The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco IOS XE Software
The Cisco® Catalyst® 8000V Edge Software (Catalyst 8000V) is a virtual-form-factor router that delivers comprehensive SD-WAN, WAN gateway, and network services functions into virtual and cloud environments. Using familiar, industry-leading Cisco IOS® XE Software networking capabilities, the Catalyst 8000V enables enterprises to transparently extend their WANs into provider-hosted clouds. Similarly, cloud providers themselves can use the Catalyst 8000V to offer enterprise-class networking services to their tenants or customers.
To save costs and become more agile, businesses small and large are increasingly virtualizing their data center infrastructures and applications. Many enterprises have started deploying IT applications in virtualized data centers that are built and managed by third-party service providers. These external data centers, known as provider-hosted clouds, allow enterprises to gain infrastructure and resources on demand and become even more operationally efficient.
However, the shared-infrastructure, shared-resource cloud environment poses networking and security problems for enterprises:
● An enterprise does not own its cloud connectivity, so it cannot extend its network configuration into the cloud.
● An enterprise does not enjoy the same levels of privacy and security for its cloud deployment as it does for its premises.
● An enterprise cannot directly connect its distributed sites to its cloud applications, having to, instead, backhaul all network traffic through its data center because it lacks a network-aware endpoint in the cloud.
The cloud also presents networking challenges for cloud providers:
● The primary concern is the limitations of scaling the current network switching architecture.
● The cloud provider also lacks all the components of an end-to-end managed connectivity service offering to its customers, including Quality of Service (QoS), application visibility, and Service-Level Agreements (SLAs).
The Cisco Catalyst 8000V addresses these cloud-based networking and security constraints.
In addition to bringing enterprise-class networking services and security to public cloud environments, the Cisco Catalyst 8000V can be used as a building block for scalable network service offerings. The Network-Functions-Virtualization (NFV) components allow the Catalyst 8000V to fill roles traditionally reserved for hardware-based devices. Virtualizing these complex functions allows service providers to consolidate numerous instances onto a single server, and to easily scale as new customers come on board or networks are expanded.
Built on the same proven Cisco IOS XE Software platform for the Cisco Catalyst 8000 portfolio, it offers a rich set of features, including routing, VPN, firewall, Network Address Translation (NAT), QoS, application visibility, failover, and WAN optimization. Additional NFV uses such as virtual Route Reflector (vRR) is also supported by the Catalyst 8000V platform. This broad suite of functions empowers enterprises and cloud providers to build highly secure, optimized, scalable, and consistent hybrid networks.
The Cisco Catalyst 8000V is a software router that an enterprise or a cloud provider can deploy as a virtual machine in a provider-hosted cloud or in its own virtual environment. It can run on Cisco Unified Computing System™ (Cisco UCS®) servers as well as on servers from leading vendors that support VMware ESXi, Red Hat KVM virtualization, or on the Amazon EC2 cloud, Microsoft Azure cloud, or Google Cloud Platform. It contains Cisco IOS XE Software networking and security features.
A typical cloud provides IT infrastructure and resources to multiple customers or tenants. The Cisco Catalyst 8000V serves primarily as a router per tenant (Figure 1). That is, each tenant gets its own routing instance and hence, its own VPN connections, firewall policies, QoS rules, access control, and so on. The router can, however, also be deployed as a multitenant router, using Virtual Route Forwarding (VRF) to maintain separate routing tables and feature configurations for each tenant it services.
Cisco Catalyst 8000V positioned as a WAN gateway in a multitenant cloud
Key use cases for the Cisco Catalyst 8000V
● Highly secure VPN gateway: The Catalyst 8000V offers route-based IP Security (IPsec) VPNs (Dynamic Multipoint VPN [DMVPN], FlexVPN, and GetVPN), and in the future, Secure Sockets Layer (SSL) VPN, and Cisco IOS Zone-Based Firewall (ZBFW) and access control, meaning an enterprise can connect distributed sites directly to its cloud deployment (Table 1).
