Cisco Systems SMC-127 manual DSC Migration on Cisco CRS-1 Multishelf Systems, SMC-138

Page 12

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

To access install commands, you must be a member of the root-system user group with access to the Administration EXEC mode.

Most show install commands can be used in the EXEC mode of an SDR to view the details of the active packages for that SDR.

Note For information, see Default Configuration for New Non-Owner SDRs, page SMC-135

DSC Migration on Cisco CRS-1 Multishelf Systems

Designated Shelf Controller (DSC) migration is the act of moving the DSC role to a different part of the router. The DSC role automatically migrates when the DSC cannot perform its function on the shelf in which it currently resides. The cause of a DSC migration can be a failure of both of the RPs in the DSC shelf or any event that removes power from the DSC line card chassis (LCC).

DSC migration can be triggered by the following methods:

1.Shutdown power to DSC LCC. (Recommended)

2.Hardware-module reset or shutdown of a standby RP then an active RP in a DSC LCC. (Not recommended)

3.Online, insertion, removal (OIR) for an active RP and standby RP in a DSC LCC simultaneously. (Not recommended)

4.Removal of control Ethernet connectivity to both RPs in a DSC LCC. (Not recommended)

Note If planned downtime of a DSC LCC occurs, the recommended method of triggering DSC migration is to shutdown the power to the DSC LCC. The methods, which are not recommended, shutdown only one transport medium in the system. For example, control Ethernet but fabric medium can still be up for another 30 seconds. This causes an inconsistent system view in the named SDR using DRP paired across the rack in which the DRP loses control Ethernet connectivity, but the LR plane is still working and can bring the named SDR into an inconsistent view if the named SDR is across the rack.

To support DSC migration in Cisco IOS XR Software Release 3.3.2 and higher, we recommend that you:

Keep the default placement of all four RPs in the owner SDR. When the owner SDR spans both LCCs, the impact on the SDR resources is minimal in the remaining rack. Existing connections are not interrupted for the resources in the remaining rack, but a delay in routing new connections can occur while the routing tables are updated.

Run all routing protocols in a named SDR. In addition, by running all routing protocols in a named SDR, which requires a distributed route processor (DRP) paired across the rack, the operation of Cisco Nonstop Forwarding (NSF) and Cisco Nonstop Routing (NSR) continues.

An election process selects the node that is to receive the DSC role upon DSC migration. The basis of the election is the shelf number. The shelf with the lowest number is designated to receive the DSC role.

DSC migration can cause a very short interruption to traffic flowing through the owner SDR. Although the time can vary with the addition of new features to DSC management and other factors, in the current release the time is likely to be around 20 to 30 seconds.

The reason for the traffic loss is because virtual Interfaces (VI), such as loopback, null, tunnels, and bundles are hosted on the DSDRSC of an SDR. For the owner SDR, the DSDRSC is the same node as the DSC itself. For DSC migration to occur, both active and standby DSC must be lost. Therefore, for the owner SDR, both active and standby DSDRSC are lost. VI's must be recreated on the new DSC,

Cisco IOS XR System Management Configuration Guide

SMC-138

Page 11 Page 13
Image 12
Page 11 Page 13
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Information About Configuring Secure Domain Routers What Is a Secure Domain Router?Owner SDR and Administration Configuration Mode SMC-129SDR Access Privileges Non-Owner SDRsRoot-System Users SMC-130Root-lr Users Other SDR UsersSMC-131 Designated Secure Domain Router System Controller Dsdrsc DSCs and DSDRSCs in a Cisco CRS-1 RouterSMC-132 DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Configuration for New Non-Owner SDRs Removing a Dsdrsc ConfigurationDefault Software Profile for SDRs SMC-135Fault Isolation Rebooting an SDRHigh Availability Implications Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139How to Configure Secure Domain Routers ContentsCreating SDRs Summary Steps SMC-141Command or Action Purpose ExampleSMC-142 To assign a DRP pair as the Dsdrsc To assign a single DRP node as the DsdrscTo assign an RP pair as the Dsdrsc SMC-143To add a single node To add a DRP pairTo add an RP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145DSDRSCs in a Cisco XR 12000 Series Router section on See the DSC and DSDRSCs in aCisco XR 12000 Series Router section on page SMC-133 SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147Adding Nodes to a Non-Owner SDR Adding Nodes to an SDR in a Cisco CRS-1 RouterSMC-148 Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150Removing Nodes and SDRs A Cisco XR 12000 Series Router section onSMC-151 SMC-152 To remove a Dsdrsc To remove a single nodeTo remove a DRP pair To remove an RP pairSMC-154 Nodes to an SDR in a Cisco XR 12000 Series Router Section on page SMC-150SMC-155 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 Disabling Remote Login for SDRs See Disabling Remote Login for SDRs, page SMC-161forSMC-161 Configuration Examples for Secure Domain Routers Creating a New SDR on a Cisco CRS-1 RouterCreating an SDR on a Cisco XR 12000 Series Router SMC-162SMC-163 Additional References Related DocumentsStandards MIBsRFCs Technical AssistanceRFCs Title Description LinkSMC-166
Top Page Image Contents