Cisco SMC-127 User Manual

Configuring Secure Domain Routers on Cisco IOS XR Software
Secure domain routers (SDRs) are a means of dividing a single physical system into multiple logically separated routers. SDRs are isolated from each other in terms of their resources, performance, and availability.
Note SDRs were previously known as Logical Routers (LRs). The name was changed for Release 3.3.0.
Feature History for Configuring Secure Domain Routers on Cisco IOS XR Software
Release Modification
Release 3.2 This feature was supported on Cisco XR 12000 Series Routers.
Release 3.3.0 This feature was supported on the Cisco CRS-1.
The term Logical Router (LR) was changed to Secure Domain Router (SDR).
Support was added for distributed route processor cards (DRPs) and DRP pairs on the Cisco CRS-1.
Support was added for SDR-specific software package activation on the Cisco CRS-1 and Cisco XR 12000 Series Routers.
Release 3.4.0 No modification.

Contents

Prerequisites for Configuring Secure Domain Routers, page SMC-128
Information About Configuring Secure Domain Routers, page SMC-129
How to Configure Secure Domain Routers, page SMC-140
Configuration Examples for Secure Domain Routers, page SMC-162
Additional References, page SMC-164
Cisco IOS XR System Management Configuration Guide
SMC-127
Configuring Secure Domain Routers on Cisco IOS XR Software

Prerequisites for Configuring Secure Domain Routers

Prerequisites for Configuring Secure Domain Routers
Before configuring SDRs, the following conditions must be met:
Initial configuration
The router must be running the Cisco IOS XR software, including a Designated System Controller
(DSC).
The root-system username and password must be assigned as part of the initial configuration.
For more information on booting a router and performing initial configuration, refer to
Cisco IOS XR Getting Started Guide.
Required cards for each SDR
In Cisco CRS-1 routers, an additional RP pair, DRP or DRP pair must be installed in each line card
(LC) chassis to manage each SDR in the system.
In Cisco XR 12000 Series Routers, an additional RP or RP pair must be installed to manage each
SDR in the system.
For additional information on DRPs, refer to Cisco CRS-1 Carrier Routing System 16-Slot Line Card
Chassis System Description. For instructions on installing DRPs, refer to Installing the Cisco CRS-1 Carrier Routing System 16-Slot Line Card Chassis.
Task ID requirements
You must be in a user group associated with a task group that includes the proper task IDs for SDR
commands.
For detailed information about user groups and task IDs, see the Configuring AAA Services on
Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
Software Version Requirements for the Cisco XR 12000 Series Router
Multiple SDRs, including non-owner SDRs, are supported on Cisco XR 12000 Series Router
running Cisco IOS XR Software Release 3.2 or higher.
Software Version Requirements for the Cisco CRS-1
Cisco IOS XR Software Releases 2.0, 3.0, and 3.2 support only one owner SDR on the Cisco CRS-1.
Multiple (non-owner) SDRs are not supported in these releases. The owner SDR cannot be added or removed from the configuration.
Multiple SDRs, including non-owner SDRs, are supported on Cisco CRS-1 running
Cisco IOS XR Software Release 3.3.0 or higher.
Maximum SDR configurations
The Cisco CRS-1 supports a maximum of eight SDRs, including one owner SDR and up to seven
non-owner SDRs.
For the Cisco XR 12000 Series Router, we recommend a maximum of four SDRs, including one
owner SDR and up to three non-owner SDRs.
SMC-128
Cisco IOS XR System Management Configuration Guide
Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Information About Configuring Secure Domain Routers
Review the following topics before configuring secure domain routers:
What Is a Secure Domain Router?, page SMC-129
Owner SDR and Administration Configuration Mode, page SMC-129
Non-Owner SDRs, page SMC-130
SDR Access Privileges, page SMC-130
Root-System Users, page SMC-130
root-lr Users, page SMC-131
Other SDR Users, page SMC-131
Designated Secure Domain Router System Controller (DSDRSC), page SMC-132
DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132
DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133
High Availability Implications, page SMC-136
Cisco IOS XR Software Package Management, page SMC-137
DSC Migration on Cisco CRS-1 Multishelf Systems, page SMC-138
Caveats, page SMC-139

What Is a Secure Domain Router?

