Home > Articles > CSR with OpenStack

CSR with OpenStack


  1. Introduction
  2. Examples

Article Description

Are you looking at virtualization to solve your horizontal scaling challenge and reduce capital expenditure? Arvind Durai explores OpenStack, the free and open-source cloud computing platform written in Python.

Like this article? We recommend

Virtual Routing in the Cloud

Virtual Routing in the Cloud

$47.99 (Save 20%)

CSR1000V and OpenStack

The CSR 1000V being a software router running IOS XE can find its way into several useful deployments with OpenStack. Let us explore a few here.

CSR as a neutron router

Within OpenStack, the project that takes care of networking is called 'Neutron'. Its predecessor, nova-network was a part of OpenStack's main compute project 'Nova'. Neutron was created as a separate project to bolster the networking capability of OpenStack. Neutron provides 'networking as a service' to other projects within OpenStack. Neutron ties together the different networks within OpenStack and used as a gateway to access the public network for all tenant networks.

CSR 1000V brings with it feature richness to OpenStack. The role of the neutron router within OpenStack is to network the virtual machines and make them accessible based on the user requirement. CSR 1000V can be used to deliver Neutron's L3 routing service API. When working within OpenStack, CSR 1000V will be managed by Nova. The entire life cycle of the CSR virtual machine is managed by a layer 3 services plugin using Nova. This service plugin will configure the CSR virtual machine to make sure the Neutron service is available through API using this service VM.

The CSR's functionality being a super set of what the Neutron actually requires, CSR will 'host' this Neutron functionality within itself. The CSR will be owned by a special admin tenant and the OpenStack tenants do not have visibility to this. Tenants use the Neutron functionality exactly the way they do without a CSR. Internally, within the realm of this 'special admin tenant', the CSR will host the Neutron functionality using 2 interfaces and offers a rich enterprise feature set to OpenStack tenants. One will be a management virtual interface that is used to connect to the management network within OpenStack. The other is the tenant traffic virtual interfaces that will trunk the internal tenant networks and the external Neutron network.

CSR as a tenant router

You can bring up a CSR as a tenant VM and network your tenant within OpenStack. The CSR will be spawned inside of OpenStack like any tenant virtual machine. This way you can use the feature that come with the CSR for the Virtual machines attached to the CSR on the same network. Based on your requirement, the CSR is used inside of the tenant network. Following are some examples.

a CSR is spawned as a tenant VM in each of the internal networks-1 and 2

In the picture above, a CSR is spawned as a tenant VM in each of the internal networks-1 and 2. In each network, the CSR is being used as a firewall or VPN head-end. VM-A and VM-B use the CSR-Net-1 and CSR-Net-2 respectively. This model gives you tremendous control on the firewall and VPN policies you wish to impose on your networks.

two CSRs are spawned as tenant VMs on internal network-1

In the picture above, two CSRs are spawned as tenant VMs on internal network-1. Each CSR is used as a gateway from private network A and private network B. In this case internal network 1 is segregated into two tenant networks using CSRs.


Most enterprises and service providers are looking at virtualization to solve their horizontal scaling challenge and to reduce capital expenditure. OpenStack provides network operators a platform to automate their cloud infrastructure and provide a low cost method to scale horizontally. OpenStack provides the framework for automating network function elements, while CSR 1000V running Cisco's enterprise hardened IOS XE, brings a rich network functionality feature set. OpenStack with the CSR 1000V is a winner!

There are currently no related articles. Please check back later.