Cisco IOS XR System Management Command Reference for the Cisco CRS Router, Release 4.3.x
Secure Domain Router Commands on the Cisco IOS XR Software
Downloads: This chapterpdf (PDF - 1.2MB) The complete bookPDF (PDF - 8.79MB) | Feedback

Secure Domain Router Commands on the Cisco IOS XR Software

Secure Domain Router Commands on the Cisco IOS XR Software

Secure domain routers (SDRs) provide a means of partitioning a router into multiple, independent routers. SDRs perform routing functions in the same manner as a physical router but share resources with the rest of the system. For example, the applications, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions such as chassis control, switch fabric, and partitioning are shared with the rest of the system.

For detailed information about secure domain router concepts, configuration tasks, and examples, see the Configuring Secure Domain Routers on Cisco IOS XR Software module in Cisco IOS XR System Management Configuration Guide for the Cisco CRS Router.

location (SDR)

To assign a node to a secure domain router (SDR), use the location command in SDR configuration mode. To remove a node from an SDR and return the node to the owner SDR, use the no form of this command.

location partially-qualified-nodeid [primary]

no location partially-qualified-nodeid

Syntax Description

partially-qualified-nodeid

Node to be assigned to the specified secure domain router. Refer to the Usage Guidelines for the syntax required in each router platform.

primary

(Optional) Configures the node as the DSDRSC for a secure domain router.

Command Default

All nodes are assigned to the owner SDR.

Command Modes

SDR configuration

Command History

Release

Modification

Release 3.2

This command was introduced.

Release 3.3.0

The term logical router (LR) was changed to secure domain router (SDR).

Added support for the primary keyword.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the location command to assign a node to an SDR. By default, all nodes belong to the owner SDR. When a node is assigned to a non-owner SDR, it is automatically removed from the owner SDR inventory.

Use the no form of the location command to remove a node from an SDR. Removing a node from an SDR implicitly returns it to the owner SDR. When a node has been removed from an SDR, it can be reassigned to another SDR. To remove the designated secure domain router system controller (DSDRSC), you must first remove all other nodes in the SDR. You cannot remove the designated system controller (DSC) from the owner SDR.


Note


Removing all nodes from an SDR deletes the secure domain router from the configuration.


Usage Notes

  • Use the location command with the primary keyword to assign a route processor (RP) pair or a single distributed route processor (DRP) as the DSDRSC. If the primary keyword is not used, the node is assigned to the SDR, but it is not the DSDRSC.
  • You cannot assign a single RP to an SDR. RPs must be added in redundant pairs. The value of the partially-qualified-nodeid argument for RPs is entered in the rack/slot/* notation. This command assigns the redundant RP pair as the DSDRSC. One RP is automatically elected as the DSDRSC, and the second RP acts as the standby DSDRSC.
  • To assign a single DRP to an SDR, use the location command with the partially-qualified-nodeid argument. To assign a single DRP node as the DSDRSC, enter the location command with the partially-qualified-nodeid argument and the primary keyword.
  • To assign a redundant DRP pair to an SDR, use the pair (SDR) command. We recommend the use of DRP pairs as the DSDRSC for all non-owner SDRs.
  • If an RP is already assigned to the SDR as the DSDRSC, it must be removed before a DRP can be assigned as the DSDRSC.

Task ID

Task ID

Operations

system

read, write

Examples

In the following example, a new SDR “rname2” is created. The location command is used to add an RP pair as the primary node (DSDRSC). An additional node in rack 1, slot 0 is then added to the configuration.

RP/0/RP0/CPU0:router# admin
RP/0/RP0/CPU0:router(admin)# configure
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# location 1/RP*/* primary
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# location 1/0/*
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# end
   

The following example shows how to remove a node from SDR “rname2”:

RP/0/RP0/CPU0:router# admin
RP/0/RP0/CPU0:router(admin)# configure
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# no location 1/0/*
RP/0/RP0/CPU0:router (admin-config-sdr:rname2)# end
   

Related Commands
Related Information

Command

Description

sdr

Creates a secure domain router (SDR) and enters SDR configuration mode.

pair (SDR)

Assigns a distributed route processor (DRP) pair to a secure domain router (SDR).

pair (SDR)

To assign a distributed route processor (DRP) pair to a secure domain router (SDR), use the pair command in SDR configuration mode. To remove a DRP pair from the configuration, use the no form of this command.

pair pair-name [primary]

no pair pair-name

Syntax Description

pair-name

Specifies a DRP pair to be assigned to the specified secure domain router. The pair-name argument is the name assigned to the DRP pair. For instructions to create a DRP pair name, see the pairing (drp) command in the Distributed Route Processor Commands on Cisco IOS XR Software.

primary

(Optional) Specifies the named DRP pair as the primary and standby designated secure domain router system controllers (DSDRSC).

