Secure Domain Router Commands

For detailed information about secure domain router concepts, configuration tasks, and examples, see the Configuring Secure Domain Routers on Cisco IOS XR Software module in System Management Configuration Guide for Cisco NCS 5500 Series RoutersSystem Management Configuration Guide for Cisco NCS 540 Series RoutersSystem Management Configuration Guide for Cisco NCS 560 Series Routers.

console attach-sdr location

To create console access to the named-SDRs, use console attach-sdr location command in System Admin Config mode.

console attach-sdr location node-id tty name tty-name sdr-name sdr-name

Syntax Description

console attach-sdr location node-id

Specifies the location of the RP.

Note

 

XR VMs RP can be either RP0 or RP1 based on the RP on which XR VM is active gets created first, similar to default-SDR.

tty name tty-name

Specifies the name of tty. It can either be console1 or console2.

sdr-name sdr-name

Specifies the named-SDR that can be accessed through console.

Note

 

The consoles are per node base. They can be assigned to RP or standby RP. With console port assigned to standby RP, the standby console cannot be used for command input, similar to default-SDR.

Command Default

None

Command Modes

System Admin Config mode

Command History

Release Modification
Release 7.0.1

This command was introduced.

Usage Guidelines

  • With named-SDRs, you can either use console1 or console2 of RP to access XR VM. You can connect up to two named-SDRs at any given time.

  • Console attach CLI needs to be configured for both Active and Standby RPs.

  • On redundancy switchover, access is seamlessly transferred to the new RP. You need to connect to the new RPs console (similar to default-SDR).

  • When all the VMs are created, you need to issue console attach-sdr CLI to get console access to the XR console.

Examples

The following example shows how to configure console access to named-SDR. 

sysadmin-vm:0_RP0# configure
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP0 tty-name console1 sdr-name sdr2
sysadmin-vm:0_RP0(config)# console attach-sdr location 0/RP1 tty-name console1 sdr-name sdr2
sysadmin-vm:0_RP0(config)# commit

placement reoptimize

To reoptimize the placement of processes to provide high availability, use the placement reoptimize command in the System Admin EXEC mode.

placement reoptimze

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to initiate a placement reoptimization of processes: 

sysadmin-vm:0_RP0# placement reoptimize
 Mon Jun 26 21:50:26.030 UTC
---------------------------------------------------------------------------
Group-Name          Current-Placement             Reoptimized-Placement         
---------------------------------------------------------------------------
central-services    0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
v4-routing          1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
netmgmt             1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
mcast-routing       0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
v6-routing          1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
Group_0_1           0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
Group_0_0           1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
---------------------------------------------------------------------------
Do you want to proceed with the reoptimization[y/n]y
Triggering reoptimize
Migration running in the background
Please don't trigger one more migration

sdr

To create a secure domain router (SDR) and to enter SDR configuration mode, use the sdr command in System Admin Config mode. To remove a secure domain router from the configuration, use the no form of this command.

sdr sdr-name

Syntax Description

sdr-name

Name of the SDR to be created or modified.

Command Default

The system comes configured as a single secure domain router known as the default-SDR.

Command Modes

System Admin Config mode

Command History

Release

Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

Use the sdr command to create an SDR or modify an existing SDR.


Note

The sdr-name argument creates an SDR if the SDR specified for the sdr-name argument does not exist.

By default, a router running Cisco IOS XR software contains one SDR, the default-SDR. You can create multiple SDRs by deleting the default-SDR.

Use the no form of the command to remove a the SDR configuration. When an SDR is removed from the router configuration, all nodes included in the SDR configuration are returned to the default SDR inventory.

Maximum Number of SDR Configurations

A maximum of three named-SDRs can be configured.

