Cisco CSR 1000v: Features Overview. Part 1
For almost a year since the launch of the mClouds.ru project, we have gained an interesting experience in working with various technical solutions.
Today we want to touch on the topic of routing in the networks of cloud service providers and at the same time tell you why a relatively new product from well-known Cisco Systems, namely Cloud Services Router 1000v (CSR 1000v), was very interesting for us.
Before the start of the project, we determined for ourselves the optimal set of tools and technical solutions based on multiple tests according to the program and test methodology (PMI) for network equipment (internal document for testing based on the competence center), which would allow us to provide quality service to our clients.
In addition to price, the important factors in choosing one solution or another were quality, that is, the predictability of the software and hardware components of the solution and, if necessary, the availability of technical support from the manufacturer, along with a high level of reliability and scalability. The combination of these criteria can satisfy a few solutions that have a fault-tolerant architecture, duplicate hardware components and a rich set of features. However, all these decisions are united by considerable cost, which at the initial stage of development of our project was a serious disadvantage. In turn, the specifics of the project made us think about the possibility of using existing routing resources for routing tasks.
')
Do we not use the server capacity we have to locate the router in a virtual environment? Moreover, the cloud environment based on products from VMware has the necessary level of resiliency, reliability and scalability. As a result, it would be possible to save a little on the hardware, paying only for the necessary software.
Cisco Premier Partner
As a partner of Cisco Premier, we needed to test the functionality of Cisco CSR 1000v, which takes its rightful place in the portfolio of solutions for the Enterprise segment.
Our acquaintance with him began with a detailed study of the functionality, licensing policy and a 60-day trial period. It is worth noting the very strong similarity between the CSR 1000v and the ISR routers in terms of the IOS software interface and the model for providing technological options.
Licensing.
CSR 1000v is available in 4 "editions": IP Base, Security, AppX, AX.
A table describing the differences between editions
As you can see, the distribution of software capabilities by technological "packages" is similar to the similar in the product line of ISR (Integrated Services Routers) routers. So, for those who are faced with the second generation ISR (G2) routers, this licensing scheme will not be a novelty.
Also, it is worth noting that since this is a router for cloud infrastructure, where the performance of communication channels and application specifics can be different, the licensing scheme has been supplemented with maximum throughput. Bandwidths of 10, 50, 100, 250, 500 Mbit / s, as well as 1, 2.5, 5 and 10 Gbit / s are available for each technology package. Please note that these numbers indicate the aggregate throughput of the router, where traffic on all interfaces of the router is taken into account and for each interface, incoming and outgoing traffic is taken into account separately.
In other words, having licensed 1 Gbit / s bandwidth, you can provide either 500 Mbps duplex on one interface, or, for example, provide simultaneously 900 Mbps of outgoing traffic on the interface at 100 Mbps incoming. Or there will be any other combination, but in the amount of licensed bandwidth will not work.
A very important aspect when choosing a virtual router was correct operation in a VMware environment. Fortunately, Cisco and VMware are long-time friends and in the compatibility list we managed to find not only the vSphere hypervisor, but also Microsoft Hyper-V, Citrix XenServer and KVM based on Red Hat or Ubuntu. Separately, it is worth noting that CSR is also officially supported in Amazon Web Services and Microsoft Azure public cloud services. In our case, it was planned to run on the vSphere 6 hypervisor.
Fault tolerance in this scenario can be provided by several options: High Availability (HA) or Fault Tolerance (FT). Just in case, let me remind you that these options differ when there is a failure of the virtualization host: HA - the machine will restart on a working host (there are risks to lose changes in the router configuration if it has not been saved in time, and a sufficiently long service recovery time, t . we all know how much IOS can boot), FT - the shadow copy of VM running on another host (the option does not occur in the service) does not occur in the active state. After testing both options, we came to the conclusion that the CSR 1000v solution fully meets the requirements and resiliency.
As for the requirements for computing resources, everything depends on the selected technology package and licensed bandwidth. The minimum recommended threshold is 1 vCPU / 4 GB of RAM, no more than 8 GB of disk space is required. Such characteristics of a virtual machine for CSR will allow it to operate at speeds up to 1 Gbit / s inclusively (albeit with a small reservation regarding the AX edition, where more resources are already needed). Further we increase resources according to recommendations from the documentation.
Thus, we also had enough resources for him. Moreover, the capacity of 1 Gbit / s, which is essentially equal to 500 Mbit / s duplex at the initial stage could satisfy all our needs.
When using CSR 1000v, you must take into account the fact that this is not a separate device with its optimized hardware base, independent of the virtualization environment used in the cloud and the implementation features of this or that functionality, and this is essentially the same virtual machine as all the others , working on a server that has its own requirements for computing resources, network settings, physical connection to the data network, and so on. During the trial operation of the CSR 1000v router, we highlighted the following points:
1. It is recommended to allocate separate physical ports on the server for virtual switches for CSR in order to avoid possible problems with throughput, especially when using SDS (Software-defined storage), when a considerable amount of traffic is observed between server nodes when creating a new VM at the moment order a new service. Also, problems can be observed at the time of creating backup copies when using network adapters in the “shared access” mode.
2. It is necessary to reserve computing resources (processor and RAM) in the required amount by means of the hypervisor for the CSR needed for its correct and efficient operation in order to eliminate problems with network performance caused by lack of resources.
3. You should be very careful about the security settings for port groups (Port Group) and virtual switches (in VMware terminology). We are talking about the parameters "MAC address changes", "Forged transmissions" and "Promiscuous mode". To work, for example, such functionality as HSRP / VRRP and MPLS had to “turn on” (translate to “Accept”) Promiscuous Mode for the port group in which the corresponding CSR interface was located.
