Using the Cisco 1000v CSR with Libvirt and KVM

This blog post is going to cover installing and booting the Cisco 1000v Cloud Services Router with KVM on Ubuntu Trusty 14.04.

It’s important to note that I haven’t touched a Cisco device in over a decade. At least until the blog post that is. I’ve been an open source based systems administrator for all of my career, and now I would like to learn a bit more about networking, which is considerably more closed source than I am used to. Thankfully, however, Cisco offers a free download of their cloud router.

Getting the Cisco 1000v CSR images and ISOs

First, if you don’t have an account with Cisco, then create one and login.

To find the download page, this link might work. If if doesn’t work:

CSR Index page
Right menu, “Download Software for this Product”
Right panel, “Cisco Cloud Services outer 1000V”
Select “IOS XE Software”
Pick your download, ISO, OVA, qcow2, etc.

In this post I’m going to work from the ISO.

Install from ISO into qcow2 image

Using the ISO process, we boot the ISO using KVM, which will automatically install the router software onto the disk image specified. Once that’s done you can boot the qcow2 image like any regular virtual machine.

I’ve downloaded the ISO file.

# ls *.iso
csr1000v-universalk9.03.12.00.S.154-2.S-std.iso

Next, create a backing image to install the software onto. It has to be at least 8 gigs.

# qemu-img create -f qcow2 csr.img 8G
Formatting 'csr.img', fmt=qcow2 size=8589934592 encryption=off cluster_size=65536 lazy_refcounts=off

Now we can boot the ISO with KVM and set the backing image on which the ISO will install the 1000v router. Note that you need to hit a key pretty quickly to get to the GRUB boot menu.

# kvm -boot d csr.img -enable-kvm -m 4096M -cpu Nehalem -smp 4,sockets=4,cores=1,threads=1 -cdrom csr1000v-universalk9.03.12.00.S.154-2.S-std.iso -nographic

After hitting the “any” key, you should see the below. Select “Serial Console” and hit enter.

   GNU GRUB  version 0.97  (639K lower / 3144696K upper memory)

 +-------------------------------------------------------------------------+
 | CSR 1000V Virtual Console -- Wed-26-Mar-14-15:35                        |  
 | CSR 1000V Serial Console -- Wed-26-Mar-14-15:35                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |
 |                                                                         |  
 +-------------------------------------------------------------------------+
      Use the ^ and v keys to select which entry is highlighted.
      Press enter to boot the selected OS, or 'c' for a command-line.

At this point the ISO should install the 1000v CSR router into the csr.img qcow2 file, and some text should fly by, such as the below. It should only take a minute or two to install the CSR onto the hd image.

Booting 'CSR 1000V Serial Console -- Wed-26-Mar-14-15:35'

root (cd)
 Filesystem type is iso9660, using whole disk
kernel /boot/csr1000v-universalk9.03.12.00.S.154-2.S-std.SPA.bin rw root=/dev/r
am quiet console= max_loop=64 HARDWARE=virtual SR_BOOT=cdrom:csr1000v-universal
k9.03.12.00.S.154-2.S-std.iso
package header rev 1 structure detected
Calculating SHA-1 hash...done
SHA-1 hash:
        calculated   f51efee9:bfc569d7:9a732dee:4af42ccc:7003719d
        expected     f51efee9:bfc569d7:9a732dee:4af42ccc:7003719d
Package type:0x7530, flags:0x0
   [Linux-bzImage, setup=0x2e00, size=0x11706720]
   [isord @ 0x6fe6c000, 0x10183000 bytes]
SNIP!
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Installing GRUB
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Copying super package csr1000v-universalk9.03.12.00.S.154-2.S-std.SPA.bin
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Expanding super package on /bootflash
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Creating /boot/grub/menu.lst
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): CD-ROM Installation finished
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Ejecting CD-ROM tray
%IOSXEBOOT-4-BOOT_CDROM: (rp/0): Rebooting from HD
SNIP!
Press any key to continue.
Press any key to continue.
Press any key to continue.

Again you have to be quick on hitting a key when the “Press any key to continue” message comes up. (Must be a better way to do this.) The vm is now booting off of the hd image instead of the ISO image.

Select virtual console once more and the router should boot up and ask if we want to configure from a dialog.

SNIP!
cisco CSR1000V (VXE) processor with 2170596K/6147K bytes of memory.
Processor board ID 9W17YZL34P2
1 Gigabit Ethernet interface
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.


         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

I enter no, though you may want to enter yes. The router continues booting, eventually stops and we can just hit enter to get the “Router>” prompt.

