Warning: Cisco software usage cost will be incurred, as well as EC2 usage, although the latter is only a tiny portion comparing to Cisco software price. Make sure to terminate the instance after testing to avoid unexpected bill.
Running a cloud router
Don't want to bother with hardware procurement and maintenance? There are plenty of cloud solutions nowadays.
Today let's dive in the steps to run a Cisco router on AWS.
Cisco Cloud Services Router (CSR) 1000V is an Enterprise-class VPN solution in AWS for many years.
Below graph shows that CSR 1000V typically requires two network interfaces, one facing public subnet, the other one facing private subnet.
We will associate an Elastic IP with the public-facing network interface, which will be the endpoint for peer.
The private-facing network interface will receive traffic routed by other internal servers, then the traffic will be encrypted in the Cisco router and routed out to the peer's VPN gateway.
Prerequisites
First, let's have a look at the prerequisites.
We need to have a VPC and two subnet. If you are starting from zero, then it's time to create those and come back for the next steps.
Steps to add a CSR instance
go to AWS marketplace and search for "Cisco CSR 1000V"
On the CSR 1000V product page, click the 'Continue' button.
Complete the deployment of a CSR 1000V AMI: Select the correct version and region, and click the 'Continue to launch through EC2' button.
The Launch Instances Wizard will open. Select the desired instance type: by default a bigger instance is selected, for testing purpose, we choose the smallest instance available, which is t2.medium at the moment.
Select an existing key pair to use for authentication, or create a new key pair. If you create a key pair, make sure to download and save the private key.
Select VPC environment in the 'Network' pull-down menu.
Select an IP subnet for the first CSR 1000V network interface in the 'Subnet' pull-down menu.
Select an Security group.
Add any additional network interfaces, and select the appropriate subnet for each to connect to.
Click 'Review and Launch', if the information is correct, click 'Launch'.
From the AWS Console, wait for your instance to indicate a state of 'running'. It may take a few moments after that point, before you can connect to your CSR 1000V instance. Connect to your instance using an SSH client, and the private SSH key selected or created earlier in these steps. Example: ssh -i mykeypair.pem ec2-user@myhostname.compute-1.amazonaws.com
Allocate an Elastic IP and associate it with the first (default) network interface of the CSR 1000V.
Once SSH has connected, you should be at the IOS XE command prompt on the CSR 1000V. Now we can configure this instance.
Configure CSR instance
By default, the "show running-config" displays interfaces like below:
interface GigabitEthernet1
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
Note that we will not see the EIP(Elastic IP) we associated to the first interface(interface GigabitEthernet1), nor will we see the local IP 192.168.1.100. This is something we need to keep in mind, although the configuration does not show those IPs, they still exists.
We can see local IP 192.168.1.100 when using command to display the details of the first interface.
ip-192-168-1-100#show interfaces gigabitEthernet 1
GigabitEthernet1 is up, line protocol is up
Hardware is CSR vNIC, address is 02c5.fde2.baec (bia 02c5.fde2.baec)
Internet address is 192.168.1.100/24
As for the 2nd interface (interface GigabitEthernet2), no IP is configured and interface is down.
Let's configure IP for GigabitEthernet2
ip-192-168-1-100#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ip-192-168-1-100(config)#interface gigabitEthernet 2
ip-192-168-1-100(config-if)#ip address 192.168.0.100 255.255.255.0
ip-192-168-1-100(config-if)#ip nat inside
ip-192-168-1-100(config-if)#no shutdown
ip-192-168-1-100(config-if)#end
Then we check again the status of GigabitEthernet2 :
ip-192-168-1-100#sho run interface GigabitEthernet2
ip address 192.168.0.100 255.255.255.0
ip nat inside
negotiation auto
We can also test the connection from Cisco router to private host
ip-192-168-1-100#ping 192.168.0.88
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.88, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
Voila! We have a running Cisco router on the cloud.
Cost Saving
Always purchase a yearly software contract if it's available.
With contract, the yearly cost is $2,285.73.
Without contract, the price is $0.64 Software/hour + $0.046 EC2/hour, which makes $5,928 per year (2.5 times of the price with contract!)
Below is a screenshot of what the interface may looks like.
Caveat
According to a Cisco Community post and an End-of-Sale and End-of-Life announcement on the Cisco website, Cisco will no longer offer the "Cisco Cloud Services Router (CSR) 1000V" product line. The End-of-Sale date was December 16, 2022, and the End-of-Life date is December 16, 2025. This means that the product is no longer for sale and will not be supported beyond the End-of-Life date. Customers who have already purchased the product will continue to receive support until the End-of-Life date, and Cisco may offer replacement or alternative products.
From AWS market place, the latest version is 17.03.08a and they still offer yearly software contract, which will cost $2k+ for one year. However, in the future, AWS may stop offering yearly contract and only offer hourly charging model. This all depends on Cisco's decision.
Cisco is advocating for the next generation Catalyst 8000V to replace CSR 1000V. Yes, maybe the new one is more powerful and all better and shining, but the cost will be $8K+ yearly even with yearly contract!
Does it worth it? This is not a light decision to make.
References
https://aws.amazon.com/marketplace/pp/prodview-4mrybq6krrw3g#pdp-usage
Top comments (0)