When IOS XR was first designed, mass-scale networking and its related challenges were not around.  However, we already had a clear vision of building a highly scalable, reliable, available, upgradeable, high-performance NOS for the service provider space that caters all the way from low-end single chassis systems to massive high-end multi-chassis routers. To meet the rigorous SP requirements, a slew of ground-breaking infrastructure and distributed-systems architecture patterns were brought into the system—decoupled plane abstractions, state management, process distribution, high-performance messaging infrastructure, data distribution/access patterns, high availability and upgradeability. These solid foundations and continuous evolutions made IOS XR the industry-leading NOS.

I’m thrilled to announce today the availability of IOS XR, Release 7, that brings some noteworthy evolutions. Four key tenets make Release 7 stand out.

It is simple, modern, trustworthy, and cloud-enhanced.


As network operations’ complexity reached new heights, we redefined XR7 from the ground up to provide customers with greater simplicity.

XR7 architecture is simpler and leaner. Admin plane, and system containers that are essential for a multi-tenant router environment, are removed for a more common single-tenant router use case.

XR7 makes operations simpler by leveraging Linux-style workflows and integrations. It enables the use of scalable configuration-management tools (Ansible, Puppet, Chef) and support for standard Linux applications on-box.

As XR7 is now powering new access platforms (e.g. NCS 500 series), the need for automating onboarding of new devices is increasing even more. XR7 makes Day Zero installations simpler and secure. It comes with powerful and secure zero-touch capabilities that enable secure device onboarding through template-driven ZTP scripts based on Yang modeled transactions between XR devices and bootstrap servers.

XR7 also makes the delivery and deployment of software simpler. As every network is different, customers can now only pick and choose the software packages that are necessary to run their network. New artifacts called Golden ISOs (GISOs) can combine custom scripts, applications, packages, and files into a deployable ISO artifact.

Finally, XR7 comes with a powerful new design of IOS XR install that lets customers manage the lifecycle of XR7 RPMs, native Linux RPMs, and GISO installations while supporting real-time telemetry notifications of the install process.

In a nutshell, XR7 makes it simpler to install software, to provision and turn up routers in the network, to operate the network with automation, and to integrate with a wide variety of workflows/standard off-the-shelf tools.



Largely influenced by hyperscale web providers, service providers are increasingly moving away from CLI-based operations to closed-loop operations, leveraging cutting-edge technologies such as streaming telemetry and open APIs.

XR7 is equipped with advanced streaming telemetry capabilities for both cadence-based or event-driven data monitoring. Operational data is derived from Yang-modeled paths in the manageability layer using gRPC, Netconf, or Restconf protocols.

XR7 also offers model-driven APIs at every layer of the stack:

  • Yang-modeled Management Layer APIs: To automate device provisioning and management. These models include native IOS XR Yang models and OpenConfig models.
  • Service Layer (SL) and Open Forwarding Abstraction (OFA) APIs: Service-layer APIs are high-performing APIs that enable controllers and custom protocols to manipulate XR7 routing tables or create SDN/Segment Routing (SR) paths on the fly. The OFA API is a model-driven API on top of the ASIC SDK of the hardware platform to enable high-performance access to the lowest layer of the network stack, either directly or through modeled abstractions such as P4 runtime.
  • Zero-touch APIs: Exhaustive APIs for zero-touch provisioning to enable Day-zero automation.

Last but not least, XR7 provides industry-leading implementations of Segment-Routing and EVPN that are seminal technologies to Cisco Converged SDN Transport architecture providing unprecedented simplicity, scale, and programmatic extensibility. XR7 continues to focus on these technologies with further support for SR Flex-Algo, SRV6 and more. SR drives the next level of simplicity by offering an SDN-enabled unified transport across network segments, and EVPN drives the same by offering a unified control plane protocol (BGP) for all service types, including Layer2 VPN and Layer3 VPN services.



More than ever, security is top-of-mind for service providers as the attack surface is getting bigger due to an ever-increasing number of things getting connected to the network.

Enforcing trust is only possible with a trusted network operating system (NOS) running on a trusted network device. We have covered all layers to enable a trustworthy system:

  1. Trust begins in the hardware: A secure non-tamperable Trust Anchor Module (TAM) houses known-good-values of hardware components, along with keys and certificates rooted to Cisco. These are utilized to verify hardware components during BIOS boot.
  2. Secure boot: Trust is reinforced by validating parts of the network OS (IOS XR7) through a secure-boot process.
  3. Trust at runtime: Trust is maintained at runtime by enforcing Integrity Measurement Architecture (IMA) appraisal checks against all runtime processes launched either by XR7 or third-party applications.
  4. Signed RPMs: Trust is enforced for all XR7 RPMs and third-party application RPMs by validating signatures before installation.



We designed XR7 specifically to use the cloud and define a brand-new class of cloud-enhanced network operating software for the next generation of networks.

In that respect, Cisco Crosswork has recently added new cloud-delivered SaaS deployment models leveraging XR7 capabilities with cloud-delivered analytics to enhance operations. Operations teams can consume analytics as a service for agile, proactive management without the risks and resources of traditional models:

  • Crosswork Trust Insight provides signed and encrypted system integrity information to track the trust posture of the network hardware and software components.
  • Crosswork Qualification Environment fast-tracks the qualification of new OS releases. Simply select your routing platform of choice and select the network application and features being used in your deployment, or simply upload your router configurations. Crosswork Qualification Environment then automatically builds a CD pipeline and gets you the deployment score within a few hours!

Finally, we adapt to how customers want to procure and consume our routing solution. We witness today a set of customers willing to purchase software-only as opposed to the majority that is purchasing routers as vertically integrated solutions, combining both hardware and software. As announced back in 2018, IOS XR offers carrier-grade disaggregation and XR7 can, of course, be installed on a set of curated third-party hardware.


To learn more about IOS XR7, visit us here or listen to this podcast.



Vipul Deokar

Vice President, Engineering

Global Service Provider