Examples

The following example shows how to delete the default-SDR. 

sysadmin-vm:0_RP0# configure 
Thu Jun  25 09:36:03.496 UTC
Entering configuration mode terminal
sysadmin-vm:0_RP0(config)# no sdr default-sdr
sysadmin-vm:0_RP0(config)# commit

The following example shows how enter SDR configuration mode to configure an SDR. 

sysadmin-vm:0_RP0# configure 
sysadmin-vm:0_RP0(config)# sdr sdr1
sysadmin-vm:0_RP0(config-sdr-sdr1)#

sdr location

To reload, start, or shutdown a secure domain router (SDR), use the sdr location command in the System Admin EXEC mode.

sdr sdr-name location {node-id | all} {reload [coredump | force] | shut | start}

Syntax Description

sdr-name

Name of the SDR, default-sdr or named-SDR .

node-id

Selects the target location. The node-id is expressed in the rack/slot notation.

all

Selects all the nodes.

reload

Reloads the XR VM on the node.

coredump

Performs the VM core dump and then reloads the SDR.

force

Forces shutdown and does not wait for an orderly system shutdown.

shut

Shuts down the XR VM on the node.

start

Starts the XR VM on the node.

Command Default

A single SDR named default-sdr is configured on the router and started. In case of SOST mode, a single SDR named default-sdr is configured on the router and started. In case of SOMT mode, one or more Named-SDRs is/are configured on the router and started.

Command Modes

System Admin EXEC

Command History

Release Modification
Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to reload the SDR: 

sysadmin-vm:0_RP0#sdr default-sdr location 0/1 reload

sdr resources

To allocate resources for a secure domain router (SDR), use the sdr resources command in System Admin Config mode. To remove the allocated resources, use the no form of this command.

sdr {sdr-name | default-sdr} resources {card-type {lc | RP} [vm-cpu num-of-cpus | vm-memory memory-size ] | disk-space-size disk-space-size | fgid fgid | mgmt_ext_vlan ext-vlan-id}

Syntax Description

sdr-name

Specifies the name of the SDR.

Permitted values are 1 to 30 characters (0-9,a-z,A-Z,-,_).
default-sdr

Specifies the default SDR.
card-type

Specifies the type of the card, that is RP or LC.
vm-cpu num-of-cpus

Specifies the number of VM CPUs.
vm-memory memory-size

Speicifies the VM memory size in gigabytes.
disk-space-size disk-space-size

Specifies the size of the SDR disk space, as an unsigned integer.
fgid fgid

Specifies the fragment ID of the SDR, as an unsigned integer ranging from 25000 to 524288.
mgmt_ext_vlan ext-vlan-id

Specifies the management external VLAN for the SDR.

Command Default

None

Command Modes

System Admin Config

Command History

Release Modification
Release 7.0.1

This command was introduced.

Usage Guidelines

This command must be used to fine tune the physical memory resources of each Cisco ASR 9000 High Density 100GE Ethernet line card in order to achieve full scale with Cisco IOS XR 64-bit BNG.

This command enforces to reboot the LC XR-VMs to adjust the requested resources like VM memory.

Examples

This example shows how to fine tune the memory for LC XR-VM by configuring resources for secure domain router: 


RP/0/RP0/CPU0:router#admin
sysadmin-vm:0_RSP1# config
sysadmin-vm:0_RSP1(config)# sdr default-sdr resources card-type lc vm-memory 21

sdr default-sdr re_pair

To initiate re-pairing of RPs in the currently defined secure domain routers (SDRs), use the sdr default-sdr re_pair command in the System Admin EXEC mode.

sdr default-sdr re_pair

Syntax Description

default-sdr

Shows the details of the default SDR.

re_pair

Activates the re-pairing of RPs in the defined SDR.

Command Default

None

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to display the pairing of the default SDR: 

sysadmin-vm:0_RP0#sdr default-sdr re_pair
 Fri May 19 21:22:36.625 UTC
Current Configuration
    0/RP0 1/RP1
    1/RP0 2/RP1
    2/RP0 0/RP1
Re_Paired Configuration
    0/RP0 1/RP1
    1/RP0 0/RP1
Would you like to proceed ? [yes/no]:  yes
Proceeding with action

sdr default-sdr pairing-mode inter-rack

To enable pairing RPs between racks in a diasy chain algorithm defined secure domain routers (SDRs), use the sdr default-sdr pairing-mode inter-rack command in the System Admin EXEC mode. The inter-rack mode of pairing provides high availability against rack failures.

sdrdefault-sdr pairing-mode inter-rack

Syntax Description

default-sdr

Shows the details of the default SDR.

pairing-mode

Specifies the pairing mode of RPs.

inter-rack

Enables the pairing of RPs between racks in a configuration.