Cisco routers running Cisco IOS XR software can be partitioned into multiple, independent routers known as secure domain routers (SDRs). SDRs are a means of dividing a single physical system into multiple logically separated routers. SDRs perform routing functions the same as a physical router, but they share resources with the rest of the system. For example, the software, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions, such as chassis-control and switch fabric, are shared with the rest of the system.

Owner SDR and Administration Configuration Mode

The owner SDR is created at system startup and cannot be removed. This owner SDR performs system-wide functions, including the creation of additional non-owner SDRs. You cannot create the owner SDR because it always exists, nor can you completely remove the owner SDR, because it is necessary to manage the router. By default, all nodes in the system belong to the owner SDR.
The owner SDR also provides access to the Administration EXEC and Administration configuration modes. Only users with root-system privileges can access the Administration modes by logging in to the primary Route Processor for the owner SDR (called the Designated Shelf Controller, or DSC).
Administration modes are used for the following purposes:
Create and remove additional non-owner SDRs
Assign nodes to the non-owner SDRs
View the configured SDRs in the system.
View and manage system-wide resources and logs.
Cisco IOS XR System Management Configuration Guide
SMC-129
Information About Configuring Secure Domain Routers
See the “SDR Access Privileges” section on page SMC-130 for more information.
Note The Administration modes cannot be used to configure the features within a non-owner SDR, or view
the router configuration for a non-owner SDR. After the SDR is created, users must log into the non-owner SDR directly to change the local configuration and manage the SDR. See the “Non-Owner
SDRs” section on page SMC-130 for more information.

Non-Owner SDRs

To create a new non-owner SDR, the root-system user enters Administration configuration mode, defines a new SDR name, and assigns a set of cards to that SDR. Only a user with root-system privileges can access the commands in Administration configuration mode. Therefore, users without root-system privileges cannot create SDRs or assign cards to the SDRs.
After a non-owner SDR is created, the users configured on the non-owner SDR can log in and manage the router. The configuration for each non-owner SDR is separate from the owner SDR and can be accessed only by logging in to the non-owner SDR.
Configuring Secure Domain Routers on Cisco IOS XR Software
See the “SDR Access Privileges” section on page SMC-130 for more information.
Note For information regarding support for non-owner SDRs in the Cisco IOS XR software releases 2.0, 3.0,
3.2 and 3.3.0, see Software Version Requirements for the Cisco XR 12000 Series Router,
page SMC-128.

SDR Access Privileges

Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated privileges.
Only users with root-system privileges can access the Administration EXEC and Administration
configuration modes. See the “Root-System Users” section on page SMC-130 for more information.
Users with root-lr privileges can access only the non-owner SDR in which that username was
created. See the “root-lr Users” section on page SMC-131 for more information.
Users with other access privileges can access features according to their assigned privileges for a
specific SDR. See the “Other SDR Users” section on page SMC-131 for more information.
For more information about AAA policies, refer to Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Root-System Users

SMC-130
Users with root-system privileges have access to system-wide features and resources, including the ability to create and remove secure domain routers. The root-system user is created during the initial boot and configuration of the router.
The root-system user has the following privileges:
Access to Administration EXEC and Administration configuration commands.
Ability to create and delete non-owner SDRs.
Cisco IOS XR System Management Configuration Guide
Configuring Secure Domain Routers on Cisco IOS XR Software
Ability to assign nodes (RPs, DRPs, and LCs) to SDRs.
Ability to create other users with similar or lower privileges.
Complete authority over the chassis.
Ability to log in to non-owner SDRs using admin plane authentication. Admin plane authentication
allows the root-system user to log in to a non-owner SDR regardless of the configuration set by the root-lr user. See the “Configuring a Username and Password for a Non-Owner SDR” section on
page SMC-157
Ability to install and activate software packages for all SDRs or for a specific SDR.
Ability to view the following admin plane events (owner SDR logging system only):
Software installation operations and events.
System card boot operations, such as card booting notifications and errors, heartbeat-missed notifications, and card reloads.
Card alphanumeric display changes.
Environment monitoring events and alarms.
Fabric control events.
Information About Configuring Secure Domain Routers