Table 1. Cisco Catalyst 8000V as a highly secure VPN gateway
Customer problem |
Features |
Benefits of Cisco Catalyst 8000V |
● An enterprise needs to securely connect its premises with its off- premises cloud. A typical large enterprise has a central headquarters, a few regional hubs, two or more data centers, and hundreds to thousands of branch-office sites. The network is either hub-and-spoke or fully meshed. By extending the data center to the cloud, the enterprise wants the cloud to act as another node in its network.
|
● IPsec
● DMVPN
● FlexVPN
● GetVPN
● Border Gateway Protocol (BGP)
● Open Shortest Path First (OSPF)
● Enhanced Interior Gateway Routing Protocol (EIGRP)
● ZBFW
● Access Control List (ACL)
● Authentication, Authorization, and Accounting (AAA)
● NAT
● Dynamic Host Configuration Protocol (DHCP)
|
● Ownership: An enterprise can deploy a Catalyst 8000V in the cloud, access its Command-Line Interface (CLI), and manage it using Cisco Prime
™ Infrastructure.
● Smooth connectivity and enterprise-class scalability: With its range of VPN and routing features, the Catalyst 8000V can fit into any enterprise network topology. An enterprise can directly and dynamically connect its distributed sites to its cloud deployment, avoiding the latency caused by the typical backhaul through the data center while overcoming the management complexity of point-to-point IPsec VPNs.
● Consistent WAN architecture: The Cisco IOS Software-based Catalyst 8000V complements the new Catalyst 8000 line items as well as existing Cisco Aggregated Services Router (ASR) and Integrated Services Router (ISR) deployments. Enterprises can now deploy a Cisco endpoint at every node in their network, allowing for consistent network configuration and security policies across their distributed hybrid networks.
● Visibility and cost savings versus cloud VPN services: Many public cloud and virtual private cloud services provide VPN functions as a service. Typically, this service is offered as a black box with little visibility into failures and no ability to troubleshoot, and users must pay a monthly or per-tunnel fee. Using the Catalyst 8000V as the VPN termination point in the cloud allows for a familiar platform to monitor and troubleshoot problems and avoids any additional VPN service fees.
|
● Multiprotocol Label Switching (MPLS) WAN endpoint: The Cisco Catalyst 8000V can serve as an MPLS router, meaning a service provider can offer end-to-end managed connectivity (customer site to customer cloud deployment) with performance guarantees. Also, by extending the MPLS WAN deeper into the cloud network, the service provider can increase network scale, serving more tenants and more networks per tenant (Table 2).
Table 2. Cisco Catalyst 8000V as an MPLS WAN endpoint
Customer problem |
Features |
Benefits of Cisco Catalyst 8000V |
● A service provider needs to extend MPLS connectivity to its customers’ cloud segments. Service providers that offer managed connectivity service to businesses want to help their customers connect with off- premises clouds. To provide end-to-end connectivity, the service providers want to extend their private MPLS WANs into the clouds, right up to the edge of the customers’ segments within the clouds.
|
● MPLS VPN
● VRF
● BGP
● Generic Routing Encapsulation (GRE)
● QoS
● IP SLA
|
● MPLS extension within a cloud: A service provider can manage the cloud connectivity of its customers and offer performance and reliability guarantees with the help of a dedicated Catalyst 8000V (serving as a customer-edge router) per customer.