Command Default

A single SDR named default-sdr is configured on the router and started. In case of SOST mode, a single SDR named default-sdr is configured on the router and started. In case of SOMT mode, one or more Named-SDRs is/are configured on the router and started.

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to enable inter-rack pairing: 

sysadmin-vm:0_RP0#sdr default-sdr pairing-mode inter-rack

sdr default-sdr pairing-mode intra-rack

To enable pairing of RPs within a rack, use the sdr default-sdr pairing-mode intra-rack command in the System Admin EXEC mode. The intra-rack mode of pairing is the defaut pairing mechanism as defined in the SDR.

sdr default-sdr pairing-mode intra-rack

Syntax Description

default-sdr

Shows the details of the default SDR.

pairing-mode

Specifies the pairing mode of RPs.

intra-rack

Enables the pairing of RPs within a rack in a configuration.

Command Default

A single SDR named default-sdr is configured on the router and started. In case of SOST mode, a single SDR named default-sdr is configured on the router and started. In case of SOMT mode, one or more Named-SDRs is/are configured on the router and started.

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to enable inter-rack pairing: 

sysadmin-vm:0_RP0#sdr default-sdr pairing-mode intra-rack

sh placement reoptimize

To show the predictions from reoptimizing the placement of processes to provide high availability, use sh placement reoptimize command in the System Admin EXEC mode.

sh placement reoptimze

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to see the predictions for a placement reoptimization of processes: 

sysadmin-vm:0_RP0#sh placement reoptimize
Mon Jun 26 21:49:24.504 UTC
---------------------------------------------------------------------------
Group-Name          Current-Placement             Reoptimized-Placement         
---------------------------------------------------------------------------
central-services    0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
v4-routing          1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
netmgmt             1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
mcast-routing       0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
v6-routing          1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)        
Group_0_1           0/RP0/CPU1(0/RP1/CPU1)        0/RP0/CPU1(0/RP1/CPU1)        
Group_0_0           1/RP0/CPU1(NONE)              0/RP0/CPU1(0/RP1/CPU1)

show sdr

To display information about the currently defined secure domain routers (SDRs), pairing details, and reboot history, use the show sdr location command in the System Admin EXEC mode.

show sdr [sdr-name detail [location [node-id] | pairing | reboot-history location [node-id] ]]

Syntax Description

sdr-name

Name of the SDR, default-sdr or named-SDR.

detail

Display detailed information for the local SDR.

location node-id

Selects the target location. The node-id is expressed in the rack/slot notation.

pairing

Displays the SDR pairing information.

reboot-history

Displays the reboot history of the SDR.

Command Default

Displays all SDRs in the system.

Command Modes

System Admin EXEC

Command History

Release Modification
Release 7.0.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Examples

