Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6698
Views
0
Helpful
5
Replies

csr1000v some questions: licence and throughput

Go to solution
Ignacio Freyre
Level 1
Level 1

‎08-14-2015 09:48 AM - edited ‎03-12-2019 07:20 AM

hi fellow networkers, i'm looking at setting up an amazon cloud service. there will be a csr1000v that needs to support 500 vpn ipsec tunnels and a throughput of 100mbps. so i got some questions regarding the csr1000v.

1.what amazon instance do i need to get to support 500 tunnels and 100 mbps? i would like to keep the expenses as low as possible.

m3.medium
m3.large
m3.xlarge
c3.large
c3.xlarge
c3.2xlarge
 

2.what happens if i get the 100mbps license and i hit 100mbps, traffic starts dropping as in rate-limit?

3. how is traffic accounted? if 100 mbps goes through outside to inside interface, that counts as 100mbps or 200mbps?

4.and the other question is what happens if i license a csr1000v instance and decide that aws amazon is not what i want and decide to go with an ESX based instalation, how would i tranfer the licence to the other instance.

sorry if some questions look obvious to some but i really need to get everything straight no doubts.

thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
James Schultz
Level 1
Level 1

‎08-14-2015 10:22 AM

Hi Ignacio,

 

1. To ensure you can reach 100Mbps I would recommend avoiding m3.medium and sticking with either m3.large or c3.large.  The "c" instances use a more modern networking stack and have substantially better performance for only a little bit higher hourly fee to AWS vs. the "m" instances.  To take advantage of the newer c3 networking stack, you need to make sure you deploy the "maximum performance" versions of our listings you'll find in the marketplace.

2. Yes when your actual throughput reaches the licensed throughput, the CSR will begin shaping traffic by dropping packets.

3. Traffic is accounted for by adding together the throughput of all flows "through" the CSR.  So if you have 100Mbps flowing from outside AWS through a CSR into your VPC then that would equal 100Mbps.  If you added 20Mbps of return traffic leaving your VPC through the CSR, then the total would be 120Mbps.

4. There are two ways to license the CSR on AWS.  In our marketplace listings you will see some listings marked as BYOL (Bring Your Own License).  For these you would buy a license from your Cisco account team and then install it on the CSR once it is deployed.  The licenses are node-locked, so if you decided to abandon using AWS, you could call Cisco Licensing to have the license re-homed to a new CSR running somewhere else.

The second option is to use our listings that are not marked as BYOL, namely the Security or AX Technology Packages.  These do not require the purchase of a license, since they have a license built-in and you just pay a higher hourly fee to be able to use these.  In this case if you decide to abandon AWS, you would just no longer be charged the hourly fee and you wouldn't have any unused licenses to worry about.

 

Hopefully this helps clear up any confusion, and please let me know if you have any additional questions.

-James Schultz

CSR 1000V Product Manager

View solution in original post

0 Helpful
5 Replies 5

Go to solution
James Schultz
Level 1
Level 1

‎08-14-2015 10:22 AM

Hi Ignacio,

 

1. To ensure you can reach 100Mbps I would recommend avoiding m3.medium and sticking with either m3.large or c3.large.  The "c" instances use a more modern networking stack and have substantially better performance for only a little bit higher hourly fee to AWS vs. the "m" instances.  To take advantage of the newer c3 networking stack, you need to make sure you deploy the "maximum performance" versions of our listings you'll find in the marketplace.

2. Yes when your actual throughput reaches the licensed throughput, the CSR will begin shaping traffic by dropping packets.

3. Traffic is accounted for by adding together the throughput of all flows "through" the CSR.  So if you have 100Mbps flowing from outside AWS through a CSR into your VPC then that would equal 100Mbps.  If you added 20Mbps of return traffic leaving your VPC through the CSR, then the total would be 120Mbps.

4. There are two ways to license the CSR on AWS.  In our marketplace listings you will see some listings marked as BYOL (Bring Your Own License).  For these you would buy a license from your Cisco account team and then install it on the CSR once it is deployed.  The licenses are node-locked, so if you decided to abandon using AWS, you could call Cisco Licensing to have the license re-homed to a new CSR running somewhere else.

The second option is to use our listings that are not marked as BYOL, namely the Security or AX Technology Packages.  These do not require the purchase of a license, since they have a license built-in and you just pay a higher hourly fee to be able to use these.  In this case if you decide to abandon AWS, you would just no longer be charged the hourly fee and you wouldn't have any unused licenses to worry about.

 

Hopefully this helps clear up any confusion, and please let me know if you have any additional questions.

-James Schultz

CSR 1000V Product Manager

0 Helpful

Go to solution
Ignacio Freyre
Level 1
Level 1
In response to James Schultz

‎08-14-2015 10:57 AM

great that is exactly what i wanted to know, another question, if i set up a m3.medium and happens to come short on capacity, can i upgrade to m3.large without downtime or without losing config at least?

also, do public ip addresses assigned to instances change over time? because that would be disastrous for me.

thanks!

0 Helpful

Go to solution
Trent Labrum
Level 1
Level 1
In response to James Schultz

‎08-30-2015 10:09 PM

James,

Which instance type and size should be used for a CSR 1000V BYOL 1 Gbps with the AX license? Is m3.large sufficient? Or is it best to use a c3? If so, which c3 size should we use?

Thanks

0 Helpful

Go to solution
msnussupportteam1
Level 1
Level 1
In response to James Schultz

‎11-14-2017 04:53 AM

Hi,

 

Does this apply to Azure as well?

 

Thanks

Sergiu Plotnicu

0 Helpful

Go to solution
Ignacio Freyre
Level 1
Level 1

‎08-19-2015 12:07 PM

hi James, talked to my sales guy, he sends me this link which states that the csr1000v only supports 400 vpn tunnels max for 'Bring Your Own License' (all of the vpn supporting licences)

http://www.cisco.com/c/en/us/td/docs/routers/csr1000/release/notes/csr1000v_3Srn.html

But on amazon, the instance that doesn't need the licence and is charged as software hourly says it supports up to 1000 vpn tunnels.

https://aws.amazon.com/marketplace/pp/B00EV8VXG2/ref=srh_res_product_title?ie=UTF8&sr=0-2&qid=1440007493470

 

So question, is there a license that i can buy from cisco that allows me to use +500 vpn tunnels on a cisco CSR1000v?

thanks

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents