Cisco IOS XR System Management Command Reference, Release 3.4
Secure Domain Router Commands on Cisco IOS XR Software
Downloads: This chapterpdf (PDF - 401.0KB) The complete bookPDF (PDF - 5.84MB) | Feedback

Secure Domain Router Commands on Cisco IOS XR Software

Table Of Contents

Secure Domain Router Commands on Cisco IOS XR Software

location (SDR)

sdr

pair (SDR)


Secure Domain Router Commands on Cisco IOS XR Software


Secure domain routers (SDRs) provide a means of partitioning a router into multiple, independent routers. SDRs perform routing functions in the same manner as a physical router, but share resources with the rest of the system. For example, the applications, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions such as chassis control, switch fabric, and partitioning are shared with the rest of the system.

For detailed information about secure domain router concepts, configuration tasks, and examples, refer to the Configuring Secure Domain Routers on Cisco IOS XR Software module.


Note Secure Domain Routers (SDRs) were previously known as Logical Routers (LRs). The name was changed for Release 3.3.0.


location (SDR)

To assign a node to a secure domain router (SDR), use the location command in SDR configuration mode. To remove a node from an SDR and return the node to the owner SDR, use the no form of this command.

location partially-qualified-nodeid [primary]

no location partially-qualified-nodeid

Syntax Description

partially-qualified-nodeid

Specifies the node to be assigned to the specified secure domain router. Refer to the Usage Guidelines for the syntax required in each router platform.

primary

(Optional, Cisco CRS-1 only). Configures the node as the DSDRSC for a secure domain router. This keyword is not supported on Cisco XR 12000 Series Routers.


Defaults

All nodes are assigned to the owner SDR.

Command Modes

SDR configuration

Command History

Release
Modification

Release 3.2

This command was first supported on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.3.0

The term Logical Router (LR) was changed to Secure Domain Router (SDR).

Added support for the primary keyword (optional, Cisco CRS-1 only).

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the location command to assign a node to an SDR. By default, all nodes belong to the owner SDR. When a node is assigned to a non-owner SDR, it is automatically removed from the owner SDR inventory.

Use the no form of the location command to remove a node from an SDR. Removing a node from an SDR implicitly returns it to the owner SDR. When a node has been removed from an SDR, it can be reassigned to another SDR. To remove the DSDRSC, you must first remove all other nodes in the SDR. You cannot remove the DSC from the owner SDR.


Note Removing all nodes from an SDR deletes the secure domain router from the configuration.


Cisco CRS-1 Usage Notes

Use the location command with the primary keyword to assign an RP pair or a single DRP as the DSDRSC. If the primary keyword is not used, the node will be assigned to the SDR, but it will not be the DSDRSC.

You cannot assign a single RP to an SDR in the Cisco CRS-1. RPs must be added in redundant pairs. The value of the partially-qualified-nodeid argument for RPs is entered in the rack/RP*/* notation. This command assigns the redundant RP pair as the DSDRSC. One RP is automatically elected as the DSDRSC, and the second RP acts as the standby DSDRSC.

To assign a single DRP to an SDR, use the location command with the partially-qualified-nodeid argument. To assign a single DRP node as the DSDRSC, enter the location command with the partially-qualified-nodeid argument and the primary keyword.

To assign a redundant DRP pair to an SDR, use the pair (SDR) command as described on page 459. We recommend the use of DRP pairs as the DSDRSC for all non-owner SDRs.

If an RP is already assigned to the SDR as the DSDRSC, it must be removed before a DRP can be assigned as the DSDRSC.

Cisco XR 12000 Series Router Usage Notes

Enter the value of the partially-qualified-nodeid argument to specify a single node. The value of the nodeid argument is entered in the rack/slot/* notation. Node IDs are always specified at the slot level, so the wildcard (*) is used to specify the CPU.

The first RP you assign to the SDR will become the DSDRSC. To add a redundant standby RP to the configuration, install a second RP in the adjacent redundancy slot and add it to the SDR configuration. See Configuring Secure Domain Routers on Cisco IOS XR Software for information.

DRPs are not supported in Cisco XR 12000 Series Routers.

