Sign in
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

Cisco Cloud Services Router (CSR) 1000v - Transit Network VPC - BYOL

Cisco Systems, Inc. | 17.03.06

Linux/Unix, Other Cisco IOS XE - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

2 AWS reviews

External reviews

13 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Joanna B.

Not as advertised.

  • May 18, 2018
  • Review provided by G2

What do you like best?
Security, the price, the idea of it. There is not much more to say. Fortunately for us we did do a trial which did not go well.
What do you dislike?
So many technical issues. All of the products from Cisco that we have deployed have been nothing but a headache.We had to move on to a new product which is still glitchy but works better than the Cisco version.
What problems is the product solving and how is that benefiting you?
It does deploy to the cloud and does offer multiple options for cloud services as well as security
Recommendations to others considering the product:
Absolutely must try first to see if it is a good fit for your needs, and if you can manage.


Good routers, garbage solution

  • May 15, 2018
  • Review verified by AWS Marketplace

The Cisco CSR1000v is a very good router. However, there are many differences between running a virtual router on your own infrastructure vs running a virtual router on Amazon's infrastructure. Amazon and Cisco have attempted to obfuscate these differences and a ton of limitations that go along with them by selling a packaged Transit VPC solution. In my opinion, the solution, in its current form, is garbage. To understand the reasons for my opinion on this, you must understand what's going on under the hood with this solution and its complexities.

First and foremost, the automation that AWS engineers have written to make the Transit VPC automatically add and remove spoke VPCs is a mess. This is because of two reasons. First, AWS does not natively support transitive VPC routing. The name of the solution, 'Transit VPC', is very misleading. Second, the automation interacts with the CSR instances via raw SSH sessions and Cisco IOS-XE CLI commands.

AWS does not allow you to use a VPC as a transit network between two VPCs not directly connected with each other (A-B-C). The same goes for traffic sourced externally from your on-premise network. Therefore, it is not possible to utilize VPC peering connections between your CSR routers and your spoke VPCs. The 'Transit VPC' solution works by functioning as an overlay network. The connectivity between the CSRs and spoke VPCs is achieved by provisioning AWS VPC VPN connections with dynamic eBGP routing. This alone makes the solution very expensive. Each spoke VPC connected brings up two VPC VPN connections (1 per CSR, with two redundant tunnels per VPN). The VPNs are charged by the hour and the network transfer is treated as 'Internet' for billing, even within a region. For traffic going from one spoke to another via the Transit VPC, you are charged for this traffic twice. The configuration parameters from these VPN connections are parsed by the Lambda functions and used to generate CLI commands to create or delete VRFs, crypto keyrings, and Tunnel interfaces on the CSR instances. Check out the code for this on Github. It's very clunky.

I recently deployed a few Transit VPCs on my network. However, I decided not to use the AWS provided automation. I didn't want AWS to be logging into my routers and running config commands automatically when triggered by events completely external to the routers (VPC tagging). I'm pretty sure the automation wouldn't even work with TACACS AAA because it relies on PKI. Instead, I used Terraform to set up the AWS side resources (VPC, route tables, EC2 instances, etc.), and created a Jinja2 template and some Python functions to parse AWS VPC VPN XML files and generate configuration TXT files that I can then use myself (whether by hand or via on-prem automation) to configure the CSR side VPN and routing configuration.

There's a ton of things that AWS could do to make the 'Transit VPC' solution magnitudes better than it is currently. The biggest improvement they could make is to allow transitive routing so that VPC VPNs w/ VGWs aren't needed at all. Replacing the VPNs with native VPC peering would make the solution 10x simpler and at least 2x cheaper than it is now. Another big improvement they could make is replacing the CLI interaction with the CSRs by using REST API calls instead.

    Higher Education

Easy Usage with Cloud

  • February 05, 2018
  • Review provided by G2

What do you like best?
How I can login online and adjust settings, contacts, and all phone router settings
What do you dislike?
Getting to the settings online is not the most user friendly
What problems is the product solving and how is that benefiting you?
Programming the phone and updating contacts is very easy and quick. The problem of having contacts that are said or easily changeable was people leave the company.
Recommendations to others considering the product:

    Amanda H.


  • February 01, 2018
  • Review provided by G2

What do you like best?
it brings network and security altogether in 1 step which in turn simplifies how we work.
What do you dislike?
sometimes prone to outages and things out of the normal scope of control.
What problems is the product solving and how is that benefiting you?
They can help you create a more intelligent, responsive, and integrated network, based on adaptive and agile technologies.

    Sergei C.

I missed this thing for a long time

  • January 17, 2018
  • Review verified by G2

What do you like best?
All features of IOS XE available in SDN.
What do you dislike?
Stability could be better. PV driver required with latest version.
What problems is the product solving and how is that benefiting you?
Advanced routing features in SDN. Demo and training, evaluation, pilot projects - all there.
Recommendations to others considering the product:
Just get it and use it.