root-lr Users

Note SDRs were previously known as Logical Routers (LRs). The name was changed for Release 3.3.0.
Upgrade progress information.
Users with root-lr privileges can log in to the non-owner SDR only and perform configuration tasks that are specific to that SDR. The root-lr group has the following privileges:
Ability to configure interfaces and protocols.
Ability to create other users with similar or lower privileges on the non-owner SDR.
Ability to view the resources assigned to their particular SDR.
The following restrictions apply to root-lr users:
root-lr users cannot enter Administration EXEC or configuration modes.
root-lr users cannot create or remove SDRs.
root-lr users cannot add or remove nodes from an SDR.
root-lr users cannot create root-system users.
The highest privilege a non-owner SDR user can have is root-lr.

Other SDR Users

Additional usernames and passwords can be created by the root-system or root-lr users to provide more restricted access to the configuration and management capabilities of the owner SDR or non-owner SDRs.
Cisco IOS XR System Management Configuration Guide
SMC-131
Configuring Secure Domain Routers on Cisco IOS XR Software
Information About Configuring Secure Domain Routers

Designated Secure Domain Router System Controller (DSDRSC)

In a router running the Cisco IOS XR software, one Route Processor is assigned the role of Designated System Controller (DSC). The DSC provides system-wide administration and control capability, including access to the Administration EXEC and Administration configuration modes. For more information on DSCs, refer to Cisco IOS XR Getting Started Guide.
In each SDR, similar administration and control capabilities are provided by the Designated Secure Domain Router System Controller (DSDRSC). Each SDR must include a DSDRSC to operate, and you must assign an RP or DRP to act as the dSDRSC.
Note In the owner SDR, the DSC also provides DSDRSC functionality.
The following sections describe DSDRSC support:
DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132
DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133
Removing a DSDRSC Configuration, page SMC-135

DSCs and DSDRSCs in a Cisco CRS-1 Router

Designated System Controller (DSC) in a Cisco CRS-1
In the Cisco CRS-1, the primary and standby DSC is always an RP pair. By default, the DSC is also the DSDRSC for the owner SDR. The owner DSDRSCs cannot be removed from the SDR configuration, or assigned to a non-owner SDR.
For information on DSC assignment and initial router configuration, refer to Cisco IOS XR Getting Started Guide.
Using a DRP or DRP Pair as the DSDRSC in a Cisco CRS-1 Router
Cisco Systems recommends the use of DRPs as the DSDRSC in non-owner SDRs to ensure DSC migration capability, as described in the “DSC Migration on Cisco CRS-1 Multishelf Systems” section
on page SMC-136.
To create a DRP DSDRSC in a non-owner SDR, you must configure a DRP or DRP pair as the primary node for that SDR. The following guidelines apply:
Although a single DRP can be used as the DSDRSC, we recommend the use of a redundant DRP
pair.
To create a DRP pair and configure it as the DSDRSC, complete the instructions in the “Creating
SDRs in a Cisco CRS-1 Router” section on page SMC-140.
DRPs cannot be used as the DSC in the owner SDR. Only RPs can be used as the DSC in the
owner SDR.
DRPs cannot be assigned as the DSDRSC if an RP is present in the SDR. To assign a DRP as the
DSDRSC, you must first remove any RPs from the SDR configuration, and then add the DRP or DRP pair as the primary node. After the DRP is assigned as the DSDRSC, the RPs can be added to the SDR. See the “How to Configure Secure Domain Routers” section on page SMC-140 for more information.
SMC-132
Cisco IOS XR System Management Configuration Guide
Configuring Secure Domain Routers on Cisco IOS XR Software
DRPs are supported in the Cisco CRS-1 only. DRPs are not supported in the
Cisco XR 12000 Series Routers.
Note DRPs can also be used to provide additional processing capacity in a Cisco CRS-1 router. For additional
information on DRPs, refer to Cisco CRS-1 Carrier Routing System 16-Slot Line Card Chassis System Description. For instructions on installing DRPs, refer to Installing the Cisco CRS-1 Carrier Routing System 16-Slot Line Card Chassis. For information on using DRPs for additional processing capacity, see the Process Placement on Cisco IOS XR Software module in the Cisco IOS XR System Management Configuration Guide.
Using a RP Pair as the DSDRSC in a Cisco CRS-1 Router
In a Cisco CRS-1 router, RP pairs can also be used as the DSDRSC in non-owner SDRs.
Single RPs cannot be used as the DSDRSC.
Redundant RPs in a CRS-1 Series router are installed in slots RP0 and RP1 of each line card chassis.
To assign an RP pair as the DSDRSC, complete the instructions in the “How to Configure Secure
Domain Routers” section on page SMC-140.
Information About Configuring Secure Domain Routers
Note Although an RP pair can be used as the DSDRSC in non-owner SDRs, we recommend the use of a
redundant DRP pair to ensure DRP migration capability. See the “DSC Migration on Cisco CRS-1
Multishelf Systems” section on page SMC-136 for more information.