SNIP!
*Jul 15 01:40:39.304: %VMAN-5-PACKAGE_SIGNING_LEVEL_ON_INSTALL: F0: vman:  Package 'csrmgmt.1_3_1.20140213_121708.ova
Building configuration...
' for service container 'csr_mgmt' is 'Cisco signed', signing level cached on original install is 'Cisco signed'
*Jul 15 01:40:39.745: Not MO, application name is csr_mgmt
*Jul 15 01:40:39.745: %VIRT_SERVICE-5-INSTALL_STATE: Successfully installed virtual service csr_mgmt
*Jul 15 01:40:39.748: IOS-FIREWALL-POLICY-SHIM-REGISTER[OK]
*Jul 15 01:40:42.273: %CONFIG_CSRLXC-5-CONFIG_DONE: Configuration was applied and saved to NVRAM. See bootflash:/csrlxc-cfg.log for more details.
# hit enter!
Router> #here we are at the router prompt!

Now we have a full fledged Cisco router!

At this point I usually kill the KVM process from another terminal, and the installation is complete. (Killing from another terminal is a little awkward, so let me know if you find a better way, which probably involves not using “-serial stdio”, but I like that it just streams in the terminal. Lots of ways to do this.)

Using the image file

Now that the ISO has finished installing the software, we have an image file to work with.

# du -hs csr.img
1.6G	csr.img
# file csr.img
csr.img: QEMU QCOW Image (unknown version)

Copy that image to /var/lib/libvirt/images.

# cp csr.img /var/lib/libvirt/images/

In /var/lib/libvirt/images, create a qcow2 snapshot.

# qemu-img create -f qcow2 -b csr.img csr-01.img
Formatting 'csr-01.img', fmt=qcow2 size=8589934592 backing_file='csr.img' encryption=off cluster_size=65536 lazy_refcounts=off

Now we can use that image with libvirt.

Libvirt XML file

Create an XML file like the below, ensuring to replace the image file location if necessary. I believe the CSR requires 4GB of memory and 4 VCPUS.

Note that if you want the CSR to have more than one interface, you’ll have to add it to the XML file, and perhaps add networks to libvirt.

# cat csr-01.xml 

  csr-01/name>
  4194304
  4194304
  4
  
    hvm
    
  
  
    Nehalem
  
  
    
    
    
  
  
  destroy
  restart
  restart
  
    /usr/bin/kvm
    
      
      
      
    
    
    
  
     
            
  
    
      
    
    
      
    
    
    
    
    
    
    
    
    
  
</domain>
</code>
</pre>

Define the vm and start it.

# virsh define csr-01.xml
Domain csr-01 defined from csr-01.xml

# virsh start csr-01
Domain csr-01 started



You can use "virsh console csr-01" to access the console. To exit (at least when using OSX's terminal) hit "CTRL-5."

# virsh console csr-01
  Booting 'CSR1000v - packages.conf'

root (hd0,0)
 Filesystem type is ext2fs, partition type 0x83
kernel /packages.conf rw quiet root=/dev/ram console= max_loop=64 HARDWARE=virt
ual SR_BOOT=bootflash:packages.conf
Calculating SHA-1 hash...done
SHA-1 hash:
        calculated   514e2831:94ee1441:2404193c:f37dac1e:4c196e19
        expected     514e2831:94ee1441:2404193c:f37dac1e:4c196e19
package header rev 1 structure detected
Calculating SHA-1 hash...done
SHA-1 hash:
        calculated   134e1e2e:319d85c6:34a4d2b3:965dcb75:dc20afef
        expected     134e1e2e:319d85c6:34a4d2b3:965dcb75:dc20afef
Package type:0x7531, flags:0x0
   [Linux-bzImage, setup=0x2e00, size=0xd1c0720]
   [isord @ 0x743b2000, 0xbc3d000 bytes]
   SNIP!



Check the interfaces and show version.

SNIP!
*Jul 15 02:46:04.712: %CONFIG_CSRLXC-5-CONFIG_DONE: Configuration was applied and saved to NVRAM. See bootflash:/csrlxc-cfg.log for more details.
Router>enable
Router#show int desc
Interface                      Status         Protocol Description
Gi1                            admin down     down     
Gi2                            admin down     down     
Gi3                            admin down     down     
Router#show version
Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 26-Mar-14 21:09 by mcpre
SNIP!



Again, you can hit "CTRL-5" to exit "virsh console."

## Conclusion

Now that we have a base image and a working libvirt XML file, we can create all kinds of interesting network configurations and learn how to use a Cisco router without actually having any Cisco hardware. Nothing is stopping you from booting several CSR virtual machines and configuring them to work together.