● Intracloud scale: A typical cloud network is highly switched. A router hands off incoming traffic to a group of switches, which assigns the traffic to customer VLANs. In this network architecture, the cloud provider cannot scale beyond 4096 VLANs per router, limiting the number of customers it can support. The Catalyst 8000V, serving as a customer-edge or provider-edge extension, can help overcome these scale limitations by creating routing overlays within the cloud, minimizing the providers’ dependence on VLANs.
|
● Layer 2 (virtual-machine migration) or Layer 3 extension (IP mobility) from premises to cloud: The Cisco Catalyst 8000V offers features such as NAT and Locator/ID Separation Protocol (LISP) that allow an enterprise to maintain addressing consistency across premises and cloud as it moves applications back and forth or bursts compute capacity into the cloud. The Overlay Transport Virtualization (OTV) and Virtual Private LAN Services (VPLS) features of the Catalyst 8000V allow an enterprise to extend VLAN segments from its data center into the cloud for server backup, disaster recovery, and compute scale (Table 3).
Table 3. Cisco Catalyst 8000V as a Layer 2 or Layer 3 extension
Customer problem |
Features |
Benefits of Cisco Catalyst 8000V |
● An enterprise needs to maintain IP addressing consistency when moving an application from its data center into an off-premises cloud. An enterprise does not want to reconfigure its application when it moves the application back and forth between its data center and external cloud. Change in the address of the application affects connectivity with the user accessing the application.
|
● NAT
● LISP
|
● IP mobility: The cloud-based Catalyst 8000V can serve as a LISP router, building a tunnel with a LISP-enabled router in the enterprise’s data center so an application can be transported across the tunnel with a fixed identifier.
|
● An enterprise needs to replicate its virtual machines (for application servers, web servers, etc.) in an off-premises cloud. An enterprise wants to extend VLAN segments from its data center into an external cloud in order to migrate or back up virtual machines.
|
● OTV
|
● Virtual-machine migration: The cloud-based Catalyst 8000V can serve as an OTV router, building a bridge with an OTV-enabled router in the enterprise’s data center so that a VLAN can be extended to the cloud.
|
● Control point for networking services: The Catalyst 8000V can redirect traffic to Cisco Virtual Wide Area Application Services (vWAAS) appliances deployed in the cloud. The Application Visibility and Control (AVC) feature of the Catalyst 8000V offers end-to-end application visibility, performance monitoring, and control, allowing service providers to pinpoint application performance problems and offer performance SLAs that can be easily tracked (Table 4).
Table 4. Cisco Catalyst 8000V as a traffic control point
Customer problem |
Features |
Benefits of Cisco Catalyst 8000V |
● A cloud provider needs to offer enterprise-class networking services. The cloud provider wants to offer networking services that help ensure secure access and optimized, uninterrupted delivery of applications to its customers.
|
● AppNav (redirection)
● ZBFW
● NAT
● DHCP
● Hot Standby Router Protocol (HSRP)
● AVC
|
● Rich set of networking services: The cloud provider can take full advantage of Cisco IOS Software security, application visibility, performance monitoring, and high-availability features to provide each tenant with a comprehensive networking experience.
|
● Virtual Extensible LAN (VXLAN) gateway: The Catalyst 8000V can participate in a VXLAN network serving as a VXLAN Tunnel Endpoint (VTEP), and therefore as a termination point for VXLAN Network Identifiers (VNIs). For large data center and service provider networks, this feature allows for greatly increased scalability in the number of simultaneously operating isolated tenant networks. After a VNI is terminated by the Catalyst 8000V, its traffic can be Layer-3 routed or Layer-2 bridged to other VXLAN or non-VXLAN networks (Table 5).
Table 5. Cisco Catalyst 8000V as VXLAN gateway
Customer problem |
Features |
Benefits of Cisco Catalyst 8000V |
● A service provider needs to support a very large number of tenants on a given infrastructure. Service providers—in particular, those offering private cloud services—routinely create and manage many thousands of isolated networks for tenants. VLAN tagging has, in the past, been the typical technology used to isolate and extend a Layer-2 network from the physical network into a tenant’s private cloud. VLAN tagging imposed a limit of 4094 VLAN identifiers, limiting the utility of any given Layer-2 infrastructure.
