Cisco CSR 1000v Series Cloud Services Routers Overview


Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.

Virtual Router

The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.

When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.

Secure Connectivity

CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.

System Requirements

Software Images and Licenses

The following sections describe the licensing and software images for CSR 1000V.

Cisco CSR 1000v Evaluation Licenses

Evaluation license availability depends on the software version:

The following evaluation licenses are available:

  • IPBASE technology package license with 10 Gbps maximum throughput

  • SEC technology package license with 5 Gbps maximum throughput

  • APPX technology package license with 5 Gbps maximum throughput

  • AX technology package license with 2.5 Gbps maximum throughput

If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.

For instructions on obtaining and installing evaluation licenses, see the “Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later” section of the Cisco CSR 1000v Software Configuration Guide .

Cisco CSR 1000v Software Licenses

Cisco CSR 1000v software licenses are divided into feature set licenses. The supported feature licenses depend on the release.

Current License Types

The following are the license types that are supported (Cisco IOS XE Everest 16.4.1 or later):

  • IPBase: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)

  • Security: IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)

  • AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)

  • APPX Package: IPBase package + Advanced Networking features - Security features (IP security features not supported)

Legacy License Types

The three legacy technology packages - Standard, Advanced, and Premium - were replaced in the Cisco IOS XE Release 3.13 with the IPBase, Security, and AX technology packages.

Features Supported by License Packages

For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.


The Cisco CSR 1000v router provides both perpetual licenses and term subscription licenses that support the feature set packages for the following maximum throughput levels:

  • 10 Mbps

  • 50 Mbps

  • 100 Mbps

  • 250 Mbps

  • 500 Mbps

  • 1 Gbps

  • 2.5 Gbps

  • 5 Gbps

  • 10 Gbps

The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.

Memory Upgrade

A memory upgrade license is available to add memory to the Cisco CSR 1000v router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.

Additional Information about Licenses and Activation

For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.

Software Image Nomenclature for OVA, ISO, and QCOW2 Installation Files

The Cisco CSR 1000v installation file nomenclature indicates properties supported by the router in a given release.

For example, these are filename examples for the Cisco IOS XE Everest 16.4.1 release:

  • csr1000v-universalk9.16.04.01.ova

  • csr1000v-universalk9.16.04.01.iso

  • csr1000v-universalk9.16.04.01.qcow2

The filename attributes are listed below, along with the release properties.

Table 1. OVA Installation Filename Attributes

Filename Attribute



Installed image package.


Indicates that the software image is for the Cisco IOS XE 3.9.0aS release image (mapped to the Cisco IOS 15.3(2) release).

std or ext

Standard release or extended maintenance support release.

New and Enhanced Software Features for Cisco IOS XE Gibraltar 16.12.x

New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.1a

The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.12.1a release:
  • Support for L2 Extension for Public Cloud: From this release, you can enable enterprise and cloud providers to deploy a secure hybrid cloud extension with CSR 1000V instances using LISP. Use the command-line interface to extend a Layer 2 domain to the public cloud using one subnet from the enterprise data center. You can achieve benefits such as IP mobility and workload migration by configuring L2 extension for public cloud.

  • Using custom data for Day 0 configuration: When you deploy a Cisco CSR 1000v VM instance on Google Cloud Platform, you can choose to either use the console to access the startup script, or use the CLI to access the custom data to achieve a variety of automation goals. The custom data in GCP allows you to run Cisco IOS XE configuration commands, install Python packages in guestshell on Day0, run scripts in guestshell on Day0, and provide licensing information to boot the CSR 1000v instance with a desired technology package.

  • Support for IPv6 for CSR 1000v instance running on AWS: From the 16.12.1 release, IPv6 addressing is supported for CSR 1000v instances running on Amazon Web Services. Implementing basic IPv6 connectivity in the Cisco software consists of assigning IPv6 addresses to individual device interfaces. You can also enable IPv6 traffic forwarding globally, and Cisco Express Forwarding switching for IPv6. You can enhance basic connectivity functionality by configuring support for AAAA record types in the Domain Name System (DNS) name-to-address and address-to-name lookup processes, and by managing IPv6 neighbor discovery.

  • IPv6 support for Encrypted Traffic Analytics: Encrypted Traffic Analytics (ETA) uses passive monitoring, extraction of relevant data elements, and supervised machine learning with cloud-based global visibility. ETA is now extended to IPv6 addresses to identify malware communications in encrypted traffic.

  • VNF Secure Boot: The secure boot feature prevents malicious software applications and unauthorized operating systems from loading into the system during the system start up process. This feature ensures that the software applications that boot up on the device are certified by Cisco. A secure compute system ensures that the intended software on the system runs without malware or tampered software.

