router will not have direct access to the internet
  • Enables IP forwarding for each interface
  • Adds UDP port 500 (ISKAMP) and 4500 (NAT-T) in the security group on the public subnet for VPN connections
  • Azure D2 instance type compute

What is the Performance of the CSR 1000v on Azure?

When deploying the CSR 1000v solution on Azure the D2 compute requirements are 2 vCPU and 7GB of RAM.  With these specifications the CSR 1000v can achieve a CEF throughput of 500Mbps and an IPSec throughput (AES 256) of 150 Mbps.  This deployment supports up to 1,000 VPN tunnels.

How Does Licensing the CSR 1000v Work on Azure?

If you want to connect your enterprise network to Azure the CSR 1000v supports Bring Your License (BYOL).  This means you buy a license from Cisco or a partner and install that license to the CSR 1000v running on Azure.  You license the CSR1000v using Cisco’s Smart Licensing offer which allows you to manage licenses across different CSR1000v instances without having to lock each license to a specific CSR1000v UDI serial number. A Cisco Smart License server exchanges a “token id” with a CSR to enable that CSR for the assigned license throughput and technology package. Traditional PAK based license is also available. To learn more about the CSR1000v capabilities and license offerings go to this link

If you want to give the CSR 1000v a try on Azure, Cisco offers 60-day demo licenses to all CCO account holders.  If you don’t have an account, you go to this link, and create a guest account.  Once you have a guest account, follow the instructions here for temporarily licensing you CSR 1000v on Azure. 

What Does this Mean to You?

With the availability of the CSR 1000v on Microsoft Azure you now have the ability to use VPN technologies to seamlessly connect an Azure VNet to your enterprise network without the recurring costs of VPN tunnels while keeping consistent CLI and ACL lists across your enterprise router portfolio.  Now every branch office, campus and data center location can connect securely to your Microsoft Azure VNet without backhauling through an existing data center.

Stay tuned as we will discuss next the different use cases for the CSR 1000v on Azure.

You can access this whitepaper to learn more about the integration of Cisco CSR 1000V with Microsoft Azure.

To launch the CSR 1000v for Microsoft Azure, please visit the Microsoft Azure Marketplace page for the CSR 1000v.



Allison Park

Product Marketing Manager

Enterprise Networks