This example shows how to display the detailed information of the SDR: 
sysadmin-vm:0_RP0# show sdr Internet-SDR detail
Sat Aug  27 06:05:36.757 UTC
------SDR Detail at location 0/RP0/VM1------
 SDR Id                          2
 IP Address of VM                192.0.0.4
 MAC address of VM               64:F6:9D:78:FD:36
 Boot Partition                  /dev/panini_vol_grp/xr_lv0
 Data Partition                  /dev/pci_disk1/xr_data_lv0
 Big Disk Partition              /dev/pci_disk1/ssd_disk1_xr_2
 VM Id                           1
 VM CPUs                         4
 VM Memory[in MB]                11264
 Card Type                       RP_Card
 Card Serial                     SAL19058TGE
 Rack Type                       Line_Card_Controller
 Chassis Serial                  FLM184073K4
 Hardware Version                0.4
 Management External VLAN        12
 VM State                        RUNNING
 Start Time                      "08/11/2016 00:33:12"
 Reboot Count(Since VM Carving)  1
 Reboot Count(Since Card Reload) 1
               08/11/2016 00:33:12 FIRST_BOOT
------SDR Detail at location 0/RP1/VM1------
 SDR Id                          2
 IP Address of VM                192.0.4.4
 MAC address of VM               4C:4E:35:B6:94:BC
 Boot Partition                  /dev/panini_vol_grp/xr_lv0
 Data Partition                  /dev/pci_disk1/xr_data_lv0
 Big Disk Partition              /dev/pci_disk1/ssd_disk1_xr_2
 VM Id                           1
 VM CPUs                         4
 VM Memory[in MB]                11264
 Card Type                       RP_Card
 Card Serial                     SAL1830XFD5
 Rack Type                       Line_Card_Controller
 Chassis Serial                  FLM184073K4
 Hardware Version                0.4
 Management External VLAN        12
 VM State                        RUNNING
 Start Time                      "08/11/2016 00:33:01"
 Reboot Count(Since VM Carving)  1
 Reboot Count(Since Card Reload) 1
               08/11/2016 00:33:01 FIRST_BOOT
------SDR Detail at location 0/6/VM1------
 SDR Id                          2
 IP Address of VM                192.0.88.3
 MAC address of VM               E2:3B:46:4F:8D:05
 Boot Partition                  /dev/panini_vol_grp/xr_lv0
 Data Partition                  /dev/panini_vol_grp/xr_data_lv0
 Big Disk Partition              (null)
 VM Id                           1
 VM CPUs                         3
 VM Memory[in MB]                6383
 Card Type                       LC_Card
 Card Serial                     SAD161300T5
 Rack Type                       Line_Card_Controller
 Chassis Serial                  FLM184073K4
 Hardware Version                0.2
 Management External VLAN        12
 VM State                        RUNNING
 Start Time                      "08/11/2016 00:32:48"
 Reboot Count(Since VM Carving)  1
 Reboot Count(Since Card Reload) 1
               08/11/2016 00:32:48 FIRST_BOOT
This example shows how to display the SDR pairing information: 
sysadmin-vm:0_RP0# show sdr Internet-SDR pairing
Sat Aug  27 06:01:08.174 UTC
 Pairing Mode  AUTOMATIC
 SDR Lead
   Node 0 0/RP0
   Node 1 0/RP1
 Pairs
   Pair Name Pair0
    Node 0   0/RP0
    Node 1   0/RP1
This example shows the output of the show sdr command: 
This example shows the output of the show sdr <sdr-name> reboot-history

sysadmin-vm:0_RP0# show sdr Internet-SDR reboot-history
Sat Aug  27 06:06:42.315 UTC

             Reboots
             Since
Location     Created   Reason
---------------------------------------------------------------------
0/RP0/VM1    1
                       08/11/2016 00:33:12 FIRST_BOOT
0/RP1/VM1    1
                       08/11/2016 00:33:01 FIRST_BOOT
0/6/VM1      1
                       08/11/2016 00:32:48 FIRST_BOOT

sysadmin-vm:0_RP0#show sdr
Fri Aug  23 10:22:21.540 UTC
sdr default-sdr
 location 0/RP0
  sdr-id             2
  IP Address of VM   192.0.0.4
  MAC address of VM  E0:50:07:FA:99:06
  VM State           RUNNING
  start-time         2013-08-23T10:17:34.33455+00:00
  Last Reload Reason CARD_SHUTDOWN
  Reboot Count       1
 location 0/RP1
  sdr-id             2
  IP Address of VM   192.0.4.4
  MAC address of VM  E2:3A:D7:21:9E:06
  VM State           RUNNING
  start-time         2013-08-23T10:17:33.387279+00:00
  Last Reload Reason CARD_SHUTDOWN
  Reboot Count       1
 location 0/0
  sdr-id             2
  IP Address of VM   192.0.64.3
  MAC address of VM  E0:50:91:A2:D7:05
  VM State           RUNNING
  start-time         2011-01-01T00:04:20.921688+00:00
  Last Reload Reason CARD_SHUTDOWN
  Reboot Count       1
 location 0/1
  sdr-id             2
  IP Address of VM   192.0.68.3
  MAC address of VM  E2:3B:41:C3:83:05
  VM State           RUNNING
  start-time         2011-01-01T00:07:09.249358+00:00
  Last Reload Reason CARD_SHUTDOWN
  Reboot Count       1

show sdr default-sdr pairing

To display information about the pairing details of the currently defined secure domain routers (SDRs), use the show sdr default-sdr pairing command in the System Admin EXEC mode.