DSC and DSDRSCs in a Cisco XR 12000 Series Router

In a Cisco XR 12000 Series Router, you can use a single RP or a redundant RP pair as the DSDRSC for each SDR. Redundant RP pairs must be installed in adjacent redundancy slots. The adjacent redundancy slots are as follows:
Slot 0 and Slot 1
Slot 2 and Slot 3
Slot 4 and Slot 5
Slot 6 and Slot 7
Slot 8 and Slot 9
Slot 10 and Slot 11
Slot 12 and Slot 13
Slot 14 and Slot 15
Review the additional information in this section for restrictions regarding RP usage in Cisco XR 12000 Series Routers.
Note Only two RPs can be operational in any SDR on a Cisco XR 12000 Series Router.
Note DRPs are not supported in Cisco XR 12000 Series Routers.
Cisco IOS XR System Management Configuration Guide
SMC-133
Information About Configuring Secure Domain Routers
Designated System Controller (DSC) in a Cisco XR 12000 Series Router
The first RP to be booted with the Cisco IOS XR software in a Cisco XR 12000 Series Router will
become the Designated System Controller (DSC) for the router. This DSC is also the DSDRSC for the owner SDR. The DSC (owner DSDRSC) cannot be removed from the router configuration or reassigned to another SDR. For more information on bringing up a router for the first time, refer to Cisco IOS XR Getting Started Guide.
A second RP can be used as the standby DSC. The standby DSC is also the standby DSDRSC for
the owner SDR. The RP becomes the standby DSC if the following conditional are met:
The RP is installed in an adjacent redundancy slot to the DSC.
The RP is booted with the Cisco IOS XR software.
Additional RPs can be installed in the router, but they will be non-operational until the following
conditions are met:
The additional RPs are booted with the Cisco IOS XR software.
The RPs are added to a non-owner SDR configuration.
Designated Secure Domain Router System Controller (DSDRSC) in a Cisco XR 12000 Series Router
Up to two RPs can be added to a non-owner SDR configuration.
The first RP running the Cisco IOS XR software that is added to the SDR configuration will become
the DSDRSC.
If a second RP running the Cisco IOS XR software is installed in an adjacent redundancy slot, it will
become the standby DSDRSC when added to the SDR configuration.
Configuring Secure Domain Routers on Cisco IOS XR Software
If two RPs running the Cisco IOS XR software are installed in adjacent redundancy slots and are
added to a new SDR at the same time, they will automatically elect a DSDRSC and standby DSDRSC between them.
Any RPs added to the SDR that are not in the adjacent redundancy slot to the DSDRSC will be
non-operational.
Note Additional RPs that are not the DSDRSC or standby DSDRSC can be added to an SDR configuration,
but they will not be operational. These additional RPs will repetitively reset to prevent them from booting and interfering with other cards in the SDR. In addition, the DSC console will display repetitive error messages. We recommend that you either remove RP cards or assign them to a different SDR.
Once a DSDRSC is configured for an SDR, an RP installed in the adjacent redundancy slot can only
be assigned to that SDR. This is because adjacent redundancy slots form a redundancy pair that cannot be separated by SDR boundaries. For example, if the DSDRSC is installed in slot 2, an RP installed in slot 3 can only be assigned to the same SDR (as the standby DSDRSC).
RPs that are installed on slots that are not adjacent redundancy slots can be assigned to different
SDRs. For example, two RPs installed in slot 0 and slot 1 can only be configured as the DSDRSC and standby DSDRSC because they are installed in adjacent redundancy slots. However, two RPs installed in slot 1 and slot 2 can be used for different SDRs because these are not adjacent redundancy slots.
SMC-134
Cisco IOS XR System Management Configuration Guide
Configuring Secure Domain Routers on Cisco IOS XR Software