Task ID

Task ID
Operations

system

read, write


Examples

Cisco CRS-1 router examples

In the following example, a new SDR rname2 is created in a Cisco CRS-1 router. The location command is used to add an RP pair as the primary node (DSDRSC). An additional node in rack 1, slot 0 is then added to the configuration.

RP/0/RP0/CPU0:router# admin 
RP/0/RP0/CPU0:router(admin)# configure
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# location 1/RP*/* primary
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# location 1/0/*
RP/0/RP0/CPU0:router (admin-config-sdr:rname2)# end
 
   

The following example shows how to remove a node from SDR rname2 in a Cisco CRS-1 router:

RP/0/RP0/CPU0:router# admin 
RP/0/RP0/CPU0:router(admin)# configure
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# no location 1/0/*
RP/0/RP0/CPU0:router (admin-config-sdr:rname2)# end

Cisco XR 12000 Series Router examples

The following example shows how to create an SDR on a Cisco XR 12000 Series Router, and assign RPs in adjacent redundancy slots to be the DSDRSC:

RP/0/0/CPU0:router# admin 
RP/0/0/CPU0:router(admin)# configure
RP/0/0/CPU0:router(admin-config)# sdr rname
RP/0/0/CPU0:router(admin-config-sdr:rname)# location 0/2/* 
RP/0/0/CPU0:router(admin-config-sdr:rname)# location 0/3/* 
RP/0/0/CPU0:router(admin-config-sdr:rname)# commit
RP/0/0/CPU0:router(admin-config-sdr:rname)# end
 
   

The following example shows how to add a node to an SDR in a Cisco XR 12000 Series Router:

RP/0/0/CPU0:router# admin 
RP/0/0/CPU0:router(admin)# configure
RP/0/0/CPU0:router(admin-config)# sdr rname
RP/0/0/CPU0:router(admin-config-sdr:rname)# location 0/5/* 
RP/0/0/CPU0:router (admin-config-sdr:rname2)# end
 
   

The following example shows how to remove a node to an SDR in a Cisco XR 12000 Series Router:

RP/0/0/CPU0:router# admin 
RP/0/0/CPU0:router(admin)# configure
RP/0/0/CPU0:router(admin-config)# sdr rname
RP/0/0/CPU0:router(admin-config-sdr:rname)# no location 0/5/* 
RP/0/0/CPU0:router (admin-config-sdr:rname2)# end

Related Commands

Command
Description

pair (SDR)

Creates a distributed route processor (DRP) pair and enters DRP pairing configuration mode,

sdr

Creates or modifies an existing secure domain router.


sdr

To specify a secure domain router (SDR) and enter SDR configuration mode, use the sdr command in Administration configuration mode. To remove a secure domain router from the configuration, use the no form of this command.

sdr sdr-name

no sdr sdr-name

Syntax Description

sdr-name

Name of the SDR to be created or modified.


Defaults

The system comes configured as a single secure domain router known as the owner SDR.

Command Modes

Administration configuration

Command History

Release
Modification

Release 3.2

This command was first supported on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.3.0

The term Logical Router (LR) was changed to Secure Domain Router (SDR).

This command was supported on the Cisco CRS-1.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the sdr command to create an SDR or modify an existing SDR.


Note The sdr-name argument creates an SDR if the SDR specified for the sdr-name argument does not exist.


By default, a router running Cisco IOS XR software contains one SDR, the owner SDR. You cannot create the owner SDR, because it always exists—nor can you completely remove it, because it is necessary for managing the router.

After the sdr command is issued, the router enters SDR configuration mode. From SDR configuration mode, you can add nodes to the SDR or remove nodes from the SDR using the location (SDR) command. In the Cisco CRS-1, you can also add or remove DRP pairs using the pair (SDR) command.

Use the no form of the command to remove a non-owner SDR configuration. When an SDR is removed from the router configuration, all nodes included in the SDR configuration are returned to the owner SDR inventory. The owner SDR cannot be removed.

Maximum SDR configurations in Cisco IOS XR Software Release 3.4

The Cisco CRS-1 supports a maximum of eight SDRs, including one owner SDR and up to seven non-owner SDRs.

