Cisco Systems SMC-127 manual High Availability Implications, Fault Isolation, Rebooting an SDR

Page 10

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

High Availability Implications

Fault Isolation

Because the CPU and memory of an SDR are not shared with other SDRs, configuration problems that cause out-of-resources conditions in one SDR do not affect other SDRs.

Rebooting an SDR

Each non-owner SDR can be rebooted independently of the other SDRs in the system. If you reboot the owner SDR, however, then all non-owner SDRs in the system automatically reboot, because the non-owner SDRs rely on the owner SDR for basic chassis management functionality.

Note The DSDRSC of the owner SDR is also the DSC of the entire system.

DSDRSC Redundancy

To achieve full redundancy, each SDR must be assigned two cards: one to act as the primary DSDRSC, and one RP or DRP to act as a standby DSDRSC.

In a Cisco XR 12000 Series Router, you can assign two redundant RP cards to each SDR as described in the “DSC and DSDRSCs in a Cisco XR 12000 Series Router” section on page SMC-133. DRPs are not supported in the Cisco XR 12000 Series Routers.

In a Cisco CRS-1 router, we recommend the use of DRP pairs as DSDRSC for all non-owner SDRs the system. DRP pairs provide redundancy within the SDR, and DSC migration for the entire system. See the following section for more information.

DSC Migration on Cisco CRS-1 Multishelf Systems

Designated Shelf Controller (DSC) migration is the act of moving the DSC role to a different part of the router. The DSC role automatically migrates when the DSC cannot perform its function on the shelf in which it currently resides. The cause of a DSC migration can be a failure of both of the RPs in the DSC shelf or any event that removes power from the DSC line card chassis (LCC).

DSC migration can be triggered by the following methods:

1.Shutdown power to DSC LCC. (Recommended)

2.Hardware-module reset or shutdown of a standby RP then an active RP in a DSC LCC. (Not recommended)

3.Online, insertion, removal (OIR) for an active RP and standby RP in a DSC LCC simultaneously. (Not recommended)

4.Removal of control Ethernet connectivity to both RPs in a DSC LCC. (Not recommended)

Note If planned downtime of a DSC LCC occurs, the recommended method of triggering DSC migration is to shutdown the power to the DSC LCC. The methods, which are not recommended, shutdown only one transport medium in the system. For example, control Ethernet but fabric medium can still be up for

Cisco IOS XR System Management Configuration Guide

SMC-136

Page 9 Page 11
Image 10
Page 9 Page 11
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Owner SDR and Administration Configuration Mode Information About Configuring Secure Domain RoutersWhat Is a Secure Domain Router? SMC-129Root-System Users SDR Access PrivilegesNon-Owner SDRs SMC-130Other SDR Users Root-lr UsersSMC-131 DSCs and DSDRSCs in a Cisco CRS-1 Router Designated Secure Domain Router System Controller DsdrscSMC-132 DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Software Profile for SDRs Default Configuration for New Non-Owner SDRsRemoving a Dsdrsc Configuration SMC-135High Availability Implications Fault IsolationRebooting an SDR Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139Contents How to Configure Secure Domain RoutersCreating SDRs Summary Steps SMC-141Example Command or Action PurposeSMC-142 To assign an RP pair as the Dsdrsc To assign a DRP pair as the DsdrscTo assign a single DRP node as the Dsdrsc SMC-143To add an RP pair To add a single nodeTo add a DRP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145Cisco XR 12000 Series Router section on page SMC-133 DSDRSCs in a Cisco XR 12000 Series Router section onSee the DSC and DSDRSCs in a SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147Adding Nodes to an SDR in a Cisco CRS-1 Router Adding Nodes to a Non-Owner SDRSMC-148 Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150A Cisco XR 12000 Series Router section on Removing Nodes and SDRsSMC-151 SMC-152 To remove a DRP pair To remove a DsdrscTo remove a single node To remove an RP pairSMC-154 Section on page SMC-150 Nodes to an SDR in a Cisco XR 12000 Series RouterSMC-155 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 See Disabling Remote Login for SDRs, page SMC-161for Disabling Remote Login for SDRsSMC-161 Creating an SDR on a Cisco XR 12000 Series Router Configuration Examples for Secure Domain RoutersCreating a New SDR on a Cisco CRS-1 Router SMC-162SMC-163 Standards Additional ReferencesRelated Documents MIBsRFCs Title RFCsTechnical Assistance Description LinkSMC-166
Top Page Image Contents