  • Unclassified-mac initiator with IANA: The Unclassified Mac Initiator with IANA feature supports ISG IPv6 sessions based on the unclassified mac address of the subscriber. If subscriber uses DHCPv6 for getting IPv6 addresses, ISG supports creation of subscriber sessions based on DHCPv6 packets with the IANA option.

  • Show commands updates for SRTP Rollover Counter (ROC): The output of the following commands is enhanced to display SRTP ROC information: show voip fpi calls, show voip fpi stats, show voip rtp connections.

  • PFS for GIKEv2: If a Group Member (GM) is compromised, an attacker may access saved long-term keys and messages. Use Perfect Forward Secrecy (PFS) for GETVPN so that the attacker cannot use the keys and messages to obtain the keys of past or future sessions to decrypt recorded or future communication.

  • Support for SVTI multi-SA: You can define and associate an Access Control List (ACL) with an SVTI to select traffic between specific source and destination proxies. By associating the ACL, you are modifying the default configuration that uses a single any-any traffic selector and for every non-any-any traffic selector, IPSec SAs are created so that multiple SAs can be attached to an SVTI.

  • Support for Federal Information Processing Standards: FIPS are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.

    With the FIPS software, you can prevent use of non-FIPS compatible algorithms, this ensures that the device is configured to use only FIPS-approved algorithms. Some functionality in the computer systems may fail in the FIPS mode if the FIPS software attempts to use non-FIPS compliant algorithms.

  • Web User Interface to Manage Cisco 1000 Series Integrated Services Routers: Starting Cisco IOS XE Gibraltar 16.12.1a release and later, Web UI lets you configure Cisco Unified Communications Manager Express (CUCM-E), File manager, Trustsec and Trustsec with statistics on the Cisco 1000 Series Integrated Services Routers. To learn more, refer to the WebUI Online Help.


When you upgrade from one Cisco IOS XE release to another, you may see a %Invalid IPV6 address error in the console log file. To rectify this error, enter the global configuration mode, re-enter the missing IPv6 alias commands, and save the configuration. The commands are persistent on subsequent reloads.

New and Enhanced Features for Cisco IOS XE Gibraltar 16.12.2

The following are the new software features that are supported on the Cisco CSR 1000v for Cisco IOS XE Gibraltar 16.12.2 release:
  • Support for Media Flow-around using Multi-VRF: Support for Media flow-around using Multi-VRF is added following call flows in standalone and high availability scenarios:

    • Basic Audio Call

    • Call Hold and Resume

    • Re-INVITE based Call Transfer

    • 302 based Call Forward

    • Fax Pass Through Calls

    • T.38 Fax Calls

Enhancements to Cisco IOS XE Gibraltar 16.12.4a

Starting from the Cisco IOS XE 16.12.1a release, Azure Advanced Networking deployments no longer require a release-specific Azure AN BIN file image. In accordance, starting from the Cisco IOS XE 16.12.4a release, the Azure AN BIN image file is no longer available for download. Instead, for Azure Advanced Networking, use the CRYPTO BIN file (for example, csr1000v-universal9.16.12.04a.SPA.bin).

Resolved and Open Bugs for Cisco IOS XE Gibraltar 16.12.x

Using the Cisco Bug Search Tool

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all the bugs specific to a product and a release.

You can filter the search results by the last modified date, bug status (open or resolved), severity, rating, and support cases.

Open Bugs for Cisco IOS XE Gibraltar 16.12.1a

Caveat ID Number



Azure: CSR with Custom data throws % (CVAC) Command failed: PRC_INVALID, PRC_FAILURE_PERMANENT


1 NIC deployment in Azure: not able to SSH into the box

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.1a

Caveat Number ID



CSR1kv Factory Reset - Retaining eval timers


AWS: UDI serial changes when CSR 1000v instance type is changed from c4 to c5 or vice versa


The management IP address is not properly configured with CSR1K VNF


Support MBRv2 partition scheme and Grub2 install in all clouds


CSR1000v IC2M Self Integrity Test Bypassed


CSR1kv router crash due to file descriptor leak


CSR1000v - i40evf interface shows Up but does not pass traffic


CSR1000v No User Settable MTU

Open Bugs for Cisco IOS XE Gibraltar 16.12.2

Caveat ID Number



CSR1000v Azure HAv3 route table update fails with non-IP address next hop entries

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2

Caveat ID Number



unable to modify interface speed for CSRv cEdge


ISRv GE intefaces show ingress traffic even in admin shut down state


CUBE must preserve ROC values after master key is re-keyed


Issue with installing CSR 1KV MEMORY 4G license with SLR


CSR+SDWAN on AWS will install default route in startup config which conflicts with some topologies


Throughput defaulted when UDI is corrupted

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.2s

Caveat ID Number



MAP-E: Remove embedded customer specific data from the image

Open Bugs for Cisco IOS XE Gibraltar 16.12.3

Caveat ID Number



Flash devices not mounted on 16.10 or later CSR1000v


In Cisco IOS XE Release 16.12.3, the semantic version number for the YANG models is not updated and is therefore not accurate. However, this limitation does not impact the functionality of the YANG models.