|
● VXLAN gateway
● VXLAN Multicast and Unicast modes
● VXLAN with VRF
|
● Expanded scale for service provider networks: VXLAN supports millions of network identifiers and allows service providers to deploy a greatly increased number of tenants on their existing infrastructure. The Catalyst 8000V can be deployed as a single-tenant VXLAN gateway, allowing tenants to enjoy their own dedicated VXLAN gateway node. It can also be deployed in a more cost-effective manner as a multitenant VXLAN gateway node, terminating VNIs for a large number of tenants with a single Catalyst 8000V instance.
|
● Virtual route reflector: The Catalyst 8000V can be deployed as a vRR to simplify the routing adjacencies required in larger networks. Because route reflection is a process-intensive (but not throughput-intensive) application, many instances of route reflectors may be consolidated onto a single server running multiple Catalyst 8000V routers. This approach significantly reduces the physical footprint, power, cooling, and cabling overhead of maintaining numerous physical route-reflector systems.
A Catalyst 8000V-based route reflector with 16 GB of memory can maintain up to 24 million IPv4 routes or up to 21 million IPv6 routes.
Cisco Catalyst Software-Defined WAN (SD-WAN)
Cisco Catalyst SD-WAN is a set of intelligent software services that allows you to connect users, devices, branch office locations, and cloud deployments reliably and securely across a diverse set of WAN transport links. Cisco Catalyst SD-WAN-enabled routers like the Catalyst 8000V dynamically route traffic across the “best” link based on up-to-the-minute application and network conditions for great application experiences. You get tight control over application performance, bandwidth usage, data privacy, and availability of your WAN links.
The Catalyst 8000V is optimized for the Cisco Catalyst SD-WAN. For enterprises, this means that business-critical applications run faster, with more reliability and reduced Operating Expenditure (OpEx). The SD-WAN achieves this by giving all branches, data centers, and cloud deployments the ability to monitor, control, move, and report on streams of application data, such as specific-web (HTTP) traffic, for example. The Catalyst 8000V has deep packet inspection capability and can accurately identify and control thousands of different applications, including custom in-house enterprise applications.
The entire Cisco Catalyst SD-WAN implementation on the Catalyst 8000V may be implemented by managing the end device, either from the cloud or on-premises, through ascending levels of throughput-based licenses. All licenses that support Cisco Catalyst SD-WAN are all enabled using subscription licenses. These subscription licenses enable all customers to seamlessly transition between on-premises and cloud management as needed. The license tiers are structured to support the growth in business needs through simple subscriptions that help simplify the journey to intent-based networking for the WAN.
The Cisco Catalyst SD-WAN subscriptions are aligned across three subscription licenses—Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier—each expanding functionally. Cisco DNA Essentials covers all types of connectivity and router life cycle management, support for network and application visibility, coupled with basic premises and transport security. Cisco DNA Advantage provides for advanced WAN topologies and application-aware policies supported by enhanced network security. Cisco DNA Premier provides for cloud connectivity with unlimited segmentation, advanced application optimization, and network analytics, secured by advanced threat protection. For more information on Cisco Catalyst SD-WAN, refer to https://www.cisco.com/c/en/us/products/software/one-wan-subscription/index.html.
The benefits are immense:
1. Extend your SD-WAN fabric to include your cloud deployments.
2. Business-critical applications no longer have to contend each other or with traffic that should be served on a best-effort basis.
3. The enterprise network becomes more reliable because multiple paths can be used.
4. Costs are greatly reduced because dual MPLS links can be replaced with a mix of MPLS and Internet.
5. The time to bring up new remote sites is dramatically reduced because the SD-WAN supports rapidly deployed DSL and 3G/4G LTE connections as easily as MPLS.
6. Security is assured across these connections using a zero-touch secure VPN technology used by governments and finance organizations worldwide.