Removing a DSDRSC Configuration

There are two ways to remove a DSDRSC from an SDR:
First remove all other nodes from the SDR configuration, and then remove the DSDRSC node. You
cannot remove the DSDRSC node when other nodes are in the SDR configuration.
Remove the entire SDR. Removing an SDR name deletes the SDR and moves all nodes back to the
owner SDR inventory.
See the “Removing Nodes and SDRs” section on page SMC-151 for more information.

Default Configuration for New Non-Owner SDRs

Be default, the configuration of a new SDR is blank. The first configuration step after creating an SDR is to log in to the new non-owner SDR using admin plane authentication and create a username and password. You can then log out of the SDR and log back in using the new username and password. See the “Configuring a Username and Password for a Non-Owner SDR” section on page SMC-157 for more information.
Information About Configuring Secure Domain Routers
Note When logged in to a non-owner SDR using admin plane authentication, the admin configuration will be
displayed. However, admin plane authentication should only be used to configure a username and password for the non-owner SDR. To perform additional configuration tasks, log in with the username for the non-owner SDR, as described in the “Configuring a Username and Password for a Non-Owner
SDR” section on page SMC-157.
Default Software Profile for SDRs
When a new non-owner SDR is created, the nodes assigned to that SDR are activated with the default software package profile. In Release 3.4.0, the default software profile is defined by the last install operation that did not specify an SDR.
To view the default software profile, use the show install active summary command in Administration EXEC mode. Any new nodes that are configured to become a part of an SDR will boot with the default software profile listed in the output of this command.
RP/0/0/CPU0:router(admin)# show install active summary
Default Profile: SDRs: Owner sdr1 Active Packages: disk0:c12k-sbc-3.3.0 disk0:c12k-diags-3.3.0 disk0:c12k-mgbl-3.3.0 disk0:c12k-mcast-3.3.0 disk0:c12k-mpls-3.3.0 disk0:c12k-k9sec-3.3.0 disk0:c12k-mini-3.3.0
Note For detailed instructions to add and activate software packages, see the “Managing Cisco IOS XR
Software Packages” module of the Cisco IOS XR Getting Started Guide. See also the Software Package Management Commands on Cisco IOS XR Software module of the Cisco IOS XR System Management Command Reference.
Cisco IOS XR System Management Configuration Guide
SMC-135
Information About Configuring Secure Domain Routers

High Availability Implications

Fault Isolation

Because the CPU and memory of an SDR are not shared with other SDRs, configuration problems that cause out-of-resources conditions in one SDR do not affect other SDRs.

Rebooting an SDR

Each non-owner SDR can be rebooted independently of the other SDRs in the system. If you reboot the owner SDR, however, then all non-owner SDRs in the system automatically reboot, because the non-owner SDRs rely on the owner SDR for basic chassis management functionality.
Note The DSDRSC of the owner SDR is also the DSC of the entire system.

