Cisco CSR 1000v Series Cloud Services Routers Overview


Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.

Virtual Router

The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.

When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.

Secure Connectivity

CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.

System Requirements

Software Images and Licenses

The following sections describe the licensing and software images for CSR 1000V.

Cisco CSR 1000v Evaluation Licenses

Evaluation license availability depends on the software version:

The following evaluation licenses are available:

  • IPBASE technology package license with 10 Gbps maximum throughput

  • SEC technology package license with 5 Gbps maximum throughput

  • APPX technology package license with 5 Gbps maximum throughput

  • AX technology package license with 2.5 Gbps maximum throughput

If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.

For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .

Cisco CSR 1000v Software Licenses

Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.

Current License Types

The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):

  • IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)

  • Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)

  • AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)

  • APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)

Legacy License Types

The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.

Features Supported by License Packages

For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.


The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:

  • 10 Mbps

  • 50 Mbps

  • 100 Mbps

  • 250 Mbps

  • 500 Mbps

  • 1 Gbps

  • 2.5 Gbps

  • 5 Gbps

  • 10 Gbps

The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.

Memory Upgrade

A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.

Additional Information about Licenses and Activation

For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.

Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files

The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.

For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:

  • csr1000v-universalk9.16.04.01.ova

  • csr1000v-universalk9.16.04.01.iso

  • csr1000v-universalk9.16.04.01.qcow2

The filename attributes are listed below, along with the release properties.

Table 1. OVA Installation Filename Attributes

Filename Attribute



Installed image package.


Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release).

std or ext

Standard release or extended maintenance support release.

New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.11.1

New and Enhanced Features for Cisco IOS XE Gibraltar 16.11.1a

The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.11.1a release:

  • Support for High Availability Version 3 - High Availability refers to the ability to establish redundancy of networking functionality and configuration data between two peer routers. Enable High Availability for your CSR 1000v routers running on cloud deployments for seamless services, by setting up failure detection and failover mechanism. High Availability Version 3 supports a number of new features including simplified deployment by predominantly using Guestshell.

  • Factory Reset - Factory reset is a process of clearing the current running and start up configuration information on a router, and resetting the router to an earlier, fully functional state. The 16.11.1a release supports the factory reset process in CSR 1000v routers.

  • Deploy GCP by using a solution template - You can now deploy a CSR 1000v solution template and the associated resources in the service provider’s cloud.

  • Accelerated Networking enhancements - Accelerated Networking is a functionality that enables single root I/O virtualization on a Cisco CSR 1000v router running on Microsoft Azure. The 16.11.1a release supports enhanced Mellanox support from the Azure infrastructure.

  • Port-Security Forbidden MAC - This feature addresses port security for EVCs by providing the capability to control and filter MAC-address learning behavior at the granularity of a per-Ethernet Flow Point (EFP). When a security violation requires a shutdown, only the customer assigned to a given EFP is affected rather than all the customers using the port.

  • EST CA Certs on Reykey - This feature enables client devices to obtain CA certificate automatically as part of rekey. The CA certificate certifies a new public key for a device.

  • Enhancements to Secure Password Migration - Support has been added for auto-conversion of weak password types 0 to 7 to encrypted password type 6. Configure AES password encryption feature and master encryption key to auto-convert password types 0 and 7 to password type 6.

  • Intelligent load balancing - The PfRv3 Intelligent Load Balance feature detects the remote bandwidth overrun at the earliest possible. It helps to reduce the packet drop caused by per tunnel QoS and increases the bandwidth utilization.

  • Support for IPFIX keyword - IP Flow Information Export (IPFIX) protocol is another way for transmitting Traffic Flow information over the network. The ipfix keyword is now supported in the ip flow-export destination command.

  • Support for adding source interface for ETA netflow records - The source interface <interface name> keyword is now added to the existing ip flow-export destination command.