Command Default

None

Command Modes

SDR configuration

Command History

Release Modification
Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the pair command with the pair-name argument to assign a DRP pair to an SDR. Enter the pair command with the primary keyword to assign the DRP pair as the DSDRSCs (primary and standby DSDRSCs).

To assign a DRP pair to an SDR, you must first create a DRP pair name as described in Distributed Route Processor Commands on Cisco IOS XR Software and Configuring Secure Domain Routers on Cisco IOS XR Software. When the DRP pair is created, you can add the pair-name to the SDR.

When a DRP pair is assigned to a non-owner SDR, it is automatically removed from the owner SDR inventory. When a DRP pair is removed from a non-owner SDR configuration, it is automatically returned to the owner SDR inventory.

RPs have precedence over DRPs for DSDRSC configuration. If an SDR already includes an RP, the RP must become the DSDRSC.

Use the no form of the pair command to remove the DRP pair from an SDR. Removing a DRP pair from an SDR implicitly returns it to the owner SDR. When a DRP pair has been removed from an SDR, it can be reassigned to another SDR.

Task ID

Task ID Operation
system

read, write

Examples

The following example shows how to enter SDR configuration mode and add a DRP pair as the DSDRSC. The command show configuration is used in SDR configuration mode to display the SDR configuration.

 
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# pair drp1 primary 
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# show configuration
 
Building configuration... sdr rname2 pair drp1 primary
    ! end 

The following example shows how to enter SDR configuration mode and remove a DRP pair from the SDR configuration:

 
RP/0/RP0/CPU0:router(admin-config)# sdr rname2
RP/0/RP0/CPU0:router(admin-config-sdr:rname2)# no pair drp1
   

Related Commands
Related Information

Command

Description

location (SDR)

Assigns a node to a secure domain router.

sdr

Creates a secure domain router (SDR) and enters SDR configuration mode.

location (DRP)

Assigns nodes to a DRP pair.

pairing (DRP)

Specifies a distributed router processor (DRP) pair and enters DRP pairing configuration mode.

sdr

To create a secure domain router (SDR) and enter SDR configuration mode, use the sdr command in administration configuration mode. To remove a secure domain router from the configuration, use the no form of this command.

sdr sdr-name

no sdr sdr-name

Syntax Description

sdr-name

Name of the SDR to be created or modified.

Command Default

The system comes configured as a single secure domain router known as the owner SDR.

Command Modes

Administration configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

No modification.

Release 3.5.0

No modification.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.

Release 3.9.0

No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the sdr command to create an SDR or modify an existing SDR.


Note


The sdr-name argument creates an SDR if the SDR specified for the sdr-name argument does not exist.


By default, a router running Cisco IOS XR software contains one SDR, the owner SDR. You cannot create the owner SDR because it always exists—nor can you completely remove it because it is necessary for managing the router.

After the sdr command is used, the router enters SDR configuration mode. From SDR configuration mode, you can add nodes to the SDR or remove nodes from the SDR using the location (SDR) command. You can also add or remove DRP pairs using the pair (SDR) command.

Use the no form of the command to remove a non-owner SDR configuration. When an SDR is removed from the router configuration, all nodes included in the SDR configuration are returned to the owner SDR inventory. The owner SDR cannot be removed.

Maximum Number of SDR Configurations

A maximum of eight SDRs are supported, including one owner SDR and up to seven non-owner SDRs.

Task ID

Task ID

Operations

system

read, write

Examples

The following example shows how to remove an SDR from the configuration. All nodes belonging to the configuration are returned to the owner SDR inventory, and the SDR name is deleted.