showsdr default-sdr pairing

Syntax Description

default-sdr

Shows the details of the default SDR.

pairing

Displays the pairing of RPS in the SDR.

Command Default

A single SDR named default-sdr is configured on the router and started. In case of SOST mode, a single SDR named default-sdr is configured on the router and started. In case of SOMT mode, one or more Named-SDRs is/are configured on the router and started.

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

None

Examples

This example shows how to display the pairing of the default SDR: 

sysadmin-vm:0_RP0#show sdr default-sdr pairing
 Fri May 19 21:23:039.938 UTC
 Pairing Mode  INTER-RACK
 SDR Lead
   Node 0 0/RP0
   Node 1 1/RP1
 Pairs
   Pair Name Pair0
    Node 0   0/RP0
    Node 1   1/RP1
 Pairs
   Pair Name Pair1
    Node 0   1/RP0
    Node 1   0/RP1

show sdr-manager trace

To display SDR manager trace details, use the show sdr-manager trace command in the System Admin EXEC mode.

show sdr-manager trace {all | trace-name} location node-id [all | trace-attribute]

Syntax Description

trace-name

Trace buffer name.

location node-id

Specifies the target location. The node-id argument is expressed in the rack/slot notation.

trace-attributes

Trace attribute.

all

Displays all the details.

Command Default

None

Command Modes

System Admin EXEC

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

This command displays the SDR manager debug traces that are meant only for diagnostics.

Examples

This example shows how to display the SDR manager trace details: 
 
sysadmin-vm:0_RP0#show sdr-manager trace all location 0/0 timestamp

Fri Aug  9  07:02:28.644 UTC
06.55.47.185784448:1376031347185784662:sdr_mgr SDR MGR started
06.55.47.187332096:1376031347187332362:  @msc_entity id="0/19581" display_name="sdr_mgr"
06.55.47.187343744:1376031347187344066:@msc_event entity_id="0/19581/19581" time="1376031347187344066" label="requesting connection to syslog (CAPI hdl=0x1bcad60, CIPC hdl = 0x1bcb0a0)" type="Connection" completed="false"
06.55.47.187395968:1376031347187396272:DS handle 0x1bcad60 instantiated for syslog client handle
06.55.47.187745024:1376031347187745236:  @msc_entity id="0/19581" display_name="sdr_mgr"
06.55.47.188629504:1376031347188629812:@msc_event entity_id="0/19581/19581" 
time="1376031347188629812" 
label="requesting connection to calvados_ds (CAPI hdl=0x1bee4a0, CIPC hdl = 0x1bee8d0)" 
type="Connection" completed="false"
06.55.47.188833024:1376031347188833246:@msc_event entity_id="0/19581/19581" 
time="1376031347188833246" label="connecting to calvados_ds with endpoint (0x7f000001, 7400) 
hdl=0x0x1bee4a0)" type="Connection" completed="false" 
@msc_source pairing_id="0/19581/con_0x1bee4a0" type="Lane"
06.55.47.189353600:1376031347189353766:CIPC:CONN (hdl=0x1bee8d0):cipc_connect():
invoked on endpoint (127.0.0.1, 7400)
06.55.47.189588736:1376031347189588924:CIPC:INFO (hdl=0x1bee8d0):socket_connect():
async socket connection in progress
06.55.47.190383488:1376031347190383718:SMIL: set 0x1afa8d0 created
06.55.47.190388352:1376031347190388492:DEBUG: sdr_main_fsa_init