DSDRSC Redundancy

Configuring Secure Domain Routers on Cisco IOS XR Software
To achieve full redundancy, each SDR must be assigned two cards: one to act as the primary DSDRSC, and one RP or DRP to act as a standby DSDRSC.
In a Cisco XR 12000 Series Router, you can assign two redundant RP cards to each SDR as described in the “DSC and DSDRSCs in a Cisco XR 12000 Series Router” section on page SMC-133. DRPs are not supported in the Cisco XR 12000 Series Routers.
In a Cisco CRS-1 router, we recommend the use of DRP pairs as DSDRSC for all non-owner SDRs the system. DRP pairs provide redundancy within the SDR, and DSC migration for the entire system. See the following section for more information.

DSC Migration on Cisco CRS-1 Multishelf Systems

Designated Shelf Controller (DSC) migration is the act of moving the DSC role to a different part of the router. The DSC role automatically migrates when the DSC cannot perform its function on the shelf in which it currently resides. The cause of a DSC migration can be a failure of both of the RPs in the DSC shelf or any event that removes power from the DSC line card chassis (LCC).
DSC migration can be triggered by the following methods:
1. Shutdown power to DSC LCC. (Recommended)
2. Hardware-module reset or shutdown of a standby RP then an active RP in a DSC LCC. (Not
recommended)
3. Online, insertion, removal (OIR) for an active RP and standby RP in a DSC LCC simultaneously.
(Not recommended)
SMC-136
4. Removal of control Ethernet connectivity to both RPs in a DSC LCC. (Not recommended)
Note If planned downtime of a DSC LCC occurs, the recommended method of triggering DSC migration is to
shutdown the power to the DSC LCC. The methods, which are not recommended, shutdown only one transport medium in the system. For example, control Ethernet but fabric medium can still be up for
Cisco IOS XR System Management Configuration Guide
Configuring Secure Domain Routers on Cisco IOS XR Software
another 30 seconds. This causes an inconsistent system view in the named SDR using DRP paired across the rack in which the DRP loses control Ethernet connectivity, but the LR plane is still working and can bring the named SDR into an inconsistent view if the named SDR is across the rack.
To support DSC migration in Cisco IOS XR Software Release 3.3.2 and higher, we recommend that you:
Keep the default placement of all four RPs in the owner SDR. When the owner SDR spans both
LCCs, the impact on the SDR resources is minimal in the remaining rack. Existing connections are not interrupted for the resources in the remaining rack, but a delay in routing new connections can occur while the routing tables are updated.
Run all routing protocols in a named SDR. In addition, by running all routing protocols in a named
SDR, which requires a distributed route processor (DRP) paired across the rack, the operation of Cisco Nonstop Forwarding (NSF) and Cisco Nonstop Routing (NSR) continues.
An election process selects the node that is to receive the DSC role upon DSC migration. The basis of the election is the shelf number. The shelf with the lowest number is designated to receive the DSC role.
DSC migration can cause a very short interruption to traffic flowing through the owner SDR. Although the time can vary with the addition of new features to DSC management and other factors, in the current release the time is likely to be around 20 to 30 seconds.
The reason for the traffic loss is because virtual Interfaces (VI), such as loopback, null, tunnels, and bundles are hosted on the DSDRSC of an SDR. For the owner SDR, the DSDRSC is the same node as the DSC itself. For DSC migration to occur, both active and standby DSC must be lost. Therefore, for the owner SDR, both active and standby DSDRSC are lost. VI's must be recreated on the new DSC, which is also the new DSDRSC. This operation takes some time, during which routing protocols such as BGP that use loopback or null interfaces are affected. Similarly, tunnels and bundles must also be recreated, affecting protocols such as MPLS. As a result, there is a drop in traffic in the default or owner SDR.
Information About Configuring Secure Domain Routers
Note In Cisco IOS XR Software Release 3.3.0 and higher, DSC migration is disabled if the RPs in both LCCs
are assigned to different SDRs.
To minimize the impact of DSC migration, create named SDRs that operate on DRP in each LCC. If the DSC rack fails, any named SDRs on the failed rack also fail. However, named SDRs on the unaffected rack can continue through DSC migration without any interruption in service. If the failure in the DSC rack affects only the RP cards, the named SDR in the affected rack cannot function after the RPs on that rack go down.