 
RP/0/RP0/CPU0:router# admin 
RP/0/RP0/CPU0:router(admin)# configure 
RP/0/RP0/CPU0:router(admin-config)# no sdr rname 
RP/0/RP0/CPU0:router (admin-config)# end
         

Related Commands
Related Information

Command

Description

location (SDR)

Assigns a node to a secure domain router.

location (DRP)

Assigns nodes to a DRP pair.

pairing (DRP)

Specifies a distributed router processor (DRP) pair and enters DRP pairing configuration mode.

pair (SDR)

Assigns a distributed route processor (DRP) pair to a secure domain router (SDR).

show sdr

To display information about the currently defined secure domain routers (SDRs), use the show sdr command in EXEC mode or administration EXEC mode.

Administration EXEC Mode

show sdr [ name sdr-name [detail] | summary ]

EXEC Mode

show sdr [detail]

Syntax Description

name sdr-name

(Optional. Administration EXEC mode only) Specifies a specific SDR.

detail

(Optional) Displays more detailed information for a specific SDR.

summary

(Optional. Administration EXEC mode only) Displays summary information about all SDRs in the system.

Command Default

Administration EXEC mode:

  • Displays information for the Owner SDR.
  • If you are logged into a specific SDR as the admin user, then information about the local SDR is displayed.

EXEC mode:

  • Displays information about the local SDR.

Command Modes

EXEC

Administration EXEC

Command History

Release

Modification

Release 3.5.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the show sdr command in administration EXEC mode to display the inventory of nodes in the Owner SDR or in a specific named SDR. The show sdr command in EXEC mode displays the inventory of nodes in the current SDR.

Task ID

Task ID

Operations

system

read

Examples

This example shows sample output from the show sdr command in EXEC mode:

RP/0/RP0/CPU0:router# show sdr 

SDR Inventory -------------- 
Type      NodeName    NodeState       RedState    PartnerName 
---------------------------------------------------------------
LC(2)     0/1/CPU0    IOS XR RUN      NONE        NONE 
DRP(1)    0/4/CPU0    IOS XR RUN      Active      NONE 
DRP(1)    0/4/CPU1    IOS XR RUN      Active      NONE 
LC(2)     0/6/CPU0    IOS XR RUN      NONE        NONE 
RP(0)     0/RP0/CPU0  IOS XR RUN      Active      0/RP1/CPU0 
RP(0)     0/RP1/CPU0  IOS XR RUN      Standby     0/RP0/CPU0 
 
Table 1  show sdr Field Descriptions

Field

Description

Type

Type of card, which can be Linecard, RP, or DRP.

NodeName

Name of the node, expressed in the rack/slot/module notation.

NodeState

Run state of the card, which can be failure, present, booting, running, and so on.

RedState

Redundancy state of the card, which can be active, standby, or none.

PartnerName

Partner of the card, expressed in the rack/slot/module notation.

This example shows sample output from the show sdr command in administration EXEC mode with the summary keyword:

RP/0/RP0/CPU0:router(admin)# show sdr summary 

SDRs Configured:
SDR-Names      SDRid   dSDRSC       StbydSDRSC      Primary1      Primary2      MacAddr
------------------------------------------------------------------------------------------
Owner          0       0/RP0/CPU0   0/RP1/CPU0      0/RP0/CPU0    0/RP1/CPU0    0011.92da.b400 
RACK1-RPs      1       1/RP0/CPU0   1/RP1/CPU0      1/RP0/CPU0    1/RP1/CPU0    0011.92da.b401 
DRP_ACROSS_RK  2       0/13/CPU0    1/9/CPU0        1/9/CPU0      0/13/CPU0     0011.92da.b402 
PRECONFIG-R1   3       NONE         NONE            0/2/CPU0      NONE          0011.92da.b403 
R2-PRECONFIG   4       NONE         NONE            0/4/CPU0      NONE          0011.92da.b404 
  
Table 2  show sdr summary Field Descriptions

Field

Description

SDRid

Identifier of the SDR.

dSDRSC

Designated secure domain router shelf controller. This refers to the controller of the SDR.

StbydSDRSC

Standby DSDRSC. This refers to the standby controller of the SDR.

Primary1

Configured primary node.

Primary2

Configured primary node pair.

MacAddr

MAC address associated with the SDR.


Related Commands

Command

Description

sdr

Creates a secure domain router (SDR) and enters SDR configuration mode.