Open Bugs for Cisco IOS XE Gibraltar 16.12.4

Caveat ID Number



Flash devices not mounted on 16.10 or later CSR1000v


CSR1000v may unexpectedly reload (or hang) due to keepalive failures

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.4

Caveat ID Number



Fix for kernel driver issue causing wake up for empty block, packet too large to process


CSR controller mode interface total drops counter wrong behaviour


CSR Gig3 Interface not created even after ENI is attached to VM instance in AWS


CSR cannot create Azure VHD images


Custom Data: bash/python scripts in Scripts section does not execute


CSR: Azure AN: MLX5 driver fails to load in 16.12.2 & 16.12.3

Open Bugs for Cisco IOS XE Gibraltar 16.12.5

Caveat ID Number



Flash devices not mounted on 16.10 or later CSR1000v


STUN protocol operability with multi-VRF on CSR1000v CUBE


CSR1000v crashing frequently with Critical software exception error.


GuestShell Gets removed during the IOS upgrade

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.5

Caveat ID Number



Failed to apply custom data to CSR in AWS/Azure


16.12.3: Curl failures observed while doing FTP for 10MB file


Device may crash due to racing in configuration for route-map attachment and set action


IOSd crash due to Segfault in Crypto IKEv2 in ikev2_free_id


evpn ipv6 route-type 5 mistake to use vrf ipv4 route-target.


excess ftmd memory consumption :CSR1000v rebooted with reason 'CPU Usage due to Memory Pressure'


Rapid BFD events on CSR running HA solution causes CSR to get stuck in a non-operational state


Platform lost all configuration after upgrade from 16.12 to 17.3


GRUB2 Arbitrary Code Execution Vulnerability


16.12.4 ucmk9 cedge not able to join overlay with 19.2.3 and 20.3


ONEP fails to process a REST API request due to "Too many active vty processes,. ONEP_FAIL" error


Throughput license grace period starts counting down after upgrade router software

Open Bugs for Cisco IOS XE Gibraltar 16.12.6

Caveat ID Number



Evaluation of csrc-bpr for Apache Tomcat Ghostcat vulnerability


BFD sessions go down on Service VPN after UTD is enabled on cEdge


CSR1000v: Delay in DMVPN tunnel line protocol going down


Route-map corruption when configured using Netconf with ncclient manager


With crl schedule download, stuck Failed to send the request. There is another request in progress

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.6

Caveat ID Number



ZBFW HA redundancy stuck in STANDBY-COLK-BULK. Bulksync Traceback seen in logs


STUN protocol operability with multi-VRF on CSR1000v CUBE


GuestShell Gets removed during the IOS upgrade


Corruption of memory in the SIP History Headers


NAT ALG breaks(Drops) ICMP control messages (ICMP Fragmentation Needed) for PMTUD


CSR1000v Multicast Over OTV Not Forwarding

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.7

Caveat ID Number


CSCvz57415 is installed into CEF as unusable on a PETR after EID-Prefix is removed.


Cannot force the switch to ask for option 12 to be assigened from the DHCP server


Static NAT entry is injecting a route to Null0


CSR: Missing iid_certs for AWS invite-only regions


Prefetch CRL Download Fails

Resolved Bugs for Cisco IOS XE Gibraltar 16.12.8

Caveat ID Number



Open SSH vulnerability for IOS-XE platforms.


Standby device crashed due to SISF BT MAC MOV.


Device reload due to SFF8472.


Virtual VRRP IP address unreachable from the BACKUP VRRP.


INTSCHED: 'may_suspend'  disabled -Process= "HSRP IPv4" log generate during boot up.


RSP3:Err reading data from table dmi-general: Could not get boolean val for feature.side_effect_sync.


Device crashes on creating telemetry subscription.


DHCPv6: Memory allocation of DHCPv6 relay option results in crash.


LLDP System Description not correctly seen in ISE.


SIP call fails egress dial-peer uses "session server-group" and "sip options-keepalive".