Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Designated Secure Domain Router System Controller (DSDRSC)

In a router running the Cisco IOS XR software, one Route Processor is assigned the role of Designated System Controller (DSC). The DSC provides system-wide administration and control capability, including access to the Administration EXEC and Administration configuration modes. For more information on DSCs, refer to Cisco IOS XR Getting Started Guide.

In each SDR, similar administration and control capabilities are provided by the Designated Secure Domain Router System Controller (DSDRSC). Each SDR must include a DSDRSC to operate, and you must assign an RP or DRP to act as the dSDRSC.

Note In the owner SDR, the DSC also provides DSDRSC functionality.

The following sections describe DSDRSC support:

DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132

DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133

Removing a DSDRSC Configuration, page SMC-135

DSCs and DSDRSCs in a Cisco CRS-1 Router

Designated System Controller (DSC) in a Cisco CRS-1

In the Cisco CRS-1, the primary and standby DSC is always an RP pair. By default, the DSC is also the DSDRSC for the owner SDR. The owner DSDRSCs cannot be removed from the SDR configuration, or assigned to a non-owner SDR.

For information on DSC assignment and initial router configuration, refer to Cisco IOS XR Getting Started Guide.

Using a DRP or DRP Pair as the DSDRSC in a Cisco CRS-1 Router

Cisco Systems recommends the use of DRPs as the DSDRSC in non-owner SDRs to ensure DSC migration capability, as described in the “DSC Migration on Cisco CRS-1 Multishelf Systems” section on page SMC-136.

To create a DRP DSDRSC in a non-owner SDR, you must configure a DRP or DRP pair as the primary node for that SDR. The following guidelines apply:

Although a single DRP can be used as the DSDRSC, we recommend the use of a redundant DRP pair.

To create a DRP pair and configure it as the DSDRSC, complete the instructions in the “Creating SDRs in a Cisco CRS-1 Router” section on page SMC-140.

DRPs cannot be used as the DSC in the owner SDR. Only RPs can be used as the DSC in the owner SDR.

DRPs cannot be assigned as the DSDRSC if an RP is present in the SDR. To assign a DRP as the DSDRSC, you must first remove any RPs from the SDR configuration, and then add the DRP or DRP pair as the primary node. After the DRP is assigned as the DSDRSC, the RPs can be added to the SDR. See the “How to Configure Secure Domain Routers” section on page SMC-140for more information.

Cisco IOS XR System Management Configuration Guide

SMC-132

Page 6
Image 6
Cisco Systems SMC-127 Designated Secure Domain Router System Controller Dsdrsc, DSCs and DSDRSCs in a Cisco CRS-1 Router