  • ZBFW HSL Using Source Interface Capability - Zone-based Firewall supports export of logged data record to an external collector using NetFlow Version 9, where the collector parses and interprets the data record based on the template. Zone-based firewall uses the High Speed Logging (HSL) capability to generate NetFlow data through the log flow-export v9 udp destination command under the parameter-map type inspect-global configuration.

  • Security Readiness Criteria (SRC) Closure - CUBE - Security Readiness Criteria (SRC) closure for Cisco Unified Border Element or SRC is a program to meet a set of security criteria before releasing the product offering to the customers. SRC helps to prioritize security requirements that are necessary to reduce the associated risk.

  • CUBE Smart Licensing - Cisco Unified Border Element Smart Licensing—Cisco Smart Software Licensing provides a simple cloud-based solution for managing and tracking the use of your licenses and entitlements across your business. License requirements for the use of CUBE trunk sessions are reported to Cisco Smart Licensing.

    For a more detailed overview on Cisco Licensing, go to

  • Support certificate CN/SAN validation - Server Identity Validation on Cisco Unified Border Element—Cisco Unified Border Element supports server identity validation through Common Name (CN) and Subject Alternate Name (SAN) fields in the server certificate during client-side SIP/TLS connections. Validation of CN and SAN fields of the server certificate ensures that the server-side domain is a valid entity.

  • Specific License Reservation - Specific License Reservation (SLR) is a functionality that enables you to deploy a Smart License on a device without directly connecting it to the Cisco Cloud. SLR is supported for the CSR 1000v routers from this release.

  • Interface overruns troubleshooting enhancements - The output of the show interface accounting command has now been modified.

  • Kill Telemetry Subscription: The ability to delete a dynamic model driven telemetry dynamic subscription using either the clear telemetry ietf subscription Cisco IOS command, or the <kill-subscription> RPC.

  • NETCONF and RESTCONF Service Level Access Control Lists: This programmability feature enables you to configure an IPv4 or IPv6 access control list (ACL) for NETCONF and RESTCONF sessions. If you do not conform to the configured ACL, you are not allowed to access the NETCONF or RESTCONF subsystems. When the service-level ACLs are configured, NETCONF and RESTCONF connection requests are filtered based on the source IP address.

  • YANG Data Models: For the list of Cisco IOS XE YANG models available with this release, go to Revision statements embedded in the YANG files indicate if there has been a model revision. The file in the same GitHub location highlights the changes that have been made in the release.

  • Web User Interface - Supports an embedded GUI-based device-management tool that provides the ability to provision the router, simplifies device deployment and manageability, and enhances user experience. The following features are supported on the Web User Interface from Cisco IOS XE Gibraltar 16.11.1a:

    Nat Statistics

    IPv6 Support for AAA

    For information on how to access the Web User Interface, see the Configure the Router for Web User Interface section.

Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.11.x

Using the Cisco Bug Search Tool

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all the bugs specific to a product and a release.

You can filter the search results by the last modified date, bug status (open or resolved), severity, rating, and support cases.

Open Bugs for Cisco IOS XE Gibraltar 16.11.1b

Caveat ID Number



AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa.


QFP load at 99% for 2 MB of traffic on CSR1000v running on KVM.


GuestShell Gets removed during the IOS upgrade

Resolved Caveats—Cisco IOS XE Gibraltar 16.11.1b

Caveat ID Number



CSR1KV_LE: ipv6 address %CI shows improperly.


CSR1000v: crash at mempool_add_region when adding memory.


Azure CSR1000v HAv1 VXE_CLOUD_HA-4-NOTCFGD, flags=0x7F0000 error.


CSR1Kv:Throughput/BW level not set correctly when upgrade to 16.10.1 .bin image with AWS/Azure PAYG.


CSR1000v IC2M Self Integrity Test Bypassed.


CSR1kv router crash due to file descriptor leak.

Open Bugs for Cisco IOS XE Gibraltar 16.11.1a

Caveat ID Number



DataPlane (DP) crash observed in MMOH call flow


Show call media Forking match failed.


AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa


Call is not getting connected in Forking Re-INVITE scenario


GCP: Day0 config has a failure on "ip domain-name "