For the Cisco XR 12000 Series Router, we recommend a maximum of four SDRs, including one owner SDR and up to three non-owner SDRs.

Task ID

Task ID
Operations

system

read, write


Examples

The following example shows how to enter SDR configuration mode to configure an SDR. This example is for a 12000 Series Router.

RP/0/0/CPU0:router# admin 
RP/0/0/CPU0:router(admin)# configure
RP/0/0/CPU0:router(admin-config)# sdr rname
RP/0/0/CPU0:router(admin-config-sdr:rname)# location 0/0/* 
RP/0/0/CPU0:router(admin-config-sdr:rname)# location 0/5/* 
RP/0/0/CPU0:router(admin-config-sdr:rname)# end
 
   

The following example shows how to remove an SDR from the configuration. All nodes belonging to the configuration are returned to the owner SDR inventory, and the SDR name is deleted. This example is for a Cisco CRS-1 router.

RP/0/RP0/CPU0:router# admin 
RP/0/RP0/CPU0:router(admin)# configure
RP/0/RP0/CPU0:router(admin-config)# no sdr rname
RP/0/RP0/CPU0:router (admin-config)# end

Related Commands

Command
Description

location (SDR)

Adds or removes a node from an SDR.

pair (SDR)

Adds or removes a DRP pair from an SDR.

location (drp)

Assigns nodes to a DRP pair.

pairing (drp)

Creates a distributed route processor (DRP) pair and enters DRP pairing configuration mode,


pair (SDR)

To assign a DRP pair to a secure domain router (SDR) in a Cisco CRS-1 router, use the pair command in SDR configuration mode. To remove a DRP pair from the configuration, use the no form of this command.

pair pair-name [primary]

no pair pair-name

Syntax Description

pair-name

Specifies a DRP pair to be assigned to the specified secure domain router. The pair-name argument is the name assigned to the DRP pair. For instructions to create a DRP pair name, see the pairing (drp) command in the Distributed Route Processor Commands on Cisco IOS XR Software.

primary

Specifies the named DRP pair as the primary and standby designated secure domain router system controllers (DSDRSC).


Defaults

No default behavior or values

Command Modes

SDR configuration

Command History

Release
Modification

Release 3.3.0

This command was introduced on the Cisco CRS-1 router.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the pair pair-name command to assign a DRP pair to an SDR. Enter the command pair pair-name and the primary keyword to assign the DRP pair as the DSDRSCs (primary and standby DSDRSCs).

To assign a DRP pair to an SDR, you must first create a DRP pair name as described in Distributed Route Processor Commands on Cisco IOS XR Software and Configuring Secure Domain Routers on Cisco IOS XR Software. Once the DRP pair is created, you can add the pair-name to the SDR.

When a DRP pair is assigned to a non-owner SDR, it is automatically removed from the owner SDR inventory. When a DRP pair is removed from a non-owner SDR configuration, it is automatically returned to the owner SDR inventory.

RPs have precedence over DRPs for DSDRSC configuration. If an SDR already includes an RP, the RP must become the DSDRSC.

Use the no form of the pair command to remove the DRP pair from an SDR. Removing a DRP pair from an SDR implicitly returns it to the owner SDR. When a DRP pair has been removed from an SDR, it can be reassigned to another SDR.


Note This command is not supported on Cisco XR 12000 Series Routers.


Task ID

Task ID
Operations

system

read, write


Examples

The following example shows how to enter SDR configuration mode and add a DRP pair as the DSDRSC. The command show configuration is used in SDR configuration mode to display the SDR configuration.

RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# pair drp1 primary
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# show configuration
Building configuration...
sdr rname2
 pair drp1 primary
!
end
 
   

The following example shows how to enter SDR configuration mode and remove a DRP pair from the SDR configuration.

RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# no pair drp1 

Related Commands

Command
Description

location (SDR)

Adds or removes a node from an SDR. This command can be used to assign a single DRP or RP as the DSDRSC.

sdr

Creates or modifies a secure domain router.

location (drp)

Assigns nodes to a DRP pair.

pairing (drp)

Creates a distributed route processor (DRP) pair and enters DRP pairing configuration mode.