The Cisco IOS XE Software advantage
The Cisco Catalyst 8000V contains the same operating system—Cisco IOS XE Software—that runs inside the Catalyst 8000 product line. Providing control- and data-plane separation, multicore forwarding, and a modular architecture that allows for smooth insertion of networking features, Cisco IOS XE Software is well-suited for dynamic cloud environments. Cisco IOS XE Software is based on the stable, robust, and feature-rich Cisco IOS Software that has powered Cisco Integrated Services Routers (ISRs) and other hardware routers in demanding enterprise, service provider, and government networks for more than two decades.
Some key benefits of Cisco IOS XE Software include:
● Proven functions with industry-leading Cisco IOS Software networking and security features.
● Operational efficiency through rapid integration into any Cisco IOS Software environment, such as a branch office, WAN, data center, or cloud.
● Consistent user experience. IOS XE uses the same Cisco IOS Command-Line Interface (CLI) and management tools across the Cisco Catalyst 8000 Edge Platforms Family, including the Cisco Catalyst 8300 Edge, Catalyst 8200 Edge, and Cisco Catalyst 8000V.
Table 6 lists the features the Cisco Catalyst 8000V offers in Cisco IOS XE Software.
Table 6. Cisco Catalyst 8000V features
Features |
Description |
Cisco IOS XE Software version |
Cisco IOS XE Software (CSR Edition with selected Cisco IOS XE Software features) The software is available in ISO, BIN, OVA, and QCOW2 formats. |
Supported hypervisors |
● VMware ESXi 7.0
● Red Hat KVM (Red Hat Enterprise Linux 7.7)
● Ubuntu 16.04 LTS
● NFVIS 4.10.1
|
Supported public clouds |
● Amazon Web Services
● Microsoft Azure
● Google Cloud Platform
|
Supported I/O modes |
The Catalyst 8000V supports several modes of communication between virtual Network Interface Cards (vNICs) and the physical hardware:
● Paravirtual
● PCI Passthrough
● Single-Root I/O Virtualization (SR-IOV)
● Cisco Virtual Machine Fabric Extender (VM-FEX)
● Accelerated networking (Azure)
● Enhanced networking (AWS)
|
Virtual-machine specifications |
The Catalyst 8000V can run on Cisco UCS servers as well as servers from vendors that support VMware ESXi, Red Hat KVM, or on the cloud: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform. The Catalyst 8000V requires the following from the virtualized server hardware:
● CPU – 1 to 8 virtual CPUs (depending on the throughput and feature set)
● Memory – 4 GB to 16 GB (depending on the throughput and feature set)
● Disk space – 8 GB
● Network interfaces – two or more vNICs, up to maximum allowed by hypervisor
● If you run the Catalyst 8000V on Amazon Web Services (AWS), you can use encrypted Elastic Block Store (EBS) by following a process that creates a private Amazon Machine Image (AMI). For more information on this process, see "Deploying the Cisco Catalyst 8000V on Amazon Web Services" > "Creating an AMI with Encrypted Elastic Block Storage" in the Cisco Catalyst 8000V Series Cloud Services Router Deployment Guide for Amazon Web Services:
https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws.html.