PS How to collect at least 20,000 views, write the second part with the practice of use :-)
Today we want to touch on the topic of routing in the networks of cloud service providers and at the same time tell you why a relatively new product from well-known Cisco Systems, namely Cloud Services Router 1000v (CSR 1000v), was very interesting for us.
Before the start of the project, we determined for ourselves the optimal set of tools and technical solutions based on multiple tests according to the program and test methodology (PMI) for network equipment (internal document for testing based on the competence center), which would allow us to provide quality service to our clients.
In addition to price, the important factors in choosing one solution or another were quality, that is, the predictability of the software and hardware components of the solution and, if necessary, the availability of technical support from the manufacturer, along with a high level of reliability and scalability. The combination of these criteria can satisfy a few solutions that have a fault-tolerant architecture, duplicate hardware components and a rich set of features. However, all these decisions are united by considerable cost, which at the initial stage of development of our project was a serious disadvantage. In turn, the specifics of the project made us think about the possibility of using existing routing resources for routing tasks.
')
Do we not use the server capacity we have to locate the router in a virtual environment? Moreover, the cloud environment based on products from VMware has the necessary level of resiliency, reliability and scalability. As a result, it would be possible to save a little on the hardware, paying only for the necessary software.
Cisco Premier Partner
As a partner of Cisco Premier, we needed to test the functionality of Cisco CSR 1000v, which takes its rightful place in the portfolio of solutions for the Enterprise segment.
Our acquaintance with him began with a detailed study of the functionality, licensing policy and a 60-day trial period. It is worth noting the very strong similarity between the CSR 1000v and the ISR routers in terms of the IOS software interface and the model for providing technological options.
Licensing.
CSR 1000v is available in 4 "editions": IP Base, Security, AppX, AX.
A table describing the differences between editions
As you can see, the distribution of software capabilities by technological "packages" is similar to the similar in the product line of ISR (Integrated Services Routers) routers. So, for those who are faced with the second generation ISR (G2) routers, this licensing scheme will not be a novelty.
Also, it is worth noting that since this is a router for cloud infrastructure, where the performance of communication channels and application specifics can be different, the licensing scheme has been supplemented with maximum throughput. Bandwidths of 10, 50, 100, 250, 500 Mbit / s, as well as 1, 2.5, 5 and 10 Gbit / s are available for each technology package. Please note that these numbers indicate the aggregate throughput of the router, where traffic on all interfaces of the router is taken into account and for each interface, incoming and outgoing traffic is taken into account separately.
In other words, having licensed 1 Gbit / s bandwidth, you can provide either 500 Mbps duplex on one interface, or, for example, provide simultaneously 900 Mbps of outgoing traffic on the interface at 100 Mbps incoming. Or there will be any other combination, but in the amount of licensed bandwidth will not work.
System requirements
A very important aspect when choosing a virtual router was correct operation in a VMware environment. Fortunately, Cisco and VMware are long-time friends and in the compatibility list we managed to find not only the vSphere hypervisor, but also Microsoft Hyper-V, Citrix XenServer and KVM based on Red Hat or Ubuntu. Separately, it is worth noting that CSR is also officially supported in Amazon Web Services and Microsoft Azure public cloud services. In our case, it was planned to run on the vSphere 6 hypervisor.
Fault tolerance in this scenario can be provided by several options: High Availability (HA) or Fault Tolerance (FT). Just in case, let me remind you that these options differ when there is a failure of the virtualization host: HA - the machine will restart on a working host (there are risks to lose changes in the router configuration if it has not been saved in time, and a sufficiently long service recovery time, t . we all know how much IOS can boot), FT - the shadow copy of VM running on another host (the option does not occur in the service) does not occur in the active state. After testing both options, we came to the conclusion that the CSR 1000v solution fully meets the requirements and resiliency.
As for the requirements for computing resources, everything depends on the selected technology package and licensed bandwidth. The minimum recommended threshold is 1 vCPU / 4 GB of RAM, no more than 8 GB of disk space is required. Such characteristics of a virtual machine for CSR will allow it to operate at speeds up to 1 Gbit / s inclusively (albeit with a small reservation regarding the AX edition, where more resources are already needed). Further we increase resources according to recommendations from the documentation.
Thus, we also had enough resources for him. Moreover, the capacity of 1 Gbit / s, which is essentially equal to 500 Mbit / s duplex at the initial stage could satisfy all our needs.
Nuances of work
When using CSR 1000v, you must take into account the fact that this is not a separate device with its optimized hardware base, independent of the virtualization environment used in the cloud and the implementation features of this or that functionality, and this is essentially the same virtual machine as all the others , working on a server that has its own requirements for computing resources, network settings, physical connection to the data network, and so on. During the trial operation of the CSR 1000v router, we highlighted the following points:
1. It is recommended to allocate separate physical ports on the server for virtual switches for CSR in order to avoid possible problems with throughput, especially when using SDS (Software-defined storage), when a considerable amount of traffic is observed between server nodes when creating a new VM at the moment order a new service. Also, problems can be observed at the time of creating backup copies when using network adapters in the “shared access” mode.
2. It is necessary to reserve computing resources (processor and RAM) in the required amount by means of the hypervisor for the CSR needed for its correct and efficient operation in order to eliminate problems with network performance caused by lack of resources.
3. You should be very careful about the security settings for port groups (Port Group) and virtual switches (in VMware terminology). We are talking about the parameters "MAC address changes", "Forged transmissions" and "Promiscuous mode". To work, for example, such functionality as HSRP / VRRP and MPLS had to “turn on” (translate to “Accept”) Promiscuous Mode for the port group in which the corresponding CSR interface was located.
PS How to collect at least 20,000 views, write the second part with the practice of use :-)
Source: https://habr.com/ru/post/326086/
All Articles