cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4804
Views
0
Helpful
6
Replies

CSR1000v MS Azure

andyirving
Level 1
Level 1

I have now successfully deployed the CSR within Azure and established an IKEv2 IPsec VPN back to my ASA.  All good, one issue I have is the deployment mode that Azure uses with the CSR, it only has one interface so is a router on a stick type deployment.

Whilst this works it is different from the approach I have used for other public cloud providers (VMWare based), I would like to standardize using a traditional "inside" and "outside" interface configuration but cannot find any way of doing this on Azure.  I have a feeling this will involve using Powershell.

Has anyone any experience of deploying CSR 1000v on Azure, if so did you just use the single network interface approach or is there a way of having 2 or even 3 interfaces as per the standard CSR template.

I have attached a diagram to show the two different approaches.

Many thanks

Andy

6 Replies 6

Hi!

In azure, NIC count is restricted by VM size, here some numbers:

VM Size (Standard Tier)

Maximum NICs

A3, A6, D3, A8, G3, D12
  (4-core VMs except G3-8, A8-8)

2

A4, A7, A9, G4, D4, D13
  (8-core VMs except G4-16, A9-16)

4

G5 (32-core), DS14 (16-core)

8

All other sizes

1

http://www.virtualizationadmin.com/articles-tutorials/cloud-computing/microsoft/vms-multiple-nics-and-virtual-network-appliances-microsoft-azure.html

https://azure.microsoft.com/ru-ru/blog/multiple-vm-nics-and-network-virtual-appliances-in-azure/

 

Also according to Azure docs you can assign NIC count only during VM setup and only via Powershell or Resource group template. And I do not see the way to create multiple nics for CSR.

Thanks guys, it does indeed look like it is down to the virtual machine size selection, I will delete my CSR and select the A3 size to see if that gives you two NICs by default.

I'm surprised there is so little information on deploying the CSR in Azure, plenty on AWS and vCloud.

Thanks for your help I will post my updates once the new VM is deployed.

 

Andy

Andy, we will wait for update, but I think CSR now on early stage so we need to wait some time while it will production ready )

Anyway I will appreciate for your update and experience.

You're correct that the Azure VM size controls how many NICs you're allowed to create.  You're also correct that their Web Portal is incapable of many "network centric" sorts of activities, so you must use Powershell or ARM Templates.  As I mentioned in another post, we're still actively working with the Azure team at Microsoft to iron out exactly what those commands and templates should look like.

 

In the long term I'm hoping Azure will add the following to the Web Portal, which would allow CSR deployment to take place without relying on those complicated tools:

  • Add/remove NICs from virtual machines that have already been provisioned
  • Enable/disable IP Forwarding flag in Azure (this is an anti-spoofing feature that needs to be disabled if you want Azure to allow traffic "through" the CSR instead of just to/from it.)
  • Create/change/show user defined routes for Azure subnets (each subnet needs a route configured to set the next hop as the CSR)

Thanks!

James

I too have successfully deployed the CSR1000v in Azure but noticed the issue with the single interface. As of right now there looks to be no way to deploy CSR1000v via power shell (no image available) which thus restricts the creation of multiple NICs. Any idea when this would be supported?

Andy, I believe this question was answered by James Schultz here