|
Cisco IOS XE Software networking |
● Routing: BGP, OSPF, EIGRP, Policy-Based Routing (PBR), IPv6, VRF-Lite, Multicast, LISP, GRE, and Connectionless Network Services (CLNS)
● MPLS: MPLS VPN, VRF, and Bidirectional Forwarding Detection (BFD)
● Addressing: DHCP, Domain Name System (DNS), NAT, 802.1Q VLAN, Ethernet Virtual Connection (EVC), and VXLAN
● High availability: HSRP, Virtual Router Redundancy Protocol (VRRP), Gateway Load Balancing Protocol (GLBP), and box-to-box high-availability for ZBFW and NAT
● Traffic redirection: AppNav (to Cisco Wide Area Application Services [Cisco WAAS]) and Web Cache Communication Protocol (WCCP)
● Application visibility, performance monitoring, and control: QoS and AVC
● Hybrid cloud connectivity: OTV, VPLS, and Ethernet over MPLS (EoMPLS)
● NFV: vRR
|
Cisco IOS XE Software security |
● VPN: IPsec VPN, DMVPN, FlexVPN, and GetVPN
● Firewall: ZBFW
● Access control: ACL, AAA, RADIUS, and TACACS+
|
Management |
● Virtual-machine creation and deployment: VMware vCenter and VMware vCloud Director
● Provisioning and management: Cisco IOS XE CLI, Secure Shell (SSH) Protocol, Telnet, Cisco Prime Infrastructure, Cisco Prime Network Services Controller, and OpenStack Config-drive
● Monitoring and troubleshooting: Simple Network Management Protocol (SNMP), Syslog, NetFlow, IP SLA, and Cisco IOS Embedded Event Manager (EEM)
● RESTful Application Programming Interfaces (APIs): License installation and Smart Licensing, interfaces and subinterfaces, routing protocols, IPsec VPN, firewall, ACL, NAT, configuration import and export, reports (CPU usage, interface statistics, routing table, VPN and firewall sessions, etc.), VRF, Network Time Protocol (NTP), DNS, DHCP, SNMP, TACACS, LISP, VXLAN, and HSRP
● The Cisco IOS XE SD-WAN Software for Catalyst 8000V provides simplicity of management from the cloud with Cisco Catalyst SD-WAN Manager
|
Cisco Catalyst 8000V Edge Software is available to order, with the Cisco IOS XE 17.4.1 being the first release. The IOS XE version 17.4.1 combines Cisco Catalyst SD-WAN and IOS XE for traditional routing. After ordering a Catalyst 8000V router, the customer may choose either the IOS XE or IOS XE SD-WAN image. All licensing and entitlement will be provided by Cisco DNA.
The Cisco Catalyst 8000V is licensed based on throughput, feature set, and term. Customers may order only subscription licensing.
The Cisco IOS XE Software of the Catalyst 8000V offers numerous throughput options. Tier-based licensing options were made available starting with IOS XE release 17.7.1. Prior to this release, all IOS XE 17.6.1 and ealier, utilize bandwidth ladder options 10, 50, 100, 250, and 500 Mbps, and 1, 2.5, 5, and 10 Gbps. Upon activation of a particular option, the Catalyst 8000V limits its aggregate bidirectional throughput to that option. For Cisco Catalyst SD-WAN, refer to the Cisco DNA Subscription Ordering Guide.
Term licenses may be purchased and used with the Catalyst 8000V when deployed as a Bring-Your-Own-License (BYOL) instance on the Microsoft Azure cloud, Google Cloud Platform, and Amazon EC2 cloud. Pay-As-You-Go (PAYG) hourly billing on AWS and Azure Marketplace is also available.
Subscription licensing with support for Cisco Catalyst 8000V is offered using the three licenses of Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier.
● Cisco DNA Essentials covers all types of connectivity and router lifecycle management and support for network and application visibility, coupled with basic premises and transport security.
● Cisco DNA Advantage provides for advanced WAN topologies and application-aware policies supported by enhanced network security.
● Cisco DNA Premier provides for cloud connectivity with unlimited segmentation, advanced application optimization, and network analytics, secured by advanced threat protection.
For more information on Cisco Catalyst 8000V licensing, refer to the Cisco DNA Software Routing Subscription Guide.
Cisco DNA Software Subscription
Cisco DNA Essentials, Cisco DNA Advantage, and Cisco DNA Premier licenses software updates, 24-hour support from the Cisco Technical Assistance Center (TAC), and access to technical documentation and more on the Cisco.com support website can be purchased separately.
For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
Flexible payment solutions to help you achieve your objectives
Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
For more information about the Cisco Catalyst 8000V Edge Software, visit https://www.cisco.com/go/cloudrouter.
Table 7. Document history
New or Revised Topic |
Described In |
Date |
Cisco DNA licensing copy block changes |
Datasheet |
November 12, 2021 |