Cisco IOS XR Software Package Management

Software packages are added to the DSC of the system from Administration Exec mode. Once added, a package can be activated for all SDRs in the system, or for a specific SDR.
Note In Release 3.3.0, SDR-specific activation is supported for specific packages and upgrades, such as
optional packages and SMUs. Packages that do not support SDR-specific activation can only be activated for all SDRs in the system. For detailed instructions, see the “Managing Cisco IOS XR Software Packages” module of the Cisco IOS XR Getting Started Guide. See also the “Software Package Management Commands on Cisco IOS XR Software” module of the Cisco IOS XR System Management Command Reference.
Cisco IOS XR System Management Configuration Guide
SMC-137
Configuring Secure Domain Routers on Cisco IOS XR Software
Information About Configuring Secure Domain Routers
To access install commands, you must be a member of the root-system user group with access to the
Administration EXEC mode.
Most show install commands can be used in the EXEC mode of an SDR to view the details of the
active packages for that SDR.
Note For information, see Default Configuration for New Non-Owner SDRs, page SMC-135

DSC Migration on Cisco CRS-1 Multishelf Systems

Designated Shelf Controller (DSC) migration is the act of moving the DSC role to a different part of the router. The DSC role automatically migrates when the DSC cannot perform its function on the shelf in which it currently resides. The cause of a DSC migration can be a failure of both of the RPs in the DSC shelf or any event that removes power from the DSC line card chassis (LCC).
DSC migration can be triggered by the following methods:
1. Shutdown power to DSC LCC. (Recommended)
2. Hardware-module reset or shutdown of a standby RP then an active RP in a DSC LCC. (Not
recommended)
3. Online, insertion, removal (OIR) for an active RP and standby RP in a DSC LCC simultaneously.
(Not recommended)
4. Removal of control Ethernet connectivity to both RPs in a DSC LCC. (Not recommended)
Note If planned downtime of a DSC LCC occurs, the recommended method of triggering DSC migration is to
shutdown the power to the DSC LCC. The methods, which are not recommended, shutdown only one transport medium in the system. For example, control Ethernet but fabric medium can still be up for another 30 seconds. This causes an inconsistent system view in the named SDR using DRP paired across the rack in which the DRP loses control Ethernet connectivity, but the LR plane is still working and can bring the named SDR into an inconsistent view if the named SDR is across the rack.
To support DSC migration in Cisco IOS XR Software Release 3.3.2 and higher, we recommend that you:
Keep the default placement of all four RPs in the owner SDR. When the owner SDR spans both
LCCs, the impact on the SDR resources is minimal in the remaining rack. Existing connections are not interrupted for the resources in the remaining rack, but a delay in routing new connections can occur while the routing tables are updated.
Run all routing protocols in a named SDR. In addition, by running all routing protocols in a named
SDR, which requires a distributed route processor (DRP) paired across the rack, the operation of Cisco Nonstop Forwarding (NSF) and Cisco Nonstop Routing (NSR) continues.
An election process selects the node that is to receive the DSC role upon DSC migration. The basis of the election is the shelf number. The shelf with the lowest number is designated to receive the DSC role.
DSC migration can cause a very short interruption to traffic flowing through the owner SDR. Although the time can vary with the addition of new features to DSC management and other factors, in the current release the time is likely to be around 20 to 30 seconds.
SMC-138
The reason for the traffic loss is because virtual Interfaces (VI), such as loopback, null, tunnels, and bundles are hosted on the DSDRSC of an SDR. For the owner SDR, the DSDRSC is the same node as the DSC itself. For DSC migration to occur, both active and standby DSC must be lost. Therefore, for the owner SDR, both active and standby DSDRSC are lost. VI's must be recreated on the new DSC,
Cisco IOS XR System Management Configuration Guide
Loading...
+ 28 hidden pages