Showing results for 
Search instead for 
Did you mean: 

Running XRv and CSR1Kv under QEMU/KVM

Cisco Employee

So first off you need to install kvm/qemu 2.0 or better.

then create a separate .vmdk file for each XRv or CSR1Kv instance (as config etc. will be written to the files they need to be read/write and be separate files per virtual router).

A script for running XRv will look something like:

sudo qemu-system-x86_64 -daemonize -display none -enable-kvm -machine accel=kvm -smp cores=2 -m 4096 \

  -hda /home/xrvr/xrvr-images/XRv.vmdk \

  -serial telnet::9101,server,nowait -serial telnet::9102,server,nowait \

  -net nic,model=virtio,vlan=0,macaddr=00:22:00:ff:0A:00 -net tap,vlan=0,script=/etc/qemu-ifup \

  -net nic,model=virtio,vlan=1,macaddr=00:22:00:ff:0A:01 -net socket,vlan=1,listen= \

  -net nic,model=virtio,vlan=4,macaddr=00:22:00:ff:0A:02 -net socket,vlan=2,connect=

Note the following:

1) KVM/QEMU needs to run as sudo

2) you need to be daemonized/no display (as this will run in the background)

3) you need KVM machine accel enabled (or performance will suck royally)

4) for XRv I find dual cores and 4G of RAM works well.  CSR1Kv seems ok with 2G and one core.

5) you need to supply two local telnet ports for console and aux.

6) the first vNIC on XRv will be MgmtEth0/0/CPU0/0.  The others will be GigabitEthernet0/0/0/0, GigabitEthernet0/0/0/1 etc.  On CSR1Kv the NICs are numbered GigabitEthernet1, GigabitEthernet2 and so on.

7) using -net tap creates a bridged interface.  there should already be a qemu-ifup script for br0.  We typically set the host up to bind an address to br0 and then bind br0 to eth0.  Then the management IPs for the XRv nodes can be on the same subnet as the host.

8) listen/connect are for TCP connections between devices.  For those you need to start the "listen" end before the "connect" end.   There's also an option to use multicast but that seems to have issues (e.g. with packets being sent back to the host that sent them).  I generally find it easiest to have a priority order of nodes and to start them in reverse priority (so the first node only listens and the last one only connects).

when you start an XRv node for the first time you need to assign login credentials to it.  You'll also find (once it finishes configuring itself) that the interfaces are all disabled and that there's no other config.  So you need to go into the config, unshut all the interfaces and add an address to the management interface before you can start loading up configs using TFTP etc.

when you start a CSR1Kv node for the first time it has cisco/cisco login credentials, no config, and all interfaces shut.  so again you'll need to add credentials, unshut the interfaces, and add an IP to GigabitEthernet1.   Of course on CSR1Kv you need to "wr mem" to apply any config changes.

Cisco Employee

Hi Giles

Thanks for this.

I can't tell whether you started with the OVA, QCOW2 or ISO files for the devices. Each supports those starting file formats.

See the download pages at the links below. The XRv download "fullk9-R-XRV9000-602-RR.tar", at the first link, has all of the file formats in one file. The CSR1Kv, at the second link, requires you to choose a file format.

In the command above you seems to be using a .VMDK file, but it is not clear where that came from.

Could you help here please?

Many thanks


Cisco Employee

Yeah - I use vmdk:


then create a separate .vmdk file for each XRv or CSR1Kv instance (as config etc. will be written to the files they need to be read/write and be separate files per virtual router).


So typically I'll:

1) grab my .vmdk file (I get the from the build servers inside Cisco - but equally you should be able to grab the QCOW2 from CCO and qemu-img convert it into vmdk).

2) copy my .vmdk multiple times - one copy for each VR I need in my topology.

3) set up scripts like the one above to launch each instance plus a script to call all those scripts in the correct order and one to destroy any running VRs

4) use an expect script to configure each VR (passing the VR's name, management IP and virtual serial port details).  The script does all the basic stuff (unshuts interfaces, sets the management IP, creates crypto keys) and then tftp loads the config from the server.

5) modify the "nodes" file at GitHub - CiscoDevNet/opendaylight-setup: scripts to setup OpenDaylight so it has the correct management IPs and node names in it.

I guess I could probably fix up the github and change the workflow so the "nodes" file is what you start with and then we generate the scripts etc. from that (we can have a convention for generating the serial port numbers). I'd also need a "links" file for all the router interconnects (so we know how many interfaces to create on each router and whether a router should "connect" or "listen".  That should be easy enough to do - but maybe it's starting to stray into VIRL territory (which then begs the question of why not just use VIRL).

Cisco Employee

Thanks Giles.

You say: "We typically set the host up to bind an address to br0 and then bind br0 to eth0."

Could you expand on how you do that please?



Cisco Employee

so first off you need to create your bridge from the CLI:

$ sudo brctl addbr br0

then edit your /etc/network/interfaces to be something like:


auto eth0

iface eth0 inet manual

auto br0

iface br0 inet static




        bridge_ports eth0

        bridge_stp off

        bridge_fd 0

        bridge_maxwait 0


of course you need to figure out how not to cut yourself off at the knees while doing this

Cisco Employee

I wrote this blog for starting a CSR1Kv - Running a CSR1Kv with Ubuntu and Qemu/KVM.


My qemu host is not work. It gives me a message of of IOS image and Port number 525

Cisco Employee

Hi Nazia, you will need to supply a great deal more information if you want anyone to help you. Start with:

- What platform are you running on? Machine and OS type
- What have you done already? Which files have you edited, commands and similar.
- What is the exact message?
- What else have you done to diagnose the problem? For example, have you searched using Google and the message string?



Content for Community-Ad